Update dependency serverless to v4 (main) by mend-for-github-com[bot] · Pull Request #74 · Nexmo/amazon-transcribe-call

mend-for-github-com · 2026-02-11T02:17:44Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
serverless	dependencies	major	`^1.47.0` → `^4.0.0`

By merging this PR, the issue #20 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2020-12265	Unreachable
Critical	9.8	CVE-2021-44906	Unreachable
Critical	9.8	CVE-2021-44906	Unreachable
High	8.8	CVE-2022-0235	Unreachable
High	8.8	CVE-2022-0235	Unreachable
High	7.8	CVE-2021-43138	Unreachable
High	7.5	CVE-2019-20149	Unreachable
High	7.5	CVE-2022-24785	Unreachable
High	7.5	CVE-2022-31129	Unreachable
High	7.5	CVE-2024-21538	Unreachable
High	7.5	CVE-2026-27904	Unreachable
High	7.5	WS-2020-0044	Unreachable
High	7.3	CVE-2020-7788	Unreachable
High	7.2	CVE-2021-23337	Unreachable
Medium	6.5	CVE-2020-8244	Unreachable
Medium	6.5	CVE-2026-2950	Unreachable
Medium	5.6	CVE-2020-7598	Unreachable
Medium	5.6	CVE-2020-7598	Unreachable
Medium	5.3	CVE-2017-16137	Unreachable
Medium	5.3	CVE-2021-23413	Unreachable
Low	3.1	CVE-2025-5889	Unreachable
Low	2.6	CVE-2020-15168	Unreachable
Low	2.6	CVE-2020-15168	Unreachable
Low	2.5	CVE-2025-54798	Unreachable
Low	2.5	CVE-2025-54798	Unreachable

Release Notes

serverless/serverless (serverless)

`v4.0.0`

Compare Source

`v3.40.0`: 3.40.0 (2024-12-17)

Compare Source

Bug Fixes

enable compatibility for loading native ES modules with require() (#12950) (8b960a2)

Comparison since last release

`v3.39.0`: 3.39.0 (2024-06-04)

Compare Source

Features

Add support for java21 runtime (#12273) (#12274) (e4dfebd)
Update custom resources to node18 (d40e9f4)

Bug Fixes

pin install.sh to v3 (0f52de4)

Comparison since last release

`v3.38.0`: 3.38.0 (2023-11-21)

Compare Source

Features

Add support for provided.al2023 runtime (#12263) (6cdf14e)

Comparison since last release

`v3.37.0`: 3.37.0 (2023-11-16)

Compare Source

Features

Add support for nodejs20.x runtime (#12251) (f3f0af8)

Bug Fixes

bump platform-client version for axios (#12260) (10980b9)
Update pkg config to include axios cjs (#12261) (b21afaf)

Comparison since last release

`v3.36.0`: 3.36.0 (2023-10-23)

Compare Source

Features

Improved dashboard documentation and gitignore (#12176) (eb462ed)

Bug Fixes

Dashboard documentation improvements (bb4d7c8)
Fix menu for dashboard documentation (8f266af)
Improve dashboard documentation (ad8bbf1)
Improve dashboard documentation (f67df7f)
Minor dashboard doc improvements (#12177) (f1fa19c)

Comparison since last release

`v3.35.2`: 3.35.2 (2023-09-16)

Compare Source

Bug Fixes

Adjust copy for clarity (#12162) (101ce53)

Comparison since last release

`v3.35.1`: 3.35.1 (2023-09-16)

Compare Source

Bug Fixes

Do not use isDashboard in onboarding flow (#12160) (1f8d786)

Comparison since last release

`v3.35.0`: 3.35.0 (2023-09-15)

Compare Source

Features

Make dashboard monitoring opt-out (#12138) (45cbd52)
Post deploy serverless dashboard integration (#12063) (66e3107), closes #12059
Remove Console Login (#12153) (590bb7e)
Remove Dashboard onboarding from framework (#12151) (6ee277d)
Upgrade to @serverless/dashboard-plugin (#12157) (f057629)

Bug Fixes

Adjust providers endpoint (#12154) (9b770a2), closes #12151
Check for Serverless Dashboard IAM stack prior to creation (#12147) (bf518b9)
Handle account being integrated with an existing org (#12149) (561a875)
Local credentials should be resolved in onboarding command (#12148) (307865d)
recognize ap-south-2 as a valid AWS region (#12129) (b09d0d6)

Comparison since last release

`v3.34.0`: 3.34.0 (2023-08-03)

Compare Source

Features

Python 3.11 support (#12085) (f5d143a)

Bug Fixes

AWS Schedule: Fix IAM role assignment (#12030) (e1039de)

Maintenance Improvements

Remove got dependency (#12040) (1775c90)

Comparison since last release

`v3.33.0`: 3.33.0 (2023-06-26)

Compare Source

Features

AWS Deploy: Recognize ruby3.2 runtime (#12004) (0a0a4fc) (Ryan Rickerts)
AWS MSK: Support AT_TIMESTAMP starting position (#12034) (483ea16) (Ben)

Bug Fixes

AWS ALB: Recognize CIDR format at ip configuration (#11889) (04db0f0) (Inqnuam)
AWS Websocket: Fix internal authorizers handling (#11871) (a50773b) (James Kyburz)
Packaging: Fix merging DependsOn from user resources (#12009) (4582913) (Kirill Khoroshilov)

Comparison since last release

`v3.32.2`: 3.32.2 (2023-06-02)

Compare Source

Maintenance Improvements

Telemetry: Report installed docker version (39806d6) (Mariusz Nowak)

Comparison since last release

`v3.32.1`: 3.32.1 (2023-06-01)

Compare Source

Bug Fixes

AWS Deploy: Revert broken vpc configuration on custom resources (#12001) (d0e3056) (Mariusz Nowak)

Comparison since last release

`v3.32.0`: 3.32.0 (2023-05-31)

Compare Source

Features

AWS Lambda:
- Response streaming for Lambda URL (#11907) (3afb71e) (Goran Rakic)
- Do not recognize dropped nodejs12.x runtime (#11995) (032e43c) (Mariusz Nowak)
AWS Deploy: --minify-template CLI param (#11980) (4d64730) (Mieszko Kycermann)

Bug Fixes

AWS ALB: Allow multiple http-header conditions (#11888) (72b27cb) (Inqnuam)
AWS CloudFront: Accept CF intrinsic functions in behavior (#11994) (41e90c3) (antoniogomezm)
AWS Deploy:
- Ensure vpc configuration on custom resources (#11985) (f2d1e23) (Lokesh Jawale)
- Fix default runtime resolution (#11995) (943bf6d) (Mariusz Nowak)
AWS Lambda: Recognize only valid .NET runtimes (#11960) (dd081bb) (Stuart Lang)

Maintenance Improvements

Telemetry: Inspect docker availability (#11999) (83670f9) (Mariusz Nowak)
Console: Added warning about dev mode (#11975) (e5cb8ac) (Dan Jarvis)
Packaging: Warn on inffective functions[].package config (#11974) (88099ad) (Lokesh Jawale)

Comparison since last release

`v3.31.0`: 3.31.0 (2023-05-17)

Compare Source

Features

AWS Schedule: AWS::Scheduler::Schedule based triggers (#11935) (34d922d) (Tie)
AWS Kinesis: More reliable consumer naming mode (#9706) (9d7b121) (Peter Reshetin)
AWS Lambda:
- Recognize java17 runtime (#11938) (e1703c8) (Baerten Dennis)
- Recognize python3.10 runtime (#11922) (8341d7a) (t3yamoto)
- Recognize new .NET runtimes (#11941) (314f32c) (Graham Campbell)
AWS EventBridge: Recognize $or in pattern property (#11967) (d6de334) (Mitch Dempsey)

Bug Fixes

AWS CloudWatch: Ensure no circular resource references (#11893) (75ce58b) (Rob Nielsen)
AWS Deploy: Fix provider.layers support in deploy function cmd (#11972) (ed15cb2) (Mariusz Nowak)

Maintenance Improvements

AWS Lambda: Remove references to deprecated runtimes (#11940) (fe6e0a6) (Bartłomiej Szostek)

Comparison since last release

`v3.30.1`: 3.30.1 (2023-04-06)

Compare Source

Bug Fixes

Ensure to not login back accidentaly on logout operation (#11900) (ec9eac4) (Mariusz Nowak)

Comparison since last release

`v3.30.0`: 3.30.0 (2023-04-05)

Compare Source

Features

Console Dev Mode onboarding via dev command (#11896) (73d0dc6)

Bug Fixes

AWS Deploy: Fix handling of inactive CloudFormation stack state (0d850fc), closes #11863

Maintenance Improvements

Remove BbPromise.bind usage (#11875) (30dd50a)

Comparison since last release

`v3.29.0`: 3.29.0 (2023-03-24)

