Bump miniflare from 4.20260305.0 to 4.20260310.0

[dependabot]

Bumps miniflare from 4.20260305.0 to 4.20260310.0.

Release notes

Sourced from miniflare's releases.

miniflare@4.20260310.0

Minor Changes

• #12826 de65c58 Thanks @​gabivlj! - Enable container egress interception in local dev without the experimental compatibility flag

  Container local development now always prepares the egress interceptor sidecar image needed for interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.

• #12754 e4d9510 Thanks @​emily-shen! - Add cross-process support to the local explorer

  When running multiple miniflare processes, the local explorer will now be able to view and edit resources that are bound to workers in other miniflare instances.

Patch Changes

• #12790 5451a7f Thanks @​petebacondarwin! - Bump hono to ^4.12.5 and devalue to ^5.6.3 to address security vulnerabilities

  Hono had multiple advisories including arbitrary file access via serveStatic, JWT algorithm confusion, and XSS through ErrorBoundary. Devalue had denial of service vulnerabilities in devalue.parse. These are bundled dependencies so the fix is delivered via this patch.

• #12795 82cc2a8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260301.1	1.20260306.1

• #12811 3c67c2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260306.1	1.20260307.1

• #12827 d645594 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260307.1	1.20260310.1

• #12828 cb14820 Thanks @​jamesopstad! - Update @hey-api/openapi-ts to ^0.94.0

• #12786 a7c87d1 Thanks @​emily-shen! - local explorer: validate origin and host headers

  The local explorer is a WIP experimental feature.

Changelog

Sourced from miniflare's changelog.

4.20260310.0

Minor Changes

• #12826 de65c58 Thanks @​gabivlj! - Enable container egress interception in local dev without the experimental compatibility flag

  Container local development now always prepares the egress interceptor sidecar image needed for interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.

• #12754 e4d9510 Thanks @​emily-shen! - Add cross-process support to the local explorer

  When running multiple miniflare processes, the local explorer will now be able to view and edit resources that are bound to workers in other miniflare instances.

Patch Changes

• #12790 5451a7f Thanks @​petebacondarwin! - Bump hono to ^4.12.5 and devalue to ^5.6.3 to address security vulnerabilities

  Hono had multiple advisories including arbitrary file access via serveStatic, JWT algorithm confusion, and XSS through ErrorBoundary. Devalue had denial of service vulnerabilities in devalue.parse. These are bundled dependencies so the fix is delivered via this patch.

• #12795 82cc2a8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260301.1	1.20260306.1

• #12811 3c67c2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260306.1	1.20260307.1

• #12827 d645594 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260307.1	1.20260310.1

• #12828 cb14820 Thanks @​jamesopstad! - Update @hey-api/openapi-ts to ^0.94.0

• #12786 a7c87d1 Thanks @​emily-shen! - local explorer: validate origin and host headers

  The local explorer is a WIP experimental feature.

4.20260301.1

... (truncated)

Commits

• 24f807b Version Packages (#12789)
• de65c58 containers: Remove experimental flag from enabling egress interception for co...
• cb14820 Update @hey-api/openapi-ts and move to pnpm catalog (#12828)
• d645594 Bump the workerd-and-workers-types group with 2 updates (#12827)
• e4d9510 Add cross-process support to local explorer (#12754)
• a7c87d1 local explorer: add cors/host validation (#12786)
• 3c67c2a Bump the workerd-and-workers-types group with 2 updates (#12811)
• 82cc2a8 Bump the workerd-and-workers-types group with 2 updates (#12795)
• 5451a7f fix: bump vulnerable direct dependencies (#12790)
• 331d4de Revert "Bump the workerd-and-workers-types group with 2 updates" (#12776)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	miniflare@​4.20260310.0

View full report

[dependabot]

Superseded by #580.