fix(deps): update all non-major dependencies#22268
Merged
sapphi-red merged 2 commits intomainfrom Apr 20, 2026
Merged
Conversation
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
a5f819c to
fd3870d
Compare
sapphi-red
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.2.2→0.2.3^1.2.2→^1.2.3^0.1.13→^0.1.14^6.0.5→^6.0.6^10.4.27→^10.5.0^2.10.18→^2.10.20^7.0.1→^7.1.1^5.2.0→^5.2.1^4.20260409.0→^4.20260415.0^5.1.7→^5.1.9^0.44.0→^0.45.0^8.0.0→^8.0.1^8.5.9→^8.5.10^5.55.3→^5.55.4v47.0.5→v47.0.6^8.58.1→^8.58.2^0.0.1→^0.1.0^1.7.3→^1.7.5^1.12.0→^1.12.1^3.2.6→^3.2.7Release Notes
rolldown/plugins (@rolldown/plugin-babel)
v0.2.3Bug Fixes
Miscellaneous Chores
vercel/vercel (@vercel/detect-agent)
v1.2.3Compare Source
Patch Changes
vitejs/devtools (@vitejs/devtools)
v0.1.14Compare Source
🚀 Features
BuiltinServerFunctionstype - by @JianJroh in #279 (5d469)🐞 Bug Fixes
wsto dependencies - by @webfansplz in #286 (c34fd)View changes on GitHub
vitejs/vite-plugin-vue (@vitejs/plugin-vue)
v6.0.6Features
Bug Fixes
Miscellaneous Chores
postcss/autoprefixer (autoprefixer)
v10.5.0Compare Source
mask-position-xandmask-position-ysupport (by @toporek).web-platform-dx/baseline-browser-mapping (baseline-browser-mapping)
v2.10.20Compare Source
v2.10.19Compare Source
facebook/react (eslint-plugin-react-hooks)
v7.1.1Compare Source
Note: 7.1.0 accidentally removed the
component-hook-factoriesrule, causing errors for users who referenced it in their ESLint config. This is now fixed.component-hook-factoriesrule for backwards compatibility. (@mofeiZ in #36307)v7.1.0Compare Source
This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better
set-state-in-effectdetection, improved ref validation, and more helpful error reporting.useEffectEventchecks in component syntax. (@jbrown215 in #35041)set-state-in-effectvalidation with fewer false negatives. (@jorge-cab in #35134, @josephsavona in #35147, @jackpope in #35214, @chesnokov-tony in #35419, @jsleitor in #36107)jpmonette/feed (feed)
v5.2.1Compare Source
What's Changed
&by @chick-p in #228New Contributors
Full Changelog: jpmonette/feed@5.2.0...5.2.1
cloudflare/workers-sdk (miniflare)
v4.20260415.0Compare Source
Patch Changes
#13354
854d66cThanks @courtney-sims! - Prepares asset-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of asset-worker based on their plan, but should make no functional difference today.#13450
6f63eaaThanks @petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a
TypeError: fetch failederror. This was caused by an undici bug whereisTraversableNavigable()incorrectly returnedtrue, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.#13447
aef9825Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#13475
eaaa728Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#13472
58292f6Thanks @roerohan! - Fixwrangler devcrash when using a Flagship binding withremote: trueIn remote mode, the flagship binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint
"FlagshipBinding"which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Flagship service.#13386
5e5bbc1Thanks @mksglu! - Make startup network requests non-blocking on slow connectionsWrangler makes network requests during startup (npm update check,
request.cfdata fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.update-checklibrary's auth-retry path.request.cffetch: The fetch toworkers.cloudflare.com/cf.jsonnow usesAbortSignal.timeout(3000), falling back to cached/default data on timeout.#13476
d5ff5a4Thanks @roerohan! - Fixwrangler devcrash when using a Stream binding withremote: trueIn remote mode, the Stream binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint
"StreamBinding"which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Stream service.#13426
89c7829Thanks @edmundhung! - Reject non-local/cdn-cgi/*requests in MiniflareMiniflare now validates
HostandOriginon/cdn-cgi/*requests before request rewriting. Requests are still allowed for localhost, configured route hostnames, and the configured upstream hostname, but non-local hostnames can no longer reach internal development endpoints such as platform-proxy, handler routes, live reload, and the local explorer.v4.20260410.0Compare Source
Minor Changes
#13139
79fd529Thanks @roerohan! - feat: add Flagship feature flag binding supportAdds end-to-end support for the Flagship feature flag binding, which allows Workers to evaluate feature flags from Cloudflare's Flagship service. Configure it in
wrangler.jsonwith aflagshiparray containingbindingandapp_identries. In local dev, the binding returns default values for all flag evaluations; use"remote": truein the binding to evaluate flags against the live Flagship service.#13392
2589395Thanks @emily-shen! - Add telemetry to local REST APIThe local REST API (used by the local explorer) now collects anonymous usage telemetry. This respects any existing telemetry preferences, which can be disabled by running the command
wrangler telemetry disable.This only applies when the dev session is started via Wrangler, and not via the Vite plugin or standalone Miniflare.
No actual data values, keys, query contents, or resource IDs are collected.
Event schema:
{ "event": "localapi.<route>.<method>", // e.g. localapi.kv.keys.get "deviceId": "<uuid>", "timestamp": 1234567890, "properties": { "userAgent": "Mozilla/5.0 ...", // Only for localapi.local.workers.get: "workerCount": 2, "kvCount": 3, "d1Count": 1, "r2Count": 0, "doCount": 1, "workflowsCount": 0 } }Note: the Local Explorer and corresponding local REST API is still an experimental feature.
Patch Changes
#13393
c50cb5bThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
#13335
5eff8c1Thanks @KennethRuan! - Return metadata in queue broker responseThe queue broker's
/messageand/batchendpoints now return a JSON response body containing queue metrics (backlogCount,backlogBytes,oldestMessageTimestamp) instead of an empty response. A newGET /metricsendpoint is also added to support themetrics()API.ai/nanoid (nanoid)
v5.1.9Compare Source
v5.1.8Compare Source
cusatomAlphabet75% faster (by @saripovdenis).oxc-project/oxc (oxfmt)
v0.45.0Compare Source
🐛 Bug Fixes
50c389boxfmt: Support.editorconfigquote_type(#20989) (leaysgur)inikulin/parse5 (parse5)
v8.0.1Compare Source
What's Changed
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.