Bump serverless from 4.33.2 to 4.33.3 in /serverless

[dependabot]

Bumps serverless from 4.33.2 to 4.33.3.

Release notes

Sourced from serverless's releases.

4.33.3

Bug Fixes

Serverless Framework

• Locked transitive dependencies in distributed packages to harden against supply chain attacks. Previously, the framework tarball and npm installer package shipped without a lockfile, allowing transitive dependencies to resolve fresh from the registry on each install. Both packages now include npm-shrinkwrap.json files that pin the entire dependency tree to exact versions. (#13453, #13458)

Maintenance

• Upgraded lodash to v4.18.1 with security fixes for prototype pollution via _.unset/_.omit (GHSA-f23m-r3pf-42rh) and code injection via _.template imports (GHSA-r5fr-rjxr-66jc, CVE-2026-4800) (#13469)
• Upgraded simple-git to v3.33.0 with enhanced input sanitization for git.clone/git.mirror and stricter git -c checks in the unsafe plugin (#13467)
• Upgraded @​modelcontextprotocol/sdk to v1.28.0 (#13474)
• Bumped the AWS SDK group with multiple updates (#13462, #13463, #13471, #13473)
• Bumped the patch-updates group with 3 updates (#13464)
• Bumped github.com/fatih/color to v1.19.0 in the binary installer (#13459)
• Bumped actions/setup-go to v6.4.0 (#13460)

Commits

• d21bb09 chore: release 4.33.3 (#13472)
• 987afbb chore(deps): bump the aws-sdk group with 30 updates (#13473)
• 8e7b077 chore(deps): bump the aws-sdk group (#13471)
• 362cc54 chore(deps): bump @​modelcontextprotocol/sdk from 1.27.1 to 1.28.0 (#13474)
• ed88ace chore(dependabot): add ignore rule for get-stdin v10 (#13470)
• 59450e5 chore(deps): bump simple-git from 3.32.3 to 3.33.0 (#13467)
• 5b0bb24 chore(deps): bump lodash (#13468)
• a2b5247 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#13469)
• 77d0b35 chore(deps): bump the aws-sdk group with 30 updates (#13463)
• 79af334 chore(deps): bump @​aws-sdk/client-cloudfront-keyvaluestore from 3.1015.0 to 3...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud