Skip to content

Bump the dev-deps group across 3 directories with 6 updates#157

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/packages/github-action/dev-deps-07242d428b
Open

Bump the dev-deps group across 3 directories with 6 updates#157
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/packages/github-action/dev-deps-07242d428b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the dev-deps group with 1 update in the /packages/github-action directory: wrangler.
Bumps the dev-deps group with 5 updates in the /packages/worker directory:

Package From To
@cloudflare/vitest-pool-workers 0.10.11 0.16.9
@types/node 24.10.1 25.9.1
@vitest/coverage-istanbul 3.2.4 4.1.7
typescript 5.9.3 6.0.3
vitest 3.2.4 4.1.7

Bumps the dev-deps group with 1 update in the /packages/worker/dev directory: wrangler.

Updates wrangler from 4.14.1 to 4.94.0

Release notes

Sourced from wrangler's releases.

wrangler@4.94.0

Minor Changes

  • #13897 52e9082 Thanks @​dario-piotrowicz! - Add automatic Cloudflare skills installation for AI coding agents

    Wrangler now detects AI coding agents and offers to install Cloudflare skill files from the cloudflare/skills GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use --install-skills to install without prompting.

  • #13989 f598eac Thanks @​MattieTK! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel

    When a tunnel is started (via wrangler dev --tunnel or the Vite plugin with tunnel: true), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.

    The QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.

  • #13467 3a1fbed Thanks @​deloreyj! - Add schedule property to Workflow bindings for cron-based triggering

    Note: This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding schedule to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.

    Workflow bindings in wrangler.json now accept an optional schedule field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.

    // wrangler.json
{
  "workflows": [
    {
      "binding": "MY_WORKFLOW",
      "name": "my-workflow",
      "class_name": "MyWorkflow",
      "schedule": "0 9 * * 1"
    }
  ]
}

    Multiple schedules can be provided as an array:

    {
  "workflows": [
    {
      "binding": "MY_WORKFLOW",
      "name": "my-workflow",
      "class_name": "MyWorkflow",
      "schedule": ["0 9 * * 1", "0 17 * * 5"]
    }
  ]
}

    The schedule is sent to the Workflows control plane on wrangler deploy. Configuring schedule on a workflow binding that references an external script_name is an error — the schedule must be configured on the worker that defines the workflow.

... (truncated)

Commits
  • b92f87c Version Packages (#13995)
  • fc1f7b9 [wrangler] Fix Access Service Token authentication for service-auth-only apps...
  • f598eac [wrangler][vite-plugin] Print QR code for tunnel URLs (#13989)
  • 52e9082 Add automatic Cloudflare skills installation for AI coding agents (#13897)
  • 0733688 build(deps): bump the workerd-and-workers-types group with 2 updates (#13993)
  • 8c569c6 [wrangler] Include column names in D1 SQL export (#12277)
  • 3a1fbed [wrangler] Add schedule property to Workflow bindings for cron-based triggeri...
  • 90092c0 [vitest-pool-workers] Stop externalizing devDependencies from the published b...
  • 5ee65d5 Version Packages (#13969)
  • e04e180 [wrangler] Improve asset upload retry log message (#13990)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for wrangler since your current version.


Updates @cloudflare/vitest-pool-workers from 0.10.11 to 0.16.9

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.16.9

Patch Changes

  • #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

    The bundler's external list was previously hand-maintained and out of sync with package.jsonundici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

    The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

    Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

  • Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

    • wrangler@4.94.0
    • miniflare@4.20260521.0

@​cloudflare/vitest-pool-workers@​0.16.8

Patch Changes

  • #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

    Two related issues affected the CF-Worker header on outbound subrequests in local development:

    1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
    2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

    Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

    Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

  • Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

    • miniflare@4.20260520.0
    • wrangler@4.93.1

@​cloudflare/vitest-pool-workers@​0.16.7

Patch Changes

  • #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

    Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

  • Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

    • wrangler@4.93.0
    • miniflare@4.20260518.0

@​cloudflare/vitest-pool-workers@​0.16.6

Patch Changes

  • #13833 0e4a830 Thanks @​thegeekasteroid! - Filter benign disconnected: WebSocket peer disconnected workerd stderr noise during test runs.

