Bump @cloudflare/vitest-pool-workers from 0.12.21 to 0.13.5 in /packages/worker

[dependabot]

Bumps @cloudflare/vitest-pool-workers from 0.12.21 to 0.13.5.

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.13.5

Patch Changes

• #13077 11c77b7 Thanks @​penalosa! - fix: runInDurableObject now correctly returns redirect responses (3xx) from Durable Object callbacks instead of throwing "Expected callback for X" errors

• #13056 8384743 Thanks @​penalosa! - fix: Support dynamic import() inside entrypoint and Durable Object handlers

  Previously, calling exports.default.fetch() or SELF.fetch() on a worker whose handler used a dynamic import() would hang and fail with "Cannot perform I/O on behalf of a different Durable Object". This happened because the module runner's transport — which communicates over a WebSocket owned by the runner Durable Object — was invoked from a different DO context.

  The fix patches the module runner's transport via the onModuleRunner hook so that all invoke() calls are routed through the runner DO's I/O context, regardless of where the import() originates.

• #13074 4618c05 Thanks @​penalosa! - fix: only apply module fallback extension probing for require(), not import

  The module fallback service previously tried adding .js, .mjs, .cjs, and .json suffixes to extensionless specifiers unconditionally. Per the Node.js spec, this extension-probing behaviour is specific to CommonJS require(). ESM import statements must include explicit file extensions.

  Extension-less TypeScript import specifiers continue to work correctly — they are resolved by Vite's resolver rather than the fallback's extension loop.

• #13073 baec845 Thanks @​penalosa! - Add adminSecretsStore() to cloudflare:test for seeding secrets in tests

  Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. The new adminSecretsStore() helper returns Miniflare's admin API for a secrets store binding, giving tests full control over create, update, and delete operations.

  import { adminSecretsStore } from "cloudflare:test";
  import { env } from "cloudflare:workers";
  const admin = adminSecretsStore(env.MY_SECRET);
  await admin.create("test-value");
  const value = await env.MY_SECRET.get(); // "test-value"

• #13083 cfd513f Thanks @​penalosa! - Add a 30-second timeout to waitUntil promise draining to prevent hanging tests

  Previously, if a ctx.waitUntil() promise never resolved, the test suite would hang indefinitely after the test file finished. Now, any waitUntil promises that haven't settled within 30 seconds are abandoned with a warning, allowing the test suite to continue. This aligns with the production waitUntil limit.

• Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:

  • wrangler@4.78.0
  • miniflare@4.20260317.3

@​cloudflare/vitest-pool-workers@​0.13.4

Patch Changes

• #12999 f9728fd Thanks @​hiendv! - chore: update some tests and fixtures to Vitest 4 / vpw 0.13.x

• Updated dependencies [593c4db, b8f3309, 451dae3, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 379f2a2, c2e9163, 6a6449e, 9a1cf29, 875da60]:

  • wrangler@4.77.0
  • miniflare@4.20260317.2

@​cloudflare/vitest-pool-workers@​0.13.3

Patch Changes

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.13.5

Patch Changes

• #13077 11c77b7 Thanks @​penalosa! - fix: runInDurableObject now correctly returns redirect responses (3xx) from Durable Object callbacks instead of throwing "Expected callback for X" errors

• #13056 8384743 Thanks @​penalosa! - fix: Support dynamic import() inside entrypoint and Durable Object handlers

  Previously, calling exports.default.fetch() or SELF.fetch() on a worker whose handler used a dynamic import() would hang and fail with "Cannot perform I/O on behalf of a different Durable Object". This happened because the module runner's transport — which communicates over a WebSocket owned by the runner Durable Object — was invoked from a different DO context.

  The fix patches the module runner's transport via the onModuleRunner hook so that all invoke() calls are routed through the runner DO's I/O context, regardless of where the import() originates.

• #13074 4618c05 Thanks @​penalosa! - fix: only apply module fallback extension probing for require(), not import

  The module fallback service previously tried adding .js, .mjs, .cjs, and .json suffixes to extensionless specifiers unconditionally. Per the Node.js spec, this extension-probing behaviour is specific to CommonJS require(). ESM import statements must include explicit file extensions.

  Extension-less TypeScript import specifiers continue to work correctly — they are resolved by Vite's resolver rather than the fallback's extension loop.

• #13073 baec845 Thanks @​penalosa! - Add adminSecretsStore() to cloudflare:test for seeding secrets in tests

  Secrets store bindings only expose a read-only .get() method, so there was previously no way to seed secret values from within a test. The new adminSecretsStore() helper returns Miniflare's admin API for a secrets store binding, giving tests full control over create, update, and delete operations.

  import { adminSecretsStore } from "cloudflare:test";
  import { env } from "cloudflare:workers";
  const admin = adminSecretsStore(env.MY_SECRET);
  await admin.create("test-value");
  const value = await env.MY_SECRET.get(); // "test-value"

• #13083 cfd513f Thanks @​penalosa! - Add a 30-second timeout to waitUntil promise draining to prevent hanging tests

  Previously, if a ctx.waitUntil() promise never resolved, the test suite would hang indefinitely after the test file finished. Now, any waitUntil promises that haven't settled within 30 seconds are abandoned with a warning, allowing the test suite to continue. This aligns with the production waitUntil limit.

• Updated dependencies [eeaa473, 9fcdfca, bc24ec8, 1faff35, 0b4c21a, 535582d, 992f9a3, f4ea4ac, 91b7f73, f6cdab2, 53ed15a, ce65246, 7a5be20, 6b50bfa, 0386553, 9c5ebf5, 53ed15a, 53ed15a]:

  • wrangler@4.78.0
  • miniflare@4.20260317.3

0.13.4

Patch Changes

• #12999 f9728fd Thanks @​hiendv! - chore: update some tests and fixtures to Vitest 4 / vpw 0.13.x

• Updated dependencies [593c4db, b8f3309, 451dae3, 5aaaab2, 5aaaab2, f8516dd, 9c9fe30, 379f2a2, c2e9163, 6a6449e, 9a1cf29, 875da60]:

  • wrangler@4.77.0
  • miniflare@4.20260317.2

... (truncated)

Commits

• 81b2b9b Version Packages (#13038)
• baec845 [vitest-pool-workers] Add adminSecretsStore() to cloudflare:test (#13073)
• 4618c05 [vitest-pool-workers] Only probe extensions in module fallback for `require()...
• 11c77b7 [vitest-pool-workers] fix: handle redirect responses in runInDurableObject ...
• 7125939 [vitest-pool-workers] Add regression test for Istanbul coverage across multip...
• cfd513f [vitest-pool-workers] Add 30s timeout to waitUntil promise draining (#13083)
• 8384743 [vitest-pool-workers] Fix dynamic import() in entrypoint and DO handlers (#13...
• a61451f Version Packages (#12980)
• f9728fd Update some missing tests and fixtures with Vitest 4 (#12999)
• 7d2661b Version Packages (#12945)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)