chore(deps): update dependency @cloudflare/vite-plugin to v1.43.2#756
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update dependency @cloudflare/vite-plugin to v1.43.2#756renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
de1730b to
e065f02
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
e2ff51a to
8c827c0
Compare
80eab5e to
10a1a8e
Compare
3a34768 to
dff9539
Compare
7e037d6 to
44ac83c
Compare
263c324 to
8236243
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.





This PR contains the following updates:
1.41.0→1.43.2Release Notes
cloudflare/workers-sdk (@cloudflare/vite-plugin)
v1.43.2Compare Source
Patch Changes
54f74b8,0852346,54f74b8]:v1.43.1Compare Source
Patch Changes
e7e5780,d88555e,5fd8bee,5d9990e,bf49a41,1ac96a1,f416dd9,1ca8d8f,16fbf81,b973ed3]:v1.43.0Compare Source
Minor Changes
#14382
fd92d56Thanks @petebacondarwin! - Add support for declarative Durable Object exportswrangler deploynow accepts anexportsmap inwrangler.jsonas a declarative alternative to the legacymigrationsarray.Each entry in
exportsis keyed by Durable Object class name.typecarries the export kind (currently always"durable-object"); thestatefield carries the lifecycle and defaults to"created"(live) when omitted:{ "exports": { // Provision a new Durable Object class (`MyDO`) "MyDO": { "type": "durable-object", "storage": "sqlite" }, // Delete Durable Object class (`OldGone`) "OldGone": { "type": "durable-object", "state": "deleted" }, // Rename a Durable Object class (from `OldName` to `NewName`) "OldName": { "type": "durable-object", "state": "renamed", "renamed_to": "NewName" }, "NewName": { "type": "durable-object", "storage": "sqlite" }, // Transfer a Durable Object (`Outgoing`) to a new Worker (`target-worker`) "Outgoing": { "type": "durable-object", "state": "transferred", "transferred_to": "target-worker" }, // Prepare to receive the transfer of a Durable Object (`Incoming`) from another Worker (`source-worker`) "Incoming": { "type": "durable-object", "state": "expecting-transfer", "storage": "sqlite", "transfer_from": "source-worker" } } }When a Worker declares Durable Object class bindings but no lifecycle for them (neither a
migrationsarray nor anexportsmap), wrangler warns and now suggests a declarativeexportsentry for each class (previously it suggested a legacymigrationsblock).The deployment response now surfaces the server's reconciliation result — created namespaces, applied tombstones, structured per-scenario info entries, and a
removable_entrieshint for stale tombstones that are safe to delete from the config. Blocking errors return the structured per-class detail with scenario tags, suggested remediation, and any referencing-script context.wrangler versions uploadalso forwardsexports. Declarativeexportslifecycle changes are reconciled when the version is deployed (wrangler versions deployorwrangler deploy), so aversions uploadpayload can declare new classes inexportswithout immediately provisioning them. An actor binding (durable_objects.bindings) to a class declared only inexportson the sameversions uploadis rejected with a clear error (code 100406) — the binding cannot be resolved until the namespace is provisioned. Either stage the new class viactx.exports.X(no binding required) onversions uploadand add the binding at deploy time, or usewrangler deployto provision and bind in one step (the same constraint applies to themigrationsflow).Multi-version deploys (
wrangler versions deploy A@50% B@50%) where the selected versions disagree on declarativeexportsare rejected server-side with a clear message: deploy the version that changesexportsat 100% first, then run the percentage-split deploy. This prevents traffic on one branch routing to code that references unprovisioned or just-deleted DO namespaces. Single-version (100%) deploys are unaffected.Local development (
wrangler dev,vite devandunstable_startWorker) reads Durable Object SQLite storage settings from the newexportsfield, so applications using the declarative flow get correct local-dev storage without needing to also declare amigrationsblock.@cloudflare/vitest-pool-workersalso picks up Durable Object configuration fromexports, so tests against anexports-only Worker run with the correct local SQLite storage and can reach unbound Durable Object classes viactx.exports.X.wrangler typesis also aware ofexports. Live entries (includingexpecting-transfer, the receiving side of a two-phase transfer) are added toCloudflare.GlobalProps.durableNamespaces, which typesctx.exports.Xfor unbound Durable Objects declared only viaexports.Patch Changes
aa5d580,6b0ce98,fd92d56,bfe48db,be3f792,0277bfa,98793d8,e1532eb]:v1.42.4Compare Source
Patch Changes
#14490
75d8cb0Thanks @petebacondarwin! - Preserve D1 migration paths in generated Worker configsWhen a Worker config with a D1 binding is built by the Vite plugin, the generated
wrangler.jsonnow pointsmigrations_dirback to the source migration directory. This lets tools that read the generated config, such ascreateTestHarness(), find the same D1 migrations as the source Worker config.Updated dependencies [
75d8cb0,75d8cb0,75d8cb0,75d8cb0,75d8cb0,f10d4ad,75d8cb0,75d8cb0,75d8cb0,75d8cb0,d292046,75d8cb0,75d8cb0,75d8cb0,75d8cb0,75d8cb0,75d8cb0,e0cc2cb,75d8cb0,75d8cb0,75d8cb0]:v1.42.3Compare Source
Patch Changes
5f40dd5,34e0cef,3b743c1,daa5389,8a5cf8c]:v1.42.2Compare Source
Patch Changes
#14358
4ef872fThanks @gabivlj! - Fix container egress interception on arm64 Docker runtimesBoth
wrangler devand the Cloudflare Vite plugin no longer force theproxy-everythingsidecar image to pull aslinux/amd64, allowing Docker to select the native image from the multi-platform manifest. SetMINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORMto force a specific platform when needed.Updated dependencies [
a085dec,9a0de8f,fab565f,3f02864,4ef872f,2a02858,e312dec]:v1.42.1Compare Source
Patch Changes
#14366
c6579d3Thanks @jamesopstad! - Resolve relativecf-workerentrypoint imports relative to the importing moduleWhen loading the experimental
cloudflare.config.ts, a relative entrypoint imported withimport ... with { type: "cf-worker" }(e.g../src/index.ts) is now anchored to the module where the import is written, rather than being passed through verbatim and later resolved against the top-level config file. This fixes incorrect resolution when the import lives in a file other than the entry config — for example a config that re-exports from a nested file.Bare specifiers (such as
@scope/pkg) and virtual modules (such asvirtual:foo) are still left unresolved so that consumers can apply their own resolution.Updated dependencies [
c6579d3,444b75e,b38823f,cfd6205,cfd6205]:v1.42.0Compare Source
Minor Changes
#14339
aa49856Thanks @jamesopstad! - Add abuildcommand to the experimental, internalcf-vitedelegate binarycf-vite buildruns Vite's full multi-environment app build (via the Builder API) and enables the experimental Build Output API by default, emitting a self-contained.cloudflare/output/v0/directory. It forcesexperimental.newConfigandexperimental.newConfig.cfBuildOutputon, so acloudflare.config.tsis required at the project root.Patch Changes
#14346
e930bd4Thanks @haidargit! - Bumpwsfrom 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4pGHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in
ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash awsserver or client via OOM. The fix shipped in ws@8.21.0 (commit2b2abd45, released 2026-05-22), which also introduces themaxBufferedChunksandmaxFragmentsoptions. This change bumps the workspace catalog entry so thatminiflare,wrangler, and@cloudflare/vite-pluginall pick up the patched release.#14351
6c7df19Thanks @jamesopstad! - Force the experimental new config on by default in thecf-vite devdelegate#14218
4eed569Thanks @matingathani! - Allowresolve.externalcontaining only Node.js built-ins in Worker environmentsVitest 4 automatically sets
resolve.externalto the full list of Node.js built-in modules for non-standard Vite environments via its internalrunnerTransformplugin. Previously, the Cloudflare Vite plugin rejected any non-emptyresolve.externalarray, throwing an incompatibility error on startup when used alongside Vitest 4.The validation check now allows
resolve.externalarrays that contain only Node.js built-in module names (both barefsandnode:fsforms). The error is only thrown whenresolve.externalistrueor contains non-built-in package names that would prevent user code from being bundled into the Worker.Updated dependencies [
673b09e,e930bd4,f6e49dd,5c3bb11,296ad65,594544d,a79b899,5dfb788,ca61558,36777db]:Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.