chore(deps): update dependency miniflare to v4

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
miniflare (source)	^3.20250718.3 → ^4.0.0

---

Release Notes

cloudflare/workers-sdk (miniflare)

v4.20260430.0

Compare Source

Minor Changes

• #​13726 b5ac54b Thanks @​penalosa! - Hard fail on Node.js < 22

  Wrangler no longer supports Node.js 20.x, as it reached end-of-life on 2026-04-30. The minimum supported Node.js version is now 22.0.0. See https://github.com/nodejs/release?tab=readme-ov-file#end-of-life-releases.

• #​13390 0bf64a7 Thanks @​Ltadrian! - Fix Hyperdrive binding issue where some customers are unable to connect to local databases using wrangler dev

  • Skips creating a local TCP proxy server for Hyperdrive bindings when SSL is not enabled, connecting directly to the database instead. This avoids connection refused errors caused by firewall rules or proxy port binding issues on Windows/macOS.

• #​13565 b04eedf Thanks @​vaishnav-mk! - Add restart from step support for local Workflows development

  Workflow instances can now be restarted from a specific step in local development. When restarting from a step, all earlier steps preserve their cached results and replay instantly, while the target step and everything after it re-execute.

  The WorkflowInstance.restart() method now accepts an optional { from: { name, count?, type? } } parameter to specify which step to restart from.

• #​13618 c07d0cb Thanks @​jamesopstad! - Support V2 protocol for module fallback service

  When the new_module_registry compatibility flag is set, requests sent to unsafeModuleFallbackService() use a different protocol. Miniflare now supports both protocols and exports a parseModuleFallbackRequest() utility to ease handling.

Patch Changes

• #​13732 22e1a61 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260426.1	1.20260429.1

• #​13754 00523c8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260429.1	1.20260430.1

• #​13723 e653edf Thanks @​edmundhung! - Expose send_email bindings from getPlatformProxy()

  Projects developing in Node can now access send_email bindings from the platform proxy. This supports the plain-object MessageBuilder API locally, so calls like env.EMAIL.send({ from, to, subject, text }) no longer fail because the binding is missing.

• #​12514 e1eff94 Thanks @​ascorbic! - fix: normalise typed array subclasses in devalue serialization

  Node.js Buffer extends Uint8Array but isn't available in all runtimes. When a Buffer was passed through the proxy serialization bridge (e.g. as a D1 bind parameter via getPlatformProxy()), the reviver would fail because "Buffer" isn't in the allowed constructor list and may not exist on globalThis in workerd.

  The reducer now normalises subclass constructor names to the nearest standard typed array parent before serialization, matching structured clone behaviour.

• #​13116 e539008 Thanks @​dario-piotrowicz! - Gracefully handle a missing assets directory by starting with zero assets

  Previously, configuring Miniflare with an assets.directory that did not exist on disk would cause the asset services to fail to start. This is a common situation during wrangler dev when the assets directory is a build output that hasn't been generated yet.

  Now, when the configured assets directory does not exist, Miniflare creates an empty temporary directory and starts the asset services with zero assets. Once the real directory is created and setOptions() is called (e.g. triggered by the file watcher), Miniflare reloads and begins serving the actual assets.

• #​13363 6457fb3 Thanks @​courtney-sims! - Prepares router-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of router-worker based on their plan, but should make no functional difference today.

v4.20260426.0

Compare Source

Minor Changes

• #​13599 21b87b2 Thanks @​Ltadrian! - Add extended sslmode support for Hyperdrive local dev. This adds support for sslmodes verify-full / verify-ca for Postgres and VERIFY_IDENTITY / VERIFY_CA for MySQL

• #​13617 118027d Thanks @​roerohan! - Force Flagship bindings to always use remote mode in local dev

  Flagship bindings now always access the remote Flagship service during local development, matching the behavior of AI bindings. Previously, Flagship supported both local and remote modes, but the local stub only returned default values, providing no real functionality and creating a dual source of truth for flag evaluations.

  The remote config field is retained for backward compatibility but only controls whether a warning is displayed. Setting remote: true suppresses the warning that Flagship bindings always access remote resources and may incur usage charges in local dev.

Patch Changes

• #​13696 62e9f2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260424.1	1.20260426.1

• #​13652 033d6ec Thanks @​emily-shen! - fix: allow multiple workers with browser bindings in dev

  You can now run multiple workers with multiple browser bindings in miniflare. Previously, this would crash with kj/table.c++:49: failed: inserted row already exists in table.

• #​13649 ae8eae3 Thanks @​petebacondarwin! - Fix service binding and tail consumer props being dropped between workers in different local dev instances

  When a service binding or tail consumer configured with props targeted a worker running in a separate wrangler dev instance (via the dev registry), the props were silently dropped and the remote entrypoint saw an empty ctx.props. Props are now forwarded correctly across the dev registry boundary, matching the behavior users get when all workers run in a single instance.

  // wrangler.json
  {
    "services": [
      {
        "binding": "AUTH",
        "service": "auth-worker", // may be in a separate `wrangler dev` process
        "entrypoint": "SessionEntry",
        "props": { "tenant": "acme" }
      }
    ]
  }

  The target worker's SessionEntry entrypoint now correctly receives { tenant: "acme" } on ctx.props regardless of which local dev instance it runs in.

• #​13668 ef24ff2 Thanks @​for-the-kidz! - Fix TypeError: rules is not iterable in the router-worker when static_routing is configured without user_worker rules

  The router-worker's static-routing include-rule evaluation passed config.static_routing.user_worker directly to the matcher, which iterates with for...of. When static_routing was set but user_worker was omitted, the matcher threw TypeError: rules is not iterable and failed the request. The adjacent asset_worker branch already falls back to [] in this case; the user_worker branch now does the same.

• #​13654 6d27479 Thanks @​pombosilva! - fix: Preserve internal counter suffix on workflow step names in local explorer API

  Stop stripping the -N suffix from step names in the API response so the UI can distinguish duplicate step names. The suffix is now stripped only visually in the UI.

v4.20260424.0

Compare Source

Minor Changes

• #​13234 7fc50c1 Thanks @​natewong1313! - Support serving videos locally, add publicUrl option for stable stream preview URLs, and add caption upload support via ReadableStream

  Videos uploaded while in local mode are now served at /cdn-cgi/mf/stream/<video-id>/watch. The preview field in StreamVideo is now directly fetchable during development.

  A new publicUrl option on MiniflareOptions allows callers (e.g. Wrangler, the Vite plugin) to advertise a stable, externally-reachable URL for the Miniflare instance. When set, Stream preview URLs use this value instead of the runtime entry URL, so they remain valid across runtime restarts and port changes. The same value is also exposed as a mutable miniflare.publicUrl property.

  The helper functions buildPublicUrl and getLocallyAccessibleHost are now exported from miniflare, enabling consumers to construct client-reachable URLs that correctly handle IPv6 addresses (bracketing) and wildcard listen addresses (0.0.0.0, ::, * → 127.0.0.1).

  Caption uploads via ReadableStream are now supported in local mode. They no longer throw a "not supported in local mode" error.

Patch Changes

• #​13633 3494842 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260421.1	1.20260422.1

• #​13645 7d728fb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260422.1	1.20260423.1

• #​13657 df9319d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260423.1	1.20260424.1

• #​13659 3ceeec3 Thanks @​petebacondarwin! - Make the dev registry watcher reliable on Windows

  The filesystem-based dev registry used chokidar with default settings, which on Windows backs onto fs.watch (ReadDirectoryChangesW). That API is known to drop or delay create events for files added shortly after the watcher attaches, which is especially common under CI virtualization. When this happened, a process that had attached its watcher before another process registered its worker would never be notified of the new entry until the next 30-second heartbeat — long enough to time out cross-process service-binding calls.

  Switch to chokidar's polling mode on Windows so the dev registry observes cross-process worker registrations reliably. The registry directory is small and a 100ms poll interval has negligible cost. Non-Windows platforms continue to use the more efficient native filesystem-event backend.

• #​13560 7567ef7 Thanks @​vaishnav-mk! - Preserve NonRetryableError message and name when the workflows_preserve_non_retryable_error_message compatibility flag is enabled, instead of replacing it with a generic error message.

• #​13644 377715d Thanks @​MattieTK! - Update @clack/core and @clack/prompts to v1.2.0

  Bumps the bundled @clack/core dependency used internally by @cloudflare/cli from 0.3.x to 1.2.0, and the @clack/prompts dependency in create-cloudflare from 0.6.x to 1.2.0. Clack v1 includes a number of API changes, but no user-facing prompt behaviour changes are expected.

v4.20260421.0

Compare Source

Patch Changes

• #​13615 8fec8b8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260420.1	1.20260421.1

• #​13613 2f3d7b9 Thanks @​dario-piotrowicz! - Fix sourcemap warnings caused by references to files outside the package boundary

  miniflare's bundled sourcemap contained sources entries pointing into node_modules dependencies (zod, capnp-es, chokidar, etc.), which produced dozens of warnings in pnpm monorepos when tools like Vite or Vitest validated the sourcemaps at runtime. The build now inlines sourcesContent and patches any null entries left by upstream dependencies that don't publish their original source files

v4.20260420.0

Compare Source

Minor Changes

• #​13326 4a9ba90 Thanks @​mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #​12600 50bf819 Thanks @​penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #​13515 b35617b Thanks @​petebacondarwin! - fix: close all open handles on dispose to prevent process hangs

  Several resources were not being properly cleaned up during Miniflare.dispose(), which could leave the Node.js event loop alive and cause processes (particularly tests using node --test) to hang instead of exiting cleanly:

  • The internal undici Pool used to dispatch fetch requests to the workerd runtime was not closed. Lingering TCP sockets from this pool could keep the event loop alive indefinitely.
  • WebSocketServer instances for live reload and WebSocket proxying were never closed, leaving connected clients' sockets open.
  • The InspectorProxy was not closing its runtime WebSocket connection, relying on process death to break the connection.
  • HyperdriveProxyController.dispose() had a missing return in a .map() callback, causing Promise.allSettled to resolve immediately without waiting for net.Server instances to close.
  • ProxyClientBridge was not clearing its finalization batch setTimeout during disposal.
  • InspectorProxyController.dispose() was not calling server.closeAllConnections() before server.close(), so active HTTP keep-alive or WebSocket connections could prevent the close callback from firing.

• #​13557 8ca78bb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #​13579 b6e1351 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260416.2	1.20260417.1

• #​13604 d8314c6 Thanks @​petebacondarwin! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260417.1	1.20260420.1

• #​12913 7f50300 Thanks @​Sigmabrogz! - fix(miniflare): use 127.0.0.1 for internal loopback when localhost is configured

  When localhost is configured as the host, Node.js may bind to [::1] (IPv6) while workerd resolves localhost to 127.0.0.1 (IPv4) first. This mismatch causes connection refused errors and 100% CPU spins.

  This fix ensures the internal loopback communication between Node.js and workerd always uses 127.0.0.1 when localhost is configured, while preserving the user-facing URL as localhost.

• #​13470 4fda685 Thanks @​penalosa! - fix: prevent remote binding sessions from expiring during long-running dev sessions

  Preview tokens for remote bindings expire after one hour. Previously, the first request after expiry would fail before a refresh was triggered. This change proactively refreshes the token at 50 minutes so no request ever sees an expired session.

  The reactive recovery path is also improved: error code: 1031 responses (returned by bindings such as Workers AI when their session times out) now correctly trigger a refresh, where previously only Invalid Workers Preview configuration HTML responses did.

  Auth credentials are now resolved lazily when a remote proxy session starts rather than at bundle-complete time. This means that if your OAuth access token has been refreshed since wrangler dev started, the new token is used rather than the one captured at startup.

• #​13586 be5e6a0 Thanks @​petebacondarwin! - Fix resource leaks during config updates

  Two follow-up fixes to the dispose cleanup in #​13515:

  • Only close and recreate the dev-registry dispatcher when its port actually changes, matching the existing runtimeDispatcher behavior. Previously, every config update unconditionally tore down and rebuilt the connection pool, which could cause brief request failures if a registry push was in-flight.
  • Dispose old InspectorProxy instances before replacing them during updateConnection(). Previously, stale proxies were silently discarded, leaking their runtime WebSocket connections and 10-second keepalive interval timers.

• #​13577 e456952 Thanks @​connyay! - Return EmailSendResult from the send_email binding's send() in local mode

  The binding's send() used to resolve to undefined. It now returns { messageId: string }, the same shape as the public SendEmail type in production. Workers that read the return value (for logging, or to pass the id downstream) no longer get undefined under miniflare.

  Both branches synthesize an id in the shape production returns — <{36 alphanumeric chars}@&#8203;{sender domain}>, angle brackets included — using the envelope from for the EmailMessage path and the builder's from for the MessageBuilder path. Production synthesizes its own id rather than echoing anything submitted, so miniflare does the same.

• #​13516 4eb1da9 Thanks @​jonnyparris! - Rename "Browser Rendering" to "Browser Run" in all user-facing strings, error messages, and CLI output.

• #​13557 8ca78bb Thanks @​dependabot! - Rename Flags type to Flagship to match the upstream rename in @cloudflare/workers-types

  The Flags type was renamed to Flagship in @cloudflare/workers-types. This updates the import and the return type of getFlagshipBinding accordingly.

• #​11849 266c418 Thanks @​43081j! - Removed unused devDependencies from miniflare package.

v4.20260415.0

Compare Source

Patch Changes

• #​13354 854d66c Thanks @​courtney-sims! - Prepares asset-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of asset-worker based on their plan, but should make no functional difference today.

• #​13450 6f63eaa Thanks @​petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"

  Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a TypeError: fetch failed error. This was caused by an undici bug where isTraversableNavigable() incorrectly returned true, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.

• #​13447 aef9825 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260410.1	1.20260413.1

• #​13475 eaaa728 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260413.1	1.20260415.1

• #​13472 58292f6 Thanks @​roerohan! - Fix wrangler dev crash when using a Flagship binding with remote: true

  In remote mode, the flagship binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint "FlagshipBinding" which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Flagship service.

• #​13386 5e5bbc1 Thanks @​mksglu! - Make startup network requests non-blocking on slow connections

  Wrangler makes network requests during startup (npm update check, request.cf data fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.

  • Update check: The banner now races the update check against a 100ms grace period. On a cache hit (most runs) the result resolves in <1ms via the I/O poll phase; on a cache miss the banner prints immediately without blocking. A 3s safety-net timeout caps the update-check library's auth-retry path.
  • request.cf fetch: The fetch to workers.cloudflare.com/cf.json now uses AbortSignal.timeout(3000), falling back to cached/default data on timeout.

• #​13476 d5ff5a4 Thanks @​roerohan! - Fix wrangler dev crash when using a Stream binding with remote: true

  In remote mode, the Stream binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint "StreamBinding" which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Stream service.

• #​13426 89c7829 Thanks @​edmundhung! - Reject non-local /cdn-cgi/* requests in Miniflare

  Miniflare now validates Host and Origin on /cdn-cgi/* requests before request rewriting. Requests are still allowed for localhost, configured route hostnames, and the configured upstream hostname, but non-local hostnames can no longer reach internal development endpoints such as platform-proxy, handler routes, live reload, and the local explorer.

v4.20260410.0

Compare Source

Minor Changes

• #​13139 79fd529 Thanks @​roerohan! - feat: add Flagship feature flag binding support

  Adds end-to-end support for the Flagship feature flag binding, which allows Workers to evaluate feature flags from Cloudflare's Flagship service. Configure it in wrangler.json with a flagship array containing binding and app_id entries. In local dev, the binding returns default values for all flag evaluations; use "remote": true in the binding to evaluate flags against the live Flagship service.

• #​13392 2589395 Thanks @​emily-shen! - Add telemetry to local REST API

  The local REST API (used by the local explorer) now collects anonymous usage telemetry. This respects any existing telemetry preferences, which can be disabled by running the command wrangler telemetry disable.

  This only applies when the dev session is started via Wrangler, and not via the Vite plugin or standalone Miniflare.

  No actual data values, keys, query contents, or resource IDs are collected.

  Event schema:

  {
    "event": "localapi.<route>.<method>", // e.g. localapi.kv.keys.get
    "deviceId": "<uuid>",
    "timestamp": 1234567890,
    "properties": {
      "userAgent": "Mozilla/5.0 ...",
      // Only for localapi.local.workers.get:
      "workerCount": 2,
      "kvCount": 3,
      "d1Count": 1,
      "r2Count": 0,
      "doCount": 1,
      "workflowsCount": 0
    }
  }

  Note: the Local Explorer and corresponding local REST API is still an experimental feature.

Patch Changes

• #​13393 c50cb5b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260409.1	1.20260410.1

• #​13335 5eff8c1 Thanks @​KennethRuan! - Return metadata in queue broker response

  The queue broker's /message and /batch endpoints now return a JSON response body containing queue metrics (backlogCount, backlogBytes, oldestMessageTimestamp) instead of an empty response. A new GET /metrics endpoint is also added to support the metrics() API.

v4.20260409.0

Compare Source

Minor Changes

• #​13133 42c7ef0 Thanks @​emily-shen! - explorer: list DO instances with name where possible

  Note: The local explorer is a WIP experimental feature.

• #​13336 a42e0e8 Thanks @​emily-shen! - local explorer: fix handling on resources that are bound to multiple workers

  Note the local explorer is a experimental feature still.

Patch Changes

• #​13337 c510494 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260405.1	1.20260408.1

• #​13362 8b71eca Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260408.1	1.20260409.1

v4.20260405.0

Compare Source

Minor Changes

• #​13240 a3e3b57 Thanks @​emily-shen! - local explorer: serve the local explorer's OpenAPI spec at /cdn-cgi/explorer/api

  The local explorer is supported by a REST API served from the worker's local address. It can be accessed independently of the UI, (e.g. by an AI agent) and is thus documented at this endpoint.

• #​13314 7a60d4b Thanks @​Ltadrian! - Fix hyperdrive local dev binding tls configuration bug

Patch Changes

• #​13241 7d318e1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260401.1	1.20260402.1

• #​13305 fa6d84f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260402.1	1.20260405.1

• #​13241 7d318e1 Thanks @​dependabot! - Update Images binding local mock to use chainable handle pattern

  hosted.image(imageId) now returns a handle with details(), bytes(), update(), and delete() methods, aligning with the updated workerd API (cloudflare/workerd#6288).

v4.20260401.0

Compare Source

Minor Changes

• #​13051 d5bffde Thanks @​dario-piotrowicz! - Deprecate supportedCompatibilityDate export

  The supportedCompatibilityDate export is now deprecated. Instead of relying on the workerd-derived compatibility date, callers should just use today's date directly, e.g. new Date().toISOString().slice(0, 10).

• #​13011 b9b7e9d Thanks @​ruifigueira! - Add experimental headful browser rendering support for local development

  Experimental: This feature may be removed or changed without notice.

  When developing locally with the Browser Rendering API, you can enable headful (visible) mode via the X_BROWSER_HEADFUL environment variable to see the browser while debugging:

  X_BROWSER_HEADFUL=true wrangler dev
  X_BROWSER_HEADFUL=true vite dev

  Note: when using @cloudflare/playwright, two Chrome windows may appear — the initial blank page and the one created by browser.newPage(). This is expected behavior due to how Playwright handles browser contexts via CDP.

• #​12992 48d83ca Thanks @​RiscadoA! - Add vpc_networks binding support for routing Worker traffic through a Cloudflare Tunnel or network.

  {
    "vpc_networks": [
      // Route through a specific Cloudflare Tunnel
      { "binding": "MY_FIRST_VPC", "tunnel_id": "<tunnel-id>" },
      // Route through the Cloudflare One mesh network
      { "binding": "MY_SECOND_VPC", "network_id": "cf1:network" }
    ]
  }

Patch Changes

• #​13155 5d29055 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260329.1	1.20260331.1

• #​13162 fb67a18 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260331.1	1.20260401.1

• #​13238 b2f53ea Thanks @​guybedford! - Fix source phase imports parsing in Miniflare

  Miniflare now uses the acorn-import-phases plugin to parse import source syntax when analyzing module dependencies. This fixes ERR_MODULE_PARSE errors when running Workers that use source phase imports for WebAssembly modules in local development.

v4.20260329.0

Compare Source

Minor Changes

• #​13025 9eff028 Thanks @​ruifigueira! - Add missing devtools endpoints to browser rendering local binding.

  The local browser rendering binding now implements the full set of devtools endpoints, matching the remote Browser Rendering API:

  • GET /v1/limits — returns local concurrency defaults
  • GET /v1/history — returns empty array (no persistence in local dev)
  • GET /v1/devtools/session - list and inspect active sessions
  • GET /v1/devtools/session/:id — list and inspect active session
  • GET /v1/devtools/browser/:id/json/version — Browser version metadata, includes webSocketDebuggerUrl
  • GET /v1/devtools/browser/:id/json/list — A list of all available websocket targets
  • GET /v1/devtools/browser/:id/json — Alias for GET /v1/devtools/browser/:id/json
  • GET /v1/devtools/browser/:id/json/protocol — The current devtools protocol, as JSON. Includes webSocketDebuggerUrl and devtoolsFrontendUrl
  • PUT /v1/devtools/browser/:id/json/new — Opens a new tab. Responds with the websocket target data for the new tab
  • GET /v1/devtools/browser/:id/json/activate/:target — Brings a page into the foreground (activate a tab)
  • GET /v1/devtools/browser/:id/json/close/:target — Closes the target page identified by targetId
  • GET /v1/devtools/browser/:id/page/:target — WebSocket connection to a page target
  • GET /v1/devtools/browser/:id — WebSocket connection to a previously acquired browser session
  • DELETE /v1/devtools/browser/:id — Closes a browser session
  • POST /v1/devtools/browser — Acquires a new session
  • GET /v1/devtools/browser — Acquire a new session and connect via WebSocket in one step, returning cf-browser-session-id header

• #​13086 d4c6158 Thanks @​pombosilva! - Add Workflows support to the local explorer UI.

  The local explorer (/cdn-cgi/explorer/) now includes a full Workflows dashboard for viewing and managing workflow instances during local development.

  UI features:

  • Workflow instance list with status badges, creation time, action buttons, and pagination
  • Status summary bar with instance counts per status
  • Status filter dropdown and search
  • Instance detail page with step history, params/output cards, error display, and expandable step details
  • Create instance dialog with optional ID and JSON params

Patch Changes

• #​13111 f214760 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260317.1	1.20260329.1

• #​13078 9282493 Thanks @​penalosa! - Fix noisy EBUSY errors on Windows when disposing Miniflare instances

  On Windows, workerd may not release file handles immediately after disposal, causing EBUSY errors when Miniflare tries to remove its temporary directory during dispose(). Previously, this error propagated to the caller (e.g. vitest-pool-workers), producing repeated noisy error messages in test output. The cleanup is now best-effort — matching the existing exit hook behaviour — since the temporary directory lives in os.tmpdir() and will be cleaned up by the OS.

• #​13090 a532eea Thanks @​edmundhung! - Remove LOCAL_EXPLORER_BASE_PATH and LOCAL_EXPLORER_API_PATH constants in favor of CorePaths.EXPLORER

  These were redundant aliases introduced before CorePaths was centralized. All internal consumers now use CorePaths.EXPLORER directly.

v4.20260317.3

Compare Source

Minor Changes

• #​13027 9fcdfca Thanks @​G4brym! - feat: Add ai_search_namespaces and ai_search binding types

  Two new binding types for AI Search:

  • ai_search_namespaces: Namespace binding — namespace is required and auto-provisioned at deploy time if it doesn't exist (like R2 buckets)
  • ai_search: Single instance binding bound directly to a pre-existing instance in the default namespace

  Both are remote-only in local dev.

• #​13030 0386553 Thanks @​natewong1313! - Add local mode support for Stream bindings

  Miniflare and wrangler dev now support using Cloudflare Stream bindings locally.

  Supported operations:

  • upload() — upload video via URL
  • video(id).details(), .update(), .delete(), .generateToken()
  • videos.list()
  • captions.generate(), .list(), .delete()
  • downloads.generate(), .get(), .delete()
  • watermarks.generate(), .list(), .get(), .delete()

  The following are not yet supported in local mode and will throw:

  • createDirectUpload()
  • Caption upload via File
  • Watermark generation via File

  Data is persisted across restarts by default. You must set streamPersist: false in Miniflare options to disable persistence.

Patch Changes

• #​12686 1faff35 Thanks @​edmundhung! - Move internal proxy endpoint to reserved /cdn-cgi/ path

  The internal HTTP endpoint used by getPlatformProxy has been moved to a reserved path. This is an internal change with no impact on the getPlatformProxy API.

• #​13080 f4ea4ac Thanks @​penalosa! - fix: glob patterns for module rules no longer match double-extension filenames like foo.wasm.js

  Previously, the globsToRegExps helper compiled glob patterns without a trailing $ anchor. This caused patterns like **/*.wasm to match any path containing .wasm as a substring — including filenames such as foo.wasm.js or main.wasm.test.ts.

  When using @cloudflare/vitest-pool-workers with a wrangler.configPath, Wrangler's default CompiledWasm module rule (**/*.wasm) was silently applied to test files whose names contained .wasm, causing them to be loaded as WebAssembly binaries instead of JavaScript and failing at runtime.

  The fix restores the $ end anchor in the compiled regex so that **/*.wasm only matches paths that literally end in .wasm, while the leading ^ remains absent to allow matching anywhere within an absolute path.

v4.20260317.2

Compare Source

Patch Changes

• #​11753 b8f3309 Thanks @​ruifigueira! - Added the following improvements to local Browser Rendering binding in Miniflare:

  • Local Chrome version upgraded to 126.0.6478.182
  • Reciprocate browser websocket close events

• #​12986 5aaaab2 Thanks @​petebacondarwin! - fix: allow mixed d1Databases records containing both string and object entries

  Previously, passing a d1Databases config that mixed plain string values and object entries (e.g. { MY_DB: "db-name", OTHER_DB: { id: "...", remoteProxyConnectionString: ... } }) would cause Miniflare to throw an error. Both forms are now acce

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@intlify/utils@63

commit: 4bbc5ad