Skip to content

fix(deps): update all non-major dependencies#22637

Merged
sapphi-red merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 8, 2026
Merged

fix(deps): update all non-major dependencies#22637
sapphi-red merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@babel/core (source) ^7.29.0^7.29.7 age confidence
@clack/prompts (source) ^1.5.0^1.5.1 age confidence
@shikijs/vitepress-twoslash (source) ^4.1.0^4.2.0 age confidence
@types/node (source) ^24.12.4^24.13.1 age confidence
@types/react (source) ^19.2.15^19.2.17 age confidence
@vitest/utils (source) 4.1.74.1.8 age confidence
baseline-browser-mapping ^2.10.33^2.10.34 age confidence
es-module-lexer ^2.0.0^2.1.0 age confidence
http-proxy-3 ^1.23.2^1.23.3 age confidence
miniflare (source) ^4.20260526.0^4.20260603.0 age confidence
oxfmt (source) ^0.52.0^0.53.0 age confidence
react (source) ^19.2.6^19.2.7 age confidence
react (source) 19.2.619.2.7 age confidence
react-dom (source) ^19.2.6^19.2.7 age confidence
react-fake-client (source) ^19.2.6^19.2.7 age confidence
react-fake-server (source) ^19.2.6^19.2.7 age confidence
svelte (source) ^5.56.0^5.56.3 age confidence
svelte-check ^4.4.8^4.6.0 age confidence
typescript-eslint (source) ^8.60.0^8.60.1 age confidence
unrun (source) ^0.3.0^0.3.1 age confidence
vite (source) ^8.0.14^8.0.16 age confidence
vitest (source) ^4.1.7^4.1.8 age confidence
vue-tsc (source) ^3.3.3^3.3.4 age confidence

Release Notes

bombshell-dev/clack (@​clack/prompts)

v1.5.1

Compare Source

Patch Changes
shikijs/shiki (@​shikijs/vitepress-twoslash)

v4.2.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
vitest-dev/vitest (@​vitest/utils)

v4.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
web-platform-dx/baseline-browser-mapping (baseline-browser-mapping)

v2.10.34

Compare Source

guybedford/es-module-lexer (es-module-lexer)

v2.1.0

Compare Source

What's Changed
New Contributors

Full Changelog: guybedford/es-module-lexer@2.0.0...2.1.0

cloudflare/workers-sdk (miniflare)

v4.20260603.0

Compare Source

Minor Changes
  • #​14164 b502d54 Thanks @​G4brym! - Rename the web_search binding kind to websearch

    Pre-launch rename of the public binding type from web_search to websearch so the on-the-wire shape matches the product name (Web Search). The wrangler config key, the binding-type string sent to the Cloudflare API, and the miniflare option key all move from web_search / webSearch to websearch.

    Update your wrangler config:

    - "web_search": { "binding": "WEBSEARCH" }
    + "websearch": { "binding": "WEBSEARCH" }

    The runtime WebSearch type exposed on env.WEBSEARCH is unchanged.

  • #​13863 3b8b80a Thanks @​aslakhellesoy! - Support cross-worker workflow bindings via the dev registry

    When a workflow binding has a scriptName that refers to a worker registered in another Miniflare instance (via unsafeDevRegistryPath), miniflare now reroutes the engine's USER_WORKFLOW binding through the dev-registry-proxy worker — the same mechanism Durable Objects already use for cross-worker scriptName bindings.

    Previously the workflow engine was bound directly to a local service core:user:<scriptName>, so workerd refused to start when that script lived in a different process.

    This unblocks getPlatformProxy() (and any other split-Miniflare setup) for users whose workflow class is defined in a separate worker — for example SvelteKit/Remix on Cloudflare, where adapter-cloudflare's dev integration runs the user's worker in a sidecar.

    See #​7459.

Patch Changes
  • #​14175 a3eea27 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260601.1 1.20260603.1
  • #​14081 1fdd8de Thanks @​dario-piotrowicz! - Detect early workerd exit instead of hanging indefinitely

    When workerd exits during startup before writing all expected listen events to the control file descriptor (e.g. due to an IPv6 bind failure, permission error, or missing library), Miniflare's waitForPorts() would block forever. This caused wrangler dev to stall at "Starting local server..." with no error and no timeout.

