Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@cloudflare/vite-plugin@1.36.0

Minor Changes

• #13810 2b8c0cc Thanks @jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• Updated dependencies [58899d8, 3020214, 0099265, bb27219, 194d75e, 12fb5db, 1127114, 2b8c0cc, 1a5cc86]:
  • wrangler@4.88.0
  • miniflare@4.20260504.0

@cloudflare/vitest-pool-workers@0.16.0

Minor Changes

• #13810 2b8c0cc Thanks @jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #12974 1127114 Thanks @ask-bonk! - Rewrite self-referencing service bindings to kCurrentWorker before renaming the runner worker

  When a wrangler config has a service binding to itself (e.g. services: [{ binding: "SELF", service: "my-worker" }] where the worker is named "my-worker"), the binding's literal name pointed to a worker that no longer existed once vitest-pool-workers renamed the runner to vitest-pool-workers-runner-<project>. The self-reference is now rewritten to the miniflare kCurrentWorker symbol, which resolves at request time relative to the referer worker and so survives the rename. Previously this rewrite lived in wrangler's unstable_getMiniflareWorkerOptions, but it's only needed for vitest-pool-workers' rename — other consumers (getPlatformProxy, @cloudflare/vite-plugin) preserve the original worker name and so don't need it.

• Updated dependencies [58899d8, 3020214, 0099265, bb27219, 194d75e, 12fb5db, 1127114, 2b8c0cc, 1a5cc86]:

  • wrangler@4.88.0
  • miniflare@4.20260504.0

@cloudflare/workers-utils@0.19.0

Minor Changes

• #13810 2b8c0cc Thanks @jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

wrangler@4.88.0

Minor Changes

• #13721 58899d8 Thanks @danielgek! - Add optional custom_metadata step to wrangler ai-search create

  The wrangler ai-search create interactive wizard now lets you declare custom metadata fields that the new AI Search instance should index. Each field is a field_name paired with a data_type (text, number, boolean, or datetime).

  You can provide fields up-front via the new repeatable --custom-metadata flag using field_name:data_type syntax:

  wrangler ai-search create my-instance \
    --type r2 --source my-bucket \
    --custom-metadata title:text \
    --custom-metadata views:number

  For larger schemas, use --custom-metadata-schema to point at a JSON file containing an array of { field_name, data_type } objects:

  wrangler ai-search create my-instance \
    --type r2 --source my-bucket \
    --custom-metadata-schema schema.json

  [
    { "field_name": "title", "data_type": "text" },
    { "field_name": "views", "data_type": "number" }
  ]

• #13810 2b8c0cc Thanks @jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #13765 3020214 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260430.1	1.20260501.1

• #13800 0099265 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260501.1	1.20260504.1

• #13772 194d75e Thanks @zakcutner! - Fix wrangler types to generate Fetcher for unsafe.bindings entries with type: "service"

  Previously, all entries in unsafe.bindings (other than ratelimit) generated a fallback any type. wrangler types now generates Fetcher for unsafe bindings declared with type: "service", matching the type used for regular service bindings.

• #12974 1127114 Thanks @ask-bonk! - Fix props and fetcher-type service bindings being dropped in unstable_getMiniflareWorkerOptions

  The post-processing in unstable_getMiniflareWorkerOptions was rebuilding serviceBindings from scratch, which silently dropped props on service bindings and dropped fetcher-type bindings entirely. It was also re-deriving durableObjects identically to what buildMiniflareBindingOptions already produces. Both have been removed; buildMiniflareBindingOptions now produces the final bindings unchanged.

• #13745 1a5cc86 Thanks @edmundhung! - fix: preserve request ports in Origin and Referer headers when using wrangler dev --host

• Updated dependencies [3020214, 0099265, bb27219, 12fb5db]:

  • miniflare@4.20260504.0

@cloudflare/cli-shared-helpers@0.1.1

Patch Changes

• Updated dependencies [2b8c0cc]:
  • @cloudflare/workers-utils@0.19.0

create-cloudflare@2.68.1

Patch Changes

• #13793 e414059 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  @tanstack/create-start	0.59.26	0.59.28

• #13794 556a58c Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-waku	0.12.5-1.0.0-alpha.8-0	0.12.5-1.0.0-alpha.9-0

• #13795 7c9161a Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-docusaurus	3.10.0	3.10.1

• #13796 e8496b6 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  @angular/create	21.2.8	21.2.9

miniflare@4.20260504.0

Patch Changes

• #13765 3020214 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260430.1	1.20260501.1

• #13800 0099265 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260501.1	1.20260504.1

• #13737 bb27219 Thanks @ruifigueira! - Fix race condition that broke Browser Run on Windows when Chrome had not yet started accepting connections

  When Miniflare launched Chrome for Browser Run bindings, it returned the WebSocket endpoint as soon as Chrome printed its DevTools listening on ws://... banner. On Windows the underlying listening socket is occasionally not yet accepting connections at that point, causing the first request from workerd to Chrome to fail with ConnectEx (#1225) The remote computer refused the network connection. and the user worker to receive an error response from /v1/acquire.

  Miniflare now probes Chrome's /json/version HTTP endpoint with retry/backoff after the banner is logged, only declaring the browser ready once the socket actually accepts connections. As an additional safety net, the browser binding worker also retries transient ConnectEx/WSARecv failures when establishing connections to Chrome.

• #13767 12fb5db Thanks @edmundhung! - Fix local explorer startup in Yarn Plug'n'Play projects by copying the explorer UI assets to a real temporary directory before registering the workerd disk service.

@cloudflare/pages-shared@0.13.131

Patch Changes

• Updated dependencies [3020214, 0099265, bb27219, 12fb5db]:
  • miniflare@4.20260504.0

@cloudflare/workers-shared@0.19.5

Patch Changes

• #13740 6d2a573 Thanks @courtney-sims! - During deployment, routes requests to new versions of asset-worker based on customer account plan.

• #12276 926bad5 Thanks @penalosa! - Warn when _headers rules contain multiple wildcards or wildcard combined with :splat

  Rules containing multiple wildcards (e.g. https://*.workers.dev/*) or combining a wildcard with a :splat placeholder (e.g. https://*.pages.dev/:splat) are now rejected during parsing. Previously this would fail silently during dev.

[ask-bonk]

LGTM

github run

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13766

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13766

miniflare

npm i https://pkg.pr.new/miniflare@13766

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13766

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13766

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13766

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13766

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13766

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@13766

wrangler

npm i https://pkg.pr.new/wrangler@13766

commit: bd7b0d2

[github-actions]

✅ All changesets look good

Review Summary

1. ai-search-create-custom-metadata.md

• Version: minor ✓ (new feature)
• Headers: No h1/h2/h3 ✓
• Description: Clear description of the new custom_metadata step with examples ✓

2. asset-worker-cohort-deployments.md

• Version: patch ✓ (internal deployment routing change)
• Headers: No h1/h2/h3 ✓
• Description: Concise description of the change ✓

3. c3-frameworks-update-13793.md (tanstack/create-start)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓
• Note: Dependency update for create-cloudflare - skipped per guidelines

4. c3-frameworks-update-13794.md (create-waku)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓
• Note: Dependency update for create-cloudflare - skipped per guidelines

5. c3-frameworks-update-13795.md (create-docusaurus)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓
• Note: Dependency update for create-cloudflare - skipped per guidelines

6. c3-frameworks-update-13796.md (@angular/create)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓
• Note: Dependency update for create-cloudflare - skipped per guidelines

7. dependabot-update-13765.md (workerd)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓

8. dependabot-update-13800.md (workerd)

• Version: patch ✓ (dependency update)
• Headers: No h1/h2/h3 ✓
• Description: Clear table showing version change ✓

9. fix-miniflare-browser-rendering-windows-race.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Excellent detailed description of the race condition and fix ✓

10. fix-wrangler-types-unsafe-service-binding.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Clear description of the fix ✓

11. four-masks-draw.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Clear description of the Yarn PnP fix ✓

12. rare-ducks-occur.md

• Version: minor ✓ (new feature - framework support improvement)
• Headers: No h1/h2/h3 ✓
• Description: Clear description of the Astro/static site support ✓

13. reject-multiple-wildcards-headers.md

• Version: patch ✓ (improvement - now warns instead of silent failure)
• Headers: No h1/h2/h3 ✓
• Description: Clear description of the validation improvement ✓

14. remove-dev-registry-filtering.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Clear technical description of the fix ✓

15. stabilize-secrets-config.md

• Version: minor ✓ (feature stabilization)
• Headers: No h1/h2/h3 ✓
• Description: Clear description with config example ✓

16. tiny-ducks-look.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Concise bug fix description ✓

17. vitest-pool-workers-self-ref.md

• Version: patch ✓ (bug fix)
• Headers: No h1/h2/h3 ✓
• Description: Excellent detailed technical description ✓

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.