v1.36.3

Compare Source

Patch Changes

• Updated dependencies [8852b0c, 248bc08, e414e56]:
  • wrangler@​4.90.0
  • miniflare@​4.20260507.1

v1.36.2

Compare Source

Patch Changes

• Updated dependencies [dd3baf3, 5cf6f81]:
  • wrangler@​4.89.1
  • miniflare@​4.20260507.1

v1.36.1

Compare Source

Patch Changes

• #​13802 a7fd465 Thanks @​deodad! - Fix .dev.vars written for vite preview to round-trip values containing quotes

  When the plugin emits dist/<env>/.dev.vars for vite preview, it previously wrote each value as a double-quoted dotenv string with " escaped to \". dotenv (the parser wrangler uses) does not unescape \" inside double-quoted values, so values containing " arrived at the worker with literal backslashes still in them.

  The plugin now quotes strings using the first quote character that does not appear in the value (with the priority order: single → backtick → double), all of which dotenv strips correctly. If a value contains every supported quote character it throws instead of silently corrupting the value.

• Updated dependencies [2284f20, 332f527, 039bada, 18e833d, b6cea17, 1a54ac5, 53e846a, f3fed88, beff19c, af42fed, 1a54ac5]:

  • miniflare@​4.20260507.0
  • wrangler@​4.89.0

v1.36.0

Compare Source

Minor Changes

• #​13810 2b8c0cc Thanks @​jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #​13814 a2f9c26 Thanks @​edmundhung! - Deny additional credential files from the Vite dev server

  The Cloudflare Vite plugin now adds .npmrc, .yarnrc, .yarnrc.yml, and more certificate and key file extensions to server.fs.deny. This prevents common credential files from being fetched directly during local development.

• Updated dependencies [e07825a, 58899d8, 3020214, 0099265, 25f5ef2, bb27219, 194d75e, 12fb5db, 18b9d5b, 9f532f7, 1127114, 3ceadef, 2b8c0cc, 1a5cc86]:

  • wrangler@​4.88.0
  • miniflare@​4.20260504.0

v1.35.0

Compare Source

Minor Changes

• #​13618 c07d0cb Thanks @​jamesopstad! - Support V2 protocol for module fallback service

  When the new_module_registry compatibility flag is set, requests sent to unsafeModuleFallbackService() use a different protocol. The Vite plugin now supports both protocols in its handling of additional module types.

Patch Changes

• #​13363 6457fb3 Thanks @​courtney-sims! - Prepares router-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of router-worker based on their plan, but should make no functional difference today.

• Updated dependencies [22e1a61, 00523c8, b5ac54b, e653edf, e1eff94, 1c4d850, 6d28037, 9a1f014, e539008, 0bf64a7, 0827815, b04eedf, 6457fb3, c07d0cb, e539008]:

  • miniflare@​4.20260430.0
  • wrangler@​4.87.0

v1.34.0

Compare Source

Minor Changes

• #​13666 edcff69 Thanks @​edmundhung! - Add tunnel: true to the cloudflare() Vite plugin for sharing your local dev and preview servers via Cloudflare Quick Tunnels

  You can now expose your local dev server publicly by setting tunnel: true:

  cloudflare({
    tunnel: true,
  });

  You can also enable tunnel sharing dynamically using an environment variable:

  cloudflare({
    tunnel: process.env.ENABLE_DEV_TUNNEL === "true",
  });

  This starts a Cloudflare Quick Tunnel that gives you a random *.trycloudflare.com URL to share. The tunnel stops automatically when the dev or preview session ends. Quick tunnels don't require a Cloudflare account or any configuration.

  A warning is shown when Server-Sent Events (SSE) responses are detected through the tunnel, since quick tunnels don't support SSE.

Patch Changes

• Updated dependencies [ea943ff, 21b87b2, 62e9f2a, 9eb9e69, 2dc6175, 0a5db08, 033d6ec, ae8eae3, f2e2241, 4f6ed93, ed2f4ec, ef24ff2, 92bb8a5, 6d27479, f2e2241, 118027d, fcc491a, e6c437a, e867ac2]:
  • wrangler@​4.86.0
  • miniflare@​4.20260426.0

v1.33.2

Compare Source

Patch Changes

• #​13636 1d54fb7 Thanks @​edmundhung! - Stop denying vite.config.* files from Vite dev server access

  This allows projects to access vite.config.* files during development when needed.

• #​13653 48c61b6 Thanks @​jamesopstad! - Use the date that the plugin is built as the default compatibility date.

  When no compatibility date was set by the user, the plugin was falling back to the current date. This meant that the date could get ahead of the latest date supported by the installed version of workerd. We now populate the default compatibility date when the plugin is built. This means that it is updated with each release but then stays fixed.

• #​13634 f3cb2b2 Thanks @​jamesopstad! - Simplify /cdn-cgi/ handling

  We now only add special handling for /cdn-cgi/handler/* routes, so that trigger handlers are invoked on the User Worker.

• #​13611 6e99feb Thanks @​smaldd14! - Support Cloudflare-managed registry images in Vite plugin local dev

  Previously, using a registry.cloudflare.com image in a containers binding would crash vite dev with an unsupported error. The Vite plugin now configures the Cloudflare API client using CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID before pulling container images, matching the behavior of wrangler dev.

• Updated dependencies [5a2968a, 5680287, 3494842, 7d728fb, df9319d, d5e3c57, 3ceeec3, 7567ef7, 0a95061, 2831b54, 7fc50c1, 377715d]:

  • wrangler@​4.85.0
  • miniflare@​4.20260424.0
  • @​cloudflare/unenv-preset@​2.16.1

v1.33.1

Compare Source

Patch Changes

• Updated dependencies [8fec8b8, 2f3d7b9, a610749]:
  • miniflare@​4.20260421.0
  • wrangler@​4.84.1

v1.33.0

Compare Source

Minor Changes

• #​12600 50bf819 Thanks @​penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #​13587 fdb32ca Thanks @​vimtor! - Allow internal Wrangler config path overrides via env

  @cloudflare/vite-plugin now checks CLOUDFLARE_VITE_WRANGLER_CONFIG_PATH when configPath is not set explicitly. This lets integrators provide generated Wrangler configs outside the project root without requiring users to thread configPath through framework config.

• Updated dependencies [05f4443, 4a9ba90, d8c895a, b35617b, 7dc0433, 8ca78bb, b6e1351, d8314c6, b35617b, 7f50300, 4fda685, be5e6a0, e456952, 59eec63, 50bf819, cc1413a, d0a9d1c, 4eb1da9, 8ca78bb, 266c418, 6d887db, 5716d69]:

  • wrangler@​4.84.0
  • miniflare@​4.20260420.0

v1.32.3

Compare Source

Patch Changes

• #​13427 c4deb1d Thanks @​edmundhung! - Harden file serving for Vite dev

  The Vite plugin now includes Wrangler config files, Vite config files, and .wrangler state files in server.fs.deny so they cannot be fetched directly from the Vite dev server.

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 07a918c, 89c7829, 60565dd, 6cbcdeb, 90aee27]:

  • miniflare@​4.20260415.0
  • wrangler@​4.83.0

v1.32.2

Compare Source

Patch Changes

• Updated dependencies [9b2b6ba]:
  • wrangler@​4.82.2

v1.32.1

Compare Source

Patch Changes

• Updated dependencies [6b11b07, dd4e888]:
  • wrangler@​4.82.1

v1.32.0

Compare Source

Minor Changes

• #​13137 1313275 Thanks @​emily-shen! - Add e hotkey to open local explorer during dev

  Press e during vite dev to open the local explorer UI at /cdn-cgi/explorer, which allows you to inspect the state of your D1, R2, KV, DO and Workflow bindings.

Patch Changes

• Updated dependencies [5338bb6, 79fd529, 28bc2be, 4fd138b, bafb96b, c50cb5b, 2589395, 525a46b, 5eff8c1, 1313275]:
  • wrangler@​4.82.0
  • miniflare@​4.20260410.0

v1.31.2

Compare Source

Patch Changes

• Updated dependencies [42c7ef0, c510494, 8b71eca, a42e0e8, 7ca6f6e]:
  • miniflare@​4.20260409.0
  • wrangler@​4.81.1

v1.31.1

Compare Source

Patch Changes

• Updated dependencies [a3e3b57, 7d318e1, fa6d84f, 96ee5d4, 7d318e1, 7a60d4b, 78cbe37, 6fa5dfd]:
  • miniflare@​4.20260405.0
  • wrangler@​4.81.0

v1.31.0

Compare Source

Minor Changes

• #​13011 b9b7e9d Thanks @​ruifigueira! - Add experimental headful browser rendering support for local development

  Experimental: This feature may be removed or changed without notice.

  When developing locally with the Browser Rendering API, you can enable headful (visible) mode via the X_BROWSER_HEADFUL environment variable to see the browser while debugging:

  X_BROWSER_HEADFUL=true wrangler dev
  X_BROWSER_HEADFUL=true vite dev

  Note: when using @cloudflare/playwright, two Chrome windows may appear — the initial blank page and the one created by browser.newPage(). This is expected behavior due to how Playwright handles browser contexts via CDP.

• #​13051 d5bffde Thanks @​dario-piotrowicz! - Update getLocalWorkerdCompatibilityDate to return today's date

  The re-exported getLocalWorkerdCompatibilityDate function from @cloudflare/vite-plugin previously resolved the workerd compatibility date by traversing the local miniflare installation, which was unreliable in some package manager setups. It now simply returns today's date. The function is also marked as deprecated — callers should just use today's date instead, for example like so: new Date().toISOString().slice(0, 10)

Patch Changes

• #​13125 f76652c Thanks @​kayluhb! - Fix SyntaxError when SSR-transformed module ends with a single-line comment

  When module code ends with a // comment (e.g. //# sourceMappingURL=... preserved by vite-plus), the closing } of the async wrapper in runInlinedModule was absorbed into the comment, causing SyntaxError: Unexpected end of input. Adding a newline before the closing brace prevents this.

• #​13188 110002c Thanks @​shulaoda! - Normalize the return value of getAssetsDirectory() with vite.normalizePath() to ensure assets.directory in the output wrangler.json always uses forward slashes

• Updated dependencies [9c4035b, 5d29055, fb67a18, d5bffde, ab44870, 48d83ca, b2f53ea, b9b7e9d, 14e72eb, 4dc94fd, b2f53ea, d5bffde, 48d83ca]:

  • wrangler@​4.80.0
  • miniflare@​4.20260401.0

v1.30.3

Compare Source

Patch Changes

• #​13111 f214760 Thanks @​dependabot! - Add missing connect key to WorkerEntrypoint and DurableObject key lists in the runner worker

  The connect method was added to the WorkerEntrypoint and DurableObject types in workerd 1.20260329.1 but was missing from the WORKER_ENTRYPOINT_KEYS and DURABLE_OBJECT_KEYS arrays used for RPC property access in the Vite plugin runner worker. This caused the compile-time exhaustiveness check to fail with the updated workers-types.

• Updated dependencies [ffbc268, 9eff028, ed20a9b, f214760, 746858a, 9aad27f, 1fc5518, b539dc7, 9282493, a532eea, cd0e971, d4c6158, 2565b1d]:

  • wrangler@​4.79.0
  • miniflare@​4.20260329.0

v1.30.2

Compare Source

Patch Changes

• #​12953 80b093e Thanks @​jamesopstad! - Fix Cannot perform I/O on behalf of a different request errors for deferred dynamic imports

  Concurrent requests that loaded the same dynamic import were previously sharing the same promise to resolve it in a Worker context. We now ensure that all imports execute within a Durable Object's IoContext before the result is returned to the Worker.

• Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:

  • wrangler@​4.78.0
  • miniflare@​4.20260317.3

v1.30.1

Compare Source

Patch Changes

• #​12851 86a40f0 Thanks @​jamesopstad! - Fix a bug that prevented using subpath imports for additional module types

  You can now use subpath imports for additional module types (.html, .txt, .sql, .bin, .wasm) by defining them in your package.json imports field:

  // package.json
  {
    "imports": {
      "#templates/page": "./src/templates/page.html"
    }
  }

  import page from "#templates/page";
  
  export default {
    fetch() {
      return new Response(page, {
        headers: { "Content-Type": "text/html" },
      });
    },
  } satisfies ExportedHandler;

• Updated dependencies [593c4db, b8f3309, 451dae3, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 379f2a2, c2e9163, 6a6449e, 9a1cf29, 875da60]:

  • wrangler@​4.77.0
  • miniflare@​4.20260317.2

v1.30.0

Compare Source

Minor Changes

• #​12848 ce48b77 Thanks @​emily-shen! - Enable local explorer by default

  This ungates the local explorer, a UI that lets you inspect the state of D1, DO and KV resources locally by visiting /cdn-cgi/explorer during local development.

  Note: this feature is still experimental, and can be disabled by setting the env var X_LOCAL_EXPLORER=false.

Patch Changes

• #​12942 [4f7fd79](https://redirect.github.com/cloudflare/wo

✂ Note

PR body was truncated to here.