infra-deps(deps): bump the aws-cdk group across 1 directory with 3 updates

[dependabot]

Bumps the aws-cdk group with 3 updates in the /infra directory: aws-cdk-lib, constructs and aws-cdk.

Updates aws-cdk-lib from 2.233.0 to 2.235.1

Release notes

Sourced from aws-cdk-lib's releases.

v2.235.1

Bug Fixes

• apigatewayv2: use custom domain name instead of regional domain name when importing domain name via fromDomainNameAttributes (#36710) (29e5642)

---

Alpha modules (2.235.1-alpha.0)

v2.235.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-ecs: AWS::ECS::CapacityProvider: ManagedInstancesNetworkConfiguration.SecurityGroups property is now required.

• ecs: securityGroups is now required in ManagedInstancesCapacityProviderProps. CloudFormation has always required this field, so any code that omitted it would have failed at deployment time with a validation error. This change catches the error at compile time instead, improving the developer experience. If your code previously omitted securityGroups, you must now explicitly provide at least one security group.
• aws-cdk-lib: JobQueue.computeEnvironments contains an computeEnvironment: IComputeEnvironment → IComputeEnvironmentRef. BackupPlanRule.props contains a backupVault: IBackupVault → IBackupVaultRef. ApiDestination.fromApiDestinationAttributes() return type ApiDestination → IApiDestination. This should never have returned a class but always an interface, as is the standard for referencing factories. EventDestination.bus changed IEventBus →IEventBusRef; FlowLogDestination.bind() now returns and ICluster.executeCommandConfiguration contains a member changing type ILogGroup → ILogGroupRef.
• events: ApiDestination.fromApiDestinationAttributes() now returns an IApiDestination. It used to return an ApiDestination but this was a mistake, referencing methods always return a type by interface, not by class.EventDestination.bus used to be an IEventBus but is now an IEventBusRef; it needs to be type tested to assert it is actually an IEventBus if that is necessary.
• logs: the return types of FlowLogDestination.bind() and ICluster.executeCommandConfiguration now contain an ILogGroupRef instead of an ILogGroup, which guarantees less. These fields are for communication between constructs, and their values should not be used by application builders. If they do, they will need to add a cast or a type check.
• iot-actions: enableBatchConfig property is explicitly disabled by default. Even with this modification, the behavior of HttpAction remains unchanged from before, but only the Cfn template will be modified.

Features

• update L1 CloudFormation resource definitions (#36694) (861f437)
• apigatewayv2-integrations: add PutEvents support for EventBridge integration (#35766) (d879e4d), closes #35714 #35714
• ecs: add none log driver option for ECS containers (#35819) (5636820), closes #35795 #35795
• iot-actions: batching HTTP action messages (#36642) (fbc50ea)
• rds: add Read/Write IOPS metrics to DatabaseInstance and VolumeRead/Write IOPs metrics to DatabaseCluster (#35773) (d8e023d), closes #35327 #35327
• rds: support default auth scheme for RDS Proxy (#35635) (99f6c74), closes #35558
• spec2cdk: support for auto-generated grants in alpha modules (#36206) (776f837)
• synthetics: add syn-nodejs-3.0 runtime (#36652) (18f9fef), closes #36648
• synthetics: playwright 4.0 and 5.0 runtimes (#36590) (82cd9a6)

Bug Fixes

• aws-cdk-lib: reference interfaces for remaining services (#36359) (ed1f9de)
• core: make DetachedConstruct.node non-enumerable (#36672) (98d41ca), closes #36078 #36015
• ecs: make securityGroups required in ManagedInstancesCapacityProvider (#36685) (6734426)
• events: event Matcher class to be compatible with mergeEventPattern function (#36602) (e3f7dba), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-s3/lib/bucket.ts#L657-L657
• opensearchservice: use KMS Key ARN for cross-account encryption (#36020) (cccd94c), closes #36017
• stepfunctions: allow JSONata expressions for Map maxConcurrency (#36462) (2230c87), closes #36274
• RuntimeError: apiEndpoint is not configured on the imported HttpApi (revert of "chore(apigatewayv2): reference interfaces") (#36623) (fb17d39), closes aws/aws-cdk#36378

Miscellaneous Chores

• events: reference interfaces (#36535) (0bea5c9)
• logs: reference interfaces (#36566) (5b426b8)

---

Alpha modules (2.235.0-alpha.0)

⚠ BREAKING CHANGES

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.235.1-alpha.0 (2026-01-19)

2.235.0-alpha.0 (2026-01-15)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: The User Pool Client will be replaced and new Resource Server and Domain resources will be added for existing Gateway stacks using the default Cognito authorizer.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Bug Fixes

• bedrock-agentcore-alpha: default Cognito User Pool for AgentCore Gateway is not set up for M2M authentication. (#36323) (5a5605a)

2.234.1-alpha.0 (2026-01-08)

2.234.0-alpha.0 (2026-01-08)

Features

• msk-alpha: support express broker for Kafka v3.9 (#36450) (afcc953)

Bug Fixes

• elasticache-alpha: deployment fails when serverlessCacheName or userGroupId is not specified (#36459) (b3f62f7), closes #36458
• elasticache-alpha: security group for ServerlessCache does not use default endpoint port (#35738) (79d91ad)

2.233.0-alpha.0 (2025-12-18)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: Runtime constructs will no longer automatically include lifecycleConfiguration with default values when not explicitly specified by users.
• elasticache-alpha: The engine property in NoPasswordUserProps has been removed.

