Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
agents	0.0.77	0.10.0
ai	4.3.13	6.0.153
react-router	7.5.3	7.12.0
@cloudflare/vite-plugin	1.1.0	1.6.0
vite	6.3.5	6.4.2
wrangler	4.14.1	4.81.0
axios	1.9.0	1.14.0
mdast-util-to-hast	13.2.0	13.2.1
rollup	4.40.1	4.60.1

Updates agents from 0.0.77 to 0.10.0

Release notes

Sourced from agents's releases.

agents@0.10.0

Minor Changes

• #1256 dfab937 Thanks @​threepointone! - Add durable fiber execution to the Agent base class.

  runFiber(name, fn) registers work in SQLite, holds a keepAlive ref, and enables recovery via onFiberRecovered after DO eviction. ctx.stash() and this.stash() checkpoint progress that survives eviction.

  AIChatAgent gains unstable_chatRecovery — when enabled, each chat turn is wrapped in a fiber. onChatRecovery provides provider-specific recovery (Workers AI continuation, OpenAI response retrieval, Anthropic synthetic message). continueLastTurn() appends to the interrupted assistant message seamlessly.

  Think now extends Agent directly (no mixin). Fiber support is inherited from the base class.

  Breaking (experimental APIs only):

  • Removed withFibers mixin (agents/experimental/forever)
  • Removed withDurableChat mixin (@cloudflare/ai-chat/experimental/forever)
  • Removed ./experimental/forever export from both packages
  • Think no longer has a fibers flag — recovery is automatic via alarm housekeeping

Patch Changes

• #1259 1933eb4 Thanks @​threepointone! - Run fiber recovery eagerly in onStart() instead of deferring to the next alarm. Interrupted fibers are now detected immediately on the first request after DO wake, with the alarm path as a fallback. A re-entrancy guard prevents double recovery.

• #1263 e3ceb82 Thanks @​threepointone! - Fix routeAgentEmail() keeping the target DO non-hibernatable for ~100-120s after onEmail() returns. Replaces bare closure RPC targets with a single RpcTarget bridge (EmailBridge) that has explicit Symbol.dispose lifecycle, allowing the runtime to tear down the bidirectional RPC session promptly instead of tying it to the caller's execution context lifetime.

• c5ca556 Thanks @​threepointone! - Cap vite peer dependency at >=6.0.0 <9.0.0 to avoid silently accepting untested future major versions.

• #1271 0cc2dae Thanks @​threepointone! - Add optional MCPServerFilter parameter to getAITools(), listTools(), listPrompts(), listResources(), and listResourceTemplates() for scoping results to specific MCP servers by ID, name, or connection state.

• #1267 d1ee61a Thanks @​dmmulroy! - Fix MCP streamable HTTP client session lifecycle so closing connections explicitly terminates active sessions and persists session IDs across reconnects/restores.

• #1270 87b4512 Thanks @​threepointone! - Wire Session into Think as the storage layer, achieving full feature parity with AIChatAgent plus Session-backed advantages.

  Think (@cloudflare/think):

  • Session integration: this.messages backed by session.getHistory(), tree-structured messages, context blocks, compaction, FTS5 search
  • configureSession() override for context blocks, compaction, search, skills (sync or async)
  • assembleContext() returns { system, messages } with context block composition
  • onChatResponse() lifecycle hook fires from all turn paths
  • Non-destructive regeneration via trigger: "regenerate-message" with Session branching
  • saveMessages() for programmatic turn entry (scheduled responses, webhooks, proactive agents)
  • continueLastTurn() for extending the last assistant response
  • Custom body persistence across hibernation
  • sanitizeMessageForPersistence() hook for PII redaction
  • messageConcurrency strategies (queue/latest/merge/drop/debounce)
  • resetTurnState() extracted as protected method
  • unstable_chatRecovery with runFiber wrapping on all 4 turn paths
  • onChatRecovery() hook with ChatRecoveryContext
  • hasPendingInteraction() / waitUntilStable() for quiescence detection
  • Re-export Session from @cloudflare/think
  • Constructor wraps onStart — subclasses never need super.onStart()

... (truncated)

Changelog

Sourced from agents's changelog.

0.10.0

Minor Changes

• #1256 dfab937 Thanks @​threepointone! - Add durable fiber execution to the Agent base class.

  runFiber(name, fn) registers work in SQLite, holds a keepAlive ref, and enables recovery via onFiberRecovered after DO eviction. ctx.stash() and this.stash() checkpoint progress that survives eviction.

  AIChatAgent gains unstable_chatRecovery — when enabled, each chat turn is wrapped in a fiber. onChatRecovery provides provider-specific recovery (Workers AI continuation, OpenAI response retrieval, Anthropic synthetic message). continueLastTurn() appends to the interrupted assistant message seamlessly.

  Think now extends Agent directly (no mixin). Fiber support is inherited from the base class.

  Breaking (experimental APIs only):

  • Removed withFibers mixin (agents/experimental/forever)
  • Removed withDurableChat mixin (@cloudflare/ai-chat/experimental/forever)
  • Removed ./experimental/forever export from both packages
  • Think no longer has a fibers flag — recovery is automatic via alarm housekeeping

Patch Changes

• #1259 1933eb4 Thanks @​threepointone! - Run fiber recovery eagerly in onStart() instead of deferring to the next alarm. Interrupted fibers are now detected immediately on the first request after DO wake, with the alarm path as a fallback. A re-entrancy guard prevents double recovery.

• #1263 e3ceb82 Thanks @​threepointone! - Fix routeAgentEmail() keeping the target DO non-hibernatable for ~100-120s after onEmail() returns. Replaces bare closure RPC targets with a single RpcTarget bridge (EmailBridge) that has explicit Symbol.dispose lifecycle, allowing the runtime to tear down the bidirectional RPC session promptly instead of tying it to the caller's execution context lifetime.

• c5ca556 Thanks @​threepointone! - Cap vite peer dependency at >=6.0.0 <9.0.0 to avoid silently accepting untested future major versions.

• #1271 0cc2dae Thanks @​threepointone! - Add optional MCPServerFilter parameter to getAITools(), listTools(), listPrompts(), listResources(), and listResourceTemplates() for scoping results to specific MCP servers by ID, name, or connection state.

• #1267 d1ee61a Thanks @​dmmulroy! - Fix MCP streamable HTTP client session lifecycle so closing connections explicitly terminates active sessions and persists session IDs across reconnects/restores.

• #1270 87b4512 Thanks @​threepointone! - Wire Session into Think as the storage layer, achieving full feature parity with AIChatAgent plus Session-backed advantages.

  Think (@cloudflare/think):

  • Session integration: this.messages backed by session.getHistory(), tree-structured messages, context blocks, compaction, FTS5 search
  • configureSession() override for context blocks, compaction, search, skills (sync or async)
  • assembleContext() returns { system, messages } with context block composition
  • onChatResponse() lifecycle hook fires from all turn paths
  • Non-destructive regeneration via trigger: "regenerate-message" with Session branching
  • saveMessages() for programmatic turn entry (scheduled responses, webhooks, proactive agents)
  • continueLastTurn() for extending the last assistant response
  • Custom body persistence across hibernation
  • sanitizeMessageForPersistence() hook for PII redaction
  • messageConcurrency strategies (queue/latest/merge/drop/debounce)
  • resetTurnState() extracted as protected method
  • unstable_chatRecovery with runFiber wrapping on all 4 turn paths
  • onChatRecovery() hook with ChatRecoveryContext
  • hasPendingInteraction() / waitUntilStable() for quiescence detection
  • Re-export Session from @cloudflare/think

... (truncated)

Commits

• b035ff1 Version Packages (#1258)
• 0cc2dae feat: add MCPServerFilter to scope getAITools and list methods (#1271)
• c5ca556 Update deps and fix peer dependency ranges
• e3ceb82 fix: use RpcTarget bridge for email callbacks to fix DO hibernation (#1263)
• 87b4512 feat(think): Session integration + full AIChatAgent parity (Phases 1-5) (#1270)
• d1ee61a fix(mcp): streamable-http client session lifecycle — explicit termination, se...
• 8a3a84e feat: inference buffer — durable response buffer for long-running inference c...
• 1933eb4 Eager fiber recovery on wake (onStart) (#1259)
• dfab937 Unified fiber architecture: durable execution baked into Agent (#1256)
• 8db4ef1 Add stream recovery and continuation to withDurableChat mixin (#1254)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for agents since your current version.

Updates ai from 4.3.13 to 6.0.153

Release notes

Sourced from ai's releases.

ai@6.0.153

Patch Changes

• f152133: feat (ai/core): support plain string model IDs in rerank() function

  The rerank() function now accepts plain model strings (e.g., 'cohere/rerank-v3.5') in addition to RerankingModel objects, matching the behavior of generateText, embed, and other core functions.

ai@6.0.152

Patch Changes

• d42076d: Add AI Gateway hint to provider READMEs

ai@6.0.151

Patch Changes

• Updated dependencies [ec18852]
  • @​ai-sdk/gateway@​3.0.93

ai@6.0.150

Patch Changes

• 1003609: fix(ai): skip stringifying text when streaming partial text
• Updated dependencies [9de7d7b]
  • @​ai-sdk/gateway@​3.0.92

ai@5.0.170

Patch Changes

• Updated dependencies [8180bff]
  • @​ai-sdk/gateway@​2.0.74

Commits

• 1f5f861 Version Packages (#14220)
• f152133 Backport: feat(ai/core): support plain string model IDs in rerank() (#14214)
• 99327b1 Version Packages (#14212)
• d42076d Backport: Add AI Gateway hint to provider READMEs (#14199)
• 700ed7f Version Packages (#14206)
• ec18852 Backport: feat(gateway): add reranking model support (#14204)
• 5b155e6 Version Packages (#14202)
• 1003609 Backport: fix(ai): skip stringifying text when streaming partial text (#14200)
• 9de7d7b Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 563c26a Version Packages (#14190)
• Additional commits viewable in compare view

Updates hono from 4.7.8 to 4.12.12

Release notes

Sourced from hono's releases.

v4.12.12

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

---

Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.

v4.12.11

What's Changed

• feat(css): add classNameSlug option to createCssContext by @​flow-pie in honojs/hono#4834

New Contributors

• @​flow-pie made their first contribution in honojs/hono#4834

Full Changelog: honojs/hono@v4.12.10...v4.12.11

v4.12.10

What's Changed

• test(router): fix Simple capturing group test by @​yusukebe in honojs/hono#4838
• docs: fix impaired -> inspired typo in benchmark READMEs by @​Abhi3975 in honojs/hono#4843
• fix(jsx/dom): apply select value after children are rendered by @​usualoma in honojs/hono#4847
• fix(compress): convert strong ETag to weak ETag when compressing by @​usualoma in honojs/hono#4848
• docs(ip-restriction): add clear JSDoc examples and param types by @​VISHNU7KASIREDDY in honojs/hono#4851

New Contributors

• @​Abhi3975 made their first contribution in honojs/hono#4843
• @​VISHNU7KASIREDDY made their first contribution in honojs/hono#4851

... (truncated)

Commits

• c37ba26 4.12.12
• cc067c8 Merge commit from fork
• a586cd7 Merge commit from fork
• 48fa223 Merge commit from fork
• b470278 Merge commit from fork
• 9aff14b Merge commit from fork
• 2c403c6 4.12.11
• f82aba8 feat(css): add classNameSlug option to createCssContext (#4834)
• 9f374a5 4.12.10
• a8c56a6 docs(ip-restriction): add clear JSDoc examples and param types (#4851)
• Additional commits viewable in compare view

Updates react-router from 7.5.3 to 7.12.0

Release notes

Sourced from react-router's releases.

v7.12.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120

v7.11.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110

v7.10.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101

v7.10.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100

v7.9.6

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796

v7.9.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

v7.9.4

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794

v7.9.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793

v7.9.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792

v7.9.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791

v7.9.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790

v7.8.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782

v7.8.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781

v7.8.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780

v7.7.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771

v7.7.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770

v7.6.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v763

... (truncated)

Changelog

Sourced from react-router's changelog.

7.12.0

Minor Changes

• Add additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the react-router.config.ts config allowedActionOrigins field. (#14708)

Patch Changes

• Fix generatePath when used with suffixed params (i.e., "/books/:id.json") (#14269)

• Export UNSAFE_createMemoryHistory and UNSAFE_createHashHistory alongside UNSAFE_createBrowserHistory for consistency. These are not intended to be used for new apps but intended to help apps usiong unstable_HistoryRouter migrate from v6->v7 so they can adopt the newer APIs. (#14663)

• Escape HTML in scroll restoration keys (#14705)

• Validate redirect locations (#14706)

• [UNSTABLE] Pass <Scripts nonce> value through to the underlying importmap script tag when using future.unstable_subResourceIntegrity (#14675)

• [UNSTABLE] Add a new future.unstable_trailingSlashAwareDataRequests flag to provide consistent behavior of request.pathname inside middleware, loader, and action functions on document and data requests when a trailing slash is present in the browser URL. (#14644)

  Currently, your HTTP and request pathnames would be as follows for /a/b/c and /a/b/c/

  URL /a/b/c	HTTP pathname	request pathname`
  Document	/a/b/c	/a/b/c ✅
  Data	/a/b/c.data	/a/b/c ✅

  URL /a/b/c/	HTTP pathname	request pathname`
  Document	/a/b/c/	/a/b/c/ ✅
  Data	/a/b/c.data	/a/b/c ⚠️

  With this flag enabled, these pathnames will be made consistent though a new _.data format for client-side .data requests:

  URL /a/b/c	HTTP pathname	request pathname`
  Document	/a/b/c	/a/b/c ✅
  Data	/a/b/c.data	/a/b/c ✅

  URL /a/b/c/	HTTP pathname	request pathname`
  Document	/a/b/c/	/a/b/c/ ✅
  Data	/a/b/c/_.data ⬅️	/a/b/c/ ✅

  This a bug fix but we are putting it behind an opt-in flag because it has the potential to be a "breaking bug fix" if you are relying on the URL format for any other application or caching logic.

  Enabling this flag also changes the format of client side .data requests from /_root.data to /_.data when navigating to / to align with the new format. This does not impact the request pathname which is still / in all cases.

• Preserve clientLoader.hydrate=true when using <HydratedRouter unstable_instrumentations> (#14674)

... (truncated)

Commits

• 26653a6 chore: Update version for release (#14712)
• 7ac2346 chore: Update version for release (pre) (#14709)
• 75b1ef5 Add origin checks for UI route submissions (#14708)
• c05ef93 Validate redirect locations (#14706)
• c89c32c Escape HTML in scroll restoration keys (#14705)
• cbcbf30 fix: pass nonce to importmap script when using subResourceIntegrity (#14675)
• 30f6c1d fix(react-router): handle parameters with static suffixes in generatePath (#1...
• 7f140e0 Handle data requests with trailing slash consistently (#14644)
• 1954af6 Preserve hydrate property on client loaders during instrumentation (#14674)
• 5ce5cd4 chore: format
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for react-router since your current version.

Updates @cloudflare/vite-plugin from 1.1.0 to 1.6.0

Changelog

Sourced from @​cloudflare/vite-plugin's changelog.

1.6.0

Minor Changes

• #9510 590d69b Thanks @​jamesopstad! - Enhanced build support for Workers with assets.

  Assets that are imported in the entry Worker are now automatically moved to the client build output. This enables importing assets in your Worker and accessing them via the assets binding. See Static Asset Handling to find out about all the ways you can import assets in Vite.

  Additionally, a broader range of build scenarios are now supported. These are:

  • Assets only build with client entry/entries
  • Assets only build with no client entry/entries that includes public directory assets
  • Worker(s) + assets build with client entry/entries
  • Worker(s) + assets build with no client entry/entries that includes imported and/or public directory assets
  • Worker(s) build with no assets

Patch Changes

• #9513 0e50072 Thanks @​jamesopstad! - Ensure that .dev.vars files cannot be accessed via the dev server or preview server.

• Updated dependencies [1914b87, 931f467, 95eb47d, 80b8bd9, 95eb47d, 9e4cd16, 92305af, 0b2ba45]:

  • wrangler@4.20.0
  • miniflare@4.20250604.1
  • @​cloudflare/unenv-preset@​2.3.3

1.5.1

Patch Changes

• Updated dependencies [4ab5a40, 485cd08, 66edd2f, d1a1787, e3b3ef5, 1f84092, 3261957]:
  • miniflare@4.20250604.0
  • wrangler@4.19.2
  • @​cloudflare/unenv-preset@​2.3.3

1.5.0

Minor Changes

• #9341 2cef3ab Thanks @​jamesopstad! - Support loading all asset types via assets binding. Previously only HTML assets could be loaded via the assets binding. The binding now integrates with Vite's internal middleware to load all asset types.

Patch Changes

• Updated dependencies [db2cdc6]:
  • wrangler@4.19.1

1.4.0

Minor Changes

• #9173 fac2f9d Thanks @​edmundhung! - Enable cross-process Service bindings and Tail workers with the Dev Registry

... (truncated)

Commits

• ccbeaf6 Version Packages (#9557)
• 590d69b Full build support for assets (#9510)
• 0e50072 Restrict access to .dev.vars files (#9513)
• b609bc2 chore: app option to run the vite-plugin playground serve tests in parallel (...
• 95eb47d add mTLS mixed mode support (#9443)
• 3e40fb0 Version Packages (#9476)
• 4ab5a40 fix(miniflare): ensure default registry path matches wrangler settings (#9508)
• 485cd08 Bump the workerd-and-workers-types group with 2 updates (#9385)
• be766d2 Version Packages (#9452)
• 2cef3ab Integrate assets binding with Vite's middleware (#9341)
• Additional commits viewable in compare view

Updates vite from 6.3.5 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

• fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163
• fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

• feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

• fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736
• fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735
• test: detect ts support via process.features (#20544) (7d99229), closes #20544

Commits

• 6b3fad0 release: v6.4.2
• ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
• 5487f4f release: v6.4.1
• 1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
• f12697c release: v6.4.0
• ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
• 0e173d8 release: v6.3.7
• c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
• 3f337c5 release: v6.3.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.

Updates wrangler from 4.14.1 to 4.81.0

Release notes

Sourced from wrangler's releases.

wrangler@4.81.0

Minor Changes

• #12932 96ee5d4 Thanks @​thomasgauvin! - feat: add wrangler email routing and wrangler email sending commands

  Email Routing commands:

  • wrangler email routing list - list zones with email routing status
  • wrangler email routing settings <domain> - get email routing settings for a zone
  • wrangler email routing enable/disable <domain> - enable or disable email routing
  • wrangler email routing dns get/unlock <domain> - manage DNS records
  • wrangler email routing rules list/get/create/update/delete <domain> - manage routing rules (use catch-all as the rule ID for the catch-all rule)
  • wrangler email routing addresses list/get/create/delete - manage destination addresses

  Email Sending commands:

  • wrangler email sending list - list zones with email sending
  • wrangler email sending settings <domain> - get email sending settings for a zone
  • wrangler email sending enable <domain> - enable email sending for a zone or subdomain
  • wrangler email sending disable <domain> - disable email sending for a zone or subdomain
  • wrangler email sending dns get <domain> - get DNS records for a sending domain
  • wrangler email sending send - send an email using the builder API
  • wrangler email sending send-raw - send a raw MIME email message

  Also adds email_routing:write and email_sending:write OAuth scopes to wrangler login.

Patch Changes

• #13241 7d318e1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260401.1	1.20260402.1

• #13305 fa6d84f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260402.1	1.20260405.1

• #13193 78cbe37 Thanks @​dario-piotrowicz! - During autoconfig filter out Hono when there are 2 detected frameworks

  During the auto-configuration process Hono is now treated as an auxiliary framework (like Vite) and automatically filtered out when two frameworks are detected (before Hono was being filtered out only when the other framework was Waku).

• #13205 6fa5dfd Thanks @​petebacondarwin! - fix: use formatConfigSnippet for compatibility_date warning in wrangler dev

... (truncated)

Commits

• 36c2c13 Version Packages (#13251)
• fa6d84f Bump the workerd-and-workers-types group with 2 updates (#13305)
• 6fa5dfd [wrangler] Use formatConfigSnippet for compatibility_date warning in dev (#13...
• 7d318e1 Bump the workerd-and-workers-types group across 1 directory with 2 updates (#...
• 8f0c544 Make argsIgnorePattern for no-unused-vars lint rule more strict (#13180)
• 96ee5d4 feat: add wrangler email routing commands (#12932)
• 78cbe37 During autoconfig filter out Hono when there are 2 detected frameworks (#13193)
• 0de6989 Version Packages (#13141)
• d5bffde Use today as the compat date instead of relying on the actual workerd compat ...
• 48d83ca [wrangler] Add vpc_networks binding support (#12992)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.

Updates @modelcontextprotocol/sdk from 1.11.0 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

• fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @​felixweinberger in modelcontextprotocol/typescript-sdk#1749
• [v1.x] fix: disallow null (infinite) requested TTL by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1339
• [v1.x] fix: add missing size field to ResourceSchema by @​olaservo in modelcontextprotocol/typescript-sdk#1575
• Add typings exports by @​tdraier in modelcontextprotocol/typescript-sdk#1623
• v1.x npm audit fix by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1780
• v1.x #1623 follow up -add missing types to package.json by @​KKonstantinov in