Bump serverless from 4.36.1 to 4.37.0

[dependabot]

Bumps serverless from 4.36.1 to 4.37.0.

Release notes

Sourced from serverless's releases.

4.37.0

Features

• New serverless diff command for previewing changes against the deployed stack. Packages the service locally and renders a structured diff — resources, IAM grants, security groups, parameters, outputs — against the CloudFormation stack currently in AWS. A Function Code section reports per-function code changes by comparing local zip hashes against each Lambda's CodeSha256. Especially useful in CI and PR-review workflows. --json emits a machine-readable summary; --package <path> reuses an existing artifact directory to skip the auto-package step. Docs. (#13602)

  serverless diff
  serverless diff --json
  serverless diff --package .serverless

• TypeScript files supported in ${file()} variable references. The ${file(...)} variable resolver now loads .ts, .mts, and .cts modules in addition to JavaScript, with no separate build step required. All export shapes — default object, async default function, named export, named-export function with property selector, and injected resolveVariable / resolveConfigurationProperty callbacks — behave identically across JavaScript and TypeScript sources. Docs. (#13590)

  // scripts/secrets.ts
  export const getSecrets = async () => ({ apiKey: process.env.API_KEY })

  custom:
    secrets: ${file(./scripts/secrets.ts):getSecrets}

• Custom .env file locations and explicit opt-out via useDotenv. Previously a boolean. Now accepts a path or array of paths to load additional .env files alongside the local .env / .env.${stage} already loaded automatically — useful for monorepos sharing variables across services. useDotenv: false is now honored as the documented opt-out. Debug logging at core:resolver:env surfaces which files loaded and which keys came from each (visible with SLS_DEBUG=*; keys only, never values). Docs. Closes #10641. (#13597)

  useDotenv: ../shared           # load files from a sibling directory
  # useDotenv:                   # …or a list — earlier entries win
  #   - ./overrides.env
  #   - ../
  # useDotenv: false             # disable all .env loading

• CloudWatch Logs Infrequent Access log class. Opt-in logs.logGroupClass: infrequent_access at provider or function level provisions an Infrequent Access log group alongside the standard one, wires Lambda's LoggingConfig.LogGroup to write to it, and applies DeletionPolicy: Retain so its history survives stack updates and removals. The standard sibling is always created so pre-existing logs at the default path are preserved during migration. Services that do not opt in produce an identical CloudFormation template. Docs. Closes #12278. (#13601)

  provider:
    logs:
      lambda:
        logGroupClass: infrequent_access   # service-wide default
  functions:
  realTimeReports:
  handler: handler.reports
  logs:
  logGroupClass: standard            # override per function

  Note: AWS does not allow the class of an existing log group to be changed in place. serverless logs -f <function> cannot read Infrequent Access groups — use CloudWatch Logs Insights instead. Once an IA log group has been retained out of the stack, re-enabling infrequent_access later for the same function will fail with ResourceAlreadyExistsException unless the orphaned group is first deleted or imported back into the stack.

... (truncated)

Commits

• 4ec3c03 chore: release 4.37.0 (#13606)
• 34fd88c fix: make ${file(.ts)} and serverless diff work in the published distribu...
• 8efe699 docs(menu): register diff command and alphabetize CLI Reference (#13608)
• 8576307 chore(deps): bump @​smithy/util-retry (#13607)
• 3a4cb54 feat: add 'diff' command to preview changes against the deployed stack (#13602)
• 4c5ad90 feat: support CloudWatch Logs Infrequent Access log class (#13601)
• c612af4 feat: support TypeScript files in ${file()} variable resolver (#13590)
• 53d132a chore(deps): bump the aws-sdk group across 1 directory with 34 updates (#13605)
• d98240e feat: add batching to reconcile command for large-scale instance reconciliati...
• 9ff8846 feat: support ECR repository image retention via lifecycle policy (#13584)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)