v1.33.1
Security-focused dependency sweep, same-day follow-up to v1.33.0. No code changes, no API changes, no plugin behavior changes.
Fixed
- All runtime and critical security alerts resolved via in-range dependency bumps (
npm audit fix, no--force):ws8.21.0,hono4.12.27,undici7.28.0,handlebars4.7.9 (the lone critical, a dev-only transitive of ts-jest), pluslodash,path-to-regexp,basic-ftp,fast-uri,vite, and friends. Every bump is within existing semver ranges — 1236 tests pass unchanged and the Cloudflare deploy dry-run is clean. Supersedes dependabot PRs #81, #82, and #84. wranglerdeliberately pinned at 4.72.0. Newer wrangler requires Node ≥22 and would break deploys on Node 20 toolchains. The only remaining audit findings are confined to wrangler/miniflare's bundled dev-time toolchain — they are not part of the published npm package or the deployed Worker bundle, and they clear whenever the Node 22 upgrade lands.- Release script no longer clobbers per-mode tool counts. The generic cloud-count regex was overwriting the Remote (9) and Local (106) counts in the mode-comparison bottom line and the docs setup cards on every release; anchored corrective rules now repair those slots automatically.
Plugin note: nothing in the plugin changed, but the v1.33.0 version handshake will show the plugin's update banner because the version stamp moved to 1.33.1. Re-import when convenient to clear it — nothing breaks if you don't.
Full Changelog: v1.33.0...v1.33.1