chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@cloudflare/workers-types	4.20260329.1 → 4.20260415.1			devDependencies	minor
@vitest/coverage-v8 (source)	4.1.2 → 4.1.4			devDependencies	patch
davelosert/vitest-coverage-report-action (changelog)	bd52af5 → 3c50566			action	digest
vitest (source)	4.1.2 → 4.1.4			devDependencies	patch
wrangler (source)	4.78.0 → 4.83.0			devDependencies	minor

---

Release Notes

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260415.1

Compare Source

v4.20260414.1

Compare Source

v4.20260413.1

Compare Source

v4.20260412.2

Compare Source

v4.20260412.1

Compare Source

v4.20260411.1

Compare Source

v4.20260410.1

Compare Source

v4.20260409.1

Compare Source

v4.20260408.1

Compare Source

v4.20260405.1

Compare Source

v4.20260404.1

Compare Source

v4.20260403.1

Compare Source

v4.20260402.1

Compare Source

v4.20260401.1

Compare Source

v4.20260331.1

Compare Source

vitest-dev/vitest (@​vitest/coverage-v8)

v4.1.4

Compare Source

   🚀 Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in #​10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in #​10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in #​9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in #​10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in #​10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in #​10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in #​10093 and #​10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in #​10049 (65c9d)

    View changes on GitHub

v4.1.3

Compare Source

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in #​10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in #​10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in #​9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in #​9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in #​10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in #​10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in #​9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in #​10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in #​10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in #​10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10024 (9dbf4)

    View changes on GitHub

cloudflare/workers-sdk (wrangler)

v4.83.0

Minor Changes

• #​13391 60565dd Thanks @​mikenomitch! - Mark wrangler containers commands as stable

  This changes the status of the Containers CLI from open beta to stable. Wrangler no longer shows [open beta] labels or beta warning text for wrangler containers commands, so the help output matches the feature's current availability.

• #​13311 6cbcdeb Thanks @​ryanking13! - JS files imported by the Python Workers runtime SDK are now handled as ESM modules.

  This is not a user-facing change, but Python Workers users should update their wrangler version to make sure to get Python workers SDK working properly.

Patch Changes

• #​13450 6f63eaa Thanks @​petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"

  Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a TypeError: fetch failed error. This was caused by an undici bug where isTraversableNavigable() incorrectly returned true, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.

• #​13447 aef9825 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260410.1	1.20260413.1

• #​13475 eaaa728 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260413.1	1.20260415.1

• #​13386 5e5bbc1 Thanks @​mksglu! - Make startup network requests non-blocking on slow connections

  Wrangler makes network requests during startup (npm update check, request.cf data fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.

  • Update check: The banner now races the update check against a 100ms grace period. On a cache hit (most runs) the result resolves in <1ms via the I/O poll phase; on a cache miss the banner prints immediately without blocking. A 3s safety-net timeout caps the update-check library's auth-retry path.
  • request.cf fetch: The fetch to workers.cloudflare.com/cf.json now uses AbortSignal.timeout(3000), falling back to cached/default data on timeout.

• #​13469 07a918c Thanks @​1000hz! - wrangler preview no longer warns on inheritable binding types being missing from previews config.

• #​13463 90aee27 Thanks @​roerohan! - Remove unnecessary flagship:read OAuth scope

  The flagship:read scope is not needed since flagship:write already implies read access. This reduces the OAuth permissions requested during login to only what is required.

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 89c7829]:

  • miniflare@​4.20260415.0

v4.82.2

Compare Source

Patch Changes

• #​13457 9b2b6ba Thanks @​jamesopstad! - Add Flagship OAuth scopes to wrangler login

v4.82.1

Compare Source

Patch Changes

• #​13453 6b11b07 Thanks @​petebacondarwin! - Disable flagship OAuth scopes that are not yet valid in the Cloudflare backend

  The flagship:read and flagship:write OAuth scopes have been temporarily commented out from the default scopes requested during login, as they are not yet recognized by the Cloudflare backend.

