chore(deps): Bump the cdk-deps group across 1 directory with 3 updates

[dependabot]

Bumps the cdk-deps group with 2 updates in the /cdk directory: aws-cdk-lib and black.

Updates aws-cdk-lib from 2.235.0 to 2.241.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.241.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-codedeploy: AWS::CodeDeploy::DeploymentGroup: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#37103) (f1ee45c)
• autoscaling: add deletionProtection property to AutoScalingGroup (#36924) (467f2b4)
• core: introducing CDK Mixins (#37055) (cda96cb)
• eks: add support for Kubernetes version 1.35 (#37065) (909fca3), closes #36920 #36016 cdklabs/awscdk-asset-kubectl#2669 #37070 #36950 #36016
• s3: attribute-based access control (#36229) (9ec4db3)

Bug Fixes

• bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127) (c359329), closes #37100
• dynamodb: fix SID for grants on multi-account global tables (#37057) (98d5e82)
• rds: correct engine version deprecation tags and add missing versions (#37080) (127b359), closes #37079 #36937

---

Alpha modules (2.241.0-alpha.0)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

v2.240.0

Features

• update L1 CloudFormation resource definitions (#37039) (17b2d93)
• eks-v2: graduate to stable 🚀 (#36950) (a7de51c)
• update L1 CloudFormation resource definitions (#37034) (62d40f8)

Bug Fixes

• bump minimatch to ^10.2.1 to resolve ReDoS vulnerability (GHSA-3ppc-4f35-3m26) (#37027) (e48ea41)

---

Alpha modules (2.240.0-alpha.0)

v2.239.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-licensemanager: AWS::LicenseManager::License: Beneficiary property is now required aws-licensemanager: AWS::LicenseManager::License: ProductSKU property is now required aws-sagemaker: AWS::SageMaker::Cluster: Orchestrator.Eks property is now immutable

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473
• bedrock-agentcore-alpha: added new target type (api gateway) in agentcore gateway target. (#36841) (0842754), closes #36817
• mixins-preview: add ECS ClusterSettingsMixin (#36796) (b8ab5be)
• mixins-preview: add s3 bucket mixin for publicAccessBlock (#36905) (feed4b2)
• mixins-preview: send Vended Logs to pre-created DeliveryDestination using toDestination() (#36896) (48f1fe6)

Bug Fixes

• redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE (#36516) (ea19e5c), closes #36416

2.238.0-alpha.0 (2026-02-09)

Features

• eks-v2-alpha: add support for bootstrapSelfManagedAddons (#36740) (1ffe38d)
• eks-v2-alpha: add support for EKS hybrid nodes (#36749) (48ace56)

Bug Fixes

• eks-v2-alpha: ensure kubectl provider and handler functions use the same vpc configuration (#36735) (4e02f08), closes #34878 #34877
• ivs-alpha: add region constraints to integration tests (#36851) (d55fec4)
• mixins-preview: apply mixins in order (#36847) (726060c)
• mixins-preview: apply mixins in order in MixinApplicator (#36877) (09db1c9), closes #36847

2.237.1-alpha.0 (2026-02-03)

... (truncated)

Commits

• 5cc30e0 chore(release): 2.241.0 (#37135)
• 8020bb5 Update CHANGELOG.v2.md
• 416eec3 chore: update analytics metadata blueprints
• c7a6027 chore(release): 2.241.0
• c359329 fix: bump minimatch to ^10.2.3 to resolve ReDoS vulnerabilities (#37127)
• f1ee45c feat: update L1 CloudFormation resource definitions (#37103)
• 9c24f86 chore(msk-alpha): fix integ tests - update deprecated Kafka versions (#37084)
• d756201 docs(s3): fix addEventNotification docstring examples for correct Rosetta tra...
• 71d8f24 fix(events): correct docs on schema discovery and CMK encryption (#37102)
• cda96cb feat(core): introducing CDK Mixins (#37055)
• Additional commits viewable in compare view

Updates constructs from 10.4.5 to 10.5.1

Release notes

Sourced from constructs's releases.

v10.5.1

10.5.1 (2026-02-19)

Bug Fixes

• provide default implementation of with() on Node class (#2848) (f0f37e5)

v10.5.0

10.5.0 (2026-02-17)

Features

• mixin: add IMixin interface and Construct.with() method (#2843) (0f1005b)

Commits

• f0f37e5 fix: provide default implementation of with() on Node class (#2848)
• a00cc11 chore(deps): upgrade dev dependencies (#2846)
• 0f1005b feat(mixin): add IMixin interface and Construct.with() method (#2843)
• eb900d5 chore(deps): upgrade dev dependencies (#2845)
• 9c4d938 chore(deps): upgrade dev dependencies (#2844)
• 8bfbd10 chore: enforce consistent type imports and exports (#2842)
• 8fb617a chore(deps): upgrade dev dependencies (#2841)
• cbf7407 chore(deps): upgrade dev dependencies (#2840)
• See full diff in compare view

Updates black from 26.1.0 to 26.3.0

Release notes

Sourced from black's releases.

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

• Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

• Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

• Remove unused gallery script (#5030)
• Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using psf/black@stable, and is independent of the version of Black installed by the

... (truncated)

Changelog

Sourced from black's changelog.

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

• Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

• Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

• Remove unused gallery script (#5030)
• Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using

... (truncated)

Commits

• 35ea679 Prepare release 26.3.0 (#5032)
• 4d81750 Remove gallery/ (#5030)
• 0a2560b Harden Black action version parsing (#5031)
• deab5d6 Revert "Bump hatch from 1.15.1 to 1.16.4" (#5028)
• 2beece7 Bump hatch from 1.15.1 to 1.16.4 (#5020)
• d764c0b Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5024)
• f5be8e0 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#5019)
• 8b9d3e3 add winloop support and remove deprecated functionality from uvloop (#4996)
• 457320a [pre-commit.ci] pre-commit autoupdate (#5018)
• 4da809e Do not encourage the use of an obsolete GitHub Actions (#5016)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions