chore(deps): bump esbuild, @cloudflare/vitest-pool-workers, vitest and wrangler in /worker

[dependabot]

Bumps esbuild to 0.27.3 and updates ancestor dependencies esbuild, @cloudflare/vitest-pool-workers, vitest and wrangler. These dependencies need to be updated together.

Updates esbuild from 0.17.19 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates @cloudflare/vitest-pool-workers from 0.5.41 to 0.12.13

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.12.13

Patch Changes

• Updated dependencies [5a868a0, caf9b11, c58e81b, 33a9a8f, 8077c14, caf9b11, 7d2355e, 936187d, 7ea69af, 5cc7158, caf9b11, 43c462a, c4c86f8, 7d2355e, c9d0f9d, 5cc7158, 5cc7158, c9d0f9d]:
  • miniflare@4.20260217.0
  • wrangler@4.66.0

@​cloudflare/vitest-pool-workers@​0.12.12

Patch Changes

• #11771 4b6fd36 Thanks @​avenceslau! - Fix Durable Object storage causing SQLITE_CANTOPEN errors on repeated test runs

  When running vitest multiple times in watch mode, Durable Object storage would fail with SQLITE_CANTOPEN errors. This happened because the storage reset function was deleting directories that workerd still had file handles to.

  The fix preserves directory structure during storage reset, deleting only files while keeping directories intact. This allows workerd to maintain valid handles to SQLite database directories across test runs.

• Updated dependencies [ad817dd, b900c5a, f7fa326, 734792a, 7aaa2a5, cc5ac22, 62a8d48, 84252b7, e5efa5d, d06ad09, 10a1c4a, be9745f, d7b492c, 122791d, 8809411, 1a9eddd, 41e18aa]:

  • wrangler@4.65.0
  • miniflare@4.20260212.0

@​cloudflare/vitest-pool-workers@​0.12.11

Patch Changes

• Updated dependencies [5d56487, 2d90127, 2acb277, c8dda16, e02b5f5, 8ba1d11, 555b32a, d636d6a, bf8df0c, e02b5f5, 988dea9, 1f1c3ce, 62635a0, fd902aa, 961705c, 355c6da, bfd17cd, 3388c84, ce9dc01, 21ac7ab, 937425c]:
  • wrangler@4.64.0
  • miniflare@4.20260210.0

@​cloudflare/vitest-pool-workers@​0.12.10

Patch Changes

• Updated dependencies [ee9b81f, 63f1adb, ba13de9, 447daa3, fe3af35, bd4bb98, dab4bc9, 83adb2c, 18c0784]:
  • wrangler@4.63.0
  • miniflare@4.20260205.0

@​cloudflare/vitest-pool-workers@​0.12.9

Patch Changes

• Updated dependencies [964a39d, 253a85d, ce736b9, 0c9625a, 47944d1, 4c4d5a5, b05b919, 0aaf080, b981db5, a113c0d, fdd7a9f, a5fca2c, 1bd1488, f7aa8c7]:
  • wrangler@4.62.0
  • miniflare@4.20260131.0

@​cloudflare/vitest-pool-workers@​0.12.8

Patch Changes

• Updated dependencies [8a210af, eb8a415, 3b06b18, 17961bb, 52fdfe7, 6d8d9cd, cb72c11]:
  • miniflare@4.20260128.0
  • wrangler@4.61.1

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.12.13

Patch Changes

• Updated dependencies [5a868a0, caf9b11, c58e81b, 33a9a8f, 8077c14, caf9b11, 7d2355e, 936187d, 7ea69af, 5cc7158, caf9b11, 43c462a, c4c86f8, 7d2355e, c9d0f9d, 5cc7158, 5cc7158, c9d0f9d]:
  • miniflare@4.20260217.0
  • wrangler@4.66.0

0.12.12

Patch Changes

• #11771 4b6fd36 Thanks @​avenceslau! - Fix Durable Object storage causing SQLITE_CANTOPEN errors on repeated test runs

  When running vitest multiple times in watch mode, Durable Object storage would fail with SQLITE_CANTOPEN errors. This happened because the storage reset function was deleting directories that workerd still had file handles to.

  The fix preserves directory structure during storage reset, deleting only files while keeping directories intact. This allows workerd to maintain valid handles to SQLite database directories across test runs.

• Updated dependencies [ad817dd, b900c5a, f7fa326, 734792a, 7aaa2a5, cc5ac22, 62a8d48, 84252b7, e5efa5d, d06ad09, 10a1c4a, be9745f, d7b492c, 122791d, 8809411, 1a9eddd, 41e18aa]:

  • wrangler@4.65.0
  • miniflare@4.20260212.0

0.12.11

Patch Changes

• Updated dependencies [5d56487, 2d90127, 2acb277, c8dda16, e02b5f5, 8ba1d11, 555b32a, d636d6a, bf8df0c, e02b5f5, 988dea9, 1f1c3ce, 62635a0, fd902aa, 961705c, 355c6da, bfd17cd, 3388c84, ce9dc01, 21ac7ab, 937425c]:
  • wrangler@4.64.0
  • miniflare@4.20260210.0

0.12.10

Patch Changes

• Updated dependencies [ee9b81f, 63f1adb, ba13de9, 447daa3, fe3af35, bd4bb98, dab4bc9, 83adb2c, 18c0784]:
  • wrangler@4.63.0
  • miniflare@4.20260205.0

0.12.9

Patch Changes

• Updated dependencies [964a39d, 253a85d, ce736b9, 0c9625a, 47944d1, 4c4d5a5, b05b919, 0aaf080, b981db5, a113c0d, fdd7a9f, a5fca2c, 1bd1488, f7aa8c7]:
  • wrangler@4.62.0
  • miniflare@4.20260131.0

0.12.8

... (truncated)

Commits

• dae8d21 Version Packages (#12547)
• 0ebc50d Version Packages (#12508)
• 4b6fd36 Fix vitest watch with durable objects (#11771)
• 04eac7d Version Packages (#12427)
• 07db12a Version Packages (#12383)
• 59a9ee2 Version Packages (#12266)
• a4db914 Use vitest#expect from the local context (#12356)
• 698f510 Speed up pnpm fix and pnpm check (#12348)
• 95154f5 Version Packages (#12184)
• 1228dee Version Packages (#12045)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​cloudflare/vitest-pool-workers since your current version.

Updates vitest from 2.1.9 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in vitest-dev/vitest#9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in vitest-dev/vitest#9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #9…  -  by @​plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)
• Handle null options in addEventHandler #9371  -  by @​ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)
• Typo in browser.provider error  -  by @​deammer in vitest-dev/vitest#9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in vitest-dev/vitest#9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in vitest-dev/vitest#9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in vitest-dev/vitest#9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in vitest-dev/vitest#9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in vitest-dev/vitest#9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in vitest-dev/vitest#9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in vitest-dev/vitest#9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in vitest-dev/vitest#9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in vitest-dev/vitest#9421 (d390e)
• pool:
  • Validate environment options when reusing the worker  -  by @​sheremet-va in vitest-dev/vitest#9349 (a8a88)
  • Handle worker start failures gracefully  -  by @​AriPerkkio in vitest-dev/vitest#9337 (200da)
• reporter:
  • Report test module if it failed to run  -  by @​sheremet-va in vitest-dev/vitest#9272 (c7888)
• runner:
  • Respect nested test.only within describe.only  -  by @​Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)
• typecheck:
  • Improve error message when tsc outputs help text  -  by @​Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)
• ui:

... (truncated)

Commits

• 4d3e3c6 chore: release v4.0.18
• ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
• e057281 fix: use meta.url in createRequire (#9441)
• dd54e94 chore: release v4.0.17
• 59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
• 751364e fix(fsModuleCache): don't store importers in cache (#9422)
• 4b67fc2 fix: typo in browser.provider error (#9394)
• 40841ff fix: handle null options in addEventHandler #9371 (#9372)
• 200dadb fix(pool): handle worker start failures gracefully (#9337)
• 1500654 fix(browser): support fileParallelism on an instance (#9328)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.

Updates wrangler from 3.114.17 to 4.66.0

Release notes

Sourced from wrangler's releases.

wrangler@4.66.0

Minor Changes

• #12466 caf9b11 Thanks @​petebacondarwin! - Add WRANGLER_CACHE_DIR environment variable and smart cache directory detection

  Wrangler now intelligently detects where to store cache files:

  1. Use WRANGLER_CACHE_DIR env var if set
  2. Use existing cache directory if found (node_modules/.cache/wrangler or .wrangler/cache)
  3. Create cache in node_modules/.cache/wrangler if node_modules exists
  4. Otherwise use .wrangler/cache

  This improves compatibility with Yarn PnP, pnpm, and other package managers that don't use traditional node_modules directories, without requiring any configuration.

• #12572 936187d Thanks @​dario-piotrowicz! - Ensure the nodejs_compat flag is always applied in autoconfig

  Previously, the autoconfig feature relied on individual framework configurations to specify Node.js compatibility flags, some could set nodejs_compat while others nodejs_als.

  Now instead nodejs_compat is always included as a compatibility flag, this is generally beneficial and the user can always remove the flag afterwards if they want to.

• #12560 c4c86f8 Thanks @​taylorlee! - Support --tag and --message flags on wrangler deploy

  They have the same behavior that they do as during wrangler versions upload, as both are set on the version.

  The message is also reused for the deployment as well, with the same behavior as used during wrangler versions deploy.

Patch Changes

• #12543 5a868a0 Thanks @​G4brym! - Fix AI Search binding failing in local dev

  Using AI Search bindings with wrangler dev would fail with "RPC stub points at a non-serializable type". AI Search bindings now work correctly in local development.

• #12552 c58e81b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260212.0	1.20260213.0

• #12568 33a9a8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260213.0	1.20260214.0

... (truncated)

Commits

• dae8d21 Version Packages (#12547)
• 8077c14 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12576)
• 9a565d5 [unenv-preset] Support native child_process module when experimental flag is ...
• caf9b11 [wrangler] Smart cache directory detection for Yarn PnP compatibility (#12466)
• 936187d Ensure the nodejs_compat flag is always applied in autoconfig (#12572)
• c9d0f9d Improve autoconfig detection handling for monorepos / multi framework (#12545)
• c4c86f8 [wrangler] Add --tag and --message to deploy command (#12445) (#12560)
• 5a868a0 Fix AI Search rpc binding (#12543)
• 7ea69af fix: support function-based Vite configs in autoconfig setup (#12562)
• 33a9a8f chore(deps): bump the workerd-and-workers-types group with 2 updates (#12568)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.