    The ignoreMessages array in the pool already filters several benign workerd disconnect messages (e.g. disconnected: WebSocket was aborted). On recent workerd versions, tests that exercise the WebSocket API also surface disconnected: WebSocket peer disconnected warnings during normal teardown. These are not user-actionable and obscure real test failures. Add the message to the existing filter alongside the other disconnected: entries.

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.16.9

Patch Changes

  • #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

    The bundler's external list was previously hand-maintained and out of sync with package.jsonundici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

    The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

    Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

  • Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

    • wrangler@4.94.0
    • miniflare@4.20260521.0

0.16.8

Patch Changes

  • #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

    Two related issues affected the CF-Worker header on outbound subrequests in local development:

    1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
    2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

    Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

    Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

  • Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

    • miniflare@4.20260520.0
    • wrangler@4.93.1

0.16.7

Patch Changes

  • #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

    Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

  • Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

    • wrangler@4.93.0
    • miniflare@4.20260518.0

0.16.6

Patch Changes

... (truncated)

Commits

Updates @types/node from 24.10.1 to 25.9.1

Commits

Updates @vitest/coverage-istanbul from 3.2.4 to 4.1.7

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vitest/coverage-istanbul since your current version.


Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates vitest from 3.2.4 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

... (truncated)

Commits
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • e399846 chore: release v4.1.5
  • 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
  • 9787ded fix: respect diff config options in soft assertions (#8696)
  • 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
  • 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
  • 663b99f fix: alias agent reporter to minimal (#10157)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.


Updates wrangler from 4.14.1 to 4.94.0

Release notes

Sourced from wrangler's releases.

wrangler@4.94.0

Minor Changes

  • #13897 52e9082 Thanks @​dario-piotrowicz! - Add automatic Cloudflare skills installation for AI coding agents

    Wrangler now detects AI coding agents and offers to install Cloudflare skill files from the cloudflare/skills GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use --install-skills to install without prompting.

  • #13989 f598eac Thanks @​MattieTK! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel

    When a tunnel is started (via wrangler dev --tunnel or the Vite plugin with tunnel: true), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.

    The QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.

  • #13467 3a1fbed Thanks @​deloreyj! - Add schedule property to Workflow bindings for cron-based triggering

    Note: This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding schedule to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.

    Workflow bindings in wrangler.json now accept an optional schedule field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.

    // wrangler.json
{
  "workflows": [
    {
      "binding": "MY_WORKFLOW",
      "name": "my-workflow",
      "class_name": "MyWorkflow",
      "schedule": "0 9 * * 1"
    }
  ]
}

    Multiple schedules can be provided as an array:

    {
  "workflows": [
    {
      "binding": "MY_WORKFLOW",
      "name": "my-workflow",
      "class_name": "MyWorkflow",
      "schedule": ["0 9 * * 1", "0 17 * * 5"]
    }
  ]
}

    The schedule is sent to the Workflows contr...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 4, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 4, 2026
edited
Loading

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs		 r2-explorer-docs be643e0 May 25 2026, 02:06 AM

@dependabot
Bump the dev-deps group across 3 directories with 6 updates
be643e0 
Bumps the dev-deps group with 1 update in the /packages/github-action directory: [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).
Bumps the dev-deps group with 5 updates in the /packages/worker directory:

| Package | From | To |
| --- | --- | --- |
| [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers) | `0.10.11` | `0.16.9` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.10.1` | `25.9.1` |
| [@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul) | `3.2.4` | `4.1.7` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `4.1.7` |

Bumps the dev-deps group with 1 update in the /packages/worker/dev directory: [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).


Updates `wrangler` from 4.14.1 to 4.94.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.94.0/packages/wrangler)

Updates `@cloudflare/vitest-pool-workers` from 0.10.11 to 0.16.9
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vitest-pool-workers@0.16.9/packages/vitest-pool-workers)

Updates `@types/node` from 24.10.1 to 25.9.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-istanbul` from 3.2.4 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/coverage-istanbul)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `vitest` from 3.2.4 to 4.1.7
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest)

Updates `wrangler` from 4.14.1 to 4.94.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.94.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@cloudflare/vitest-pool-workers"
  dependency-version: 0.15.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
- dependency-name: "@vitest/coverage-istanbul"
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
- dependency-name: vitest
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
- dependency-name: wrangler
  dependency-version: 4.87.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: wrangler
  dependency-version: 4.87.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/github-action/dev-deps-07242d428b branch from 28e933d to be643e0 Compare May 25, 2026 02:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants