Bump serverless from 4.31.0 to 4.31.2

[dependabot]

Bumps serverless from 4.31.0 to 4.31.2.

Release notes

Sourced from serverless's releases.

4.31.2

Bug Fixes

Serverless Container Framework

• Fixed Zod validation error when deploying Fargate containers. Resolved a TypeError: Cannot read properties of undefined (reading '_zod') that occurred when deploying container services with aws@1.0 deployment type. The error was caused by an incomplete Zod v4 migration where z.record() required two arguments instead of one. (#13297, #13298)

4.31.1

Features

Serverless Framework

• Added custom User-Agent header for AWS SDK requests. The framework now includes serverless-framework/<version> in the User-Agent header for all AWS SDK v3 API calls, improving request identification and diagnostics. (#13279, serverless/serverless#13245)

Bug Fixes

Serverless Framework

• Fixed Lambda destinations error with per-function IAM roles. Resolved a TypeError that occurred when using Lambda destinations (onSuccess/onFailure) while provider.iam.role.mode: perFunction was enabled. The framework now correctly applies the required destination permissions to each function's individual IAM role. (#13293, #13292)
• Fixed custom domain security policy validation. Improved support for enhanced AWS security policies, specifically enabling TLS 1.3 policies like SecurityPolicy_TLS13_2025_EDGE. Legacy shorthand values (tls_1_0, tls_1_2) remain supported, while invalid tls_1_3 was removed. (#13294, #13290)
• Fixed file watching issues on macOS. Enabled polling mode in chokidar to prevent EMFILE: too many open files errors encountered on large projects after the recent chokidar v4 upgrade. (#13281, #13268)

Maintenance

• Updated multiple dependencies:
  • Upgraded eslint to v9 (#13258)
  • Bumped the AWS SDK group with 31 updates (#13287)
  • Upgraded lodash to v4.17.23 (#13288, #13289)
  • Updated the uv package group with 2 updates (#13277)
  • Updated actions/setup-node in the actions group (#13286)
  • Upgraded zod to v4 (serverless/serverless#13274)

Commits

• 364af9b chore: release 4.31.2 (#13299)
• e215a4d fix(engine): update z.record() to Zod v4 two-argument syntax (#13298)
• 9904ff9 chore: release 4.31.1 (#13296)
• 27dff9c fix: resolve error when using destinations with per-function IAM roles (#13293)
• f5ca152 fix: improve security policy handling for AWS domains (#13294)
• 73f57b4 chore(ci): update CLA allowlist (#13295)
• 1f2b204 chore(deps): bump lodash (#13288)
• 49e4add chore(deps): bump lodash from 4.17.21 to 4.17.23 (#13289)
• 2029e03 chore(deps): bump the aws-sdk group with 31 updates (#13287)
• 983ec86 chore(deps): bump actions/setup-node in the actions group (#13286)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)