chore(deps): Bump the cdk-deps group across 1 directory with 4 updates

[dependabot]

Bumps the cdk-deps group with 3 updates in the /cdk directory: aws-cdk-lib, black and pytest.

Updates aws-cdk-lib from 2.241.0 to 2.248.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.248.0

Bug Fixes

• eks: downgrade isolated subnet validation from error to warning (#37500) (470856c), closes #37491

---

Alpha modules (2.248.0-alpha.0)

v2.247.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name property is now immutable. aws-eks: AWS::EKS::Capability: EKS_CAPABILITY_ACK_S3_LOGS vended log type removed.

Features

• update L1 CloudFormation resource definitions (#37410) (bd2c318)
• apigatewayv2: add role support for lambda authorizers (#35706) (2fb2f16), closes #35696
• batch: skip unregister job definition on update (#36011) (2fb2240)
• elasticloadbalancingv2: jwt verification for application load balancer (#36099) (aacd28a), closes #36096

Bug Fixes

• bump brace-expansion from 5.0.3 to 5.0.5 to address CVE-2026-33750 (#37379) (69cf4c9)
• prevent prototype pollution in 2 APIs (#37453) (1016537)
• aws-cdk-lib: condensed stack trace hides namespaced package name (#37413) (cb8e7fb)

---

Alpha modules (2.247.0-alpha.0)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

v2.246.0

Features

• bedrock: add MiniMax and GLM foundation model identifiers (#37348) (2015344), closes #37347

Bug Fixes

• dynamodb: throw error when grantee is an unsupported ServicePrincipal (#37335) (d12754f), closes #35817 aws/aws-cdk#37273
• lambda-nodejs: use powershell for spawn steps on Windows (#37412) (a92105c), closes #37387
• core: noisy property deprecation warnings (#37415) (4fd0002), closes #37407

Reverts

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

... (truncated)

Commits

• b5670b3 chore(release): 2.248.0 (#37509)
• 693603e chore(release): 2.248.0
• 9aceb58 chore(merge-back): 2.247.0 (#37506)
• 78536e6 Merge branch 'main' into merge-back/2.247.0
• 322299f chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group...
• 470856c fix(eks): downgrade isolated subnet validation from error to warning (#37500)
• 0fbaf7a docs(mixins): expand mixin guidelines with when-not-to-use criteria, auxiliar...
• f50b8a4 chore(release): 2.247.0 (#37497)
• 447ac6c chore: trigger build
• 7b6c66f chore: update analytics metadata blueprints
• Additional commits viewable in compare view

Updates constructs from 10.5.1 to 10.6.0

Release notes

Sourced from constructs's releases.

v10.6.0

10.6.0 (2026-03-23)

Features

• add stackTraceOverride option to MetadataOptions (#2853) (f1fd286)

Commits

• f1fd286 feat: add stackTraceOverride option to MetadataOptions (#2853)
• 809d63a chore(deps): upgrade dev dependencies (#2852)
• c2298f1 chore(deps): upgrade dev dependencies (#2851)
• eb0d022 chore(deps): upgrade dev dependencies (#2850)
• 780040f chore(deps): upgrade dev dependencies (#2849)
• See full diff in compare view

Updates black from 26.3.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Changelog

Sourced from black's changelog.

Version 26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Commits

• c6755bb Prepare release 26.3.1 (#5046)
• 69973fd Harden blackd browser-facing request handling (#5039)
• 4937fe6 Fix some shenanigans with the cache file and IPython (#5038)
• 2e641d1 docs: remove outdated Black Playground references (#5044)
• c014b22 Remove unused internal code (#5041)
• 0dae20b Add new changelog (#5036)
• c5c1cbd Minor release patches (#5035)
• 7e5a828 docs: clarify relationship between Black style and PEP 8 (#5025)
• 69705de docs: add clearer pyproject configuration guidance (#5026)
• See full diff in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions