🚨 [security] Update @astrojs/cloudflare 12.6.7 → 13.5.0 (major)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ @​astrojs/cloudflare (12.6.7 → 13.5.0) · Repo · Changelog

Security Advisories 🚨

🚨 Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Summary

The fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts (line 28) uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed() domain allowlist check which only validates the initial URL.

All three other image fetch paths in the codebase correctly use { redirect: 'manual' }. This is an incomplete fix for GHSA-qpr4-c339-7vq8.

Confirmed on HEAD.

Root Cause

image-binding-transform.ts line 28:

const content = await (isRemotePath(href) ? fetch(imageSrc) : assets.fetch(imageSrc));

Missing { redirect: 'manual' }. The three protected paths:

// image-passthrough-endpoint.ts:23
response = await fetch(href, { redirect: 'manual' });
// assets/endpoint/shared.ts:11

const res = await fetch(src, { redirect: 'manual' });
// assets/utils/remoteProbe.ts:53

const response = await fetch(url, { redirect: 'manual' });

PoC

Demonstrated with Node.js that fetch() without redirect: 'manual' follows 302 redirects to arbitrary destinations:

# Server A (allowed domain) returns 302 → Server B (internal)
fetch('http://allowed:19741/img.jpg')                        → follows 302 → hits http://internal:19742/secret
fetch('http://allowed:19741/img.jpg', {redirect:'manual'})   → returns 302, internal server NOT hit

Attack path: attacker finds an open redirect on an allowed domain, crafts /_image?href=https://allowed-cdn.com/redirect?url=http://internal-service/, and the Worker follows the redirect to the unauthorized destination.

Impact

Bypasses the image.domains and image.remotePatterns allowlist for the default Cloudflare image service (cloudflare-binding). Enables blind SSRF to domains not in the allowlist. Same vulnerability class as GHSA-qpr4-c339-7vq8 (HIGH) which fixed the passthrough endpoint but missed this one.

Suggested Fix

const content = await (isRemotePath(href) ? fetch(imageSrc, { redirect: 'manual' }) : assets.fetch(imageSrc));

↗️ @​emnapi/runtime (indirect, 1.4.3 → 1.10.0) · Repo

Release Notes

1.10.0

What's Changed

• fix: early update wasm memory for views (https://github.com/hardfist/emnapi-shared-memory-grow-repro)
• fix!: napi_adjust_external_memory no longer grow wasm memory
• fix: add missing from64 wrap
• fix: coalesce tsfn (js version) send message
• ci: restructure CI workflows
• ci: prebuilt liraries using llvm 22

Thanks @hardfist

Full Changelog: v1.9.2...v1.10.0

1.9.2

What's Changed

• fix: allow maximum memory 4GB by @toyobayashi in #205

Full Changelog: v1.9.1...v1.9.2

1.9.1

fix for emscripten 5.0.3
emscripten-core/emscripten@3051725

Full Changelog: v1.9.0...v1.9.1

1.9.0

What's Changed

• fix data race and use-after-free in napi_threadsafe_function by @toyobayashi in #199
  • fix tsfn not work in JS based async_work workers
  • fix pthread_create not work in JS based async_work workers
  • emnapi_basic[-mt].a includes libuv symbols now
• refactor: dispatch async work queue in shared memory by @toyobayashi in #200
  • Avoids deadlock when main thread block on waiting queued async work starting. Completed work can not be dispatched to main thread that cause no new worker available, then queued work never start.
  • wasm32-wasip1-threads target spawn async worker in JS will use pthread_create, no longer maintain a separate worker pool.
• rename node_api_create_object_with_properties by @toyobayashi in #193
• fix: execute tsfn finalizer after queue drains when aborted
• feat: add required config hint in package entry

  const { requiredConfig } = require('emnapi')
  console.log(requiredConfig.clang.wasmld)

  [
    '--import-memory',
    '--shared-memory',
    '--export-table',
    '--export=malloc',
    '--export=free',
    '--export=napi_register_wasm_v1',
    '--export-if-defined=node_api_module_get_api_version_v1',
    '--export=emnapi_thread_crashed',
    '--export-if-defined=emnapi_async_worker_create',
    '--export-if-defined=emnapi_async_worker_init'
  ]
  

