chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/workers-types	^4.20260218.0 → ^4.20260304.0
@scalar/api-reference (source)	^1.44.20 → ^1.44.26
@types/node (source)	^25.2.3 → ^25.3.0
@typescript/native-preview (source)	^7.0.0-dev.20260218.1 → ^7.0.0-dev.20260224.1
miniflare (source)	^4.20260217.0 → ^4.20260302.0
oxfmt (source)	^0.33.0 → ^0.35.0
oxlint (source)	^1.48.0 → ^1.50.0
pnpm (source)	10.29.3 → 10.30.2
rollup (source)	^4.57.1 → ^4.59.0
shaders	^2.3.63 → ^2.3.73
vite (source)	8.0.0-beta.14 → 8.0.0-beta.15
wrangler (source)	^4.66.0 → ^4.68.1
youch	^4.1.0-beta.14 → ^4.1.0

---

Release Notes

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260304.0

Compare Source

v4.20260303.0

Compare Source

v4.20260302.0

Compare Source

v4.20260228.0

Compare Source

v4.20260227.0

Compare Source

v4.20260219.0

Compare Source

scalar/scalar (@​scalar/api-reference)

v1.44.26

Patch Changes

• #​8248: fix: local storage migration script
• #​8248: feat: slugs for headings with nested content
• #​8248: chore: correctly display header in classic layout
• #​8248: feat: always show the schema type
• #​8248: feat: nest description headings in the sidebar
• #​8248: feat: add option to open first tag by default

Updated Dependencies

• @​scalar/workspace-store@​0.34.3

  • #​8248: fix: local storage migration script
  • #​8248: feat: nest description headings in the sidebar
  • #​8248: chore: map themeId to slug and add default operation to drafts

• @​scalar/oas-utils@​0.6.47

  • #​8248: fix: local storage migration script
  • #​8248: fix: remove unnecessary property truncation in example generation
  • #​8248: chore: map themeId to slug and add default operation to drafts

• @​scalar/helpers@​0.2.16

  • #​8248: fix: local storage migration script

• @​scalar/code-highlight@​0.2.4

  • #​8248: feat: slugs for headings with nested content

• @​scalar/components@​0.19.9

  • #​8248: feat: slugs for headings with nested content
  • #​8248: feat: add optional chevron click handler for the sidebar

• @​scalar/api-client@​2.29.3

  • #​8248: fix: selecting multiply security schemes doesn't render Markdown in descriptions
  • #​8248: fix: remove unnecessary property truncation in example generation

• @​scalar/sidebar@​0.7.40

  • #​8248: feat: add optional chevron click handler for the sidebar

• @​scalar/snippetz@​0.6.16

  • #​8248: fix: duplicate http headers for PHP CURL

• @​scalar/agent-chat@​0.5.17

• @​scalar/openapi-parser@​0.24.14

• @​scalar/types@​0.6.7

v1.44.25

Patch Changes

Updated Dependencies

• @​scalar/workspace-store@​0.34.2

  • #​8219: chore: default to proxy for web layout

• @​scalar/api-client@​2.29.2

  • #​8219: chore: default to proxy for web layout
  • #​8220: chore: add guards for team workspaces

• @​scalar/agent-chat@​0.5.16

• @​scalar/oas-utils@​0.6.46

• @​scalar/sidebar@​0.7.39

• @​scalar/components@​0.19.8

v1.44.24

Patch Changes

Updated Dependencies

• @​scalar/agent-chat@​0.5.15
  • #​8213: Fix position of agent chat input

v1.44.23

Patch Changes

• #​8212: chore: version bump

Updated Dependencies

• @​scalar/api-client@​2.29.1

  • #​8212: chore: version bump

• @​scalar/helpers@​0.2.15

  • #​8212: chore: version bump

• @​scalar/oas-utils@​0.6.45

  • #​8212: chore: version bump

• @​scalar/sidebar@​0.7.38

  • #​8212: chore: version bump

• @​scalar/types@​0.6.6

  • #​8212: chore: version bump

• @​scalar/workspace-store@​0.34.1

  • #​8212: chore: version bump

• @​scalar/agent-chat@​0.5.14

• @​scalar/components@​0.19.7

• @​scalar/openapi-parser@​0.24.13

• @​scalar/snippetz@​0.6.15

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20260224.1

Compare Source

v7.0.0-dev.20260223.1

Compare Source

v7.0.0-dev.20260222.1

Compare Source

v7.0.0-dev.20260221.1

Compare Source

v7.0.0-dev.20260220.1

Compare Source

v7.0.0-dev.20260219.1

Compare Source

cloudflare/workers-sdk (miniflare)

v4.20260302.0

Compare Source

Patch Changes

• #​12582 c2ed7c2 Thanks @​penalosa! - Internal refactor to use capnweb's native ReadableStream support to power remote Media and Dispatch Namespace bindings.

• #​12618 d920811 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260219.0	1.20260227.0

• #​12637 896734d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260227.0	1.20260302.0

• #​12602 58a4020 Thanks @​anonrig! - Optimize filesystem operations by using Node.js's throwIfNoEntry: false option

  This reduces the number of system calls made when checking for file existence by avoiding the overhead of throwing and catching errors for missing paths. This is an internal performance optimization with no user-visible behavioral changes.

v4.20260219.0

Compare Source

Minor Changes

• #​12462 f239077 Thanks @​petebacondarwin! - Add Miniflare#purgeCache() method to clear cache entries programmatically

  This allows developers to clear cached data during local development without
  restarting the Miniflare instance. Useful when working with Workers Sites
  or any application that uses the Cache API.

  const mf = new Miniflare({
  	/* options */
  });
  
  // Purge the default cache
  await mf.purgeCache();
  
  // Purge a specific named cache
  await mf.purgeCache("my-named-cache");

• #​12574 527e4f5 Thanks @​emily-shen! - Local explorer: add /query endpoint to introspect sqlite in DOs

  This required adding a wrapper that extends user DO classes and adds in an extra method to access ctx.storage.sql. This shouldn't have any impact on user code, but is gated by the env var X_LOCAL_EXPLORER.

  This is for an experimental WIP feature.

Patch Changes

• #​12592 aaa7200 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260217.0	1.20260218.0

• #​12606 2f19a40 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260218.0	1.20260219.0

• #​12597 0b17117 Thanks @​sdnts! - The maximum allowed delivery and retry delays for Queues is now 24 hours

oxc-project/oxc (oxfmt)

v0.35.0

Compare Source

🚀 Features

• 984dc07 oxfmt: Strip "experimental"SortXxx prefix (#​19567) (leaysgur)

v0.34.0

Compare Source

🐛 Bug Fixes

• 6c61b70 oxfmt: Fix outdated sortImports.groups doc comments (#​19513) (leaysgur)

oxc-project/oxc (oxlint)

v1.50.0

Compare Source

v1.49.0

Compare Source

pnpm/pnpm (pnpm)

v10.30.2

Compare Source

v10.30.1: pnpm 10.30.1

Compare Source

Patch Changes

• Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #​10649.

Platinum Sponsors

Gold Sponsors

v10.30.0: pnpm 10.30

Compare Source

Minor Changes

• pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

• Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #​7122.
• Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #​10596.

Platinum Sponsors

Gold Sponsors

rollup/rollup (rollup)

v4.59.0

Compare Source

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#​6276)

Pull Requests

• #​6275: Validate bundle stays within output dir (@​lukastaegert)

v4.58.0

Compare Source

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#​6272)

Pull Requests

• #​6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #​6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #​6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #​6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #​6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6265: chore(deps): lock file maintenance (@​renovate[bot])
• #​6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #​6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #​6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6270: chore(deps): lock file maintenance (@​renovate[bot])
• #​6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

vitejs/vite (vite)

v8.0.0-beta.15

Compare Source

Features

• update rolldown to 1.0.0-rc.5 (#​21660) (b3ddbc5)

Bug Fixes

• dev: only treat EADDRINUSE as port conflict in wildcard pre-check (#​21642) (e54e25f)
• dev: prevent concurrent server restarts (#​21636) (8ce23a3)
• dev: return "502 Bad Gateway" on proxy failures instead of 500 (#​21652) (e240df2)

Performance Improvements

• ssr: skip circular import check for already-evaluated modules (#​21632) (235140b)
• use tsconfig cache for oxc transform in dev (#​21643) (57ff177)

Miscellaneous Chores

• deps: remove fdir and @rollup/plugin-commonjs (#​21639) (5abffd5)
• deps: update dependency @​rollup/plugin-alias to v6 (#​21097) (44b5bdf)

cloudflare/workers-sdk (wrangler)

v4.68.1

Compare Source

Patch Changes

• #​12648 3d6e421 Thanks @​petebacondarwin! - Fix Angular scaffolding to allow localhost SSR in development mode

  Recent versions of Angular's AngularAppEngine block serving SSR on localhost by default. This caused wrangler dev / wrangler pages dev to fail with URL with hostname "localhost" is not allowed.

  The fix passes allowedHosts: ["localhost"] to the AngularAppEngine constructor in server.ts, which is safe to do even in production since Cloudflare will already restrict which host is allowed.

• #​12657 294297e Thanks @​dario-piotrowicz! - Update Waku autoconfig logic

  As of 1.0.0-alpha.4, Waku projects can be built on top of the Cloudflare Vite plugin, and the changes here allow Wrangler autoconfig to support this. Running autoconfig on older versions of Waku will result in an error.

• Updated dependencies []:

  • miniflare@​4.20260302.0

v4.68.0

Compare Source

Minor Changes

• #​12614 8d882fa Thanks @​dario-piotrowicz! - Enable autoconfig for wrangler deploy by default (while allowing users to still disable it via --x-autoconfig=false if necessary)

• #​12614 8d882fa Thanks @​dario-piotrowicz! - Mark the wrangler setup command as stable

v4.67.1

Compare Source

Patch Changes

• #​12595 e93dc01 Thanks @​dario-piotrowicz! - Add a warning in the autoconfig logic letting users know that support for projects inside workspaces is limited

• #​12582 c2ed7c2 Thanks @​penalosa! - Internal refactor to use capnweb's native ReadableStream support to power remote Media and Dispatch Namespace bindings.

• #​12618 d920811 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260219.0	1.20260227.0

• #​12637 896734d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260227.0	1.20260302.0

• #​12601 ebdbe52 Thanks @​43081j! - Switch to empathic for file-system upwards traversal to reduce dependency bloat.

• #​12602 58a4020 Thanks @​anonrig! - Optimize filesystem operations by using Node.js's throwIfNoEntry: false option

  This reduces the number of system calls made when checking for file existence by avoiding the overhead of throwing and catching errors for missing paths. This is an internal performance optimization with no user-visible behavioral changes.

• #​12591 6f6cd94 Thanks @​martinezjandrew! - Implemented logic within wrangler containers registries configure to check if a specified secret name is already in-use and offer to reuse that secret. Also added --skip-confirmation flag to the command to skip all interactive prompts.

• Updated dependencies [c2ed7c2, d920811, 896734d, 58a4020]:

  • miniflare@​4.20260302.0

v4.67.0

Compare Source

Minor Changes

• #​12401 8723684 Thanks @​jonesphillip! - Add validation retry loops to pipelines setup command

  The wrangler pipelines setup command now prompts users to retry when validation errors occur, instead of failing the entire setup process. This includes:

  • Validation retry prompts for pipeline names, bucket names, and field names
  • A "simple" mode for sink configuration that uses sensible defaults
  • Automatic bucket creation when buckets don't exist
  • Automatic Data Catalog enablement when not already active

  This improves the setup experience by allowing users to correct mistakes without restarting the entire configuration flow.

• #​12395 aa82c2b Thanks @​cmackenzie1! - Generate typed pipeline bindings from stream schemas

  When running wrangler types, pipeline bindings now generate TypeScript types based on the stream's schema definition. This gives you full autocomplete and type checking when sending data to your pipelines.

  // wrangler.json
  {
  	"pipelines": [
  		{ "binding": "ANALYTICS", "pipeline": "analytics-stream-id" },
  	],
  }

  If your stream has a schema with fields like user_id (string) and event_count (int32), the generated types will be:

  declare namespace Cloudflare {
  	type AnalyticsStreamRecord = { user_id: string; event_count: number };
  	interface Env {
  		ANALYTICS: Pipeline<Cloudflare.AnalyticsStreamRecord>;
  	}
  }

  For unstructured streams or when not authenticated, bindings fall back to the generic Pipeline<PipelineRecord> type.

Patch Changes

• #​12592 aaa7200 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260217.0	1.20260218.0

• #​12606 2f19a40 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260218.0	1.20260219.0

• #​12604 e2a6600 Thanks @​petebacondarwin! - fix: pass --env flag to auxiliary workers in multi-worker mode

  When running wrangler dev with multiple config files (e.g. -c ./apps/api/wrangler.jsonc -c ./apps/queues/wrangler.jsonc -e=dev), the --env flag was not being passed to auxiliary (non-primary) workers. This meant that environment-specific configuration (such as queue bindings) was not applied to auxiliary workers, causing features like queue consumers to not be triggered in local development.

• #​12597 0b17117 Thanks @​sdnts! - The maximum allowed delivery and retry delays for Queues is now 24 hours

• #​12598 ca58062 Thanks @​mattzcarey! - Stop redacting wrangler whoami output in non-interactive mode

  wrangler whoami is explicitly invoked to retrieve account info, so email and account names should always be visible. Redacting them in non-interactive/CI environments makes it difficult for coding agents and automated tools to identify which account to use. Other error messages that may appear unexpectedly in CI logs (e.g. multi-account selection errors) remain redacted.

• Updated dependencies [f239077, aaa7200, 2f19a40, 5f9f0b4, 452cdc8, 527e4f5, 0b17117]:

  • miniflare@​4.20260219.0
  • @​cloudflare/unenv-preset@​2.14.0

poppinss/youch (youch)

v4.1.0: Tag as latest after a stable beta being tested for more than a year

Compare Source

Breaking Changes

• Switch from CommonJS to ESM. The package can no longer be require()'d.
• Switch from a default export to named exports.

  - import Youch from 'youch'
  + import { Youch } from 'youch'

• The Youch constructor no longer accepts the error or request object. Instead, the error is passed directly to toHTML(), toJSON(), and the new toANSI() methods.

  - const youch = new Youch(error, req)
  - const html = await youch.toHTML()
  - const json = await youch.toJSON()
  + const youch = new Youch()
  + const html = await youch.toHTML(error)
  + const json = await youch.toJSON(error)

• The HTTP request is no longer passed to the constructor. Pass it as an option to toHTML() instead. The request must be a plain object with url, method, and headers properties (not a Node.js http.IncomingMessage).

  - const youch = new Youch(error, req)
  - const html = await youch.toHTML()
  + const youch = new Youch()
  + const html = await youch.toHTML(error, {
  +   request: {
  +     url: req.url,
  +     method: req.method,
  +     headers: req.headers,
  +   },
  + })

• The toJSON() return value is now a ParsedError object directly, instead of being wrapped inside { error: {...} }.

  - const { error } = await youch.toJSON()
  - console.log(error.message)
  + const error = await youch.toJSON(error)
  + console.log(error.message)

• The toHTML() method no longer accepts arbitrary template data. Use the structured options object instead, which accepts title, cspNonce, ide, request, offset, and frameSourceBuffer.

  - await youch.toHTML({ cspNonce: 'abc123' })
  + await youch.toHTML(error, { cspNonce: 'abc123' })

• The preLines and postLines constructor options have been replaced by frameSourceBuffer on each render method.

  - const youch = new Youch(error, req, { preLines: 8, postLines: 8 })
  - const html = await youch.toHTML()
  + const youch = new Youch()
  + const html = await youch.toHTML(error, { frameSourceBuffer: 8 })

• Remove the addLink() method. Custom links can no longer be added to the error page. Use the new template/component system to customize the HTML output instead.
• Remove the toggleShowAllFrames() method. Frame visibility is now handled by the new HTML UI.

Features

• Add toANSI() method for rendering errors as ANSI-colored terminal output.

  const youch = new Youch()
  const output = await youch.toANSI(error)
  console.log(output)

• Add structured Metadata API for attaching contextual information to error pages. Metadata is organized into groups, sections, and rows.

  const youch = new Youch()
  youch.metadata.group('Request', {
    Headers: [
      { key: 'Host', value: 'localhost:3000' },
      { key: 'Accept', value: 'text/html' },
    ],
    Cookies: [
      { key: 'session_id', value: 'abc123' },
    ],
  })

• Add useParser() for pre-processing errors before they are parsed.

  youch.useParser((source) => {
    // Normalize or transform the error before parsing
    return source
  })

• Add useTransformer() for post-processing parsed errors.

  youch.useTransformer((error, source) => {
    // Mutate the ParsedError after parsing
    error.hint = 'Did you forget to install dependencies?'
  })

• Add defineSourceLoader() for custom source code loading (e.g., remote files, bundled sources).

  youch.defineSourceLoader(async (frame) => {
    const contents = await fetchSource(frame.fileName)
    return { contents }
  })

• Add pluggable template/component system. Every section of the HTML output (header, layout, errorInfo, errorStack, errorStackSource, errorCause, errorMetadata) can be replaced with a custom component.

  youch.templates.use('errorInfo', new MyCustomErrorInfo())

• Add IDE integration. Clicking file paths in the HTML output opens them in your editor. Configurable via the ide option ("vscode", "sublime", "phpstorm", etc.) or a custom URL format.

  await youch.toHTML(error, { ide: 'vscode' })

• Add templates.injectStyles() for injecting custom CSS into the error page.

  youch.templates.injectStyles(':root { --surface-bg: #​1a1a2e; }')

• Add dark mode support with automa

---

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nitro.build	Ready	Preview, Comment	Feb 25, 2026 1:44am

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/nitrojs/nitro@4054

commit: 0cb2994