Skip to content

4.33.3

Choose a tag to compare

View all tags
@czubocha czubocha released this 02 Apr 16:23
· 18 commits to main since this release
sf-core@4.33.3
d21bb09
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Bug Fixes

Serverless Framework

  • Locked transitive dependencies in distributed packages to harden against supply chain attacks. Previously, the framework tarball and npm installer package shipped without a lockfile, allowing transitive dependencies to resolve fresh from the registry on each install. Both packages now include npm-shrinkwrap.json files that pin the entire dependency tree to exact versions. (#13453, #13458)

Maintenance

  • Upgraded lodash to v4.18.1 with security fixes for prototype pollution via _.unset/_.omit (GHSA-f23m-r3pf-42rh) and code injection via _.template imports (GHSA-r5fr-rjxr-66jc, CVE-2026-4800) (#13469)
  • Upgraded simple-git to v3.33.0 with enhanced input sanitization for git.clone/git.mirror and stricter git -c checks in the unsafe plugin (#13467)
  • Upgraded @modelcontextprotocol/sdk to v1.28.0 (#13474)
  • Bumped the AWS SDK group with multiple updates (#13462, #13463, #13471, #13473)
  • Bumped the patch-updates group with 3 updates (#13464)
  • Bumped github.com/fatih/color to v1.19.0 in the binary installer (#13459)
  • Bumped actions/setup-go to v6.4.0 (#13460)
Assets 2
Loading