Update all other updates

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@astrojs/starlight (source)	0.37.1 → 0.37.2			dependencies	patch
crate-ci/typos	v1.41.0 → v1.42.0			action	minor
reqwest	0.12.26 → 0.13.0			workspace.dependencies	minor
splinter-rs	0.10.1 → 0.11.0			workspace.dependencies	minor
starlight-package-managers (source)	^0.11.1 → ^0.12.0			dependencies	minor
wrangler (source)	4.54.0 → 4.58.0			dependencies	minor
zerocopy	0.8.31 → 0.8.33			workspace.dependencies	patch

---

Release Notes

withastro/starlight (@​astrojs/starlight)

v0.37.2

Compare Source

Patch Changes

• #​3647 9f4efc3 Thanks @​gerstenbergit! - Adds Greek language support

crate-ci/typos (crate-ci/typos)

v1.42.0

Compare Source

Bug Fixes

• Ignore numbers as identifiers (a00831c8)
• Improve the organization of --help (a48a457c)

Features

• Dump files, identifiers, and words (ce365ae1, closes #​41)
• Give control over allowed identifier characters for leading vs rest (107308a6)

Performance

• Use standard identifier rules to avoid doing umber checks (107308a6)
• Only do hex check if digits are in identifiers (68cd36d0)

seanmonstar/reqwest (reqwest)

v0.13.1

Compare Source

• Fixes compiling with rustls on Android targets.

v0.13.0

Compare Source

• Breaking changes:
  • rustls is now the default TLS backend, instead of native-tls.
  • rustls crypto provider defaults to aws-lc instead of ring. (rustls-no-provider exists if you want a different crypto provider)
  • rustls-tls has been renamed to rustls.
  • rustls roots features removed, rustls-platform-verifier is used by default.
    • To use different roots, call tls_certs_only(your_roots).
  • native-tls now includes ALPN. To disable, use native-tls-no-alpn.
  • query and form are now crate features, disabled by default.
  • Long-deprecated methods and crate features have been removed (such as trust-dns, which was renamed hickory-dns a while ago).
• Many TLS-related methods renamed to improve autocompletion and discovery, but previous name left in place with a "soft" deprecation. (just documented, no warnings)
  • For example, prefer tls_backend_rustls() over use_rustls_tls().

v0.12.28

• Fix compiling on Windows if TLS and SOCKS features are not enabled.

v0.12.27

• Add ClientBuilder::windows_named_pipe(name) option that will force all requests over that Windows Named Piper.

v0.12.26

• Fix sending Accept-Encoding header only with values configured with reqwest, regardless of underlying tower-http config.

v0.12.25

• Add Error::is_upgrade() to determine if the error was from an HTTP upgrade.
• Fix sending Proxy-Authorization if only username is configured.
• Fix sending Proxy-Authorization to HTTPS proxies when the target is HTTP.
• Refactor internal decompression handling to use tower-http.

v0.12.24

• Refactor cookie handling to an internal middleware.
• Refactor internal random generator.
• Refactor base64 encoding to reduce a copy.
• Documentation updates.

v0.12.23

• Add ClientBuilder::unix_socket(path) option that will force all requests over that Unix Domain Socket.
• Add ClientBuilder::retry(policy) and reqwest::retry::Builder to configure automatic retries.
• Add ClientBuilder::dns_resolver2() with more ergonomic argument bounds, allowing more resolver implementations.
• Add http3_* options to blocking::ClientBuilder.
• Fix default TCP timeout values to enabled and faster.
• Fix SOCKS proxies to default to port 1080
• (wasm) Add cache methods to RequestBuilder.

v0.12.22

• Fix socks proxies when resolving IPv6 destinations.

v0.12.21

• Fix socks proxy to use socks4a:// instead of socks4h://.
• Fix Error::is_timeout() to check for hyper and IO timeouts too.
• Fix request Error to again include URLs when possible.
• Fix socks connect error to include more context.
• (wasm) implement Default for Body.

v0.12.20

• Add ClientBuilder::tcp_user_timeout(Duration) option to set TCP_USER_TIMEOUT.
• Fix proxy headers only using the first matched proxy.
• (wasm) Fix re-adding Error::is_status().

v0.12.19

• Fix redirect that changes the method to GET should remove payload headers.
• Fix redirect to only check the next scheme if the policy action is to follow.
• (wasm) Fix compilation error if cookies feature is enabled (by the way, it's a noop feature in wasm).

