Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@cloudflare/vite-plugin@1.42.0

Minor Changes

• #14339 aa49856 Thanks @jamesopstad! - Add a build command to the experimental, internal cf-vite delegate binary

  cf-vite build runs Vite's full multi-environment app build (via the Builder API) and enables the experimental Build Output API by default, emitting a self-contained .cloudflare/output/v0/ directory. It forces experimental.newConfig and experimental.newConfig.cfBuildOutput on, so a cloudflare.config.ts is required at the project root.

Patch Changes

• #14218 4eed569 Thanks @matingathani! - Allow resolve.external containing only Node.js built-ins in Worker environments

  Vitest 4 automatically sets resolve.external to the full list of Node.js built-in modules for non-standard Vite environments via its internal runnerTransform plugin. Previously, the Cloudflare Vite plugin rejected any non-empty resolve.external array, throwing an incompatibility error on startup when used alongside Vitest 4.

  The validation check now allows resolve.external arrays that contain only Node.js built-in module names (both bare fs and node:fs forms). The error is only thrown when resolve.external is true or contains non-built-in package names that would prevent user code from being bundled into the Worker.

• Updated dependencies [f6e49dd, 5c3bb11, 296ad65, 594544d, a79b899, 5dfb788, ca61558, 36777db]:

  • wrangler@4.102.0
  • miniflare@4.20260617.0

wrangler@4.102.0

Minor Changes

• #14340 f6e49dd Thanks @emily-shen! - Add cf-wrangler build delegate support

  The experimental cf-wrangler delegate binary now accepts build and emits the Build Output API directory through Wrangler's new-config build path. This lets parent tools invoke Wrangler's build-output implementation with cf-wrangler build instead of shelling out through the public Wrangler CLI.

• #14324 36777db Thanks @jamesopstad! - Add experimental --experimental-cf-build-output flag to wrangler build

  When used alongside --experimental-new-config, wrangler build now emits a self-contained Build Output API directory under .cloudflare/output/v0/ instead of delegating to wrangler deploy --dry-run.

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

• #14331 296ad65 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260616.1	1.20260617.1

• #14275 594544d Thanks @alsuren! - Resolve auto-provisioned D1 bindings via the API in remote subcommands

  Remote D1 subcommands (d1 execute --remote, d1 export --remote, d1 info, d1 insights, d1 delete, d1 migrations apply --remote, d1 migrations list --remote, d1 time-travel) previously failed with:

  Found a database with name or binding DB but it is missing a database_id, which is needed for operations on remote resources.

  when the [[d1_databases]] config entry only had binding and database_name (the shape wrangler deploy writes for automatically-provisioned bindings). They now resolve the real database UUID via GET /accounts/:accountId/d1/database/:name?fields=uuid and proceed as if database_id had been set in config.

  If the config entry only has a binding (no database_name, no database_id), the lookup uses the same name wrangler deploy would create via auto provisioning (<worker name>-<binding-lowercased-with-dashes>).

  Non-404 API failures (auth, rate-limit, server errors) now propagate verbatim instead of being masked as "database not found".

• #14315 a79b899 Thanks @matingathani! - Respect find_additional_modules = false when no_bundle is set

  When using no_bundle = true, wrangler was always scanning for and attaching additional modules even if find_additional_modules was explicitly set to false in the config. Additional modules are now only collected when find_additional_modules is not false, consistent with the bundled code path.

• #14269 5dfb788 Thanks @mattjohnsonpint! - Support dev.plugin on typed services bindings

  Wrangler only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a "directly supported by wrangler" warning. Typed services bindings now accept the same dev: { plugin, options? } shape, route the binding through Miniflare's external-plugin pathway in wrangler dev, and strip the field at deploy time. Validation rejects malformed dev shapes.

• #14328 ca61558 Thanks @edevil! - Mention temporary preview accounts in wrangler whoami output when unauthenticated

  When you run wrangler whoami without being logged in, Wrangler now also tells you that you can deploy without logging in by running a command like wrangler deploy --temporary to use a temporary preview account.

• Updated dependencies [5c3bb11, 296ad65]:

  • miniflare@4.20260617.0

@cloudflare/cli-shared-helpers@0.1.9

Patch Changes

• Updated dependencies [5dfb788]:
  • @cloudflare/workers-utils@0.23.2

create-cloudflare@2.70.4

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

@cloudflare/deploy-helpers@0.2.1

Patch Changes

• #14340 f6e49dd Thanks @emily-shen! - add skipLastDeployedFromApiCheck to override deploy source check

• #14269 5dfb788 Thanks @mattjohnsonpint! - Support dev.plugin on typed services bindings

  Wrangler only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a "directly supported by wrangler" warning. Typed services bindings now accept the same dev: { plugin, options? } shape, route the binding through Miniflare's external-plugin pathway in wrangler dev, and strip the field at deploy time. Validation rejects malformed dev shapes.

• Updated dependencies [5c3bb11, 296ad65, 5dfb788]:

  • miniflare@4.20260617.0
  • @cloudflare/workers-utils@0.23.2
  • @cloudflare/cli-shared-helpers@0.1.9

miniflare@4.20260617.0

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

• #14331 296ad65 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260616.1	1.20260617.1

@cloudflare/pages-shared@0.13.147

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

• Updated dependencies [5c3bb11, 296ad65]:

  • miniflare@4.20260617.0

@cloudflare/vitest-pool-workers@0.16.17

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

• Updated dependencies [f6e49dd, 5c3bb11, 296ad65, 594544d, a79b899, 5dfb788, ca61558, 36777db]:

  • wrangler@4.102.0
  • miniflare@4.20260617.0

@cloudflare/workers-auth@0.3.1

Patch Changes

• Updated dependencies [5dfb788]:
  • @cloudflare/workers-utils@0.23.2

@cloudflare/workers-utils@0.23.2

Patch Changes

• #14269 5dfb788 Thanks @mattjohnsonpint! - Support dev.plugin on typed services bindings

  Wrangler only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a "directly supported by wrangler" warning. Typed services bindings now accept the same dev: { plugin, options? } shape, route the binding through Miniflare's external-plugin pathway in wrangler dev, and strip the field at deploy time. Validation rejects malformed dev shapes.

@cloudflare/quick-edit@0.4.7

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

@cloudflare/workers-shared@0.19.7

Patch Changes

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

@cloudflare/workflows-shared@0.11.2

Patch Changes

• #14318 f32e9c1 Thanks @vaishnav-mk! - Add step context to Workflows rollback handlers

  Rollback handlers now receive the original step context under ctx, making ctx.step.name, ctx.step.count, ctx.attempt, and the resolved step config available during rollback. The legacy stepName field remains available and is equivalent to ${ctx.step.name}-${ctx.step.count}.

  rollbackConfig is now limited to retry and timeout settings, matching the behavior supported by rollback handlers.

• #14314 5c3bb11 Thanks @harryzcy! - Bump esbuild to 0.28.1

  This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[github-actions]

⚠️ Issues found

1. .changeset/fancy-crabs-occur.md — The changeset title does not start with a capital letter or a conventional commit prefix (add instead of Add). Per the changeset guidelines, titles should start with a capital letter (e.g., Add ...) or use a conventional commit prefix (e.g., feat: add ...).

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@14327

@cloudflare/deploy-helpers

npm i https://pkg.pr.new/@cloudflare/deploy-helpers@14327

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@14327

miniflare

npm i https://pkg.pr.new/miniflare@14327

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@14327

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@14327

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@14327

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@14327

@cloudflare/workers-auth

npm i https://pkg.pr.new/@cloudflare/workers-auth@14327

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@14327

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@14327

wrangler

npm i https://pkg.pr.new/wrangler@14327

commit: 459b664

[devin-ai-integration]

Devin Review found 1 new potential issue.

[devin-ai-integration]

🟡 Semver classification mismatch: workflows-shared changeset classified as patch but adds new API capabilities (should be minor)

The bright-trees-explain.md changeset for @cloudflare/workflows-shared is currently classified as patch (0.11.1 → 0.11.2), but the actual change in PR #14318 adds new API capabilities: a new ctx: WorkflowStepContext field on RollbackContext exposing step.name, step.count, attempt, and config, plus a new WorkflowStepRollbackConfig type. Per REVIEW.md semver guidelines: "Minor (new features): new API capabilities or exports, behavior changes that add functionality." The version should be 0.12.0 (minor), not 0.11.2 (patch). Note: the package is "private": true so external impact is limited.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

Devin Review found 1 new potential issue.

[devin-ai-integration]

🟡 Semver misclassification: fancy-crabs-occur changeset declared as patch instead of minor

Per REVIEW.md semver guidelines, "new commands/flags/options, new API capabilities or exports" should be classified as minor. The fancy-crabs-occur changeset for @cloudflare/deploy-helpers is declared as patch, but the description is "add skipLastDeployedFromApiCheck to override deploy source check" — this adds a new API option/capability to a published package. The resulting version bump is 0.2.0 → 0.2.1 (patch) when it should be 0.2.0 → 0.3.0 (minor).

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

Devin Review found 1 new potential issue.

[devin-ai-integration]

🟡 Semver mismatch: wrangler dev.plugin support for typed service bindings classified as patch instead of minor

The typed-service-binding-dev-plugin changeset classifies wrangler as patch, but per REVIEW.md it should be minor. REVIEW.md states: "A changeset described as 'Support X' is adding a new feature (minor)". The description is literally "Support dev.plugin on typed services bindings" — this adds a new user-facing capability (wiring service bindings to local Miniflare plugins via dev: { plugin, options? }) that was not previously available on typed services[] entries. This is new feature support, not a bug fix.

Prompt for agents

The changeset `typed-service-binding-dev-plugin` classifies wrangler as patch but should be minor per REVIEW.md semver guidelines. The description says 'Support dev.plugin on typed services bindings' which adds a new user-facing capability. REVIEW.md explicitly states that changesets described as 'Support X' are adding a new feature (minor). The changeset front-matter in the original .changeset/typed-service-binding-dev-plugin.md needs to change from '"wrangler": patch' to '"wrangler": minor'. This will also affect the resulting CHANGELOG placement (should appear under 'Minor Changes' instead of 'Patch Changes') and the version bump calculation.

---

Was this helpful? React with 👍 or 👎 to provide feedback.