Releases · cloudflare/workers-sdk

Minor Changes

#14311 34e0cef Thanks @sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.
- The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
- The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
- Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
```
<path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key
```

Patch Changes

#14424 5f40dd5 Thanks @MattieTK! - Bump am-i-vibing from 0.4.0 to 0.5.0

This updates the agentic environment detection library to the latest version, which adds detection for the Pi coding agent (earendil-works/pi).
#14406 3b743c1 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260623.1 1.20260625.1
#14343 daa5389 Thanks @th0m! - Use digest-pinned image references for Dockerfile container deploys

Dockerfile-backed container deploys now use the pushed image digest when deploying the container application. This lets snapshot-enabled container apps pass Cloudchamber validation while keeping local, non-pushed builds and registry image URI deploys unchanged.
#14394 8a5cf8c Thanks @Partha-Shankar! - fix(d1): escape migrationsTableName and filenames in SQLite queries

D1 migration commands in both wrangler and @cloudflare/vitest-pool-workers interpolated the migrationsTableName config value and migration filenames directly into SQL strings without any escaping. This meant:
- A table name such as my"table would produce invalid SQL in CREATE TABLE, SELECT, and INSERT statements, and
- A migration filename containing an apostrophe (e.g. what's-new.sql) would break the INSERT INTO ... VALUES ('...') statement appended after each migration in wrangler.
Both identifiers are now properly escaped before interpolation: migrationsTableName is wrapped in double-quotes with internal double-quotes doubled (SQL-standard identifier quoting), and migration filenames used as string literals have their single-quotes doubled before insertion.
Updated dependencies [3b743c1]:
- miniflare@4.20260625.0

Patch Changes

#14406 3b743c1 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260623.1 1.20260625.1

Patch Changes

#14398 c5014cc Thanks @apeacock1991! - Add evictDurableObject and evictAllDurableObjects test helpers to cloudflare:test

These helpers let you exercise how a Durable Object behaves across evictions in your tests. Eviction is graceful: durable storage is preserved, in-memory state is reset by tearing down the instance, hibernatable WebSockets are hibernated rather than closed, and eviction waits for in-flight requests to drain.

import { evictDurableObject, evictAllDurableObjects } from "cloudflare:test";
import { env } from "cloudflare:workers";

const id = env.COUNTER.idFromName("my-counter");
const stub = env.COUNTER.get(id);

// Evict the Durable Object instance pointed to by a specific stub
await evictDurableObject(stub);
await evictDurableObject(stub, { webSockets: "close" });

// Evict all currently-running Durable Objects in evictable namespaces
await evictAllDurableObjects();

#14394 8a5cf8c Thanks @Partha-Shankar! - fix(d1): escape migrationsTableName and filenames in SQLite queries

D1 migration commands in both wrangler and @cloudflare/vitest-pool-workers interpolated the migrationsTableName config value and migration filenames directly into SQL strings without any escaping. This meant:
- A table name such as my"table would produce invalid SQL in CREATE TABLE, SELECT, and INSERT statements, and
- A migration filename containing an apostrophe (e.g. what's-new.sql) would break the INSERT INTO ... VALUES ('...') statement appended after each migration in wrangler.
Both identifiers are now properly escaped before interpolation: migrationsTableName is wrapped in double-quotes with internal double-quotes doubled (SQL-standard identifier quoting), and migration filenames used as string literals have their single-quotes doubled before insertion.
Updated dependencies [5f40dd5, 34e0cef, 3b743c1, daa5389, 8a5cf8c]:
- wrangler@4.105.0
- miniflare@4.20260625.0

Patch Changes

Updated dependencies [5f40dd5, 34e0cef, 3b743c1, daa5389, 8a5cf8c]:
- wrangler@4.105.0
- miniflare@4.20260625.0

Patch Changes

Updated dependencies [3b743c1]:
- miniflare@4.20260625.0

Patch Changes

Updated dependencies [3b743c1]:
- miniflare@4.20260625.0

Minor Changes

#14311 34e0cef Thanks @sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.
- The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
- The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
- Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
```
<path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key
```

Minor Changes

#14369 e312dec Thanks @edmundhung! - Add getEnv() to createTestHarness() Worker handles

Tests can now access the full env object for a Worker with await server.getWorker<Env>().getEnv(), including vars, secrets, and bindings.

Patch Changes

#14364 a085dec Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260617.1 1.20260619.1
#14383 9a0de8f Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260619.1 1.20260621.1
#14397 fab565f Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260621.1 1.20260623.1
#14388 3f02864 Thanks @petebacondarwin! - Stop erroring when find_additional_modules discovers a file that only matches a inactive module rule

Module rules assign module types to imported files — they are not include/exclude filters. Also, setting fallthrough: false in a rule will cause subsequent rules to become inactive. Previously, when find_additional_modules walked the filesystem and discovered a file whose only matching rule is inactive, Wrangler would throw an error and fail the build.

This meant that adding a user rule like the one below would break the build for any .txt, .html, .sql, .bin or .wasm file that didn't match the user-supplied globs but lived somewhere under the module root:
```
// wrangler.json
{
  "rules": [
    {
      "type": "Text",
      "globs": ["html/includeme.html"],
      "fallthrough": false
    }
  ]
}
```
Discovered files that only match an inactive rule are now silently skipped (a debug-level log records each skip for troubleshooting), so users can use fallthrough: false to narrow the set of files attached to their Worker without having to delete or move untouched files on disk.

The direct-import path is unchanged: importing a file in code that only matches an inactive rule is still a hard error, because the imported file genuinely needs a defined module type.

Fixes #14257.
#14358 4ef872f Thanks @gabivlj! - Fix container egress interception on arm64 Docker runtimes

Both wrangler dev and the Cloudflare Vite plugin no longer force the proxy-everything sidecar image to pull as linux/amd64, allowing Docker to select the native image from the multi-platform manifest. Set MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM to force a specific platform when needed.
#14362 2a02858 Thanks @sherryliu-lsy! - Don't require the private credential when reusing an existing Secrets Store secret in containers registries configure

wrangler containers registries configure now checks whether the target Secrets Store secret already exists before resolving the private credential. When the secret already exists it is reused by reference, so the private credential no longer needs to be supplied (via stdin in non-interactive mode, or via a prompt interactively). This applies to all external registries.

The new-secret path is unchanged: the credential is still required and stored. The only visible interactive change is that the secret prompt now appears last and only when a new secret is being created.
Updated dependencies [a085dec, 9a0de8f, fab565f]:
- miniflare@4.20260623.0

Patch Changes

#14364 a085dec Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260617.1 1.20260619.1
#14383 9a0de8f Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260619.1 1.20260621.1
#14397 fab565f Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260621.1 1.20260623.1

Patch Changes

#14377 bc08cfa Thanks @dependabot! - Update dependencies of "create-cloudflare"

The following dependency versions have been updated:

Dependency From To

create-vike 0.0.651 0.0.654
#14378 2091f80 Thanks @dependabot! - Update dependencies of "create-cloudflare"

The following dependency versions have been updated:

Dependency From To

@angular/create 22.0.1 22.0.3
#14379 914bd65 Thanks @dependabot! - Update dependencies of "create-cloudflare"

The following dependency versions have been updated:

Dependency From To

create-react-router 8.0.0 8.0.1
#14380 44a4084 Thanks @dependabot! - Update dependencies of "create-cloudflare"

The following dependency versions have been updated:

Dependency From To

create-vue 3.22.3 3.22.4
#14381 f927adc Thanks @dai-shi! - Scaffold the Cloudflare-specific Waku files in the C3 script instead of relying on an external example

The Waku template now runs the default create-waku generator and overlays the Cloudflare-specific files (wrangler.jsonc, the Workers entrypoint src/waku.server.tsx, the Cloudflare waku.config.ts, and the public/_headers / public/404.html static assets) via copyFiles, installing the extra build dependencies and removing the redundant trailing-slash dev middleware in configure. This removes the dependency on the external wakujs/waku-examples repository for the scaffolded project content.

Uh oh!

Releases: cloudflare/workers-sdk

wrangler@4.105.0

Minor Changes

Patch Changes

Uh oh!

miniflare@4.20260625.0

Patch Changes

Uh oh!

@cloudflare/vitest-pool-workers@0.16.20

Patch Changes

Uh oh!

@cloudflare/vite-plugin@1.42.3

Patch Changes

Uh oh!

@cloudflare/pages-shared@0.13.150

Patch Changes

Uh oh!

@cloudflare/deploy-helpers@0.2.4

Patch Changes

Uh oh!

@cloudflare/containers-shared@0.16.0

Minor Changes

Uh oh!

wrangler@4.104.0

Minor Changes

Patch Changes

Uh oh!

miniflare@4.20260623.0

Patch Changes

Uh oh!

create-cloudflare@2.70.6

Patch Changes

Uh oh!