build(deps-dev): Bump miniflare from 4.20260415.0 to 4.20260420.0

[dependabot]

Bumps miniflare from 4.20260415.0 to 4.20260420.0.

Release notes

Sourced from miniflare's releases.

miniflare@4.20260420.0

Minor Changes

• #13326 4a9ba90 Thanks @​mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #12600 50bf819 Thanks @​penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #13515 b35617b Thanks @​petebacondarwin! - fix: close all open handles on dispose to prevent process hangs

  Several resources were not being properly cleaned up during Miniflare.dispose(), which could leave the Node.js event loop alive and cause processes (particularly tests using node --test) to hang instead of exiting cleanly:

  • The internal undici Pool used to dispatch fetch requests to the workerd runtime was not closed. Lingering TCP sockets from this pool could keep the event loop alive indefinitely.
  • WebSocketServer instances for live reload and WebSocket proxying were never closed, leaving connected clients' sockets open.
  • The InspectorProxy was not closing its runtime WebSocket connection, relying on process death to break the connection.
  • HyperdriveProxyController.dispose() had a missing return in a .map() callback, causing Promise.allSettled to resolve immediately without waiting for net.Server instances to close.
  • ProxyClientBridge was not clearing its finalization batch setTimeout during disposal.
  • InspectorProxyController.dispose() was not calling server.closeAllConnections() before server.close(), so active HTTP keep-alive or WebSocket connections could prevent the close callback from firing.

• #13557 8ca78bb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #13579 b6e1351 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  | Dependency | From | To |

... (truncated)

Changelog

Sourced from miniflare's changelog.

4.20260420.0

Minor Changes

• #13326 4a9ba90 Thanks @​mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #12600 50bf819 Thanks @​penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #13515 b35617b Thanks @​petebacondarwin! - fix: close all open handles on dispose to prevent process hangs

  Several resources were not being properly cleaned up during Miniflare.dispose(), which could leave the Node.js event loop alive and cause processes (particularly tests using node --test) to hang instead of exiting cleanly:

  • The internal undici Pool used to dispatch fetch requests to the workerd runtime was not closed. Lingering TCP sockets from this pool could keep the event loop alive indefinitely.
  • WebSocketServer instances for live reload and WebSocket proxying were never closed, leaving connected clients' sockets open.
  • The InspectorProxy was not closing its runtime WebSocket connection, relying on process death to break the connection.
  • HyperdriveProxyController.dispose() had a missing return in a .map() callback, causing Promise.allSettled to resolve immediately without waiting for net.Server instances to close.
  • ProxyClientBridge was not clearing its finalization batch setTimeout during disposal.
  • InspectorProxyController.dispose() was not calling server.closeAllConnections() before server.close(), so active HTTP keep-alive or WebSocket connections could prevent the close callback from firing.

• #13557 8ca78bb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #13579 b6e1351 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

... (truncated)

Commits

• fe874ac Version Packages (#13511)
• d5d0446 Fix flaky CI tests in miniflare browser and workflow fixtures (#13607)
• be5e6a0 [miniflare] Fix resource leaks during config updates (#13586)
• d8314c6 [ci] Cap parallel test concurrency and fix fragile test timeouts (#13604)
• e456952 fix(miniflare): return EmailSendResult from send_email binding's send() (#13577)
• 266c418 chore(miniflare): remove unused dependencies (#11849)
• 4a9ba90 [wrangler] add artifacts binding support (#13326)
• b35617b [miniflare] Close all open handles on dispose to prevent process hangs (#13515)
• b6e1351 chore(deps): bump the workerd-and-workers-types group with 2 updates (#13579)
• 4d16ba9 [miniflare] Native dev registry review feedback (#13569)
• Additional commits viewable in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	miniflare@​4.20260420.0

View full report