chore(deps): Bump the cdk-deps group across 1 directory with 4 updates

[dependabot]

Bumps the cdk-deps group with 3 updates in the /cdk directory: aws-cdk-lib, black and pytest.

Updates aws-cdk-lib from 2.220.0 to 2.222.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.222.0

⚠ BREAKING CHANGES

• bedrock-agentcore: The signature of RuntimeAuthorizerConfiguration.usingCognito() has changed to accept IUserPool and IUserPoolClient constructs instead of string parameters, and now supports multiple clients.

Features

• apigateway: add binaryMediaTypes property to SpecRestApi (#35502) (bf10d94), closes #35498
• apigatewayv2: WebSocketStage support accessLogSettings (#34766) (dad112e), closes #21935
• bedrock-agentcore: use IUserPool and IUserPoolClient interfaces instead of string identifiers (#35860) (a38afc9), closes #35854
• core: IEnvironmentAware interface to retrieve a construct's environment (#35817) (8ee5d4b)
• elasticloadbalancingv2: create security group settings for NLB by default (under feature flag) (#34675) (ff83cfd), closes #34606 aws/aws-cdk#34606
• events-targets: support Amazon Data Firehose target using Firehose's IDeliveryStream (#33798) (a374b6b), closes #33757 #33758
• kinesisfirehose: add built-in data processors to decompress CloudWatch logs and extract messages (#33749) (5dec21e), closes #33691 #20242 aws/aws-cdk#33691
• lambda: add Java25 runtime for Lambda (#35867) (db71fac)
• lambda: add Python 3.14 runtime for Lambda (#35869) (ebef303)
• memory: add agentcore memory l2 construct (#35757) (6a2e17e)
• msk: support Express brokers (#34741) (0a69e5f), closes #32923

Bug Fixes

• agentcore: addToRolePolicy for runtime with imported role destroys and recreates policies on every deployment (#35842) (92525e4), closes #35844 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-base.ts#L253
• agentcore: custom execution role policy for runtime lacks proper permissions (#35849) (ee94b63), closes #35852 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts#L65 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts#L252-L259 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L693 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1468 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts#L1161
• dynamodb: addToResourcePolicy has no effect (#35554) (94d7e34), closes #35062
• ecs: remove empty CfnClusterCapacityProviderAssociations resource (#35783) (c8a131b), closes #35699 #35742
• iam: cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method (#32984) (a07d75a), closes #32980 aws/aws-cdk#32984
• compilation failure in Go (#35871) (5e4f603), closes aws/aws-cdk#35770 #35862
• ec2: remove PassRole policy emitted by cloudwatch vpc flow destination (#35762) (c4b80df), closes #35729

---

Alpha modules (2.222.0-alpha.0)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

v2.221.1

Bug Fixes

• compilation failure in Go (#35871) (4379f66), closes aws/aws-cdk#35770 #35862

---

Alpha modules (2.221.1-alpha.0)

v2.221.0

⚠ BREAKING CHANGES

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

2.216.0-alpha.0 (2025-09-22)

2.215.0-alpha.0 (2025-09-15)

Bug Fixes

... (truncated)

Commits

• 184b345 chore(release): 2.222.0 (#35939)
• b4d0a62 chore(release): update changelog
• cfc74ed chore: update analytics metadata blueprints
• 1ee40ad chore(release): 2.222.0
• dad112e feat(apigatewayv2): WebSocketStage support accessLogSettings (#34766)
• f618638 chore: fix Python TypeError: Cannot create a consistent method resolution ord...
• 2cdfc8a fix(eks-v2-alpha): remove hyphen from Go package name (#35927)
• de261c0 chore: update Contributors File (#35915)
• ee94b63 fix(agentcore): custom execution role policy for runtime lacks proper permiss...
• ebef303 feat(lambda): add Python 3.14 runtime for Lambda (#35869)
• Additional commits viewable in compare view

Updates constructs from 10.4.2 to 10.4.3

Release notes

Sourced from constructs's releases.

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

• deps: upgrade to jsii & typescript 5.9 (#2823) (02796b2)

Commits

• 02796b2 fix(deps): upgrade to jsii & typescript 5.9 (#2823)
• f62df72 chore(deps): upgrade dev dependencies (#2822)
• 56d6cbf chore(deps): upgrade dev dependencies (#2821)
• a37b483 chore(deps): upgrade cdklabs-projen-project-types (#2819)
• 7826d73 chore(deps): upgrade dev dependencies (#2820)
• bbbf608 chore(deps): upgrade dev dependencies (#2818)
• 7c1b1ad chore(deps): upgrade dev dependencies (#2817)
• 27ec512 chore(deps): upgrade dev dependencies (#2816)
• 6e7e0a2 chore(deps): upgrade dev dependencies (#2815)
• e71d235 chore(deps): upgrade dev dependencies (#2814)
• Additional commits viewable in compare view

Updates black from 25.9.0 to 25.11.0

Release notes

Sourced from black's releases.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Changelog

Sourced from black's changelog.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Commits

• 05f0a8c Prepare for 25.11.0 release (#4825)
• ae17c61 Fix tests on pytest 9 (#4835)
• 138745e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...
• 18170d6 ci: add label for running all builds on a pull request (#4833)
• 0e793e3 fix windows wheels (#4830)
• b71f36c Use build[uv] as cibuildwheel frontend (#4831)
• a7bd594 Skip free threaded builds in cibuildwheel (#4829)
• 862dee9 Update cibuildwheel (#4828)
• b5f354c build: restrict to pytest 9.0 due to breakage in custom pytest_configure (#4827)
• f705197 t-string support (#4805)
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.0

Release notes

Sourced from pytest's releases.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

  Each assert failure or error is caught by the context manager and reported individually, giving a clear picture of all files that are missing a docstring.

  In addition, unittest.TestCase.subTest is now also supported.

  This feature was originally implemented as a separate plugin in pytest-subtests, but since then has been merged into the core.

  [!NOTE] This feature is experimental and will likely evolve in future releases. By that we mean that we might change how subtests are reported on failure, but the functionality and how to use it are stable.

• #13743: Added support for native TOML configuration files.

  While pytest, since version 6, supports configuration in pyproject.toml files under [tool.pytest.ini_options], it does so in an "INI compatibility mode", where all configuration values are treated as strings or list of strings. Now, pytest supports the native TOML data model.

  In pyproject.toml, the native TOML configuration is under the [tool.pytest] table.

  # pyproject.toml
  [tool.pytest]
  minversion = "9.0"
  addopts = ["-ra", "-q"]
  testpaths = [
      "tests",
      "integration",
  ]

... (truncated)

Commits

• f4b0fd2 Prepare release version 9.0.0
• 52d8e68 Merge pull request #13889 from bluetech/regendoc-restore
• d6d3e4a doc: fixes for regendoc
• 7cb3974 doc: restore missing "# content of pytest.toml" regendoc commands
• 5ae9e47 build(deps): Bump django in /testing/plugins_integration (#13881)
• adb3658 Merge pull request #13864 from bluetech/config-cleanups-2
• a28c08e Merge pull request #13875 from bluetech/ci-tweaks
• a250954 ci: split publish-to-pypi and push-tag jobs
• ebc152f ci: update setup python's from 3.11 or 3.* to 3.13
• dfd796f ci: move running update-plugin-list script to tox
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.