Bump the deps group across 1 directory with 9 updates

[dependabot]

Bumps the deps group with 9 updates in the /cloudflare-workers directory:

Package	From	To
@connectrpc/connect	2.0.3	2.1.0
@bufbuild/buf	1.56.0	1.57.2
@bufbuild/protoc-gen-es	2.6.3	2.9.0
@cloudflare/workers-types	4.20250803.0	4.20251001.0
@connectrpc/connect-node	2.0.3	2.1.0
@types/node	24.2.0	24.6.1
miniflare	4.20250730.0	4.20250927.0
typescript	5.9.2	5.9.3
wrangler	4.27.0	4.40.3

Updates @connectrpc/connect from 2.0.3 to 2.1.0

Release notes

Sourced from @​connectrpc/connect's releases.

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

• Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @​timostamm in connectrpc/connect-es#1560
• Drop support for Node.js 18 by @​timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

• Fix memory leak in Node.js universal HTTP client by @​timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

• 8566675 Release 2.1.0 (#1564)
• 4eed0ce Update to TypeScript 5.9 and change return types from Uint8Array to `Uint8A...
• 17ee287 Release 2.0.4 (#1558)
• 5dafeaa Update protobuf-es and dependabot groups (#1549)
• a2606e7 Bump the bench group with 2 updates (#1533)
• 1b8db5d Bump @​bufbuild/buf from 1.55.1 to 1.56.0 (#1537)
• c1510a8 Bump jasmine from 5.8.0 to 5.9.0 (#1538)
• See full diff in compare view

Updates @bufbuild/buf from 1.56.0 to 1.57.2

Release notes

Sourced from @​bufbuild/buf's releases.

v1.57.2

• Fix buf curl for HTTP/2 services.

v1.57.1

• Minor bug fixes and dependency upgrades.

v1.57.0

• Update exclude types to remove unused options reducing the size of generated code.
• Add gitlab-code-quality error format to print errors in the GitLab Code Quality format for buf lint and buf breaking.
• Add source_control_url to json outputs for buf registry {module, plugin} commit commands.

Changelog

Sourced from @​bufbuild/buf's changelog.

[v1.57.2] - 2025-09-16

• Fix buf curl for HTTP/2 services

[v1.57.1] - 2025-09-16

• Minor bug fixes and dependency upgrades.

[v1.57.0] - 2025-08-27

• Update exclude types to remove unused options reducing the size of generated code.
• Add gitlab-code-quality error format to print errors in the GitLab Code Quality format for buf lint and buf breaking.
• Add source_control_url to json outputs for buf registry {module, plugin} commit commands.

Commits

• 2a315f2 Release v1.57.2 (#4017)
• 574a9ea Fix buf curl with HTTP/2 services (#4016)
• f9fbf5d Return to development (#4015)
• a925ce2 Release v1.57.1 (#4013)
• 7e199bd Upgrade generated SDK protoc-gen-go version (#4014)
• 2d0ab7a Use std http.Protocols for http config (#4011)
• 0f230da Upgrade makego (#4012)
• 2344d01 Make upgrade (#4010)
• d5d28ae Bump golang from 1.24-alpine3.22 to 1.25-alpine3.22 (#3963)
• b57df30 Silence config warning on empty rules when policies are defined (#3972)
• Additional commits viewable in compare view

Updates @bufbuild/protoc-gen-es from 2.6.3 to 2.9.0

Release notes

Sourced from @​bufbuild/protoc-gen-es's releases.

v2.9.0

What's Changed

• Support Deno by @​timostamm in bufbuild/protobuf-es#1233

Full Changelog: bufbuild/protobuf-es@v2.8.0...v2.9.0

v2.8.0

What's Changed

• Add support for Edition 2024 by @​timostamm in bufbuild/protobuf-es#1228
• Fix Valid types for interstitial references by @​timostamm in bufbuild/protobuf-es#1230

Full Changelog: bufbuild/protobuf-es@v2.7.0...v2.8.0

v2.7.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. See #1200 for details.

• Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @​timostamm in bufbuild/protobuf-es#1200
• Drop support for Node.js 18 by @​timostamm in bufbuild/protobuf-es#1201
• Run CI on Node.js v24 by @​timostamm in bufbuild/protobuf-es#1199
• Optimize bundle-size impact of fix to closed enum parsing by @​timostamm in bufbuild/protobuf-es#1197

Full Changelog: bufbuild/protobuf-es@v2.6.3...v2.7.0

Commits

• ac7d546 Release 2.9.0 (#1236)
• 89dd6e7 Release 2.8.0 (#1231)
• cdd0dd9 Fix Valid types for interstitial references (#1230)
• 92f8536 Release 2.7.0 (#1206)
• fe3c21b Drop support for Node.js 18 (#1201)
• See full diff in compare view

Updates @cloudflare/workers-types from 4.20250803.0 to 4.20251001.0

Commits

• See full diff in compare view

Updates @connectrpc/connect-node from 2.0.3 to 2.1.0

Release notes

Sourced from @​connectrpc/connect-node's releases.

v2.1.0

What's Changed

[!IMPORTANT]

TypeScript 5.9 includes breaking changes to lib.d.ts, forcing us to change return types for some functions from Uint8Array to Uint8Array<ArrayBuffer>. This is unlikely to affect you, but if it does, see #1560 for details.

• Update to TypeScript 5.9 and change return types from Uint8Array to Uint8Array<ArrayBuffer> by @​timostamm in connectrpc/connect-es#1560
• Drop support for Node.js 18 by @​timostamm in connectrpc/connect-es#1559

Full Changelog: connectrpc/connect-es@v2.0.4...v2.1.0

v2.0.4

What's Changed

• Fix memory leak in Node.js universal HTTP client by @​timostamm in connectrpc/connect-es#1547

Full Changelog: connectrpc/connect-es@v2.0.3...v2.0.4

Commits

• 8566675 Release 2.1.0 (#1564)
• 4eed0ce Update to TypeScript 5.9 and change return types from Uint8Array to `Uint8A...
• f6505b7 Drop support for Node.js 18 (#1559)
• 17ee287 Release 2.0.4 (#1558)
• 8aab5b3 Fix memory leak in Node.js universal HTTP client (#1547)
• c1510a8 Bump jasmine from 5.8.0 to 5.9.0 (#1538)
• See full diff in compare view

Updates @types/node from 24.2.0 to 24.6.1

Commits

• See full diff in compare view

Updates miniflare from 4.20250730.0 to 4.20250927.0

Release notes

Sourced from miniflare's releases.

[email protected]

Patch Changes

• #10775 6ff41a6 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250924.0	1.20250926.0

• #10799 0c208e1 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250926.0	1.20250927.0

• #10683 2432022 Thanks @​yuripave! - fix: api proxy preserve multiple Set-Cookie headers

• #10769 0a554f9 Thanks @​penalosa! - Mark more errors as UserError to disable Sentry reporting

[email protected]

Patch Changes

• #10745 06e9a48 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250923.0	1.20250924.0

[email protected]

Minor Changes

• #10647 555a6da Thanks @​efalcao! - VPC service binding support

Patch Changes

• #10692 262393a Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250917.0	1.20250918.0

• #10705 3ec1f65 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

... (truncated)

Changelog

Sourced from miniflare's changelog.

4.20250927.0

Patch Changes

• #10775 6ff41a6 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250924.0	1.20250926.0

• #10799 0c208e1 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250926.0	1.20250927.0

• #10683 2432022 Thanks @​yuripave! - fix: api proxy preserve multiple Set-Cookie headers

• #10769 0a554f9 Thanks @​penalosa! - Mark more errors as UserError to disable Sentry reporting

4.20250924.0

Patch Changes

• #10745 06e9a48 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20250923.0	1.20250924.0

4.20250923.0

Minor Changes

• #10647 555a6da Thanks @​efalcao! - VPC service binding support

Patch Changes

• #10692 262393a Thanks @​dependabot! - chore: update dependencies of "miniflare" package

  The following dependency versions have been updated:

  Dependency	From	To

... (truncated)

Commits

• 76d2538 Version Packages (#10783)
• 0a554f9 Mark more errors as UserError (#10769)
• 0c208e1 build(deps): bump the workerd-and-workers-types group with 2 updates (#10799)
• d09cab3 Add Workflow name and instance id validations (#10785)
• 2432022 fix(miniflare): api proxy preserve multiple Set-Cookie headers (#10683)
• 6ff41a6 Bump the workerd-and-workers-types group with 2 updates (#10775)
• 2781330 Version Packages (#10747)
• 06e9a48 Bump the workerd-and-workers-types group with 2 updates (#10745)
• 9e37dda Version Packages (#10698)
• 328e687 Bump the workerd-and-workers-types group with 2 updates (#10729)
• Additional commits viewable in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Commits

• 31a0ead Don't compare "missing" to undefined in compareProperties under `exactOpt...
• d4b15eb Enhance type argument completions (#62170)
• 83ff202 Bump the github-actions group across 1 directory with 2 updates (#62507)
• e350126 Port microsoft/typescript-go#1764 (#62510)
• 97610a8 Port microsoft/typescript-go#1757 (#62501)
• 1cd5309 Port microsoft/typescript-go#1759 (#62502)
• 5f183ad Revert PR 61928 (#62423)
• 6f6efb4 Disable conditional exports fallbacks on null values (#62483)
• 96acaa5 Remove no-default-lib (#62435)
• 904e7dd Enable noUncheckedSideEffectImports by default (#62443)
• Additional commits viewable in compare view

Updates wrangler from 4.27.0 to 4.40.3

Release notes

Sourced from wrangler's releases.

[email protected]

Patch Changes

• #10602 ff82d80 Thanks @​tukiminya! - fix: update Secrets Store command status from alpha to open-beta

• #10623 7a6381c Thanks @​IRCody! - Handle more cases for correctly resolving the full uri for an image when using containers push.

• #10779 325d22e Thanks @​hoodmane! - Add fallthrough: true for python_modules data rule

• #10112 8d07576 Thanks @​devin-ai-integration! - fix: allow Workflow bindings when calling getPlatformProxy()

  Workflow bindings are not supported in practice when using getPlatformProxy(). But their existence in a Wrangler config file should not prevent other bindings from working. Previously, calling getPlatformProxy() would crash if there were any Workflow bindings defined. Now, instead, you get a warning telling you that these bindings are not available.

• #10769 0a554f9 Thanks @​penalosa! - Mark more errors as UserError to disable Sentry reporting

• #10679 6244a9e Thanks @​KianNH! - Fix rendering for nested objects in containers list and containers info [ID]

• #10785 d09cab3 Thanks @​pombosilva! - Workflows names and instance IDs are now properly validated with production limits.

• Updated dependencies [6ff41a6, 0c208e1, 2432022, d0801b1, 0a554f9]:

  • [email protected]
  • @​cloudflare/unenv-preset@​2.7.5

[email protected]

Patch Changes

• #10771 b455281 Thanks @​penalosa! - Fix Worker Loader binding type

[email protected]

Patch Changes

• #10668 a57149f Thanks @​danielrs! - Support the deletion of secrets with complex names

[email protected]

Minor Changes

• #10743 a7ac751 Thanks @​jonesphillip! - Changes --fileSizeMB to --file-size for wrangler r2 bucket catalog compaction command. Small fixes for pipelines commands.

Patch Changes

• #10706 81fd733 Thanks @​1000hz! - Fixed an issue that caused some Workers to have an incorrect service tag applied when using a redirected configuration file (as used by the Cloudflare Vite plugin). This resulted in these Workers not being correctly grouped with their sibling environments in the Cloudflare dashboard.

• Updated dependencies [06e9a48]:

  • [email protected]

[email protected]

... (truncated)

Changelog

Sourced from wrangler's changelog.

4.40.3

Patch Changes

• #10602 ff82d80 Thanks @​tukiminya! - fix: update Secrets Store command status from alpha to open-beta

• #10623 7a6381c Thanks @​IRCody! - Handle more cases for correctly resolving the full uri for an image when using containers push.

• #10779 325d22e Thanks @​hoodmane! - Add fallthrough: true for python_modules data rule

• #10112 8d07576 Thanks @​devin-ai-integration! - fix: allow Workflow bindings when calling getPlatformProxy()

  Workflow bindings are not supported in practice when using getPlatformProxy(). But their existence in a Wrangler config file should not prevent other bindings from working. Previously, calling getPlatformProxy() would crash if there were any Workflow bindings defined. Now, instead, you get a warning telling you that these bindings are not available.

• #10769 0a554f9 Thanks @​penalosa! - Mark more errors as UserError to disable Sentry reporting

• #10679 6244a9e Thanks @​KianNH! - Fix rendering for nested objects in containers list and containers info [ID]

• #10785 d09cab3 Thanks @​pombosilva! - Workflows names and instance IDs are now properly validated with production limits.

• Updated dependencies [6ff41a6, 0c208e1, 2432022, d0801b1, 0a554f9]:

  • [email protected]
  • @​cloudflare/unenv-preset@​2.7.5

4.40.2

Patch Changes

• #10771 b455281 Thanks @​penalosa! - Fix Worker Loader binding type

4.40.1

Patch Changes

• #10668 a57149f Thanks @​danielrs! - Support the deletion of secrets with complex names

4.40.0

Minor Changes

• #10743 a7ac751 Thanks @​jonesphillip! - Changes --fileSizeMB to --file-size for wrangler r2 bucket catalog compaction command. Small fixes for pipelines commands.

Patch Changes

• #10706 81fd733 Thanks @​1000hz! - Fixed an issue that caused some Workers to have an incorrect service tag applied when using a redirected configuration file (as used by the Cloudflare Vite plugin). This resulted in these Workers not being correctly grouped with their sibling environments in the Cloudflare dashboard.

... (truncated)

Commits

• 76d2538 Version Packages (#10783)
• d0801b1 Drop node:process polyfill when v2 is available (#10805)
• 0a554f9 Mark more errors as UserError (#10769)
• 0c208e1 build(deps): bump the workerd-and-workers-types group with 2 updates (#10799)
• 516a6e0 test: improve resilience of deployments e2e tests (#10800)
• 01db4f1 address todos in unenv e2e tests (#10746)
• 325d22e Add fallthrough: true to python-modules .so glob rule (#10779)
• 5446135 Run cleanup every 2 hours and only cleanup kvs that are older than an hour (#...
• 6244a9e fix(wrangler): Nested object rendering in Containers list/info commands (#10679)
• d09cab3 Add Workflow name and instance id validations (#10785)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions