ruff
b5b7fbf5 - Update NPM Development dependencies (#25263)

Commit

18 hours ago

Update NPM Development dependencies (#25263) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@cloudflare/workers-types](https://redirect.github.com/cloudflare/workerd) | [`4.20260506.1` → `4.20260511.1`](https://renovatebot.com/diffs/npm/@cloudflare%2fworkers-types/4.20260506.1/4.20260511.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@cloudflare%2fworkers-types/4.20260511.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@cloudflare%2fworkers-types/4.20260506.1/4.20260511.1?slim=true) | | [@tailwindcss/vite](https://tailwindcss.com) ([source](https://redirect.github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite)) | [`4.2.4` → `4.3.0`](https://renovatebot.com/diffs/npm/@tailwindcss%2fvite/4.2.4/4.3.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@tailwindcss%2fvite/4.3.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tailwindcss%2fvite/4.2.4/4.3.0?slim=true) | | [miniflare](https://redirect.github.com/cloudflare/workers-sdk/tree/main/packages/miniflare#readme) ([source](https://redirect.github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare)) | [`4.20260504.0` → `4.20260508.0`](https://renovatebot.com/diffs/npm/miniflare/4.20260504.0/4.20260508.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/miniflare/4.20260508.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/miniflare/4.20260504.0/4.20260508.0?slim=true) | | [tailwindcss](https://tailwindcss.com) ([source](https://redirect.github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss)) | [`4.2.4` → `4.3.0`](https://renovatebot.com/diffs/npm/tailwindcss/4.2.4/4.3.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/tailwindcss/4.3.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/tailwindcss/4.2.4/4.3.0?slim=true) | | [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) | [`8.59.2` → `8.59.3`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.2/8.59.3) | ![age](https://developer.mend.io/api/mc/badges/age/npm/typescript-eslint/8.59.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript-eslint/8.59.2/8.59.3?slim=true) | | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`8.0.10` → `8.0.12`](https://renovatebot.com/diffs/npm/vite/8.0.10/8.0.12) | ![age](https://developer.mend.io/api/mc/badges/age/npm/vite/8.0.12?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/8.0.10/8.0.12?slim=true) | | [wasm-pack](https://redirect.github.com/wasm-bindgen/wasm-pack) | [`^0.13.1` → `^0.14.0`](https://renovatebot.com/diffs/npm/wasm-pack/0.13.1/0.14.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/wasm-pack/0.14.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wasm-pack/0.13.1/0.14.0?slim=true) | | [wrangler](https://redirect.github.com/cloudflare/workers-sdk) ([source](https://redirect.github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`4.88.0` → `4.90.1`](https://renovatebot.com/diffs/npm/wrangler/4.88.0/4.90.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/4.90.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/4.88.0/4.90.1?slim=true) | --- ### Release Notes <details> <summary>cloudflare/workerd (@cloudflare/workers-types)</summary> ### [`v4.20260511.1`](https://redirect.github.com/cloudflare/workerd/compare/cea1948f57baece9efc44a6ea533eb34637fa379...29a0709e1a1f8a0610fc3833769f98bf4f81aa63) [Compare Source](https://redirect.github.com/cloudflare/workerd/compare/cea1948f57baece9efc44a6ea533eb34637fa379...29a0709e1a1f8a0610fc3833769f98bf4f81aa63) ### [`v4.20260510.1`](https://redirect.github.com/cloudflare/workerd/compare/21840a6f9cd33fb247ed5c862fc85eff16e18ae7...cea1948f57baece9efc44a6ea533eb34637fa379) [Compare Source](https://redirect.github.com/cloudflare/workerd/compare/21840a6f9cd33fb247ed5c862fc85eff16e18ae7...cea1948f57baece9efc44a6ea533eb34637fa379) ### [`v4.20260509.1`](https://redirect.github.com/cloudflare/workerd/compare/2ab8992cd4d249245397b0d747c76812a37b567d...21840a6f9cd33fb247ed5c862fc85eff16e18ae7) [Compare Source](https://redirect.github.com/cloudflare/workerd/compare/2ab8992cd4d249245397b0d747c76812a37b567d...21840a6f9cd33fb247ed5c862fc85eff16e18ae7) ### [`v4.20260508.1`](https://redirect.github.com/cloudflare/workerd/compare/0138dcb57e3bec50aeb5c5a5c9897abfb365ece7...2ab8992cd4d249245397b0d747c76812a37b567d) [Compare Source](https://redirect.github.com/cloudflare/workerd/compare/0138dcb57e3bec50aeb5c5a5c9897abfb365ece7...2ab8992cd4d249245397b0d747c76812a37b567d) ### [`v4.20260507.1`](https://redirect.github.com/cloudflare/workerd/compare/e8ea644421fc426fd6ac0fab17076c4698f222f8...0138dcb57e3bec50aeb5c5a5c9897abfb365ece7) [Compare Source](https://redirect.github.com/cloudflare/workerd/compare/e8ea644421fc426fd6ac0fab17076c4698f222f8...0138dcb57e3bec50aeb5c5a5c9897abfb365ece7) </details> <details> <summary>tailwindlabs/tailwindcss (@tailwindcss/vite)</summary> ### [`v4.3.0`](https://redirect.github.com/tailwindlabs/tailwindcss/blob/HEAD/CHANGELOG.md#430---2026-05-08) [Compare Source](https://redirect.github.com/tailwindlabs/tailwindcss/compare/v4.2.4...v4.3.0) ##### Added - Add `@container-size` utility ([#18901](https://redirect.github.com/tailwindlabs/tailwindcss/pull/18901)) - Add `scrollbar-{auto,thin,none}` utilities for `scrollbar-width`, and `scrollbar-thumb-*` / `scrollbar-track-*` color utilities for `scrollbar-color` ([#19981](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19981), [#20019](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20019)) - Add `scrollbar-gutter-*` utilities ([#20018](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20018)) - Add `zoom-*` utilities ([#20020](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20020)) - Add `tab-*` utilities ([#20022](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20022)) - Allow using `@variant` with stacked variants (e.g. `@variant hover:focus { … }`) ([#19996](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996)) - Allow using `@variant` with compound variants (e.g. `@variant hover, focus { … }`) ([#19996](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996)) - Support `--default(…)` in `--value(…)` and `--modifier(…)` for functional `@utility` definitions ([#19989](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19989)) ##### Fixed - Ensure `@plugin` resolves package JavaScript entries instead of browser CSS entries when using `@tailwindcss/vite` ([#19949](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19949)) - Fix relative `@import` and `@plugin` paths resolving from the wrong directory when using `@tailwindcss/vite` ([#19965](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19965)) - Ensure CSS files containing `@variant` are processed by `@tailwindcss/vite` ([#19966](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19966)) - Resolve imports relative to `base` when `result.opts.from` is not provided when using `@tailwindcss/postcss` ([#19980](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19980)) - Canonicalization: preserve significant `_` whitespace in arbitrary values ([#19986](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986)) - Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. `w-[calc(100%---spacing(60))]` → `w-[calc(100%-(--spacing(60)))]`) ([#19986](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986)) - Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. `-mt-[20in]` → `mt-[-20in]`, not `mt-[-1920px]`) ([#19988](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19988)) - Canonicalization: migrate arbitrary `:has()` variants from `[&:has(…)]` to `has-[…]` ([#19991](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19991)) - Upgrade: don’t migrate inline `style` attributes (e.g. `style="flex-grow: 1"` → `style="flex-grow: 1"`, not `style="grow: 1"`) ([#19918](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19918)) - Allow multiple `@utility` definitions with the same name but different value types ([#19777](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19777)) - Export missing `PluginWithConfig` type from `tailwindcss/plugin` to fix errors when inferring plugin config types ([#19707](https://redirect.github.com/tailwindlabs/tailwindcss/pull/19707)) - Ensure `start` and `end` legacy utilities without values do not generate CSS ([#20003](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20003)) - Ensure `--value(…)` is required in functional `@utility` definitions ([#20005](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20005)) - Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. `-left-[(var(--a)+var(--b))]`) ([#20011](https://redirect.github.com/tailwindlabs/tailwindcss/pull/20011)) </details> <details> <summary>cloudflare/workers-sdk (miniflare)</summary> ### [`v4.20260508.