Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the npm_and_yarn at /. security update group with 1 update #13

Merged
merged 1 commit into from
Oct 31, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 31, 2023

Bumps the npm_and_yarn at /. security update group with 1 update: wrangler.

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

  • #4201 0cac2c46 Thanks @​penalosa! - Callout --minify when script size is too large

  • #4209 24d1c5cf Thanks @​mrbbot! - fix: suppress compatibility date fallback warnings if no wrangler update is available

    If a compatibility date greater than the installed version of workerd was configured, a warning would be logged. This warning was only actionable if a new version of wrangler was available. The intent here was to warn if a user set a new compatibility date, but forgot to update wrangler meaning changes enabled by the new date wouldn't take effect. This change hides the warning if no update is available.

    It also changes the default compatibility date for wrangler dev sessions without a configured compatibility date to the installed version of workerd. This previously defaulted to the current date, which may have been unsupported by the installed runtime.

  • #4135 53218261 Thanks @​Cherry! - feat: resolve npm exports for file imports

    Previously, when using wasm (or other static files) from an npm package, you would have to import the file like so:

    import wasm from "../../node_modules/svg2png-wasm/svg2png_wasm_bg.wasm";

    This update now allows you to import the file like so, assuming it's exposed and available in the package's exports field:

    import wasm from "svg2png-wasm/svg2png_wasm_bg.wasm";

    This will look at the package's exports field in package.json and resolve the file using resolve.exports.

  • #4232 69b43030 Thanks @​romeupalos! - fix: use zone_name to determine a zone when the pattern is a custom hostname

    In Cloudflare for SaaS, custom hostnames of third party domain owners can be used in Cloudflare. Workers are allowed to intercept these requests based on the routes configuration. Before this change, the same logic used by wrangler dev was used in wrangler deploy, which caused wrangler to fail with:

    ✘ [ERROR] Could not find zone for [partner-saas-domain.com]

  • #4198 b404ab70 Thanks @​penalosa! - When uploading additional modules with your worker, Wrangler will now report the (uncompressed) size of each individual module, as well as the aggregate size of your Worker

Patch Changes

... (truncated)

Changelog

Sourced from wrangler's changelog.

3.15.0

Minor Changes

  • #4209 24d1c5cf Thanks @​mrbbot! - fix: suppress compatibility date fallback warnings if no wrangler update is available

    If a compatibility date greater than the installed version of workerd was configured, a warning would be logged. This warning was only actionable if a new version of wrangler was available. The intent here was to warn if a user set a new compatibility date, but forgot to update wrangler meaning changes enabled by the new date wouldn't take effect. This change hides the warning if no update is available.

    It also changes the default compatibility date for wrangler dev sessions without a configured compatibility date to the installed version of workerd. This previously defaulted to the current date, which may have been unsupported by the installed runtime.

  • #4135 53218261 Thanks @​Cherry! - feat: resolve npm exports for file imports

    Previously, when using wasm (or other static files) from an npm package, you would have to import the file like so:

    import wasm from "../../node_modules/svg2png-wasm/svg2png_wasm_bg.wasm";

    This update now allows you to import the file like so, assuming it's exposed and available in the package's exports field:

    import wasm from "svg2png-wasm/svg2png_wasm_bg.wasm";

    This will look at the package's exports field in package.json and resolve the file using resolve.exports.

  • #4232 69b43030 Thanks @​romeupalos! - fix: use zone_name to determine a zone when the pattern is a custom hostname

    In Cloudflare for SaaS, custom hostnames of third party domain owners can be used in Cloudflare. Workers are allowed to intercept these requests based on the routes configuration. Before this change, the same logic used by wrangler dev was used in wrangler deploy, which caused wrangler to fail with:

    ✘ [ERROR] Could not find zone for [partner-saas-domain.com]

  • #4198 b404ab70 Thanks @​penalosa! - When uploading additional modules with your worker, Wrangler will now report the (uncompressed) size of each individual module, as well as the aggregate size of your Worker

Patch Changes

... (truncated)

Commits
  • a027b57 Version Packages (#4245)
  • 3d55f96 fix: store temporary files in .wrangler (#4127)
  • be0c628 Bump miniflare version to 20231023 (#4274)
  • b404ab7 Log size of additional modules (#4198)
  • 69b4303 Use zone_name for deployment of custom hostnames (#4232)
  • 24d1c5c [wrangler] Clean up compatibility fallback warnings (#4209)
  • 5321826 feat: support npm resolution for file imports (#4135)
  • 775fb07 Disconnect parent process IPC channel when child process disconnects (#4267)
  • 0cac2c4 Callout --minify when script size is too large (#4201)
  • 0579803 Wrangler and C3: Move the cli folder of C3 into @​cloudflare/cli and make Wran...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn at /. security update group with 1 update: [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).

- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/[email protected]/packages/wrangler)

---
updated-dependencies:
- dependency-name: wrangler
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 31, 2023
@jamesrwhite jamesrwhite merged commit c022616 into main Oct 31, 2023
0 of 2 checks passed
@jamesrwhite jamesrwhite deleted the dependabot/npm_and_yarn/wrangler-3.15.0 branch October 31, 2023 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant