chore(deps): update dependency cloudflare to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
cloudflare	^4.5.0 → ^6.0.0

---

Release Notes

cloudflare/cloudflare-typescript (cloudflare)

v6.0.0

Compare Source

This is a major version release of the Cloudflare TypeScript SDK. It includes 11 entirely new top-level API resources, new sub-resources and methods across 50+ existing resources, SDK infrastructure improvements, and breaking changes to the generated API surface from the v5.x line. The total API surface grew from ~96 resource sections to 106, with 885 source files changed.

Full Changelog: v6.0.0-beta.2...v6.0.0

Breaking Changes

SDK Infrastructure

• Retry-After handling changed: The SDK now respects any server-specified Retry-After value for rate-limited requests. Previously, values over 60 seconds were ignored and a default backoff was used instead.
• Empty response handling: Responses with content-length: 0 now return undefined instead of attempting to parse the body. This may affect code that expected an empty object or null.
• Environment variable reading: Empty string env vars (e.g., CLOUDFLARE_API_TOKEN="") are now treated as unset. Previously, an empty string was considered a valid value.
• Path query parameter merging: URL search params embedded in endpoint paths are now extracted and merged into the query object. This fixes edge cases but may change behavior if you were manually constructing URLs with query strings.

Removed Endpoints (17)

The following HTTP endpoints were removed from the SDK:

• DELETE /accounts/{account_id}/cloudforce-one/events/{event_id}
• DELETE /accounts/{account_id}/email-security/settings/domains
• DELETE /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• GET /accounts/{account_id}/dlp/profiles/predefined/{profile_id}
• GET /accounts/{account_id}/email-security/investigate/{postfix_id} (and /detections, /preview, /raw, /trace)
• GET /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• GET /accounts/{account_id}/intel/ip-list
• PATCH /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• POST /accounts/{account_id}/abuse-reports/{report_type}
• POST /accounts/{account_id}/dlp/profiles/predefined
• POST /accounts/{account_id}/email-security/investigate/{postfix_id}/move
• POST /accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify
• PUT /accounts/{account_id}/dlp/profiles/predefined/{profile_id}

Method Signature Changes (4)

The following methods changed their positional argument signatures:

• client.ai.toMarkdown.transform(file, { ...params }) -> client.ai.toMarkdown.transform({ ...params }) -- file moved from positional arg into params body
• client.radar.ai.toMarkdown.create(body, { ...params }) -> client.radar.ai.toMarkdown.create({ ...params }) -- body moved from positional arg into params
• client.abuseReports.create(reportType, { ...params }) -> client.abuseReports.create(reportParam, { ...params }) -- positional arg renamed
• client.iam.userGroups.members.create(userGroupId, [ ...body ]) -> client.iam.userGroups.members.create(userGroupId, [ ...members ]) -- body array param renamed (same for .update)

Removed Client Paths (1)

• client.intel.ipLists -- removed entirely (endpoint GET /accounts/{account_id}/intel/ip-list removed)

Renamed Client Paths (2)

• client.originTLSClientAuth.hostnames.certificates -> client.originTLSClientAuth.zoneCertificates
• client.radar.netflows -> client.radar.netFlows (casing change)

Return Type Changes (179)

179 methods changed their return type. The three categories:

• 133 methods now return null instead of a typed response object. This affects delete operations, some create/update operations, and several get operations across accounts, cache, d1, filters, firewall, hyperdrive, iam, kv, logpush, logs, r2, stream, workers, zero-trust, zones, and others. Example:

  // Before (v5)
  const result: AccountDeleteResponse = await client.accounts.delete({ ... });
  // After (v6)
  const result: null = await client.accounts.delete({ ... });

• 17 methods changed pagination type. Example:

  // Before (v5): KeysCursorPaginationAfter
  // After (v6):  KeysCursorLimitPagination
  const keys = await client.kv.namespaces.keys.list(namespaceId, { ... });

• 29 methods changed to a different named type. Examples:
  • client.zeroTrust.tunnels.cloudflared.create(): CloudflaredCreateResponse -> CloudflareTunnel
  • client.zeroTrust.dlp.profiles.predefined.get(): Profile -> PredefinedProfile
  • client.apiGateway.userSchemas.edit(): PublicSchema -> OldPublicSchema
  • client.zeroTrust.gateway.proxyEndpoints.get(): ProxyEndpointsSinglePage -> ProxyEndpoint (pagination -> single)
  • client.zeroTrust.gateway.proxyEndpoints.list(): ProxyEndpoint -> ProxyEndpointsSinglePage (single -> pagination)

Removed Types (43)

The following exported types were removed. Some were renamed, some consolidated into other types, some removed with their endpoints:

• Shared types removed from root: ASN, AuditLog, CertificateCA, CertificateRequestType, CloudflareTunnel, ErrorData, Identifier, LoadBalancerPreview, Member, PaginationInfo, Permission, PermissionGrant, RatePlan, ResponseInfo, Result, Role, SortDirection, Subscription, SubscriptionComponent, SubscriptionZone, Token, TokenConditionCIDRList, TokenPolicy, TokenValue
• Response types consolidated: CloudflaredCreateResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse, CloudflaredListResponse (all consolidated into CloudflareTunnel), SchemaUpload (-> UserSchemaCreateResponse), TotalTLSCreateResponse, ThreatEventDeleteResponse, DomainBulkDeleteResponse
• Renamed: NetflowSummaryResponse/NetflowTimeseriesResponse (-> NetFlows*), CtSummaryResponse/CtTimeseriesResponse/CtTimeseriesGroupsResponse (casing fix), SubnetListResponse (-> Subnet), CloudflareSourceUpdateResponse (-> Subnet), SchemaCreateResponse/SchemaEditResponse (-> restructured), TldGetResponse

API Surface Structure

• api.md restructured: The monolithic api.md (8,897 lines) has been split into 106 per-resource api.md files under src/resources/<name>/api.md. The root api.md now contains only shared types.
• 19 resources restructured from leaf to directory: The following resources were previously single .ts files and are now directories with sub-modules. Import paths from cloudflare/resources/<name> are unchanged, but deep imports into internal files may break:
  • abuse-reports, audit-logs, bot-management, client-certificates, custom-nameservers, custom-pages, dcv-delegation, filters, ips, keyless-certificates, managed-transforms, memberships, origin-ca-certificates, origin-post-quantum-encryption, page-rules, pipelines, rate-limits, security-txt, url-normalization
• origin-tls-client-auth restructured: The hostnames sub-resource was removed and replaced with zone-certificates and flattened peer resources.

Deprecations

The following resources now include @deprecated annotations on some methods. The methods still work but will be removed in a future version:

• accounts, addressing, ai-gateway, aisearch, api-gateway, billing, cloudforce-one, custom-nameservers, dns, email-routing, email-security, filters, firewall, images, intel, keyless-certificates, kv, logpush, origin-tls-client-auth, page-shield, pages, pipelines, radar, rate-limits, registrar, rulesets, ssl, user, workers, workers-for-platforms, zero-trust, zones

---

New Top-Level Resources

11 entirely new resources added to the client:

Resource	Client Path	Methods	Description
AI Search	client.aiSearch	46	Instances, namespaces, tokens, and items
Connectivity	client.connectivity	5	Directory service APIs
Email Sending	client.emailSending	7	Send and send_raw endpoints
Fraud	client.fraud	2	Fraud detection API
Google Tag Gateway	client.googleTagGateway	2	Google Tag Gateway management
Organizations	client.organizations	8	Organization profiles and audit logs
R2 Data Catalog	client.r2DataCatalog	11	R2 Data Catalog routes
Realtime Kit	client.realtimeKit	54	Realtime Kit APIs
Resource Tagging	client.resourceTagging	9	Resource tagging routes
Token Validation	client.tokenValidation	13	Token validation rules
Vulnerability Scanner	client.vulnerabilityScanner	21	Vulnerability scanning

---

New Sub-Resources on Existing Resources

Resource	New Sub-Resources	Description
browser-rendering	crawl, devtools	Crawl endpoints and DevTools methods (BRAPI-952, BRAPI-1051)
cache	origin-cloud-regions	Origin cloud regions resource
dns	usage	DNS records usage endpoints (DNS-12466)
d1	database (with time-travel)	Time travel get_bookmark and restore
email-security	phishguard	Phishguard reports endpoint
pipelines	sinks, streams	Pipelines, Streams, Sinks restructure
radar	agent-readiness, geolocations, post-quantum	AI agent readiness, geolocations, PQ endpoints
workers	observability	Observability destinations (WO-989)
zones	environments	Zone environments endpoints
api-gateway	labels	Labels endpoints (WAM-1196)
brand-protection	v2	V2 endpoints
alerting	silences	Alert silencing API
billing	usage	Billable usage PayGo endpoint
iam	sso	SSO Connectors resource
queues	new getMetrics method	Queues metrics endpoint
registrar	registration-status, update-status	Registrar API convergence
zero-trust	access, devices, dex, dlp, gateway, networks, tunnels	DLP settings, DEX rules, Access Users, WARP Connector, WARP Subnets, gateway PAC files, gateway tenants

---

Features

• feat(queues): add queues metrics endpoint (747654e)
• feat: add organization audit logs endpoint (8e501c2)
• feat(iam): add user_groups and user_group_members terraform resources (5f69d66)
• feat(cache): add origin cloud regions resource (9a2cd1d)
• feat(ai_search): add namespace endpoints and remove non-namespaced items (6471a39)
• feat(radar): add agent-readiness, ai/markdown-for-agents (284c8b8)
• feat(zero-trust): add dlp/settings (8c7c2f6)
• feat(registrar): converge new registrar API into existing registrar resource (b11848a)
• feat(vulnerability_scanner): add Vulnerability Scanner API (05f77a2)
• feat: add browser rendering devtools methods (BRAPI-1051) (bc258cb)
• feat: add browser_rendering crawl endpoints (BRAPI-952) (929766e)
• feat(zones): onboard zone environments endpoints (0d57ad8)
• feat: add dns_records/usage endpoints (DNS-12466) (7ce070a)
• feat(api_gateway): add labels endpoints (WAM-1196) (78d05a3)
• feat(email_sending): add send/send_raw endpoints (EMAIL-1451) (aec9c6b)
• feat: add WARP Connector connections and failover endpoints (efeb4b5)
• feat(brand_protection): add v2 endpoints (6e41414)
• feat: add google_tag_gateway resource (DISCO-101) (d901d75)
• feat: add billable usage PayGo endpoint to billing resource (6cb49e7)
• feat(tags): add resource_tagging routes (GRM-385) (196cb6c)
• feat(workers): add Observability Destinations resources (WO-989) (0d74c56)
• feat(custom_origin_trust_store): enable custom_origin_trust_store (ed975cd)
• feat(email_security): add phishguard reports endpoint (a104a53)
• feat: Complete Access Users endpoint (AUTH-7071) (4451dee)
• feat(radar): add Botnet and PQ Endpoints (b9b327a)
• feat: add gateway PAC files (GIN-1439) (6e92fda)
• feat(dex): add DEX rules (e8d580b)
• feat: add WARP Subnet endpoints (TUN-10249) (7e208d6)
• feat(ip_profile): onboard zero_trust_device_ip_profile (c636b71)
• feat(zero_trust_device_subnet): onboard zero_trust_device_subnet (de898e8)
• feat(terraform): add custom_page_asset resource (e09c9c6)
• feat(d1): add time travel get_bookmark and restore endpoints (fdb0bb6)
• feat(ai): add AI Search endpoints (RAG-395) (de5e7d8)
• feat(ai): add AI Gateway Dynamic Routing endpoints (94b9d1b)
• feat(ai_search): enable terraform for AI Search instances and tokens (RAG-586) (34b9e93)
• feat(radar): add BGP RPKI ASPA endpoints (8ebdc8c)
• feat(leaked_credentials_check): add GET endpoint for detections (f3c162e)
• feat(r2_data_catalog): configure SDKs/Terraform for R2 Data Catalog (da8a861)
• feat(silences): add alert silencing API (60a4ce6)
• feat(pipelines): configure SDKs/Terraform for Pipelines, Streams, Sinks (da48453)
• feat(abuse_reports): add abuse mitigations in Client API (2af848f)
• feat(tomarkdown): add new markdown supported endpoint (69c0700)
• feat(abuse_reports): expose new abuse report endpoints (9c2df6c)
• feat: add token validation (b8fe183)
• feat(iam): add SSO Connectors resource (3d3e064)
• feat(mcp_portals): enable SDKs generation (5e65ba4)
• feat: add connectivity directory service APIs (b6a8bcc)
• feat(radar): add new group by dimension endpoints; deprecate to_markdown (51e1bed)
• feat: add MCP portals endpoints (65d94fe)
• feat: add Organizations and OrganizationsProfile SDKs (1525ebb)
• feat(fraud): public docs for fraud API (e0ae79f)
• feat(dlp): switch DLP Predefined Profile endpoints (DLP-3878) (1455208)
• feat(zero_trust_gateway_policy): add /rules/tenants endpoint (6c245b1)
• feat(origin_tls_client_auth): restructure to peer subresources (16b8e20)
• feat: deprecate API Shield Schema Validation resources (8a4b20f)
• feat(workers): expose subdomain delete (WC-4152) (4f7cc1f)

Bug Fixes

• fix: resolve type errors from codegen overwriting manual fixes (1c07db8)
• fix: use post() for to-markdown endpoints to resolve async type error (cf0ad26)
• fix: add least-privilege permissions to all workflow jobs (32a8b40)
• fix(rulesets): revert erroneous removal of rulesets resource methods and types (a929479)
• fix: resolve prettier formatting errors in codegen output (2faa1f3)
• fix(organization_profile): bad reference (d84ea77)
• fix(kv): use cursor_limit_pagination for KV list keys endpoint (68433665)
• fix(total_tls): use upsert pattern for singleton zone setting (a742f87)
• fix(content_scanning): content scanning terraform resource (9d74be8)
• fix(schema_validation): correctly reflect schema validation model mapping (bb81516)
• fix(ai_controls): incorrect use of standalone_api (f61e213)
• fix: add 'rdp' as an initialism (88f145a)
• fix: broken reference for the queues 'consumer' model (1b7c103)
• fix(mcp): correct code tool API endpoint (599703c)
• fix(mcp): return correct lines on typescript errors (5d6f999)

Chores

• 554 resource files modified with updated generated types and methods
• 328 new resource files added (sub-resources, api.md files, barrel exports)
• 2 resource files removed (origin-tls-client-auth/hostnames)

---

Migration Guide

This is a major version bump from v5 to v6. Key changes to be aware of:

1. Delete and many other methods now return null

133 methods changed their return type to null. This primarily affects delete operations but also some create, update, and get methods. If your code assigns the result to a typed variable, you will get a type error.

// Before (v5)
const result: AccountDeleteResponse = await client.accounts.delete({ account_id: '...' });
console.log(result.id);

// After (v6)
const result = await client.accounts.delete({ account_id: '...' });
// result is null -- do not access properties on it

Affected resources include: accounts, cache, d1, filters, firewall, hyperdrive, iam, intel, kv, logpush, logs, r2, stream, workers, zero-trust, zones, and others. See the "Return Type Changes" section above for the full list.

2. Response type renames and consolidation

29 methods changed to a different named return type. Common patterns:

// Before (v5): per-operation response types
const tunnel: CloudflaredCreateResponse = await client.zeroTrust.tunnels.cloudflared.create({ ... });

// After (v6): consolidated into a single resource type
const tunnel: CloudflareTunnel = await client.zeroTrust.tunnels.cloudflared.create({ ... });

Other examples:

• Profile -> PredefinedProfile (DLP)
• PublicSchema -> OldPublicSchema (API Gateway)
• Subscription -> SubscriptionCreateResponse / SubscriptionGetResponse (Zones)

3. Pagination type changes

17 methods changed their pagination type, which affects how you iterate results:

// Before (v5)
const keys: KeysCursorPaginationAfter = await client.kv.namespaces.keys.list(nsId, { ... });

// After (v6)
const keys: KeysCursorLimitPagination = await client.kv.namespaces.keys.list(nsId, { ... });

Also: client.zeroTrust.gateway.proxyEndpoints.list() changed from returning a single ProxyEndpoint to ProxyEndpointsSinglePage (now paginated), and .get() changed in the opposite direction.

4. Removed types (43)

24 shared types were removed from the root namespace (ASN, AuditLog, Member, Permission, Role, Subscription, Token, etc.). These are now defined within their respective resource modules. Update imports:

// Before (v5)
import { type Member, type Role } from 'cloudflare';

// After (v6) -- import from the resource namespace
import { type Cloudflare } from 'cloudflare';
// Use Cloudflare.Accounts.Member, etc.

19 response types were consolidated or renamed. See "Removed Types" section above.

5. Method signature changes

Some methods changed their positional arguments:

// Before (v5) -- file as positional arg
await client.ai.toMarkdown.transform(file, { account_id: '...' });

// After (v6) -- file in params body
await client.ai.toMarkdown.transform({ account_id: '...', file: ... });

Similarly, client.radar.ai.toMarkdown.create no longer takes a positional body arg.

6. Renamed client paths

Three client paths changed:

// Before (v5)
client.intel.ipLists.get(...)
client.originTLSClientAuth.hostnames.certificates.list(...)
client.radar.netflows.summary(...)

// After (v6)
client.intel.ipList.get(...)
client.originTLSClientAuth.zoneCertificates.list(...)
client.radar.netFlows.summary(...)

7. Removed endpoints (17)

17 HTTP endpoints were removed entirely. See "Removed Endpoints" section above. Affected areas: abuse-reports, cloudforce-one, dlp/profiles/predefined, email-security/investigate, email-security/settings, intel/ip-list.

8. Empty response handling

Responses with content-length: 0 now return undefined instead of attempting to parse the body.

9. Retry-After behavior

The SDK now respects any Retry-After header value from the server, even values over 60 seconds. Previously, values >= 60s were ignored.

10. Environment variable handling

Empty string environment variables (CLOUDFLARE_API_TOKEN="") are now treated as unset.

11. Resource restructuring

19 resources were restructured from single files to directories. Public API client paths are unchanged, but deep imports like cloudflare/resources/pipelines may need updating to cloudflare/resources/pipelines/pipelines.

12. Per-resource API documentation

The monolithic api.md has been replaced with 106 per-resource files at src/resources/<name>/api.md.

v5.2.0

Compare Source

Disclaimer: Please note that v6.0.0-beta.1 is in Beta and we are still testing it for stability.

Full Changelog: v5.2.0...v6.0.0-beta.1

In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions,
which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce
our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

Some breaking changes were introduced due to bug fixes, also listed below.

v5.1.0

Compare Source

Full Changelog: v5.1.0...v5.2.0

Features

• Add load balancer monitor groups endpoints (5764b60)
• Add Radar AS-SET lookup endpoint (e8480e8)
• Add to_markdown subresource to AI resource (770500f)
• Rename duplicate parameter in the to_markdown subresource (98ccef7)
• Deprecate Radar AI inference and leaked credential endpoints (932e696)
• Remove created_at and updated_at fields from Zero Trust organization (4656a4e)

Performance Improvements

• faster formatting (17f6c4f)

Chores

• do not install brew dependencies in ./scripts/bootstrap by default (257ac1d)
• improve example values (20f0585)
• internal: codegen related update (0448452)
• internal: fix incremental formatting in some cases (9abf5ab)
• internal: ignore .eslintcache (a80827e)
• internal: remove deprecated compilerOptions.baseUrl from tsconfig.json (ea38064)
• api: update composite API spec (ab0bebd, 04d593f, 3cd521d, 15ff36b, 38722d4, f5dbf2f, 944d006, 65fb516, 0227a05, 2a87192, 9b6e363, 3a8a22d, ceb49a5, f85cb6b, 3204575, 852e202, 02745e6, 47d98b6, 0c1056e, 79e8b83, d35bbfb, 87fc40c, 2a6e7ed, 30a4ab2, 0cab872, 36c1def, fabf439, eca4953, de00074, 5fef81c, a0bf932, 8292aee, d5b6a6a, 65fff47, c5cc86a, bb6586e, 29623b8, 1fa622c, 80d3e7a)

v5.0.0

Compare Source

Full Changelog: v5.0.0...v5.1.0

Features

• Merge branch 'vaishak/skip-worker-test' into 'main' (a556698)

Bug Fixes

• coerce nullable values to undefined (7847e84)
• correctly handle sending multipart/form-data requests with JSON (e9deab6)

Chores

• ci build action (23d3577)
• fix lint on the examples (dd14379)
• fix lint on the examples (dd14379)
• fix lint on the examples (5b2f145)
• internal: codegen related update (2860479)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on the first day of the month"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.