Bug Fixes

• bedrock-agentcore-alpha: runtime construct incorrectly forces default lifecycleConfiguration values (#36379) (7954354), closes #36376
• elasticache-alpha: the default engine for NoPasswordUser contradict in the docs (#35920) (495fa37), closes #35847
• mixins-preview: improving delivery source and delivery destination creation (#36314) (86092ab)

2.232.2-alpha.0 (2025-12-12)

... (truncated)

Commits

• 29e5642 fix(apigatewayv2): use custom domain name instead of regional domain name whe...
• ccf7b9f chore: update analytics metadata blueprints
• 861f437 feat: update L1 CloudFormation resource definitions (#36694)
• d8e023d feat(rds): add Read/Write IOPS metrics to DatabaseInstance and VolumeRead/Wri...
• cccd94c fix(opensearchservice): use KMS Key ARN for cross-account encryption (#36020)
• dea2c28 chore: yarn upgrade dependencies requiring intervention (#36600)
• 6734426 fix(ecs): make securityGroups required in ManagedInstancesCapacityProvider (#...
• ed1f9de fix(aws-cdk-lib): reference interfaces for remaining services (#36359)
• 5636820 feat(ecs): add none log driver option for ECS containers (#35819)
• 3266504 docs(ecs): document Podman as a Docker/Finch alternative (#35933)
• Additional commits viewable in compare view

Updates constructs from 10.4.4 to 10.4.5

Release notes

Sourced from constructs's releases.

v10.4.5

10.4.5 (2026-01-16)

Bug Fixes

• save memory by lazy initializing all fields (#2838) (28249f8)

Commits

• 28249f8 fix: save memory by lazy initializing all fields (#2838)
• bf2d38d chore(deps): upgrade dev dependencies (#2837)
• b72aef9 chore: update maven central badge in README (#2836)
• 4cdf55d chore(deps): upgrade dev dependencies (#2835)
• d3fb228 chore(deps): upgrade dev dependencies (#2834)
• 593648e chore(deps): upgrade dev dependencies (#2833)
• 1f9d60c chore(deps): upgrade dev dependencies (#2832)
• See full diff in compare view

Updates aws-cdk from 2.1100.1 to 2.1101.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1101.0

2.1101.0 (2026-01-15)

Features

• cli: cdk init supports custom project names with --project name, -n option (#1006) (29249ac)
• deps: upgrade aws-cdk-lib (#1017) (4813f35)
• deps: upgrade aws-cdk-lib (#1021) (a01536f)

Bug Fixes

• cli: flags commands do not forward context parameters to synth (#1005) (2c0570a), closes #918
• cli: hotswap ECS flags result in SerializationException: STRING_VALUE cannot be converted to Integer (#973) (6c41e85)

aws-cdk@v2.1100.3

2.1100.3 (2026-01-06)

aws-cdk@v2.1100.2

2.1100.2 (2026-01-05)

Bug Fixes

• cli: upgrade jest in init-templates to remove one deprecation warning (#1009) (63e8147)
• cli: use caret version for aws-cdk-lib in init templates (#1002) (a9d5b84), closes #946 /github.com/aws/aws-cdk-cli/blob/af211ad102643f752caad307b6ec1e74ba93680e/.github/workflows/integ.yml#L107 aws-cdk-testing/cli-integ/tests/init-fsharp/init-fsharp.integtest.ts#L10

Commits

• 29249ac feat(cli): cdk init supports custom project names with --project name, -n...
• 6c41e85 fix(cli): hotswap ECS flags result in `SerializationException: STRING_VALUE c...
• a01536f feat(deps): upgrade aws-cdk-lib (#1021)
• 4813f35 feat(deps): upgrade aws-cdk-lib (#1017)
• 885e4bc chore: fix failing upgrade-aws-cdk-lib workflow (#1016)
• 2c0570a fix(cli): flags commands do not forward context parameters to synth (#1005)
• 7d091fc docs(aws-cdk): technical and conceptual flowcharts for deploy (#920)
• 63e8147 fix(cli): upgrade jest in init-templates to remove one deprecation warning (#...
• a9d5b84 fix(cli): use caret version for aws-cdk-lib in init templates (#1002)
• af211ad chore(deps): upgrade dependencies (#999)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, infrastructure. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.