#12056 6d5f69f Thanks @edmundhung! - fix: allow Vite query parameters like ?raw on .sql file imports
Importing .sql files with Vite query parameters (e.g., import sql from "./query.sql?raw") would fail with "No such module" errors in vitest-pool-workers 0.12.x. Both import styles now work:
import sql from "./query.sql?raw" (Vite handles the ?raw transform)import sql from "./query.sql" (loaded as Text module)#11917 7b40ceb Thanks @ksawaneh! - Fix CommonJS require() of .json files in the module fallback service (avoids SyntaxError: Unexpected token ':').
#11897 bbd8a5e Thanks @dario-piotrowicz! - Bundle the zod dependency to reduce supply chain attack surface
In order to prevent possible npm vulnerability attacks, the team's policy is to bundle dependencies in our packages where possible. This helps ensure that only trusted code runs on the user's system, even if compromised packages are later published to npm.
This change bundles zod (a pure JavaScript validation library with no native dependencies)
into miniflare and @cloudflare/vitest-pool-workers.
Other dependencies remain external for technical reasons:
sharp: Native binary with platform-specific buildsundici: Dynamically required at runtime in worker threadsws: Has optional native bindings for performanceworkerd: Native binary (Cloudflare's JavaScript runtime)@cspotcode/source-map-support: Uses require.cache manipulation at runtimeyouch: Dynamically required for lazy loadingUpdated dependencies [a0a9ef6, ad4666c, 014e7aa, e414f05, 77e82d2, f08ef21, 0641e6c, eacedba, 05714f8, e8b2ef5, bbd8a5e]:
Fetched March 31, 2026