Skip to content

chore(deps): bump file-type and serverless#1492

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-2fcbd4a2f6
Open

chore(deps): bump file-type and serverless#1492
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-2fcbd4a2f6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Removes file-type. It's no longer used after updating ancestor dependency serverless. These dependencies need to be updated together.

Removes file-type

Updates serverless from 3.40.0 to 4.38.0

Release notes

Sourced from serverless's releases.

4.38.0

Features

  • Ruby 4.0 runtime support. Functions can now target the ruby4.0 Lambda runtime. (#13613)

    provider:
  name: aws
  runtime: ruby4.0

  • New ${aws:partition} variable. Resolves to the AWS partition for the deployment region (e.g. aws, aws-cn, aws-us-gov) with no network call or credentials required. Makes ARNs in your configuration portable across commercial, GovCloud, and China partitions. (#12441, #13633)

    provider:
  iam:
    role:
      managedPolicies:
        - arn:${aws:partition}:iam::aws:policy/AmazonS3ReadOnlyAccess

  • AgentCore: Python 3.14 support. Agent runtimes can now target python3.14. Runtime validation is also stronger, with supported runtimes validated against a single allowlist. (#13645)

    # AgentCore agent configuration
runtime: python3.14

Bug Fixes

  • API Gateway custom stage now used for the service endpoint URL and stage tags. When provider.apiGateway.stage is set to a value different from the deployment stage, the ServiceEndpoint output URL and the API Gateway stage tags now use that configured stage. Previously they used the deployment stage, producing an incorrect endpoint URL and attempting to tag a stage that did not exist. (#13636)

    provider:
  apiGateway:
    stage: customstage   # now reflected in ServiceEndpoint + stage tags

  • Variable resolution no longer drops placeholders during re-entrant resolution. A JavaScript or TypeScript ${file(...)} resolver that calls resolveVariable() or resolveConfigurationProperty() mid-resolution opens a nested resolution pass. Under certain async timing this could leave the outer resolution looking inactive, causing a later nested placeholder to be left unresolved. Each pass now preserves and restores its context so the full dependency chain resolves reliably. (#13635)

  • AgentCore: unpinned the default Buildpacks builder image and added a builder override. The previously hard-pinned heroku/builder digest is no longer used by default. (#13647, #13646)

Maintenance

  • Bumped the AWS SDK group with 34 updates (#13632)
  • Upgraded esbuild to 0.28.1 and tsx to 4.22.4 (#13610, #13644)
  • Upgraded Go to 1.26.4 and bumped golang.org/x/sys and golang.org/x/mod for the installer (#13618, #13614, #13650)
  • Upgraded the Jackson libraries (databind, core, annotations, datatype-joda) for the Java runtime wrapper (#13619, #13620, #13621, #13637, #13638, #13639, #13640)
  • Upgraded graphql to 16.14.0, ajv to 8.20.0, zod to 4.4.3, semver to 7.8.1, hono, @grpc/grpc-js to 1.14.4, and eventsource-parser to 3.1.0 (#13576, #13631, #13577, #13578, #13627, #13630, #13643, #13626)
  • Patched a uuid buffer-bounds advisory in the bedrock-agentcore examples (#13617)

... (truncated)

Commits
  • 56e78c1 chore: release 4.38.0 (#13651)
  • 27dacea chore(deps): bump golang.org/x/mod in /binary-installer (#13650)
  • 384a7e4 fix(agentcore): unpin heroku/builder digest; add artifact.image.builder overr...
  • ea79235 fix(api-gateway): use resolved API Gateway stage for stage tags and service e...
  • a2804b0 chore(deps): bump the npm_and_yarn group across 13 directories with 2 updates...
  • 90183bc chore(deps): update package-lock.json (#13648)
  • 64e189c feat(agentcore): support Python 3.14 and improve agent runtime validation (#1...
  • 312a842 chore(deps): bump the actions group with 2 updates (#13641)
  • fd35594 chore(deps): bump esbuild (#13644)
  • 353e0f7 chore(deps): bump @​grpc/grpc-js to 1.14.4 (#13643)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump file-type and serverless
07eb318 
Removes [file-type](https://github.com/sindresorhus/file-type). It's no longer used after updating ancestor dependency [serverless](https://github.com/serverless/serverless). These dependencies need to be updated together.


Removes `file-type`

Updates `serverless` from 3.40.0 to 4.38.0
- [Release notes](https://github.com/serverless/serverless/releases)
- [Changelog](https://github.com/serverless/serverless/blob/main/RELEASE_PROCESS.md)
- [Commits](https://github.com/serverless/serverless/compare/v3.40.0...sf-core@4.38.0)

---
updated-dependencies:
- dependency-name: file-type
  dependency-version:
  dependency-type: indirect
- dependency-name: serverless
  dependency-version: 4.38.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code labels Jun 17, 2026
@dependabot dependabot Bot requested a review from devpow112 as a code owner June 17, 2026 19:20
@dependabot dependabot Bot added dependencies Pull request that updates a dependency file auto Opened by an automated process javascript Pull requests that update JavaScript code labels Jun 17, 2026
@dependabot dependabot Bot mentioned this pull request Jun 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devpow112 devpow112 Awaiting requested review from devpow112 devpow112 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants