Bump the cdk group with 3 updates

[dependabot]

Bumps the cdk group with 3 updates: @guardian/cdk, aws-cdk and aws-cdk-lib.

Updates @guardian/cdk from 61.4.0 to 61.10.1

Release notes

Sourced from @​guardian/cdk's releases.

v61.10.1

Patch Changes

• 0b264a3: Fix resource property of guard duty IAM role for ECS task pattern

v61.10.0

Minor Changes

• 9db50ef: Add required permissions to GuEcsTask pattern for guard duty sidecar container

Patch Changes

• 6c611c8: Broaden CDK peer dependency ranges to allow any aws-cdk/construct version provided more recent than the specified version

v61.9.0

Minor Changes

• 339c2e9: Improves the safety of the new deployment mechanism for services which scale horizontally.

  As part of this the default and maxValue properties of the MinInstancesInServiceFor<app> parameter (which is used by Riff-Raff) have been removed.

Patch Changes

• 888d5e2: Update aws-cdk to 2.1018.0, aws-cdk-lib to 2.200.1, constructs to 10.4.2

v61.8.2

Patch Changes

• 1336b63: Update import path of ContainerInsights.

v61.8.1

Patch Changes

• 2ec1d32: chore(deps): bump codemaker from 1.111.0 to 1.112.0

v61.8.0

Minor Changes

• 0cc9129: Addition of slow start mode support for GuEc2AppExperimental.

  We recommend enabling this setting if you run a high-traffic service, particularly if it is JVM-based.

v61.7.0

Minor Changes

• d1ee03a: feat(GuEc2App): Replace enabledDetailedInstanceMonitoring optional property with mandatory instanceMetricGranularity property

  Specifying how an ASG service should be monitored is now explicitly required. When detailed monitoring is enabled, EC2 metrics are produced at a higher granularity of one minute (default is five minutes). This should allow for earlier horizontal scaling and provide more detail during incident triage.

... (truncated)

Changelog

Sourced from @​guardian/cdk's changelog.

61.10.1

Patch Changes

• 0b264a3: Fix resource property of guard duty IAM role for ECS task pattern

61.10.0

Minor Changes

• 9db50ef: Add required permissions to GuEcsTask pattern for guard duty sidecar container

Patch Changes

• 6c611c8: Broaden CDK peer dependency ranges to allow any aws-cdk/construct version provided more recent than the specified version

61.9.0

Minor Changes

• 339c2e9: Improves the safety of the new deployment mechanism for services which scale horizontally.

  As part of this the default and maxValue properties of the MinInstancesInServiceFor<app> parameter (which is used by Riff-Raff) have been removed.

Patch Changes

• 888d5e2: Update aws-cdk to 2.1018.0, aws-cdk-lib to 2.200.1, constructs to 10.4.2

61.8.2

Patch Changes

• 1336b63: Update import path of ContainerInsights.

61.8.1

Patch Changes

• 2ec1d32: chore(deps): bump codemaker from 1.111.0 to 1.112.0

61.8.0

Minor Changes

• 0cc9129: Addition of slow start mode support for GuEc2AppExperimental.

  We recommend enabling this setting if you run a high-traffic service, particularly if it is JVM-based.

61.7.0

... (truncated)

Commits

• 9a90a16 Merge pull request #2705 from guardian/changeset-release/main
• 0ee8de1 Bump package version
• 4366fcf Merge pull request #2704 from guardian/pm-fix-guardutypolicy
• 32b10b2 Format
• 0b264a3 Add changeset
• 2241a4a Use arn rather than url for runtime monitoring policy resource
• 9dc7d63 Bump package version (#2701)
• 0f20a6d Merge pull request #2703 from guardian/pm-fix-guard-duty-ecs-task
• abae67b Make changeset more accurate
• 3979291 Limit repository to location in ireland of guardduty container
• Additional commits viewable in compare view

Updates aws-cdk from 2.1007.0 to 2.1024.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1024.0

2.1024.0 (2025-08-06)

Features

• add message about unconfigured feature flags when user runs cdk synth (#765) (a94b241)
• cli: update Go init templates to v1.23.0 and add post-install tidy (#768) (8be6aad)

aws-cdk@v2.1023.0

2.1023.0 (2025-07-29)

Features

• modify a single feature flag configuration (#738) (969c499)

aws-cdk@v2.1022.0

2.1022.0 (2025-07-24)

Features

• cli: --no-version-reporting equals --no-telemetry for cli telemetry and library metadata exclusion (#718) (d40bf52)
• cli: cli-telemetry status command (#697) (666f1b9), closes #631
• cli: send telemetry events to local file (#631) (a6755f0)
• cli: telemetry event deploy (#698) (d441f68), closes #631

Bug Fixes

• cli: running --telemetry-file without the --unstable option creates a telemetry file (#731) (cde4468)

aws-cdk@v2.1021.0

2.1021.0 (2025-07-16)

Features

• "cdk flags" command reports active and missing feature flags (unstable) (#699) (d62b991)
• diff shows moved resources (#708) (6beac2b)
• modification is forbidden during a refactor (#667) (66594fd)
• overrides to resolve mapping ambiguities (#679) (fdec382)
• toolkit-lib: list action contains metadata (#719) (d71960e), closes #501

... (truncated)

Commits

• 8be6aad feat(cli): update Go init templates to v1.23.0 and add post-install tidy (#768)
• 2877f4c chore(cli): refactor command throws error on failure (#737)
• edef43c chore(cli): funnel (#760)
• a94b241 feat: add message about unconfigured feature flags when user runs cdk synth...
• c6e6c46 chore(cli): move sinks into their own folder (#759)
• f224645 chore(deps): upgrade dependencies (#741)
• 969c499 feat: modify a single feature flag configuration (#738)
• 2f44d1e chore: typo in readme (#739)
• b0e6bc0 chore(deps): bump axios from 1.10.0 to 1.11.0 (#735)
• d441f68 feat(cli): telemetry event deploy (#698)
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.189.0 to 2.210.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.210.0

Reverts

• ecs: add support for native blue/green deployments in ECS L2 (#35061) (#35170) (88696e9), closes #35167

---

Alpha modules (2.210.0-alpha.0)

Features

• glue-alpha: add optional metrics control for cost optimization (#35154) (6e24133), closes #35149

v2.209.1

Bug Fixes

• eks: fix helm commands not running ecr public login (#35161) (d860ee8)

---

Alpha modules (2.209.1-alpha.0)

Bug Fixes

• eks-v2-alpha: fix helm commands not running ecr public login (#35162) (6c2a8b8)

v2.209.0

Features

• ecs: add support for native blue/green deployments in ECS L2 (#35061) (3723aca), closes #35010
• add new field to feature flag report (#35108) (8bff8f9)
• inferenceprofiles: add inference and cross-region inference pro… (#35048) (87770ef)
• deprecating delete existing field in ARecord (#35039) (49b2627), closes #34230
• s3-tables: add L2 construct support for Table and Namespace resources (#35023) (576c9ec), closes #33054

Bug Fixes

• app-staging-synthesizer: custom bootstrap qualifier is not passed through to deployment role name (#35118) (6525d51), closes #28195 #28195
• codebuild: support Windows Server Core 2022 image with on-demand capacity (#35152) (a595884), closes #29754
• eks: remove usage of shell=True in helm commands (#35148) (918593d)
• eks-v2: remove usage of shell=True in helm commands (#35141) (cd9d69c)
• rds: can not lookup VPC Security Groups with fromLookup method (#34906) (ae87e26)

---

Alpha modules (2.209.0-alpha.0)

v2.208.0

Features

• update L1 CloudFormation resource definitions (#35054) (a2b3e78)
• region-info: add support for region ap-southeast-6 (#35036)

Bug Fixes

• core: Tag must have a value error is impossible to attribute to a specific tag (#35091) (6c4181b)

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.210.0-alpha.0 (2025-08-06)

Features

• glue-alpha: add optional metrics control for cost optimization (#35154) (6e24133), closes #35149

2.209.1-alpha.0 (2025-08-06)

Bug Fixes

• eks-v2-alpha: fix helm commands not running ecr public login (#35162) (6c2a8b8)

2.209.0-alpha.0 (2025-08-05)

2.208.0-alpha.0 (2025-07-29)

Features

• glue: throw ValidationError instead of untyped errors (#35084) (1e20df6)

2.207.0-alpha.0 (2025-07-24)

2.206.0-alpha.0 (2025-07-16)

2.205.0-alpha.0 (2025-07-15)

2.204.0-alpha.0 (2025-07-04)

Features

• lambda-python-alpha: support uv (#33880) (ac6f136), closes #31238 #32413

2.203.1-alpha.0 (2025-07-02)

2.203.0-alpha.0 (2025-07-01)

Features

• ec2: support for client route enforcement for client VPN endpoint (#34405) (063f4e7)

... (truncated)

Commits

• 29e15ae chore: update analytics metadata blueprints
• 88696e9 revert(ecs): add support for native blue/green deployments in ECS L2 (#35061)...
• e128b29 chore(kms): add new enum values for kms (#35139)
• 26cb806 chore(release): 2.209.0 (#35159)
• 5b272a9 chore: update analytics metadata blueprints
• 24bbced fix(logs): revert "exposed metric from the metric filter will now include the...
• 6c4181b fix(core): Tag must have a value error is impossible to attribute to a spec...
• 1da883e chore(dependencies): build with upgraded dependencies fails (#34957)
• a2b3e78 feat: update L1 CloudFormation resource definitions (#35054)
• 81fe660 fix(custom-resources): use loggingFormat instead of deprecated logFormat (#35...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.