Bump tar and serverless by dependabot[bot] · Pull Request #9

Bump tar and serverless by dependabot[bot] · Pull Request #9 · SukuLab/serverless-localstack

Removes tar. It's no longer used after updating ancestor dependency serverless. These dependencies need to be updated together.

Removes tar

Updates serverless from 2.72.3 to 4.31.2

Release notes

Sourced from serverless's releases.

4.31.2

Bug Fixes

Serverless Container Framework

Fixed Zod validation error when deploying Fargate containers. Resolved a TypeError: Cannot read properties of undefined (reading '_zod') that occurred when deploying container services with aws@1.0 deployment type. The error was caused by an incomplete Zod v4 migration where z.record() required two arguments instead of one. (#13297, #13298)

4.31.1

Features

Serverless Framework

Added custom User-Agent header for AWS SDK requests. The framework now includes serverless-framework/<version> in the User-Agent header for all AWS SDK v3 API calls, improving request identification and diagnostics. (#13279, serverless/serverless#13245)

Bug Fixes

Serverless Framework

Fixed Lambda destinations error with per-function IAM roles. Resolved a TypeError that occurred when using Lambda destinations (onSuccess/onFailure) while provider.iam.role.mode: perFunction was enabled. The framework now correctly applies the required destination permissions to each function's individual IAM role. (#13293, #13292)

Fixed custom domain security policy validation. Improved support for enhanced AWS security policies, specifically enabling TLS 1.3 policies like SecurityPolicy_TLS13_2025_EDGE. Legacy shorthand values (tls_1_0, tls_1_2) remain supported, while invalid tls_1_3 was removed. (#13294, #13290)

Fixed file watching issues on macOS. Enabled polling mode in chokidar to prevent EMFILE: too many open files errors encountered on large projects after the recent chokidar v4 upgrade. (#13281, #13268)

Maintenance

Updated multiple dependencies:

Upgraded eslint to v9 (#13258)

Bumped the AWS SDK group with 31 updates (#13287)

Upgraded lodash to v4.17.23 (#13288, #13289)

Updated the uv package group with 2 updates (#13277)

Updated actions/setup-node in the actions group (#13286)

Upgraded zod to v4 (serverless/serverless#13274)

4.31.0

Features

Serverless Framework
Integrated serverless-prune-plugin functionality. Lambda version and layer pruning is now built directly into the Serverless Framework. Use the sls prune command to manually remove old function versions, or enable automatic pruning after deployments via the custom.prune configuration. Read more in our docs. (#13244)

Thanks to @claygregory for creating the original plugin and to all contributors!
custom:
  prune:
    automatic: true
    number: 3           # Keep 3 most recent versions
    includeLayers: true # Also prune layer versions

... (truncated)

Commits

364af9b chore: release 4.31.2 (#13299)
e215a4d fix(engine): update z.record() to Zod v4 two-argument syntax (#13298)
9904ff9 chore: release 4.31.1 (#13296)
27dff9c fix: resolve error when using destinations with per-function IAM roles (#13293)
f5ca152 fix: improve security policy handling for AWS domains (#13294)
73f57b4 chore(ci): update CLA allowlist (#13295)
1f2b204 chore(deps): bump lodash (#13288)
49e4add chore(deps): bump lodash from 4.17.21 to 4.17.23 (#13289)
2029e03 chore(deps): bump the aws-sdk group with 31 updates (#13287)
983ec86 chore(deps): bump actions/setup-node in the actions group (#13286)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serverless since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.