chore(deps): bump miniflare from 4.20260504.0 to 4.20260601.0

[dependabot]

Bumps miniflare from 4.20260504.0 to 4.20260601.0.

Release notes

Sourced from miniflare's releases.

miniflare@4.20260601.0

Patch Changes

• #14147 e06cbb7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260529.1	1.20260601.1

• #14086 4ef790b Thanks @​dario-piotrowicz! - Use 127.0.0.1 instead of localhost for the runtime inspector address

  On systems where getaddrinfo("localhost") returns ::1 but IPv6 is disabled at the kernel level, workerd fails to bind the inspector socket and silently continues without emitting the listen-inspector event to the control FD. This caused wrangler dev to hang indefinitely at "Starting local server..." with no error output.

  Using 127.0.0.1 explicitly is consistent with DEFAULT_HOST, --debug-port, and resolveLocalhost() already in the codebase.

• #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

  URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

• #14112 3a746ac Thanks @​penalosa! - Pin non-bundled runtime dependencies to exact versions

  Dependencies that are not bundled into a package's published output are installed directly into consumers' dependency trees, so they are now pinned to exact versions instead of semver ranges. This closes a supply-chain gap where an unpinned external dependency could resolve to a compromised upstream release on a fresh install. A new pnpm check:pinned-deps lint enforces this for all published packages (and for the shared pnpm catalog) going forward.

miniflare@4.20260529.0

Minor Changes

• #13955 a2ef1a3 Thanks @​G4brym! - Add support for the new web_search binding kind.

  Cloudflare Web Search is a managed, zero-setup web discovery primitive for agents and Workers. Declare the binding as a single object in wrangler.jsonc:

  {
  	"web_search": { "binding": "WEBSEARCH" },
  }

  There is exactly one shared web corpus, so there is no namespace, instance, or other field to specify -- only the variable name. The binding exposes a single search() method that returns URLs and catalog metadata for a query. Web Search is discovery-only -- to read a result's content the caller invokes the global fetch() API against the result's url.

  The binding is always remote in local development: Miniflare proxies to the production Web Search service via the remote-bindings transport. Adds the websearch.run OAuth scope to wrangler login.

  Also adds a wrangler websearch search command for running ad-hoc queries from the CLI:

  npx wrangler websearch search "cloudflare workers"
  npx wrangler websearch search "cloudflare workers" --limit 5
  npx wrangler websearch search "cloudflare workers" --json

... (truncated)

Changelog

Sourced from miniflare's changelog.

4.20260601.0

Patch Changes

• #14147 e06cbb7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260529.1	1.20260601.1

• #14086 4ef790b Thanks @​dario-piotrowicz! - Use 127.0.0.1 instead of localhost for the runtime inspector address

  On systems where getaddrinfo("localhost") returns ::1 but IPv6 is disabled at the kernel level, workerd fails to bind the inspector socket and silently continues without emitting the listen-inspector event to the control FD. This caused wrangler dev to hang indefinitely at "Starting local server..." with no error output.

  Using 127.0.0.1 explicitly is consistent with DEFAULT_HOST, --debug-port, and resolveLocalhost() already in the codebase.

• #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

  URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

• #14112 3a746ac Thanks @​penalosa! - Pin non-bundled runtime dependencies to exact versions

  Dependencies that are not bundled into a package's published output are installed directly into consumers' dependency trees, so they are now pinned to exact versions instead of semver ranges. This closes a supply-chain gap where an unpinned external dependency could resolve to a compromised upstream release on a fresh install. A new pnpm check:pinned-deps lint enforces this for all published packages (and for the shared pnpm catalog) going forward.

4.20260529.0

Minor Changes

• #14087 e3c862a Thanks @​edmundhung! - Add support for the new web_search binding kind.

  Cloudflare Web Search is a managed, zero-setup web discovery primitive for agents and Workers. Declare the binding as a single object in wrangler.jsonc:

  {
    "web_search": { "binding": "WEBSEARCH" }
  }

  There is exactly one shared web corpus, so there is no namespace, instance, or other field to specify -- only the variable name. The binding exposes a single search() method that returns URLs and catalog metadata for a query. Web Search is discovery-only -- to read a result's content the caller invokes the global fetch() API against the result's url.

  The binding is always remote in local development: Miniflare proxies to the production Web Search service via the remote-bindings transport. Adds the websearch.run OAuth scope to wrangler login.

  Also adds a wrangler websearch search command for running ad-hoc queries from the CLI:

  npx wrangler websearch search "cloudflare workers"
  npx wrangler websearch search "cloudflare workers" --limit 5
  npx wrangler websearch search "cloudflare workers" --json

... (truncated)

Commits

• 0b60424 Version Packages (#14142)
• 94b29f7 [workflows] Restart from step (#13996)
• e06cbb7 Bump the workerd-and-workers-types group with 2 updates (#14147)
• 0998725 Set disallowTypeAnnotations to false in `@typescript-eslint/consistent-ty...
• 3a746ac [tools] Lint that all non-bundled deps of published packages are pinned (#14112)
• 337e912 Remove trailing periods from URLs in terminal output (#14105)
• 4ef790b Use 127.0.0.1 instead of localhost for the runtime inspector address (#14...
• 50ef724 Version Packages (#14082)
• 7bb5c7a Add Chrome browser caching to test-and-check-other-node workflow and add time...
• cbb39bd [wrangler] Add agent_memory binding support and namespace commands (#13610)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)