chore(deps): update dependency miniflare to v4

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
miniflare (source)	^3.20250718.2 → ^4.0.0

---

Release Notes

cloudflare/workers-sdk (miniflare)

v4.20260124.0

Compare Source

Minor Changes

• #​12008 e414f05 Thanks @​penalosa! - Add support for customising the inspector IP address

  Adds a new --inspector-ip CLI flag and dev.inspector_ip configuration option to allow customising the IP address that the inspector server listens on. Previously, the inspector was hardcoded to listen only on 127.0.0.1.

  Example usage:

  # CLI flag
  wrangler dev --inspector-ip 0.0.0.0

  // wrangler.json
  {
  	"dev": {
  		"inspector_ip": "0.0.0.0",
  	},
  }

• #​12034 05714f8 Thanks @​emily-shen! - Add a no-op local explorer worker, which is gated by the experimental flag X_LOCAL_EXPLORER.

Patch Changes

• #​11853 014e7aa Thanks @​43081j! - Use built-in stripVTControlCharacters utility rather than the strip-ansi package.

• #​12040 77e82d2 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260120.0	1.20260122.0

• #​12061 f08ef21 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260122.0	1.20260123.0

• #​12088 0641e6c Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260123.0	1.20260124.0

• #​11897 bbd8a5e Thanks @​dario-piotrowicz! - Bundle the zod dependency to reduce supply chain attack surface

  In order to prevent possible npm vulnerability attacks, the team's policy is to bundle
  dependencies in our packages where possible. This helps ensure that only trusted code
  runs on the user's system, even if compromised packages are later published to npm.

  This change bundles zod (a pure JavaScript validation library with no native dependencies)
  into miniflare and @​cloudflare/vitest-pool-workers.

  Other dependencies remain external for technical reasons:

  • sharp: Native binary with platform-specific builds
  • undici: Dynamically required at runtime in worker threads
  • ws: Has optional native bindings for performance
  • workerd: Native binary (Cloudflare's JavaScript runtime)
  • @cspotcode/source-map-support: Uses require.cache manipulation at runtime
  • youch: Dynamically required for lazy loading

v4.20260120.0

Compare Source

Patch Changes

• #​11993 788bf78 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260116.0	1.20260120.0

v4.20260116.0

Compare Source

Minor Changes

• #​11942 133bf95 Thanks @​penalosa! - Add support for Email Sending API's MessageBuilder interface in local mode

  Miniflare now supports the simplified MessageBuilder interface for sending emails, alongside the existing EmailMessage support.

  Example usage:

  await env.EMAIL.send({
  	from: { name: "Alice", email: "alice@example.com" },
  	to: ["bob@example.com"],
  	subject: "Hello",
  	text: "Plain text version",
  	html: "<h1>HTML version</h1>",
  	attachments: [
  		{
  			disposition: "attachment",
  			filename: "report.pdf",
  			type: "application/pdf",
  			content: pdfData,
  		},
  	],
  });

  In local mode, email content (text, HTML, attachments) is stored to temporary files that you can open in your editor or browser for inspection. File paths are logged to the console when emails are sent.

Patch Changes

• #​11925 8e4a0e5 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260114.0	1.20260115.0

• #​11942 133bf95 Thanks @​penalosa! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260115.0	1.20260116.0

• #​11967 202c59e Thanks @​emily-shen! - chore: update undici

  The following dependency versions have been updated:

  Dependency	From	To
  undici	7.14.0	7.18.2

• #​11943 25e2c60 Thanks @​vicb! - Bump capnp-es to ^0.0.14

v4.20260114.0

Compare Source

Minor Changes

• #​11883 4714ca1 Thanks @​dario-piotrowicz! - Add MF-Original-Hostname header when using the upstream option

  When using the upstream option in Miniflare, the Host header is rewritten to match the upstream server, which means the original hostname is lost. This change adds a new MF-Original-Hostname header that preserves the original hostname from the incoming request.

  This allows Workers to access the original hostname when proxying requests through an upstream server:

  export default {
  	async fetch(request) {
  		const originalHostname = request.headers.get("MF-Original-Hostname");
  		// originalHostname contains the hostname before it was rewritten
  	},
  };

Patch Changes

• #​11908 e78186d Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260111.0	1.20260114.0

• #​11898 c17e971 Thanks @​petebacondarwin! - Bundle more third-party dependencies to reduce supply chain risk

  Previously, several small utility packages were listed as runtime dependencies and
  installed separately. These are now bundled directly into the published packages,
  reducing the number of external dependencies users need to trust.

  Bundled dependencies:

  • miniflare: acorn, acorn-walk, exit-hook, glob-to-regexp, stoppable
  • kv-asset-handler: mime
  • vite-plugin-cloudflare: @remix-run/node-fetch-server, defu, get-port, picocolors, tinyglobby
  • vitest-pool-workers: birpc, devalue, get-port, semver

v4.20260111.0

Compare Source

Patch Changes

• #​11494 ed60c4f Thanks @​jalmonter! - Fix scheduled trigger warning showing undefined port

  When running wrangler dev with a worker that has cron triggers, the warning message displayed an invalid URL like curl "http://localhost:undefined/cdn-cgi/handler/scheduled" because the port wasn't yet determined when the warning was logged.

  Moved the warning to after the proxy server is fully ready, where the actual public URL and port are known.

• #​11831 faa5753 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260107.1	1.20260108.0

• #​11844 e574ef3 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260108.0	1.20260109.0

• #​11872 b6148ed Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260109.0	1.20260111.0

• #​11816 fc96e5f Thanks @​dario-piotrowicz! - Bump sharp dependency (from 0.33.5 to 0.34.5)

v4.20260107.0

Compare Source

Patch Changes

• #​11822 97e67b9 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260103.0	1.20260107.1

v4.20260103.0

Compare Source

Minor Changes

• #​11648 eac5cf7 Thanks @​pombosilva! - Add Workflows test handlers in vitest-pool-workers to get the Workflow instance output and error:

  • getOutput(): Returns the output of the successfully completed Workflow instance.
  • getError(): Returns the error information of the errored Workflow instance.

  Example:

  // First wait for the workflow instance to complete:
  await expect(
  	instance.waitForStatus({ status: "complete" })
  ).resolves.not.toThrow();
  
  // Then, get its output
  const output = await instance.getOutput();
  
  // Or for errored workflow instances, get their error:
  await expect(
  	instance.waitForStatus({ status: "errored" })
  ).resolves.not.toThrow();
  const error = await instance.getError();

Patch Changes

• #​11714 65d1850 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251217.0	1.20251219.0

• #​11732 1615fce Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251219.0	1.20251221.0

• #​11748 b2769bf Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251221.0	1.20251223.0

• #​11791 554a4df Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251223.0	1.20260103.0

• #​11642 8eede3f Thanks @​petebacondarwin! - Fix intermittent "Fetch failed" errors in Miniflare tests on Windows

  Miniflare tests would occasionally fail with "Fetch failed" errors (particularly on Windows CI runners) due to race conditions between undici's Keep-Alive mechanism and the Miniflare server closing idle connections. Miniflare now configures the Dispatcher to prevent connection reuse and eliminate these race condition errors.

• #​11493 6a05b1c Thanks @​GameRoMan! - Update zod from 3.22.3 to 3.25.76

v4.20251217.0

Compare Source

Patch Changes

• #​11679 ae1ad22 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251213.0	1.20251217.0

• #​11663 737c0f4 Thanks @​NuroDev! - Fix Durable Object RPC calls from Node.js blocking the event loop, preventing Promise.race() and timeouts from working correctly.

  Previously, RPC calls from Node.js to Durable Objects would block the Node.js event loop, causing Promise.race() with timeouts to never resolve. This fix ensures that RPC calls properly yield control back to the event loop, allowing concurrent operations and timeouts to work as expected.

v4.20251213.0

Compare Source

Patch Changes

• #​11596 5d085fb Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251210.0	1.20251211.0

• #​11622 b75b710 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251211.0	1.20251212.0

• #​11640 1e9be12 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251212.0	1.20251213.0

v4.20251210.0

Compare Source

Patch Changes

• #​11552 31c162a Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251202.0	1.20251205.0

• #​11583 bd5f087 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251205.0	1.20251209.0

• #​11584 c6dd86f Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251209.0	1.20251210.0

v4.20251202.1

Compare Source

Patch Changes

• #​11443 56e78c8 Thanks @​Ltadrian! - Improve local Hyperdrive binding latency on Windows.

v4.20251202.0

Compare Source

Patch Changes

• #​11495 59534ba Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251128.0	1.20251202.0

v4.20251128.0

Compare Source

Patch Changes

• #​11448 2b4813b Thanks @​edmundhung! - Builds package with esbuild v0.27.0

• #​11419 5ee3780 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251125.0	1.20251126.0

• #​11444 6e63b57 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251126.0	1.20251127.0

• #​11457 71ab562 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251127.0	1.20251128.0

• #​11391 5e937c1 Thanks @​pmiguel! - Set minimum KV Cache TTL in Miniflare to 30 seconds

v4.20251125.0

Compare Source

Patch Changes

• #​11376 69f4dc3 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251118.0	1.20251121.0

• #​11396 1133c4d Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251121.0	1.20251125.0

• #​11348 4d61fae Thanks @​petebacondarwin! - Add resilience to reading and writing the dev registry files

v4.20251118.1

Compare Source

Minor Changes

• #​11219 524a6e5 Thanks @​Ltadrian! - Implement Hyperdrive binding TLS miniflare proxy. This will allow for wrangler dev hyperdrive bindings to connect to external
  databases that require TLS.

v4.20251118.0

Compare Source

Patch Changes

• #​11318 e5ec8cf Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251113.0	1.20251118.0

v4.20251113.0

Compare Source

Minor Changes

• #​10703 c5c4ee5 Thanks @​danlapid! - Add support for streaming tail consumers in local dev. This is an experimental new feature that allows you to register a tailStream() handler (compared to the existing tail() handler), which will receive streamed tail events from your Worker (compared to the tail() handler, which only receives batched events after your Worker has finished processing).

Patch Changes

• #​11235 d0041e2 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251109.0	1.20251111.0

• #​11277 827d017 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251111.0	1.20251113.0

v4.20251109.1

Compare Source

Patch Changes

• #​11202 305ffb3 Thanks @​petebacondarwin! - Make Miniflare inspector proxy more resilient to selecting a free port

  We have seen some test flakes when there are a lot of Miniflare instances running in parallel.
  This appears to be that there is a small chance that a port becomes unavailable between checking if it is free and using it.

• #​11231 46ccf0e Thanks @​connyay! - Fix WebSocket proxy timeout by disabling Node.js HTTP timeouts

  The dev registry proxy server was experiencing connection timeouts around
  60-90 seconds for long-lived WebSocket connections. This was caused by Node.js's
  headersTimeout (defaults to min(60s, requestTimeout)) which is checked periodically
  by connectionsCheckingInterval (defaults to 30s).

  When proxying WebSocket connections, the HTTP server's headers timeout was
  still active on the underlying socket, causing ERR_HTTP_REQUEST_TIMEOUT errors
  to be thrown and both client and server sockets to be destroyed.

  Setting both headersTimeout: 0 and requestTimeout: 0 in createServer options
  disables timeout enforcement, allowing WebSocket connections to remain open
  indefinitely as needed.

v4.20251109.0

Compare Source

Patch Changes

• #​11200 dd7d584 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251105.0	1.20251106.1

• #​11232 4259256 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251106.1	1.20251109.0

v4.20251105.0

Compare Source

Patch Changes

• #​11185 1ae020d Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251011.0	1.20251105.0

v4.20251011.2

Compare Source

Patch Changes

• #​11084 14f60e8 Thanks @​Caio-Nogueira! - remove explicit disposal on void-returning rpc method on workflow binding. This was adding extra dispose calls that were not needed, making the runtime noisy for the customers that saw internal errors unrelated to their code.

v4.20251011.1

Compare Source

Patch Changes

• #​10919 ca6c010 Thanks @​Caio-Nogueira! - migrate workflow to use a wrapped binding

v4.20251011.0

Compare Source

Minor Changes

• #​10867 dd5f769 Thanks @​austin-mc! - Add media binding support

• #​10768 8211bc9 Thanks @​dario-piotrowicz! - Add handleStructuredLogs option that allows consumers of the workerd structured logs to print such logs without additional boilerplate

Patch Changes

• #​10963 36d7054 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251008.0	1.20251011.0

v4.20251008.0

Compare Source

Patch Changes

• #​10917 42e256f Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251004.0	1.20251008.0

• #​10686 4462bc1 Thanks @​alsuren! - Document that dumpSql is shared with d1-worker, and incorporate some D1 internal stats gathering machinery (which is currently unused by miniflare)

v4.20251004.0

Compare Source

Patch Changes

• #​10858 51f9dc1 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20251001.0	1.20251004.0

• #​10856 1334102 Thanks @​anonrig! - Removes unnecessary calls to "node:os"

v4.20251001.0

Compare Source

Patch Changes

• #​10834 c8d5282 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250927.0	1.20251001.0

• #​10673 bffd2a9 Thanks @​jamesopstad! - Send a 404 response for unimplemented /cdn-cgi/handler/ routes.

v4.20250927.0

Compare Source

Patch Changes

• #​10775 6ff41a6 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250924.0	1.20250926.0

• #​10799 0c208e1 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250926.0	1.20250927.0

• #​10683 2432022 Thanks @​yuripave! - fix: api proxy preserve multiple Set-Cookie headers

• #​10769 0a554f9 Thanks @​penalosa! - Mark more errors as UserError to disable Sentry reporting

v4.20250924.0

Compare Source

Patch Changes

• #​10745 06e9a48 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250923.0	1.20250924.0

v4.20250923.0

Compare Source

Minor Changes

• #​10647 555a6da Thanks @​efalcao! - VPC service binding support

Patch Changes

• #​10692 262393a Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250917.0	1.20250918.0

• #​10705 3ec1f65 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250918.0	1.20250919.0

• #​10718 a434352 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250919.0	1.20250922.0

• #​10729 328e687 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250922.0	1.20250923.0

• #​10724 b4a4311 Thanks @​penalosa! - Use Cap'n Web in workers-sdk

v4.20250917.0

Compare Source

Minor Changes

• #​10651 6caf938 Thanks @​edevil! - Added new attribute "allowed_sender_addresses" to send email binding.

Patch Changes

• #​10684 b59e3e1 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250913.0	1.20250917.0

• #​10656 88132bc Thanks @​edmundhung! - Improve tunnel cleanup in dev registry to reduce connection errors

v4.20250913.0

Compare Source

Patch Changes

• #​10653 783afeb Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250906.0	1.20250913.0

v4.20250906.2

Compare Source

Minor Changes

• #​10596 735785e Thanks @​penalosa! - Add Miniflare & Wrangler support for unbound Durable Objects

v4.20250906.1

Compare Source

Minor Changes

• #​10119 336a75d Thanks @​dxh9845! - Add support for dynamically loading 'external' Miniflare plugins for unsafe Worker bindings (developed outside of the workers-sdk repo)

Patch Changes

• #​10494 e2b838f Thanks @​pombosilva! - Include workflow binding name in workflow plugin.

v4.20250906.0

Compare Source

Patch Changes

• #​10568 dac302c Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250902.0	1.20250906.0

v4.20250902.0

Compare Source

Patch Changes

• #​10535 4cb3370 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250829.0	1.20250902.0

v4.20250829.0

Compare Source

Patch Changes

• #​10502 22c8ae6 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250823.0	1.20250829.0

• #​10471 38bdb78 Thanks @​clintonsteiner! - chore: bump devalue version to 5.3.2

v4.20250823.1

Compare Source

Patch Changes

• #​10437 452ad0b Thanks @​dario-piotrowicz! - Loosen validation around different configurations for Durable Object

  Allow durable objects to have enableSql, `unsafeUniqueK

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/intlify/utils/@intlify/utils@63

commit: e5437b8