• #​13438 dd4e888 Thanks @​dependabot! - fix: handle Vike config files that use a variable-referenced default export

  Newer versions of create-vike (0.0.616+) generate pages/+config.ts files using const config: Config = { ... }; export default config; instead of the previous export default { ... } satisfies Config;. The Wrangler autoconfig AST transformation now resolves Identifier exports to their variable declarations, supporting both old and new Vike config file formats.

v4.82.0

Compare Source

Minor Changes

• #​13353 5338bb6 Thanks @​mattzcarey! - Add artifacts:write to Wrangler's default OAuth scopes, enabling wrangler login to request access to Cloudflare Artifacts (registries and artifacts).

• #​13139 79fd529 Thanks @​roerohan! - feat: add Flagship feature flag binding support

  Adds end-to-end support for the Flagship feature flag binding, which allows Workers to evaluate feature flags from Cloudflare's Flagship service. Configure it in wrangler.json with a flagship array containing binding and app_id entries. In local dev, the binding returns default values for all flag evaluations; use "remote": true in the binding to evaluate flags against the live Flagship service.

• #​12983 28bc2be Thanks @​1000hz! - Added the wrangler preview command family for creating Preview deployments (currently in private beta).

• #​13197 4fd138b Thanks @​shahsimpson! - Add preview output-file entries for wrangler preview deployments

  wrangler preview now writes a preview entry to the Wrangler output file when WRANGLER_OUTPUT_FILE_PATH or WRANGLER_OUTPUT_FILE_DIRECTORY is configured. The entry includes the Worker name, preview metadata (preview_id, preview_name, preview_slug, preview_urls) and deployment metadata (deployment_id, deployment_urls).

  This makes preview command runs machine-readable in the same output stream as other Wrangler commands, which helps CI integrations consume preview URLs and IDs directly.

• #​13159 bafb96b Thanks @​ruifigueira! - Add wrangler browser commands for managing Browser Rendering sessions

  New commands for Browser Rendering DevTools:

  • wrangler browser create [--lab] [--keepAlive <seconds>] [--open] - Create a new session
  • wrangler browser close <sessionId> - Close a session
  • wrangler browser list - List active sessions
  • wrangler browser view [sessionId] [--target <selector>] [--open] - View a live browser session

  The view command auto-selects when only one session exists, or prompts for selection when multiple are available.

  The --open flag controls whether to open DevTools in browser (default: true in interactive mode, false in CI/scripts). Use --no-open to just print the DevTools URL.

  All commands support --json for programmatic output. Also adds browser:write OAuth scope to wrangler login.

• #​13392 2589395 Thanks @​emily-shen! - Add telemetry to local REST API

  The local REST API (used by the local explorer) now collects anonymous usage telemetry. This respects any existing telemetry preferences, which can be disabled by running the command wrangler telemetry disable.

  This only applies when the dev session is started via Wrangler, and not via the Vite plugin or standalone Miniflare.

  No actual data values, keys, query contents, or resource IDs are collected.

  Event schema:

  {
    "event": "localapi.<route>.<method>", // e.g. localapi.kv.keys.get
    "deviceId": "<uuid>",
    "timestamp": 1234567890,
    "properties": {
      "userAgent": "Mozilla/5.0 ...",
      // Only for localapi.local.workers.get:
      "workerCount": 2,
      "kvCount": 3,
      "d1Count": 1,
      "r2Count": 0,
      "doCount": 1,
      "workflowsCount": 0
    }
  }

  Note: the Local Explorer and corresponding local REST API is still an experimental feature.

• #​13137 1313275 Thanks @​emily-shen! - explorer: expose the local explorer hotkey

  List the local explorer's hotkey [e] in wrangler dev output.

Patch Changes

• #​13393 c50cb5b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260409.1	1.20260410.1

• #​13424 525a46b Thanks @​paulelliotco! - Keep proxy notices off stdout for JSON Wrangler commands

  Wrangler now writes the startup notice for HTTP_PROXY and HTTPS_PROXY to stderr instead of stdout. This keeps commands like wrangler auth token --json machine-readable when a proxy is configured.

• Updated dependencies [79fd529, c50cb5b, 2589395, 5eff8c1]:

  • miniflare@​4.20260410.0

v4.81.1

Compare Source

Patch Changes

• #​13337 c510494 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260405.1	1.20260408.1

• #​13362 8b71eca Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260408.1	1.20260409.1

• #​13329 7ca6f6e Thanks @​G4brym! - fix: Treat AI Search bindings as always-remote in local dev

  AI Search namespace (ai_search_namespaces) and instance (ai_search) bindings are always-remote (they have no local simulation), but pickRemoteBindings() did not include them in its always-remote type list. This caused the remote proxy session to exclude these bindings when remote: true was not explicitly set in the config, resulting in broken AI Search bindings during wrangler dev.

  Additionally, removeRemoteConfigFieldFromBindings() in the deploy config-diff logic was not stripping the remote field from AI Search bindings, which could cause false config diffs during deployment.

• Updated dependencies [42c7ef0, c510494, 8b71eca, a42e0e8]:

  • miniflare@​4.20260409.0

v4.81.0

Compare Source

Minor Changes

• #​12932 96ee5d4 Thanks @​thomasgauvin! - feat: add wrangler email routing and wrangler email sending commands

  Email Routing commands:

  • wrangler email routing list - list zones with email routing status
  • wrangler email routing settings <domain> - get email routing settings for a zone
  • wrangler email routing enable/disable <domain> - enable or disable email routing
  • wrangler email routing dns get/unlock <domain> - manage DNS records
  • wrangler email routing rules list/get/create/update/delete <domain> - manage routing rules (use catch-all as the rule ID for the catch-all rule)
  • wrangler email routing addresses list/get/create/delete - manage destination addresses

  Email Sending commands:

  • wrangler email sending list - list zones with email sending
  • wrangler email sending settings <domain> - get email sending settings for a zone
  • wrangler email sending enable <domain> - enable email sending for a zone or subdomain
  • wrangler email sending disable <domain> - disable email sending for a zone or subdomain
  • wrangler email sending dns get <domain> - get DNS records for a sending domain
  • wrangler email sending send - send an email using the builder API
  • wrangler email sending send-raw - send a raw MIME email message

  Also adds email_routing:write and email_sending:write OAuth scopes to wrangler login.

Patch Changes

• #​13241 7d318e1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260401.1	1.20260402.1

• #​13305 fa6d84f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260402.1	1.20260405.1

• #​13193 78cbe37 Thanks @​dario-piotrowicz! - During autoconfig filter out Hono when there are 2 detected frameworks

  During the auto-configuration process Hono is now treated as an auxiliary framework (like Vite) and automatically filtered out when two frameworks are detected (before Hono was being filtered out only when the other framework was Waku).

• #​13205 6fa5dfd Thanks @​petebacondarwin! - fix: use formatConfigSnippet for compatibility_date warning in wrangler dev

  The compatibility_date warning shown when no date is configured in wrangler dev was hardcoded in TOML format. This now uses formatConfigSnippet to render the snippet in the correct format (TOML or JSON) based on the user's config file type.

• Updated dependencies [a3e3b57, 7d318e1, fa6d84f, 7d318e1, 7a60d4b]:

  • miniflare@​4.20260405.0

v4.80.0

Compare Source

Minor Changes

• #​13151 9c4035b Thanks @​G4brym! - Add type generation for AI Search bindings

  Running wrangler types now generates AiSearchNamespace and AiSearchInstance types for ai_search_namespaces and ai_search config bindings respectively. Both simple and per-environment modes are supported.

  // wrangler.json
  {
    "ai_search_namespaces": [
      { "binding": "AI_SEARCH", "namespace": "production" }
    ],
    "ai_search": [
      { "binding": "BLOG_SEARCH", "instance_name": "cloudflare-blog" }
    ]
  }

  // Generated by `wrangler types`
  interface Env {
    AI_SEARCH: AiSearchNamespace;
    BLOG_SEARCH: AiSearchInstance;
  }

• #​13011 b9b7e9d Thanks @​ruifigueira! - Add experimental headful browser rendering support for local development

  Experimental: This feature may be removed or changed without notice.

  When developing locally with the Browser Rendering API, you can enable headful (visible) mode via the X_BROWSER_HEADFUL environment variable to see the browser while debugging:

  X_BROWSER_HEADFUL=true wrangler dev
  X_BROWSER_HEADFUL=true vite dev

  Note: when using @cloudflare/playwright, two Chrome windows may appear — the initial blank page and the one created by browser.newPage(). This is expected behavior due to how Playwright handles browser contexts via CDP.

• #​12992 48d83ca Thanks @​RiscadoA! - Add vpc_networks binding support for routing Worker traffic through a Cloudflare Tunnel or network.

  {
    "vpc_networks": [
      // Route through a specific Cloudflare Tunnel
      { "binding": "MY_FIRST_VPC", "tunnel_id": "<tunnel-id>" },
      // Route through the Cloudflare One mesh network
      { "binding": "MY_SECOND_VPC", "network_id": "cf1:network" }
    ]
  }

Patch Changes

• #​13155 5d29055 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260329.1	1.20260331.1

• #​13162 fb67a18 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260331.1	1.20260401.1

• #​13136 ab44870 Thanks @​petebacondarwin! - Display build errors for auxiliary workers in multi-worker mode

  Previously, when running wrangler dev with multiple -c config flags (multi-worker mode), build errors from auxiliary/secondary workers were only logged at debug level, causing Wrangler to silently hang. Build errors from all workers are now displayed at error level so you can see what went wrong and fix it.

• #​12992 48d83ca Thanks @​RiscadoA! - Fix remote proxy worker not catching errors thrown by bindings during wrangler dev

• #​13238 b2f53ea Thanks @​guybedford! - Fix source phase imports in bundled and non-bundled Workers

  Wrangler now preserves import source syntax when it runs esbuild, including module format detection and bundled deploy output. This fixes both --no-bundle and bundled deployments for Workers that import WebAssembly using source phase imports.

• #​10126 14e72eb Thanks @​nekoze1210! - fix: Sort D1 migration files to ensure consistent chronological ordering

  wrangler d1 migrations list and wrangler d1 migrations apply previously returned migration files in an order dependent on the filesystem, which could vary across operating systems. Migration filenames are now sorted alphabetically before being returned, ensuring consistent chronological ordering.

• #​13150 4dc94fd Thanks @​dario-piotrowicz! - Polish Cloudflare Vite plugin installation during autoconfig

  Projects using Vite 6.0.x were rejected by auto-configuration because the minimum supported version was set to 6.1.0 (the @cloudflare/vite-plugin peer dependency). The minimum version check is now 6.0.0, and when a project has Vite in the [6.0.0, 6.1.0) range, auto-configuration will automatically upgrade it to the latest 6.x before installing @cloudflare/vite-plugin.

• #​13051 d5bffde Thanks @​dario-piotrowicz! - Use today's date as the default compatibility date

  Previously, when generating a compatibility date for new projects or when no compatibility date was configured, the date was resolved by loading the locally installed workerd package via miniflare. This approach was unreliable in some package manager environments (notably pnpm). The logic now simply uses today's date instead, which is always correct and works reliably across all environments.

