Download Latest Version 4.34.0 source code.tar.gz (2.2 MB)
Email in envelope

Get an email when there's a new version of Serverless Framework

Home / sf-core@4.34.0
Name Modified Size InfoDownloads / Week
Parent folder
4.34.0 source code.tar.gz 2026-04-10 2.2 MB
0
4.34.0 source code.zip 2026-04-10 3.5 MB
0
README.md 2026-04-10 2.6 kB
0
Totals: 3 Items   5.7 MB 0

Features

Serverless Framework

  • Added S3 Files support for Lambda file system configuration. Lambda functions can now mount Amazon S3 Files in addition to EFS via fileSystemConfig. The file system type is auto-detected from literal ARNs; for CloudFormation references, specify type: s3files explicitly. The framework automatically generates the correct IAM permissions (s3files:ClientMount/s3files:ClientWrite) and validates VPC configuration. Fully backward compatible — existing EFS configurations work unchanged. Read more in the docs. (#13493)

    :::yaml functions: hello: handler: handler.hello fileSystemConfig: localMountPath: /mnt/s3data arn: arn:aws:s3files:us-east-1:111111111111:file-system/fs-abc123/access-point/fsap-abc123 vpc: securityGroupIds:

        - sg-xxx
  subnetIds:
    - subnet-xxx

When using CloudFormation references, set the type explicitly:

:::yaml
functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn
      type: s3files
    vpc:
      securityGroupIds:

        - sg-xxx
      subnetIds:
        - subnet-xxx

Bug Fixes

Serverless Framework

  • Fixed min-release-age not being applied during framework distribution builds. The root .npmrc was silently ignored by npm because it reads project config from the nearest package.json directory. Added per-package .npmrc files to packages/framework-dist and packages/sf-core-installer to enforce a 3-day cooldown on newly published dependencies. Also added check-latest: true to CI setup-node steps to ensure consistent npm versions across runners. (#13476)

Maintenance

  • Upgraded Go from 1.26.1 to 1.26.2 in binary-installer to fix 5 vulnerabilities in std/crypto/tls, std/crypto/x509, and std/archive/tar (#13492)
  • Upgraded hono to 4.12.12 and @hono/node-server to 1.19.13 to fix 6 security vulnerabilities including middleware bypass via repeated slashes (GHSA-wmmm-f939-6g9c, GHSA-92pp-h63x-v22m), path traversal in toSSG() (GHSA-xf4j-xp2r-rqqx), incorrect IP matching (GHSA-xpcf-pg52-r92g), and cookie handling bypasses (GHSA-26pp-8wgv-hjvm, GHSA-r5rp-j6wh-rvv4). Upgraded Pygments to 2.20.0 to fix a ReDoS vulnerability (#13489)
  • Upgraded eslint to v10 and @eslint/js to v10 (#13477)
Source: README.md, updated 2026-04-10