Skip to content

deps(deps): bump the minor-updates group with 12 updates#9

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bun/minor-updates-360b150d34
Open

deps(deps): bump the minor-updates group with 12 updates#9
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bun/minor-updates-360b150d34

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the minor-updates group with 12 updates:

Package From To
@cloudflare/containers 0.1.1 0.2.0
alchemy 0.77.5 0.90.1
better-auth 1.5.5 1.5.6
drizzle-orm 0.45.1 0.45.2
hono 4.12.8 4.12.9
@cloudflare/vitest-pool-workers 0.13.3 0.13.5
@cloudflare/workers-types 4.20260317.1 4.20260329.1
bits-ui 2.16.3 2.16.4
svelte 5.54.0 5.55.1
vite 8.0.2 8.0.3
vitest 4.1.0 4.1.2
wrangler 4.76.0 4.78.0

Updates @cloudflare/containers from 0.1.1 to 0.2.0

Release notes

Sourced from @​cloudflare/containers's releases.

v0.2.0

Minor Changes

  • 956ef8c: Add support to specify outbound hooks in container class (experimental)
Changelog

Sourced from @​cloudflare/containers's changelog.

0.2.0

Minor Changes

  • 956ef8c: Add support to specify outbound hooks in container class (experimental)

0.2.0

Minor Changes

  • Add support to specify outbound hooks in container class (experimental)
Commits
  • ae187d0 Merge pull request #164 from cloudflare/changeset-release/main
  • 4d07080 Version Packages
  • 689d6ed Merge pull request #163 from cloudflare/gv/changeset-egress
  • 956ef8c changeset for setting outbound hooks
  • 91d933b Merge pull request #159 from cloudflare/gv/egrss
  • b7a06f4 add params to set handlers, and remember last setOutbound call
  • 4b8cc91 adjustements
  • ae166c7 experimental outbound interception
  • See full diff in compare view

Updates alchemy from 0.77.5 to 0.90.1

Release notes

Sourced from alchemy's releases.

v0.90.1

   🐞 Bug Fixes

    View changes on GitHub

v0.90.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v0.89.0

No significant changes

    View changes on GitHub

v0.88.0

   🚀 Features

    View changes on GitHub

v0.87.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

... (truncated)

Changelog

Sourced from alchemy's changelog.

v0.90.1

   🐞 Bug Fixes

    View changes on GitHub

v0.90.0

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v0.89.0

No significant changes

    View changes on GitHub

v0.88.0

   🚀 Features

    View changes on GitHub

... (truncated)

Commits
  • 1d49a0b chore(release): 0.90.1
  • 028556e fix(cloudflare): worker subdomain not enabled when dev.remote: true (#1369)
  • 908de18 chore(release): 0.90.0
  • 9a82410 fix(cloudflare): pin miniflare version to fix container issue (#1366)
  • 7879aff fix(cloudflare): use queue dev.id for consumer resource ID in local dev mode ...
  • 822a883 feat: add delete: false support to DnsRecords resource (#1360)
  • 79f642a chore(release): 0.89.0
  • 30a8f5f chore(release): 0.88.0
  • df3b6e1 feat(cloudflare): R2BucketNotifications (#1359)
  • ca29de3 feat(planetscale): check unchangeable props with adopt: true (#1357)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for alchemy since your current version.


Updates better-auth from 1.5.5 to 1.5.6

Release notes

Sourced from better-auth's releases.

v1.5.6

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • 275ca46 fix(client): handle throw:true in session refresh (#8610)
  • 1ed4271 feat(core): add experimental opentelemetry instrumentation (#8027)
  • d4efa8e fix: prevent revoked sessions from being restored via database fallback (#8708)
  • 0cfd514 chore(deps): bump kysely from 0.28.11 to 0.28.12 (#8700)
  • a9f3497 chore: release v1.5.6
  • 1a4ddce chore(deps): bump next.js from 16.1.6 to 16.2.0 (#8682)
  • 9e3e8e6 fix(api): return Response for HTTP request contexts (#7521)
  • 98c8e4e feat(email-otp): add resendStrategy option to reuse existing OTP (#8560)
  • 4f41b62 feat(two-factor): add twoFactorPage in config (#5329)
  • a62cb04 fix(organization): filter null organizations in listUserInvitations (#8694)
  • Additional commits viewable in compare view

Updates drizzle-orm from 0.45.1 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

Updates hono from 4.12.8 to 4.12.9

Release notes

Sourced from hono's releases.

v4.12.9

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.8...v4.12.9

Commits
  • e1ae0eb 4.12.9
  • 66fe9fe fix(cors): reflect request origin when credentials is true with wildcard (#4813)
  • 50e2611 fix(service-worker): make fire() fallback behavior consistent with `handle(...
  • be85106 fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest (#4810)
  • d1722e3 feat(client): add PickResponseByStatusCode type (#4791)
  • 8bd9ddd fix(request): remove parseBody from bodyCache to prevent TypeError (#4807)
  • See full diff in compare view

Updates @cloudflare/vitest-pool-workers from 0.13.3 to 0.13.5

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.13.5

Patch Changes

  • #13077 11c77b7 Thanks @​penalosa! - fix: runInDurableObject now correctly returns redirect responses (3xx) from Durable Object callbacks instead of throwing "Expected callback for X" errors

  • #13056 8384743 Thanks @​penalosa! - fix: Support dynamic import() inside entrypoint and Durable Object handlers

    Previously, calling exports.default.fetch() or SELF.fetch() on a worker whose handler used a dynamic import() would hang and fail with "Cannot perform I/O on behalf of a different Durable Object". This happened because the module runner's transport — which communicates over a WebSocket owned by the runner Durable Object — was invoked from a different DO context.

    The fix patches the module runner's transport via the onModuleRunner hook so that all invoke() calls are routed through the runner DO's I/O context, regardless of where the import() originates.

  • #13074 4618c05 Thanks @​penalosa! - fix: only apply module fallback extension probing for require(), not import

    The module fallback service previously tried adding .js, .mjs, .cjs, and .json suffixes to extensionless specifiers unconditionally. Per the Node.js spec, this extension-probing behaviour is specific to CommonJS require(). ESM import statements must include explicit file extensions.

    Extension-less TypeScript import specifiers continue to work correctly — they are resolved by Vite's resolver rather than the fallback's extension loop.

  • #13073 baec845 Thanks @​penalosa! - Add adminSecretsStore() to cloudflare:test for seeding secrets in tests

    Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. The new adminSecretsStore() helper returns Miniflare's admin API for a secrets store binding, giving tests full control over create, update, and delete operations.

    import { adminSecretsStore } from "cloudflare:test";
import { env } from "cloudflare:workers";
const admin = adminSecretsStore(env.MY_SECRET);
await admin.create("test-value");
const value = await env.MY_SECRET.get(); // "test-value"

  • #13083 cfd513f Thanks @​penalosa! - Add a 30-second timeout to waitUntil promise draining to prevent hanging tests

    Previously, if a ctx.waitUntil() promise never resolved, the test suite would hang indefinitely after the test file finished. Now, any waitUntil promises that haven't settled within 30 seconds are abandoned with a warning, allowing the test suite to continue. This aligns with the production waitUntil limit.

  • Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:

    • wrangler@4.78.0
    • miniflare@4.20260317.3

@​cloudflare/vitest-pool-workers@​0.13.4

Patch Changes

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.13.5

Patch Changes

  • #13077 11c77b7 Thanks @​penalosa! - fix: runInDurableObject now correctly returns redirect responses (3xx) from Durable Object callbacks instead of throwing "Expected callback for X" errors

  • #13056 8384743 Thanks @​penalosa! - fix: Support dynamic import() inside entrypoint and Durable Object handlers

    Previously, calling exports.default.fetch() or SELF.fetch() on a worker whose handler used a dynamic import() would hang and fail with "Cannot perform I/O on behalf of a different Durable Object". This happened because the module runner's transport — which communicates over a WebSocket owned by the runner Durable Object — was invoked from a different DO context.

    The fix patches the module runner's transport via the onModuleRunner hook so that all invoke() calls are routed through the runner DO's I/O context, regardless of where the import() originates.

  • #13074 4618c05 Thanks @​penalosa! - fix: only apply module fallback extension probing for require(), not import

    The module fallback service previously tried adding .js, .mjs, .cjs, and .json suffixes to extensionless specifiers unconditionally. Per the Node.js spec, this extension-probing behaviour is specific to CommonJS require(). ESM import statements must include explicit file extensions.

    Extension-less TypeScript import specifiers continue to work correctly — they are resolved by Vite's resolver rather than the fallback's extension loop.

  • #13073 baec845 Thanks @​penalosa! - Add adminSecretsStore() to cloudflare:test for seeding secrets in tests

    Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. The new adminSecretsStore() helper returns Miniflare's admin API for a secrets store binding, giving tests full control over create, update, and delete operations.

    import { adminSecretsStore } from "cloudflare:test";
import { env } from "cloudflare:workers";
const admin = adminSecretsStore(env.MY_SECRET);
await admin.create("test-value");
const value = await env.MY_SECRET.get(); // "test-value"

  • #13083 cfd513f Thanks @​penalosa! - Add a 30-second timeout to waitUntil promise draining to prevent hanging tests

    Previously, if a ctx.waitUntil() promise never resolved, the test suite would hang indefinitely after the test file finished. Now, any waitUntil promises that haven't settled within 30 seconds are abandoned with a warning, allowing the test suite to continue. This aligns with the production waitUntil limit.

  • Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:

    • wrangler@4.78.0
    • miniflare@4.20260317.3

0.13.4

Patch Changes

Commits
  • 81b2b9b Version Packages (#13038)
  • baec845 [vitest-pool-workers] Add adminSecretsStore() to cloudflare:test (#13073)
  • 4618c05 [vitest-pool-workers] Only probe extensions in module fallback for `require()...
  • 11c77b7 [vitest-pool-workers] fix: handle redirect responses in runInDurableObject ...
  • 7125939 [vitest-pool-workers] Add regression test for Istanbul coverage across multip...
  • cfd513f [vitest-pool-workers] Add 30s timeout to waitUntil promise draining (#13083)
  • 8384743 [vitest-pool-workers] Fix dynamic import() in entrypoint and DO handlers (#13...
  • a61451f Version Packages (#12980)
  • f9728fd Update some missing tests and fixtures with Vitest 4 (#12999)
  • See full diff in compare view

Updates @cloudflare/workers-types from 4.20260317.1 to 4.20260329.1

Commits

Updates bits-ui from 2.16.3 to 2.16.4

Release notes

Sourced from bits-ui's releases.

bits-ui@2.16.4

Patch Changes

  • fix: menu not ignoring onCloseAutoFocus when closed as another focus scope (#1999)

  • fix: floating layer bouncing on scroll (#1997)

Commits

Updates svelte from 5.54.0 to 5.55.1

Release notes

Sourced from svelte's releases.

svelte@5.55.1

Patch Changes

  • fix: correctly handle bindings on the server (#18009)

  • fix: prevent hydration error on async {@html ...} (#17999)

  • fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (#18015)

  • fix: improve duplicate module import error message (#18016)

  • fix: reschedule new effects in prior batches (#18021)

svelte@5.55.0

Minor Changes

  • feat: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from svelte/motion (#17967)

Patch Changes

  • fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#17985)

svelte@5.54.1

Patch Changes

  • fix: hydration comments during hmr (#17975)

  • fix: null out effect.b in destroy_effect (#17980)

  • fix: group sync statements (#17977)

  • fix: defer batch resolution until earlier intersecting batches have committed (#17162)

  • fix: properly invoke iterator.return() during reactivity loss check (#17966)

  • fix: remove trailing semicolon from {@​const} tag printer (#17962)

Changelog

Sourced from svelte's changelog.

