#4448eb08e2dc Thanks @mrbbot! - fix: include request url and headers in pretty error page
This change ensures Miniflare's pretty error page includes the URL and headers of the incoming request, rather than Miniflare's internal request for the page.
When storing data in KV, Cache and R2, Miniflare uses both an SQL database and separate blob store. When writing a key/value pair, a blob is created for the new value and the old blob for the previous value (if any) is deleted. A few months ago, we introduced a change that prevented old blobs being deleted for KV and Cache. R2 was unaffected. This shouldn't have caused any problems, but could lead to persistence directories growing unnecessarily as they filled up with garbage blobs. This change ensures garbage blobs are deleted.
Note existing garbage will not be cleaned up. If you'd like to do this, download this Node script (https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076). If you're using the default Wrangler persistence directory, run node gc.mjs kv .wrangler/state/v3/kv <namespace_id_1> <namespace_id_2> ... and node gc.mjs cache .wrangler/state/v3/cache default named:<cache_name_1> named:<cache_name_2> ... with each of your KV namespace IDs (not binding names) and named caches.
#455063708a94 Thanks @mrbbot! - fix: validate Host and Orgin headers where appropriate
Host and Origin headers are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.
When using Workers Sites with a module worker, the asset manifest must be imported from the __STATIC_CONTENT_MANIFEST virtual module. Miniflare provided this module, but also erroneously added __STATIC_CONTENT_MANIFEST to the env object too. Whilst this didn't break anything locally, it could cause users to develop Workers that ran locally, but not when deployed. This change ensures env doesn't contain __STATIC_CONTENT_MANIFEST.
This change adds a new wrappedBindings worker option for configuring
workerd's wrapped bindings.
These allow custom bindings to be written as JavaScript functions accepting an
env parameter of "inner bindings" and returning the value to bind. For more
details, refer to the API docs.
#4341d9908743 Thanks @RamIdeas! - Added a handleRuntimeStdio which enables wrangler (or any other direct use of Miniflare) to handle the stdout and stderr streams from the workerd child process. By default, if this option is not provided, the previous behaviour is retained which splits the streams into lines and calls console.log/console.error.
#4448eb08e2dc Thanks @mrbbot! - fix: include request url and headers in pretty error page
This change ensures Miniflare's pretty error page includes the URL and headers of the incoming request, rather than Miniflare's internal request for the page.
When storing data in KV, Cache and R2, Miniflare uses both an SQL database and separate blob store. When writing a key/value pair, a blob is created for the new value and the old blob for the previous value (if any) is deleted. A few months ago, we introduced a change that prevented old blobs being deleted for KV and Cache. R2 was unaffected. This shouldn't have caused any problems, but could lead to persistence directories growing unnecessarily as they filled up with garbage blobs. This change ensures garbage blobs are deleted.
Note existing garbage will not be cleaned up. If you'd like to do this, download this Node script (https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076). If you're using the default Wrangler persistence directory, run node gc.mjs kv .wrangler/state/v3/kv <namespace_id_1> <namespace_id_2> ... and node gc.mjs cache .wrangler/state/v3/cache default named:<cache_name_1> named:<cache_name_2> ... with each of your KV namespace IDs (not binding names) and named caches.
#455063708a94 Thanks @mrbbot! - fix: validate Host and Orgin headers where appropriate
Host and Origin headers are now checked when connecting to the inspector and Miniflare's magic proxy. If these don't match what's expected, the request will fail.
When using Workers Sites with a module worker, the asset manifest must be imported from the __STATIC_CONTENT_MANIFEST virtual module. Miniflare provided this module, but also erroneously added __STATIC_CONTENT_MANIFEST to the env object too. Whilst this didn't break anything locally, it could cause users to develop Workers that ran locally, but not when deployed. This change ensures env doesn't contain __STATIC_CONTENT_MANIFEST.
This change adds a new wrappedBindings worker option for configuring
workerd's wrapped bindings.
These allow custom bindings to be written as JavaScript functions accepting an
env parameter of "inner bindings" and returning the value to bind. For more
details, refer to the API docs.
#4341d9908743 Thanks @RamIdeas! - Added a handleRuntimeStdio which enables wrangler (or any other direct use of Miniflare) to handle the stdout and stderr streams from the workerd child process. By default, if this option is not provided, the previous behaviour is retained which splits the streams into lines and calls console.log/console.error.
Previously, running wrangler dev would leave behind "zombie" workerd processes. These processes prevented the same port being bound if wrangler dev was restarted and sometimes consumed lots of CPU time. This change ensures all workerd processes are killed when wrangler dev is shutdown.
To clean-up existing zombie processes, run pkill -KILL workerd on macOS/Linux or taskkill /f /im workerd.exe on Windows.
wrangler@3.22.0
Minor Changes
#4632a6a4e8a4 Thanks @G4brym! - Deprecate constellation commands and add a warning when using the constellation binding
Previously, Wrangler would only apply source mapping to uncaught exceptions. This meant if you caught an exception and logged its stack trace, the call sites would reference built JavaScript files as opposed to source files. This change looks for stack traces in logged messages, and tries to source map them.
Note source mapping is only applied when outputting logs. Error#stack does not return a source mapped stack trace. This means the actual runtime value of new Error().stack and the output from console.log(new Error().stack) may be different.
#45713314dbde Thanks @penalosa! - feat: When Wrangler crashes, send an error report to Sentry to aid in debugging.
When Wrangler's top-level exception handler catches an error thrown from Wrangler's application, it will offer to report the error to Sentry. This requires opt-in from the user every time.
Patch Changes
#45774c85fe99 Thanks @dario-piotrowicz! - During the R2 validation, show MAX_UPLOAD_SIZE errors using MiB (consistently with the Cloudflare docs)
Previously, running wrangler dev would leave behind "zombie" workerd processes. These processes prevented the same port being bound if wrangler dev was restarted and sometimes consumed lots of CPU time. This change ensures all workerd processes are killed when wrangler dev is shutdown.
To clean-up existing zombie processes, run pkill -KILL workerd on macOS/Linux or taskkill /f /im workerd.exe on Windows.
3.22.0
Minor Changes
#4632a6a4e8a4 Thanks @G4brym! - Deprecate constellation commands and add a warning when using the constellation binding
Previously, Wrangler would only apply source mapping to uncaught exceptions. This meant if you caught an exception and logged its stack trace, the call sites would reference built JavaScript files as opposed to source files. This change looks for stack traces in logged messages, and tries to source map them.
Note source mapping is only applied when outputting logs. Error#stack does not return a source mapped stack trace. This means the actual runtime value of new Error().stack and the output from console.log(new Error().stack) may be different.
#45713314dbde Thanks @penalosa! - feat: When Wrangler crashes, send an error report to Sentry to aid in debugging.
When Wrangler's top-level exception handler catches an error thrown from Wrangler's application, it will offer to report the error to Sentry. This requires opt-in from the user every time.
Patch Changes
#45774c85fe99 Thanks @dario-piotrowicz! - During the R2 validation, show MAX_UPLOAD_SIZE errors using MiB (consistently with the Cloudflare docs)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nodejs/release-cloudflare-worker/network/alerts).
Bumps miniflare to 3.20231030.4 and updates ancestor dependency wrangler. These dependencies need to be updated together.
Updates
miniflare
from 3.20230922.0 to 3.20231030.4Release notes
Sourced from miniflare's releases.
... (truncated)
Changelog
Sourced from miniflare's changelog.
... (truncated)
Commits
7506b24
Version Packages (#4559)eb08e2d
fix: include request url and headers in pretty error page (#4448)5e67ea1
Version Packages (#4536)63708a9
fix: validateHost
/Origin
headers in magic proxy and `InspectorProxyWorke...71fb0b8
fix: ensure unused KV and Cache blobs cleaned up (#4466)97727de
Version Packages (#4495)311ffbd
[wrangler] fix: changewrangler (pages) dev
to listen onlocalhost
by def...1b34878
fix: remove__STATIC_CONTENT_MANIFEST
from module workerenv
(#4505)f728503
Version Packages (#4463)be2b9cf
feat: add support for wrapped bindings (#4348)Updates
wrangler
from 3.10.0 to 3.22.1Release notes
Sourced from wrangler's releases.
... (truncated)
Changelog
Sourced from wrangler's changelog.
... (truncated)
Commits
6d3d46a
Version Packages (#4638)5bc2699
fix: prevent zombieworkerd
processes (#4635)35e8a5d
Version Packages (#4620)a6a4e8a
Deprecate constellation commands and add a warning when using the constellati...e8a2a1d
R2: Add Sippy support (#4130)cd4f63a
Add info aboutnode:${module}
syntax for nodejs_compat (#4485)c628de5
Improve listing of queues and update API types (#4426)98dee93
[D1] add rows read/written towrangler d1 info
output (#4621)912bfeb
Version Packages (#4595)a94ef57
[wrangler] feat: source map logged strings (#4423)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show