Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

miniflare@4.20260128.0

Minor Changes

• #12152 8a210af Thanks @emily-shen! - Implement local KV API for experimental/WIP local resource explorer

  The following APIs have been (mostly) implemented:
  GET /storage/kv/namespaces - List namespaces
  GET /storage/kv/namespaces/:id/keys - List keys
  GET /storage/kv/namespaces/:id/values/:key - Get value
  PUT /storage/kv/namespaces/:id/values/:key - Write value
  DELETE /storage/kv/namespaces/:id/values/:key - Delete key
  POST /storage/kv/namespaces/:id/bulk/get - Bulk get values

Patch Changes

• #12183 17961bb Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260124.0	1.20260127.0

• #12196 52fdfe7 Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260127.0	1.20260128.0

@cloudflare/unenv-preset@2.12.0

Minor Changes

• #12007 5f060c9 Thanks @petebacondarwin! - Add support for native node:repl module when the enable_nodejs_repl_module and experimental compatibility flags are enabled.

create-cloudflare@2.62.5

Patch Changes

• #11860 4a4007d Thanks @dependabot! - chore: update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  @angular/create	21.0.4	21.1.1

• #12156 abd2b71 Thanks @irvinebroque! - Fix compatibility date detection failing when creating new projects

  Previously, getLocalWorkerdCompatibilityDate() would fail to find the locally installed miniflare and workerd packages, causing npm create cloudflare@latest to fall back to a hardcoded date (2025-09-27) instead of using the current workerd compatibility date.

  The issue was that module.createRequire() was called with a directory path. Node.js treats this as a filename at that location and looks for node_modules in the parent directory rather than the intended directory. This is now fixed by appending package.json to the path, which ensures module resolution starts from the correct location.

  Fixes npm create cloudflare@latest = > "compatibility_date": "2025-09-27" (OLD) #12155

@cloudflare/pages-shared@0.13.103

Patch Changes

• Updated dependencies [8a210af, 17961bb, 52fdfe7]:
  • miniflare@4.20260128.0

@cloudflare/vite-plugin@1.22.1

Patch Changes

• #12187 0c85b05 Thanks @jamesopstad! - Use esmExternalRequirePlugin to convert external require calls in Vite 8.

• Updated dependencies [8a210af, eb8a415, 3b06b18, 17961bb, 52fdfe7, 6d8d9cd, 5f060c9, cb72c11]:

  • miniflare@4.20260128.0
  • wrangler@4.61.1
  • @cloudflare/unenv-preset@2.12.0

@cloudflare/vitest-pool-workers@0.12.8

Patch Changes

• Updated dependencies [8a210af, eb8a415, 3b06b18, 17961bb, 52fdfe7, 6d8d9cd, cb72c11]:
  • miniflare@4.20260128.0
  • wrangler@4.61.1

@cloudflare/workers-utils@0.8.1

Patch Changes

• #12156 abd2b71 Thanks @irvinebroque! - Fix compatibility date detection failing when creating new projects

  Previously, getLocalWorkerdCompatibilityDate() would fail to find the locally installed miniflare and workerd packages, causing npm create cloudflare@latest to fall back to a hardcoded date (2025-09-27) instead of using the current workerd compatibility date.

  The issue was that module.createRequire() was called with a directory path. Node.js treats this as a filename at that location and looks for node_modules in the parent directory rather than the intended directory. This is now fixed by appending package.json to the path, which ensures module resolution starts from the correct location.

  Fixes npm create cloudflare@latest = > "compatibility_date": "2025-09-27" (OLD) #12155

• #11969 9acb24b Thanks @emily-shen! - Validate environments for unexpected fields in Wrangler config

  Previously, this check only applied to the top-level environment.

wrangler@4.61.1

Patch Changes

• #12189 eb8a415 Thanks @NuroDev! - Fixed Durable Object missing migrations warning message.

  If a Workers project includes some durable_objects in it but no migrations we show a warning to the user to add migrations to their config. However, this warning recommended new_classes for their migrations, but we instead now recommend all users use new_sqlite_classes instead.

• #11804 3b06b18 Thanks @emily-shen! - fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config.

• #12183 17961bb Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260124.0	1.20260127.0

• #12196 52fdfe7 Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260127.0	1.20260128.0

• #12199 6d8d9cd Thanks @petebacondarwin! - Prevent wrangler logout from failing when the Wrangler configuration file is invalid

  Previously, if your wrangler.toml or wrangler.json file contained syntax errors or invalid values, the wrangler logout command would fail. Now, configuration parsing errors are caught and logged at debug level, allowing you to log out regardless of the state of your configuration file.

• #12153 cb72c11 Thanks @petebacondarwin! - Sanitize commands and arguments in telemetry to prevent accidentally capturing sensitive information.

  Changes:

  • Renamed telemetry fields from command/args to sanitizedCommand/sanitizedArgs to distinguish from historical fields that may have contained sensitive data in older versions
  • Command names now come from command definitions rather than user input, preventing accidental capture of sensitive data pasted as positional arguments
  • Sentry breadcrumbs now use the safe command name from definitions
  • Argument values are only included if explicitly allowed via COMMAND_ARG_ALLOW_LIST
  • Argument keys (names) are always included since they come from command definitions, not user input

• Updated dependencies [8a210af, 17961bb, 52fdfe7, 5f060c9]:

  • miniflare@4.20260128.0
  • @cloudflare/unenv-preset@2.12.0

@cloudflare/quick-edit@0.4.5

Patch Changes

• #12154 e36c0c9 Thanks @petebacondarwin! - Use X-Forwarded-Host header for extension authority when behind a proxy

  When Quick Edit is accessed through a proxy, the X-Forwarded-Host header is now used to determine the authority for loading builtin extensions. This ensures extensions load correctly when the Worker is behind a reverse proxy. The header value is only used if it matches *.devprod.cloudflare.dev for security.

@cloudflare/workers-shared@0.18.10

Patch Changes

• #11920 09a8829 Thanks @WillTaylorDev! - The asset-worker now uses a shorter 10-second TTL for cached assets, down from 60 seconds. This ensures that asset updates are reflected more quickly during development and deployment, reducing the window where stale assets might be served.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@12184

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@12184

miniflare

npm i https://pkg.pr.new/miniflare@12184

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@12184

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@12184

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@12184

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@12184

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@12184

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@12184

wrangler

npm i https://pkg.pr.new/wrangler@12184

commit: d975ce0

[claude]

Claude finished @workers-devprod's task —— View job

---

Changeset Review

Todo List

• Read changeset guidelines
• Review all 14 changeset files
• Check image for cuteness
• Provide final verdict

---

⚠️ Issues found

Issues

1. cold-trams-sort.md (D1 local commands fix): Missing description body

   • The changeset only has a title: "fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config."
   • According to guidelines, changesets should have a body explaining "the reason for the change and anything notable about the approach"
   • This should include at least one more sentence explaining why this change was needed or what the previous behavior was

2. all-streets-crash.md (KV API implementation): Missing experimental feature opt-in instructions

   • This is marked as a minor version for an "experimental/WIP local resource explorer"
   • Per guidelines: "When adding or changing experimental features, call this out explicitly in the changeset description"
   • The changeset should include information on how users can opt in to this experimental feature

3. native-node-repl.md (Node.js REPL support): Missing experimental feature opt-in instructions

   • This adds support for node:repl when compatibility flags are enabled
   • The changeset mentions the flags are needed (enable_nodejs_repl_module and experimental) but should explicitly call out that this is an experimental feature and provide clearer instructions on how to use it

Changesets That Look Good

• ✅ angry-streets-do.md - Clear bug fix with good explanation
• ✅ bright-eggs-draw.md - Clear change description
• ✅ c3-frameworks-update-11860.md - Dependency update (exempt from validation per guidelines)
• ✅ dependabot-update-12183.md - Dependency update
• ✅ dependabot-update-12196.md - Dependency update
• ✅ fair-bats-travel.md - Good technical explanation
• ✅ gyena-uqept-nmcqg.md - Excellent detailed explanation with context
• ✅ logout-invalid-config.md - Clear fix with good before/after explanation
• ✅ quick-edit-x-forwarded-host.md - Good explanation with security context
• ✅ safe-command-args-metrics.md - Excellent detailed explanation with bullet points
• ✅ tidy-plants-thank.md - Clear validation improvement