Skip to content

build(deps-dev): Bump miniflare from 4.20260616.0 to 4.20260617.0#713

Merged
github-actions[bot] merged 1 commit into
Currentfrom
dependabot/npm_and_yarn/miniflare-4.20260617.0
Jun 19, 2026
Merged

build(deps-dev): Bump miniflare from 4.20260616.0 to 4.20260617.0#713
github-actions[bot] merged 1 commit into
Currentfrom
dependabot/npm_and_yarn/miniflare-4.20260617.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps miniflare from 4.20260616.0 to 4.20260617.0.

Release notes

Sourced from miniflare's releases.

miniflare@4.20260617.0

Patch Changes

  • #14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

    This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

  • #14331 296ad65 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260616.1 1.20260617.1
Changelog

Sourced from miniflare's changelog.

4.20260617.0

Patch Changes

  • #14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

    This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

  • #14331 296ad65 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260616.1 1.20260617.1
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 19, 2026
Bumps [miniflare](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare) from 4.20260616.0 to 4.20260617.0.
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/miniflare@4.20260617.0/packages/miniflare)

---
updated-dependencies:
- dependency-name: miniflare
  dependency-version: 4.20260617.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/miniflare-4.20260617.0 branch from 5737421 to 9aa0bf5 Compare June 19, 2026 08:15
@github-actions github-actions Bot merged commit e3cb9d6 into Current Jun 19, 2026
8 of 11 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/miniflare-4.20260617.0 branch June 19, 2026 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant