chore(deps-dev)(deps-dev): bump the dev-deps group with 7 updates

[dependabot]

Bumps the dev-deps group with 7 updates:

Package	From	To
@vitest/coverage-v8	4.1.6	4.1.7
@types/react	19.2.14	19.2.15
@cloudflare/vitest-pool-workers	0.16.6	0.16.10
@cloudflare/workers-types	4.20260515.1	4.20260522.1
wrangler	4.91.0	4.94.0
@prisma/compute-sdk	0.17.0	0.18.0
@prisma/management-api-sdk	1.29.0	1.32.0

Updates @vitest/coverage-v8 from 4.1.6 to 4.1.7

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates @types/react from 19.2.14 to 19.2.15

Commits

• See full diff in compare view

Updates @cloudflare/vitest-pool-workers from 0.16.6 to 0.16.10

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.16.10

Patch Changes

• Updated dependencies [ca5b604, c1fd2fd, 49c1a59, fee1ce4, b3962ff, d042705, 420e457, 8b1467e]:
  • wrangler@4.95.0
  • miniflare@4.20260526.0

@​cloudflare/vitest-pool-workers@​0.16.9

Patch Changes

• #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

  The bundler's external list was previously hand-maintained and out of sync with package.json — undici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

  The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

  Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

• Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

  • wrangler@4.94.0
  • miniflare@4.20260521.0

@​cloudflare/vitest-pool-workers@​0.16.8

Patch Changes

• #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

  Two related issues affected the CF-Worker header on outbound subrequests in local development:

  1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
  2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

  Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

  Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

• Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

  • miniflare@4.20260520.0
  • wrangler@4.93.1

@​cloudflare/vitest-pool-workers@​0.16.7

Patch Changes

• #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

  Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

• Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

  • wrangler@4.93.0
  • miniflare@4.20260518.0

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.16.10

Patch Changes

• Updated dependencies [ca5b604, c1fd2fd, 49c1a59, fee1ce4, b3962ff, d042705, 420e457, 8b1467e]:
  • wrangler@4.95.0
  • miniflare@4.20260526.0

0.16.9

Patch Changes

• #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

  The bundler's external list was previously hand-maintained and out of sync with package.json — undici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

  The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

  Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

• Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

  • wrangler@4.94.0
  • miniflare@4.20260521.0

0.16.8

Patch Changes

• #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

  Two related issues affected the CF-Worker header on outbound subrequests in local development:

  1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
  2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

  Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

  Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

• Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

  • miniflare@4.20260520.0
  • wrangler@4.93.1

0.16.7

Patch Changes

• #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

  Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

... (truncated)

Commits

• 0998725 Set disallowTypeAnnotations to false in `@typescript-eslint/consistent-ty...
• 3a746ac [tools] Lint that all non-bundled deps of published packages are pinned (#14112)
• 337e912 Remove trailing periods from URLs in terminal output (#14105)
• 50ef724 Version Packages (#14082)
• e3c862a Revert "Version Packages" (#14087)
• 689f381 Version Packages (#14048)
• 96ae856 [vitest-pool-workers] Dispatch RPC methods through proxied Durable Object ins...
• 62dd39c Version Packages (#14012)
• b92f87c Version Packages (#13995)
• 90092c0 [vitest-pool-workers] Stop externalizing devDependencies from the published b...
• Additional commits viewable in compare view

Updates @cloudflare/workers-types from 4.20260515.1 to 4.20260522.1

Commits

• See full diff in compare view

Updates wrangler from 4.91.0 to 4.94.0

Release notes

Sourced from wrangler's releases.

wrangler@4.94.0

Minor Changes

• #13897 52e9082 Thanks @​dario-piotrowicz! - Add automatic Cloudflare skills installation for AI coding agents

  Wrangler now detects AI coding agents and offers to install Cloudflare skill files from the cloudflare/skills GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use --install-skills to install without prompting.

• #13989 f598eac Thanks @​MattieTK! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel

  When a tunnel is started (via wrangler dev --tunnel or the Vite plugin with tunnel: true), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.

  The QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.

• #13467 3a1fbed Thanks @​deloreyj! - Add schedule property to Workflow bindings for cron-based triggering

  Note: This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding schedule to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.

  Workflow bindings in wrangler.json now accept an optional schedule field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.

  // wrangler.json
  {
    "workflows": [
      {
        "binding": "MY_WORKFLOW",
        "name": "my-workflow",
        "class_name": "MyWorkflow",
        "schedule": "0 9 * * 1"
      }
    ]
  }

  Multiple schedules can be provided as an array:

  {
    "workflows": [
      {
        "binding": "MY_WORKFLOW",
        "name": "my-workflow",
        "class_name": "MyWorkflow",
        "schedule": ["0 9 * * 1", "0 17 * * 5"]
      }
    ]
  }

  The schedule is sent to the Workflows control plane on wrangler deploy. Configuring schedule on a workflow binding that references an external script_name is an error — the schedule must be configured on the worker that defines the workflow.

... (truncated)

Commits

• b92f87c Version Packages (#13995)
• fc1f7b9 [wrangler] Fix Access Service Token authentication for service-auth-only apps...
• f598eac [wrangler][vite-plugin] Print QR code for tunnel URLs (#13989)
• 52e9082 Add automatic Cloudflare skills installation for AI coding agents (#13897)
• 0733688 build(deps): bump the workerd-and-workers-types group with 2 updates (#13993)
• 8c569c6 [wrangler] Include column names in D1 SQL export (#12277)
• 3a1fbed [wrangler] Add schedule property to Workflow bindings for cron-based triggeri...
• 90092c0 [vitest-pool-workers] Stop externalizing devDependencies from the published b...
• 5ee65d5 Version Packages (#13969)
• e04e180 [wrangler] Improve asset upload retry log message (#13990)
• Additional commits viewable in compare view

Updates @prisma/compute-sdk from 0.17.0 to 0.18.0

Commits

• See full diff in compare view

Updates @prisma/management-api-sdk from 1.29.0 to 1.32.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[pkg-pr-new]

Open in StackBlitz

@prisma-next/extension-author-tools

npm i https://pkg.pr.new/@prisma-next/extension-author-tools@684

@prisma-next/mongo-runtime

npm i https://pkg.pr.new/@prisma-next/mongo-runtime@684

@prisma-next/family-mongo

npm i https://pkg.pr.new/@prisma-next/family-mongo@684

@prisma-next/sql-runtime

npm i https://pkg.pr.new/@prisma-next/sql-runtime@684

@prisma-next/family-sql

npm i https://pkg.pr.new/@prisma-next/family-sql@684

@prisma-next/extension-arktype-json

npm i https://pkg.pr.new/@prisma-next/extension-arktype-json@684

@prisma-next/middleware-cache

npm i https://pkg.pr.new/@prisma-next/middleware-cache@684

@prisma-next/mongo

npm i https://pkg.pr.new/@prisma-next/mongo@684

@prisma-next/extension-paradedb

npm i https://pkg.pr.new/@prisma-next/extension-paradedb@684

@prisma-next/extension-pgvector

npm i https://pkg.pr.new/@prisma-next/extension-pgvector@684

@prisma-next/extension-postgis

npm i https://pkg.pr.new/@prisma-next/extension-postgis@684

@prisma-next/postgres

npm i https://pkg.pr.new/@prisma-next/postgres@684

@prisma-next/sql-orm-client

npm i https://pkg.pr.new/@prisma-next/sql-orm-client@684

@prisma-next/sqlite

npm i https://pkg.pr.new/@prisma-next/sqlite@684

@prisma-next/target-mongo

npm i https://pkg.pr.new/@prisma-next/target-mongo@684

@prisma-next/adapter-mongo

npm i https://pkg.pr.new/@prisma-next/adapter-mongo@684

@prisma-next/driver-mongo

npm i https://pkg.pr.new/@prisma-next/driver-mongo@684

@prisma-next/contract

npm i https://pkg.pr.new/@prisma-next/contract@684

@prisma-next/utils

npm i https://pkg.pr.new/@prisma-next/utils@684

@prisma-next/config

npm i https://pkg.pr.new/@prisma-next/config@684

@prisma-next/errors

npm i https://pkg.pr.new/@prisma-next/errors@684

@prisma-next/framework-components

npm i https://pkg.pr.new/@prisma-next/framework-components@684

@prisma-next/operations

npm i https://pkg.pr.new/@prisma-next/operations@684

@prisma-next/ts-render

npm i https://pkg.pr.new/@prisma-next/ts-render@684

@prisma-next/contract-authoring

npm i https://pkg.pr.new/@prisma-next/contract-authoring@684

@prisma-next/ids

npm i https://pkg.pr.new/@prisma-next/ids@684

@prisma-next/psl-parser

npm i https://pkg.pr.new/@prisma-next/psl-parser@684

@prisma-next/psl-printer

npm i https://pkg.pr.new/@prisma-next/psl-printer@684

@prisma-next/cli

npm i https://pkg.pr.new/@prisma-next/cli@684

@prisma-next/cli-telemetry

npm i https://pkg.pr.new/@prisma-next/cli-telemetry@684

@prisma-next/emitter

npm i https://pkg.pr.new/@prisma-next/emitter@684

@prisma-next/migration-tools

npm i https://pkg.pr.new/@prisma-next/migration-tools@684

prisma-next

npm i https://pkg.pr.new/prisma-next@684

@prisma-next/vite-plugin-contract-emit

npm i https://pkg.pr.new/@prisma-next/vite-plugin-contract-emit@684

@prisma-next/mongo-codec

npm i https://pkg.pr.new/@prisma-next/mongo-codec@684

@prisma-next/mongo-contract

npm i https://pkg.pr.new/@prisma-next/mongo-contract@684

@prisma-next/mongo-value

npm i https://pkg.pr.new/@prisma-next/mongo-value@684

@prisma-next/mongo-contract-psl

npm i https://pkg.pr.new/@prisma-next/mongo-contract-psl@684

@prisma-next/mongo-contract-ts

npm i https://pkg.pr.new/@prisma-next/mongo-contract-ts@684

@prisma-next/mongo-emitter

npm i https://pkg.pr.new/@prisma-next/mongo-emitter@684

@prisma-next/mongo-schema-ir

npm i https://pkg.pr.new/@prisma-next/mongo-schema-ir@684

@prisma-next/mongo-query-ast

npm i https://pkg.pr.new/@prisma-next/mongo-query-ast@684

@prisma-next/mongo-orm

npm i https://pkg.pr.new/@prisma-next/mongo-orm@684

@prisma-next/mongo-query-builder

npm i https://pkg.pr.new/@prisma-next/mongo-query-builder@684

@prisma-next/mongo-lowering

npm i https://pkg.pr.new/@prisma-next/mongo-lowering@684

@prisma-next/mongo-wire

npm i https://pkg.pr.new/@prisma-next/mongo-wire@684

@prisma-next/sql-contract

npm i https://pkg.pr.new/@prisma-next/sql-contract@684

@prisma-next/sql-errors

npm i https://pkg.pr.new/@prisma-next/sql-errors@684

@prisma-next/sql-operations

npm i https://pkg.pr.new/@prisma-next/sql-operations@684

@prisma-next/sql-schema-ir

npm i https://pkg.pr.new/@prisma-next/sql-schema-ir@684

@prisma-next/sql-contract-psl

npm i https://pkg.pr.new/@prisma-next/sql-contract-psl@684

@prisma-next/sql-contract-ts

npm i https://pkg.pr.new/@prisma-next/sql-contract-ts@684

@prisma-next/sql-contract-emitter

npm i https://pkg.pr.new/@prisma-next/sql-contract-emitter@684

@prisma-next/sql-lane-query-builder

npm i https://pkg.pr.new/@prisma-next/sql-lane-query-builder@684

@prisma-next/sql-relational-core

npm i https://pkg.pr.new/@prisma-next/sql-relational-core@684

@prisma-next/sql-builder

npm i https://pkg.pr.new/@prisma-next/sql-builder@684

@prisma-next/target-postgres

npm i https://pkg.pr.new/@prisma-next/target-postgres@684

@prisma-next/target-sqlite

npm i https://pkg.pr.new/@prisma-next/target-sqlite@684

@prisma-next/adapter-postgres

npm i https://pkg.pr.new/@prisma-next/adapter-postgres@684

@prisma-next/adapter-sqlite

npm i https://pkg.pr.new/@prisma-next/adapter-sqlite@684

@prisma-next/driver-postgres

npm i https://pkg.pr.new/@prisma-next/driver-postgres@684

@prisma-next/driver-sqlite

npm i https://pkg.pr.new/@prisma-next/driver-sqlite@684

commit: 2d3e415

[github-actions]

size-limit report 📦

Path	Size
postgres / no-emit	135.93 KB (0%)
postgres / emit	125.59 KB (0%)
mongo / no-emit	75.69 KB (0%)
mongo / emit	70.68 KB (0%)