build(deps): bump uuid, @probot/adapter-aws-lambda-serverless, probot and serverless

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependencies uuid, @probot/adapter-aws-lambda-serverless, probot and serverless. These dependencies need to be updated together.

Removes uuid

Updates @probot/adapter-aws-lambda-serverless from 3.0.2 to 4.0.3

Release notes

Sourced from @​probot/adapter-aws-lambda-serverless's releases.

v4.0.3

4.0.3 (2025-02-26)

Bug Fixes

• update probot dependency (#133) (5a2f004)

v4.0.2

4.0.2 (2025-02-06)

Bug Fixes

• typescript: fix types for createLambdaFunction() (#135) (b79e59c), closes #132

v4.0.1

4.0.1 (2025-01-30)

Bug Fixes

• typescript: add types for createLambdaFunction() (#132) (2ee0c04)

v4.0.0

4.0.0 (2024-06-20)

Features

• Support Probot v13 (#128) (aa64b4e)

BREAKING CHANGES

• drop support for no longer maintained Node.js versions (14 and 16). Node 18+ is required now

v3.0.4

3.0.4 (2023-09-18)

Bug Fixes

• update template to not rely on filesystem location of package.json (#120) (1eb30a0)

v3.0.3

3.0.3 (2023-07-05)

Bug Fixes

... (truncated)

Commits

• 5a2f004 fix: update probot dependency (#133)
• 795550a build(deps): bump @​octokit/request from 8.4.0 to 8.4.1 (#136)
• b79e59c fix(typescript): fix types for createLambdaFunction() (#135)
• 2ee0c04 fix(typescript): add types for createLambdaFunction() (#132)
• e413b7b test(ci): update workflows and use Node 22 for testing (#134)
• aa64b4e feat: Support Probot v13 (#128)
• 1eb30a0 fix: update template to not rely on filesystem location of package.json (#120)
• 6a0dd6f fix(types): correct type for createLambdaFunction (#117)
• 768adb3 style: prettier (#116)
• See full diff in compare view

Updates probot from 12.3.1 to 14.3.2

Release notes

Sourced from probot's releases.

v14.3.2

14.3.2 (2026-04-03)

Bug Fixes

• deps: update dependency yaml to v2.8.3 [security] (79b556e)

v14.3.1

14.3.1 (2026-03-20)

Bug Fixes

• cli: turn off strict args parsing to re-allow using receive command with args (#2304) (67a30d1)

v14.3.0

14.3.0 (2026-03-16)

Bug Fixes

• receive command failing when LOG_LEVEL is set (#2296) (556ec16)

Features

• replace dotenv with node native parseEnv, when using deno runtime use deno >2.7.0 (#2265) (c94ac6e)

v14.2.4

14.2.4 (2025-11-14)

Bug Fixes

• integrate static files (#2272) (39dcfcd)

v14.2.3

14.2.3 (2025-11-13)

Bug Fixes

• deps: update dependency smee-client to v5 (#2271) (218f292)

v14.2.2

14.2.2 (2025-11-13)

Bug Fixes

... (truncated)

Commits

• 79b556e fix(deps): update dependency yaml to v2.8.3 [security]
• 4d184e7 chore(deps): update dependency fastify to v5.8.3 [security]
• f99b4fc chore(deps): update dependency sonic-boom to v5
• 67a30d1 fix(cli): turn off strict args parsing to re-allow using receive command with...
• 1ecfade build(deps-dev): bump undici from 7.22.0 to 7.24.1
• c94ac6e feat: replace dotenv with node native parseEnv, when using deno runtime use d...
• a6077ac build(deps): bump minimatch from 9.0.6 to 9.0.9 (#2300)
• 47b3134 build(deps): lock file maintenance
• 004a28e chore(deps): update vitest monorepo to v4 (major) (#2259)
• 9c1a37d build(deps): lock file maintenance (#2282)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for probot since your current version.

Updates serverless from 3.33.0 to 4.34.0

Release notes

Sourced from serverless's releases.

4.34.0

Features

Serverless Framework

• Added S3 Files support for Lambda file system configuration. Lambda functions can now mount Amazon S3 Files in addition to EFS via fileSystemConfig. The file system type is auto-detected from literal ARNs; for CloudFormation references, specify type: s3files explicitly. The framework automatically generates the correct IAM permissions (s3files:ClientMount/s3files:ClientWrite) and validates VPC configuration. Fully backward compatible — existing EFS configurations work unchanged. Read more in the docs. (#13493)

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: arn:aws:s3files:us-east-1:111111111111:file-system/fs-abc123/access-point/fsap-abc123
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

When using CloudFormation references, set the type explicitly:

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn
      type: s3files
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

Bug Fixes

Serverless Framework

• Fixed min-release-age not being applied during framework distribution builds. The root .npmrc was silently ignored by npm because it reads project config from the nearest package.json directory. Added per-package .npmrc files to packages/framework-dist and packages/sf-core-installer to enforce a 3-day cooldown on newly published dependencies. Also added check-latest: true to CI setup-node steps to ensure consistent npm versions across runners. (#13476)

Maintenance

• Upgraded Go from 1.26.1 to 1.26.2 in binary-installer to fix 5 vulnerabilities in std/crypto/tls, std/crypto/x509, and std/archive/tar (#13492)
• Upgraded hono to 4.12.12 and @hono/node-server to 1.19.13 to fix 6 security vulnerabilities including middleware bypass via repeated slashes (GHSA-wmmm-f939-6g9c, GHSA-92pp-h63x-v22m), path traversal in toSSG() (GHSA-xf4j-xp2r-rqqx), incorrect IP matching (GHSA-xpcf-pg52-r92g), and cookie handling bypasses (GHSA-26pp-8wgv-hjvm, GHSA-r5rp-j6wh-rvv4). Upgraded Pygments to 2.20.0 to fix a ReDoS vulnerability (#13489)

... (truncated)

Commits

• 730f8cc chore: release 4.34.0 (#13494)
• 1a8498c feat: add S3 Files support for Lambda file system configuration (#13493)
• b20c672 chore(deps): fix Go stdlib vulnerabilities in binary-installer (#13492)
• 924ff7a chore(deps): fix hono, @​hono/node-server, and Pygments vulnerabilities (#13489)
• 9884713 fix: add min-release-age to distributed package directories (#13476)
• 80f6753 chore: add third-party license attributions for integrated plugins (#13487)
• 15071ae chore(deps): upgrade eslint to v10 and @​eslint/js to v10 (#13477)
• d21bb09 chore: release 4.33.3 (#13472)
• 987afbb chore(deps): bump the aws-sdk group with 30 updates (#13473)
• 8e7b077 chore(deps): bump the aws-sdk group (#13471)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	serverless@​3.33.0 ⏵ 4.34.0	-2
	@​probot/​adapter-aws-lambda-serverless@​3.0.2 ⏵ 4.0.3	-11		+1
	probot@​12.3.1 ⏵ 14.3.2		+16		-1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm ioredis is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: package-lock.json → npm/@probot/adapter-aws-lambda-serverless@4.0.3 → npm/ioredis@5.10.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ioredis@5.10.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dependabot]

Superseded by #245.