Update npm dependencies (main) (minor)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
mermaid	11.12.1 → 11.13.0
wrangler (source)	4.59.1 → 4.77.0

---

Release Notes

mermaid-js/mermaid (mermaid)

v11.13.0

Compare Source

Minor Changes

• #​7352 d6db0b0 Thanks @​remcohaszing! - feat: Export the AsyncIconLoader, SyncIconLoader, and IconLoader types.

• #​5932 cdacb0b Thanks @​exoego! - feat: Add venn-beta diagram

• #​6789 73e9849 Thanks @​omkarht! - feat: Add half-arrowheads (solid & stick) and central connection support

• #​7387 acce4db Thanks @​exoego! - feat: Add Ishikawa diagram (ishikawa-beta)

• #​6995 9745f32 Thanks @​darshanr0107! - feat: Deprecate flowchart.htmlLabels in favor of root-level htmlLabels in Mermaid config

• #​5814 2dd29be Thanks @​kairi003! - feat: allow to put notes in namespaces on classDiagram

Patch Changes

• #​7075 96a766d Thanks @​darshanr0107! - fix: Prevent HTML tags from being escaped in sandbox label rendering

• #​6843 32723b2 Thanks @​saurabhg772244! - fix: Support edge animation in hand drawn look

• #​7453 a60e615 Thanks @​darshanr0107! - fix: ER diagram edge label positioning

• #​6989 1a9d45a Thanks @​darshanr0107! - fix: Resolved parsing error where direction TD was not recognized within subgraphs

• #​7178 96ca7c0 Thanks @​omkarht! - fix(treemap): Fixed treemap classDef style application to properly apply user-defined styles

• #​7076 60f6331 Thanks @​darshanr0107! - fix: Correct viewBox casing and make SVGs responsive

• #​7055 fa15ce8 Thanks @​darshanr0107! - fix: Improve participant parsing and prevent recursive loops on invalid syntax

• #​7276 33c7c72 Thanks @​darshanr0107! - fix: respect markdownAutoWrap: false to prevent text auto-wrapping in flowchart markdown labels with htmlLabels enabled.

  Markdown labels with markdownAutoWrap: false, htmlLabels: false set doesn't work
  correctly.

• #​7416 3c069b5 Thanks @​Crafter-Y! - fix: architecture diagram lines should now have the correct length

• #​6995 9745f32 Thanks @​darshanr0107! - fix: Support the htmlLabels Mermaid config value whenever possible

• #​7293 a408b55 Thanks @​darshanr0107! - fix: Prevent browser hang when using multiline accDescr in XY charts

• #​6119 712c1ec Thanks @​NealGooch! - fix: correct block positioning when nested blocks span multiple columns

• #​7424 981a62e Thanks @​knsv! - fix: correct BT orientation arc sweep flags in gitGraph drawArrow()

  Swapped SVG arc sweep-flag values in the BT (bottom-to-top) orientation branches of drawArrow() so curves bend in the correct direction. Affects both rerouting and non-rerouting code paths for merge and non-merge arrows.

  Resolves #​6593

• #​7430 a4bb0b5 Thanks @​knsv! - fix: allow colons in stateDiagram-v2 transition and state description text

• #​7432 b0f9d5b Thanks @​knsv! - fix: derive taskTextDarkColor from doneTaskBkgColor in dark theme for readable done-task text

• #​7456 981fbb8 Thanks @​knsv-bot! - fix(gantt): restore readable outside-text color for done tasks in dark mode

• #​7139 93aa657 Thanks @​omkarht! - revert: restore original hexagon and roundedRect implementations

• #​7136 6bc6617 Thanks @​omkarht! - feat: add alias support for new participant syntax of sequence diagrams

• #​7375 9d0669a Thanks @​kaigritun! - fix(er): recognize '1' cardinality alias before relationship operators

• #​7275 7eed6a1 Thanks @​darshanr0107! - fix: change createLabel to call createText

  This adds support for KaTeX and FontAwesome icons loaded via iconpacks in some
  older labels. There are some small changes in formatting due to standardizing this code.

• #​7265 2000680 Thanks @​omkarht! - fix: prevent unintended opacity on SVG aws icons containing rect elements

• #​7139 b7c66a2 Thanks @​omkarht! - chore: restore original hexagon and roundedRect implementations

• #​7425 f16bfbb Thanks @​knsv! - fix: use rounded right-angle edges for ELK layout

  ELK layout edges now default to rounded curve (right-angle segments with rounded corners) instead of inheriting the global basis default. This fixes ELK edges that were curving instead of routing at right angles (#​7213). Non-ELK layouts are unaffected and keep their existing basis default.

• #​7296 aac86f7 Thanks @​darshanr0107! - fix: Ensure correct edge label rendering for ER and requirement diagrams when flowchart htmlLabels are false

• #​7019 ace0367 Thanks @​darshanr0107! - fix: Mindmap breaking in ELK layout

• #​6984 09b74f1 Thanks @​omkarht! - fix(er-diagram): prevent syntax error when using 'u', numbers, and decimals in node names

• #​7276 33c7c72 Thanks @​darshanr0107! - fix: Restore proper rendering of plain text flowchart labels without auto line-wrapping

  This fix restores backwards compatibility with Mermaid v10 by ensuring that plain text labels in flowcharts are rendered correctly. In Mermaid v11, all labels were incorrectly being treated as markdown by default, which caused issues with text wrapping, multiline breaks, and backwards compatibility.

  What changed:

  • Plain text labels in flowcharts (without markdown syntax) now render as regular text
    • For node labels and edge labels, these will line-wrap automatically. Although this isn't backwards compatible with v10, we think this is a minor change and it's worth keeping to avoid too many changes from diagrams created from v11 onwards.
    • Plain text labels in other diagrams will continue to not line wrap.
  • Plain text labels with \n characters now correctly create line breaks
  • Plain text that looks like markdown (e.g., "1.", "- x") is no longer misinterpreted

  If you want markdown formatting:
  You can still use markdown in your flowchart labels by using the proper markdown syntax. Wrap your markdown text with double quotes and backticks:
  node["`_markdown_ **text**`"]

  Example:

  ```mermaid
  flowchart TD
      plain["Plain text\nwith manual line break"]
      markdown["`This is a **markdown** _label_ that wraps and doesn't replace \n with newlines`"]
  ```

• #​7080 835de00 Thanks @​darshanr0107! - fix: Support ComponentQueue_Ext to prevent parsing error

• #​7310 a9e4c72 Thanks @​darshanr0107! - fix: Allow quoted string labels in architecture-beta diagrams

• #​7052 ff15e51 Thanks @​darshanr0107! - fix: Correct tooltip placement to appear near hovered element

• #​7197 8bfd477 Thanks @​omkarht! - fix: validate dates and tick interval to prevent UI freeze/crash in gantt diagramtype

• #​7099 b136acd Thanks @​darshanr0107! - fix: Mindmap rendering issue when the number of Level 2 nodes exceeds 11

• #​7217 e0317ac Thanks @​omkarht! - fix(gitgraph): pass gitGraphConfig to renderer functions for applying directives properly.

• Updated dependencies [fd3fc50]:

  • @​mermaid-js/parser@​1.0.1

v11.12.3

Compare Source

Patch Changes

• Updated dependencies [7243340]:
  • @​mermaid-js/parser@​1.0.0

v11.12.2

Compare Source

Patch Changes

• #​7200 de7ed10 Thanks @​shubhamparikh2704! - fix: validate dates and tick interval to prevent UI freeze/crash in gantt diagramtype

cloudflare/workers-sdk (wrangler)

v4.77.0

Compare Source

Minor Changes

• #​13023 593c4db Thanks @​jamesopstad! - Add wrangler versions upload support for the experimental secrets configuration property

  When the new secrets property is defined, wrangler versions upload now validates that all secrets declared in secrets.required are configured on the Worker before the upload succeeds. If any required secrets are missing, the upload fails with a clear error listing which secrets need to be set.

  When secrets is not defined, the existing behavior is unchanged.

  // wrangler.jsonc
  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

• #​12732 c2e9163 Thanks @​jamesopstad! - Add deploy support for the experimental secrets configuration property

  When the new secrets property is defined, wrangler deploy now validates that all secrets declared in secrets.required are configured on the Worker before the deploy succeeds. If any required secrets are missing, the deploy fails with a clear error listing which secrets need to be set.

  When secrets is not defined, the existing behavior is unchanged.

  // wrangler.jsonc
  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #​12896 451dae3 Thanks @​petebacondarwin! - fix: Add retry and timeout protection to remote preview API calls

  Remote preview sessions (wrangler dev --remote) now automatically retry transient 5xx API errors (up to 3 attempts with linear backoff) and enforce a 30-second per-request timeout. Previously, a single hung or failed API response during session creation or worker upload could block the dev session reload indefinitely.

• #​12569 379f2a2 Thanks @​MattieTK! - Use qwik add cloudflare-workers instead of qwik add cloudflare-pages for Workers targets

  Both the wrangler autoconfig and C3 Workers template for Qwik were running qwik add cloudflare-pages even when targeting Cloudflare Workers. This caused the wrong adapter directory structure to be scaffolded (adapters/cloudflare-pages/ instead of adapters/cloudflare-workers/), and required post-hoc cleanup of Pages-specific files like _routes.json.

  Qwik now provides a dedicated cloudflare-workers adapter that generates the correct Workers configuration, including wrangler.jsonc with main and assets fields, a public/.assetsignore file, and the correct adapters/cloudflare-workers/vite.config.ts.

  Also adds --skipConfirmation=true to all qwik add invocations so the interactive prompt is skipped in automated contexts.

• #​11899 9a1cf29 Thanks @​hoodmane! - Remove cf-requirements support for Python workers. It hasn't worked with the runtime for a while now.

• #​11800 875da60 Thanks @​southpolesteve! - Add upgrade hint to unexpected configuration field warnings when an update is available

  When Wrangler encounters unexpected fields in the configuration file and a newer version of Wrangler is available, it now displays a message suggesting to update. This helps users who may be using configuration options that were added in a newer version of Wrangler.

• Updated dependencies [b8f3309, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 6a6449e]:

  • miniflare@​4.20260317.2

v4.76.0

Compare Source

Minor Changes

• #​12893 782df44 Thanks @​gpanders! - Rewrite wrangler containers list to use the paginated Dash API endpoint

  wrangler containers list now fetches from the /dash/applications endpoint instead of /applications, displaying results in a paginated table with columns for ID, Name, State, Live Instances, and Last Modified. Container state is derived from health instance counters (active, degraded, provisioning, ready).

  The command supports --per-page (default 25) for interactive pagination with Enter to load more and q/Esc to quit, and --json for machine-readable output. Non-interactive environments load all results in a single request.

• #​12957 62545c9 Thanks @​natewong1313! - Add Stream binding support to Wrangler and workers-utils

  Wrangler and workers-utils now recognize the stream binding in configuration, deployment metadata, and generated worker types. This enables projects to declare Stream bindings in wrangler.json and have the binding represented consistently across validation, metadata mapping, and type generation.

• #​12848 ce48b77 Thanks @​emily-shen! - Enable local explorer by default

  This ungates the local explorer, a UI that lets you inspect the state of D1, DO and KV resources locally by visiting /cdn-cgi/explorer during local development.

  Note: this feature is still experimental, and can be disabled by setting the env var X_LOCAL_EXPLORER=false.

Patch Changes

• #​12938 71ab981 Thanks @​dario-piotrowicz! - Add backward-compatible autoconfig support for Astro v5 and v4 projects

  The astro add cloudflare command in older Astro versions installs the latest adapter version, which causes compatibility issues. This change adds manual configuration logic for projects using Astro versions before 6.0.0:

  • Astro 6.0.0+: Uses the native astro add cloudflare command (unchanged behavior)
  • Astro 5.x: Installs @astrojs/cloudflare@12 and manually configures the adapter
  • Astro 4.x: Installs @astrojs/cloudflare@11 and manually configures the adapter
  • Astro < 4.0.0: Returns an error prompting the user to upgrade

• #​11892 7c3c6c6 Thanks @​staticpayload! - Handle registry ports when matching container image digests

  Wrangler now strips tags without breaking registry ports when comparing local images to remote digests. This prevents unnecessary pushes for tags like localhost:5000/app:tag.

• Updated dependencies [3c988e2, d028ffb, cb71403, 3a1c149, ce48b77, 8729f3d]:

  • miniflare@​4.20260317.1
  • @​cloudflare/unenv-preset@​2.16.0

v4.75.0

Compare Source

Minor Changes

• #​12492 3b81fc6 Thanks @​thomasgauvin! - feat: add wrangler tunnel commands for managing Cloudflare Tunnels

  Adds a new set of commands for managing remotely-managed Cloudflare Tunnels directly from Wrangler:

  • wrangler tunnel create <name> - Create a new Cloudflare Tunnel
  • wrangler tunnel list - List all tunnels in your account
  • wrangler tunnel info <tunnel> - Display details about a specific tunnel
  • wrangler tunnel delete <tunnel> - Delete a tunnel (with confirmation)
  • wrangler tunnel run <tunnel> - Run a tunnel using cloudflared
  • wrangler tunnel quick-start <url> - Start a temporary tunnel (Try Cloudflare)

  The run and quick-start commands automatically download and manage the cloudflared binary, caching it in ~/.wrangler/cloudflared/. Users are prompted before downloading and warned if their PATH-installed cloudflared is outdated. You can override the binary location with the CLOUDFLARED_PATH environment variable.

  All commands are marked as experimental.

Patch Changes

• #​12927 c9b3184 Thanks @​penalosa! - Bump undici from 7.18.2 to 7.24.4

• #​12875 13df6c7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260312.1	1.20260316.1

• #​12935 df0d112 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260316.1	1.20260317.1

• #​12928 81ee98e Thanks @​petebacondarwin! - Migrate chrome-devtools-patches deployment from Cloudflare Pages to Workers + Assets

  The DevTools frontend is now deployed as a Cloudflare Workers + Assets project instead of a Cloudflare Pages project. This uses wrangler deploy for production deployments and wrangler versions upload for PR preview deployments.

  The inspector proxy origin allowlists in both wrangler and miniflare have been updated to accept connections from the new workers.dev domain patterns, while retaining the legacy pages.dev patterns for backward compatibility.

• #​12835 c600ce0 Thanks @​dario-piotrowicz! - Fix execution freezing on debugger statements when DevTools is not attached

  Previously, wrangler always sent Debugger.enable to the runtime on connection, even when DevTools wasn't open. This caused scripts to freeze on debugger statements. Now Debugger.enable is only sent when DevTools is actually attached, and Debugger.disable is sent when DevTools disconnects to stop the runtime from performing debugging work.

• #​12894 f509d13 Thanks @​gpanders! - Simplify description of --json option

  Remove extraneous adjectives in the description of the --json option.

• #​11888 0a7fef9 Thanks @​staticpayload! - Reject cross-drive module paths in Pages Functions routing

  On Windows, module paths using a different drive letter could be parsed in a way that bypassed the project-root check. These paths are now parsed correctly and rejected when they resolve outside the project.

• Updated dependencies [c9b3184, 13df6c7, df0d112, 81ee98e]:

  • miniflare@​4.20260317.0

v4.74.0

Compare Source

Minor Changes

• #​10896 351e1e1 Thanks @​devin-ai-integration! - feat: add --secrets-file parameter to wrangler deploy and wrangler versions upload

  You can now upload secrets alongside your Worker code in a single operation using the --secrets-file parameter on both wrangler deploy and wrangler versions upload. The file format matches what's used by wrangler versions secret bulk, supporting both JSON and .env formats.

  Example usage:

  wrangler deploy --secrets-file .env.production
  wrangler versions upload --secrets-file secrets.json

  Secrets not included in the file will be inherited from the previous version, matching the behavior of wrangler versions secret bulk.

• #​12873 2b9a186 Thanks @​gpanders! - Add wrangler containers instances <application_id> command to list container instances

  Lists all container instances for a given application, matching the Dash instances view. Displays instance ID, state, location, version, and creation time. Supports pagination for applications with many instances. Also adds paginated request support to the containers-shared API client.

Patch Changes

• #​12873 2b9a186 Thanks @​gpanders! - Add escapeCodeTimeout option to onKeyPress utility for faster Esc key detection

  The onKeyPress utility now accepts an optional escapeCodeTimeout parameter that controls how long readline waits to disambiguate a standalone Esc press from multi-byte escape sequences (e.g. arrow keys). The default remains readline's built-in 500ms, but callers can pass a lower value (e.g. 25ms) for near-instant Esc handling in interactive prompts.

• #​12676 65f1092 Thanks @​dario-piotrowicz! - Fix autoconfig package installation always failing at workspace roots

  When running autoconfig at the root of a monorepo workspace, package installation commands now include the appropriate workspace root flags (--workspace-root for pnpm, -W for yarn). This prevents errors like "Running this command will add the dependency to the workspace root" that previously occurred when configuring projects at the workspace root.

  Additionally, autoconfig now allows running at the workspace root if the root directory itself is listed as a workspace package (e.g., workspaces: ["packages/*", "."]).

• #​12841 7b0d8f5 Thanks @​dario-piotrowicz! - Fix unclear error when assets upload session returns a null response

  When deploying assets, if the Cloudflare API returns a null response object, Wrangler now provides a clear error message asking users to retry instead of failing with a confusing error.

• Updated dependencies [ade0aed]:

  • miniflare@​4.20260312.1

v4.73.0

Compare Source

Minor Changes

• #​12853 ff543e3 Thanks @​gpanders! - Deprecate SSH passthrough flags in wrangler containers ssh

  The --cipher, --log-file, --escape-char, --config-file, --pkcs11, --identity-file, --mac-spec, --option, and --tag flags are now deprecated. These flags expose OpenSSH-specific options that are tied to the current implementation. A future release will replace the underlying SSH transport, at which point these flags will be removed. They still function for now.

• #​12815 e63539d Thanks @​NuroDev! - Support disabling persistence in unstable_startWorker() and unstable_dev()

  You can now disable persistence entirely by setting persist: false in the dev options:

  const worker = await unstable_dev("./src/worker.ts", {
  	persist: false,
  });

  Or when using unstable_startWorker():

  const worker = await unstable_startWorker({
  	entrypoint: "./src/worker.ts",
  	dev: {
  		persist: false,
  	},
  });

  This is useful for testing scenarios where you want to ensure a clean state on each run without any persisted data from previous runs.

Patch Changes

• #​12861 f7de0fd Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260310.1	1.20260312.1

• #​12734 8e89e85 Thanks @​flostellbrink! - Add back support for wrangler d1 exports with multiple tables.

  Example:

  # All tables (default)
  wrangler d1 export db --output all-tables.sql
  
  # Single table (unchanged)
  wrangler d1 export db --output single-table.sql --table foo
  
  # Multiple tables (new)
  wrangler d1 export db --output multiple-tables.sql --table foo --table bar

• #​12807 8d1e130 Thanks @​MaxwellCalkin! - fix: vectorize commands now output valid json

  This fixes:

  • wrangler vectorize create
  • wrangler vectorize info
  • wrangler vectorize insert
  • wrangler vectorize upsert
  • wrangler vectorize list
  • wrangler vectorize list-vectors
  • wrangler vectorize list-metadata-index

  Also, wrangler vectorize create --json now also includes the created_at, modified_on and description fields.

• #​12856 6ee18e1 Thanks @​dario-piotrowicz! - Fix autoconfig for Astro v6 projects to skip wrangler config generation

  Astro 6+ generates its own wrangler configuration on build, so autoconfig now detects the Astro version and skips creating a wrangler.jsonc file for projects using Astro 6 or later. This prevents conflicts between the autoconfig-generated config and Astro's built-in config generation.

• #​12700 4bb61b9 Thanks @​RiscadoA! - Add client-side validation for VPC service host flags

  The --hostname, --ipv4, and --ipv6 flags on wrangler vpc service create and wrangler vpc service update now validate input before sending requests to the API. Previously, invalid values were accepted by the CLI and only rejected by the API with opaque error messages. Now users get clear, actionable error messages for common mistakes like passing a URL instead of a hostname, using an IP address in the --hostname flag, or providing malformed IP addresses.

• Updated dependencies [f7de0fd, ecc7f79, 1dda1c8]:

  • miniflare@​4.20260312.0

v4.72.0

Compare Source

Minor Changes

• #​12746 211d75d Thanks @​NuroDev! - Add support for inheritable bindings in type generation

  When using wrangler types with multiple environments, bindings from inheritable config properties (like assets) are now correctly inherited from the top-level config in all named environments. Previously, if you defined assets.binding at the top level with named environments, the binding would be marked as optional in the generated Env type because the type generation didn't account for inheritance.

  Example:

  {
  	"assets": {
  		"binding": "ASSETS",
  		"directory": "./public"
  	},
  	"env": {
  		"staging": {},
  		"production": {}
  	}
  }

  Before this change, ASSETS would be typed as ASSETS?: Fetcher (optional). Now, ASSETS is correctly typed as ASSETS: Fetcher (required). This fix currently applies to the assets binding, with an extensible mechanism to support additional inheritable bindings in the future.

• #​12826 de65c58 Thanks @​gabivlj! - Enable container egress interception in local dev without the experimental compatibility flag

  Container local development now always prepares the egress interceptor sidecar image needed for interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.

Patch Changes

• #​12790 5451a7f Thanks @​petebacondarwin! - Bump node-forge to ^1.3.2 to address security vulnerabilities

  node-forge had ASN.1 unbounded recursion, OID integer truncation, and ASN.1 validator desynchronization vulnerabilities. This is a bundled dependency used for local HTTPS certificate handling.

• #​12795 82cc2a8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260301.1	1.20260306.1

• #​12811 3c67c2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260306.1	1.20260307.1

• #​12827 d645594 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260307.1	1.20260310.1

• #​12808 6ed249b Thanks @​MaxwellCalkin! - Fix wrangler d1 execute --json returning "null" (string) instead of null (JSON null) for SQL NULL values

  When using wrangler d1 execute --json with local execution, SQL NULL values were incorrectly serialized as the string "null" instead of JSON null. This produced invalid JSON output that violated RFC 4627. The fix removes the explicit null-to-string conversion so NULL values are preserved as proper JSON null in the output.

• #​12824 9f93b54 Thanks @​jamesopstad! - Strip query strings from module names before writing to disk

  When bundling modules with query string suffixes (e.g. .wasm?module), the ? character was included in the output filename. Since ? is not a valid filename character on Windows, this caused an ENOENT error during wrangler dev. This was particularly visible when using Prisma Client with the D1 adapter, which imports .wasm?module files.

  The fix strips query strings from module names before writing them to disk, while preserving correct module resolution.

• #​12771 b8c33f5 Thanks @​penalosa! - Make remote dev exchange_url optional

  The edge-preview API's exchange_url is now treated as optional. When unavailable or when the exchange fails, the initial token from the API response is used directly. The prewarm step and inspector_websocket have been removed from the remote dev flow in favour of tail_url for live logs.

• Updated dependencies [5451a7f, 82cc2a8, 3c67c2a, d645594, de65c58, cb14820, a7c87d1, e4d9510]:

  • miniflare@​4.20260310.0

v4.71.0

Compare Source

Minor Changes

• #​11656 ec2459e Thanks @​prydt! - feat(hyperdrive): add MySQL SSL mode and Custom CA support

  Hyperdrive now supports MySQL-specific SSL modes (REQUIRED, VERIFY_CA, VERIFY_IDENTITY) alongside the existing PostgreSQL modes. The --sslmode flag now validates the provided value based on the database scheme (PostgreSQL or MySQL) and enforces appropriate CA certificate requirements for each.

  Usage:

  # MySQL with CA verification
  wrangler hyperdrive create my-config --connection-string="mysql://user:pass@host:3306/db" --sslmode=VERIFY_CA --ca-certificate-id=<cert-id>
  
  # PostgreSQL (unchanged)
  wrangler hyperdrive create my-config --connection-string="postgres://user:pass@host:5432/db" --sslmode=verify-full --ca-certificate-id=<cert-id>

Patch Changes

• Updated dependencies [5cc8fcf]:
  • @​cloudflare/unenv-preset@​2.15.0
  • miniflare@​4.20260301.1

v4.70.0

Compare Source

Minor Changes

• #​11332 6a8aa5f Thanks @​nikitassharma! - Users are now able to configure DockerHub credentials and have containers reference images stored there.

  DockerHub can be configured as follows:

  echo $PAT_TOKEN | npx wrangler@latest containers registries configure docker.io --dockerhub-username=user --secret-name=DockerHub_PAT_Token

  Containers can then specify an image from DockerHub in their wrangler.jsonc as follows:

  "containers": {
    "image": "docker.io/namespace/image:tag",
    ...
  }

• #​12649 35b2c56 Thanks @​gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp

  This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.

• #​12701 23a365a Thanks @​jamesopstad! - Add local dev validation for the experimental secrets configuration property

  When the new secrets property is defined, wrangler dev and vite dev now validate secrets declared in secrets.required. When required secrets are missing from .dev.vars or .env/process.env, a warning is logged listing the missing secret names.

  When secrets is defined, only the keys listed in secrets.required are loaded. Additional keys in .dev.vars or .env are excluded. If you are not using .dev.vars, keys listed in secrets.required are loaded from process.env as well as .env. The CLOUDFLARE_INCLUDE_PROCESS_ENV environment variable is therefore not needed when using this feature.

  When secrets is not defined, the existing behavior is unchanged.

  // wrangler.jsonc
  {
  	"secrets": {
  		"required": ["API_KEY", "DB_PASSWORD"],
  	},
  }

• #​12695 0769056 Thanks @​jamesopstad! - Add type generation for the experimental secrets configuration property

  When the new secrets property is defined, wrangler types now generates typed bindings from the names listed in secrets.required.

  When secrets is defined at any config level, type generation uses it exclusively and no longer infers secret names from .dev.vars or .env files. This enables running type generation in environments where these files are not present.

  Per-environment secrets are supported. Each named environment produces its own interface, and the aggregated Env marks secrets that only appear in some environments as optional.

  When secrets is not defined, the existing behavior is unchanged.

  // wrangler.jsonc
  {
  	"secrets": {
  		"required": ["API_KEY", "DB_PASSWORD"],
  	},
  }

• #​12693 150ef7b Thanks @​martinezjandrew! - Add wrangler containers registries credentials command for generating temporary push/pull credentials

  This command generates short-lived credentials for authenticating with the Cloudflare managed registry (registry.cloudflare.com). Useful for CI/CD pipelines or local Docker authentication.

  # Generate push credentials (for uploading images)
  wrangler con
  

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🚀 Preview is available at https://039f4b07.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://08300ee1.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://6626ba07.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://547ec4d3.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://777ca95c.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://41dff465.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://604b8a26.enterprise-contract.pages.dev

[github-actions]

🚀 Preview is available at https://cfdb8b39.enterprise-contract.pages.dev