Upgrade: [dependabot] - bump aws-cdk-lib from 2.223.0 to 2.225.0

[dependabot]

Bumps aws-cdk-lib from 2.223.0 to 2.225.0.

Release notes

Sourced from aws-cdk-lib's releases.

v2.225.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

  • aws-dynamodb: AWS::DynamoDB::GlobalTable: ResourcePolicy property is now required.

Features

• update L1 CloudFormation resource definitions (#36082) (3df1d81)
• custom-resource: add External ID support for AwsCustomResource (#35252) (9f6c02b), closes #34018
• route53: support restricting delegated zone names when using grantDelegation (#35129) (d832aca)

Bug Fixes

• aws-cdk-lib: temporary Cloud Assemblies are not cleaned up (#36043) (1ace1ef), closes #802
• cognito: remove overly strict validation for threat protection on non-PLUS plans (#36027) (172c65f), closes #36023
• s3-deployment: Source.jsonData() fails with null JSON values (#36054) (67b85f2), closes #36052

Reverts

• (dynamodb) revert Table.table field to private to fix .NET naming (#36029) (d84fce8), closes #36025 #35554

---

Alpha modules (2.225.0-alpha.0)

v2.224.0

⚠ BREAKING CHANGES

• aws-cdk-lib: Reference interfaces (such as IBucketRef, IRoleRef, etc.) were moved to a new aws-cdk-lib.interfaces submodule to prevent cyclic dependencies between service modules. If you are importing reference interfaces, you have to update import statements accordingly. See #36060 for full details.
• Amazon.CDK.Lib (.NET): The .NET namespace for multiple submodules has changed. If you are using any of the renamed submodules, you have to update using statements for these submodules. See #36037 for full details.
• L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-opensearchserverless: AWS::OpenSearchServerless::Collection: StandbyReplicas property is now immutable. aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: Id attribute removed.

Features

• apigateway: add option for consolidating lambda permissions for rest and http lambda integrations (#36021) (35f8e46), closes #9327 #19535 #35705
• update L1 CloudFormation resource definitions (#35994) (47a9a20)
• core: add methods to SecretValue and aws-secretsmanager Secret to obtain a literal (unresolved by CloudFormation) dynamic reference key (#34397) (#35105) (457aa99), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/secret-value.ts#L98C17-L98C31 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-secretsmanager/lib/secret.ts#L499
• eks: add support for Kubernetes version 1.34 (#36016) (60096ac), closes #35717
• lambda: add nodejs24.x runtime for Lambda (#36001) (404bf1a)
• sagemaker: add support for serverless inference endpoints (#35557) (3f5c5ac), closes #23148 #23148
• stepfunctions-tasks: add architecture support to EvaluateExpression (#35468) (771ea13), closes #34974

Bug Fixes

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.225.0-alpha.0 (2025-11-17)

2.224.0-alpha.0 (2025-11-13)

Features

• imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789

2.223.0-alpha.0 (2025-11-10)

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

... (truncated)

Commits

• 440742a chore: update analytics metadata blueprints
• 3df1d81 feat: update L1 CloudFormation resource definitions (#36082)
• 9f6c02b feat(custom-resource): add External ID support for AwsCustomResource (#35252)
• af61744 chore(ec2): add VPC interface endpoints for Cognito (#35984)
• 5b58c56 chore(rds): add support for 8.0.mysql_aurora.3.11.0 (#36026)
• a119de5 chore(rds): deprecate MySQL versions 5.7.44, 8.0.32-36 (#35949)
• a2df80e chore(rds): add PostgreSQL extended support versions 11.22-rds.20250814, 12.2...
• 900d7f7 chore(rds): add MariaDB versions 10.6.23, 10.11.14, and 11.4.8 (#35896)
• 26a33bc chore(rds): deprecate Aurora MySQL versions 3.05.2-3.07.1 (#35952)
• b293fd8 chore(rds): deprecate Aurora PostgreSQL versions 13.11-13, 14.8-10, 15.3-5 (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

This PR is raised by Dependabot to update a dependency.

[eps-autoapprove-dependabot]

I'm approving this pull request because it includes a patch or minor update

[eps-autoapprove-dependabot]

I'm approving this pull request because it includes a patch or minor update

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[eps-autoapprove-dependabot]

I'm approving this pull request because it includes a patch or minor update