Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

create-cloudflare@2.65.0

Minor Changes

• #12741 e8f62bb Thanks @penalosa! - Enable upload_source_maps by default for new projects

  All new projects created with C3 now have upload_source_maps set to true in their Wrangler configuration. This means source maps are automatically uploaded when you deploy, giving you meaningful stack traces in your Worker's logs and error reports without any extra setup.

Patch Changes

• #12904 88c9471 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-vike	0.0.592	0.0.599

• #13003 ea13a78 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-solid	0.6.13	0.7.0

• #13004 44d8f22 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-next-app	16.1.6	16.2.1

• #13005 9a742b1 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  @angular/create	21.2.2	21.2.3

• #13006 554d68b Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-astro	5.0.0	5.0.3

• #12569 379f2a2 Thanks @MattieTK! - Use qwik add cloudflare-workers instead of qwik add cloudflare-pages for Workers targets

  Both the wrangler autoconfig and C3 Workers template for Qwik were running qwik add cloudflare-pages even when targeting Cloudflare Workers. This caused the wrong adapter directory structure to be scaffolded (adapters/cloudflare-pages/ instead of adapters/cloudflare-workers/), and required post-hoc cleanup of Pages-specific files like _routes.json.

  Qwik now provides a dedicated cloudflare-workers adapter that generates the correct Workers configuration, including wrangler.jsonc with main and assets fields, a public/.assetsignore file, and the correct adapters/cloudflare-workers/vite.config.ts.

  Also adds --skipConfirmation=true to all qwik add invocations so the interactive prompt is skipped in automated contexts.

wrangler@4.77.0

Minor Changes

• #12732 c2e9163 Thanks @jamesopstad! - Add deploy support for the experimental secrets configuration property

  When the new secrets property is defined, wrangler deploy now validates that all secrets declared in secrets.required are configured on the Worker before the deploy succeeds. If any required secrets are missing, the deploy fails with a clear error listing which secrets need to be set.

  When secrets is not defined, the existing behavior is unchanged.

  // wrangler.jsonc
  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #12896 451dae3 Thanks @petebacondarwin! - fix: Add retry and timeout protection to remote preview API calls

  Remote preview sessions (wrangler dev --remote) now automatically retry transient 5xx API errors (up to 3 attempts with linear backoff) and enforce a 30-second per-request timeout. Previously, a single hung or failed API response during session creation or worker upload could block the dev session reload indefinitely.

• #12569 379f2a2 Thanks @MattieTK! - Use qwik add cloudflare-workers instead of qwik add cloudflare-pages for Workers targets

  Both the wrangler autoconfig and C3 Workers template for Qwik were running qwik add cloudflare-pages even when targeting Cloudflare Workers. This caused the wrong adapter directory structure to be scaffolded (adapters/cloudflare-pages/ instead of adapters/cloudflare-workers/), and required post-hoc cleanup of Pages-specific files like _routes.json.

  Qwik now provides a dedicated cloudflare-workers adapter that generates the correct Workers configuration, including wrangler.jsonc with main and assets fields, a public/.assetsignore file, and the correct adapters/cloudflare-workers/vite.config.ts.

  Also adds --skipConfirmation=true to all qwik add invocations so the interactive prompt is skipped in automated contexts.

• #11899 9a1cf29 Thanks @hoodmane! - Remove cf-requirements support for Python workers. It hasn't worked with the runtime for a while now.

• #11800 875da60 Thanks @southpolesteve! - Add upgrade hint to unexpected configuration field warnings when an update is available

  When Wrangler encounters unexpected fields in the configuration file and a newer version of Wrangler is available, it now displays a message suggesting to update. This helps users who may be using configuration options that were added in a newer version of Wrangler.

• Updated dependencies [b8f3309, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 6a6449e]:

  • miniflare@4.20260317.2

miniflare@4.20260317.2

Patch Changes

• #11753 b8f3309 Thanks @ruifigueira! - Added the following improvements to local Browser Rendering binding in Miniflare:

  • Local Chrome version upgraded to 126.0.6478.182
  • Reciprocate browser websocket close events

• #12986 5aaaab2 Thanks @petebacondarwin! - fix: allow mixed d1Databases records containing both string and object entries

  Previously, passing a d1Databases config that mixed plain string values and object entries (e.g. { MY_DB: "db-name", OTHER_DB: { id: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #12986 5aaaab2 Thanks @petebacondarwin! - fix: allow mixed kvNamespaces records containing both string and object entries

  Previously, passing a kvNamespaces config that mixed plain string values and object entries (e.g. { MY_NS: "ns-name", OTHER_NS: { id: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #12987 f8516dd Thanks @petebacondarwin! - fix: allow mixed pipelines records containing both string and object entries

  Previously, passing a pipelines config that mixed plain string values and object entries (e.g. { MY_PIPELINE: "pipeline-name", OTHER_PIPELINE: { pipeline: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #12952 9c9fe30 Thanks @petebacondarwin! - fix: allow mixed r2Buckets records containing both string and object entries

  Previously, passing an r2Buckets config that mixed plain string values and object entries (e.g. { MY_BUCKET: "bucket-name", OTHER_BUCKET: { ... } }) would cause Miniflare to throw an error. Both forms are now accepted and normalised correctly.

• #13015 6a6449e Thanks @petebacondarwin! - fix: disable undici Pool request timeouts for local dev

  Miniflare's undici Pool instances were using the default headersTimeout and bodyTimeout of 300 seconds (5 minutes). Any request taking longer than that — streaming responses, large uploads, long-polling, or compute-heavy Workers — would be silently killed with a "request failed" error.

