Bump the npm group across 2 directories with 1 update

[dependabot]

Bumps the npm group with 1 update in the / directory: aws-cdk-lib.
Bumps the npm group with 1 update in the /test directory: aws-cdk-lib.

Updates aws-cdk-lib from 2.240.0 to 2.241.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.241.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-codedeploy: AWS::CodeDeploy::DeploymentGroup: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#37103) (f1ee45c)
• autoscaling: add deletionProtection property to AutoScalingGroup (#36924) (467f2b4)
• core: introducing CDK Mixins (#37055) (cda96cb)
• eks: add support for Kubernetes version 1.35 (#37065) (909fca3), closes #36920 #36016 cdklabs/awscdk-asset-kubectl#2669 #37070 #36950 #36016
• s3: attribute-based access control (#36229) (9ec4db3)

Bug Fixes

• bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127) (c359329), closes #37100
• dynamodb: fix SID for grants on multi-account global tables (#37057) (98d5e82)
• rds: correct engine version deprecation tags and add missing versions (#37080) (127b359), closes #37079 #36937

---

Alpha modules (2.241.0-alpha.0)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473
• bedrock-agentcore-alpha: added new target type (api gateway) in agentcore gateway target. (#36841) (0842754), closes #36817
• mixins-preview: add ECS ClusterSettingsMixin (#36796) (b8ab5be)
• mixins-preview: add s3 bucket mixin for publicAccessBlock (#36905) (feed4b2)
• mixins-preview: send Vended Logs to pre-created DeliveryDestination using toDestination() (#36896) (48f1fe6)

Bug Fixes

• redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE (#36516) (ea19e5c), closes #36416

2.238.0-alpha.0 (2026-02-09)

Features

• eks-v2-alpha: add support for bootstrapSelfManagedAddons (#36740) (1ffe38d)
• eks-v2-alpha: add support for EKS hybrid nodes (#36749) (48ace56)

Bug Fixes

• eks-v2-alpha: ensure kubectl provider and handler functions use the same vpc configuration (#36735) (4e02f08), closes #34878 #34877
• ivs-alpha: add region constraints to integration tests (#36851) (d55fec4)
• mixins-preview: apply mixins in order (#36847) (726060c)
• mixins-preview: apply mixins in order in MixinApplicator (#36877) (09db1c9), closes #36847

2.237.1-alpha.0 (2026-02-03)

... (truncated)

Commits

• 416eec3 chore: update analytics metadata blueprints
• c359329 fix: bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127)
• f1ee45c feat: update L1 CloudFormation resource definitions (#37103)
• d756201 docs(s3): fix addEventNotification docstring examples for correct Rosetta tra...
• 71d8f24 fix(events): correct docs on schema discovery and CMK encryption (#37102)
• cda96cb feat(core): introducing CDK Mixins (#37055)
• e22b50a chore: bump @​aws-cdk/asset-node-proxy-agent-v6 to ^2.1.1 (#37098)
• 69a37dc chore(jsii): upgrade toolchain and enforce strict warnings (#37091)
• 467f2b4 feat(autoscaling): add deletionProtection property to AutoScalingGroup (#36924)
• 52ac55f chore(rds): fix all rds tests (#36921)
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.240.0 to 2.241.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.241.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-codedeploy: AWS::CodeDeploy::DeploymentGroup: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#37103) (f1ee45c)
• autoscaling: add deletionProtection property to AutoScalingGroup (#36924) (467f2b4)
• core: introducing CDK Mixins (#37055) (cda96cb)
• eks: add support for Kubernetes version 1.35 (#37065) (909fca3), closes #36920 #36016 cdklabs/awscdk-asset-kubectl#2669 #37070 #36950 #36016
• s3: attribute-based access control (#36229) (9ec4db3)

Bug Fixes

• bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127) (c359329), closes #37100
• dynamodb: fix SID for grants on multi-account global tables (#37057) (98d5e82)
• rds: correct engine version deprecation tags and add missing versions (#37080) (127b359), closes #37079 #36937

---

Alpha modules (2.241.0-alpha.0)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473
• bedrock-agentcore-alpha: added new target type (api gateway) in agentcore gateway target. (#36841) (0842754), closes #36817
• mixins-preview: add ECS ClusterSettingsMixin (#36796) (b8ab5be)
• mixins-preview: add s3 bucket mixin for publicAccessBlock (#36905) (feed4b2)
• mixins-preview: send Vended Logs to pre-created DeliveryDestination using toDestination() (#36896) (48f1fe6)

Bug Fixes

• redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE (#36516) (ea19e5c), closes #36416

2.238.0-alpha.0 (2026-02-09)

Features

• eks-v2-alpha: add support for bootstrapSelfManagedAddons (#36740) (1ffe38d)
• eks-v2-alpha: add support for EKS hybrid nodes (#36749) (48ace56)

Bug Fixes

• eks-v2-alpha: ensure kubectl provider and handler functions use the same vpc configuration (#36735) (4e02f08), closes #34878 #34877
• ivs-alpha: add region constraints to integration tests (#36851) (d55fec4)
• mixins-preview: apply mixins in order (#36847) (726060c)
• mixins-preview: apply mixins in order in MixinApplicator (#36877) (09db1c9), closes #36847

2.237.1-alpha.0 (2026-02-03)

... (truncated)

Commits

• 416eec3 chore: update analytics metadata blueprints
• c359329 fix: bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127)
• f1ee45c feat: update L1 CloudFormation resource definitions (#37103)
• d756201 docs(s3): fix addEventNotification docstring examples for correct Rosetta tra...
• 71d8f24 fix(events): correct docs on schema discovery and CMK encryption (#37102)
• cda96cb feat(core): introducing CDK Mixins (#37055)
• e22b50a chore: bump @​aws-cdk/asset-node-proxy-agent-v6 to ^2.1.1 (#37098)
• 69a37dc chore(jsii): upgrade toolchain and enforce strict warnings (#37091)
• 467f2b4 feat(autoscaling): add deletionProtection property to AutoScalingGroup (#36924)
• 52ac55f chore(rds): fix all rds tests (#36921)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

test/package.json

Package	Version	License	Issue Type
aws-cdk-lib	^2.241.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/@aws-cdk/cloud-assembly-schema	52.2.0	Unknown	Unknown
npm/aws-cdk-lib	2.241.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Pinned-Dependencies ⚠️ -1 internal error: internal error: invalid Dockerfile Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Binary-Artifacts ⚠️ 0 binaries present in source code
npm/aws-cdk-lib	^2.241.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml
• test/package.json