[Snyk] Upgrade serverless from 3.33.0 to 3.38.0

[noqcks]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade serverless from 3.33.0 to 3.38.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 48 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-11-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	462/1000 Why? Proof of Concept exploit, CVSS 7.1	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: serverless

• 3.38.0 - 2023-11-22
  

  Features

  • Add support for provided.al2023 runtime (#12263) (6cdf14e)

  ---

  Comparison since last release

• 3.38.0-ee7fe484 - 2023-11-22
• 3.38.0-e4dfebdc - 2023-11-26
• 3.38.0-7b1e0120 - 2023-12-06
• 3.37.0 - 2023-11-16
  

  Features

  • Add support for nodejs20.x runtime (#12251) (f3f0af8)

  Bug Fixes

  • bump platform-client version for axios (#12260) (10980b9)
  • Update pkg config to include axios cjs (#12261) (b21afaf)

  ---

  Comparison since last release

• 3.37.0-cd031b9a - 2023-11-16
• 3.37.0-6cdf14e7 - 2023-11-20
• 3.36.0 - 2023-10-23
  

  Features

  • Improved dashboard documentation and gitignore (#12176) (eb462ed)

  Bug Fixes

  • Dashboard documentation improvements (bb4d7c8)
  • Fix menu for dashboard documentation (8f266af)
  • Improve dashboard documentation (ad8bbf1)
  • Improve dashboard documentation (f67df7f)
  • Minor dashboard doc improvements (#12177) (f1fa19c)

  ---

  Comparison since last release

• 3.36.0-f3f0af85 - 2023-11-16
• 3.36.0-bf041462 - 2023-10-23
• 3.36.0-b21afaf9 - 2023-11-16
• 3.36.0-10980b95 - 2023-11-16
• 3.35.2 - 2023-09-17
  

  Bug Fixes

  • Adjust copy for clarity (#12162) (101ce53)

  ---

  Comparison since last release

• 3.35.2-f67df7fd - 2023-09-21
• 3.35.2-f22354e8 - 2023-09-26
• 3.35.2-f1fa19c7 - 2023-09-21
• 3.35.2-eb462edc - 2023-09-21
• 3.35.2-c5b6e417 - 2023-09-20
• 3.35.2-bb4d7c89 - 2023-09-21
• 3.35.2-b1def20b - 2023-09-17
• 3.35.2-ad8bbf1e - 2023-09-22
• 3.35.2-8f266af8 - 2023-09-21
• 3.35.2-8292d7cf - 2023-09-18
• 3.35.2-77a689a8 - 2023-10-23
• 3.35.2-3fc7f4e8 - 2023-10-23
• 3.35.1 - 2023-09-16
  

  Bug Fixes

  • Do not use isDashboard in onboarding flow (#12160) (1f8d786)

  ---

  Comparison since last release

• 3.35.1-ee89ebeb - 2023-09-16
• 3.35.1-7f5736cf - 2023-09-16
• 3.35.1-101ce53c - 2023-09-16
• 3.35.0 - 2023-09-15
  

  Features

  • Make dashboard monitoring opt-out (#12138) (45cbd52)
  • Post deploy serverless dashboard integration (#12063) (66e3107), closes #12059
  • Remove Console Login (#12153) (590bb7e)
  • Remove Dashboard onboarding from framework (#12151) (6ee277d)
  • Upgrade to @ serverless/dashboard-plugin (#12157) (f057629)

  Bug Fixes

  • Adjust providers endpoint (#12154) (9b770a2), closes #12151
  • Check for Serverless Dashboard IAM stack prior to creation (#12147) (bf518b9)
  • Handle account being integrated with an existing org (#12149) (561a875)
  • Local credentials should be resolved in onboarding command (#12148) (307865d)
  • recognize ap-south-2 as a valid AWS region (#12129) (b09d0d6)

  ---

  Comparison since last release

• 3.35.0-737bc1ef - 2023-09-15
• 3.35.0-1f8d786b - 2023-09-16
• 3.34.0 - 2023-08-03
  

  Features

  • Python 3.11 support (#12085) (f5d143a)

  Bug Fixes

  • AWS Schedule: Fix IAM role assignment (#12030) (e1039de)

  Maintenance Improvements

  • Remove got dependency (#12040) (1775c90)

  ---

  Comparison since last release

• 3.34.0-f057629c - 2023-09-15
• 3.34.0-c66aad74 - 2023-09-15
• 3.34.0-bf518b91 - 2023-09-12
• 3.34.0-b09d0d62 - 2023-09-04
• 3.34.0-9b770a27 - 2023-09-15
• 3.34.0-9437e241 - 2023-09-04
• 3.34.0-6ee277df - 2023-09-15
• 3.34.0-66e31077 - 2023-09-05
• 3.34.0-590bb7e1 - 2023-09-15
• 3.34.0-561a875d - 2023-09-13
• 3.34.0-45cbd525 - 2023-09-06
• 3.34.0-4288d692 - 2023-08-03
• 3.34.0-307865d0 - 2023-09-12
• 3.34.0-2aba07bc - 2023-08-30
• 3.34.0-26c565d3 - 2023-09-15
• 3.33.0 - 2023-06-27
  

  Features

  • AWS Deploy: Recognize ruby3.2 runtime (#12004) (0a0a4fc) (Ryan Rickerts)
  • AWS MSK: Support AT_TIMESTAMP starting position (#12034) (483ea16) (Ben)

  Bug Fixes

  • AWS ALB: Recognize CIDR format at ip configuration (#11889) (04db0f0) (Inqnuam)
  • AWS Websocket: Fix internal authorizers handling (#11871) (a50773b) (James Kyburz)
  • Packaging: Fix merging DependsOn from user resources (#12009) (4582913) (Kirill Khoroshilov)

  ---

  Comparison since last release

from serverless GitHub release notes

Commit messages

Package name: serverless

• ee7fe48 chore: Release 3.38.0 (#12268)
• 6cdf14e feat: Add support for provided.al2023 runtime (#12263)
• cd031b9 chore: Release 3.37.0 (#12262)
• b21afaf fix: Update pkg config to include axios cjs (#12261)
• 10980b9 fix: bump platform-client version for axios (#12260)
• f3f0af8 feat: Add support for nodejs20.x runtime (#12251)
• bf04146 chore: Release v3.36.0 (#12223)
• 77a689a docs: Add Dashboard docs on source maps (#12220)
• 3fc7f4e chore: Bump @ serverless/dashboard-plugin (#12222)
• f22354e docs: Add details on trace sampling (#12184)
• ad8bbf1 fix: Improve dashboard documentation
• 8f266af fix: Fix menu for dashboard documentation
• f67df7f fix: Improve dashboard documentation
• bb4d7c8 fix: Dashboard documentation improvements
• f1fa19c fix: Minor dashboard doc improvements (#12177)
• eb462ed feat: Improved dashboard documentation and gitignore (#12176)
• c5b6e41 docs: Minor updates for Dashboard V.2 (#12170)
• 8292d7c chore: Remove Console related display methods (#12168)
• b1def20 chore: Release v3.35.2 (#12164)
• 7f5736c chore: Bump @ serverless/dashboard-plugin (#12163)
• 101ce53 fix: Adjust copy for clarity (#12162)
• ee89ebe chore: Release v3.35.1 (#12161)
• 1f8d786 fix: Do not use isDashboard in onboarding flow (#12160)
• 737bc1e chore: Release v3.35.0 (#12159)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	environment, filesystem, network, shell, unsafe Transitive: eval	+476	130 MB	serverless-main

🚮 Removed packages: npm/[email protected]

View full report↗︎

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4bea779) 88.67% compared to head (6270c9a) 88.67%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #142   +/-   ##
=======================================
  Coverage   88.67%   88.67%           
=======================================
  Files           8        8           
  Lines         256      256           
  Branches       33       33           
=======================================
  Hits          227      227           
  Misses         27       27           
  Partials        2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.