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/miniflare/CHANGELOG.md#4202605080) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/miniflare@4.20260507.1...miniflare@4.20260508.0) ##### Minor Changes - [#8431](https://redirect.github.com/cloudflare/workers-sdk/pull/8431) [`5d936c5`](https://redirect.github.com/cloudflare/workers-sdk/commit/5d936c594b9f9298320e9c289aaaa876fd26a163) Thanks [@penalosa](https://redirect.github.com/penalosa)! - Support `workerd` autogates via the `MINIFLARE_WORKERD_AUTOGATES` environment variable. ##### Patch Changes - [#13866](https://redirect.github.com/cloudflare/workers-sdk/pull/13866) [`4e44ce6`](https://redirect.github.com/cloudflare/workers-sdk/commit/4e44ce6a27b9c9313a1b9a6b56bb18935039e13e) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260507.1 | 1.20260508.1 | ### [`v4.20260507.1`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/miniflare/CHANGELOG.md#4202605071) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/miniflare@4.20260507.0...miniflare@4.20260507.1) ##### Patch Changes - [#13348](https://redirect.github.com/cloudflare/workers-sdk/pull/13348) [`5cf6f81`](https://redirect.github.com/cloudflare/workers-sdk/commit/5cf6f813bb49e40326a87ccee588175545408f5e) Thanks [@mglewis](https://redirect.github.com/mglewis)! - Improve variant URLs returned by the hosted images mock for local development The miniflare hosted images mock previously returned bare variant names (e.g. `"public"`) in the `variants` field of `ImageMetadata`. In production, this field contains full delivery URLs. The bare names were not usable as image sources, causing applications that render images from variant URLs to fail during local development. Variant URLs now point to a new local delivery endpoint at `/cdn-cgi/imagedelivery/<image_id>/<variant>` which serves image bytes directly from the local KV store with content-type detection via Sharp. ### [`v4.20260507.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/miniflare/CHANGELOG.md#4202605070) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/miniflare@4.20260504.0...miniflare@4.20260507.0) ##### Minor Changes - [#13836](https://redirect.github.com/cloudflare/workers-sdk/pull/13836) [`039bada`](https://redirect.github.com/cloudflare/workers-sdk/commit/039badabe54358e31b7b488e6720fd7cdd268c4f) Thanks [@Skye-31](https://redirect.github.com/Skye-31)! - Support named recipients in the Email Sending API MessageBuilder The `send_email` binding's MessageBuilder now accepts `EmailAddress` objects for `to`, `cc`, and `bcc` in addition to plain strings. You can mix named and plain addresses in the same array: ```js await env.SEND_EMAIL.send({ from: "sender@example.com", to: [ "plain@example.com", '"Name" <address@example.com>', { name: "Jane Doe", email: "jane@example.com" }, ], cc: [{ name: "CC Person", email: "cc@example.com" }], subject: "Hello", text: "...", }); ``` Additionally, addresses in `"Name" <address>` format are now correctly parsed when checking `allowed_destination_addresses` and `allowed_sender_addresses` restrictions. - [#13776](https://redirect.github.com/cloudflare/workers-sdk/pull/13776) [`1a54ac5`](https://redirect.github.com/cloudflare/workers-sdk/commit/1a54ac5646be16f9f7151e6ecff7dec5fc6110fa) Thanks [@petebacondarwin](https://redirect.github.com/petebacondarwin)! - Default the `workerd` runtime subprocess to `TZ=UTC` to match the production Cloudflare runtime Previously, Miniflare inherited the host machine's timezone, so `Date` and `Intl` APIs inside a Worker observed the developer's local timezone during local development but UTC in production. This caused dev/prod drift that was hard to debug. Miniflare now sets `TZ=UTC` on the spawned `workerd` subprocess by default. A new `unsafeRuntimeEnv` option (a `Record<string, string>`) is available on the `Miniflare` constructor for advanced cases that need to override the default — for example, to test timezone-dependent behaviour: ```ts new Miniflare({ modules: true, script: "...", unsafeRuntimeEnv: { TZ: "Europe/London" }, }); ``` ##### Patch Changes - [#13829](https://redirect.github.com/cloudflare/workers-sdk/pull/13829) [`2284f20`](https://redirect.github.com/cloudflare/workers-sdk/commit/2284f20465c9c94d86e530daed30debcb9207d90) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260504.1 | 1.20260506.1 | - [#13841](https://redirect.github.com/cloudflare/workers-sdk/pull/13841) [`332f527`](https://redirect.github.com/cloudflare/workers-sdk/commit/332f52763c7996e08fd4995c643124c5a9701e40) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260506.1 | 1.20260507.1 | </details> <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.59.3`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8593-2026-05-11) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.2...v8.59.3) This was a version bump only for typescript-eslint to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>vitejs/vite (vite)</summary> ### [`v8.0.12`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8012-2026-05-11-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.11...v8.0.12) ##### Features - update rolldown to 1.0.0 ([#22401](https://redirect.github.com/vitejs/vite/issues/22401)) ([cf0ff41](https://redirect.github.com/vitejs/vite/commit/cf0ff4154b26cffbf18541ade1a50818842731d3)) ##### Bug Fixes - **create-vite:** pass react framework to TanStack CLI ([#22397](https://redirect.github.com/vitejs/vite/issues/22397)) ([18f0f90](https://redirect.github.com/vitejs/vite/commit/18f0f904442cc45bd4b1c83db2627fd5cb0c9937)) - **deps:** update all non-major dependencies ([#22420](https://redirect.github.com/vitejs/vite/issues/22420)) ([2be6000](https://redirect.github.com/vitejs/vite/commit/2be6000130e3ae2160acc301baa4f7913fbc1f6e)) - **module-runner:** prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains ([#22369](https://redirect.github.com/vitejs/vite/issues/22369)) ([f5a22e6](https://redirect.github.com/vitejs/vite/commit/f5a22e62ada75286138b7ceb3825e43958ef00e1)) - refer to `rolldownOptions` instead of deprecated `rollupOptions` in messages ([#22400](https://redirect.github.com/vitejs/vite/issues/22400)) ([b675c7b](https://redirect.github.com/vitejs/vite/commit/b675c7b6697423275ad9dd521d3ce7c8679761a0)) - **worker:** apply `build.target` to worker bundle ([#22404](https://redirect.github.com/vitejs/vite/issues/22404)) ([3c93fde](https://redirect.github.com/vitejs/vite/commit/3c93fde21f07d44db7669ca7484f4e7a8767afe5)) - **worker:** forward define to worker bundle transform ([#22408](https://redirect.github.com/vitejs/vite/issues/22408)) ([d4838a0](https://redirect.github.com/vitejs/vite/commit/d4838a0358d9f04a980d4d2ac7263f21a6b28ee2)) ##### Miscellaneous Chores - **deps:** update dependency eslint-plugin-n to v18 ([#22423](https://redirect.github.com/vitejs/vite/issues/22423)) ([2fe7bd2](https://redirect.github.com/vitejs/vite/commit/2fe7bd2d73beb697a3d149e943ac74b768c9d27f)) - **deps:** update rolldown-related dependencies ([#22421](https://redirect.github.com/vitejs/vite/issues/22421)) ([66b9eb3](https://redirect.github.com/vitejs/vite/commit/66b9eb35188007e0e9a1bd03b4be820016cad60b)) ### [`v8.0.11`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8011-2026-05-07-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v8.0.10...v8.0.11) ##### Features - update rolldown to 1.0.0-rc.18 ([#22360](https://redirect.github.com/vitejs/vite/issues/22360)) ([3f80524](https://redirect.github.com/vitejs/vite/commit/3f80524aa1fa40bfa831f1a1bf2641c3979ba396)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#22334](https://redirect.github.com/vitejs/vite/issues/22334)) ([672c962](https://redirect.github.com/vitejs/vite/commit/672c96288fd5440bbecddc65551e713edeb8d403)) - **deps:** update all non-major dependencies ([#22382](https://redirect.github.com/vitejs/vite/issues/22382)) ([5c0cfcb](https://redirect.github.com/vitejs/vite/commit/5c0cfcb83dde2c6e25b6c3215dd622956bf29631)) - **glob:** align hmr matcher options with glob enumeration ([#22306](https://redirect.github.com/vitejs/vite/issues/22306)) ([30028f9](https://redirect.github.com/vitejs/vite/commit/30028f94516fa06dd0212567373169b3b3f6e393)) - make separate object instance for each environment ([#22276](https://redirect.github.com/vitejs/vite/issues/22276)) ([7c2aa3b](https://redirect.github.com/vitejs/vite/commit/7c2aa3b40ba00ce1299e4f31932c7929f179a80a)) ##### Documentation - **create-vite:** list react-compiler templates in README ([#22347](https://redirect.github.com/vitejs/vite/issues/22347)) ([7c3a61f](https://redirect.github.com/vitejs/vite/commit/7c3a61f42da6445904e93f0e29e9a2a838fa684a)) - explain mergeConfig skips null/undefined ([#22325](https://redirect.github.com/vitejs/vite/issues/22325)) ([2151f70](https://redirect.github.com/vitejs/vite/commit/2151f701dc98270c905c540b209fb6d23d53d3ad)) - mention native config loader in CLI options ([#22348](https://redirect.github.com/vitejs/vite/issues/22348)) ([0420c5d](https://redirect.github.com/vitejs/vite/commit/0420c5d37b6049476b6e6c16662be372575dd683)) - update evan's x handle ([640202a](https://redirect.github.com/vitejs/vite/commit/640202a2167b0c19b94e4d3b8ff87309ae1f44d0)) ##### Miscellaneous Chores - **deps:** update dependency tsdown to ^0.21.10 ([#22333](https://redirect.github.com/vitejs/vite/issues/22333)) ([3b51e05](https://redirect.github.com/vitejs/vite/commit/3b51e050214c5a817c163838ab8643fe34c7d0c3)) - **deps:** update rolldown-related dependencies ([#22383](https://redirect.github.com/vitejs/vite/issues/22383)) ([555ff36](https://redirect.github.com/vitejs/vite/commit/555ff36de70a43b3b3dc22f958bf78fe75e11d67)) - **deps:** update transitive packages to fix npm audit alerts ([#22316](https://redirect.github.com/vitejs/vite/issues/22316)) ([86aee62](https://redirect.github.com/vitejs/vite/commit/86aee6268aa879d74f68a890392c1dee973ebf05)) ##### Code Refactoring - devtools integration ([#22312](https://redirect.github.com/vitejs/vite/issues/22312)) ([3c8bf06](https://redirect.github.com/vitejs/vite/commit/3c8bf064ec76e311f2d8be3a37dcfdcdd4e4253c)) - remove unnecessary async ([#22296](https://redirect.github.com/vitejs/vite/issues/22296)) ([b31fd35](https://redirect.github.com/vitejs/vite/commit/b31fd355d93eb166573362bd09c07745b9f76755)) - show direct path type in bad character warning ([#22339](https://redirect.github.com/vitejs/vite/issues/22339)) ([0c162e9](https://redirect.github.com/vitejs/vite/commit/0c162e96a6545c93808e7338b9adeca2636596fa)) ##### Tests - **create-vite:** use short help alias ([#22389](https://redirect.github.com/vitejs/vite/issues/22389)) ([994ab66](https://redirect.github.com/vitejs/vite/commit/994ab66bc4dc872278d8353d710ffc4bbd881f8d)) </details> <details> <summary>wasm-bindgen/wasm-pack (wasm-pack)</summary> ### [`v0.14.0`](https://redirect.github.com/wasm-bindgen/wasm-pack/blob/HEAD/CHANGELOG.md#-0140) [Compare Source](https://redirect.github.com/wasm-bindgen/wasm-pack/compare/v0.13.1...v0.14.0) - ### ✨ Features - **Support arbitrary wasm targets (WASI support) - [RReverser], [pull/1524]** Allows building for targets other than wasm32-unknown-unknown, enabling WASI and other custom wasm targets. [pull/1524]: https://redirect.github.com/drager/wasm-pack/pull/1524 [RReverser]: https://redirect.github.com/RReverser - **macOS ARM (aarch64-apple-darwin) build support - [kaleidawave], [pull/1529]** Adds native Apple Silicon support in release builds and NPM package. [pull/1529]: https://redirect.github.com/drager/wasm-pack/pull/1529 [kaleidawave]: https://redirect.github.com/kaleidawave - **Allow `--split-linked-modules` flag for wasm-bindgen - [codeart1st], [pull/1443]** [pull/1443]: https://redirect.github.com/drager/wasm-pack/pull/1443 [codeart1st]: https://redirect.github.com/codeart1st - **Custom build profile support - [rafaelbeckel], [pull/1428]** Allows using custom cargo profiles via `--profile`. [pull/1428]: https://redirect.github.com/drager/wasm-pack/pull/1428 [rafaelbeckel]: https://redirect.github.com/rafaelbeckel - ### 🤕 Fixes - **Fix NPM package download URL - [qinyuhang], [pull/1543]** [pull/1543]: https://redirect.github.com/drager/wasm-pack/pull/1543 [qinyuhang]: https://redirect.github.com/qinyuhang - **Filter build artifacts to only .wasm files - \[drager], [pull/1535]** [pull/1535]: https://redirect.github.com/drager/wasm-pack/pull/1535 - **Handle undefined VERSION in installer script - [BrianHung], [pull/1512]** [pull/1512]: https://redirect.github.com/drager/wasm-pack/pull/1512 [BrianHung]: https://redirect.github.com/BrianHung - **Fix it\_gets\_wasm\_bindgen\_version test - [mshroyer], [pull/1509]** [pull/1509]: https://redirect.github.com/drager/wasm-pack/pull/1509 [mshroyer]: https://redirect.github.com/mshroyer - ### 🛠️ Maintenance - **Update dependencies to latest versions - \[drager], [pull/1536]** [pull/1536]: https://redirect.github.com/drager/wasm-pack/pull/1536 - **Security workflow permissions fixes - \[drager]** - **Bump ring from 0.17.8 to 0.17.14 - [dependabot], [pull/1516]** [pull/1516]: https://redirect.github.com/drager/wasm-pack/pull/1516 - **Bump brace-expansion from 1.1.11 to 1.1.12 in /npm - [dependabot], [pull/1515]** [pull/1515]: https://redirect.github.com/drager/wasm-pack/pull/1515 - **Bump rustls from 0.23.16 to 0.23.18 - [dependabot], [pull/1451]** [pull/1451]: https://redirect.github.com/drager/wasm-pack/pull/1451 [dependabot]: https://redirect.github.com/apps/dependabot - **Fix tar vulnerability (CVE-2026-23745) in npm package** Override tar dependency to ^7.5.3 to fix arbitrary file overwrite and symlink poisoning vulnerability ([GHSA-8qq5-rm4j-mr97]). [GHSA-8qq5-rm4j-mr97]: https://redirect.github.com/advisories/GHSA-8qq5-rm4j-mr97 - **Fix axios vulnerabilities in npm package** Override axios dependency to ^0.30.0 to fix SSRF/credential leakage via absolute URL and XSRF-TOKEN leakage (CSRF) vulnerabilities. - ### 📖 Documentation - **Update documentation links to drager's repo - [yutannihilation], [pull/1513]** [pull/1513]: https://redirect.github.com/drager/wasm-pack/pull/1513 [yutannihilation]: https://redirect.github.com/yutannihilation - **Document prerequisites for webdriver tests - [mshroyer], [pull/1509]** </details> <details> <summary>cloudflare/workers-sdk (wrangler)</summary> ### [`v4.90.1`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#4901) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@4.90.0...wrangler@4.90.1) ##### Patch Changes - [#13866](https://redirect.github.com/cloudflare/workers-sdk/pull/13866) [`4e44ce6`](https://redirect.github.com/cloudflare/workers-sdk/commit/4e44ce6a27b9c9313a1b9a6b56bb18935039e13e) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260507.1 | 1.20260508.1 | - [#13837](https://redirect.github.com/cloudflare/workers-sdk/pull/13837) [`b0cee1d`](https://redirect.github.com/cloudflare/workers-sdk/commit/b0cee1dc99823efc675b3b0ff961d4198887a5d7) Thanks [@matingathani](https://redirect.github.com/matingathani)! - Fix beta/open-beta status message ignoring `printBanner: false` — when a command sets `printBanner: (args) => !args.json`, the status banner no longer appears in JSON output - [#13887](https://redirect.github.com/cloudflare/workers-sdk/pull/13887) [`d878e13`](https://redirect.github.com/cloudflare/workers-sdk/commit/d878e1329989ef2d6db615d479df16c42d7431c3) Thanks [@apeacock1991](https://redirect.github.com/apeacock1991)! - Fix `wrangler dev` hanging on shutdown when remote bindings are present startDev() registers dev hotkeys before authenticating the user. During interactive dev sessions, the auth callback re-registers hotkeys, which updates the local unregisterHotKeys variable to a new cleanup function. However, the unregisterHotKeys value returned to callers was captured as a direct reference to the initial registration, so it would call the stale cleanup function instead of the current one. This has been fixed by returning a wrapper function () => unregisterHotKeys?.() instead of the variable directly. The wrapper evaluates unregisterHotKeys at call time, ensuring it always invokes the latest cleanup function even after re-registration. - [#13867](https://redirect.github.com/cloudflare/workers-sdk/pull/13867) [`971dfe3`](https://redirect.github.com/cloudflare/workers-sdk/commit/971dfe346604b7ea51e057c885f8f3ee39efb064) Thanks [@petebacondarwin](https://redirect.github.com/petebacondarwin)! - Fix race in `RemoteProxySession.updateBindings` so it waits for the remote worker to finish reloading with the new bindings before resolving Previously, `updateBindings` resolved as soon as the config update event was dispatched, long before the remote worker had been re-uploaded and the local proxy worker had unpaused. Callers that issued requests immediately afterwards could see flaky failures — typically "WebSocket connection failed" for JSRPC bindings such as service bindings or dispatch namespaces — because the local proxy worker was still in its paused state during the reload window. `updateBindings` now waits for the next `reloadComplete` event and for the local proxy worker's runtime-message queue to drain before returning, so callers can safely issue requests after `await session.updateBindings(...)`. If the reload fails, the rejection from `updateBindings` carries the underlying error. - [#13867](https://redirect.github.com/cloudflare/workers-sdk/pull/13867) [`971dfe3`](https://redirect.github.com/cloudflare/workers-sdk/commit/971dfe346604b7ea51e057c885f8f3ee39efb064) Thanks [@petebacondarwin](https://redirect.github.com/petebacondarwin)! - Fix unhandled `AbortError` from `wrangler dev`'s remote tail WebSocket when the bundle rebuilds or the dev session shuts down The remote-runtime tail-logs WebSocket (`#activeTail` in `RemoteRuntimeController`) was constructed with the same `AbortSignal` that `onBundleStart` aborts to cancel in-flight preview-session operations. The abort destroyed the WebSocket's underlying upgrade request with `AbortError`, which had no `error` listener attached and propagated as an unhandled exception. We now attach an `error` listener at WebSocket construction that ignores errors (logging at debug level), matching the safeguards already present on the `terminate` paths in `#previewToken` and `teardown()`. - Updated dependencies \[[`4e44ce6`](https://redirect.github.com/cloudflare/workers-sdk/commit/4e44ce6a27b9c9313a1b9a6b56bb18935039e13e), [`5d936c5`](https://redirect.github.com/cloudflare/workers-sdk/commit/5d936c594b9f9298320e9c289aaaa876fd26a163)]: - miniflare\@4.20260508.0 ### [`v4.90.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#4900) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@4.89.1...wrangler@4.90.0) ##### Minor Changes - [#12279](https://redirect.github.com/cloudflare/workers-sdk/pull/12279) [`248bc08`](https://redirect.github.com/cloudflare/workers-sdk/commit/248bc08152cf9f792d98c8c78f8fb1417b1bb3b3) Thanks [@penalosa](https://redirect.github.com/penalosa)! - Add deprecation warning for `delivery_delay` in queue producer bindings The `delivery_delay` setting in `[[queues.producers]]` was silently having no effect since 2024. This change adds a deprecation warning when the setting is used, informing users that queue-level settings should be configured using `wrangler queues update` instead. The setting will be removed in a future version. ##### Patch Changes - [#13853](https://redirect.github.com/cloudflare/workers-sdk/pull/13853) [`8852b0c`](https://redirect.github.com/cloudflare/workers-sdk/commit/8852b0cdf08af0575330cf181c53cd42edf49b9b) Thanks [@gpanders](https://redirect.github.com/gpanders)! - Fix Containers SSH config - [#13858](https://redirect.github.com/cloudflare/workers-sdk/pull/13858) [`e414e56`](https://redirect.github.com/cloudflare/workers-sdk/commit/e414e562c85521e8538689ac37b0cb36915d565e) Thanks [@penalosa](https://redirect.github.com/penalosa)! - Fix `wrangler whoami` and account selection failing for Account API Tokens The `/memberships` fallback for Account API Tokens was checking for code 9109, but `/memberships` actually returns 9106 for that case. Correct the code so the fallback to `/accounts` triggers as intended. - Updated dependencies \[]: - miniflare\@4.20260507.1 ### [`v4.89.1`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#4891) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@4.89.0...wrangler@4.89.1) ##### Patch Changes - [#13824](https://redirect.github.com/cloudflare/workers-sdk/pull/13824) [`dd3baf3`](https://redirect.github.com/cloudflare/workers-sdk/commit/dd3baf3fa718ed82f7b394cb0c12db3ac3e092fa) Thanks [@emily-shen](https://redirect.github.com/emily-shen)! - Fix container deployment being skipped for Workers for Platforms user workers Previously, deploying a worker with `--dispatch-namespace` would early-exit before calling `deployContainers()`, meaning container-app registration that links the image to the Durable Object namespace was never executed for WfP user workers. Container deployment now runs before the WfP early exit. - Updated dependencies \[[`5cf6f81`](https://redirect.github.com/cloudflare/workers-sdk/commit/5cf6f813bb49e40326a87ccee588175545408f5e)]: - miniflare\@4.20260507.1 ### [`v4.89.0`](https://redirect.github.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#4890) [Compare Source](https://redirect.github.com/cloudflare/workers-sdk/compare/wrangler@4.88.0...wrangler@4.89.0) ##### Minor Changes - [#13055](https://redirect.github.com/cloudflare/workers-sdk/pull/13055) [`f3fed88`](https://redirect.github.com/cloudflare/workers-sdk/commit/f3fed8859b612d424388fe45a1d638cf6b1c42c7) Thanks [@GregBrimble](https://redirect.github.com/GregBrimble)! - Introducing the `cache` configuration option for Workers. You can now set `{ cache: { enabled: true } }` in your Wrangler configuration file to enable a HTTP cache in front of your Worker's `fetch` handler. This is also supported in `[previews]` configuration — `previews.cache` overrides the top-level `cache` setting for preview deployments, and falls back to the top-level value when absent. More information can be found in [our documentation](https://developers.cloudflare.com/workers/cache/configuration/). - [#13776](https://redirect.github.com/cloudflare/workers-sdk/pull/13776) [`1a54ac5`](https://redirect.github.com/cloudflare/workers-sdk/commit/1a54ac5646be16f9f7151e6ecff7dec5fc6110fa) Thanks [@petebacondarwin](https://redirect.github.com/petebacondarwin)! - `wrangler dev` and other Miniflare-backed commands now run the local `workerd` runtime with `TZ=UTC` to match production Previously, `wrangler dev` (and other commands that spin up Miniflare, such as `wrangler kv`, `wrangler d1`, `wrangler r2`, `wrangler check`) inherited the host machine's timezone, so `Date` and `Intl` APIs inside a Worker observed the developer's local timezone during local development but UTC in production. This caused subtle, hard-to-debug differences between local and deployed behaviour. Local development now matches production. Code that previously relied on the host timezone during `wrangler dev` will need to either accept UTC (the production behaviour) or explicitly construct dates/formatters with the desired timezone. ##### Patch Changes - [#13829](https://redirect.github.com/cloudflare/workers-sdk/pull/13829) [`2284f20`](https://redirect.github.com/cloudflare/workers-sdk/commit/2284f20465c9c94d86e530daed30debcb9207d90) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260504.1 | 1.20260506.1 | - [#13841](https://redirect.github.com/cloudflare/workers-sdk/pull/13841) [`332f527`](https://redirect.github.com/cloudflare/workers-sdk/commit/332f52763c7996e08fd4995c643124c5a9701e40) Thanks [@dependabot](https://redirect.github.com/apps/dependabot)! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: | Dependency | From | To | | ---------- | ------------ | ------------ | | workerd | 1.20260506.1 | 1.20260507.1 | - [#13777](https://redirect.github.com/cloudflare/workers-sdk/pull/13777) [`18e833d`](https://redirect.github.com/cloudflare/workers-sdk/commit/18e833d988a406a37c8c175e0dd7ea982789e956) Thanks [@matingathani](https://redirect.github.com/matingathani)! - fix: throw a clear error when \_routes.json contains invalid JSON instead of silently skipping it - [#13751](https://redirect.github.com/cloudflare/workers-sdk/pull/13751) [`b6cea17`](https://redirect.github.com/cloudflare/workers-sdk/commit/b6cea17413e31750d8915b4bef767311afa1a7b4) Thanks [@matingathani](https://redirect.github.com/matingathani)! - fix: ensure `wrangler types --check --env-file` does not falsely report stale types when `.dev.vars` exists - [#13775](https://redirect.github.com/cloudflare/workers-sdk/pull/13775) [`53e846a`](https://redirect.github.com/cloudflare/workers-sdk/commit/53e846a564371bb3aa13bd0358c23a7486e5c2f4) Thanks [@maxwellpeterson](https://redirect.github.com/maxwellpeterson)! - Fix `wrangler preview` not propagating the `assets` binding to preview deployments Previously, `wrangler preview` would upload the asset manifest correctly but the resulting preview deployment had no `ASSETS` binding (or whatever name was configured under `assets.binding`). Workers reading from the binding would see `undefined` and fail at runtime. The fix emits the assets binding into the deployment's `env` map alongside other bindings, mirroring `wrangler deploy`. - [#13770](https://redirect.github.com/cloudflare/workers-sdk/pull/13770) [`beff19c`](https://redirect.github.com/cloudflare/workers-sdk/commit/beff19c5c98e7ece4abe5b465dd60e6a47825f6f) Thanks [@petebacondarwin](https://redirect.github.com/petebacondarwin)! - Only show accounts available for the current login auth in `wrangler whoami` and the interactive account picker Wrangler now lists the intersection of `/accounts` and `/memberships` instead of either endpoint alone, dropping accounts the active OAuth token or API token has no membership in. The `accounts` field of `wrangler whoami --json` is filtered the same way. When `/memberships` is inaccessible to the current auth (e.g. Account API Tokens) Wrangler falls back to `/accounts` so those tokens continue to work as before. - [#13832](https://redirect.github.com/cloudflare/workers-sdk/pull/13832) [`af42fed`](https://redirect.github.com/cloudflare/workers-sdk/commit/af42fedb4153ab7cb3fedd552fb2007dc3e8cd1b) Thanks [@gpanders](https://redirect.github.com/gpanders)! - Show `containers ssh` in `wrangler containers --help` and in `wrangler containers ssh --help` The `containers ssh` command was previously hidden, so it did not appear in the list of subcommands shown by `wrangler containers --help`, and its description was omitted from `wrangler containers ssh --help`. The command is now listed with its description in both places. - Updated dependencies \[[`2284f20`](https://redirect.github.com/cloudflare/workers-sdk/commit/2284f20465c9c94d86e530daed30debcb9207d90), [`332f527`](https://redirect.github.com/cloudflare/workers-sdk/commit/332f52763c7996e08fd4995c643124c5a9701e40), [`039bada`](https://redirect.github.com/cloudflare/workers-sdk/commit/039badabe54358e31b7b488e6720fd7cdd268c4f), [`1a54ac5`](https://redirect.github.com/cloudflare/workers-sdk/commit/1a54ac5646be16f9f7151e6ecff7dec5fc6110fa)]: - miniflare\@4.20260507.0 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "before 4am on Wednesday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff).  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micha Reiser <micha@reiser.io>

References

#25263 - Update NPM Development dependencies

Author

renovate[bot]

Parents

dd554406

ruff b5b7fbf5 - Update NPM Development dependencies (#25263)

ruff
b5b7fbf5 - Update NPM Development dependencies (#25263)