chore(deps-dev): bump aws-cdk-lib from 2.213.0 to 2.221.1 in /src/loyalty-point-service

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps aws-cdk-lib from 2.213.0 to 2.221.1.

Release notes

Sourced from aws-cdk-lib's releases.

v2.221.1

Bug Fixes

• compilation failure in Go (#35871) (4379f66), closes aws/aws-cdk#35770 #35862

---

Alpha modules (2.221.1-alpha.0)

v2.221.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-datazone: AWS::DataZone::ProjectProfile: Id property removed.
• aws-logs: AWS::Logs::DeliveryDestination: DeliveryDestinationType attribute removed.
• aws-s3: AWS::S3::AccessGrantsLocation: IamRoleArn property is now required.
• aws-s3: AWS::S3::AccessGrantsLocation: LocationScope property is now required.
• aws-servicecatalog: AWS::ServiceCatalog::TagOptionAssociation: Id attribute removed.

Features

• update L1 CloudFormation resource definitions (#35816) (82bef28)
• agentcore: add agentcore L2 constructs for 1p tools (#35577) (3087ffa)
• agentcore: add agentcore runtime L2 construct (#35623) (c57484a)
• ecr: image tag mutability exclusion filters (#35246) (f6dd5cf), closes #35454
• ecs: implement IConnectable interface for ManagedInstancesCapacityProvider (#35745) (fd5ff76)
• kinesisfirehose: support DeliveryStream record format conversion for S3 Bucket Destination (#35410) (79bcba2), closes #15501 aws/aws-cdk#15501
• update L1 CloudFormation resource definitions (#35769) (a165905)

Bug Fixes

• ecs-patterns: resolve target group conflict when updating ALB internetFacing or loadBalancerName (under feature flag) (#35508) (69b9c03), closes #33253 #33253 #33253
• lambda: can't find entry file under ESM module system (#35797) (7becd79), closes #21630
• lambda-runtime: change fallback for latest lambda node runtime to node 22.x (#35764) (10fcb1b)
• opensearchservice: add i8g nodes validation without EBS (#35668) (9594842), closes #35666
• s3-deployment: handle empty string in Source.data() (#35824) (95c8d73), closes #35809
• stepfunctions-tasks: allow passing apiEndpoint as intrinsic function (under feature flag) (#32139) (ddfef06), closes #29925 #29925 #30749

---

Alpha modules (2.221.0-alpha.0)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

v2.220.0

⚠ BREAKING CHANGES

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

Features

• msk-alpha: support Kafka 4.1 (#35759) (67539de)

Bug Fixes

• elasticache-alpha: cannot import Redis 7 serverless cache (#35629) (2bde1a0)

2.220.0-alpha.0 (2025-10-14)

Bug Fixes

• amplify-alpha: handle empty customResponseHeaders array (#35700) (57f9068), closes #35693

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

2.216.0-alpha.0 (2025-09-22)

2.215.0-alpha.0 (2025-09-15)

Bug Fixes

• bedrock-alpha: added missing validation when prompt uses default variant (#35366) (cbd271e)

2.214.0-alpha.0 (2025-09-02)

Features

• bedrock-alpha: add guardrails l2 construct (#34765) (b4fdb2b)
• eks-v2-alpha: support eks with k8s 1.33 (#34713) (c24565e), closes #34520 #34911
• s3tables-alpha: add TablePolicy support to L2 construct library (#35223) (2741dfb), closes #33054

2.213.0-alpha.0 (2025-08-27)

... (truncated)

Commits

• 4379f66 fix: compilation failure in Go (#35871)
• 780ae85 chore: resolve merge conflict
• 287e1fa chore(release): 2.221.0
• 36140d1 revert: feat(core): cfn constructs (L1s) can now accept constructs as paramet...
• 159703c chore: update analytics metadata blueprints
• 1d2725c chore(release): 2.221.0
• 95c8d73 fix(s3-deployment): handle empty string in Source.data() (#35824)
• c5e7f21 feat(core): cfn constructs (L1s) can now accept constructs as parameters for ...
• 10fcb1b fix(lambda-runtime): change fallback for latest lambda node runtime to node 2...
• 82bef28 feat: update L1 CloudFormation resource definitions (#35816)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

PR Review: aws-cdk-lib Dependency Update

✅ Review Complete - Dependency update looks good!

Todo List:

• Read the changed package files
• Check for CDK code in loyalty-point-service to assess impact
• Review release notes for breaking changes and security fixes
• Analyze potential compatibility issues
• Provide review feedback

---

Review Findings

✅ Code Quality & Best Practices

• Clean dependency update: The change is minimal and focused - only updating aws-cdk-lib from ^2.213.0 to ^2.221.1 in package.json:32
• Proper semver handling: Using caret range (^2.221.1) allows patch updates while maintaining compatibility
• Lock file consistency: package-lock.json properly reflects the exact version resolution

✅ Security Assessment

• Security improvements included: Version 2.221.1 includes bug fixes, including a Go compilation issue fix
• No security vulnerabilities introduced: This is a routine maintenance update from AWS CDK team
• Dependency scope: Correctly placed in devDependencies as this is build-time tooling

⚠️ Breaking Changes Analysis

The update spans multiple versions (2.213.0 → 2.221.1) and includes breaking changes that should be monitored:

Version 2.221.0 Breaking Changes:

• aws-datazone: AWS::DataZone::ProjectProfile - Id property removed
• aws-logs: AWS::Logs::DeliveryDestination - DeliveryDestinationType attribute removed
• aws-s3: AWS::S3::AccessGrantsLocation - IamRoleArn and LocationScope properties now required
• aws-servicecatalog: AWS::ServiceCatalog::TagOptionAssociation - Id attribute removed

Impact Assessment: ✅ LOW RISK - The loyalty-point-service CDK code (lib/loyalty-api/loyaltyApiStack.ts:8) uses standard constructs (Lambda, DynamoDB, API Gateway, EventBridge, Secrets Manager, SSM) and doesn't appear to use the affected L1 resources.

✅ Performance Considerations

• Build performance: No performance impact expected - this is a build-time dependency
• Bundle size: CDK libraries don't affect runtime bundle size as they're used only during deployment

❓ Test Coverage Recommendations

• Integration testing: Consider running CDK synthesis tests (cdk synth) to ensure no breaking changes affect the stack
• Deployment verification: Test deployment to a dev environment before production use
• Regression testing: Verify that existing CDK constructs still generate expected CloudFormation

📋 Action Items for Team

1. Monitor deployment: Watch for any CDK synthesis or deployment issues in dev/staging
2. Update dependencies: Consider updating the companion aws-cdk CLI version from 2.103.1 to match
3. Version alignment: The aws-cdk-lib is now at ^2.221.1 while aws-cdk CLI is at 2.103.1 - consider aligning these versions

Overall Assessment: ✅ APPROVED

This is a well-managed dependency update that brings security fixes and new features while maintaining compatibility with the existing CDK infrastructure code. The breaking changes don't affect this service's usage patterns.