[pull] main from cloudflare:main #318
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* chore: add CI validation for external package dependencies Add a validation check that ensures packages explicitly declare their external (non-bundled) dependencies to prevent dependency chain poisoning. - Add tools/deployments/validate-package-dependencies.ts validation script - Add check:package-deps npm script and integrate into pnpm check - Create scripts/deps.ts allowlists for packages with external dependencies: - miniflare (12 deps) - @cloudflare/vite-plugin (8 deps) - @cloudflare/vitest-pool-workers (7 deps) - @cloudflare/kv-asset-handler (1 dep) - @cloudflare/workers-editor-shared (1 dep) - Update CONTRIBUTING.md with documentation on managing dependencies - Add unit tests for the validation logic (22 tests) * fix(kv-asset-handler): bundle mime dependency instead of keeping it external Move mime from dependencies to devDependencies so it gets bundled into the distributable. This follows the project's practice of bundling dependencies to prevent dependency chain poisoning. * fix(miniflare): bundle acorn and acorn-walk dependencies Move acorn and acorn-walk from dependencies to devDependencies so they get bundled into the distributable. These are pure JavaScript parsing libraries with no special runtime requirements, so they can be safely bundled. * chore: bundle more dependencies to reduce supply chain risk Move 13 dependencies from dependencies to devDependencies so they get bundled into the distributed packages rather than being installed as transitive dependencies by users. Packages updated: - miniflare: bundle exit-hook, glob-to-regexp, stoppable, youch - @cloudflare/vitest-pool-workers: bundle birpc, devalue, get-port, semver - @cloudflare/vite-plugin: bundle @remix-run/node-fetch-server, defu, get-port, picocolors, tinyglobby Also updates the EXTERNAL_DEPENDENCIES comments to explain WHY each remaining dependency cannot be bundled (native binaries, optional native bindings, runtime resolution needs) rather than just describing how they are used. * fix(vitest-pool-workers): bundle dependencies that were moved to devDependencies * chore: add changeset for dependency bundling * fixup: remove unnecessary stuff from CONTRIBUTING
* Add child-environment playground * Support multiple module runners in a single Worker * Add environmentNameToChildEnvironmentNamesMap * Create child environments in config * Update initRunner and initRunners * Use environment name from header in __VITE_INVOKE_MODULE__ * Apply internal plugins to child environments * Add changeset
* Mark all D1 execution errors as user errors * Create wild-sloths-tease.md * Delete .changeset/wild-sloths-tease.md * Mark more Oauth errors as user errors, and make sure the error messages are exposed to users. * Mark ENOENT exceptions as User Error * Handle UND_ERR_CONNECT_TIMEOUT errors with user-friendly message When users experience connection timeouts to Cloudflare's API, Wrangler now displays a helpful message instead of the raw error code. This prevents unnecessary Sentry reports for environmental issues that users cannot fix by modifying their code. The handler specifically detects timeouts to api.cloudflare.com and dash.cloudflare.com, ensuring timeouts to user endpoints (like dev servers) are still reported as potential bugs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add JSDoc @param and @returns to isCloudflareAPIConnectionTimeoutError Co-Authored-By: NuroDev <ben@nuro.dev> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add type annotation to files variable in validate.ts Co-Authored-By: NuroDev <ben@nuro.dev> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Handle EPERM (permission) errors with user-friendly message When users experience file system permission errors (typically due to insufficient permissions, locked files, or antivirus software), Wrangler now displays a helpful message instead of the raw EPERM error code. The error message: - Shows the affected file path if available - Provides common causes of permission errors - Logs the full error message in debug mode - Prevents unnecessary Sentry reports for environmental issues 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add user-friendly error handling for DNS resolution failures Handle ENOTFOUND DNS errors to Cloudflare's API with clear, actionable messages instead of raw error codes. These are environmental issues (network connectivity, DNS configuration) that users can't fix by modifying code, so we suppress Sentry reporting. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add EACCES error handling to permission error detection Extended permission error handling to catch both EPERM and EACCES error codes. EACCES (permission denied) is commonly encountered when accessing config files and other system resources where read/write permissions are insufficient. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * user * Refactor: Extract shared isCloudflareAPI helper function Extracted the duplicated isCloudflareAPI logic into a shared helper function to avoid code duplication between DNS error and timeout error detection functions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * remove environmental workding * rename error unknown * improve changeset --------- Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )