Bump miniflare from 4.20260305.0 to 4.20260317.0

[dependabot]

Bumps miniflare from 4.20260305.0 to 4.20260317.0.

Release notes

Sourced from miniflare's releases.

miniflare@4.20260317.0

Patch Changes

• #12927 c9b3184 Thanks @​penalosa! - Bump undici from 7.18.2 to 7.24.4

• #12875 13df6c7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260312.1	1.20260316.1

• #12935 df0d112 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260316.1	1.20260317.1

• #12928 81ee98e Thanks @​petebacondarwin! - Migrate chrome-devtools-patches deployment from Cloudflare Pages to Workers + Assets

  The DevTools frontend is now deployed as a Cloudflare Workers + Assets project instead of a Cloudflare Pages project. This uses wrangler deploy for production deployments and wrangler versions upload for PR preview deployments.

  The inspector proxy origin allowlists in both wrangler and miniflare have been updated to accept connections from the new workers.dev domain patterns, while retaining the legacy pages.dev patterns for backward compatibility.

miniflare@4.20260312.1

Patch Changes

• #12869 ade0aed Thanks @​emily-shen! - Local explorer: validate host and origin headers before Miniflare modifies them

  If routes are set, Miniflare will alter the host and origin headers to match, causing the local explorer to mistakenly identify and block same-origin requests.

  Note the local explorer is a WIP experimental feature.

miniflare@4.20260312.0

Patch Changes

• #12861 f7de0fd Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260310.1	1.20260312.1

• #12864 ecc7f79 Thanks @​NuroDev! - Fix local explorer route matching to be more precise

  Previously, the route matching used startsWith("/cdn-cgi/explorer") which would incorrectly match paths like /cdn-cgi/explorerfoo or /cdn-cgi/explorereeeeee, causing unexpected behavior. The route matching has been improved to only match:

... (truncated)

Changelog

Sourced from miniflare's changelog.

4.20260317.0

Patch Changes

• #12927 c9b3184 Thanks @​penalosa! - Bump undici from 7.18.2 to 7.24.4

• #12875 13df6c7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260312.1	1.20260316.1

• #12935 df0d112 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260316.1	1.20260317.1

• #12928 81ee98e Thanks @​petebacondarwin! - Migrate chrome-devtools-patches deployment from Cloudflare Pages to Workers + Assets

  The DevTools frontend is now deployed as a Cloudflare Workers + Assets project instead of a Cloudflare Pages project. This uses wrangler deploy for production deployments and wrangler versions upload for PR preview deployments.

  The inspector proxy origin allowlists in both wrangler and miniflare have been updated to accept connections from the new workers.dev domain patterns, while retaining the legacy pages.dev patterns for backward compatibility.

4.20260312.1

Patch Changes

• #12869 ade0aed Thanks @​emily-shen! - Local explorer: validate host and origin headers before Miniflare modifies them

  If routes are set, Miniflare will alter the host and origin headers to match, causing the local explorer to mistakenly identify and block same-origin requests.

  Note the local explorer is a WIP experimental feature.

4.20260312.0

Patch Changes

• #12861 f7de0fd Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260310.1	1.20260312.1

... (truncated)

Commits

• a671740 Version Packages (#12923)
• e25bd0e Update prettier to 3.8.1 (#12939)
• df0d112 Bump the workerd-and-workers-types group with 2 updates (#12935)
• 81ee98e [chrome-devtools-patches] Migrate deployment from Cloudflare Pages to Workers...
• 13df6c7 Bump the workerd-and-workers-types group with 2 updates (#12875)
• 2e6b4ab Version Packages (#12876)
• ade0aed fix host/origin header validation in local explorer (#12869)
• 25b090a Version Packages (#12840)
• 22b51cd Revert "[Workflows] Implement Workflows instance methods" (#12872)
• 8d4ef78 [Workflows] Implement Workflows instance methods (#12814)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	miniflare@​4.20260317.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm miniflare is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: package.json → npm/miniflare@4.20260317.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/miniflare@4.20260317.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report