Skip to content

build(deps-dev): bump @cloudflare/vite-plugin from 1.35.0 to 1.37.1#526

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/cloudflare/vite-plugin-1.36.3
May 19, 2026
Merged

build(deps-dev): bump @cloudflare/vite-plugin from 1.35.0 to 1.37.1#526
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/cloudflare/vite-plugin-1.36.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps @cloudflare/vite-plugin from 1.35.0 to 1.37.1.

Release notes

Sourced from @​cloudflare/vite-plugin's releases.

@​cloudflare/vite-plugin@​1.37.1

Patch Changes

  • #13922 23800f8 Thanks @​edmundhung! - Add a tunnel shortcut hint when CLI shortcuts are printed

    The Cloudflare Vite plugin now includes a t + enter tunnel hint alongside the other CLI shortcuts it prints.

  • #13920 f579e57 Thanks @​petebacondarwin! - Honor X-Forwarded-Proto when constructing the Worker's request.url

    When running the Vite dev server behind a TLS-terminating reverse proxy or tunnel, the Worker's request.url was always http://... even though the client reached the server over https://.... This caused frameworks that perform Origin/Host checks (e.g. CSRF protection) to reject requests with 403.

    The Vite plugin now reads the X-Forwarded-Proto header from the incoming request and uses it to set the protocol of request.url. If the header is absent or invalid, the connection protocol is used as before. The same handling is applied to WebSocket upgrade URLs.

    Fixes #13801.

  • Updated dependencies [19ed49a, 3ff0a50, bf688f7, 2e72c83, 802eaf4, 506aa02, 8f5cdb1, be8a98c]:

    • miniflare@4.20260515.0
    • wrangler@4.92.0

@​cloudflare/vite-plugin@​1.37.0

Minor Changes

  • #13903 7ce6f6f Thanks @​edmundhung! - Add named tunnel support to the cloudflare() Vite plugin

    You can now expose your local dev server publicly with a stable hostname by configuring tunnel with a named Cloudflare Tunnel:

    cloudflare({
  tunnel: { name: "my-tunnel", autoStart: true },
});

    If autoStart is omitted or set to false, you can still start or close the tunnel by pressing t + enter.

Patch Changes

@​cloudflare/vite-plugin@​1.36.4

Patch Changes

... (truncated)

Changelog

Sourced from @​cloudflare/vite-plugin's changelog.

1.37.1

Patch Changes

  • #13922 23800f8 Thanks @​edmundhung! - Add a tunnel shortcut hint when CLI shortcuts are printed

    The Cloudflare Vite plugin now includes a t + enter tunnel hint alongside the other CLI shortcuts it prints.

  • #13920 f579e57 Thanks @​petebacondarwin! - Honor X-Forwarded-Proto when constructing the Worker's request.url

    When running the Vite dev server behind a TLS-terminating reverse proxy or tunnel, the Worker's request.url was always http://... even though the client reached the server over https://.... This caused frameworks that perform Origin/Host checks (e.g. CSRF protection) to reject requests with 403.

    The Vite plugin now reads the X-Forwarded-Proto header from the incoming request and uses it to set the protocol of request.url. If the header is absent or invalid, the connection protocol is used as before. The same handling is applied to WebSocket upgrade URLs.

    Fixes #13801.

  • Updated dependencies [19ed49a, 3ff0a50, bf688f7, 2e72c83, 802eaf4, 506aa02, 8f5cdb1, be8a98c]:

    • miniflare@4.20260515.0
    • wrangler@4.92.0

1.37.0

Minor Changes

  • #13903 7ce6f6f Thanks @​edmundhung! - Add named tunnel support to the cloudflare() Vite plugin

    You can now expose your local dev server publicly with a stable hostname by configuring tunnel with a named Cloudflare Tunnel:

    cloudflare({
  tunnel: { name: "my-tunnel", autoStart: true },
});

    If autoStart is omitted or set to false, you can still start or close the tunnel by pressing t + enter.

Patch Changes

1.36.4

Patch Changes

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 19, 2026
@github-actions github-actions Bot enabled auto-merge May 19, 2026 04:18
@dependabot
build(deps-dev): bump @cloudflare/vite-plugin from 1.35.0 to 1.37.1
6ef2391 
Bumps [@cloudflare/vite-plugin](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vite-plugin-cloudflare) from 1.35.0 to 1.37.1.
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vite-plugin-cloudflare/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/vite-plugin@1.37.1/packages/vite-plugin-cloudflare)

---
updated-dependencies:
- dependency-name: "@cloudflare/vite-plugin"
  dependency-version: 1.36.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps-dev): bump @cloudflare/vite-plugin from 1.35.0 to 1.36.3 build(deps-dev): bump @cloudflare/vite-plugin from 1.35.0 to 1.37.1 May 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cloudflare/vite-plugin-1.36.3 branch from 236ee84 to 6ef2391 Compare May 19, 2026 04:20
@github-actions github-actions Bot merged commit c5ddcdb into main May 19, 2026
2 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/cloudflare/vite-plugin-1.36.3 branch May 19, 2026 04:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants