chore(deps): bump @pulumi/awsx from 2.22.0 to 3.5.0 in /deploy/pulumi

[dependabot]

Bumps @pulumi/awsx from 2.22.0 to 3.5.0.

Release notes

Sourced from @​pulumi/awsx's releases.

v3.5.0

What's Changed

• Update module github.com/go-jose/go-jose/v3 to v3.0.5 [SECURITY] by @​pulumi-renovate[bot] in pulumi/pulumi-awsx#1923
• Update workflows from source by @​corymhall in pulumi/pulumi-awsx#1924
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1925
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1931
• Pass region through awsx.ec2.Vpc child resources by @​corymhall in pulumi/pulumi-awsx#1942

Full Changelog: pulumi/pulumi-awsx@v3.4.0...v3.5.0

v3.4.0

What's Changed

• Update vulnerable dependencies [SECURITY] by @​pulumi-renovate[bot] in pulumi/pulumi-awsx#1918
• Regenerate awsx artifacts for @​pulumi/aws 7.24.0 by @​corymhall in pulumi/pulumi-awsx#1919
• Filter generated SDK docs by language by @​corymhall in pulumi/pulumi-awsx#1920
• Fix classic exactOptionalPropertyTypes typings by @​corymhall in pulumi/pulumi-awsx#1922

Full Changelog: pulumi/pulumi-awsx@v3.3.1...v3.4.0

v3.3.1

What's Changed

• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1901
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1903
• Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] by @​pulumi-renovate[bot] in pulumi/pulumi-awsx#1879
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1904
• Testing out new review by @​corymhall in pulumi/pulumi-awsx#1906
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1911
• Add validation for duplicate subnet types without unique names by @​jkodroff in pulumi/pulumi-awsx#1914
• Revert auto subnet default merging by @​corymhall in pulumi/pulumi-awsx#1916

Full Changelog: pulumi/pulumi-awsx@v3.3.0...v3.3.1

v3.3.0

What's Changed

• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1870
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1872
• Upgrade golangci-lint to v2 by @​pulumi-bot in pulumi/pulumi-awsx#1875
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1880
• ec2/vpc: restore IPv6 subnet assignment defaults by @​corymhall in pulumi/pulumi-awsx#1882
• docs: add AI contribution guardrails and refresh contributor docs by @​corymhall in pulumi/pulumi-awsx#1885
• ci: add gh-aw PR review + slash-command re-review workflows by @​corymhall in pulumi/pulumi-awsx#1886
• ci: fix gh-aw reviewer activation secret validation by @​corymhall in pulumi/pulumi-awsx#1889
• Fix gh-aw rereview target resolution for review outputs by @​corymhall in pulumi/pulumi-awsx#1893
• Update GitHub Actions workflows. by @​pulumi-provider-automation[bot] in pulumi/pulumi-awsx#1896
• Combined dependencies PR by @​pulumi-bot in pulumi/pulumi-awsx#1895
• Bump the npm_and_yarn group across 1 directory with 2 updates by @​dependabot[bot] in pulumi/pulumi-awsx#1871
• Bump the go_modules group across 4 directories with 2 updates by @​dependabot[bot] in pulumi/pulumi-awsx#1877

... (truncated)

Commits

• d4b0300 Pass region through awsx.ec2.Vpc child resources (#1942)
• d4a1616 Update GitHub Actions workflows. (#1931)
• 3f4cb80 Update GitHub Actions workflows. (#1925)
• c1ee76a Update workflows from source (#1924)
• 016d221 Update module github.com/go-jose/go-jose/v3 to v3.0.5 [SECURITY] (#1923)
• ed8ac5b Fix classic exactOptionalPropertyTypes typings (#1922)
• 32a86d6 Filter generated SDK docs by language (#1920)
• 881d696 Regenerate awsx artifacts for @​pulumi/aws 7.24.0 (#1919)
• 7edf59b Update vulnerable dependencies [SECURITY] (#1918)
• 33fda4f Revert auto subnet default merging (#1916)
• Additional commits viewable in compare view

---

Note

Medium Risk
Dependency-only change, but it upgrades @pulumi/awsx across a major version which can introduce breaking IaC behavior or provider defaults during deployments.

Overview
Updates the Pulumi deployment package to use @pulumi/awsx ^3.5.0 (from the ^2.x line), pulling in the latest AWSX changes and security dependency updates.

^{Reviewed by Cursor Bugbot for commit 30e2fe0. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 214d766. Configure here.}

[cursor]

Major awsx v3 likely incompatible with @pulumi/aws v6

Medium Severity

@pulumi/awsx is bumped from v2 to v3 (a major version change), but @pulumi/aws remains at ^6.0.0. The awsx v3 release notes indicate it was regenerated for @pulumi/aws 7.24.0, meaning v3 likely has a peer dependency on @pulumi/aws v7+. This version mismatch could cause npm install failures due to peer dependency conflicts or subtle runtime incompatibilities. The @pulumi/aws dependency needs to be bumped to v7 to match.

 

^{Reviewed by Cursor Bugbot for commit 214d766. Configure here.}

[github-actions]

PR Metrics

Metric	Value
Lines changed (prod code)	+1 / -1
JS bundle size (gzipped)	🟢 1.02 MB → 1.02 MB (-5.1 KB, -0.5%)
Test coverage	🟢 70.31% → 70.50% (+0.2%)
Load time (preview)	Preview not ready — Render deploy may have timed out

Updated Wed, 22 Apr 2026 20:03:37 GMT · run #1126