Sourced from wrangler's releases.
wrangler@3.19.0
Minor Changes
#4547
86c81ff0Thanks@mrbbot! - fix: listen on IPv4 loopback only by default on WindowsDue to a known issue,
workerdwill only listen on the IPv4 loopback address127.0.0.1when it's asked to listen onlocalhost. On Node.js > 17,localhostwill resolve to the IPv6 loopback address, meaning requests toworkerdwould fail. This change switches to using the IPv4 loopback address throughout Wrangler on Windows, while workerd#1408 gets fixed.#4535
29df8e17Thanks@mrbbot! - Reintroduces some internal refactorings of wrangler dev servers (includingwrangler dev,wrangler dev --remote, andunstable_dev()).These changes were released in 3.13.0 and reverted in 3.13.1 -- we believe the changes are now more stable and ready for release again.
There are no changes required for developers to opt-in. Improvements include:
- fewer 'address in use' errors upon reloads
- upon config/source file changes, requests are buffered to guarantee the response is from the new version of the Worker
Patch Changes
#4521
6c5bc704Thanks@zebp! - fix: init from dash specifying explicit usage model in wrangler.toml for standard users#4550
63708a94Thanks@mrbbot! - fix: validateHostandOrginheaders where appropriate
HostandOriginheaders are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.Updated dependencies [
71fb0b86,63708a94]:
- miniflare@3.20231030.3
wrangler@3.18.0
Minor Changes
#4532
311ffbd5Thanks@mrbbot! - fix: changewrangler (pages) devto listen onlocalhostby defaultPreviously, Wrangler listened on all interfaces (
*) by default. This change switcheswrangler (pages) devto just listen on local interfaces. Whilst this is technically a breaking change, we've decided the security benefits outweigh the potential disruption caused. If you need to access your dev server from another device on your network, you can usewrangler (pages) dev --ip *to restore the previous behaviour.Patch Changes
- Updated dependencies [
1b348782]:
- miniflare@3.20231030.2
wrangler@3.17.1
Patch Changes
#4474
382ef8f5Thanks@mrbbot! - fix: open browser to correct url pressingbin--remotemodeThis change ensures Wrangler doesn't try to open
http://*when*is used as the dev server's hostname. Instead, Wrangler will now openhttp://127.0.0.1.#4488
3bd57238Thanks@RamIdeas! - Changes the default directory for log files to workaround frameworks that are watching the entire.wranglerdirectory in the project root for changes
... (truncated)
Sourced from wrangler's changelog.
3.19.0
Minor Changes
#4547
86c81ff0Thanks@mrbbot! - fix: listen on IPv4 loopback only by default on WindowsDue to a known issue,
workerdwill only listen on the IPv4 loopback address127.0.0.1when it's asked to listen onlocalhost. On Node.js > 17,localhostwill resolve to the IPv6 loopback address, meaning requests toworkerdwould fail. This change switches to using the IPv4 loopback address throughout Wrangler on Windows, while workerd#1408 gets fixed.
#4535
29df8e17Thanks@mrbbot! - Reintroduces some internal refactorings of wrangler dev servers (includingwrangler dev,wrangler dev --remote, andunstable_dev()).These changes were released in 3.13.0 and reverted in 3.13.1 -- we believe the changes are now more stable and ready for release again.