• Updated dependencies [5d29055, fb67a18, d5bffde, b9b7e9d, b2f53ea, 48d83ca]:

  • miniflare@​4.20260401.0

v4.79.0

Compare Source

Minor Changes

• #​12868 ffbc268 Thanks @​danielgek! - Add wrangler ai-search command namespace for managing Cloudflare AI Search instances

  Introduces a CLI surface for the Cloudflare AI Search API (open beta), including:

  • Instance management: ai-search list, create, get, update, delete
  • Semantic search: ai-search search with repeatable --filter key=value flags
  • Instance stats: ai-search stats

  The create command uses an interactive wizard to guide configuration. All commands require authentication via wrangler login.

• #​13097 cd0e971 Thanks @​pombosilva! - Add --local flag to Workflows commands for interacting with local dev

  All Workflows CLI commands now support a --local flag that targets a running wrangler dev session instead of the Cloudflare production API. This uses the /cdn-cgi/explorer/api/workflows endpoints served by the local dev server.

  wrangler workflows list --local
  wrangler workflows trigger my-workflow '{"key":"value"}' --local
  wrangler workflows instances describe my-workflow latest --local
  wrangler workflows instances pause my-workflow <id> --local --port 9000
  

  By default, commands continue to hit remote (production). Pass --local to opt in, and optionally --port to specify a custom dev server port (defaults to 8787).

Patch Changes

• #​13050 ed20a9b Thanks @​dario-piotrowicz! - Add minimum and maximum version checks for frameworks during auto-configuration

  When Wrangler automatically configures a project, it now validates the installed version of the detected framework before proceeding:

  • If the version is below the minimum known-good version, the command exits with an error asking the user to upgrade the framework.
  • If the version is above the maximum known major version, a warning is emitted to let the user know the framework version has not been officially tested with this feature, and the command continues.

• #​13111 f214760 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260317.1	1.20260329.1

• #​13079 746858a Thanks @​penalosa! - Fix getPlatformProxy and unstable_getMiniflareWorkerOptions crashing when assets is configured without a directory

  getPlatformProxy and unstable_getMiniflareWorkerOptions now skip asset setup when the config has an assets block but no directory — instead of throwing "missing required directory property". This happens when an external tool like @cloudflare/vite-plugin handles asset serving independently.

• #​13112 9aad27f Thanks @​dario-piotrowicz! - Fix autoconfig failing on waku projects that use hono

  Waku has a tight integration with Hono, causing both to be detected simultaneously and triggering a "multiple frameworks found" error. Hono is now filtered out when Waku is also detected.

• #​13113 1fc5518 Thanks @​dario-piotrowicz! - Skip lock file warning for static projects during autoconfig

  Previously, running autoconfig on a static project (one with no framework detected) would emit a misleading warning about a missing lock file, suggesting the project might be in a workspace. Since static projects don't require a lock file, this warning is now suppressed for them.

• #​13072 b539dc7 Thanks @​jbwcloudflare! - Skip unnecessary GET /versions?deployable=true API call in wrangler versions deploy when all version IDs are explicitly provided and --yes is passed

  When deploying a specific version non-interactively (e.g. wrangler versions deploy <id> --yes), Wrangler previously always fetched the full list of deployable versions to populate the interactive selection prompt — even though the prompt is skipped entirely when --yes is used and all versions are already specified. The deployable-versions list is now only fetched when actually needed (i.e. when no version IDs are provided, or when running interactively).

• #​13115 2565b1d Thanks @​dario-piotrowicz! - Improve error message when the assets directory path points to a file instead of a directory

  Previously, if the path provided as the assets directory (via --assets flag or assets.directory config) pointed to an existing file rather than a directory, Wrangler would throw an unhelpful ENOTDIR system error when trying to read the _redirects file inside it. Now Wrangler detects this condition earlier and throws a clear user error.

• Updated dependencies [9eff028, f214760, 9282493, a532eea, d4c6158]:

  • miniflare@​4.20260329.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	98.57%	69 / 70
🔵	Statements	98.59%	70 / 71
🔵	Functions	100%	6 / 6
🔵	Branches	98.07%	51 / 52

File Coverage

No changed files found.

Generated in workflow #163 for commit 7ba0cda by the Vitest Coverage Report Action