fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vite-plugin (source)	^1.33.1 → ^1.33.2
@vitejs/release-scripts	^1.6.0 → ^1.7.0
es-module-lexer	^2.0.0 → ^2.1.0
pnpm (source)	10.33.1 → 10.33.2
wrangler (source)	^4.84.1 → ^4.85.0

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.33.2

Patch Changes

• #​13636 1d54fb7 Thanks @​edmundhung! - Stop denying vite.config.* files from Vite dev server access

  This allows projects to access vite.config.* files during development when needed.

• #​13653 48c61b6 Thanks @​jamesopstad! - Use the date that the plugin is built as the default compatibility date.

  When no compatibility date was set by the user, the plugin was falling back to the current date. This meant that the date could get ahead of the latest date supported by the installed version of workerd. We now populate the default compatibility date when the plugin is built. This means that it is updated with each release but then stays fixed.

• #​13634 f3cb2b2 Thanks @​jamesopstad! - Simplify /cdn-cgi/ handling

  We now only add special handling for /cdn-cgi/handler/* routes, so that trigger handlers are invoked on the User Worker.

• #​13611 6e99feb Thanks @​smaldd14! - Support Cloudflare-managed registry images in Vite plugin local dev

  Previously, using a registry.cloudflare.com image in a containers binding would crash vite dev with an unsupported error. The Vite plugin now configures the Cloudflare API client using CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID before pulling container images, matching the behavior of wrangler dev.

• Updated dependencies [5a2968a, 5680287, 3494842, 7d728fb, df9319d, d5e3c57, 3ceeec3, 7567ef7, 0a95061, 2831b54, 7fc50c1, 377715d]:

  • wrangler@​4.85.0
  • miniflare@​4.20260424.0
  • @​cloudflare/unenv-preset@​2.16.1

vitejs/release-scripts (@​vitejs/release-scripts)

v1.7.0

Compare Source

guybedford/es-module-lexer (es-module-lexer)

v2.1.0

Compare Source

What's Changed

• Always exclude dyn import attributes from specifier range by @​nicolo-ribaudo in #​197
• fix: handle new of conflict cases by @​guybedford in #​195

New Contributors

• @​nicolo-ribaudo made their first contribution in #​197

Full Changelog: guybedford/es-module-lexer@2.0.0...2.1.0

pnpm/pnpm (pnpm)

v10.33.2

Compare Source

cloudflare/workers-sdk (wrangler)

v4.85.0

Minor Changes

• #​13222 5680287 Thanks @​maxwellpeterson! - Add enabled and previews_enabled support for custom domain routes

  Custom domain routes can now include optional enabled and previews_enabled boolean fields to control whether a custom domain serves production and/or preview traffic. When omitted, the API defaults apply (production enabled, previews disabled).

Patch Changes

• #​13622 5a2968a Thanks @​petebacondarwin! - Fix inherited ai_search_namespaces binding display in wrangler deploy

  When an ai_search_namespaces binding inherits from the existing deployment, the bindings table now correctly shows (inherited) instead of a raw Symbol(inherit_binding) string.

• #​13633 3494842 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260421.1	1.20260422.1

• #​13645 7d728fb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260422.1	1.20260423.1

• #​13657 df9319d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260423.1	1.20260424.1

• #​13574 d5e3c57 Thanks @​dario-piotrowicz! - Detect Cloudflare WAF block pages and include Ray ID in API error messages

  When the Cloudflare WAF blocks an API request, the response is an HTML page rather than JSON. Previously, this caused a confusing "Received a malformed response from the API" error with a truncated HTML snippet. Wrangler now detects WAF block pages and displays a clear error message explaining that the request was blocked by the firewall, along with the Cloudflare Ray ID (when available) for use in support tickets.

  For other non-JSON responses that aren't WAF blocks, the "malformed response" error also now includes the Ray ID to help reference failing requests in support tickets.

• #​13560 7567ef7 Thanks @​vaishnav-mk! - Preserve NonRetryableError message and name when the workflows_preserve_non_retryable_error_message compatibility flag is enabled, instead of replacing it with a generic error message.

• #​11784 2831b54 Thanks @​JPeer264! - fix(wrangler): Bind the console methods directly instead of using a global proxy

• #​13644 377715d Thanks @​MattieTK! - Update @clack/core and @clack/prompts to v1.2.0

  Bumps the bundled @clack/core dependency used internally by @cloudflare/cli from 0.3.x to 1.2.0, and the @clack/prompts dependency in create-cloudflare from 0.6.x to 1.2.0. Clack v1 includes a number of API changes, but no user-facing prompt behaviour changes are expected.

• Updated dependencies [3494842, 7d728fb, df9319d, 3ceeec3, 7567ef7, 0a95061, 7fc50c1, 377715d]:

  • miniflare@​4.20260424.0
  • @​cloudflare/unenv-preset@​2.16.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.