Merge branch 'production' into ranbel/api-terraform

Author: ranbel

.github/workflows/ci.yml

@@ -65,7 +65,7 @@ jobs:
       - run: npm run build
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_OPTIONS: "--max-old-space-size=4192"
+          NODE_OPTIONS: "--max-old-space-size=6144"
           RUN_LINK_CHECK: true
 
       - run: npm run check:worker

.github/workflows/close-stale-issues-prs.yml

@@ -0,0 +1,30 @@
+# Close stale issues and pull requests (uses actions/stale@v4 with GITHUB_TOKEN)
+on:
+  schedule:
+    - cron: '0 0 * * 1'   # weekly run: every Monday at 00:00 UTC
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+name: Close stale issues and PRs
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run stale action
+        uses: actions/stale@v4
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          # Messages for issues (mention the issue author)
+          stale-issue-message: 'Hello @{{author}}, this issue has been automatically marked as stale because it has not had recent activity. It will be auto-closed after and additional 10 days of inactivity. Please feel free to add a comment and we would be happy to continue working on it.'
+          close-issue-message: 'Hello @{{author}}, this issue has been automatically closed due to 45 days of inactivity. If needed, please reopen or comment and we can reevaluate your request.'
+          # Messages for pull requests (mention the PR author)
+          stale-pr-message: 'Hello @{{author}}, this pull request has been automatically marked as stale because it has not had recent activity. It will be auto-closed after and additional 10 days of inactivity. Please feel free to add a comment and we would be happy to continue working on it.'
+          close-pr-message: 'Hello @{{author}}, this pull request has been automatically closed due to 45 days of inactivity. If needed, please reopen or comment and we can reevaluate your request.'
+          # Time thresholds (adjust to your policy)
+          days-before-stale: 35
+          days-before-close: 10
+          operations-per-run: 5

public/__redirects

@@ -38,7 +38,10 @@ let toml, json;
 
 if (language === "toml") {
 	toml = code;
-	json = JSON.stringify(TOML.parse(code), null, 2);
+	json = JSON.stringify({
+		"$schema": "./node_modules/wrangler/config-schema.json",
+		...TOML.parse(code),
+	}, null, 2);
 } else {
 	json = code;
 	toml = TOML.stringify(jsoncParse(code));

src/components/WranglerConfig.astro

@@ -0,0 +1,44 @@
+---
+title: "WAF Release - 2025-10-30 - Emergency"
+description: Cloudflare WAF managed rulesets 2025-10-30 emergency release
+date: 2025-10-30
+---
+
+import { RuleID } from "~/components";
+
+This week’s release introduces a new detection signature that enhances coverage for a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2025-61884.
+
+**Key Findings**
+
+The flaw is easily exploitable and allows an unauthenticated attacker with network access to compromise Oracle Configurator, which can grant access to sensitive resources and configuration data. The affected versions include 12.2.3 through 12.2.14.
+
+**Impact**
+
+Successful exploitation of CVE-2025-61884 may result in unauthorized access to critical business data or full exposure of information accessible through Oracle Configurator. Administrators are strongly advised to apply vendor's patches and recommended mitigations to reduce this exposure.
+
+<table style="width: 100%">
+  <thead>
+    <tr>
+      <th>Ruleset</th>
+      <th>Rule ID</th>
+      <th>Legacy Rule ID</th>
+      <th>Description</th>
+      <th>Previous Action</th>
+      <th>New Action</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Cloudflare Managed Ruleset</td>
+      <td>
+        <RuleID id="2749f13f8cb34a3dbd49c8c48827402f" />
+      </td>
+      <td>N/A</td>
+      <td>Oracle E-Business Suite - SSRF - CVE:CVE-2025-61884</td>
+      <td>N/A</td>
+      <td>Block</td>
+      <td>This is a New Detection</td>
+    </tr>
+  </tbody>
+</table>

src/content/changelog/waf/2025-10-30-emergency-waf-release.mdx

@@ -0,0 +1,77 @@
+---
+title: Build TanStack Start apps with the Cloudflare Vite plugin
+description: TanStack Start can now be used with the Cloudflare Vite plugin
+products:
+  - workers
+date: 2025-10-24
+---
+
+import { PackageManagers, WranglerConfig } from "~/components";
+
+The [Cloudflare Vite plugin](/workers/vite-plugin/) now supports [TanStack Start](https://tanstack.com/start/) apps.
+Get started with new or existing projects.
+
+## New projects
+
+Create a new TanStack Start project that uses the Cloudflare Vite plugin via the `create-cloudflare` CLI:
+
+<PackageManagers
+	type="create"
+	pkg="cloudflare@latest"
+	args="my-tanstack-start-app --framework=tanstack-start"
+/>
+
+## Existing projects
+
+Migrate an existing TanStack Start project to use the Cloudflare Vite plugin:
+
+1. Install `@cloudflare/vite-plugin` and `wrangler`
+
+<PackageManagers type="add" pkg="@cloudflare/vite-plugin wrangler" dev />
+
+2. Add the Cloudflare plugin to your Vite config
+
+```ts {4, 8} title="vite.config.ts"
+import { defineConfig } from "vite";
+import { tanstackStart } from "@tanstack/react-start/plugin/vite";
+import viteReact from "@vitejs/plugin-react";
+import { cloudflare } from "@cloudflare/vite-plugin";
+
+export default defineConfig({
+	plugins: [
+		cloudflare({ viteEnvironment: { name: "ssr" } }),
+		tanstackStart(),
+		viteReact(),
+	],
+});
+```
+
+3. Add your Worker config file
+
+<WranglerConfig>
+
+```toml
+name = "my-tanstack-start-app"
+compatibility_date = "2025-10-11"
+compatibility_flags = ["nodejs_compat"]
+main = "@tanstack/react-start/server-entry"
+```
+
+</WranglerConfig>
+
+4. Modify the scripts in your `package.json`
+
+```json title="package.json" del={5} ins={6-8}
+{
+	"scripts": {
+		"dev": "vite dev",
+		"build": "vite build && tsc --noEmit",
+		"start": "node .output/server/index.mjs",
+		"preview": "vite preview",
+		"deploy": "npm run build && wrangler deploy",
+		"cf-typegen": "wrangler types"
+	}
+}
+```
+
+See the [TanStack Start framework guide](/workers/framework-guides/web-apps/tanstack-start/) for more info.

src/content/changelog/workers/2025-10-24-tanstack-start.mdx

@@ -192,7 +192,8 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-
         "left": "30px"
       },
       "timeout": 30000
-    }
+    }`
+```
 
 <Render
   file="setting-custom-user-agent"

src/content/docs/browser-rendering/rest-api/pdf-endpoint.mdx

@@ -24,7 +24,7 @@ Both IPv4 and IPv6 addresses are supported.
 
 For zones using [Cloudflare's authoritative DNS](/dns/), Cloudflare typically responds to DNS queries for proxied hostnames with [anycast IPs](/fundamentals/concepts/cloudflare-ip-addresses/). However, if you [customize the IPs Cloudflare uses](/fundamentals/concepts/cloudflare-ip-addresses/#customize-cloudflare-ip-addresses) and use Address Maps, Cloudflare will respond with the IP address(es) on the address map.
 
-Address maps do not change [how Cloudflare reaches the configured origin](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy). The IP addresses defined on the **DNS** > **Records** under your zone continue to instruct Cloudflare how to reach the origin.
+Address maps do not change [how Cloudflare reaches the configured origin](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy). The IP addresses defined on your zone's [DNS Records](https://dash.cloudflare.com/?to=/:account/:zone/dns/records) continue to instruct Cloudflare how to reach the origin.
 
 :::caution
 Depending on whether you use static IPs or BYOIP, the process to [create an address map](/byoip/address-maps/setup/) is different.

src/content/docs/byoip/address-maps/index.mdx

@@ -134,12 +134,14 @@ As you create the necessary DNS records, [Total TLS](/ssl/edge-certificates/addi
 
 To create a DNS record in the dashboard:
 
-1.  Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select an account and domain.
-2.  Go to **DNS** > **Records**.
-3.  Select **Add record**.
-4.  Choose an address (`A`/`AAAA`) [record type](/dns/manage-dns-records/reference/dns-record-types/).
-5.  Complete the required fields, setting the **Proxy status** to **proxied**.
-6.  Select **Save**.
+1. In the Cloudflare dashboard, go to the **DNS Records** page.
+
+   <DashButton url="/?to=/:account/:zone/dns/records" />
+
+2.  Select **Add record**.
+3.  Choose an address (`A`/`AAAA`) [record type](/dns/manage-dns-records/reference/dns-record-types/).
+4.  Complete the required fields, setting the **Proxy status** to **proxied**.
+5.  Select **Save**.
 
 </TabItem>
 <TabItem label="API" no-code="true">

src/content/docs/byoip/service-bindings/cdn-and-spectrum.mdx

@@ -101,12 +101,14 @@ Make sure you have the correct Key/Token and permissions.
 
 To create a DNS record in the dashboard:
 
-1.  Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select an account and domain.
-2.  Go to **DNS** > **Records**.
-3.  Select **Add record**.
-4.  Choose an address (`A`/`AAAA`) [record type](/dns/manage-dns-records/reference/dns-record-types/).
-5.  Complete the required fields, setting the **Proxy status** to **proxied**.
-6.  Select **Save**.
+1. In the Cloudflare dashboard, go to the **DNS Records** page.
+
+   <DashButton url="/?to=/:account/:zone/dns/records" />
+
+2. Select **Add record**.
+3. Choose an address (`A`/`AAAA`) [record type](/dns/manage-dns-records/reference/dns-record-types/).
+4. Complete the required fields, setting the **Proxy status** to **proxied**.
+5. Select **Save**.
 
 </TabItem>
 <TabItem label="API" no-code="true">