There are no changes required for developers to opt-in. Improvements include:
- fewer 'address in use' errors upon reloads
- upon config/source file changes, requests are buffered to guarantee the response is from the new version of the Worker
Patch Changes
- #4521
6c5bc704Thanks@zebp! - fix: init from dash specifying explicit usage model in wrangler.toml for standard users
#4550
63708a94Thanks@mrbbot! - fix: validateHostandOrginheaders where appropriate
HostandOriginheaders are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.Updated dependencies [
71fb0b86,63708a94]:
- miniflare@3.20231030.3
3.18.0
Minor Changes
#4532
311ffbd5Thanks@mrbbot! - fix: changewrangler (pages) devto listen onlocalhostby defaultPreviously, Wrangler listened on all interfaces (
*) by default. This change switcheswrangler (pages) devto just listen on local interfaces. Whilst this is technically a breaking change, we've decided the security benefits outweigh the potential disruption caused. If you need to access your dev server from another device on your network, you can usewrangler (pages) dev --ip *to restore the previous behaviour.Patch Changes
- Updated dependencies [
1b348782]:
- miniflare@3.20231030.2
3.17.1
Patch Changes
#4474
382ef8f5Thanks@mrbbot! - fix: open browser to correct url pressingbin--remotemodeThis change ensures Wrangler doesn't try to open
http://*when*is used as the dev server's hostname. Instead, Wrangler will now openhttp://127.0.0.1.
- #4488
3bd57238Thanks@RamIdeas! - Changes the default directory for log files to workaround frameworks that are watching the entire.wranglerdirectory in the project root for changes
... (truncated)
5e67ea1
Version Packages (#4536)63708a9
fix: validate Host/Origin headers in magic
proxy and `InspectorProxyWorke...86c81ff
fix: listen on IPv4 loopback only by default on Windows (#4547)6c5bc70
fix: init from dash using explicit usage model for standard accounts (#4521)29df8e1
Revert "Revert "startDevWorker - Milestone 1 (#4497)"
(#4531)"
(#4535)97727de
Version Packages (#4495)311ffbd
[wrangler] fix: change wrangler (pages) dev to listen on
localhost by def...310281a
Revert "startDevWorker - Milestone 1 (#4497)"
(#4531)01eda78
startDevWorker - Milestone 1 (#4497)961c8ea
remove unused npx-import dependency (#4477)Sourced from semver's releases.
v7.6.0
7.6.0 (2024-01-31)
Features
a7ab13a#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa,@wraithgar)Chores
816c7b2#667 postinstall for dependabot template-oss PR (@lukekarrys)0bd24d9#667 bump@npmcli/template-ossfrom 4.21.1 to 4.21.3 (@dependabot[bot])e521932#652 postinstall for dependabot template-oss PR (@lukekarrys)8873991#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)f317dc8#652 bump@npmcli/template-ossfrom 4.19.0 to 4.21.0 (@dependabot[bot])7303db1#658 add clean() test for build metadata (#658) (@jethrodaniel)6240d75#656 add missing quotes in README.md (#656) (@zyxkad)14d263f#625 postinstall for dependabot template-oss PR (@lukekarrys)7c34e1a#625 bump@npmcli/template-ossfrom 4.18.1 to 4.19.0 (@dependabot[bot])123e0b0#622 postinstall for dependabot template-oss PR (@lukekarrys)737d5e1#622 bump@npmcli/template-ossfrom 4.18.0 to 4.18.1 (@dependabot[bot])cce6180#598 postinstall for dependabot template-oss PR (@lukekarrys)b914a3d#598 bump@npmcli/template-ossfrom 4.17.0 to 4.18.0 (@dependabot[bot])
Sourced from semver's changelog.
7.6.0 (2024-01-31)
Features
a7ab13a#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa,@wraithgar)Chores
816c7b2#667 postinstall for dependabot template-oss PR (@lukekarrys)0bd24d9#667 bump@npmcli/template-ossfrom 4.21.1 to 4.21.3 (@dependabot[bot])e521932#652 postinstall for dependabot template-oss PR (@lukekarrys)8873991#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)f317dc8#652 bump@npmcli/template-ossfrom 4.19.0 to 4.21.0 (@dependabot[bot])7303db1#658 add clean() test for build metadata (#658) (@jethrodaniel)6240d75#656 add missing quotes in README.md (#656) (@zyxkad)14d263f#625 postinstall for dependabot template-oss PR (@lukekarrys)7c34e1a#625 bump@npmcli/template-ossfrom 4.18.1 to 4.19.0 (@dependabot[bot])123e0b0#622 postinstall for dependabot template-oss PR (@lukekarrys)737d5e1#622 bump@npmcli/template-ossfrom 4.18.0 to 4.18.1 (@dependabot[bot])cce6180#598 postinstall for dependabot template-oss PR (@lukekarrys)b914a3d#598 bump@npmcli/template-ossfrom 4.17.0 to 4.18.0 (@dependabot[bot])
377f709
chore: release 7.6.0 (#661)a7ab13a
feat: preserve pre-release and build parts of a version on coerce (#671)816c7b2
chore: postinstall for dependabot template-oss PR0bd24d9
chore: bump @npmcli/template-oss from 4.21.1 to
4.21.3e521932
chore: postinstall for dependabot template-oss PR8873991
chore: chore: chore: postinstall for dependabot template-oss PRf317dc8
chore: bump @npmcli/template-oss from 4.19.0 to
4.21.07303db1
chore: add clean() test for build metadata (#658)6240d75
chore: add missing quotes in README.md (#656)14d263f
chore: postinstall for dependabot template-oss PRSourced from es5-ext's releases.
0.10.64 (2024-02-27)
Bug Fixes
- Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)
0.10.63 (2024-02-23)
Bug Fixes
- Do not rely on problematic regex (3551cdd), addresses #201
- Support ES2015+ function definitions in
function#toStringTokens()(a52e957), addresses #021- Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)
Maintenance Improvements
- Simplify the manifest message (7855319)
Sourced from es5-ext's changelog.
0.10.64 (2024-02-27)
Bug Fixes
- Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)
0.10.63 (2024-02-23)
Bug Fixes
- Do not rely on problematic regex (3551cdd), addresses #201
- Support ES2015+ function definitions in
function#toStringTokens()(a52e957), addresses #021- Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)
Maintenance Improvements
- Simplify the manifest message (7855319)
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a
regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgrade lint-staged to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions in
function#toStringTokens()1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit testSourced from miniflare's releases.
miniflare@3.20231030.3
Patch Changes
#4466
71fb0b86Thanks@mrbbot! - fix: ensure unused KV and Cache blobs cleaned upWhen storing data in KV, Cache and R2, Miniflare uses both an SQL database and separate blob store. When writing a key/value pair, a blob is created for the new value and the old blob for the previous value (if any) is deleted. A few months ago, we introduced a change that prevented old blobs being deleted for KV and Cache. R2 was unaffected. This shouldn't have caused any problems, but could lead to persistence directories growing unnecessarily as they filled up with garbage blobs. This change ensures garbage blobs are deleted.
Note existing garbage will not be cleaned up. If you'd like to do this, download this Node script (https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076). If you're using the default Wrangler persistence directory, run
node gc.mjs kv .wrangler/state/v3/kv <namespace_id_1> <namespace_id_2> ...andnode gc.mjs cache .wrangler/state/v3/cache default named:<cache_name_1> named:<cache_name_2> ...with each of your KV namespace IDs (not binding names) and named caches.#4550
63708a94Thanks@mrbbot! - fix: validateHostandOrginheaders where appropriate
HostandOriginheaders are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.miniflare@3.20231030.2
Patch Changes
#4505
1b348782Thanks@mrbbot! - fix: remove__STATIC_CONTENT_MANIFESTfrom module workerenvWhen using Workers Sites with a module worker, the asset manifest must be imported from the
__STATIC_CONTENT_MANIFESTvirtual module. Miniflare provided this module, but also erroneously added__STATIC_CONTENT_MANIFESTto theenvobject too. Whilst this didn't break anything locally, it could cause users to develop Workers that ran locally, but not when deployed. This change ensuresenvdoesn't contain__STATIC_CONTENT_MANIFEST.miniflare@3.20231030.1
Minor Changes
#4348
be2b9cf5Thanks@mrbbot! - feat: add support for wrapped bindingsThis change adds a new
wrappedBindingsworker option for configuringworkerd's wrapped bindings. These allow custom bindings to be written as JavaScript functions accepting anenvparameter of "inner bindings" and returning the value to bind. For more details, refer to the API docs.#4341
d9908743Thanks@RamIdeas! - Added ahandleRuntimeStdiowhich enables wrangler (or any other direct use of Miniflare) to handle thestdoutandstderrstreams from the workerd child process. By default, if this option is not provided, the previous behaviour is retained which splits the streams into lines and callsconsole.log/console.error.
Sourced from miniflare's changelog.
3.20231030.3
Patch Changes
#4466
71fb0b86Thanks@mrbbot! - fix: ensure unused KV and Cache blobs cleaned upWhen storing data in KV, Cache and R2, Miniflare uses both an SQL database and separate blob store. When writing a key/value pair, a blob is created for the new value and the old blob for the previous value (if any) is deleted. A few months ago, we introduced a change that prevented old blobs being deleted for KV and Cache. R2 was unaffected. This shouldn't have caused any problems, but could lead to persistence directories growing unnecessarily as they filled up with garbage blobs. This change ensures garbage blobs are deleted.
Note existing garbage will not be cleaned up. If you'd like to do this, download this Node script (https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076). If you're using the default Wrangler persistence directory, run
node gc.mjs kv .wrangler/state/v3/kv <namespace_id_1> <namespace_id_2> ...andnode gc.mjs cache .wrangler/state/v3/cache default named:<cache_name_1> named:<cache_name_2> ...with each of your KV namespace IDs (not binding names) and named caches.
#4550
63708a94Thanks@mrbbot! - fix: validateHostandOrginheaders where appropriate
HostandOriginheaders are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.3.20231030.2
Patch Changes
#4505
1b348782Thanks@mrbbot! - fix: remove__STATIC_CONTENT_MANIFESTfrom module workerenvWhen using Workers Sites with a module worker, the asset manifest must be imported from the
__STATIC_CONTENT_MANIFESTvirtual module. Miniflare provided this module, but also erroneously added__STATIC_CONTENT_MANIFESTto theenvobject too. Whilst this didn't break anything locally, it could cause users to develop Workers that ran locally, but not when deployed. This change ensuresenvdoesn't contain__STATIC_CONTENT_MANIFEST.3.20231030.1
Minor Changes
#4348
be2b9cf5Thanks@mrbbot! - feat: add support for wrapped bindingsThis change adds a new
wrappedBindingsworker option for configuringworkerd's wrapped bindings. These allow custom bindings to be written as JavaScript functions accepting anenvparameter of "inner bindings" and returning the value to bind. For more details, refer to the API docs.
- #4341
d9908743Thanks@RamIdeas! - Added ahandleRuntimeStdiowhich enables wrangler (or any other direct use of Miniflare) to handle thestdoutandstderrstreams from the workerd child process. By default, if this option is not provided, the previous behaviour is retained which splits the streams into lines and callsconsole.log/console.error.
5e67ea1
Version Packages (#4536)63708a9
fix: validate Host/Origin headers in magic
proxy and `InspectorProxyWorke...71fb0b8
fix: ensure unused KV and Cache blobs cleaned up (#4466)97727de
Version Packages (#4495)311ffbd
[wrangler] fix: change wrangler (pages) dev to listen on
localhost by def...1b34878
fix: remove __STATIC_CONTENT_MANIFEST from module worker
env (#4505)f728503
Version Packages (#4463)be2b9cf
feat: add support for wrapped bindings (#4348)d990874
Intercept workerd logs + write all debug logs to a hidden file (#4341)Sourced from undici's releases.
v5.28.3
⚠️ Security Release ⚠️
Fixes:
Full Changelog: https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3