Bump the npm group across 2 directories with 1 update

[dependabot]

Bumps the npm group with 1 update in the / directory: aws-cdk-lib.
Bumps the npm group with 1 update in the /test directory: aws-cdk-lib.

Updates aws-cdk-lib from 2.222.0 to 2.223.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.223.0

⚠ BREAKING CHANGES

L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSettingsReplicationMode property removed.
• aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSourceArn property removed.
• aws-dynamodb: AWS::DynamoDB::Table: GlobalTableSettingsReplicationMode property removed.
• aws-events: AWS::Events::EventBusPolicy: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#35926) (3f4d585)
• ec2: support for Cloud Wan Core Network routes (#35008) (fba027b)
• s3-deployment: support securityGroups in BucketDeploymentProps (#33233) (f2a3166), closes #33229

Bug Fixes

• stepfunctions: DistributedMap ResultWriter correct query language selection (#35834) (75b8ead), closes #35403
• onEvent function to pass all the options to rule resource (#35829) (3d7023d)

---

Alpha modules (2.223.0-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.224.0-alpha.0 (2025-11-13)

Features

• imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789

2.223.0-alpha.0 (2025-11-10)

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

... (truncated)

Commits

• 3f4d585 feat: update L1 CloudFormation resource definitions (#35926)
• 75b8ead fix(stepfunctions): DistributedMap ResultWriter correct query language sele...
• 93af887 chore(ec2): add r8a instance class (#35964)
• fda6e13 chore(spec2cdk): ensure strings are passed to attributes (#35911)
• 23caef9 chore(codebuild): add new enum values for codebuild (#35861)
• f2a3166 feat(s3-deployment): support securityGroups in BucketDeploymentProps (#33233)
• af1868c chore(events-targets): correct typos in comments (#35954)
• b61923c chore(codebuild): remove unnecessary line from README (#35942)
• fba027b feat(ec2): support for Cloud Wan Core Network routes (#35008)
• 4763a76 chore: update analytics metadata blueprints
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.222.0 to 2.223.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.223.0

⚠ BREAKING CHANGES

L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSettingsReplicationMode property removed.
• aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSourceArn property removed.
• aws-dynamodb: AWS::DynamoDB::Table: GlobalTableSettingsReplicationMode property removed.
• aws-events: AWS::Events::EventBusPolicy: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#35926) (3f4d585)
• ec2: support for Cloud Wan Core Network routes (#35008) (fba027b)
• s3-deployment: support securityGroups in BucketDeploymentProps (#33233) (f2a3166), closes #33229

Bug Fixes

• stepfunctions: DistributedMap ResultWriter correct query language selection (#35834) (75b8ead), closes #35403
• onEvent function to pass all the options to rule resource (#35829) (3d7023d)

---

Alpha modules (2.223.0-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.224.0-alpha.0 (2025-11-13)

Features

• imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789

2.223.0-alpha.0 (2025-11-10)

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

... (truncated)

Commits

• 3f4d585 feat: update L1 CloudFormation resource definitions (#35926)
• 75b8ead fix(stepfunctions): DistributedMap ResultWriter correct query language sele...
• 93af887 chore(ec2): add r8a instance class (#35964)
• fda6e13 chore(spec2cdk): ensure strings are passed to attributes (#35911)
• 23caef9 chore(codebuild): add new enum values for codebuild (#35861)
• f2a3166 feat(s3-deployment): support securityGroups in BucketDeploymentProps (#33233)
• af1868c chore(events-targets): correct typos in comments (#35954)
• b61923c chore(codebuild): remove unnecessary line from README (#35942)
• fba027b feat(ec2): support for Cloud Wan Core Network routes (#35008)
• 4763a76 chore: update analytics metadata blueprints
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/aws-cdk-lib	2.223.0	🟢 4.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 19 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/aws-cdk-lib	^2.223.0	🟢 4.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 19 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Files

• pnpm-lock.yaml
• test/package.json