Compare Source

Features

Console: Retain console properties on function deploy (#11849) (4ee5505) () (Dan Jarvis)
AWS CLoudFront: Recognize OriginAccessControlId field (#11855) (9339377) (Jonathan Keslin)
AWS EventBridge: Support description property (#11821) (2efe816) (Anthony Roussel)

Bug Fixes

AWS Lambda:
- Fix function references when represented by alias (#11788) (16dd286) (Rob Nielsen)
- Fix runtimeManagment handling (#11778) (8db2f4c) (Himanshu Pant)
AWS API Gateway: Fix support for provider.apiGateway.stage (#11772) (6fe2ea5) (Charlie Benger-Stevenson)
Do not crash on null resource properties input (#11789) (86bb67d) (SleepWithCoffee)

Maintenance Improvements

AWS Lambda: Improve function deploy skip message (#11779) (ad8c24e) (Midhun Rajendran)
lodash replacement:
- Replace _.entries with Object.entries (#11793) (1181780) (SleepWithCoffee)
- Replace _.fromPairs with Object.fromEntries (#11794) (03d3ab3) (SleepWithCoffee)
bluebird replacement:
- Replace BbPromise.each with native counterpart (#11797) (5068516) (SleepWithCoffee)
** async/await refactor:**
- In lib/classes convert promise returning functions to async functions (#11851) (77c91f2) (SleepWithCoffee)

Comparison since last release

`v3.28.1`: 3.28.1 (2023-03-02)

Compare Source

Maintenance Improvements

Supress AWS SDK v2 deprecation message (#11769) (74c3ae0) (Mariusz Nowak)

Comparison since last release

`v3.28.0`: 3.28.0 (2023-02-28)

Compare Source

Features

AWS Lambda:
- Ensure logs:TagResource permission to IAM role (#11766) (7410275) (Martin Gerlach)
- Recognize CF functions at .provisionedConcurrency (#11760) (56d8bec) (ROSeaboyer)
- Support runtimeManagement config (#11715) (18d4d69) (ROSeaboyer)
AWS Schedule: Support CF instrinsic functions at .rate (#11714) (fc6bd57) (ROSeaboyer)

Bug Fixes

CLI Onboarding: Don't crash if Dashboard server is inaccessible (#11712) (983a3b9) (Mariusz Nowak)

Comparison since last release

`v3.27.0`: 3.27.0 (2023-01-26)

Compare Source

Features

AWS EventBridge: Support functions[].events[].eventBridge.name (#11690) (b925c4c) (ROSeaboyer)
AWS ActiveMQ: Support functions[].events[].filterPatterns (#11656) (1b55710) (Shreyance Jain)
AWS Kafka: Support functions[].events[].filterPatterns (#11645) (6a5e8d9) (Jason Rowsell)
AWS MSK: Support functions[].events[].filterPatterns (#11636) (63584a9) (Shreyance Jain)
AWS RabbitMQ: Support functions[].events[].filterPatterns (#11659) (e769570) (Shreyance Jain)
AWS CloudFront: Recognize behavior.ResponseHeadersPolicyId (#11633) (906ea31) (Jason Rowsell)
AWS SNS: Support functions[].events[].filterPolicyScope (#11644) (b7d6af6) (Jason Rowsell)
AWS SQS: Support functions[].events[].sqs.maximumConcurrency (#11678) (57f2719) (Jason Rowsell)
AWS Lambda: Recognize ap-southeast-4 Melbourne region (#11700) (6591504) (Sam Chung)
Recognize Fn::Base64 as CloudFormation instruction (#11671) (f020bd8) (Ron Korving)
Remove support for Serverless Tencent CLI (#11658) (0a148b4) (Mariusz Nowak)

Maintenance Improvements

AWS SQS: Optimize IAM permissions generation (#11685) (99cd9e6) (ROSeaboyer)
Console: Improve warning message (#117009) (2198799) (Mariusz Nowak)

Comparison since last release

`v3.26.0`: 3.26.0 (2022-12-22)

Compare Source

Features

Plugins: Support variables in configuration extensions (#11558) (968ddd5) (Marco Kleinlein)
AWS Lambda: functions[].snapStart support (#11576) (adf11b7) (Baerten Dennis)
provider.logDataProtectionPolicy and functions[].logDataProtectionPolicy (#11599) (2a5e11a) (timo92)
Support .cjs and .mjs configuration extensions (#11586) (9d57933) (Florian Proksch)

Bug Fixes

Variables: Support empty string environment variables (#11629) (022db9c) (Jason Rowsell)
AWS Local Invoke: Revert breaking jackson-databind upgrade (#11589) (f00eb82) (Geoff Denning)

Maintenance Improvements

Isolate import invocations (#11587) (fe62096) (Mariusz Nowak)
Remove no longer applicable setting (#11608) (dd5b8f6) (Mariusz Nowak)
Support relative paths in import-esm util (#11593) (fcf17a6) (Mariusz Nowak)
Improve module name (#11587) (ac1e0db) (Mariusz Nowak)

Comparison since last release

`v3.25.1`: 3.25.1 (2022-11-28)

Compare Source

Maintenance Improvements

Wokaround AWS-SDK issue by temporarily pinning v2 version (cb81085) (Mariusz Nowak)
AWS Local Invocation: Upgrade Java dependencies (#11535) (eb741fe) (xiaokang)

Comparison since last release

`v3.25.0`: 3.25.0 (2022-11-21)

Compare Source

Features

AWS Deploy:
- Recognize nodejs.18.x runtime (#11526) (c25f854) (Piotr Grzesik)
- Recognize eu-central-2, eu-south-1 and me-central-1 regions (#11524) (54f4fc7) (Umut Uzgur)
AWS API Gateway: Allow CloudFormation intrinsic functions in authorizer.scopes (#11505) (4169ae1) (franzmango)
AWS Kafka: Support startingPositionTimestamp (#11479) (858758e) (Daniele Iasella)

Bug Fixes

AWS Deploy: Respect existing CloudFormation templates in YAML format (#11521) (20d79a2) (Nick Graffis)
Do not crash on null value (#11506) (c4902f3) (Shogo Hida)

Comparison since last release

`v3.24.1`: 3.24.1 (2022-11-04)

Compare Source

Bug Fixes

Console: Ensure errorneus resolution of url to not break deploys (#11501) (f72c595) (Mariusz Nowak)

Comparison since last release

`v3.24.0`: 3.24.0 (2022-10-31)

Compare Source

Features

Console: New Serverless Console integration (#11434) (9a41468) (Mariusz Nowak)
AWS API Gateway: support provider.apiGateway.stage (#11487) (0a49c4f) (Pavan Andhukuri)
AWS Kinesis: Support AT_TIMESTAMP starting position (#11483) (5d41995) (Daniele Iasella)
Support Fn::ToJsonString in environment variables (#11461) (0c186a6) (Jurriaan Proos)

Bug Fixes

AWS HTTP API: Ensure maximum API gateway timeout (#11453) (c5ca9b7) (Jurriaan Proos)
CLI Onboarding: Ensure to not show backend notification (#11434) (ba831b8) (Mariusz Nowak)

Maintenance Improvements

CLI Onboarding: Improve debug logs (#11434) (914d00b) (Mariusz Nowak)

Comparison since last release

`v3.23.0`: 3.23.0 (2022-10-11)

Compare Source

Features

AWS CloudFront: Allow legacy behavior configuration (#11411) (65e9860) (Arthur Weber)
AWS Kafka: Support consumerGroupId option (#11345) (9bb3f11) (Phil-Pinkowski)

Bug Fixes

Ensure to not crash when ~/.serverless is not accessible (#11403) (b95c749) (Thomas Hamer)

Maintenance Improvements

AWS Deploy: Add bucket name to exception (#11389) (11b7a05) (Roberto Aguilar)
AWS Deploy: Bump custom resources to nodejs16.x runtime (#11367) (93ce41e) (Çağrı Atalay)
Upgrade dotenv-expand to v9 (#11433) (c769c1e) (Mariusz Nowak)
Upgrade filesize to v10 (#11433) (9ef5fd2) (Mariusz Nowak)

Comparison since last release

`v3.22.0`: 3.22.0 (2022-08-16)

Compare Source

Features

AWS Cognito: Add Support for Custom Sender Triggers (#11201) (22802ef) (AustinMathuw)

Bug Fixes

AWS HTTP API: Fix API Gateway timeout resolution (#11223) (16b0cd6) (Corentin Doue)
Variables: Fix handling of parallel resolution of same variable (#11299) (1f9a07f) (Mariusz Nowak)

Maintenance Improvements

Remove left over internal self: handling (#11279) (544717e) (pjmattingly)
lodash replacement:
- Replace _.flatMap with Array.prototype.flatMap (#11272) (4f7e129) (pjmattingly)
- Replace _.flatten with Array.prototype.flat (#11271) (b36cdf2) (pjmattingly)
Ignore doctor in Compose triage (#11283) (ef2dcb6) () (Piotr Grzesik)