    The fix races waitForPorts() against the child process exit event so that any unexpected workerd termination is detected immediately. When workerd exits early, Miniflare now throws ERR_RUNTIME_FAILURE with the runtime's stderr output included in the error message, making the root cause diagnosable without external tools.

v4.20260601.0

Compare Source

Patch Changes
  • #​14147 e06cbb7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260529.1 1.20260601.1
  • #​14086 4ef790b Thanks @​dario-piotrowicz! - Use 127.0.0.1 instead of localhost for the runtime inspector address

    On systems where getaddrinfo("localhost") returns ::1 but IPv6 is disabled at the kernel level, workerd fails to bind the inspector socket and silently continues without emitting the listen-inspector event to the control FD. This caused wrangler dev to hang indefinitely at "Starting local server..." with no error output.

    Using 127.0.0.1 explicitly is consistent with DEFAULT_HOST, --debug-port, and resolveLocalhost() already in the codebase.

  • #​14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

    URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

  • #​14112 3a746ac Thanks @​penalosa! - Pin non-bundled runtime dependencies to exact versions

    Dependencies that are not bundled into a package's published output are installed directly into consumers' dependency trees, so they are now pinned to exact versions instead of semver ranges. This closes a supply-chain gap where an unpinned external dependency could resolve to a compromised upstream release on a fresh install. A new pnpm check:pinned-deps lint enforces this for all published packages (and for the shared pnpm catalog) going forward.

v4.20260529.0

Compare Source

Minor Changes
  • #​14087 e3c862a Thanks @​edmundhung! - Add support for the new web_search binding kind.

    Cloudflare Web Search is a managed, zero-setup web discovery primitive for agents and Workers. Declare the binding as a single object in wrangler.jsonc:

    {
      "web_search": { "binding": "WEBSEARCH" }
    }

    There is exactly one shared web corpus, so there is no namespace, instance, or other field to specify -- only the variable name. The binding exposes a single search() method that returns URLs and catalog metadata for a query. Web Search is discovery-only -- to read a result's content the caller invokes the global fetch() API against the result's url.

    The binding is always remote in local development: Miniflare proxies to the production Web Search service via the remote-bindings transport. Adds the websearch.run OAuth scope to wrangler login.

    Also adds a wrangler websearch search command for running ad-hoc queries from the CLI:

    npx wrangler websearch search "cloudflare workers"
    npx wrangler websearch search "cloudflare workers" --limit 5
    npx wrangler websearch search "cloudflare workers" --json

    --limit is optional (defaults to 10, capped at 20). --json prints the raw response; without it the results render as a pretty table.

  • #​13610 cbb39bd Thanks @​petebacondarwin! - Add support for agent_memory bindings

    Agent Memory bindings allow Workers to connect to Cloudflare's Agent Memory service for storing and retrieving agent conversation state. This binding is remote-only, meaning it always connects to the Cloudflare API during wrangler dev rather than using a local simulation.

    To configure an agent_memory binding, add the following to your wrangler.json:

    {
      "agent_memory": [
        {
          "binding": "MY_MEMORY",
          "namespace": "my-namespace"
        }
      ]
    }

    Wrangler will automatically provision the namespace during deployment if it does not already exist. Type generation via wrangler types is also supported.

    This change also adds the agent-memory:write OAuth scope to Wrangler's default login scopes, so wrangler login can request the permissions needed to provision and manage Agent Memory namespaces.

  • #​14087 e3c862a Thanks @​edmundhung! - Rename pipeline field to stream in pipeline bindings configuration

    The pipeline field inside pipelines bindings has been renamed to stream to align with the updated API wire format. The old pipeline field is still accepted but deprecated and will emit a warning.

    Before:

    // wrangler.json
    {
      "pipelines": [
        {
          "binding": "MY_PIPELINE",
          "pipeline": "my-stream-name"
        }
      ]
    }

    After:

    // wrangler.json
    {
      "pipelines": [
        {
          "binding": "MY_PIPELINE",
          "stream": "my-stream-name"
        }
      ]
    }
  • #​14079 972d13d Thanks @​edmundhung! - Add JSON output to /cdn-cgi/handler/scheduled

    The /cdn-cgi/handler/scheduled endpoint now accepts ?format=json to return the scheduled handler result as JSON, including whether the handler called controller.noRetry(). Requests without format=json still return the existing text outcome for backward compatibility.

Patch Changes
  • #​14106 7bb5c7a Thanks @​dario-piotrowicz! - Add timeout to browser-rendering browser launch to prevent infinite hangs

    The browser-rendering plugin's launchBrowser() function now passes a 5-minute timeout to waitForLineOutput() when waiting for Chrome to print its DevTools WebSocket URL. Previously, if Chrome failed to start or crashed before printing the URL, the promise would hang forever. This could cause CI pipelines and local dev sessions to get stuck indefinitely.

  • #​14087 e3c862a Thanks @​edmundhung! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260526.1 1.20260527.1
  • #​14076 97d7d81 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260527.1 1.20260528.1
  • #​14100 c647ccc Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260528.1 1.20260529.1
  • #​14087 e3c862a Thanks @​edmundhung! - Fix wrangler dev crash under Yarn PnP when the worker emits a structured log or the inspector forwards a stack trace.

    getFreshSourceMapSupport was unconditionally indexing require.cache, but when miniflare is imported from ESM under Yarn PnP, Node's ESM->CJS bridge (loadCJSModule in node:internal/modules/esm/translators) hands the wrapped CJS module a re-invented require that only carries .resolve and .main, with no .cache. Fall back to createRequire(__filename) in that case so the fresh-load cache-swap keeps working.

oxc-project/oxc (oxfmt)

v0.53.0

Compare Source

facebook/react (react)

v19.2.7

Compare Source

facebook/react (react-dom)

v19.2.7

Compare Source

sveltejs/svelte (svelte)

v5.56.3

Compare Source

Patch Changes
  • fix: ignore errors that occur in destroyed effects (#​18384)

  • fix: type BigInts in $state.snapshot(...) return values (#​18388)

v5.56.2

Compare Source

Patch Changes
  • fix: properly track effect end node for async sibling component (#​18371)

  • fix: prevent false-positive reactivity loss warning (#​18373)

  • chore: bump esrap dependency (#​18372)

  • fix: ignore declaration tags for animation directive (#​18366)

  • fix: reject pending async deriveds on discard (#​18308)

v5.56.1

Compare Source

Patch Changes
  • fix: error at compile time on duplicate snippet/declaration tag definitions (#​18351)

  • fix: parse declaration tag contents more robustly (#​18353)

  • fix: correctly transform references to earlier declarators in a declaration tag (e.g. {let a = $state(0), b = $derived(a * 2)}) (#​18348)

  • fix: avoid spurious state_referenced_locally warnings for $derived declarations in declaration tags (#​18348)

  • fix: tolerate whitespace before let/const in declaration tags (#​18348)

  • fix: prevent infinite loop when a tag's expression ends with a trailing / at the end of the input (#​18350)

  • fix: more robust parsing of declaration tags with regards to type (#​18330)

  • fix: preserve newlines in spread input values when the type attribute is applied after value (#​18345)

  • fix: update SvelteURLSearchParams when setting duplicate keys to the same joined value (#​18336)

  • fix: check references for blockers on server, too (#​18352)

sveltejs/language-tools (svelte-check)

v4.6.0

Compare Source

Minor Changes
  • feat: support reading Svelte config from vite.config.js/ts (#​3031)
Patch Changes

v4.5.0

Compare Source

Minor Changes
  • feat: support Svelte 5 declaration tags (#​3033)
Patch Changes
  • fix: properly handle props with the name slot inside Svelte 5 snippets (#​3030)

  • feat: add support for svelte config ts/mts files (#​3009)

typescript-eslint/typescript-eslint (typescript-eslint)

v8.60.1

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Gugustinette/unrun (unrun)

v0.3.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
vitejs/vite (vite)

v8.0.16

Compare Source

Bug Fixes

v8.0.15

Compare Source

Features
Bug Fixes
  • capitalize error messages and remove spurious space in parse error (#​22488) (85a0eff)
  • deps: update all non-major dependencies (#​22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@​fs/ HTML paths (#​21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#​22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#​22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#​22509) (40985f1)
Miscellaneous Chores
Code Refactoring
vuejs/language-tools (vue-tsc)

v3.3.4

Compare Source

language-core
  • fix: only exclude already-set props from inherited attrs when checkRequiredFallthroughAttributes is enabled (#​6088) - Thanks to @​KazariEX!
  • fix: camelize slot props regardless of htmlAttributes option (#​6089) - Thanks to @​KazariEX!
  • fix: detect duplicate event listeners across name formats (#​6094) - Thanks to @​whysopaul!
language-service
typescript-plugin

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 8, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from b439589 to 2570643 Compare June 8, 2026 04:27
@sapphi-red sapphi-red merged commit 44bb9d9 into main Jun 8, 2026
19 of 21 checks passed
@sapphi-red sapphi-red deleted the renovate/all-minor-patch branch June 8, 2026 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant