Skip to content

Bump serverless from 4.36.1 to 4.37.0#211

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serverless-4.37.0
Closed

Bump serverless from 4.36.1 to 4.37.0#211
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serverless-4.37.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps serverless from 4.36.1 to 4.37.0.

Release notes

Sourced from serverless's releases.

4.37.0

Features

  • New serverless diff command for previewing changes against the deployed stack. Packages the service locally and renders a structured diff — resources, IAM grants, security groups, parameters, outputs — against the CloudFormation stack currently in AWS. A Function Code section reports per-function code changes by comparing local zip hashes against each Lambda's CodeSha256. Especially useful in CI and PR-review workflows. --json emits a machine-readable summary; --package <path> reuses an existing artifact directory to skip the auto-package step. Docs. (#13602)

    serverless diff
    serverless diff --json
    serverless diff --package .serverless
  • TypeScript files supported in ${file()} variable references. The ${file(...)} variable resolver now loads .ts, .mts, and .cts modules in addition to JavaScript, with no separate build step required. All export shapes — default object, async default function, named export, named-export function with property selector, and injected resolveVariable / resolveConfigurationProperty callbacks — behave identically across JavaScript and TypeScript sources. Docs. (#13590)

    // scripts/secrets.ts
    export const getSecrets = async () => ({ apiKey: process.env.API_KEY })
    custom:
      secrets: ${file(./scripts/secrets.ts):getSecrets}
  • Custom .env file locations and explicit opt-out via useDotenv. Previously a boolean. Now accepts a path or array of paths to load additional .env files alongside the local .env / .env.${stage} already loaded automatically — useful for monorepos sharing variables across services. useDotenv: false is now honored as the documented opt-out. Debug logging at core:resolver:env surfaces which files loaded and which keys came from each (visible with SLS_DEBUG=*; keys only, never values). Docs. Closes #10641. (#13597)

    useDotenv: ../shared           # load files from a sibling directory
    # useDotenv:                   # …or a list — earlier entries win
    #   - ./overrides.env
    #   - ../
    # useDotenv: false             # disable all .env loading
  • CloudWatch Logs Infrequent Access log class. Opt-in logs.logGroupClass: infrequent_access at provider or function level provisions an Infrequent Access log group alongside the standard one, wires Lambda's LoggingConfig.LogGroup to write to it, and applies DeletionPolicy: Retain so its history survives stack updates and removals. The standard sibling is always created so pre-existing logs at the default path are preserved during migration. Services that do not opt in produce an identical CloudFormation template. Docs. Closes #12278. (#13601)

    provider:
      logs:
        lambda:
          logGroupClass: infrequent_access   # service-wide default
    functions:
    realTimeReports:
    handler: handler.reports
    logs:
    logGroupClass: standard            # override per function

    Note: AWS does not allow the class of an existing log group to be changed in place. serverless logs -f <function> cannot read Infrequent Access groups — use CloudWatch Logs Insights instead. Once an IA log group has been retained out of the stack, re-enabling infrequent_access later for the same function will fail with ResourceAlreadyExistsException unless the orphaned group is first deleted or imported back into the stack.

... (truncated)

Commits
  • 4ec3c03 chore: release 4.37.0 (#13606)
  • 34fd88c fix: make ${file(.ts)} and serverless diff work in the published distribu...
  • 8efe699 docs(menu): register diff command and alphabetize CLI Reference (#13608)
  • 8576307 chore(deps): bump @​smithy/util-retry (#13607)
  • 3a4cb54 feat: add 'diff' command to preview changes against the deployed stack (#13602)
  • 4c5ad90 feat: support CloudWatch Logs Infrequent Access log class (#13601)
  • c612af4 feat: support TypeScript files in ${file()} variable resolver (#13590)
  • 53d132a chore(deps): bump the aws-sdk group across 1 directory with 34 updates (#13605)
  • d98240e feat: add batching to reconcile command for large-scale instance reconciliati...
  • 9ff8846 feat: support ECR repository image retention via lifecycle policy (#13584)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [serverless](https://github.com/serverless/serverless) from 4.36.1 to 4.37.0.
- [Release notes](https://github.com/serverless/serverless/releases)
- [Changelog](https://github.com/serverless/serverless/blob/main/RELEASE_PROCESS.md)
- [Commits](https://github.com/serverless/serverless/compare/sf-core@4.36.1...sf-core@4.37.0)

---
updated-dependencies:
- dependency-name: serverless
  dependency-version: 4.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 3, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #215.

@dependabot dependabot Bot closed this Jun 22, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/serverless-4.37.0 branch June 22, 2026 23:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants