Previous Serverless Version 0.5.x latest version

« Changelog History

Previous Serverless Version 0.5.x v4.37.0 Release Notes

• 🔋 Features

  • 🆕 New serverless diff command for previewing changes against the deployed stack. Packages the service locally and renders a structured diff — resources, IAM grants, security groups, parameters, outputs — against the CloudFormation stack currently in AWS. A Function Code section reports per-function code changes by comparing local zip hashes against each Lambda's CodeSha256. Especially useful in CI and PR-review workflows. --json emits a machine-readable summary; --package <path> reuses an existing artifact directory to skip the auto-package step. Docs. (#13602)

  • 👍 TypeScript files supported in ${file()} variable references. The ${file(...)} variable resolver now loads .ts, .mts, and .cts modules in addition to JavaScript, with no separate build step required. All export shapes — default object, async default function, named export, named-export function with property selector, and injected resolveVariable / resolveConfigurationProperty callbacks — behave identically across JavaScript and TypeScript sources. Docs. (#13590)

  • Custom .env file locations and explicit opt-out via useDotenv. Previously a boolean. Now accepts a path or array of paths to load additional .env files alongside the local .env / .env.${stage} already loaded automatically — useful for monorepos sharing variables across services. useDotenv: false is now honored as the documented opt-out. Debug logging at core:resolver:env surfaces which files loaded and which keys came from each (visible with SLS_DEBUG=*; keys only, never values). Docs. Closes #10641. (#13597)

  • 🔊 CloudWatch Logs Infrequent Access log class. Opt-in logs.logGroupClass: infrequent_access at provider or function level provisions an Infrequent Access log group alongside the standard one, wires Lambda's LoggingConfig.LogGroup to write to it, and applies DeletionPolicy: Retain so its history survives stack updates and removals. The standard sibling is always created so pre-existing logs at the default path are preserved during migration. Services that do not opt in produce an identical CloudFormation template. Docs. Closes #12278. (#13601)

  • Cognito User Pool PreTokenGeneration V2_0 and V3_0 triggers. New opt-in lambdaVersion property on the cognitoUserPool event for the PreTokenGeneration trigger. Accepted values: V1_0 (ID token customization — historic behavior), V2_0 (ID and access token customization), and V3_0 (V2 capabilities plus machine-to-machine client-credentials grants). When omitted, the emitted CloudFormation is byte-identical to before; existing services see no template diff on upgrade. Docs. Closes #12336. (#13588)

  • Opt-in Lambda recursive loop detection via recursiveLoop. Maps 1:1 to the AWS Lambda function property of the same name. Accepts allow or terminate (default; case-insensitive). By default AWS terminates a function that invokes itself in a loop — set recursiveLoop: allow for designs that intentionally rely on this pattern. Docs. Closes #12938. (#13583)

  • ECR image retention via provider.ecr.maxImages. Services that deploy Lambda from container images can now bound how much their ECR repository grows. When set, the framework attaches a lifecycle policy that expires the oldest untagged image versions beyond the configured count. Currently-tagged digests are unconditionally safe — only superseded versions can ever be expired. Default behavior (maxImages unset) is unchanged. Docs. Closes #12279. (#13584)

  • Reconcile command works against large organizations. serverless reconcile previously failed with a Request Entity Too Large error against organizations with thousands of instances (e.g. 5000+). Reconciliation now batches the request and parallelizes CloudFormation stack fetching while respecting API rate limits. Docs. (#13596)

  🐛 Bug Fixes

  • Durable Lambda functions can now be invoked through event sources that wire an unqualified ARN. AWS rejects unqualified invocations of durable functions with InvalidParameterValueException: You cannot invoke a durable function using an unqualified ARN. The framework now publishes a stable alias and points event sources at it. Closes #13587. (#13589)

  • MCP SSE server now binds to loopback only. The MCP server's SSE transport was binding to all network interfaces; it now binds to 127.0.0.1 only and installs Host-header validation. Default port (3001) is unchanged. (#13595)

  🚧 Maintenance

  • ⚡️ Bumped the AWS SDK group across one directory with 34 updates (#13605)
  • ⬆️ Upgraded @smithy/util-retry (#13607)
  • ⬆️ Upgraded qs (#13604)
  • ⬆️ Upgraded protobufjs (#13594)
  • ⬆️ Upgraded golang.org/x/mod dependency (#13598)
  • ⬆️ Bumped the uv group across 5 directories (#13593)
  • ⬆️ Upgraded brace-expansion and ws (#13591)

Previous changes from v4.36.1

• 🐛 Bug Fixes

  • 🛠 Fixed framework hang during TypeScript configuration loading. Services with multi-file TypeScript configurations (a serverless.ts that imports other .ts files via relative imports) could deadlock during command startup, most reliably reproduced in AWS CodeBuild. The framework now handles nested TypeScript imports without the deadlock. (#13574, #13581)

  • 🛠 Fixed esbuild version conflicts with the serverless-esbuild plugin. Projects that pinned an esbuild version different from the framework's hit Cannot start service: Host version "X.Y.Z" does not match binary version "A.B.C" errors when running commands like serverless invoke local. Each esbuild instance now resolves its own platform binary independently, so both versions can coexist in the same project. (#13580, #13581)

  🚧 Maintenance

  • ⚡️ Bumped the AWS SDK group with 30 updates (#13575)
  • ⬆️ Upgraded protobufjs from 7.5.5 to 7.5.7 (#13573)
  • ⬆️ Bumped langsmith across bedrock-agentcore JavaScript examples (#13579)

• All Versions
• Previous v4.36.1