Skip to content

Version Packages#14159

Merged
NuroDev merged 1 commit into
mainfrom
changeset-release/main
Jun 4, 2026
Merged

Version Packages#14159
NuroDev merged 1 commit into
mainfrom
changeset-release/main

Conversation

@workers-devprod

@workers-devprod workers-devprod commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

miniflare@4.20260603.0

Minor Changes

  • #14164 b502d54 Thanks @G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

    - "web_search": { "binding": "WEBSEARCH" }
    + "websearch": { "binding": "WEBSEARCH" }

    The runtime WebSearch type exposed on env.WEBSEARCH is unchanged.

  • #13863 3b8b80a Thanks @aslakhellesoy! - Support cross-worker workflow bindings via the dev registry

    When a workflow binding has a scriptName that refers to a worker registered in another Miniflare instance (via unsafeDevRegistryPath), miniflare now reroutes the engine's USER_WORKFLOW binding through the dev-registry-proxy worker — the same mechanism Durable Objects already use for cross-worker scriptName bindings.

    Previously the workflow engine was bound directly to a local service core:user:<scriptName>, so workerd refused to start when that script lived in a different process.

    This unblocks getPlatformProxy() (and any other split-Miniflare setup) for users whose workflow class is defined in a separate worker — for example SvelteKit/Remix on Cloudflare, where adapter-cloudflare's dev integration runs the user's worker in a sidecar.

    See #7459.

Patch Changes

  • #14175 a3eea27 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260601.1 1.20260603.1
  • #14081 1fdd8de Thanks @dario-piotrowicz! - Detect early workerd exit instead of hanging indefinitely

    When workerd exits during startup before writing all expected listen events to the control file descriptor (e.g. due to an IPv6 bind failure, permission error, or missing library), Miniflare's waitForPorts() would block forever. This caused wrangler dev to stall at "Starting local server..." with no error and no timeout.

    The fix races waitForPorts() against the child process exit event so that any unexpected workerd termination is detected immediately. When workerd exits early, Miniflare now throws ERR_RUNTIME_FAILURE with the runtime's stderr output included in the error message, making the root cause diagnosable without external tools.

@cloudflare/vite-plugin@1.40.0

Minor Changes

  • #14013 3cf9d0e Thanks @jamesopstad! - Add experimental experimental.newConfig option to load the entry Worker's configuration from cloudflare.config.ts

    This is an experimental, opt-in feature. When enabled, the plugin loads the entry Worker's configuration from a cloudflare.config.ts file instead of the usual wrangler.json / wrangler.jsonc / wrangler.toml.

    Pass true to enable with defaults, or an object to customise behaviour. Currently the only sub-option is types.generate (defaults to true), which writes a worker-configuration.d.ts file next to the config. This enables typed env and exports for your Worker and currently assumes that you have @cloudflare/workers-types installed.

    // vite.config.ts
    import { defineConfig } from "vite";
    import { cloudflare } from "@cloudflare/vite-plugin";
    
    export default defineConfig({
      plugins: [
        cloudflare({
          experimental: {
            newConfig: true,
          },
        }),
      ],
    });
    // cloudflare.config.ts
    import {
    	defineWorker,
    	bindings,
    } from "@cloudflare/vite-plugin/experimental-config";
    import * as entrypoint from "./src/index.ts" with { type: "cf-worker" };
    
    export default defineWorker((ctx) => ({
    	name: "my-worker",
    	entrypoint,
    	compatibilityDate: "2026-05-18",
    	env: {
    		MY_TEXT: bindings.text(`The mode is ${ctx.mode}`),
    		MY_KV: bindings.kv(),
    	},
    }));

    A few limitations apply while the feature is experimental:

    • configPath cannot be combined with experimental.newConfig. The entry Worker is always loaded from cloudflare.config.ts at the project root.
    • auxiliaryWorkers are not yet supported with experimental.newConfig.

    Because this is experimental, the option, the cloudflare.config.ts schema, and the @cloudflare/vite-plugin/experimental-config exports may change in any release.

Patch Changes

@cloudflare/workers-utils@0.23.0

Minor Changes

  • #14089 c6c61b5 Thanks @alsuren! - Add migrations_pattern to D1 database bindings

    The D1 binding now accepts an optional migrations_pattern field, allowing you to point wrangler d1 migrations apply and wrangler d1 migrations list at migration files in nested layouts (e.g. ORM-generated folders like migrations/0000_init/migration.sql).

    migrations_pattern is a glob (relative to the wrangler config file) and defaults to ${migrations_dir}/*.sql, which preserves today's behaviour. Files that do not match the pattern are not executed.

    {
      "d1_databases": [
        {
          "binding": "DB",
          "database_name": "my-db",
          "database_id": "...",
          "migrations_dir": "migrations",
          "migrations_pattern": "migrations/*/migration.sql"
        }
      ]
    }

    When no migrations match the configured pattern but files matching the common migrations/*/migration.sql (drizzle-style) layout do exist, Wrangler logs a hint suggesting migrations_pattern as an opt-in.

    wrangler d1 migrations create now returns an actionable error if the generated migration filename would not match the configured pattern.

  • #14164 b502d54 Thanks @G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

    - "web_search": { "binding": "WEBSEARCH" }
    + "websearch": { "binding": "WEBSEARCH" }

    The runtime WebSearch type exposed on env.WEBSEARCH is unchanged.

  • #14146 c4f45e8 Thanks @dario-piotrowicz! - Simplify constructWranglerConfig to accept a single worker instead of an array

    The constructWranglerConfig function now accepts a single APIWorkerConfig object instead of APIWorkerConfig | APIWorkerConfig[]. The multi-environment array support has been removed since the array use-case was removed and now the only call site already passes a single worker object. This is a breaking change to the function's public signature.

wrangler@4.98.0

Minor Changes

  • #14089 c6c61b5 Thanks @alsuren! - Add migrations_pattern to D1 database bindings

    The D1 binding now accepts an optional migrations_pattern field, allowing you to point wrangler d1 migrations apply and wrangler d1 migrations list at migration files in nested layouts (e.g. ORM-generated folders like migrations/0000_init/migration.sql).

    migrations_pattern is a glob (relative to the wrangler config file) and defaults to ${migrations_dir}/*.sql, which preserves today's behaviour. Files that do not match the pattern are not executed.

    {
      "d1_databases": [
        {
          "binding": "DB",
          "database_name": "my-db",
          "database_id": "...",
          "migrations_dir": "migrations",
          "migrations_pattern": "migrations/*/migration.sql"
        }
      ]
    }

    When no migrations match the configured pattern but files matching the common migrations/*/migration.sql (drizzle-style) layout do exist, Wrangler logs a hint suggesting migrations_pattern as an opt-in.

    wrangler d1 migrations create now returns an actionable error if the generated migration filename would not match the configured pattern.

  • #14153 7a6b1a4 Thanks @dario-piotrowicz! - Generalize wrangler deploy and wrangler versions upload positional argument from [script] to [path]

    Both wrangler deploy and wrangler versions upload now accept a generic [path] positional argument that can point to either a Worker entry-point file or a directory of static assets. The type is auto-detected. For example:

    • File: wrangler deploy ./src/index.ts deploys a Worker (same as before)
    • Directory: wrangler deploy ./public deploys a static assets site (no interactive confirmation prompt)

    The --script named option is now hidden and deprecated for both commands. It continues to work for backwards compatibility but only accepts file paths. Passing a directory to --script now produces a clear error message suggesting the positional path argument or --assets flag instead.

  • #13863 3b8b80a Thanks @aslakhellesoy! - getPlatformProxy() now passes through workflow bindings that have a script_name

    Workflows without a script_name are still stripped (and warned about) because the engine for an internal workflow can't run inside the empty proxy worker that backs getPlatformProxy(). Workflows with a script_name are handed to miniflare unchanged; miniflare reroutes the engine's USER_WORKFLOW binding through the dev-registry-proxy when the target worker is running in another Miniflare instance — the same mechanism Durable Objects already use.

    This means SvelteKit/Remix (and similar split-process setups) can call platform.env.MY_WORKFLOW.create({ ... }) directly from their server-side request handlers in dev, as long as the workflow class is exposed by another worker registered in the dev registry.

    Closes #7459.

  • #14164 b502d54 Thanks @G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

    - "web_search": { "binding": "WEBSEARCH" }
    + "websearch": { "binding": "WEBSEARCH" }

    The runtime WebSearch type exposed on env.WEBSEARCH is unchanged.

Patch Changes

  • #14089 c6c61b5 Thanks @alsuren! - Restore the D1 executeSql logger level via try/finally

    wrangler d1 execute --json and the internal executeSql helper temporarily lower the global logger to "error" to keep human-readable output out of the JSON payload. Previously the level was restored only on the happy path, so any early return or thrown error left the singleton logger muted, silencing later logger.warn/logger.log output (notably from migration helpers that wrap executeSql and are commonly mocked in tests).

    The level swap is now wrapped in try/finally so it is always restored.

  • #14175 a3eea27 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260601.1 1.20260603.1
  • #14121 7539a9b Thanks @petebacondarwin! - Extract the OAuth 2.0 + PKCE flow into a new @cloudflare/workers-auth package.

    The OAuth login / logout / refresh logic, the auth-config TOML file IO, the OAuth token exchange + local callback server, and the Cloudflare Access detection helpers that previously lived in packages/wrangler/src/user/ have moved to the new internal-only @cloudflare/workers-auth package. Wrangler now wires the OAuth flow up via a small glue module that injects its logger, browser opener, interactivity detector, and config cache via a dependency- injection context.

    What stays in wrangler:

    • The yargs login / logout / whoami / auth token commands
    • Environment-based credential resolution (CLOUDFLARE_API_TOKEN, CLOUDFLARE_API_KEY / CLOUDFLARE_EMAIL, etc.)
    • Cloudflare account selection (requireAuth, getOrSelectAccountId)
    • The OAuth scope catalog (passed into the OAuth flow as a generic string[])
    • whoami / account fetching

    No behavior change for end users. The on-disk TOML format and location remain identical, and all telemetry message labels are preserved verbatim.

    @cloudflare/workers-auth is published with prerelease: true and is not intended for external use — its APIs may change without notice.

  • #14162 0bb2d55 Thanks @dario-piotrowicz! - In non-interactive mode remove the skills installation message

    When Wrangler run in non interactive mode and it detected agents that it could install skills for, it would print a message such as:

    Cloudflare agent skills are available for: <DETECTED_AGENTS>. Run wrangler in an interactive terminal to install them, or use '--install-skills' to install without prompting.

    This message seems to be confusing and unhelpful so it has now been removed.

  • #14165 8400fb9 Thanks @NuroDev! - Limit wrangler versions list to the 10 most recent deployable versions

    The versions API ignores pagination when filtering to deployable versions, so Wrangler now caps the command output client-side. This keeps the command aligned with its help text and avoids overwhelming terminal output for Workers with many versions.

  • #14151 7949f81 Thanks @dario-piotrowicz! - Skip stale bundles during dev server reload to avoid redundant restarts

    When rapidly saving a wrangler config file with remote bindings, each save would trigger a full reload cycle (remote connection setup, miniflare restart), causing many sequential "Reloading local server... / Establishing remote connection..." messages (while blocking the user). The runtime controllers now check whether a newer bundle has been queued at each expensive async boundary and bail out early if the current bundle is stale. This ensures that only the latest config change triggers a reload, making wrangler dev much more responsive during repeated config edits.

  • #14072 d462013 Thanks @himanshu-cf! - Update wrangler secret bulk command description to reflect create/update/delete capabilities

    The help text for wrangler secret bulk now accurately describes that the command can create, update, or delete multiple secrets in a single request, with up to 100 secrets per command. The file argument description also clarifies that setting a key to null in JSON will delete it, and that deletion is not supported with .env files.

  • #13979 c2280cd Thanks @matingathani! - Warn when a named environment silently inherits custom_domain routes from the top-level config

    When an env.<name> block does not override routes, it inherits the top-level routes array. If that array contains entries with custom_domain: true, every deploy to the named environment will silently reassign the custom domain away from the top-level Worker and towards the env Worker, causing routing drift. Wrangler now emits a warning in this situation and suggests adding "routes": [] to the env block to prevent inheritance.

  • #14170 ea12b58 Thanks @petebacondarwin! - Tighten on-disk permissions of the OAuth credentials file to 0600

    The user auth config file written by wrangler login (typically ~/.config/.wrangler/config/default.toml on Linux/macOS, or <environment>.toml for non-production Cloudflare API environments) is now written with mode 0600 and re-chmod-ed on every save. This prevents other local users on shared hosts from reading the stored OAuth tokens. Existing files with looser permissions written by older Wrangler versions are tightened the next time Wrangler refreshes the token or the user logs in again. The change is a no-op on Windows, which does not honour POSIX mode bits.

  • #14022 acf7817 Thanks @petebacondarwin! - Show the actual OAuth error instead of hanging when wrangler login is rejected by the OAuth provider (for example with invalid_scope).

    Previously, if the OAuth callback returned with an error other than access_denied, Wrangler would never respond to the browser. Because server.close()'s callback only fires once all open connections have ended, the login command would hang until the 120 second OAuth timeout — at which point it would print a generic timeout message rather than the actual OAuth failure. The same gap existed for the case where the OAuth provider redirected back without an authorisation code, and for failures during the auth-code-to-access-token exchange.

    The OAuth provider's error_description (RFC 6749 §4.1.2.1) is now also surfaced, so the message includes the specific reason for the failure rather than just the bare error code. For example, a misconfigured staging scope now surfaces as:

    OAuth error: invalid_scope
      The OAuth 2.0 Client is not allowed to request scope 'browser:write'.
    

    instead of hanging silently.

  • Updated dependencies [a3eea27, 1fdd8de, b502d54, 3b8b80a]:

    • miniflare@4.20260603.0

@cloudflare/cli-shared-helpers@0.1.7

Patch Changes

@cloudflare/deploy-helpers@0.1.2

Patch Changes

@cloudflare/pages-shared@0.13.143

Patch Changes

@cloudflare/vitest-pool-workers@0.16.13

Patch Changes

@cloudflare/workers-auth@0.1.1

Patch Changes

  • #14121 7539a9b Thanks @petebacondarwin! - Extract the OAuth 2.0 + PKCE flow into a new @cloudflare/workers-auth package.

    The OAuth login / logout / refresh logic, the auth-config TOML file IO, the OAuth token exchange + local callback server, and the Cloudflare Access detection helpers that previously lived in packages/wrangler/src/user/ have moved to the new internal-only @cloudflare/workers-auth package. Wrangler now wires the OAuth flow up via a small glue module that injects its logger, browser opener, interactivity detector, and config cache via a dependency- injection context.

    What stays in wrangler:

    • The yargs login / logout / whoami / auth token commands
    • Environment-based credential resolution (CLOUDFLARE_API_TOKEN, CLOUDFLARE_API_KEY / CLOUDFLARE_EMAIL, etc.)
    • Cloudflare account selection (requireAuth, getOrSelectAccountId)
    • The OAuth scope catalog (passed into the OAuth flow as a generic string[])
    • whoami / account fetching

    No behavior change for end users. The on-disk TOML format and location remain identical, and all telemetry message labels are preserved verbatim.

    @cloudflare/workers-auth is published with prerelease: true and is not intended for external use — its APIs may change without notice.

  • #14170 ea12b58 Thanks @petebacondarwin! - Tighten on-disk permissions of the OAuth credentials file to 0600

    The user auth config file written by wrangler login (typically ~/.config/.wrangler/config/default.toml on Linux/macOS, or <environment>.toml for non-production Cloudflare API environments) is now written with mode 0600 and re-chmod-ed on every save. This prevents other local users on shared hosts from reading the stored OAuth tokens. Existing files with looser permissions written by older Wrangler versions are tightened the next time Wrangler refreshes the token or the user logs in again. The change is a no-op on Windows, which does not honour POSIX mode bits.

  • #14022 acf7817 Thanks @petebacondarwin! - Show the actual OAuth error instead of hanging when wrangler login is rejected by the OAuth provider (for example with invalid_scope).

    Previously, if the OAuth callback returned with an error other than access_denied, Wrangler would never respond to the browser. Because server.close()'s callback only fires once all open connections have ended, the login command would hang until the 120 second OAuth timeout — at which point it would print a generic timeout message rather than the actual OAuth failure. The same gap existed for the case where the OAuth provider redirected back without an authorisation code, and for failures during the auth-code-to-access-token exchange.

    The OAuth provider's error_description (RFC 6749 §4.1.2.1) is now also surfaced, so the message includes the specific reason for the failure rather than just the bare error code. For example, a misconfigured staging scope now surfaces as:

    OAuth error: invalid_scope
      The OAuth 2.0 Client is not allowed to request scope 'browser:write'.
    

    instead of hanging silently.

  • Updated dependencies [c6c61b5, b502d54, c4f45e8]:

    • @cloudflare/workers-utils@0.23.0

@cloudflare/wrangler-bundler@0.1.2

Patch Changes

@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

✅ All changesets look good

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional finding.

Open in Devin Review

@pkg-pr-new

pkg-pr-new Bot commented Jun 2, 2026

Copy link
Copy Markdown
create-cloudflare

npm i https://pkg.pr.new/cloudflare/workers-sdk/create-cloudflare@14159

@cloudflare/deploy-helpers

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/deploy-helpers@14159

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/kv-asset-handler@14159

miniflare

npm i https://pkg.pr.new/cloudflare/workers-sdk/miniflare@14159

@cloudflare/pages-shared

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/pages-shared@14159

@cloudflare/unenv-preset

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/unenv-preset@14159

@cloudflare/vite-plugin

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/vite-plugin@14159

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/vitest-pool-workers@14159

@cloudflare/workers-auth

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/workers-auth@14159

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/workers-editor-shared@14159

@cloudflare/workers-utils

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/workers-utils@14159

wrangler

npm i https://pkg.pr.new/cloudflare/workers-sdk/wrangler@14159

@cloudflare/wrangler-bundler

npm i https://pkg.pr.new/cloudflare/workers-sdk/@cloudflare/wrangler-bundler@14159

commit: e93089a

@workers-devprod workers-devprod force-pushed the changeset-release/main branch 16 times, most recently from f610e07 to 8653f39 Compare June 4, 2026 10:52
@workers-devprod workers-devprod force-pushed the changeset-release/main branch from 8653f39 to e93089a Compare June 4, 2026 11:26
@NuroDev NuroDev merged commit c8c366e into main Jun 4, 2026
57 checks passed
@NuroDev NuroDev deleted the changeset-release/main branch June 4, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

🚀 Feature Request: Add support for cross script workflow bindings for getPlatformProxy

2 participants