  Setting both timeouts to 0 disables them entirely, which is the correct behaviour for a local development tool where there is no reason to enforce request timeouts.

@cloudflare/pages-shared@0.13.118

Patch Changes

• Updated dependencies [b8f3309, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 6a6449e]:
  • miniflare@4.20260317.2

@cloudflare/vite-plugin@1.30.1

Patch Changes

• #12851 86a40f0 Thanks @jamesopstad! - Fix a bug that prevented using subpath imports for additional module types

  You can now use subpath imports for additional module types (.html, .txt, .sql, .bin, .wasm) by defining them in your package.json imports field:

  // package.json
  {
    "imports": {
      "#templates/page": "./src/templates/page.html"
    }
  }

  import page from "#templates/page";
  
  export default {
    fetch() {
      return new Response(page, {
        headers: { "Content-Type": "text/html" },
      });
    },
  } satisfies ExportedHandler;

• Updated dependencies [b8f3309, 451dae3, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 379f2a2, c2e9163, 6a6449e, 9a1cf29, 875da60]:

  • miniflare@4.20260317.2
  • wrangler@4.77.0

@cloudflare/vitest-pool-workers@0.13.4

Patch Changes

• #12999 f9728fd Thanks @hiendv! - chore: update some tests and fixtures to Vitest 4 / vpw 0.13.x

• Updated dependencies [b8f3309, 451dae3, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 379f2a2, c2e9163, 6a6449e, 9a1cf29, 875da60]:

  • miniflare@4.20260317.2
  • wrangler@4.77.0

@cloudflare/edge-preview-authenticated-proxy@0.3.1

Patch Changes

• #12753 ea8b1a4 Thanks @petebacondarwin! - Replace deprecated promjs library with MetricsRegistry from @cloudflare/workers-utils/prometheus-metrics

  The promjs library has been unmaintained since 2022 and has a broken package.json requiring workarounds. It has been replaced with a lightweight MetricsRegistry class in @cloudflare/workers-utils/prometheus-metrics that produces byte-identical Prometheus text exposition format output.

• #13021 973dfdd Thanks @penalosa! - Restore the /exchange preview session endpoint.

@cloudflare/format-errors@0.0.8

Patch Changes

• #12753 ea8b1a4 Thanks @petebacondarwin! - Replace deprecated promjs library with MetricsRegistry from @cloudflare/workers-utils/prometheus-metrics

  The promjs library has been unmaintained since 2022 and has a broken package.json requiring workarounds. It has been replaced with a lightweight MetricsRegistry class in @cloudflare/workers-utils/prometheus-metrics that produces byte-identical Prometheus text exposition format output.

@cloudflare/playground-preview-worker@0.3.2

Patch Changes

• #12753 ea8b1a4 Thanks @petebacondarwin! - Replace deprecated promjs library with MetricsRegistry from @cloudflare/workers-utils/prometheus-metrics

  The promjs library has been unmaintained since 2022 and has a broken package.json requiring workarounds. It has been replaced with a lightweight MetricsRegistry class in @cloudflare/workers-utils/prometheus-metrics that produces byte-identical Prometheus text exposition format output.

@cloudflare/workers-playground@0.4.2

Patch Changes

• #11899 9a1cf29 Thanks @hoodmane! - Remove cf-requirements support for Python workers. It hasn't worked with the runtime for a while now.

@cloudflare/workflows-shared@0.7.1

Patch Changes

• #12985 17a57e6 Thanks @pombosilva! - Fix waitForEvent delivering events to stale waiters after timeout.

  When a step.waitForEvent() call timed out, its resolver was not removed from the workflow's internal waiters map. This meant the next step.waitForEvent() for the same event type would have its incoming event consumed by the dead resolver instead of the live one, causing the workflow to hang indefinitely.

[github-actions]

⚠️ Issues found

.changeset/young-knives-sink.md

Likely unnecessary changeset — The description reads chore: update some tests and fixtures to Vitest 4 / vpw 0.13.x. Per the changeset guidelines, "test-only changes" and "changes that are purely internal refactoring with no user-facing impact" do not require a changeset. Updating tests and fixtures produces no user-facing change. Unless this patch bump is intentional to trigger a release for another reason, this changeset should be removed.

.changeset/major-lines-build.md

Missing experimental opt-in guidance — This changeset adds support for the experimental secrets configuration property and is correctly versioned as minor. However, the guidelines require: "When adding or changing experimental features, call this out explicitly in the changeset description." The changeset notes the property is "experimental" in the title but does not tell users how to opt in or what caveats apply (e.g., is this behind a feature flag, or is it available in the current release simply by adding the config property?). Please add a sentence clarifying the experimental status and how users can try it.

.changeset/restore-exchange-endpoint.md

Insufficient description — The body is a single title-only sentence: Restore the /exchange preview session endpoint. The guidelines call for "one or more paragraphs explaining the reason for the change and anything notable about the approach." There is no context about why this endpoint was removed, why it is being restored, or any user impact. Please add a brief explanation.

---

All other changesets look good. The c3-frameworks-update-* dependency update changesets were skipped per review instructions.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@12980

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@12980

miniflare

npm i https://pkg.pr.new/miniflare@12980

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@12980

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@12980

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@12980

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@12980

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@12980

wrangler

npm i https://pkg.pr.new/wrangler@12980

commit: 235e006