#12790 5451a7f Thanks @petebacondarwin! - Bump devalue to ^5.6.3 to address security vulnerabilities
Devalue had denial of service and prototype pollution vulnerabilities. This is a bundled dependency.
Updated dependencies [5451a7f, 5451a7f, 82cc2a8, 3c67c2a, d645594, 211d75d, 6ed249b, 9f93b54, de65c58, cb14820, a7c87d1, b8c33f5, e4d9510]:
#12771 b8c33f5 Thanks @penalosa! - Remove prewarm, inspector_websocket, and exchange proxy from preview flow
The preview session exchange endpoint (/exchange) has been removed from the edge-preview-authenticated-proxy — it has been unused since the dash started fetching the exchange URL directly (DEVX-979). The prewarm parameter is no longer required or accepted by the .update-preview-token endpoint.
The playground preview worker now treats exchange_url as optional, falling back to the initial token from the edge-preview API when exchange is unavailable. Inspector websocket proxying and prewarm have been removed in favour of using tail_url for live logs.
#12756 c7d0d18 Thanks @petebacondarwin! - Fix error formatting to reliably return fallback responses on failure
Previously, if something went wrong while formatting a pretty error page, the failure could go unhandled, resulting in no response being returned to the user. Now, errors during formatting are properly caught, ensuring users always receive a 500 JSON fallback response.
#11656 ec2459e Thanks @prydt! - feat(hyperdrive): add MySQL SSL mode and Custom CA support
Hyperdrive now supports MySQL-specific SSL modes (REQUIRED, VERIFY_CA, VERIFY_IDENTITY) alongside the existing PostgreSQL modes. The --sslmode flag now validates the provided value based on the database scheme (PostgreSQL or MySQL) and enforces appropriate CA certificate requirements for each.
Usage:
# MySQL with CA verification
wrangler hyperdrive create my-config --connection-string="mysql://user:pass@host:3306/db" --sslmode=VERIFY_CA --ca-certificate-id=<cert-id>
# PostgreSQL (unchanged)
wrangler hyperdrive create my-config --connection-string="postgres://user:pass@host:5432/db" --sslmode=verify-full --ca-certificate-id=<cert-id>5cc8fcf]:
#10618 5cc8fcf Thanks @petebacondarwin! - Use the native workerd node:perf_hooks module and Performance global classes when available
They are enabled when the enable_nodejs_perf_hooks_module compatibility flag is set. This feature is currently experimental and requires the above flag and experimental compatibility flag to be set.
#12752 00a4356 Thanks @WillTaylorDev! - fix: Normalize backslash characters in /cdn-cgi paths
Requests containing backslash characters in /cdn-cgi paths are now redirected to their normalized equivalents with forward slashes. This ensures consistent URL handling across different browsers and HTTP clients.
#12453 9764ea0 Thanks @NuroDev! - Add initial data studio with D1 and Durable Objects support
Adds a data studio interface to the local explorer UI, allowing you to browse and interact with D1 databases and Durable Objects during local development. The studio provides table browsing, query execution, and data editing capabilities.
#12760 fa88fef Thanks @NuroDev! - Add schema editor to data studio
Adds a visual schema editor to the data studio that allows you to create new database tables and edit existing table schemas. The editor provides column management (add, edit, remove), constraint editing (primary keys, unique constraints), and generates the corresponding SQL statements for review before committing changes.
This is a WIP experimental feature.
#11970 f235827 Thanks @pombosilva! - Adds step context with attempt count to step.do() callbacks.
Workflow step callbacks now receive a context object containing the current attempt number (1-indexed). This allows developers to access which retry attempt is currently executing.
Example:
await step.do("my-step", async (ctx) => {
// ctx.attempt is 1 on first try, 2 on first retry, etc.
console.log(`Attempt ${ctx.attempt}`);
});ec2459e]:
#12682 b5b91c9 Thanks @hiendv! - Fix resource leak where remote proxy sessions were not disposed during pool shutdown, causing vitest processes to hang.
Updated dependencies [6a8aa5f, d672e2e, 35b2c56, 5f7aaf2, 209b396, 23a365a, 596b8a0, 00e729e, 0769056, 150ef7b, bf9cb3d]:
#11332 6a8aa5f Thanks @nikitassharma! - Users are now able to configure DockerHub credentials and have containers reference images stored there.
DockerHub can be configured as follows:
echo $PAT_TOKEN | npx wrangler@latest containers registries configure docker.io --dockerhub-username=user --secret-name=DockerHub_PAT_TokenContainers can then specify an image from DockerHub in their wrangler.jsonc as follows:
"containers": {
"image": "docker.io/namespace/image:tag",
...
}
#12649 35b2c56 Thanks @gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp
This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.
#12701 23a365a Thanks @jamesopstad! - Add local dev validation for the experimental secrets configuration property
When the new secrets property is defined, wrangler dev and vite dev now validate secrets declared in secrets.required. When required secrets are missing from .dev.vars or .env/process.env, a warning is logged listing the missing secret names.
When secrets is defined, only the keys listed in secrets.required are loaded. Additional keys in .dev.vars or .env are excluded. If you are not using .dev.vars, keys listed in secrets.required are loaded from process.env as well as .env. The CLOUDFLARE_INCLUDE_PROCESS_ENV environment variable is therefore not needed when using this feature.
When secrets is not defined, the existing behavior is unchanged.
// wrangler.jsonc
{
"secrets": {
"required": ["API_KEY", "DB_PASSWORD"],
},
}
#12695 0769056 Thanks @jamesopstad! - Add type generation for the experimental secrets configuration property
When the new secrets property is defined, wrangler types now generates typed bindings from the names listed in secrets.required.
When secrets is defined at any config level, type generation uses it exclusively and no longer infers secret names from .dev.vars or .env files. This enables running type generation in environments where these files are not present.
Per-environment secrets are supported. Each named environment produces its own interface, and the aggregated Env marks secrets that only appear in some environments as optional.
When secrets is not defined, the existing behavior is unchanged.
// wrangler.jsonc
{
"secrets": {
"required": ["API_KEY", "DB_PASSWORD"],
},
}
#12693 150ef7b Thanks @martinezjandrew! - Add wrangler containers registries credentials command for generating temporary push/pull credentials
This command generates short-lived credentials for authenticating with the Cloudflare managed registry (registry.cloudflare.com). Useful for CI/CD pipelines or local Docker authentication.
# Generate push credentials (for uploading images)
wrangler containers registries credentials registry.cloudflare.com --push
# Generate pull credentials (for downloading images)
wrangler containers registries credentials registry.cloudflare.com --pull
# Generate credentials with both permissions
wrangler containers registries credentials registry.cloudflare.com --push --pull
# Custom expiration (default 15)
wrangler containers registries credentials registry.cloudflare.com --push --expiration-minutes=30#12622 bf9cb3d Thanks @LuisDuarte1! - Add configurable step limits for Workflows
You can now set a maximum number of steps for a Workflow instance via the limits.steps configuration in your Wrangler config. When a Workflow instance exceeds this limit, it will fail with an error indicating the limit was reached.
// wrangler.jsonc
{
"workflows": [
{
"binding": "MY_WORKFLOW",
"name": "my-workflow",
"class_name": "MyWorkflow",
"limits": {
"steps": 5000,
},
},
],
}
The steps value must be an integer between 1 and 25,000. If not specified, the default limit of 10,000 steps is used. Step limits are also enforced in local development via wrangler dev.
#12733 d672e2e Thanks @dario-piotrowicz! - Fix SolidStart autoconfig for projects using version 2.0.0-alpha or later
SolidStart v2.0.0-alpha introduced a breaking change where configuration moved from app.config.(js|ts) to vite.config.(js|ts). Wrangler's autoconfig now detects the installed SolidStart version and based on it updates the appropriate configuration file
#12698 209b396 Thanks @penalosa! - Update dependencies of "miniflare", "wrangler"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| workerd | 1.20260305.0 | 1.20260226.1 |
| @cloudflare/workers-types | 4.20260305.0 | 4.20260226.1 |
#12691 596b8a0 Thanks @penalosa! - Remove temporary AI Search RPC workaround (no user-facing changes)
#12694 00e729e Thanks @garvit-gupta! - Fix wrangler pipelines setup failing for Data Catalog sinks on new buckets by using the correct R2 Catalog API error code (40401).
Updated dependencies [35b2c56, 5f7aaf2, 209b396, 596b8a0, bf9cb3d]:
#12649 35b2c56 Thanks @gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp
This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.
#10153 5f7aaf2 Thanks @mglewis! - Add Hosted Images CRUD operations to Images binding.
This is an experimental API that only works locally for the moment.
#12622 bf9cb3d Thanks @LuisDuarte1! - Add configurable step limits for Workflows
You can now set a maximum number of steps for a Workflow instance via the limits.steps configuration in your Wrangler config. When a Workflow instance exceeds this limit, it will fail with an error indicating the limit was reached.
// wrangler.jsonc
{
"workflows": [
{
"binding": "MY_WORKFLOW",
"name": "my-workflow",
"class_name": "MyWorkflow",
"limits": {
"steps": 5000,
},
},
],
}
The steps value must be an integer between 1 and 25,000. If not specified, the default limit of 10,000 steps is used. Step limits are also enforced in local development via wrangler dev.
#12698 209b396 Thanks @penalosa! - Update dependencies of "miniflare", "wrangler"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| workerd | 1.20260305.0 | 1.20260226.1 |
| @cloudflare/workers-types | 4.20260305.0 | 4.20260226.1 |
#12691 596b8a0 Thanks @penalosa! - Remove temporary AI Search RPC workaround (no user-facing changes)
#12649 35b2c56 Thanks @gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp
This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.
#11332 6a8aa5f Thanks @nikitassharma! - Users are now able to configure DockerHub credentials and have containers reference images stored there.
DockerHub can be configured as follows:
echo $PAT_TOKEN | npx wrangler@latest containers registries configure docker.io --dockerhub-username=user --secret-name=DockerHub_PAT_TokenContainers can then specify an image from DockerHub in their wrangler.jsonc as follows:
"containers": {
"image": "docker.io/namespace/image:tag",
...
}
#12622 bf9cb3d Thanks @LuisDuarte1! - Add configurable step limits for Workflows
You can now set a maximum number of steps for a Workflow instance via the limits.steps configuration in your Wrangler config. When a Workflow instance exceeds this limit, it will fail with an error indicating the limit was reached.
// wrangler.jsonc
{
"workflows": [
{
"binding": "MY_WORKFLOW",
"name": "my-workflow",
"class_name": "MyWorkflow",
"limits": {
"steps": 5000,
},
},
],
}
The steps value must be an integer between 1 and 25,000. If not specified, the default limit of 10,000 steps is used. Step limits are also enforced in local development via wrangler dev.
#12713 f498237 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| @angular/create | 21.1.4 | 21.2.0 |
#12715 8d0c835 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| create-vue | 3.21.1 | 3.22.0 |
#12716 1c2d93d Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| create-react-router | 7.13.0 | 7.13.1 |
#12717 8e738f8 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| create-analog | 2.2.3 | 2.3.1 |
#12718 62e20c1 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| sv | 0.12.2 | 0.12.4 |
#12719 554c5f3 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| create-vike | 0.0.581 | 0.0.591 |
#12720 a3ff7d4 Thanks @dependabot! - Update dependencies of "create-cloudflare"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| create-waku | 0.12.5-1.0.0-alpha.4-0 | 0.12.5-1.0.0-alpha.5-0 |
#12728 bbe09b6 Thanks @jamesopstad! - Update SolidStart template for compatibility with v2.
SolidStart v2 uses the nitro Vite plugin so we now update the Nitro config in vite.config.ts rather than app.config.ts.
#12692 f671934 Thanks @roli-lpci! - Remove unused chalk dependency from create-cloudflare.
#12649 35b2c56 Thanks @gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp
This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.
#12701 23a365a Thanks @jamesopstad! - Add local dev validation for the experimental secrets configuration property
When the new secrets property is defined, wrangler dev and vite dev now validate secrets declared in secrets.required. When required secrets are missing from .dev.vars or .env/process.env, a warning is logged listing the missing secret names.
When secrets is defined, only the keys listed in secrets.required are loaded. Additional keys in .dev.vars or .env are excluded. If you are not using .dev.vars, keys listed in secrets.required are loaded from process.env as well as .env. The CLOUDFLARE_INCLUDE_PROCESS_ENV environment variable is therefore not needed when using this feature.
When secrets is not defined, the existing behavior is unchanged.
// wrangler.jsonc
{
"secrets": {
"required": ["API_KEY", "DB_PASSWORD"],
},
}
#12625 c0e9e08 Thanks @WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)
You can now enable cache before worker execution using the new cache configuration:
{
"cache": {
"enabled": true,
},
}
This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.
Note: This feature is experimental. The runtime API is not yet generally available.
#12661 99037e3 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| workerd | 1.20260302.0 | 1.20260303.0 |
#12680 295297a Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"
The following dependency versions have been updated:
| Dependency | From | To |
|---|---|---|
| workerd | 1.20260303.0 | 1.20260305.0 |
#12671 f765244 Thanks @MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts
The multi-account selection error in getAccountId now only redacts account names
when running in a CI environment (detected via ci-info). Non-interactive terminals
such as coding agents and piped commands can now see account names, which they need
to identify which account to configure. CI logs remain protected.
Updated dependencies [99037e3, 295297a]: