Skip to content

deps-dev(deps-dev): bump the development-dependencies group across 1 directory with 6 updates#31

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-64f2f68682
Open

deps-dev(deps-dev): bump the development-dependencies group across 1 directory with 6 updates#31
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-64f2f68682

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 4 updates in the / directory: @cloudflare/vitest-pool-workers, svelte-check, vite and vitest.

Updates @cloudflare/vitest-pool-workers from 0.16.6 to 0.16.13

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.16.13

Patch Changes

@​cloudflare/vitest-pool-workers@​0.16.12

Patch Changes

  • #14152 3d7992e Thanks @​petebacondarwin! - Fix module resolution failing when project path contains spaces

    When a project lived under a directory with spaces (e.g. /Users/me/Documents/Master CMS/project), the vitest pool would fail with No such module "threads.js" before any test executed. The module fallback service now uses the rawSpecifier from workerd's fallback request to correctly decode file:// URLs, avoiding the double-encoding of spaces (%20%2520) that occurred when workerd resolved these URLs as relative paths.

  • #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

    URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

  • #14112 3a746ac Thanks @​penalosa! - Pin non-bundled runtime dependencies to exact versions

    Dependencies that are not bundled into a package's published output are installed directly into consumers' dependency trees, so they are now pinned to exact versions instead of semver ranges. This closes a supply-chain gap where an unpinned external dependency could resolve to a compromised upstream release on a fresh install. A new pnpm check:pinned-deps lint enforces this for all published packages (and for the shared pnpm catalog) going forward.

  • #14061 da8e306 Thanks @​Vardiak! - Preserve Durable Object WebSocket handler invocation order

    Durable Object WebSocket events could begin executing out of order in the Workers Vitest integration when several events arrived while the test wrapper was resolving user code.

    Handler invocation now preserves arrival order while still allowing asynchronous handler completion to run concurrently.

  • Updated dependencies [b210c5e, aec1bb8, e06cbb7, 9a26191, 5565823, 4ef790b, 890fca7, 6fc9777, 337e912, 8e7b74f, e86489a, 42288d4, 65b5f9e, 3a746ac, 64ef9fd, 94b29f7]:

    • wrangler@4.97.0
    • miniflare@4.20260601.0

@​cloudflare/vitest-pool-workers@​0.16.11

Patch Changes

@​cloudflare/vitest-pool-workers@​0.16.10

Patch Changes

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.16.13

Patch Changes

0.16.12

Patch Changes

  • #14152 3d7992e Thanks @​petebacondarwin! - Fix module resolution failing when project path contains spaces

    When a project lived under a directory with spaces (e.g. /Users/me/Documents/Master CMS/project), the vitest pool would fail with No such module "threads.js" before any test executed. The module fallback service now uses the rawSpecifier from workerd's fallback request to correctly decode file:// URLs, avoiding the double-encoding of spaces (%20%2520) that occurred when workerd resolved these URLs as relative paths.

  • #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

    URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

  • #14112 3a746ac Thanks @​penalosa! - Pin non-bundled runtime dependencies to exact versions

    Dependencies that are not bundled into a package's published output are installed directly into consumers' dependency trees, so they are now pinned to exact versions instead of semver ranges. This closes a supply-chain gap where an unpinned external dependency could resolve to a compromised upstream release on a fresh install. A new pnpm check:pinned-deps lint enforces this for all published packages (and for the shared pnpm catalog) going forward.

  • #14061 da8e306 Thanks @​Vardiak! - Preserve Durable Object WebSocket handler invocation order

    Durable Object WebSocket events could begin executing out of order in the Workers Vitest integration when several events arrived while the test wrapper was resolving user code.

    Handler invocation now preserves arrival order while still allowing asynchronous handler completion to run concurrently.

  • Updated dependencies [b210c5e, aec1bb8, e06cbb7, 9a26191, 5565823, 4ef790b, 890fca7, 6fc9777, 337e912, 8e7b74f, e86489a, 42288d4, 65b5f9e, 3a746ac, 64ef9fd, 94b29f7]:

    • wrangler@4.97.0
    • miniflare@4.20260601.0

0.16.11

Patch Changes

0.16.10

Patch Changes

... (truncated)

Commits

Updates @cloudflare/workers-types from 4.20260518.1 to 4.20260608.1

Commits

Updates svelte-check from 4.4.8 to 4.6.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.6.0

Minor Changes

  • feat: support reading Svelte config from vite.config.js/ts (#3031)

Patch Changes

  • Updated dependencies [151cf45]:
    • @​sveltejs/load-config@​0.1.1

svelte-check@4.5.0

Minor Changes

  • feat: support Svelte 5 declaration tags (#3033)

Patch Changes

  • fix: properly handle props with the name slot inside Svelte 5 snippets (#3030)

  • feat: add support for svelte config ts/mts files (#3009)

Commits

Updates vite from 8.0.13 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

Updates vitest from 4.1.6 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • See full diff in compare view

Updates wrangler from 4.92.0 to 4.98.0

Release notes

Sourced from wrangler's releases.

wrangler@4.98.0

Minor Changes

  • #14089 c6c61b5 Thanks @​alsuren! - Add migrations_pattern to D1 database bindings

    The D1 binding now accepts an optional migrations_pattern field, allowing you to point wrangler d1 migrations apply and wrangler d1 migrations list at migration files in nested layouts (e.g. ORM-generated folders like migrations/0000_init/migration.sql).

    migrations_pattern is a glob (relative to the wrangler config file) and defaults to ${migrations_dir}/*.sql, which preserves today's behaviour. Files that do not match the pattern are not executed.

    {
  "d1_databases": [
    {
      "binding": "DB",
      "database_name": "my-db",
      "database_id": "...",
      "migrations_dir": "migrations",
      "migrations_pattern": "migrations/*/migration.sql"
    }
  ]
}

    When no migrations match the configured pattern but files matching the common migrations/*/migration.sql (drizzle-style) layout do exist, Wrangler logs a hint suggesting migrations_pattern as an opt-in.

    wrangler d1 migrations create now returns an actionable error if the generated migration filename would not match the configured pattern.

  • #14153 7a6b1a4 Thanks @​dario-piotrowicz! - Generalize wrangler deploy and wrangler versions upload positional argument from [script] to [path]

    Both wrangler deploy and wrangler versions upload now accept a generic [path] positional argument that can point to either a Worker entry-point file or a directory of static assets. The type is auto-detected. For example:

    • File: wrangler deploy ./src/index.ts deploys a Worker (same as before)
    • Directory: wrangler deploy ./public deploys a static assets site (no interactive confirmation prompt)

    The --script named option is now hidden and deprecated for both commands. It continues to work for backwards compatibility but only accepts file paths. Passing a directory to --script now produces a clear error message suggesting the positional path argument or --assets flag instead.

  • #13863 3b8b80a Thanks @​aslakhellesoy! - getPlatformProxy() now passes through workflow bindings that have a script_name

    Workflows without a script_name are still stripped (and warned about) because the engine for an internal workflow can't run inside the empty proxy worker that backs getPlatformProxy(). Workflows with a script_name are handed to miniflare unchanged; miniflare reroutes the engine's USER_WORKFLOW binding through the dev-registry-proxy when the target worker is running in another Miniflare instance — the same mechanism Durable Objects already use.

    This means SvelteKit/Remix (and similar split-process setups) can call platform.env.MY_WORKFLOW.create({ ... }) directly from their server-side request handlers in dev, as long as the workflow class is exposed by another worker registered in the dev registry.

    Closes #7459.

  • #14164 b502d54 Thanks @​G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

... (truncated)

Commits
  • c8c366e Version Packages (#14159)
  • a3eea27 Bump the workerd-and-workers-types group with 2 updates (#14175)
  • d462013 fix: update secret bulk command description to reflect create/update/delete (...
  • acf7817 [wrangler] Show OAuth callback errors instead of hanging on wrangler login ...
  • 7a6b1a4 Generalize wrangler deploy positional argument from [script] to [path] ...
  • c2280cd [wrangler] fix: warn when named env silently inherits custom_domain routes (#...
  • 0bb2d55 In non-interactive mode remove the skills installation message (#14162)
  • c6c61b5 CFSQL-1589 migrations_pattern for configuring recursive migration discovery ...
  • 8400fb9 fix(wrangler): version listing limits (#14165)
  • 7949f81 Skip stale bundles during dev server reload to avoid redundant restarts (#14151)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps-dev(deps-dev): bump the development-dependencies group across 1 …
d136882 
…directory with 6 updates

Bumps the development-dependencies group with 4 updates in the / directory: [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers), [svelte-check](https://github.com/sveltejs/language-tools), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@cloudflare/vitest-pool-workers` from 0.16.6 to 0.16.13
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vitest-pool-workers@0.16.13/packages/vitest-pool-workers)

Updates `@cloudflare/workers-types` from 4.20260518.1 to 4.20260608.1
- [Release notes](https://github.com/cloudflare/workerd/releases)
- [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md)
- [Commits](https://github.com/cloudflare/workerd/commits)

Updates `svelte-check` from 4.4.8 to 4.6.0
- [Release notes](https://github.com/sveltejs/language-tools/releases)
- [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.4.8...svelte-check@4.6.0)

Updates `vite` from 8.0.13 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

Updates `vitest` from 4.1.6 to 4.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest)

Updates `wrangler` from 4.92.0 to 4.98.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.98.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@cloudflare/vitest-pool-workers"
  dependency-version: 0.16.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@cloudflare/workers-types"
  dependency-version: 4.20260608.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: svelte-check
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: vitest
  dependency-version: 4.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: wrangler
  dependency-version: 4.98.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request Jun 8, 2026
Closed
@socket-security

socket-security Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​cloudflare/​vitest-pool-workers@​0.16.6 ⏵ 0.16.1399 +310077 -1100 +1100
Updatedvitest@​4.1.6 ⏵ 4.1.8981007999100
Updatedvite@​8.0.13 ⏵ 8.0.1699 +110082 +198100
Updatedwrangler@​4.92.0 ⏵ 4.98.09910092 +196100
Updatedsvelte-check@​4.4.8 ⏵ 4.6.09910010095100
Updated@​cloudflare/​workers-types@​4.20260518.1 ⏵ 4.20260608.1100100100 +1100 +1100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants