Skip to content

Bump devalue and @cloudflare/vitest-pool-workers#5

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-138e0f1300
Open

Bump devalue and @cloudflare/vitest-pool-workers#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-138e0f1300

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown

Removes devalue. It's no longer used after updating ancestor dependency @cloudflare/vitest-pool-workers. These dependencies need to be updated together.

Removes devalue

Updates @cloudflare/vitest-pool-workers from 0.6.8 to 0.16.10

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.16.9

Patch Changes

  • #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

    The bundler's external list was previously hand-maintained and out of sync with package.jsonundici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

    The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

    Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

  • Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

    • wrangler@4.94.0
    • miniflare@4.20260521.0

@​cloudflare/vitest-pool-workers@​0.16.8

Patch Changes

  • #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

    Two related issues affected the CF-Worker header on outbound subrequests in local development:

    1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
    2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

    Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

    Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

  • Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

    • miniflare@4.20260520.0
    • wrangler@4.93.1

@​cloudflare/vitest-pool-workers@​0.16.7

Patch Changes

  • #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

    Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

  • Updated dependencies [aac7ca0, b25dc0d, ae047ee, a4f22bc, f78d435, aac7ca0, c5c9e20, ebf4b24, b27eb18, 895baf5, 7bcdf45]:

    • wrangler@4.93.0
    • miniflare@4.20260518.0

@​cloudflare/vitest-pool-workers@​0.16.6

Patch Changes

  • #13833 0e4a830 Thanks @​thegeekasteroid! - Filter benign disconnected: WebSocket peer disconnected workerd stderr noise during test runs.

    The ignoreMessages array in the pool already filters several benign workerd disconnect messages (e.g. disconnected: WebSocket was aborted). On recent workerd versions, tests that exercise the WebSocket API also surface disconnected: WebSocket peer disconnected warnings during normal teardown. These are not user-actionable and obscure real test failures. Add the message to the existing filter alongside the other disconnected: entries.

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.16.10

Patch Changes

0.16.9

Patch Changes

  • #13933 90092c0 Thanks @​petebacondarwin! - Derive bundler externals from package.json and shrink the published bundle

    The bundler's external list was previously hand-maintained and out of sync with package.jsonundici and semver were both listed as external despite being only devDependencies. The published dist/pool/index.mjs consequently contained a top-level import { fetch } from "undici" that was only resolvable because pnpm happened to hoist undici from other packages' devDependencies during local development.

    The bundler now derives its external list from dependencies + peerDependencies in package.json, making it impossible for a devDependency to silently end up externalized.

    Combined with the new "sideEffects": false declaration in @cloudflare/workers-utils, the unused cloudflared / tunnel exports (and their transitive undici import) are now tree-shaken out of the pool entirely. dist/pool/index.mjs no longer references undici at all, and shrinks from ~489 KB to ~125 KB.

  • Updated dependencies [52e9082, 0733688, fc1f7b9, 30657e1, 8c569c6, f598eac, 3a1fbed]:

    • wrangler@4.94.0
    • miniflare@4.20260521.0

0.16.8

Patch Changes

  • #13919 c7eab7f Thanks @​petebacondarwin! - Fix the outbound CF-Worker header reflecting the route pattern hostname instead of the parent zone, and falling back to <worker-name>.example.com under vite dev, vitest-pool-workers, and getPlatformProxy

    Two related issues affected the CF-Worker header on outbound subrequests in local development:

    1. Under @cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, and getPlatformProxy, the header fell back to <worker-name>.example.com even when routes were configured, because unstable_getMiniflareWorkerOptions and the equivalent getPlatformProxy worker-options path did not propagate a zone value to Miniflare. This broke local development against services that reject unknown CF-Worker hosts (for example, Apple WeatherKit returns 403 Forbidden).
    2. Across the above paths and wrangler dev --local, when a route used the zone_name field (for example { pattern: "foo.example.com/*", zone_name: "example.com" }), the header was set to the pattern's hostname (foo.example.com) rather than the zone name (example.com). Production sets CF-Worker to the zone name that owns the Worker, so this was inconsistent with deployed behaviour.

    Both bugs are fixed: the new unstable_getMiniflareWorkerOptions / getPlatformProxy path now propagates a zone derived from the first configured route, and all four local-dev paths now prefer a route's explicit zone_name over the pattern hostname when computing that zone. When zone_name isn't set, the existing best-effort behaviour is preserved — for wrangler dev this means dev.host is still honoured as a local override and the pattern hostname is used as a final fallback. Resolving the parent zone for zone_id-only, custom_domain, or plain-string routes would require an API lookup, so locally we still approximate it with the pattern hostname.

    Note: dev.host is intentionally not consulted by the unstable_getMiniflareWorkerOptions / getPlatformProxy paths — the dev config block is specific to wrangler dev.

  • Updated dependencies [fa1f61f, 2679e05, 7e40d98, adc9221, 735852d, d803737, c7eab7f, e04e180, 59cd880, 62abf97, e8c2031, e349fe0, da0fa8c, a5c9365]:

    • miniflare@4.20260520.0
    • wrangler@4.93.1

0.16.7

Patch Changes

  • #13961 2cb658c Thanks @​threepointone! - Preserve same-stub RPC call order for wrapped Worker and Durable Object entrypoints

    Previously, dynamically wrapped RPC methods could resolve and invoke out of order when many calls were fired without awaiting each individual call. This now queues method resolution per wrapper instance so calls begin in the order they were received.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​cloudflare/vitest-pool-workers since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 1, 2026
Removes [devalue](https://github.com/sveltejs/devalue). It's no longer used after updating ancestor dependency [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers). These dependencies need to be updated together.


Removes `devalue`

Updates `@cloudflare/vitest-pool-workers` from 0.6.8 to 0.16.10
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/HEAD/packages/vitest-pool-workers)

---
updated-dependencies:
- dependency-name: "@cloudflare/vitest-pool-workers"
  dependency-version: 0.16.10
  dependency-type: direct:development
- dependency-name: devalue
  dependency-version:
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-138e0f1300 branch from 2318128 to 6ea970f Compare June 1, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants