Skip to content

Bump serverless from 4.36.1 to 4.39.0#216

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serverless-4.39.0
Open

Bump serverless from 4.36.1 to 4.39.0#216
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serverless-4.39.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps serverless from 4.36.1 to 4.39.0.

Release notes

Sourced from serverless's releases.

4.39.0

Features

  • Sandboxes — AWS Lambda MicroVMs. First-class support for Firecracker-isolated, snapshot-booted virtual machines that you define declaratively and run on demand, with the serverless operational model (no clusters, pay per run). Define a sandbox from a local Dockerfile directory or a prebuilt s3:// zip, and configure memory, environment, lifecycle hooks, tags, and VPC egress. deploy/remove build and tear down the image and supporting resources; IAM build/execution roles are generated for you, and observability — CloudWatch logs, metric filters, alarms, and a dashboard — is enabled by default and fully customizable.

    sandboxes:
      echo:
        artifact: ./app # local directory that contains a Dockerfile
    serverless invoke --sandbox echo          # run it (with --method / --port)
    serverless logs --sandbox echo            # fetch logs
    serverless dev --sandbox echo             # local dev loop with hot reload

    Local development. serverless dev --sandbox <name> builds and runs the sandbox container on your machine and hot-reloads it as you edit — no deploy needed to iterate. Requests are relayed to the locally running container, so you get the full run/inspect loop against your real sandbox definition before anything ships to AWS.

    See the Sandboxes guide for the full configuration reference, and the serverless/examples sandboxes directory for deploy-ready examples (minimal, complete, and a self-hosted environment for Claude Managed Agent). (#13663)

  • serverless agent commands for AI coding agents. A new command namespace purpose-built for agents (Claude Code, Codex, Cursor) working with a Serverless service. (#13673)

    • serverless agent skills install installs the bundled Agent Skills into the service directory (.claude/skills/, .agents/skills/, or both — auto-detected), teaching agents how to work with the service. Idempotent, auto-refreshing when a newer CLI bundles newer skills, and ejectable per-skill.
    • serverless agent inspect returns the live AWS configuration of a deployed service's resources in a single call — a categorized inventory by default, or expanded raw AWS responses filtered by category (--functions, --api, --iam, --sandboxes, --all, …) or by AWS service. Deterministic, pipe-safe JSON/YAML output, so an agent gets the whole logical-to-physical picture without issuing dozens of aws describe-* calls itself.
    serverless agent skills install
    serverless agent inspect --functions --api

    See the Agent Skills guide for how skills are discovered, updated, and ejected, and the agent inspect reference for its full category and AWS-service filtering options.

Maintenance

  • Runtime dependency bumps: @aws-sdk/util-arn-parser (#13680), a batch of 11 patch-level updates (#13677), and other routine bumps (#13666).
  • Development and CI tooling: dev-dependency group updates (#13676), lint-staged 16 → 17 (#13678), and GitHub Actions bumps (#13667); constrained https-proxy-agent to a range that keeps Node 18 support (#13686).

4.38.1

Maintenance

  • Upgraded undici to 6.27.0, clearing security advisories reported against earlier versions of the bundled HTTP client: a Set-Cookie SameSite attribute downgrade (GHSA-g8m3-5g58-fq7m), HTTP header injection via Set-Cookie percent-decoding (GHSA-p88m-4jfj-68fv), and a WebSocket client denial-of-service (GHSA-vxpw-j846-p89q). (#13657)

4.38.0

Features

  • Ruby 4.0 runtime support. Functions can now target the ruby4.0 Lambda runtime. (#13613)

    provider:

... (truncated)

Commits
  • 79b5cbb chore: release 4.39.0 (#13693)
  • 421f7af feat(sandboxes): summarize sandbox config in the analysis event (#13692)
  • 6db7ff1 chore(deps): bump archiver from 7.0.1 to 8.0.0 (#13690)
  • 3397042 chore(deps): bump @​slack/web-api from 7.15.2 to 7.18.0 (#13689)
  • 950ff75 chore(deps): bump mongodb from 7.2.0 to 7.4.0 (#13691)
  • 475a746 chore(deps): bump date-fns from 4.1.0 to 4.4.0 (#13688)
  • c28d78a chore(deps-dev): bump lint-staged (#13687)
  • b81ed32 fix(agent): inspect returns a graceful not-deployed result for a missing stac...
  • bde0dda chore(deps): ignore https-proxy-agent >=9 (drops Node 18 support) (#13686)
  • 862501f chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.7 (#13678)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [serverless](https://github.com/serverless/serverless) from 4.36.1 to 4.39.0.
- [Release notes](https://github.com/serverless/serverless/releases)
- [Changelog](https://github.com/serverless/serverless/blob/main/RELEASE_PROCESS.md)
- [Commits](https://github.com/serverless/serverless/compare/sf-core@4.36.1...sf-core@4.39.0)

---
updated-dependencies:
- dependency-name: serverless
  dependency-version: 4.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants