chore(deps): bump file-type and serverless

[dependabot]

Removes file-type. It's no longer used after updating ancestor dependency serverless. These dependencies need to be updated together.

Removes file-type

Updates serverless from 3.40.0 to 4.38.1

Release notes

Sourced from serverless's releases.

4.38.1

Maintenance

• Upgraded undici to 6.27.0, clearing security advisories reported against earlier versions of the bundled HTTP client: a Set-Cookie SameSite attribute downgrade (GHSA-g8m3-5g58-fq7m), HTTP header injection via Set-Cookie percent-decoding (GHSA-p88m-4jfj-68fv), and a WebSocket client denial-of-service (GHSA-vxpw-j846-p89q). (#13657)

4.38.0

Features

• Ruby 4.0 runtime support. Functions can now target the ruby4.0 Lambda runtime. (#13613)

  provider:
    name: aws
    runtime: ruby4.0

• New ${aws:partition} variable. Resolves to the AWS partition for the deployment region (e.g. aws, aws-cn, aws-us-gov) with no network call or credentials required. Makes ARNs in your configuration portable across commercial, GovCloud, and China partitions. (#12441, #13633)

  provider:
    iam:
      role:
        managedPolicies:
          - arn:${aws:partition}:iam::aws:policy/AmazonS3ReadOnlyAccess

• AgentCore: Python 3.14 support. Agent runtimes can now target python3.14. Runtime validation is also stronger, with supported runtimes validated against a single allowlist. (#13645)

  # AgentCore agent configuration
  runtime: python3.14

Bug Fixes

• API Gateway custom stage now used for the service endpoint URL and stage tags. When provider.apiGateway.stage is set to a value different from the deployment stage, the ServiceEndpoint output URL and the API Gateway stage tags now use that configured stage. Previously they used the deployment stage, producing an incorrect endpoint URL and attempting to tag a stage that did not exist. (#13636)

  provider:
    apiGateway:
      stage: customstage   # now reflected in ServiceEndpoint + stage tags

• Variable resolution no longer drops placeholders during re-entrant resolution. A JavaScript or TypeScript ${file(...)} resolver that calls resolveVariable() or resolveConfigurationProperty() mid-resolution opens a nested resolution pass. Under certain async timing this could leave the outer resolution looking inactive, causing a later nested placeholder to be left unresolved. Each pass now preserves and restores its context so the full dependency chain resolves reliably. (#13635)

• AgentCore: unpinned the default Buildpacks builder image and added a builder override. The previously hard-pinned heroku/builder digest is no longer used by default. (#13647, #13646)

Maintenance

• Bumped the AWS SDK group with 34 updates (#13632)

... (truncated)

Commits

• fb7ac39 chore: release 4.38.1 (#13658)
• 7565a78 chore(deps): bump undici (#13657)
• 56e78c1 chore: release 4.38.0 (#13651)
• 27dacea chore(deps): bump golang.org/x/mod in /binary-installer (#13650)
• 384a7e4 fix(agentcore): unpin heroku/builder digest; add artifact.image.builder overr...
• ea79235 fix(api-gateway): use resolved API Gateway stage for stage tags and service e...
• a2804b0 chore(deps): bump the npm_and_yarn group across 13 directories with 2 updates...
• 90183bc chore(deps): update package-lock.json (#13648)
• 64e189c feat(agentcore): support Python 3.14 and improve agent runtime validation (#1...
• 312a842 chore(deps): bump the actions group with 2 updates (#13641)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.