Version Packages

[workers-devprod]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

create-cloudflare@2.67.0

Minor Changes

• #13454 bac2311 Thanks @G4brym! - Upgrade OpenAPI template to chanfana 3 and Zod v4

  The OpenAPI worker template has been upgraded to use chanfana v3.3 (from v2.6) and Zod v4 (from v3). All removed chanfana parameter helpers (Str, Bool, Num, DateTime) have been replaced with native Zod v4 equivalents. Other dependency updates include hono v4.12, wrangler v4, and @cloudflare/workers-types.

  Additional template improvements:

  • Fix response schemas to match actual handler return values
  • Use NotFoundException for 404 responses instead of raw Response.json()
  • Use HTTP 201 status for the create endpoint
  • Enable full strict mode in tsconfig (previously silently overridden)
  • Remove unused @types/service-worker-mock dependency

Patch Changes

• #12563 a25270e Thanks @irvinebroque! - Add best practices documentation links to generated AGENTS.md

  The AGENTS.md file generated for new Workers projects now directs AI coding agents to
  fetch and understand the latest best practices before writing code, including Workers
  best practices, Durable Objects rules, and Workflows rules.

• #12906 7cf5095 Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-vite	8.3.0	9.0.4

• #13277 44dc73a Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-analog	2.3.1	2.4.7

• #13437 fe4101c Thanks @dependabot! - Update dependencies of "create-cloudflare"

  The following dependency versions have been updated:

  Dependency	From	To
  create-waku	0.12.5-1.0.0-alpha.6-0	0.12.5-1.0.0-alpha.7-0

• #13316 21d0b53 Thanks @emily-shen! - Fix Vue project scaffolding failing when javascript is selected

wrangler@4.83.0

Minor Changes

• #13391 60565dd Thanks @mikenomitch! - Mark wrangler containers commands as stable

  This changes the status of the Containers CLI from open beta to stable. Wrangler no longer shows [open beta] labels or beta warning text for wrangler containers commands, so the help output matches the feature's current availability.

• #13311 6cbcdeb Thanks @ryanking13! - JS files imported by the Python Workers runtime SDK are now handled as ESM modules.

  This is not a user-facing change, but Python Workers users should update their wrangler version to make sure to get Python workers SDK working properly.

Patch Changes

• #13450 6f63eaa Thanks @petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"

  Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a TypeError: fetch failed error. This was caused by an undici bug where isTraversableNavigable() incorrectly returned true, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.

• #13447 aef9825 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260410.1	1.20260413.1

• #13475 eaaa728 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260413.1	1.20260415.1

• #13386 5e5bbc1 Thanks @mksglu! - Make startup network requests non-blocking on slow connections

  Wrangler makes network requests during startup (npm update check, request.cf data fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.

  • Update check: The banner now races the update check against a 100ms grace period. On a cache hit (most runs) the result resolves in <1ms via the I/O poll phase; on a cache miss the banner prints immediately without blocking. A 3s safety-net timeout caps the update-check library's auth-retry path.
  • request.cf fetch: The fetch to workers.cloudflare.com/cf.json now uses AbortSignal.timeout(3000), falling back to cached/default data on timeout.

• #13469 07a918c Thanks @1000hz! - wrangler preview no longer warns on inheritable binding types being missing from previews config.

• #13463 90aee27 Thanks @roerohan! - Remove unnecessary flagship:read OAuth scope

  The flagship:read scope is not needed since flagship:write already implies read access. This reduces the OAuth permissions requested during login to only what is required.

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 89c7829]:

  • miniflare@4.20260415.0

miniflare@4.20260415.0

Patch Changes

• #13354 854d66c Thanks @courtney-sims! - Prepares asset-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of asset-worker based on their plan, but should make no functional difference today.

• #13450 6f63eaa Thanks @petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"

  Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a TypeError: fetch failed error. This was caused by an undici bug where isTraversableNavigable() incorrectly returned true, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.

• #13447 aef9825 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260410.1	1.20260413.1

• #13475 eaaa728 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260413.1	1.20260415.1

• #13472 58292f6 Thanks @roerohan! - Fix wrangler dev crash when using a Flagship binding with remote: true

  In remote mode, the flagship binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint "FlagshipBinding" which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Flagship service.

• #13386 5e5bbc1 Thanks @mksglu! - Make startup network requests non-blocking on slow connections

  Wrangler makes network requests during startup (npm update check, request.cf data fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.

  • Update check: The banner now races the update check against a 100ms grace period. On a cache hit (most runs) the result resolves in <1ms via the I/O poll phase; on a cache miss the banner prints immediately without blocking. A 3s safety-net timeout caps the update-check library's auth-retry path.
  • request.cf fetch: The fetch to workers.cloudflare.com/cf.json now uses AbortSignal.timeout(3000), falling back to cached/default data on timeout.

• #13476 d5ff5a4 Thanks @roerohan! - Fix wrangler dev crash when using a Stream binding with remote: true

  In remote mode, the Stream binding is backed by a generic proxy worker that only has a default export. The plugin was requesting a named entrypoint "StreamBinding" which doesn't exist on it, causing workerd to reject the binding at startup. The named entrypoint is now omitted in remote mode so workerd routes to the default export, which correctly proxies all RPC calls to the remote Stream service.

• #13426 89c7829 Thanks @edmundhung! - Reject non-local /cdn-cgi/* requests in Miniflare

  Miniflare now validates Host and Origin on /cdn-cgi/* requests before request rewriting. Requests are still allowed for localhost, configured route hostnames, and the configured upstream hostname, but non-local hostnames can no longer reach internal development endpoints such as platform-proxy, handler routes, live reload, and the local explorer.

@cloudflare/pages-shared@0.13.125

Patch Changes

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 89c7829]:
  • miniflare@4.20260415.0

@cloudflare/vite-plugin@1.32.3

Patch Changes

• #13427 c4deb1d Thanks @edmundhung! - Harden file serving for Vite dev

  The Vite plugin now includes Wrangler config files, Vite config files, and .wrangler state files in server.fs.deny so they cannot be fetched directly from the Vite dev server.

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 07a918c, 89c7829, 60565dd, 6cbcdeb, 90aee27]:

  • miniflare@4.20260415.0
  • wrangler@4.83.0

@cloudflare/vitest-pool-workers@0.14.7

Patch Changes

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 07a918c, 89c7829, 60565dd, 6cbcdeb, 90aee27]:
  • miniflare@4.20260415.0
  • wrangler@4.83.0

@cloudflare/local-explorer-ui@0.13.0

Minor Changes

• #13429 54ceb95 Thanks @NuroDev! - Add shift-click multi-select to R2 object list

  Shift-clicking a checkbox in the R2 object list now selects or deselects a contiguous range of rows between the last individually clicked row (the anchor) and the shift-clicked row. This matches standard shift-select behavior in file managers and data tables.

@cloudflare/workers-shared@0.19.2

Patch Changes

• #13354 854d66c Thanks @courtney-sims! - Prepares asset-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of asset-worker based on their plan, but should make no functional difference today.

@cloudflare/workers-utils@0.16.1

Patch Changes

• #13468 051db1f Thanks @jamesopstad! - Make all properties in previews optional

  All properties in previews were previously incorrectly typed as required.

[ask-bonk]

LGTM

github run

[github-actions]

✅ All changesets look good

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13461

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13461

miniflare

npm i https://pkg.pr.new/miniflare@13461

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13461

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13461

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13461

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13461

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13461

wrangler

npm i https://pkg.pr.new/wrangler@13461

commit: 0470984