chore(deps): update dependency @cloudflare/vite-plugin to v1.42.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/vite-plugin (source)	1.41.0 → 1.42.2

---

Release Notes

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.42.2

Compare Source

Patch Changes

• #​14358 4ef872f Thanks @​gabivlj! - Fix container egress interception on arm64 Docker runtimes

  Both wrangler dev and the Cloudflare Vite plugin no longer force the proxy-everything sidecar image to pull as linux/amd64, allowing Docker to select the native image from the multi-platform manifest. Set MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM to force a specific platform when needed.

• Updated dependencies [a085dec, 9a0de8f, fab565f, 3f02864, 4ef872f, 2a02858, e312dec]:

  • miniflare@​4.20260623.0
  • wrangler@​4.104.0

v1.42.1

Compare Source

Patch Changes

• #​14366 c6579d3 Thanks @​jamesopstad! - Resolve relative cf-worker entrypoint imports relative to the importing module

  When loading the experimental cloudflare.config.ts, a relative entrypoint imported with import ... with { type: "cf-worker" } (e.g. ./src/index.ts) is now anchored to the module where the import is written, rather than being passed through verbatim and later resolved against the top-level config file. This fixes incorrect resolution when the import lives in a file other than the entry config — for example a config that re-exports from a nested file.

  Bare specifiers (such as @scope/pkg) and virtual modules (such as virtual:foo) are still left unresolved so that consumers can apply their own resolution.

• Updated dependencies [c6579d3, 444b75e, b38823f, cfd6205, cfd6205]:

  • wrangler@​4.103.0
  • miniflare@​4.20260617.1

v1.42.0

Compare Source

Minor Changes

• #​14339 aa49856 Thanks @​jamesopstad! - Add a build command to the experimental, internal cf-vite delegate binary

  cf-vite build runs Vite's full multi-environment app build (via the Builder API) and enables the experimental Build Output API by default, emitting a self-contained .cloudflare/output/v0/ directory. It forces experimental.newConfig and experimental.newConfig.cfBuildOutput on, so a cloudflare.config.ts is required at the project root.

Patch Changes

• #​14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

  GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

• #​14351 6c7df19 Thanks @​jamesopstad! - Force the experimental new config on by default in the cf-vite dev delegate

• #​14218 4eed569 Thanks @​matingathani! - Allow resolve.external containing only Node.js built-ins in Worker environments

  Vitest 4 automatically sets resolve.external to the full list of Node.js built-in modules for non-standard Vite environments via its internal runnerTransform plugin. Previously, the Cloudflare Vite plugin rejected any non-empty resolve.external array, throwing an incompatibility error on startup when used alongside Vitest 4.

  The validation check now allows resolve.external arrays that contain only Node.js built-in module names (both bare fs and node:fs forms). The error is only thrown when resolve.external is true or contains non-built-in package names that would prevent user code from being bundled into the Worker.

• Updated dependencies [673b09e, e930bd4, f6e49dd, 5c3bb11, 296ad65, 594544d, a79b899, 5dfb788, ca61558, 36777db]:

  • miniflare@​4.20260617.0
  • wrangler@​4.102.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​cloudflare/​vite-plugin@​1.42.2

View full report

[cursor]

Risk: low. Cursor Bugbot is not configured on this PR; approving the narrow Renovate bump of @cloudflare/vite-plugin (1.41.0 → 1.42.2) with no applicable approval policies. No reviewers assigned.

  

_{Sent by Cursor Approval Agent: Pull Request Approver External}

[cursor]

Risk: low. Cursor Bugbot is not configured on this PR; approving the narrow Renovate bump of @cloudflare/vite-plugin (1.41.0 → 1.42.2) with no applicable approval policies. No reviewers assigned.

  

_{Sent by Cursor Approval Agent: Pull Request Approver External}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud