Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vitest-pool-workers (source)	0.12.1 → 0.12.4
@cloudflare/workers-types	4.20260111.0 → 4.20260118.0
@tsconfig/node24 (source)	24.0.3 → 24.0.4
@types/node (source)	24.10.7 → 24.10.9
es-toolkit (source)	1.43.0 → 1.44.0
kysely (source)	0.28.9 → 0.28.10
mentoss	0.12.0 → 0.13.0
miniflare (source)	4.20260107.0 → 4.20260114.0
prettier (source)	3.7.4 → 3.8.0
wrangler (source)	4.58.0 → 4.59.2
xior	0.8.2 → 0.8.3

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vitest-pool-workers)

v0.12.4

Compare Source

Patch Changes

• #​11898 c17e971 Thanks @​petebacondarwin! - Bundle more third-party dependencies to reduce supply chain risk

  Previously, several small utility packages were listed as runtime dependencies and
  installed separately. These are now bundled directly into the published packages,
  reducing the number of external dependencies users need to trust.

  Bundled dependencies:

  • miniflare: acorn, acorn-walk, exit-hook, glob-to-regexp, stoppable
  • kv-asset-handler: mime
  • vite-plugin-cloudflare: @remix-run/node-fetch-server, defu, get-port, picocolors, tinyglobby
  • vitest-pool-workers: birpc, devalue, get-port, semver

• Updated dependencies [e78186d, fe4faa3, 4714ca1, c17e971, 695b043]:

  • miniflare@​4.20260114.0
  • wrangler@​4.59.2

v0.12.3

Compare Source

Patch Changes

• Updated dependencies [99b1f32]:
  • wrangler@​4.59.1

v0.12.2

Compare Source

Patch Changes

• Updated dependencies [b0e54b2, ed60c4f, faa5753, e574ef3, b6148ed, ab3859c, 0eb973d, ad65efa, fc96e5f, 43d5363, 0f8d69d]:
  • wrangler@​4.59.0
  • miniflare@​4.20260111.0

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260118.0

Compare Source

v4.20260117.0

Compare Source

v4.20260116.0

Compare Source

v4.20260115.0

Compare Source

v4.20260114.0

Compare Source

v4.20260113.0

Compare Source

tsconfig/bases (@​tsconfig/node24)

v24.0.4

Compare Source

toss/es-toolkit (es-toolkit)

v1.44.0

Compare Source

Released on January 16th, 2026.

• Added shouldRetry option to retry function. ([#​1585])
• Added isEmptyObject predicate function. ([#​1584])
• Added isNumber predicate function.
• Enhanced error cloning to support AggregateError. ([#​1563])
• Implemented collection methods for Maps and Sets.
• Added bundle size analysis and visualization components to docs. ([#​1564])
• Fixed flattenObject to retain empty objects and arrays.
• Enhanced type safety for clone function.
• Fixed clone error when cloning object with null prototype. ([#​1570])
• Fixed array function callbacks to include index and array parameters. ([#​1561])
• Fixed compat/cloneDeep and cloneDeepWith to clone null-prototype objects as regular objects. ([#​1562])
• Fixed compat/clamp to ensure consistency with lodash. ([#​1555])
• Simplified intersection filter callback for consistency. ([#​1582])
• Fixed incorrect function names and output in cloneDeep JSDoc examples. ([#​1583])

We sincerely thank @​raon0211, @​dayongkr, @​eunwoo-levi, @​matt-oakes, @​T3sT3ro, and @​D-Sketon for their contributions. We appreciate your great efforts!

kysely-org/kysely (kysely)

v0.28.10: 0.28.10

Compare Source

Hey 👋

A small batch of bug fixes. Please report any issues. 🤞😰🤞

🚀 Features

🐞 Bugfixes

• Add ExtractColumnType and DrainOuterGeneric type exports by @​mifi in #​1679
• fix: $narrowType compilation errors when composite: true. by @​igalklebanov in #​1681
• fix: executeTakeFirst compilation error when composite. by @​igalklebanov in #​1683
• fix: with/withRecursive compilation errors when composite. by @​igalklebanov in #​1684

PostgreSQL 🐘 / MSSQL 🥅

• fix: Migrator attempts to create custom migration schema even if it exists and fails on dialects that don't support if not exists. by @​austin-hall-skylight in #​1608

PostgreSQL 🐘 / SQLite 📘

• fix: returning compilation errors when composite. by @​igalklebanov in #​1682

📖 Documentation

📦 CICD & Tooling

• chore: bump pnpm to 10.26.1, use allowBuilds and blockExoticSubdeps. by @​igalklebanov in #​1663
• chore: bump dependencies. by @​igalklebanov in #​1685

⚠️ Breaking Changes

🐤 New Contributors

• @​austin-hall-skylight made their first contribution in #​1608
• @​mifi made their first contribution in #​1679

Full Changelog: kysely-org/kysely@v0.28.9...v0.28.10

humanwhocodes/mentoss (mentoss)

v0.13.0

Compare Source

Features

• Add MockAgent class for undici Dispatcher support (#​119) (9e7efe4)

cloudflare/workers-sdk (miniflare)

v4.20260114.0

Compare Source

Minor Changes

• #​11883 4714ca1 Thanks @​dario-piotrowicz! - Add MF-Original-Hostname header when using the upstream option

  When using the upstream option in Miniflare, the Host header is rewritten to match the upstream server, which means the original hostname is lost. This change adds a new MF-Original-Hostname header that preserves the original hostname from the incoming request.

  This allows Workers to access the original hostname when proxying requests through an upstream server:

  export default {
  	async fetch(request) {
  		const originalHostname = request.headers.get("MF-Original-Hostname");
  		// originalHostname contains the hostname before it was rewritten
  	},
  };

Patch Changes

• #​11908 e78186d Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260111.0	1.20260114.0

• #​11898 c17e971 Thanks @​petebacondarwin! - Bundle more third-party dependencies to reduce supply chain risk

  Previously, several small utility packages were listed as runtime dependencies and
  installed separately. These are now bundled directly into the published packages,
  reducing the number of external dependencies users need to trust.

  Bundled dependencies:

  • miniflare: acorn, acorn-walk, exit-hook, glob-to-regexp, stoppable
  • kv-asset-handler: mime
  • vite-plugin-cloudflare: @remix-run/node-fetch-server, defu, get-port, picocolors, tinyglobby
  • vitest-pool-workers: birpc, devalue, get-port, semver

v4.20260111.0

Compare Source

Patch Changes

• #​11494 ed60c4f Thanks @​jalmonter! - Fix scheduled trigger warning showing undefined port

  When running wrangler dev with a worker that has cron triggers, the warning message displayed an invalid URL like curl "http://localhost:undefined/cdn-cgi/handler/scheduled" because the port wasn't yet determined when the warning was logged.

  Moved the warning to after the proxy server is fully ready, where the actual public URL and port are known.

• #​11831 faa5753 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260107.1	1.20260108.0

• #​11844 e574ef3 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260108.0	1.20260109.0

• #​11872 b6148ed Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260109.0	1.20260111.0

• #​11816 fc96e5f Thanks @​dario-piotrowicz! - Bump sharp dependency (from 0.33.5 to 0.34.5)

prettier/prettier (prettier)

v3.8.0

Compare Source

diff

🔗 Release note

cloudflare/workers-sdk (wrangler)

v4.59.2

Compare Source

Patch Changes

• #​11908 e78186d Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260111.0	1.20260114.0

• #​11880 fe4faa3 Thanks @​penalosa! - Show helpful messages for errors outside of Wrangler's control. This prevents unnecessary Sentry reports.

  Errors now handled with user-friendly messages:

  • Connection timeouts to Cloudflare's API (UND_ERR_CONNECT_TIMEOUT) - typically due to slow networks or connectivity issues
  • File system permission errors (EPERM, EACCES) - caused by insufficient permissions, locked files, or antivirus software
  • DNS resolution failures (ENOTFOUND) - caused by network connectivity issues or DNS configuration problems

• #​11882 695b043 Thanks @​GregBrimble! - Improve the error message for wrangler secret put when using Worker versions or gradual deployments. wrangler versions secret put should be used instead, or ensure to deploy the latest version before using wrangler secret put. wrangler secret put alone will add the new secret to the latest version (possibly undeployed) and immediately deploy that which is usually not intended.

• Updated dependencies [e78186d, fec8f5b, d39777f, 4714ca1, c17e971]:

  • miniflare@​4.20260114.0
  • @​cloudflare/unenv-preset@​2.10.0
  • @​cloudflare/kv-asset-handler@​0.4.2

v4.59.1

Compare Source

Patch Changes

• #​11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

v4.59.0

Compare Source

Minor Changes

• #​11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #​11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments,
  allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account
  basis. The default limit remains at 20,000 assets.

• #​11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers.
  If left unset, we will default to tiers: [1, 2].
  Note that constraints is an experimental feature.

Patch Changes

• #​11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

  The agent property will contain the agent ID (e.g., "claude-code", "cursor-agent") when detected, or null when running outside an agentic environment.

• #​11494 ed60c4f Thanks @​jalmonter! - Fix scheduled trigger warning showing undefined port

  When running wrangler dev with a worker that has cron triggers, the warning message displayed an invalid URL like curl "http://localhost:undefined/cdn-cgi/handler/scheduled" because the port wasn't yet determined when the warning was logged.

  Moved the warning to after the proxy server is fully ready, where the actual public URL and port are known.

• #​11831 faa5753 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260107.1	1.20260108.0

• #​11844 e574ef3 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260108.0	1.20260109.0

• #​11872 b6148ed Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260109.0	1.20260111.0

• #​11843 ab3859c Thanks @​dario-piotrowicz! - Update the Wrangler autoconfig logic to work with the latest version of Waku

  The latest version of Waku (0.12.5-1.0.0-alpha.1-0) requires a src/waku.server.tsx file instead of a src/server-entry.tsx one, so the Wrangler autoconfig logic (the logic being run as part of wrangler setup and wrangler deploy --x-autoconfig that configures a project to be deployable on Cloudflare) has been updated accordingly.

  Also the way the worker needs to handle static assets has been updated as recommended from the Waku team.

• #​11848 0eb973d Thanks @​petebacondarwin! - Fix incorrect warning about multiple environments when using redirected config

  Previously, when using a redirected config (via configPath in another config file) that originated from a config with multiple environments, wrangler would incorrectly warn about missing environment specification. This fix ensures the warning is only shown when the actual config being used has multiple environments defined, not when the original config did.

• Updated dependencies [ed60c4f, 5c59217, faa5753, e574ef3, b6148ed, beb96af, 5c59217, fc96e5f]:

  • miniflare@​4.20260111.0
  • @​cloudflare/unenv-preset@​2.9.0

suhaotian/xior (xior)

v0.8.3

Compare Source

• Feat(plugins): add normalizeParams option to cache/dedupe/error-cache/throttle plugins

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.