Full Changelog: v1.8.1...v1.9.0

1.8.1

What's Changed

• feat: add support for Float16Array by @toyobayashi in #190

Full Changelog: v1.8.0...v1.8.1

1.8.0

What's Changed

• feat: add node_api_set_prototype by @toyobayashi in #188

Full Changelog: v1.7.1...v1.8.0

1.7.1

What's Changed

• move Node-API version detection by @toyobayashi in #182
• feat: support SharedArrayBuffer in napi_create_dataview by @toyobayashi in #183

Full Changelog: v1.7.0...v1.7.1

1.7.0

What's Changed

• feat: add napi_create_object_with_properties method by @toyobayashi in #181

Full Changelog: v1.6.0...v1.7.0

1.6.0

What's Changed

• feat: added SharedArrayBuffer api by @toyobayashi in #171
• feat: make napi_delete_reference use node_api_basic_env by @toyobayashi in #170
• ci: migrate to npm trusted publishing by @toyobayashi in #168

Full Changelog: v1.5.0...v1.6.0

1.5.0

What's Changed

Prebuilt libraries are built by LLVM clang 20.

• fix: env undefined after emitting beforeExit event by @toyobayashi in #162
• fix(wasi): avoid deadlock caused by child thread abort when the main thread is in Atomics.wait and allow blocking calls on browser main thread (requires wasi-sdk 26+ and --export=emnapi_thread_crashed) by @toyobayashi in #163
• build: backport emscripten parse tools changes to v1 by @toyobayashi in #165

Full Changelog: v1.4.5...v1.5.0

1.4.5

What's Changed

• fix(wasm32-wasip1-threads): process never exit if trap in threads (#156)

Full Changelog: v1.4.4...v1.4.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 47 commits:

• 1.10.0
• fix: free queue node and set async_pending flag before finalize
• fix: tsfn use after free
• ci: llvm 22
• fix: coalesce tsfn send message (#210)
• test: fix async_progress_worker test (#209)
• ci: restructure CI workflows (#208)
• fix: add missing `from64` wrap
• fix!: `napi_adjust_external_memory` no longer grow wasm memory (#207)
• fix: early update wasm memory for views (#206)
• ci: manual release
• 1.9.2
• [Backport] fix: allow maximum memory 4GB (#205)
• 1.9.1
• fix for emscripten 5.0.3
• 1.9.0
• feat: add required config hint in package entry
• fix: execute tsfn finalizer after queue drains when aborted (nodejs/node#61956)
• refactor: dispatch async work queue in shared memory (#200)
• [Backport] fix data race and use-after-free in napi_threadsafe_function (#199)
• feat!: fix `node_api_create_object_with_properties` name (#193)
• refactor: use Node-API in comments (#194)
• 1.8.1
• [Backport] feat: add support for Float16Array (#191)
• 1.8.0
• [Backport] feat: add node_api_set_prototype (#189)
• 1.7.1
• feat: support SharedArrayBuffer in napi_create_dataview (#183)
• move Node-API version detection (#182)
• 1.7.0
• [Backport] feat: add napi_create_object_with_properties method (#181)
• ci: fix version retrieval
• 1.6.0
• feat: make napi_delete_reference use node_api_basic_env (#170)
• [Backport] feat: added SharedArrayBuffer api (#171)
• ci: migrate to npm trusted publishing (#168)
• fix ci
• fix ci
• 1.5.0
• [Backport] build: backport emscripten parse tools changes to v1 (#165)
• fix: signature mismatch
• [Backport] fix(wasi): avoid deadlock caused by child thread abort when the main thread is in `Atomics.wait` (#163)
• [Backport] fix: env undefined after emitting beforeExit event (#162)
• 1.4.5
• fix(wasm32-wasip1-threads): process never exit if trap in threads (#156)
• 1.4.4
• fix: `worker.onerror` may receive an `Event`

↗️ detect-libc (indirect, 2.0.4 → 2.1.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 11 commits:

• Release v2.1.2
• Ensure Node.js 10 and 12 can use async file-based detection methods (#33)
• Add semi-automated changelog #32
• Release v2.1.1
• Ensure Node.js 10 and 12 can use file-based detection methods (#30)
• Release v2.1.0
• CI: Add non-Linux integration tests for completeness
• Prerelease v2.1.0-rc.0
• CI: Publish tagged commits to npm
• Detect libc using the interpreter value from Node's ELF header
• CI: update integration test expectations

↗️ semver (indirect, 7.7.2 → 7.8.0) · Repo · Changelog

Release Notes

7.8.0

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

• 9542e09 #860 template-oss-apply (@owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)
• 6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@reggi)
• 5816d4c #829 bump @npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@dependabot[bot], @npm-cli-bot)

7.7.3

7.7.3 (2025-10-06)

Bug Fixes

• e37e0ca #813 faster paths for compare (#813) (@H4ad)
• 2471d75 #811 x-range build metadata support (i529015)

Chores

• 8f05c87 #807 bump @npmcli/template-oss from 4.25.0 to 4.25.1 (#807) (@dependabot[bot], @owlstronaut)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

• chore: release 7.8.0 (#847)
• chore: template-oss-apply
• chore: template-oss-apply@5.0.0
• fix: Warn when defaulting to --inc=patch in CLI
• feat: Add `truncate` function (#855)
• docs: fix typos in documentation (#853)
• chore: bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852)
• docs: fix BNF grammar to distinguish prerelease from build identifiers (#846)
• chore: release 7.7.4 (#839)
• deps: @npmcli/template-oss@4.29.0 (#840)
• fix(cli): pass options to semver.valid() for loose version validation (#835)
• docs: fix typos and update -n CLI option documentation (#836)
• chore: bump @npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
• chore: bump @npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
• chore: bump @npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
• chore: reorder parameters in invalid-versions.js test (#820)
• chore: bump @npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
• chore: bump @npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
• chore: release 7.7.3 (#812)
• fix: faster paths for compare (#813)
• fix: x-range build metadata support
• chore: bump @npmcli/template-oss from 4.25.0 to 4.25.1 (#807)
• chore: bump @npmcli/template-oss from 4.24.4 to 4.25.0 (#797)
• chore: bump @npmcli/template-oss from 4.24.3 to 4.24.4 (#790)

↗️ tinyglobby (indirect, 0.2.14 → 0.2.16) · Repo · Changelog

Release Notes

0.2.16

Fixed

• Upgraded picomatch to 4.0.4, mitigating any potential exposure to CVE-2026-33671 and CVE-2026-33672

Changed

• Overhauled and optimized most internals by @Torathion
• Ignore patterns are no longer compiled twice by @webpro

Consider sponsoring if you'd like to support the development of this project and the goal of reaching a lighter and faster ecosystem

0.2.15

Added

• Documentation page at https://superchupu.dev/tinyglobby, which also contains a library comparison page and migration guide.

  It's been a huge effort that took two months to make.

  Big thanks to @outslept, @43081j and @benmccann for helping out! ❤️

• JSDoc to all functions and options based on the online documentation page

• Benchmarks with help from @43081j and @benmccann

• braceExpansion option

• extglob option

• fs option

• globstar option by @benmccann

• signal option

• package.json export as tinyglobby/package.json

• Ability to pass readonly types by @TomerAberbach

• Support for URLs in cwd option

Changed

• Rewritten path processing algorithm leading to a huge performance increase in many cases with help from @43081j and @benmccann

• Deprecated using patterns inside the options object

• Enabled trusted publishing using npm's OIDC support

Fixed

• Negated bracket expressions i.e. [!abc]
• Some patterns like +++ breaking the partial matcher

Consider sponsoring if you'd like to support the development of this project and the goal of reaching a lighter and faster ecosystem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 66 commits:

• release 0.2.16
• bump deps once more
• do not import the whole `fs` module
• fix root being too broad
• chore(deps): update all non-major dependencies (#191)
• chore(deps): update pnpm/action-setup action to v5 (#192)
• upgrade picomatch (and everything else)
• chore(deps): update dependency picomatch to v4.0.4 [security] (#193)
• enable pnpm `trustPolicy`
• chore(deps): update all non-major dependencies (#181)
• chore(deps): update dependency tinybench to v6 (#183)
• chore(deps): update actions/checkout action to v6 (#180)
• avoid compiling ignore patterns twice (#190)
• chore(deps): update all non-major dependencies (#175)
• chore(deps): update dependency glob to v13 (#177)
• update readme mention of `globby` to 16.0.0
• process patterns and misc optimizations (#179)
• overhaul crawler options building and handling (#174)
• chore(deps): update dependency glob to v11.1.0 [security] (#176)
• chore(deps): update actions/setup-node action to v6 (#172)
• chore(deps): update all non-major dependencies (#165)
• refactor `GlobOptions` to center option processing (#170)
• outsource types to separate file (#169)
• release 0.2.15
• stop using `picomatch.makeRe` on partial matcher
• chore(deps): update all non-major dependencies (#161)
• move documentation to website, add jsdoc
• chore(deps): update dependency tinybench to v5 (#159)
• workaround to fix dts build
• up coverage to 100%
• chore(deps): update dependency @types/node to ^24.3.0 (#157)
• add `fs` option
• chore(deps): update actions/checkout action to v5 (#156)
• fix(deps): update all non-major dependencies (#154)
• add `braceExpansion` and `extglob` options
• add support for using a `URL` as the `cwd`
• disable `**` special handling when `globstar` is `false`
• replace `lint:fix` script with `check:fix`
• allow passing readonly types (#153)
• enable oidc publishing
• update tsconfig for typescript 5.9
• chore(deps): update all non-major dependencies (#152)
• expose `package.json` to users
• restore `"lib": ["esnext"]`
• fix(deps): update all non-major dependencies (#144)
• fix negated bracket expressions (#151)
• use `AbortSignal.abort()` in tests
• refactor `crawl` into `getCrawler`
• simplify formatter (#141)
• cleanup configs
• deduplicate initial `cwd` processing
• officially deprecate `patterns` inside options
• add `signal` option
• add globstar option (#131)
• fix root test (#137)
• improve test coverage
• bump `@types/node` and update `tsdown` config
• chore(deps): update all non-major dependencies (#129)
• rewrite and optimize path processing algorithm (#130)
• add benchmarks (#122)
• add debug & empty string tests
• bump biome to `2.0.0`
• rework module setup
• remove `--experimental-transform-types` from tests
• fix(deps): update all non-major dependencies (#121)
• run ci on node 24

↗️ undici (indirect, 7.12.0 → 7.24.8) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 @​cloudflare/vite-plugin (added, 1.36.3)

🆕 @​esbuild/openharmony-arm64 (added, 0.27.7)

🆕 @​img/colour (added, 1.1.0)

🆕 @​img/sharp-libvips-linux-ppc64 (added, 1.2.4)

🆕 @​img/sharp-libvips-linux-riscv64 (added, 1.2.4)

🆕 @​img/sharp-linux-ppc64 (added, 0.34.5)

🆕 @​img/sharp-linux-riscv64 (added, 0.34.5)

🆕 @​img/sharp-win32-arm64 (added, 0.34.5)

🆕 fdir (added, 6.5.0)

🆕 piccolore (added, 0.1.3)

🗑️ @​fastify/busboy (removed)

🗑️ as-table (removed)

🗑️ data-uri-to-buffer (removed)

🗑️ get-source (removed)

🗑️ mustache (removed)

🗑️ prettier (removed)

🗑️ printable-characters (removed)

🗑️ stacktracey (removed)

🗑️ typescript (removed)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[llamapreview]

AI Code Review by LlamaPReview

🎯 TL;DR & Recommendation

Recommendation: Approve with suggestions

This PR updates @astrojs/cloudflare from 12.6.7 to 13.5.0 to address security vulnerabilities. However, as a major version bump, it introduces a risk of breaking type definitions and the integration API. Additionally, no CI is configured, so any breaking changes could go undetected without manual verification.

💡 Suggestions (P2)

• package.json: Major version bump may silently break TypeScript compilation if the Runtime type signature or cloudflare() integration API changed. Run npm run build and check for type errors before merging.
• package.json: No CI detected – breaking changes may go undetected. Consider enabling CI or manually running the full test suite and build commands.

---

💡 Have feedback? We'd love to hear it in our GitHub Discussions.
✨ This review was generated by LlamaPReview Advanced, which is free for all open-source projects. Learn more.

[llamapreview]

P2 | Confidence: High

Breaking Change Risk: The major version bump from 12.6.7 to 13.5.0 introduces a risk of breaking type definitions and integration API. The project directly imports Runtime<Env> from @astrojs/cloudflare (anchor path:src/env.d.ts) and calls the cloudflare() integration in astro.config.mjs (anchor path:astro.config.mjs). If the Runtime type was renamed, its generic signature changed, or the integration constructor now requires configuration (e.g., cloudflare({/*...*/})), the TypeScript compilation and Astro build will fail. Since the PR description notes "No CI detected", there is no automated verification. It is strongly recommended to run npm run build locally and check for type errors before merging.

No CI Detected: The PR description explicitly states "No CI detected". Without a CI pipeline, any breaking changes introduced by this major dependency update (e.g., build errors, runtime failures) will not be caught automatically. This is a process risk that should be addressed either by enabling CI or by manually running the full test suite (if any) and the build commands (npm run build, npm run build:embed) before merging.