chore(deps): bump aws-sdk and serverless

[dependabot]

Removes aws-sdk. It's no longer used after updating ancestor dependency serverless. These dependencies need to be updated together.

Removes aws-sdk

Updates serverless from 3.40.0 to 4.34.0

Release notes

Sourced from serverless's releases.

4.34.0

Features

Serverless Framework

• Added S3 Files support for Lambda file system configuration. Lambda functions can now mount Amazon S3 Files in addition to EFS via fileSystemConfig. The file system type is auto-detected from literal ARNs; for CloudFormation references, specify type: s3files explicitly. The framework automatically generates the correct IAM permissions (s3files:ClientMount/s3files:ClientWrite) and validates VPC configuration. Fully backward compatible — existing EFS configurations work unchanged. Read more in the docs. (#13493)

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: arn:aws:s3files:us-east-1:111111111111:file-system/fs-abc123/access-point/fsap-abc123
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

When using CloudFormation references, set the type explicitly:

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn
      type: s3files
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

Bug Fixes

Serverless Framework

• Fixed min-release-age not being applied during framework distribution builds. The root .npmrc was silently ignored by npm because it reads project config from the nearest package.json directory. Added per-package .npmrc files to packages/framework-dist and packages/sf-core-installer to enforce a 3-day cooldown on newly published dependencies. Also added check-latest: true to CI setup-node steps to ensure consistent npm versions across runners. (#13476)

Maintenance

• Upgraded Go from 1.26.1 to 1.26.2 in binary-installer to fix 5 vulnerabilities in std/crypto/tls, std/crypto/x509, and std/archive/tar (#13492)
• Upgraded hono to 4.12.12 and @hono/node-server to 1.19.13 to fix 6 security vulnerabilities including middleware bypass via repeated slashes (GHSA-wmmm-f939-6g9c, GHSA-92pp-h63x-v22m), path traversal in toSSG() (GHSA-xf4j-xp2r-rqqx), incorrect IP matching (GHSA-xpcf-pg52-r92g), and cookie handling bypasses (GHSA-26pp-8wgv-hjvm, GHSA-r5rp-j6wh-rvv4). Upgraded Pygments to 2.20.0 to fix a ReDoS vulnerability (#13489)

... (truncated)

Commits

• 730f8cc chore: release 4.34.0 (#13494)
• 1a8498c feat: add S3 Files support for Lambda file system configuration (#13493)
• b20c672 chore(deps): fix Go stdlib vulnerabilities in binary-installer (#13492)
• 924ff7a chore(deps): fix hono, @​hono/node-server, and Pygments vulnerabilities (#13489)
• 9884713 fix: add min-release-age to distributed package directories (#13476)
• 80f6753 chore: add third-party license attributions for integrated plugins (#13487)
• 15071ae chore(deps): upgrade eslint to v10 and @​eslint/js to v10 (#13477)
• d21bb09 chore: release 4.33.3 (#13472)
• 987afbb chore(deps): bump the aws-sdk group with 30 updates (#13473)
• 8e7b077 chore(deps): bump the aws-sdk group (#13471)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.