Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

miniflare@4.20260420.0

Minor Changes

• #13326 4a9ba90 Thanks @mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #12600 50bf819 Thanks @penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #13515 b35617b Thanks @petebacondarwin! - fix: close all open handles on dispose to prevent process hangs

  Several resources were not being properly cleaned up during Miniflare.dispose(), which could leave the Node.js event loop alive and cause processes (particularly tests using node --test) to hang instead of exiting cleanly:

  • The internal undici Pool used to dispatch fetch requests to the workerd runtime was not closed. Lingering TCP sockets from this pool could keep the event loop alive indefinitely.
  • WebSocketServer instances for live reload and WebSocket proxying were never closed, leaving connected clients' sockets open.
  • The InspectorProxy was not closing its runtime WebSocket connection, relying on process death to break the connection.
  • HyperdriveProxyController.dispose() had a missing return in a .map() callback, causing Promise.allSettled to resolve immediately without waiting for net.Server instances to close.
  • ProxyClientBridge was not clearing its finalization batch setTimeout during disposal.
  • InspectorProxyController.dispose() was not calling server.closeAllConnections() before server.close(), so active HTTP keep-alive or WebSocket connections could prevent the close callback from firing.

• #13557 8ca78bb Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #13579 b6e1351 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260416.2	1.20260417.1

• #13604 d8314c6 Thanks @petebacondarwin! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260417.1	1.20260420.1

• #12913 7f50300 Thanks @Sigmabrogz! - fix(miniflare): use 127.0.0.1 for internal loopback when localhost is configured

  When localhost is configured as the host, Node.js may bind to [::1] (IPv6) while workerd resolves localhost to 127.0.0.1 (IPv4) first. This mismatch causes connection refused errors and 100% CPU spins.

  This fix ensures the internal loopback communication between Node.js and workerd always uses 127.0.0.1 when localhost is configured, while preserving the user-facing URL as localhost.

• #13470 4fda685 Thanks @penalosa! - fix: prevent remote binding sessions from expiring during long-running dev sessions

  Preview tokens for remote bindings expire after one hour. Previously, the first request after expiry would fail before a refresh was triggered. This change proactively refreshes the token at 50 minutes so no request ever sees an expired session.

  The reactive recovery path is also improved: error code: 1031 responses (returned by bindings such as Workers AI when their session times out) now correctly trigger a refresh, where previously only Invalid Workers Preview configuration HTML responses did.

  Auth credentials are now resolved lazily when a remote proxy session starts rather than at bundle-complete time. This means that if your OAuth access token has been refreshed since wrangler dev started, the new token is used rather than the one captured at startup.

• #13586 be5e6a0 Thanks @petebacondarwin! - Fix resource leaks during config updates

  Two follow-up fixes to the dispose cleanup in [miniflare] Close all open handles on dispose to prevent process hangs #13515:

  • Only close and recreate the dev-registry dispatcher when its port actually changes, matching the existing runtimeDispatcher behavior. Previously, every config update unconditionally tore down and rebuilt the connection pool, which could cause brief request failures if a registry push was in-flight.
  • Dispose old InspectorProxy instances before replacing them during updateConnection(). Previously, stale proxies were silently discarded, leaking their runtime WebSocket connections and 10-second keepalive interval timers.

• #13577 e456952 Thanks @connyay! - Return EmailSendResult from the send_email binding's send() in local mode

  The binding's send() used to resolve to undefined. It now returns { messageId: string }, the same shape as the public SendEmail type in production. Workers that read the return value (for logging, or to pass the id downstream) no longer get undefined under miniflare.

  Both branches synthesize an id in the shape production returns — <{36 alphanumeric chars}@{sender domain}>, angle brackets included — using the envelope from for the EmailMessage path and the builder's from for the MessageBuilder path. Production synthesizes its own id rather than echoing anything submitted, so miniflare does the same.

• #13516 4eb1da9 Thanks @jonnyparris! - Rename "Browser Rendering" to "Browser Run" in all user-facing strings, error messages, and CLI output.

• #13557 8ca78bb Thanks @dependabot! - Rename Flags type to Flagship to match the upstream rename in @cloudflare/workers-types

  The Flags type was renamed to Flagship in @cloudflare/workers-types. This updates the import and the return type of getFlagshipBinding accordingly.

• #11849 266c418 Thanks @43081j! - Removed unused devDependencies from miniflare package.

@cloudflare/vite-plugin@1.33.0

Minor Changes

• #12600 50bf819 Thanks @penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #13587 fdb32ca Thanks @vimtor! - Allow internal Wrangler config path overrides via env

  @cloudflare/vite-plugin now checks CLOUDFLARE_VITE_WRANGLER_CONFIG_PATH when configPath is not set explicitly. This lets integrators provide generated Wrangler configs outside the project root without requiring users to thread configPath through framework config.

• Updated dependencies [05f4443, 4a9ba90, d8c895a, b35617b, 7dc0433, 8ca78bb, b6e1351, d8314c6, b35617b, 7f50300, 4fda685, be5e6a0, e456952, 59eec63, 50bf819, cc1413a, d0a9d1c, 4eb1da9, 8ca78bb, 266c418, 6d887db, 5716d69]:

  • wrangler@4.84.0
  • miniflare@4.20260420.0

wrangler@4.84.0

Minor Changes

• #13326 4a9ba90 Thanks @mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #13567 d8c895a Thanks @gpanders! - Rename the documented containers SSH config option to ssh

  Wrangler now accepts and documents containers.ssh in config files while continuing to accept containers.wrangler_ssh as an undocumented backwards-compatible alias. Wrangler still sends and reads wrangler_ssh when talking to the containers API.

• #13571 7dc0433 Thanks @must108! - Add regional and jurisdictional placement constraints for Containers. Users can now set constraints.regions and constraints.jurisdiction in wrangler config to control where containers run.

• #12600 50bf819 Thanks @penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #13160 05f4443 Thanks @JoaquinGimenez1! - Log a helpful error message when AI binding requests fail with a 403 authentication error

  Previously, when the AI proxy token expired during a long session, users received an unhelpful 403 error. Now, wrangler detects error code 1031 and suggests running wrangler login to refresh the token.

• #13557 8ca78bb Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #13579 b6e1351 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260416.2	1.20260417.1

• #13604 d8314c6 Thanks @petebacondarwin! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260417.1	1.20260420.1

• #13515 b35617b Thanks @petebacondarwin! - fix: ensure esbuild context is disposed during teardown

  The esbuild bundler cleanup function could race with the initial build. If BundlerController.teardown() ran before the initial build() completed, the stopWatching closure variable would still be undefined, so the esbuild context was never disposed. This left the esbuild child process running, keeping the Node.js event loop alive and causing processes to hang instead of exiting cleanly.

  The cleanup function now awaits the build promise before calling stopWatching, ensuring the esbuild context is always properly disposed.

• #13470 4fda685 Thanks @penalosa! - fix: prevent remote binding sessions from expiring during long-running dev sessions

  Preview tokens for remote bindings expire after one hour. Previously, the first request after expiry would fail before a refresh was triggered. This change proactively refreshes the token at 50 minutes so no request ever sees an expired session.

  The reactive recovery path is also improved: error code: 1031 responses (returned by bindings such as Workers AI when their session times out) now correctly trigger a refresh, where previously only Invalid Workers Preview configuration HTML responses did.

  Auth credentials are now resolved lazily when a remote proxy session starts rather than at bundle-complete time. This means that if your OAuth access token has been refreshed since wrangler dev started, the new token is used rather than the one captured at startup.

• #12456 59eec63 Thanks @venkatnikhilm! - Improve validation and error messaging for R2 CORS configuration files to catch AWS S3-style formatting mistake.

• #13444 cc1413a Thanks @naile! - fix: Pass force query parameter to API in pages deployment delete

• #11918 d0a9d1c Thanks @ksawaneh! - Allow wrangler r2 bucket list to run without a valid Wrangler config

  This is an account-level command and does not require parsing wrangler.toml/wrangler.jsonc. Previously, an invalid local config could prevent listing buckets, making it harder to fix the config.

• #13516 4eb1da9 Thanks @jonnyparris! - Rename "Browser Rendering" to "Browser Run" in all user-facing strings, error messages, and CLI output.

• #13575 6d887db Thanks @lambrospetrou! - Add D1 export prompt message for unavailability, use --skip-confirmation to not show the prompt.

• #13473 5716d69 Thanks @MattieTK! - Update am-i-vibing to v0.1.1 for improved agentic environment detection

• Updated dependencies [4a9ba90, b35617b, 8ca78bb, b6e1351, d8314c6, 7f50300, 4fda685, be5e6a0, e456952, 50bf819, 4eb1da9, 8ca78bb, 266c418]:

  • miniflare@4.20260420.0

create-cloudflare@2.67.1

Patch Changes

• #12714 852fb79 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  @tanstack/create-start	0.59.8	0.59.21

• #12804 d090818 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  sv	0.12.4	0.12.5

• #13360 359706d Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-next-app	16.2.2	16.2.4

• #13593 4ca7cc6 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-analog	2.4.7	2.4.8

• #13594 f406f0b Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-react-router	7.14.0	7.14.1

• #13595 aa1d317 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-vike	0.0.616	0.0.622

• #12705 7329b3f Thanks @roli-lpci! - Replace glob with tinyglobby in build tooling. Remove unused glob dependency from pages-shared.

@cloudflare/pages-shared@0.13.126

Patch Changes

• #12705 7329b3f Thanks @roli-lpci! - Replace glob with tinyglobby in build tooling. Remove unused glob dependency from pages-shared.

• Updated dependencies [4a9ba90, b35617b, 8ca78bb, b6e1351, d8314c6, 7f50300, 4fda685, be5e6a0, e456952, 50bf819, 4eb1da9, 8ca78bb, 266c418]:

  • miniflare@4.20260420.0

@cloudflare/vitest-pool-workers@0.14.8

Patch Changes

• #13548 1aee990 Thanks @emily-shen! - Update warning message when attempting to access exports not defined on the main worker

  Previously this referred to the SELF worker, which is now a deprecated API in the Vitest integration.

• #13607 d5d0446 Thanks @petebacondarwin! - fix: Restore workflow binding before async cleanup in WorkflowIntrospectorHandle.dispose()

  Previously, dispose() awaited all instance abort operations before restoring the original env binding. On slower CI environments (especially Windows), this left a window where the next test could see a stale proxy, causing "Trying to mock step multiple times" errors or failed introspection. The binding is now restored synchronously before the async instance cleanup begins.

• #13007 2c3258d Thanks @sheplu! - Reduce default log verbosity from VERBOSE to INFO

  The pool logger was previously hardcoded to VERBOSE, causing noisy debug messages on every test run (e.g. [vpw:debug] Adding compatibility flag...). Only informational, warning, and error messages are now printed by default.

  For debugging, set NODE_DEBUG=vitest-pool-workers to restore the detailed output.

• Updated dependencies [05f4443, 4a9ba90, d8c895a, b35617b, 7dc0433, 8ca78bb, b6e1351, d8314c6, b35617b, 7f50300, 4fda685, be5e6a0, e456952, 59eec63, 50bf819, cc1413a, d0a9d1c, 4eb1da9, 8ca78bb, 266c418, 6d887db, 5716d69]:

  • wrangler@4.84.0
  • miniflare@4.20260420.0

@cloudflare/containers-shared@0.14.0

Minor Changes

• #13571 7dc0433 Thanks @must108! - Add regional and jurisdictional placement constraints for Containers. Users can now set constraints.regions and constraints.jurisdiction in wrangler config to control where containers run.

@cloudflare/workers-utils@0.17.0

Minor Changes

• #13326 4a9ba90 Thanks @mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #13571 7dc0433 Thanks @must108! - Add regional and jurisdictional placement constraints for Containers. Users can now set constraints.regions and constraints.jurisdiction in wrangler config to control where containers run.

Patch Changes

• #13516 4eb1da9 Thanks @jonnyparris! - Rename "Browser Rendering" to "Browser Run" in all user-facing strings, error messages, and CLI output.

@cloudflare/local-explorer-ui@0.13.1

Patch Changes

• #13466 c4461ff Thanks @NuroDev! - Fix local explorer KV bulk / get for large payloads.

  Fixes an issue where the local explorer UI would crash when fetching large KV payloads.

  Additionally, the local KV bulk get API endpoint now enforces a total 25MB payload limit, in alignment with the remote Cloudflare API.

• #13543 39a5f04 Thanks @SAY-5! - Fix occured -> occurred typo in the ResourceError fallback message rendered by the local explorer UI when a worker resource fails to load.

[ask-bonk]

LGTM

github run

[github-actions]

Changeset Review

Summary

✅ All changesets look good

Review Details

Changesets Reviewed: 20

File	Package(s)	Version	Notes
artifacts-binding-support.md	wrangler, miniflare, workers-utils	minor	New Artifacts binding feature with config example
c3-frameworks-update-12714.md	create-cloudflare	patch	Dependabot update - skipped per rules
c3-frameworks-update-13360.md	create-cloudflare	patch	Dependabot update - skipped per rules
calm-bobcats-chew.md	wrangler	minor	Config option rename with backwards compatibility
clear-turkeys-boil.md	vitest-pool-workers	patch	Warning message update
close-runtime-dispatcher-pool.md	miniflare	patch	Resource cleanup fix with detailed explanation
container-placement-constraints.md	wrangler, containers-shared, workers-utils	minor	New placement constraints feature
dependabot-update-13557.md	miniflare, wrangler	patch	workerd dependency update
dependabot-update-13579.md	miniflare, wrangler	patch	workerd dependency update
fix-esbuild-cleanup-race.md	wrangler	patch	Race condition fix with technical details
fix-ipv6-localhost-spin.md	miniflare	patch	IPv6/localhost mismatch fix
fix-remote-bindings-timeout.md	wrangler, miniflare	patch	Token refresh improvement
local-explorer-ui-fix-occured-typo.md	local-explorer-ui	patch	Typo fix
nasty-years-taste.md	wrangler	patch	R2 CORS validation improvement
native-dev-registry-proxy.md	miniflare, wrangler, vite-plugin	minor	New dev registry proxy feature
poor-melons-smile.md	wrangler	patch	API parameter fix
r2-bucket-list-no-config.md	wrangler	patch	Config-less command support
rename-browser-run.md	wrangler, miniflare, workers-utils	patch	String rename throughout
rename-flags-to-flagship.md	miniflare	patch	Type rename for upstream alignment
tricky-experts-fry.md	wrangler	patch	D1 export prompt addition

Checks Performed

• ✅ Version types appropriate for changes (patch for fixes, minor for features)
• ✅ Changelog descriptions are meaningful and explain user impact
• ✅ No h1/h2/h3 headers found in any changeset
• ✅ Dependency update changesets for create-cloudflare correctly skipped
• ✅ Experimental features not detected (no opt-in notes required)

---

Review completed

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13511

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13511

miniflare

npm i https://pkg.pr.new/miniflare@13511

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13511

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13511

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13511

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13511

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13511

wrangler

npm i https://pkg.pr.new/wrangler@13511

commit: 26b1576