Comparison since last release

[`v3.21.0`](

Update dependency serverless to v4

aa8fb83

mend-for-github-com Bot added the security fix Security fix generated by Mend label Feb 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency serverless to v4 (main)#74

Update dependency serverless to v4 (main)#74
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-serverless-4.x

mend-for-github-com Bot commented Feb 11, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

mend-for-github-com Bot commented Feb 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v4.0.0

v3.40.0: 3.40.0 (2024-12-17)

Bug Fixes

v3.39.0: 3.39.0 (2024-06-04)

Features

Bug Fixes

v3.38.0: 3.38.0 (2023-11-21)

Features

v3.37.0: 3.37.0 (2023-11-16)

Features

Bug Fixes

v3.36.0: 3.36.0 (2023-10-23)

Features

Bug Fixes

v3.35.2: 3.35.2 (2023-09-16)

Bug Fixes

v3.35.1: 3.35.1 (2023-09-16)

Bug Fixes

v3.35.0: 3.35.0 (2023-09-15)

Features

Bug Fixes

v3.34.0: 3.34.0 (2023-08-03)

Features

Bug Fixes

Maintenance Improvements

v3.33.0: 3.33.0 (2023-06-26)

Features

Bug Fixes

v3.32.2: 3.32.2 (2023-06-02)

Maintenance Improvements

v3.32.1: 3.32.1 (2023-06-01)

Bug Fixes

v3.32.0: 3.32.0 (2023-05-31)

Features

Bug Fixes

Maintenance Improvements

v3.31.0: 3.31.0 (2023-05-17)

Features

Bug Fixes

Maintenance Improvements

v3.30.1: 3.30.1 (2023-04-06)

Bug Fixes

v3.30.0: 3.30.0 (2023-04-05)

Features

Bug Fixes

Maintenance Improvements

v3.29.0: 3.29.0 (2023-03-24)

Features

Bug Fixes

Maintenance Improvements

v3.28.1: 3.28.1 (2023-03-02)

Maintenance Improvements

v3.28.0: 3.28.0 (2023-02-28)

Features

Bug Fixes

v3.27.0: 3.27.0 (2023-01-26)

Features

Maintenance Improvements

v3.26.0: 3.26.0 (2022-12-22)

Features

Bug Fixes

Maintenance Improvements

v3.25.1: 3.25.1 (2022-11-28)

Maintenance Improvements

v3.25.0: 3.25.0 (2022-11-21)

Features

Bug Fixes

v3.24.1: 3.24.1 (2022-11-04)

Bug Fixes

v3.24.0: 3.24.0 (2022-10-31)

Features

Bug Fixes

Maintenance Improvements

v3.23.0: 3.23.0 (2022-10-11)

Features

Bug Fixes

mend-for-github-com Bot commented Feb 11, 2026 •

edited

Loading

`v4.0.0`

`v3.40.0`: 3.40.0 (2024-12-17)

`v3.39.0`: 3.39.0 (2024-06-04)

`v3.38.0`: 3.38.0 (2023-11-21)

`v3.37.0`: 3.37.0 (2023-11-16)

`v3.36.0`: 3.36.0 (2023-10-23)

`v3.35.2`: 3.35.2 (2023-09-16)

`v3.35.1`: 3.35.1 (2023-09-16)

`v3.35.0`: 3.35.0 (2023-09-15)

`v3.34.0`: 3.34.0 (2023-08-03)

`v3.33.0`: 3.33.0 (2023-06-26)

`v3.32.2`: 3.32.2 (2023-06-02)

`v3.32.1`: 3.32.1 (2023-06-01)

`v3.32.0`: 3.32.0 (2023-05-31)

`v3.31.0`: 3.31.0 (2023-05-17)

`v3.30.1`: 3.30.1 (2023-04-06)

`v3.30.0`: 3.30.0 (2023-04-05)

`v3.29.0`: 3.29.0 (2023-03-24)

`v3.28.1`: 3.28.1 (2023-03-02)

`v3.28.0`: 3.28.0 (2023-02-28)

`v3.27.0`: 3.27.0 (2023-01-26)

`v3.26.0`: 3.26.0 (2022-12-22)

`v3.25.1`: 3.25.1 (2022-11-28)

`v3.25.0`: 3.25.0 (2022-11-21)

`v3.24.1`: 3.24.1 (2022-11-04)

`v3.24.0`: 3.24.0 (2022-10-31)

`v3.23.0`: 3.23.0 (2022-10-11)

`v3.22.0`: 3.22.0 (2022-08-16)

[`v3.21.0`](