Skip to content

chore(deps): bump file-type and serverless#1504

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-8dc231c8e4
Open

chore(deps): bump file-type and serverless#1504
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-8dc231c8e4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Removes file-type. It's no longer used after updating ancestor dependency serverless. These dependencies need to be updated together.

Removes file-type

Updates serverless from 3.40.0 to 4.39.0

Release notes

Sourced from serverless's releases.

4.39.0

Features

  • Sandboxes — AWS Lambda MicroVMs. First-class support for Firecracker-isolated, snapshot-booted virtual machines that you define declaratively and run on demand, with the serverless operational model (no clusters, pay per run). Define a sandbox from a local Dockerfile directory or a prebuilt s3:// zip, and configure memory, environment, lifecycle hooks, tags, and VPC egress. deploy/remove build and tear down the image and supporting resources; IAM build/execution roles are generated for you, and observability — CloudWatch logs, metric filters, alarms, and a dashboard — is enabled by default and fully customizable.

    sandboxes:
      echo:
        artifact: ./app # local directory that contains a Dockerfile
    serverless invoke --sandbox echo          # run it (with --method / --port)
    serverless logs --sandbox echo            # fetch logs
    serverless dev --sandbox echo             # local dev loop with hot reload

    Local development. serverless dev --sandbox <name> builds and runs the sandbox container on your machine and hot-reloads it as you edit — no deploy needed to iterate. Requests are relayed to the locally running container, so you get the full run/inspect loop against your real sandbox definition before anything ships to AWS.

    See the Sandboxes guide for the full configuration reference, and the serverless/examples sandboxes directory for deploy-ready examples (minimal, complete, and a self-hosted environment for Claude Managed Agent). (#13663)

  • serverless agent commands for AI coding agents. A new command namespace purpose-built for agents (Claude Code, Codex, Cursor) working with a Serverless service. (#13673)

    • serverless agent skills install installs the bundled Agent Skills into the service directory (.claude/skills/, .agents/skills/, or both — auto-detected), teaching agents how to work with the service. Idempotent, auto-refreshing when a newer CLI bundles newer skills, and ejectable per-skill.
    • serverless agent inspect returns the live AWS configuration of a deployed service's resources in a single call — a categorized inventory by default, or expanded raw AWS responses filtered by category (--functions, --api, --iam, --sandboxes, --all, …) or by AWS service. Deterministic, pipe-safe JSON/YAML output, so an agent gets the whole logical-to-physical picture without issuing dozens of aws describe-* calls itself.
    serverless agent skills install
    serverless agent inspect --functions --api

    See the Agent Skills guide for how skills are discovered, updated, and ejected, and the agent inspect reference for its full category and AWS-service filtering options.

Maintenance

  • Runtime dependency bumps: @aws-sdk/util-arn-parser (#13680), a batch of 11 patch-level updates (#13677), and other routine bumps (#13666).
  • Development and CI tooling: dev-dependency group updates (#13676), lint-staged 16 → 17 (#13678), and GitHub Actions bumps (#13667); constrained https-proxy-agent to a range that keeps Node 18 support (#13686).

4.38.1

Maintenance

  • Upgraded undici to 6.27.0, clearing security advisories reported against earlier versions of the bundled HTTP client: a Set-Cookie SameSite attribute downgrade (GHSA-g8m3-5g58-fq7m), HTTP header injection via Set-Cookie percent-decoding (GHSA-p88m-4jfj-68fv), and a WebSocket client denial-of-service (GHSA-vxpw-j846-p89q). (#13657)

4.38.0

Features

  • Ruby 4.0 runtime support. Functions can now target the ruby4.0 Lambda runtime. (#13613)

    provider:

... (truncated)

Commits
  • 79b5cbb chore: release 4.39.0 (#13693)
  • 421f7af feat(sandboxes): summarize sandbox config in the analysis event (#13692)
  • 6db7ff1 chore(deps): bump archiver from 7.0.1 to 8.0.0 (#13690)
  • 3397042 chore(deps): bump @​slack/web-api from 7.15.2 to 7.18.0 (#13689)
  • 950ff75 chore(deps): bump mongodb from 7.2.0 to 7.4.0 (#13691)
  • 475a746 chore(deps): bump date-fns from 4.1.0 to 4.4.0 (#13688)
  • c28d78a chore(deps-dev): bump lint-staged (#13687)
  • b81ed32 fix(agent): inspect returns a graceful not-deployed result for a missing stac...
  • bde0dda chore(deps): ignore https-proxy-agent >=9 (drops Node 18 support) (#13686)
  • 862501f chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.7 (#13678)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Removes [file-type](https://github.com/sindresorhus/file-type). It's no longer used after updating ancestor dependency [serverless](https://github.com/serverless/serverless). These dependencies need to be updated together.


Removes `file-type`

Updates `serverless` from 3.40.0 to 4.39.0
- [Release notes](https://github.com/serverless/serverless/releases)
- [Changelog](https://github.com/serverless/serverless/blob/main/RELEASE_PROCESS.md)
- [Commits](https://github.com/serverless/serverless/compare/v3.40.0...sf-core@4.39.0)

---
updated-dependencies:
- dependency-name: file-type
  dependency-version:
  dependency-type: indirect
- dependency-name: serverless
  dependency-version: 4.39.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code labels Jul 14, 2026
@dependabot dependabot Bot requested a review from devpow112 as a code owner July 14, 2026 21:53
@dependabot dependabot Bot added dependencies Pull request that updates a dependency file auto Opened by an automated process javascript Pull requests that update JavaScript code labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants