chore(deps): bump the aws-cdk group across 1 directory with 3 updates

[dependabot]

Bumps the aws-cdk group with 3 updates in the / directory: @aws-cdk/toolkit-lib, aws-cdk-lib and aws-cdk.

Updates @aws-cdk/toolkit-lib from 1.14.1 to 1.14.2

Release notes

Sourced from @​aws-cdk/toolkit-lib's releases.

@​aws-cdk/toolkit-lib@​v1.14.2

1.14.2 (2026-01-28)

Commits

• 203898c chore(deps-dev): bump eslint-plugin-jest and @​cdklabs/typewriter (#1096)
• ef9d2b4 chore(deps-dev): bump eslint-plugin-jsdoc from 50.8.0 to 62.4.1 (#1068)
• 4edd1d1 chore(deps-dev): bump aws-cdk-lib from 2.232.2 to 2.235.1 in /packages/@​aws-c...
• See full diff in compare view

Updates aws-cdk-lib from 2.236.0 to 2.237.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.237.0

⚠ BREAKING CHANGES

• iam: Receivers of IEncryptedResource objects now have fewer guarantees about the shape of the object. If you still require an IResource, change the type to IEncryptedResource & IResource and/or add a type guard check using Resource.isResource(). Implementations of IEncryptedResource no longer need to implement IResource but must continue to implement IEnvironmentAware. Since IResource extends IEnvironmentAware, there is no change for implementors. Calls to GrantableResources.isEncryptedResource() now require an IEnvironmentAware argument instead of IConstruct.

Features

• eks: add OidcProviderNative using L1 and deprecate OpenIdConnectProvider custom resource (#36589) (09383cb)
• eks: add support overwriteServiceAccount prop in service account construct (#36751) (3aa38f6)
• kms: make trustAccountIdentities optional in KeyGrants (#36786) (06676ac)
• lambda: add observability support for kafka event source mappings (#36808) (dd8b419)
• update L1 CloudFormation resource definitions (#36799) (7ecd0a9)
• opensearchservice: support OI2 instance type with local NVMe storage (#36700) (034baf3), closes #36698

Bug Fixes

• iam: IEncryptedResource extends IEnvironmentAware instead of IResource (#36787) (90ad834)

---

Alpha modules (2.237.0-alpha.0)

Features

• bedrock-agentcore-alpha: add support for custom claims and scopes to runtime/gateway authorizers (#36810) (a3abcd0)
• eks-v2-alpha: pass additional helm chart values to aws-load-balancer-controller (#36754) (cf61814), closes /github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml#L199
• mixins-preview: align Mixins API with latest RFC proposal (#36825) (82c2fdb)
• mixins-preview: handle destination bucket with KMS keys (#36776) (950401f)

Bug Fixes

• bedrock-agentcore-alpha: construct ID collision when multiple schemas are set (#36565) (9ebfb62), closes #36559

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.237.0-alpha.0 (2026-02-02)

Features

• bedrock-agentcore-alpha: add support for custom claims and scopes to runtime/gateway authorizers (#36810) (a3abcd0)
• eks-v2-alpha: pass additional helm chart values to aws-load-balancer-controller (#36754) (cf61814), closes /github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml#L199
• mixins-preview: align Mixins API with latest RFC proposal (#36825) (82c2fdb)
• mixins-preview: handle destination bucket with KMS keys (#36776) (950401f)

Bug Fixes

• bedrock-agentcore-alpha: construct ID collision when multiple schemas are set (#36565) (9ebfb62), closes #36559

2.236.0-alpha.0 (2026-01-23)

Features

• bedrock-agentcore-alpha: added episodic memory strategy (#36591) (21dcfc6)
• bedrock-agentcore-alpha: added gateway interceptors (#36604) (ba8aa48)
• bedrock-agentcore-alpha: make physical name properties optional for AgentCore resources (#36354) (5137d81), closes #36341
• mixins-preview: expose BucketPolicyStatementsMixin publicly (#36771) (458156d)
• sagemaker: add containerStartupHealthCheckTimeoutInSeconds support for EndpointConfig (#35626) (47d707a), closes #35566

Bug Fixes

• eks-v2-alpha: ensure kubectl provider access entry is depended upon by downstream resources (#36734) (e104f45), closes #34898 #34897

2.235.1-alpha.0 (2026-01-19)

2.235.0-alpha.0 (2026-01-15)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: The User Pool Client will be replaced and new Resource Server and Domain resources will be added for existing Gateway stacks using the default Cognito authorizer.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Bug Fixes

• bedrock-agentcore-alpha: default Cognito User Pool for AgentCore Gateway is not set up for M2M authentication. (#36323) (5a5605a)

... (truncated)

Commits

• b019939 chore: update analytics metadata blueprints
• 43ee898 chore(release): 2.237.0
• 84899f9 chore(rds): postgres 16.11 (#36821)
• dd8b419 feat(lambda): add observability support for kafka event source mappings (#36808)
• 3aa38f6 feat(eks): add support overwriteServiceAccount prop in service account constr...
• 7ecd0a9 feat: update L1 CloudFormation resource definitions (#36799)
• 09383cb feat(eks): add OidcProviderNative using L1 and deprecate OpenIdConnectProvide...
• ba1a10e docs(bedrock): update readme (#36761)
• 034baf3 feat(opensearchservice): support OI2 instance type with local NVMe storage (#...
• c075d0e Merge branch 'main' into merge-back/2.236.0
• Additional commits viewable in compare view

Updates aws-cdk from 2.1103.0 to 2.1104.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1104.0

2.1104.0 (2026-01-28)

Features

• deps: upgrade aws-cdk-lib (#1060) (706f37a)

Commits

• 203898c chore(deps-dev): bump eslint-plugin-jest and @​cdklabs/typewriter (#1096)
• 0460def chore(deps): bump @​aws-sdk/client-ec2 from 3.953.0 to 3.977.0 (#1082)
• ef9d2b4 chore(deps-dev): bump eslint-plugin-jsdoc from 50.8.0 to 62.4.1 (#1068)
• 089d83c chore(deps): bump @​aws-sdk/client-lambda from 3.953.0 to 3.975.0 (#1081)
• 706f37a feat(deps): upgrade aws-cdk-lib (#1060)
• 2081080 chore(deps): bump @​aws-sdk/client-codebuild from 3.953.0 to 3.975.0 (#1061)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dreamorosi]

Integration tests are green.