chore(deps): update cloudflare by renovate[bot] · Pull Request #9 · kagal-dev/pki

renovate · 2026-04-19T05:54:02Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vitest-pool-workers (source)	`^0.13.1` → `^0.16.6`
@cloudflare/workers-types	`^4.20260317.1` → `^4.20260517.1`

Release Notes

cloudflare/workers-sdk (@cloudflare/vitest-pool-workers)

`v0.16.6`

Compare Source

Patch Changes

#13833 0e4a830 Thanks @thegeekasteroid! - Filter benign disconnected: WebSocket peer disconnected workerd stderr noise during test runs.

The ignoreMessages array in the pool already filters several benign workerd disconnect messages (e.g. disconnected: WebSocket was aborted). On recent workerd versions, tests that exercise the WebSocket API also surface disconnected: WebSocket peer disconnected warnings during normal teardown. These are not user-actionable and obscure real test failures. Add the message to the existing filter alongside the other disconnected: entries.
Updated dependencies [19ed49a, 3ff0a50, bf688f7, 2e72c83, 802eaf4, 506aa02, 8f5cdb1, be8a98c]:
- miniflare@4.20260515.0
- wrangler@4.92.0

Patch Changes

Updated dependencies [4e44ce6, b0cee1d, d878e13, 971dfe3, 971dfe3, 5d936c5]:
- miniflare@4.20260508.0
- wrangler@4.90.1

`v0.16.3`

Compare Source

Patch Changes

Updated dependencies [8852b0c, 248bc08, e414e56]:
- wrangler@4.90.0
- miniflare@4.20260507.1

`v0.16.2`

Compare Source

Patch Changes

#11094 9367435 Thanks @bbridges! - Allow .wasm files to be imported as .wasm?module.
Updated dependencies [dd3baf3, 5cf6f81]:
- wrangler@4.89.1
- miniflare@4.20260507.1

`v0.16.1`

Compare Source

Patch Changes

Updated dependencies [2284f20, 332f527, 039bada, 18e833d, b6cea17, 1a54ac5, 53e846a, f3fed88, beff19c, af42fed, 1a54ac5]:
- miniflare@4.20260507.0
- wrangler@4.89.0

`v0.16.0`

Compare Source

Minor Changes

#13810 2b8c0cc Thanks @jamesopstad! - Stabilize the secrets configuration property

The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.
```
{
  "secrets": {
    "required": ["API_KEY", "DB_PASSWORD"]
  }
}
```

Patch Changes

#12974 1127114 Thanks @ask-bonk! - Rewrite self-referencing service bindings to kCurrentWorker before renaming the runner worker

When a wrangler config has a service binding to itself (e.g. services: [{ binding: "SELF", service: "my-worker" }] where the worker is named "my-worker"), the binding's literal name pointed to a worker that no longer existed once vitest-pool-workers renamed the runner to vitest-pool-workers-runner-<project>. The self-reference is now rewritten to the miniflare kCurrentWorker symbol, which resolves at request time relative to the referer worker and so survives the rename. Previously this rewrite lived in wrangler's unstable_getMiniflareWorkerOptions, but it's only needed for vitest-pool-workers' rename — other consumers (getPlatformProxy, @cloudflare/vite-plugin) preserve the original worker name and so don't need it.
Updated dependencies [e07825a, 58899d8, 3020214, 0099265, 25f5ef2, bb27219, 194d75e, 12fb5db, 18b9d5b, 9f532f7, 1127114, 3ceadef, 2b8c0cc, 1a5cc86]:
- wrangler@4.88.0
- miniflare@4.20260504.0

`v0.15.2`

Compare Source

Patch Changes

Updated dependencies [22e1a61, 00523c8, b5ac54b, e653edf, e1eff94, 1c4d850, 6d28037, 9a1f014, e539008, 0bf64a7, 0827815, b04eedf, 6457fb3, c07d0cb, e539008]:
- miniflare@4.20260430.0
- wrangler@4.87.0

`v0.15.1`

Compare Source

Patch Changes

Updated dependencies [ea943ff, 21b87b2, 62e9f2a, 9eb9e69, 2dc6175, 0a5db08, 033d6ec, ae8eae3, f2e2241, 4f6ed93, ed2f4ec, ef24ff2, 92bb8a5, 6d27479, f2e2241, 118027d, fcc491a, e6c437a, e867ac2]:
- wrangler@4.86.0
- miniflare@4.20260426.0

`v0.15.0`

Compare Source

Minor Changes

#13623 b156b2e Thanks @penalosa! - Add reset() and abortAllDurableObjects() helpers to cloudflare:test

The reset() helper deletes all data from attached bindings, and resets all Durable Object instances. This is useful for resetting state between test blocks.

The abortAllDurableObjects() helper resets all Durable Object instances without deleting persisted data.
```
import { reset } from "cloudflare:test";
import { afterEach } from "vitest";

afterEach(async () => {
  await reset();
});
```

Patch Changes

Updated dependencies [5a2968a, 5680287, 3494842, 7d728fb, df9319d, d5e3c57, 3ceeec3, 7567ef7, 2831b54, 7fc50c1, 377715d]:
- wrangler@4.85.0
- miniflare@4.20260424.0

`v0.14.9`

Compare Source

Patch Changes

Updated dependencies [8fec8b8, 2f3d7b9, a610749]:
- miniflare@4.20260421.0
- wrangler@4.84.1

`v0.14.8`

Compare Source

Patch Changes

#13548 1aee990 Thanks @emily-shen! - Update warning message when attempting to access exports not defined on the main worker

Previously this referred to the SELF worker, which is now a deprecated API in the Vitest integration.
#13607 d5d0446 Thanks @petebacondarwin! - fix: Restore workflow binding before async cleanup in WorkflowIntrospectorHandle.dispose()

Previously, dispose() awaited all instance abort operations before restoring the original env binding. On slower CI environments (especially Windows), this left a window where the next test could see a stale proxy, causing "Trying to mock step multiple times" errors or failed introspection. The binding is now restored synchronously before the async instance cleanup begins.
#13007 2c3258d Thanks @sheplu! - Reduce default log verbosity from VERBOSE to INFO

The pool logger was previously hardcoded to VERBOSE, causing noisy debug messages on every test run (e.g. [vpw:debug] Adding compatibility flag...). Only informational, warning, and error messages are now printed by default.

For debugging, set NODE_DEBUG=vitest-pool-workers to restore the detailed output.
Updated dependencies [05f4443, 4a9ba90, d8c895a, b35617b, 7dc0433, 8ca78bb, b6e1351, d8314c6, b35617b, 7f50300, 4fda685, be5e6a0, e456952, 59eec63, 50bf819, cc1413a, d0a9d1c, 4eb1da9, 8ca78bb, 266c418, 6d887db, 5716d69]:
- wrangler@4.84.0
- miniflare@4.20260420.0

`v0.14.7`

Compare Source

Patch Changes

Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 07a918c, 89c7829, 60565dd, 6cbcdeb, 90aee27]:
- miniflare@4.20260415.0
- wrangler@4.83.0

`v0.14.6`

Compare Source

Patch Changes

Updated dependencies [9b2b6ba]:
- wrangler@4.82.2

`v0.14.5`

Compare Source

Patch Changes

Updated dependencies [6b11b07, dd4e888]:
- wrangler@4.82.1

`v0.14.4`

Compare Source

Patch Changes

Updated dependencies [5338bb6, 79fd529, 28bc2be, 4fd138b, bafb96b, c50cb5b, 2589395, 525a46b, 5eff8c1, 1313275]:
- wrangler@4.82.0
- miniflare@4.20260410.0

`v0.14.3`

Compare Source

Patch Changes

Updated dependencies [42c7ef0, c510494, 8b71eca, a42e0e8, 7ca6f6e]:
- miniflare@4.20260409.0
- wrangler@4.81.1

`v0.14.2`

Compare Source

Patch Changes

#13095 65e6684 Thanks @penalosa! - Reject V8 coverage provider with a clear error message

V8 native code coverage (@vitest/coverage-v8) requires node:inspector to collect profiling data from V8's runtime. workerd only provides node:inspector as a non-functional stub, so V8 coverage would silently fail or crash with a confusing No such module "node:inspector" error.

The pool now detects this configuration early — during Vite plugin setup, before Vitest tries to load the coverage provider — and throws a clear error directing users to use Istanbul coverage instead, which works by instrumenting source code at build time and runs on any JavaScript runtime.
Updated dependencies [a3e3b57, 7d318e1, fa6d84f, 96ee5d4, 7d318e1, 7a60d4b, 78cbe37, 6fa5dfd]:
- miniflare@4.20260405.0
- wrangler@4.81.0

`v0.14.1`

Compare Source

Patch Changes

#13131 65acf66 Thanks @dario-piotrowicz! - Use miniflare's handleStructuredLogs option instead of handleRuntimeStdio for processing workerd output

Previously, vitest-pool-workers manually processed raw stdout/stderr streams from the workerd runtime via handleRuntimeStdio, with its own filtering of known noisy messages (e.g. LLVM symbolizer warnings). This switches to miniflare's handleStructuredLogs option, which parses workerd's structured JSON log output and automatically filters known unhelpful messages. This aligns with how both wrangler and vite-plugin-cloudflare handle workerd logs.
Updated dependencies [9c4035b, 5d29055, fb67a18, d5bffde, ab44870, 48d83ca, b2f53ea, b9b7e9d, 14e72eb, 4dc94fd, b2f53ea, d5bffde, 48d83ca]:
- wrangler@4.80.0
- miniflare@4.20260401.0

`v0.14.0`

Compare Source

Minor Changes

#12858 f05f2da Thanks @repository! - Add disableRetryDelays() to WorkflowInstanceModifier to skip retry backoff delays in tests

When testing Workflows with retry configurations, the backoff delays between retry attempts of a failing step.do() caused real wall-clock waiting (e.g., 35 seconds for 3 retries with 5-second exponential backoff), even when step results were fully mocked. The new disableRetryDelays() method eliminates these delays while preserving retry behavior — all attempts still execute, just without waiting between them.

Patch Changes

#13091 6d58f0f Thanks @penalosa! - Use today's date for the RTTI compat date query instead of a hardcoded "2023-12-01", so newly added Node.js builtin modules are recognized by the module fallback service.
#13070 cdb9c88 Thanks @penalosa! - Suppress CODE_MOVED for unknown code block log spam from workerd

These are internal workerd diagnostic messages not relevant to application developers. Miniflare's structured log handler already filters them, but vitest-pool-workers uses a custom handleRuntimeStdio that bypasses that pipeline. This adds the pattern to the pool's own ignore list.
#13069 6d0e329 Thanks @penalosa! - fix: suppress outputGateBroken stderr noise when testing Workflows
#13075 b8df076 Thanks @penalosa! - Support @voidzero-dev/vite-plus-test as an alternative to vitest

Users running tests via Vite+ (@voidzero-dev/vite-plus-test) with the recommended pnpm overrides no longer hit spurious version warnings or Disallowed operation called within global scope errors.
Updated dependencies [ffbc268, 9eff028, ed20a9b, f214760, 746858a, 9aad27f, 1fc5518, b539dc7, 9282493, a532eea, cd0e971, d4c6158, 2565b1d]:
- wrangler@4.79.0
- miniflare@4.20260329.0

`v0.13.5`

Compare Source

Patch Changes

#13077 11c77b7 Thanks @penalosa! - fix: runInDurableObject now correctly returns redirect responses (3xx) from Durable Object callbacks instead of throwing "Expected callback for X" errors
#13056 8384743 Thanks @penalosa! - fix: Support dynamic import() inside entrypoint and Durable Object handlers

Previously, calling exports.default.fetch() or SELF.fetch() on a worker whose handler used a dynamic import() would hang and fail with "Cannot perform I/O on behalf of a different Durable Object". This happened because the module runner's transport — which communicates over a WebSocket owned by the runner Durable Object — was invoked from a different DO context.

The fix patches the module runner's transport via the onModuleRunner hook so that all invoke() calls are routed through the runner DO's I/O context, regardless of where the import() originates.
#13074 4618c05 Thanks @penalosa! - fix: only apply module fallback extension probing for require(), not import

The module fallback service previously tried adding .js, .mjs, .cjs, and .json suffixes to extensionless specifiers unconditionally. Per the Node.js spec, this extension-probing behaviour is specific to CommonJS require(). ESM import statements must include explicit file extensions.

Extension-less TypeScript import specifiers continue to work correctly — they are resolved by Vite's resolver rather than the fallback's extension loop.
#13073 baec845 Thanks @penalosa! - Add adminSecretsStore() to cloudflare:test for seeding secrets in tests

Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. The new adminSecretsStore() helper returns Miniflare's admin API for a secrets store binding, giving tests full control over create, update, and delete operations.
```
import { adminSecretsStore } from "cloudflare:test";
import { env } from "cloudflare:workers";

const admin = adminSecretsStore(env.MY_SECRET);
await admin.create("test-value");

const value = await env.MY_SECRET.get(); // "test-value"
```
#13083 cfd513f Thanks @penalosa! - Add a 30-second timeout to waitUntil promise draining to prevent hanging tests

Previously, if a ctx.waitUntil() promise never resolved, the test suite would hang indefinitely after the test file finished. Now, any waitUntil promises that haven't settled within 30 seconds are abandoned with a warning, allowing the test suite to continue. This aligns with the production waitUntil limit.
Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:
- wrangler@4.78.0
- miniflare@4.20260317.3