v0.12.18

• Fix compilation when socks enabled without TLS.

v0.12.17

• Fix compilation on macOS.

v0.12.16

• Add ClientBuilder::http3_congestion_bbr() to enable BBR congestion control.
• Add ClientBuilder::http3_send_grease() to configure whether to send use QUIC grease.
• Add ClientBuilder::http3_max_field_section_size() to configure the maximum response headers.
• Add ClientBuilder::tcp_keepalive_interval() to configure TCP probe interval.
• Add ClientBuilder::tcp_keepalive_retries() to configure TCP probe count.
• Add Proxy::headers() to add extra headers that should be sent to a proxy.
• Fix redirect::Policy::limit() which had an off-by-1 error, allowing 1 more redirect than specified.
• Fix HTTP/3 to support streaming request bodies.
• (wasm) Fix null bodies when calling Response::bytes_stream().

v0.12.15

• Fix Windows to support both ProxyOverride and NO_PROXY.
• Fix http3 to support streaming response bodies.
• Fix http3 dependency from public API misuse.

v0.12.14

• Fix missing fetch_mode_no_cors(), marking as deprecated when not on WASM.

v0.12.13

• Add Form::into_reader() for blocking multipart forms.
• Add Form::into_stream() for async multipart forms.
• Add support for SOCKS4a proxies.
• Fix decoding responses with multiple zstd frames.
• Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods.
• Fix cloning of request timeout in blocking::Request.
• Fix http3 synchronization of connection creation, reducing unneccesary extra connections.
• Fix Windows system proxy to use ProxyOverride as a NO_PROXY value.
• Fix blocking read to correctly reserve and zero read buffer.
• (wasm) Add support for request timeouts.
• (wasm) Fix Error::is_timeout() to return true when from a request timeout.

v0.12.12

• (wasm) Fix compilation by not compiler tokio/time on WASM.

v0.12.11

• Fix decompression returning an error when HTTP/2 ends with an empty data frame.

v0.12.10

• Add ClientBuilder::connector_layer() to allow customizing the connector stack.
• Add ClientBuilder::http2_max_header_list_size() option.
• Fix propagating body size hint (content-length) information when wrapping bodies.
• Fix decompression of chunked bodies so the connections can be reused more often.

v0.12.9

• Add tls::CertificateRevocationLists support.
• Add crate features to enable webpki roots without selecting a rustls provider.
• Fix connection_verbose() to output read logs.
• Fix multipart::Part::file() to automatically include content-length.
• Fix proxy to internally no longer cache system proxy settings.

v0.12.8

• Add support for SOCKS4 proxies.
• Add multipart::Form::file() method for adding files easily.
• Add Body::wrap() to wrap any http_body::Body type.
• Fix the pool configuration to use a timer to remove expired connections.

v0.12.7

• Revert adding impl Service<http::Request<_>> for Client.

v0.12.6

• Add support for danger_accept_invalid_hostnames for rustls.
• Add impl Service<http::Request<Body>> for Client and &'_ Client.
• Add support for !Sync bodies in Body::wrap_stream().
• Enable happy eyeballs when hickory-dns is used.
• Fix Proxy so that HTTP(S)_PROXY values take precedence over ALL_PROXY.
• Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.

v0.12.5

• Add blocking::ClientBuilder::dns_resolver() method to change DNS resolver in blocking client.
• Add http3 feature back, still requiring reqwest_unstable.
• Add rustls-tls-no-provider Cargo feature to use rustls without a crypto provider.
• Fix Accept-Encoding header combinations.
• Fix http3 resolving IPv6 addresses.
• Internal: upgrade to rustls 0.23.

v0.12.4

• Add zstd support, enabled with zstd Cargo feature.
• Add ClientBuilder::read_timeout(Duration), which applies the duration for each read operation. The timeout resets after a successful read.

v0.12.3

• Add FromStr for dns::Name.
• Add ClientBuilder::built_in_webpki_certs(bool) to enable them separately.
• Add ClientBuilder::built_in_native_certs(bool) to enable them separately.
• Fix sending content-length: 0 for GET requests.
• Fix response body content_length() to return value when timeout is configured.
• Fix ClientBuilder::resolve() to use lowercase domain names.

v0.12.2

• Fix missing ALPN when connecting to socks5 proxy with rustls.
• Fix TLS version limits with rustls.
• Fix not detected ALPN h2 from server with native-tls.

v0.12.1

• Fix ClientBuilder::interface() when no TLS is enabled.
• Fix TlsInfo::peer_certificate() being truncated with rustls.
• Fix panic if http2 feature disabled but TLS negotiated h2 in ALPN.
• Fix Display for Error to not include its source error.

orbitinghail/splinter-rs (splinter-rs)

v0.11.0

Compare Source

Breaking Changes

This version includes changes to Splinter's encoded file format. These changes deliver a substantial performance improvement for most operations at a small increase in encoded size. If this impacts any production code, please let me know, and I'll ship a version of Splinter that is backwards compatible.

What's Changed

• Optimize TreeRef operations with cumulative cardinalities by @​carlsverre in #​79

Full Changelog: orbitinghail/splinter-rs@v0.10.1...v0.11.0

HiDeoo/starlight-package-managers (starlight-package-managers)

v0.12.0

Compare Source

Minor Changes

• #​40 5dae046 Thanks @​HiDeoo! - Adds support for the Deno package manager.

cloudflare/workers-sdk (wrangler)

v4.58.0

Compare Source

Minor Changes

• #​11728 7d63fa5 Thanks @​NuroDev! - Add command categories to wrangler help menu

  The help output now groups commands by product category (Account, Compute & AI, Storage & Databases, Networking & Security) to match the Cloudflare dashboard organization:

  $ wrangler --help
  
  COMMANDS
    wrangler docs [search..]  📚 Open Wrangler's command documentation in your browser
  
  ACCOUNT
    wrangler auth    🔓 Manage authentication
    wrangler login   🔑 Login to Cloudflare
    ...
  
  COMPUTE & AI
    wrangler ai          🤖 Manage AI models
    wrangler containers  📦 Manage Containers [open beta]
    ...
  

  This improves discoverability by organizing the 20+ wrangler commands into logical groups.

Patch Changes

• #​11822 97e67b9 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260103.0	1.20260107.1

• Updated dependencies [97e67b9]:

  • miniflare@​4.20260107.0

v4.57.0

Compare Source

Minor Changes

• #​11682 b993d95 Thanks @​ascorbic! - Add wrangler auth token command to retrieve your current authentication credentials.

  You can now retrieve your authentication token for use with other tools and scripts:

  wrangler auth token

  The command returns whichever authentication method is currently configured:

  • OAuth token from wrangler login (automatically refreshed if expired)
  • API token from CLOUDFLARE_API_TOKEN environment variable

  Use --json to get structured output including the token type, which also supports API key/email authentication:

  wrangler auth token --json

  This is similar to gh auth token in the GitHub CLI.

• #​11702 f612b46 Thanks @​gpanders! - Add support for trusted_user_ca_keys in Wrangler

  You can now configure SSH trusted user CA keys for containers. Add the following to your wrangler.toml:

  [[containers.trusted_user_ca_keys]]
  public_key = "ssh-ed25519 AAAAC3..."

  This allows you to specify CA public keys that can be used to verify SSH user certificates.

• #​11437 9e360f6 Thanks @​ichernetsky-cf! - Drop deprecated containers observability.logging field

• #​11616 fc95831 Thanks @​NuroDev! - Add type generation support to wrangler dev

  You can now have your worker configuration types be automatically generated when the local Wrangler development server starts.

  To use it you can either:

  1. Add the --types flag when running wrangler dev.
  2. Update your Wrangler configuration file to add the new dev.generate_types boolean property.

  {
  	"$schema": "node_modules/wrangler/config-schema.json",
  	"name": "example",
  	"main": "src/index.ts",
  	"compatibility_date": "2025-12-12",
  	"dev": {
  		"generate_types": true
  	}
  }

• #​11524 b0dbf1a Thanks @​penalosa! - Add hidden CLI flags to wrangler setup for suppressing output

  Two new hidden flags have been added to wrangler setup:

  • --no-completion-message: Suppresses the deployment details message after setup completes
  • --no-install-wrangler: Skips Wrangler installation during project setup

• #​11777 69979a3 Thanks @​MattieTK! - Add analytics properties to secret commands for better usage insights

  Secret commands (wrangler secret put, wrangler secret bulk, and their Pages/versions equivalents) now include additional analytics properties to help understand how secrets are being managed:

  • secretOperation: Whether this is a "single" or "bulk" secret operation
  • secretSource: How the secret was provided ("interactive", "stdin", or "file")
  • secretFormat: For bulk operations, the format used ("json" or "dotenv")
  • hasEnvironment: Whether an environment was specified

  These properties help improve the developer experience by understanding common usage patterns. No sensitive information (secret names, values, or counts) is tracked.

• #​11738 c54f8da Thanks @​jamesopstad! - Add default Text module rule for .sql files.

  This enables importing .sql files directly in Wrangler and the Cloudflare Vite plugin without extra configuration.

• #​11692 df1f9c9 Thanks @​dario-piotrowicz! - Support Waku in autoconfig

• #​11549 d059f69 Thanks @​dario-piotrowicz! - Support Vike in autoconfig

Patch Changes

• #​11683 02fbd22 Thanks @​ascorbic! - Display a warning when authentication errors occur and the account_id in your Wrangler configuration does not match any of your authenticated accounts. This helps identify configuration issues where you may have the wrong account ID set in your wrangler.toml or wrangler.jsonc file.

• #​11704 77078ef Thanks @​dario-piotrowicz! - Fix autoconfig handling of Next.js apps with CJS config files and incompatible Next.js versions

  Previously, wrangler setup and wrangler deploy --x-autoconfig would fail when working with Next.js applications that use CommonJS config files (next.config.cjs) or have versions of Next.js that don't match the required peer dependencies. The autoconfig process now uses dynamic imports and forced installation to handle these scenarios gracefully.

• #​11796 2510723 Thanks @​dario-piotrowicz! - wrangler deploy delegates to opennextjs-cloudflare deploy only when the --x-autoconfig flag is used

  The wrangler deploy command has been updated to delegate to the opennextjs-cloudflare deploy command when run in an open-next project. Once this behavior had been introduced it caused a few issues. So it's been decided to enable it for the time being only when the --x-autoconfig flag is set (since this behavior, although generally valid, is only strictly necessary for the wrangler deploy's autoconfig flow).

• #​11764 9f6dd71 Thanks @​terakoya76! - Fix R2 Data Catalog snapshot-expiration API field names

  The wrangler r2 bucket catalog snapshot-expiration enable command was sending incorrect field names
  to the Cloudflare API, resulting in a 422 Unprocessable Entity error. This fix updates the API request
  body to use the correct field names:

  • olderThanDays -> max_snapshot_age (as duration string, e.g., "30d")
  • retainLast -> min_snapshots_to_keep

  The CLI options (--older-than-days and --retain-last) remain unchanged.

• #​11651 d123ad0 Thanks @​dario-piotrowicz! - Surface a more helpful error message for TOML Date, Date-Time, and Time values in vars

  TOML parses unquoted date/time values like DATE = 2024-01-01 as objects. Previously this would cause an unhelpful error message further down the stack. Now wrangler surfaces a more helpful error message earlier, telling you to quote the value as a string, e.g. DATE = "2024-01-01".

• #​11711 5121b23 Thanks @​southpolesteve! - Show an error when D1 migration commands are run without a configuration file

  Previously, running wrangler d1 migrations apply, wrangler d1 migrations list, or wrangler d1 migrations create in a directory without a Wrangler configuration file would silently exit with no feedback. Now these commands display a clear error message:

  "No configuration file found. Create a wrangler.jsonc file to define your D1 database."

• #​11710 82e7e90 Thanks @​dario-piotrowicz! - Fix arguments passed to wrangler deploy not being forwarded to opennextjs-cloudflare deploy

  wrangler deploy run in an open-next project delegates to opennextjs-cloudflare deploy, as part of this all the arguments passed to wrangler deploy need be forwarded to opennextjs-cloudflare deploy, before the arguments would be lost, now they will be successfully forwarded (for example wrangler deploy --keep-vars will call opennextjs-cloudflare deploy --keep-vars)

• #​10750 4688f59 Thanks @​jacoblearned! - Notify user on local dev server reload.

  When running wrangler dev, the local server suppresses Miniflare's reload messages to prevent duplicate log entries from the proxy and user workers. This update adds a reload complete message so users know their changes were applied, instead of only seeing "Reloading local server...".

• #​11673 b827893 Thanks @​MattieTK! - Breaks out version numbers into sortable number types for analytics logging

• Updated dependencies [65d1850, 1615fce, b2769bf, 554a4df, 8eede3f, 6a05b1c, 62fd118, a7e9f80, eac5cf7]:

  • miniflare@​4.20260103.0
  • @​cloudflare/unenv-preset@​2.8.0

v4.56.0

Compare Source

Minor Changes

• #​11196 171cfd9 Thanks @​emily-shen! - For containers being created in a FedRAMP high environment, registry credentials are encrypted by the container platform.
  Update wrangler to correctly send a request to configure a registry for FedRAMP containers.

• #​11646 472cf72 Thanks @​vovacf201! - feat: add R2 Data Catalog snapshot expiration commands

  Adds new commands to manage automatic snapshot expiration for R2 Data Catalog tables:

  • wrangler r2 bucket catalog snapshot-expiration enable - Enable automatic snapshot expiration
  • wrangler r2 bucket catalog snapshot-expiration disable - Disable automatic snapshot expiration

  Snapshot expiration helps manage storage costs by automatically removing old table snapshots while keeping a minimum number of recent snapshots for recovery purposes.

  Example usage:

  # Enable snapshot expiration for entire catalog (keep 10 snapshots, expire after 5 days)
  wrangler r2 bucket catalog snapshot-expiration enable my-bucket --token $R2_CATALOG_TOKEN --max-age 7200 --min-count 10
  
  # Enable for specific table
  wrangler r2 bucket catalog snapshot-expiration enable my-bucket my-namespace my-table --token $R2_CATALOG_TOKEN --max-age 2880 --min-count 5
  
  # Disable snapshot expiration
  wrangler r2 bucket catalog snapshot-expiration disable my-bucket

Patch Changes

• #​11649 428ae9e Thanks @​ascorbic! - fix: respect TypeScript path aliases when resolving non-JS modules with module rules

  When importing non-JavaScript files (like .graphql, .txt, etc.) using TypeScript path aliases defined in tsconfig.json, Wrangler's module-collection plugin now correctly resolves these imports. Previously, path aliases were only respected for JavaScript/TypeScript files, causing imports like import schema from '~lib/schema.graphql' to fail when using module rules.

• #​11647 c0e249e Thanks @​dario-piotrowicz! - The auto-configuration logic present in wrangler setup and wrangler deploy --x-autoconfig cannot reliably handle Hono projects, so in these cases make sure to properly error saying that automatically configuring such projects is not supported.

• #​11694 3853200 Thanks @​dario-piotrowicz! - fix: improve the open-next detection that wrangler deploy performs to eliminate false positives for non open-next projects

• Updated dependencies [ae1ad22, 737c0f4]:

  • miniflare@​4.20251217.0

v4.55.0

Compare Source

Minor Changes

• #​11301 6c590a0 Thanks @​dario-piotrowicz! - Make wrangler deploy run opennextjs-cloudflare deploy when executed in an open-next project

• #​11045 12a63ef Thanks @​edmundhung! - Add an internal unstable_printBindings API for vite plugin integration

• #​11590 7d8d4a6 Thanks @​pombosilva! - Add Workflows send-event to wrangler commands.

• #​11301 6c590a0 Thanks @​dario-piotrowicz! - Support Next.js (via OpenNext) projects in autoconfig

Patch Changes

• #​11615 ed42010 Thanks @​elithrar! - Add helpful warning when SSL certificate errors occur due to corporate proxies or VPNs intercepting HTTPS traffic. When errors like "self-signed certificate in certificate chain" are det

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --package reqwest@0.12.28 --precise 0.13.1
    Updating crates.io index
    Updating git repository `https://github.com/carlsverre/opendal`
From https://github.com/carlsverre/opendal
 * [new ref]           930fbbf3a5bdca1334324db2f150f5779415bfcf -> refs/commit/930fbbf3a5bdca1334324db2f150f5779415bfcf
error: failed to select a version for the requirement `reqwest = "^0.12.24"`
candidate versions found which didn't match: 0.13.1
location searched: crates.io index
required by package `opendal-core v0.55.0 (https://github.com/carlsverre/opendal?branch=bug%2Fcomplete#930fbbf3)`
    ... which satisfies git dependency `opendal-core` (locked to 0.55.0) of package `opendal v0.55.0 (https://github.com/carlsverre/opendal?branch=bug%2Fcomplete#930fbbf3)`
    ... which satisfies git dependency `opendal` (locked to 0.55.0) of package `graft-test v0.1.0 (/tmp/renovate/repos/github/orbitinghail/graft/crates/graft-test)`

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	graft-dev	315e78b	Commit Preview URL Branch Preview URL	Jan 12 2026, 05:37 PM

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.