IAM permissions wiped out

I have a lambda function that uses the default serverless IAM role, where I assign a few inline iamRoleStatements. In an external application I dynamically assign different SQS permissions to the default serverless policy.
After upgrading from 1.38.0 to 1.50.0 (same with 1.45.0), the externally assigned permissions are removed from the policy. I am still digging through the changelog, but was there a breaking change made along the way, or should the default serverless role be considered immutable?