5.55.1

Patch Changes

  • fix: correctly handle bindings on the server (#18009)

  • fix: prevent hydration error on async {@html ...} (#17999)

  • fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (#18015)

  • fix: improve duplicate module import error message (#18016)

  • fix: reschedule new effects in prior batches (#18021)

5.55.0

Minor Changes

  • feat: export TweenOptions, SpringOptions, SpringUpdateOptions and Updater from svelte/motion (#17967)

Patch Changes

  • fix: ensure HMR wrapper forwards correct start/end nodes to active effect (#17985)

5.54.1

Patch Changes

  • fix: hydration comments during hmr (#17975)

  • fix: null out effect.b in destroy_effect (#17980)

  • fix: group sync statements (#17977)

  • fix: defer batch resolution until earlier intersecting batches have committed (#17162)

  • fix: properly invoke iterator.return() during reactivity loss check (#17966)

  • fix: remove trailing semicolon from {@​const} tag printer (#17962)

Commits
  • 37ab33c Version Packages (#18006)
  • 4879f9d fix: improve duplicate module import error message (#18016)
  • 04eadbc fix: correctly handle bindings on the server (#18009)
  • 957f275 fix: cleanup superTypeParameters in ClassDeclarations/ClassExpression (...
  • a9d8439 fix: reschedule new effects in prior batches (

@dependabot
deps(deps): bump the minor-updates group with 12 updates
91d76ff 
Bumps the minor-updates group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@cloudflare/containers](https://github.com/cloudflare/containers) | `0.1.1` | `0.2.0` |
| [alchemy](https://github.com/alchemy-run/alchemy/tree/HEAD/alchemy) | `0.77.5` | `0.90.1` |
| [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.5.5` | `1.5.6` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.45.1` | `0.45.2` |
| [hono](https://github.com/honojs/hono) | `4.12.8` | `4.12.9` |
| [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers) | `0.13.3` | `0.13.5` |
| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260317.1` | `4.20260329.1` |
| [bits-ui](https://github.com/huntabyte/bits-ui) | `2.16.3` | `2.16.4` |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.54.0` | `5.55.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.2` | `8.0.3` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.0` | `4.1.2` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.76.0` | `4.78.0` |


Updates `@cloudflare/containers` from 0.1.1 to 0.2.0
- [Release notes](https://github.com/cloudflare/containers/releases)
- [Changelog](https://github.com/cloudflare/containers/blob/main/CHANGELOG.md)
- [Commits](cloudflare/containers@v0.1.1...v0.2.0)

Updates `alchemy` from 0.77.5 to 0.90.1
- [Release notes](https://github.com/alchemy-run/alchemy/releases)
- [Changelog](https://github.com/alchemy-run/alchemy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/alchemy-run/alchemy/commits/v0.90.1/alchemy)

Updates `better-auth` from 1.5.5 to 1.5.6
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.5.6/packages/better-auth)

Updates `drizzle-orm` from 0.45.1 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2)

Updates `hono` from 4.12.8 to 4.12.9
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.9)

Updates `@cloudflare/vitest-pool-workers` from 0.13.3 to 0.13.5
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vitest-pool-workers@0.13.5/packages/vitest-pool-workers)

Updates `@cloudflare/workers-types` from 4.20260317.1 to 4.20260329.1
- [Release notes](https://github.com/cloudflare/workerd/releases)
- [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md)
- [Commits](https://github.com/cloudflare/workerd/commits)

Updates `bits-ui` from 2.16.3 to 2.16.4
- [Release notes](https://github.com/huntabyte/bits-ui/releases)
- [Commits](https://github.com/huntabyte/bits-ui/compare/bits-ui@2.16.3...bits-ui@2.16.4)

Updates `svelte` from 5.54.0 to 5.55.1
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.1/packages/svelte)

Updates `vite` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)

Updates `vitest` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

Updates `wrangler` from 4.76.0 to 4.78.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.78.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@cloudflare/containers"
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: alchemy
  dependency-version: 0.90.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: better-auth
  dependency-version: 1.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: hono
  dependency-version: 4.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: "@cloudflare/vitest-pool-workers"
  dependency-version: 0.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: "@cloudflare/workers-types"
  dependency-version: 4.20260329.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: bits-ui
  dependency-version: 2.16.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: svelte
  dependency-version: 5.55.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: vite
  dependency-version: 8.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-updates
- dependency-name: wrangler
  dependency-version: 4.78.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants