Skip to content

2026 07 16 upstream merge#6884

Open
mikea wants to merge 179 commits into
mainfrom
maizatskyi/2026-07-16-upstream
Open

2026 07 16 upstream merge#6884
mikea wants to merge 179 commits into
mainfrom
maizatskyi/2026-07-16-upstream

Conversation

@mikea

@mikea mikea commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

No description provided.

ibbykhazanchi and others added 30 commits June 16, 2026 15:41
Signed-off-by: Matt Provost <mprovost@cloudflare.com>
we maintain weak reference to it, allow it to have its identity.
allocate Pipe on the heap

See merge request cloudflare/ew/workerd!418
Weak ReadableStream owner

See merge request cloudflare/ew/workerd!416
Weak WritableStream owner

See merge request cloudflare/ew/workerd!414
Define two exception DetailTypeIds in jsg/util.h that record whether a
DISCONNECTED actor-call failure happened before
(ACTOR_CALL_NOT_DELIVERED_TO_SANDBOX_DETAIL_ID) or after
(ACTOR_CALL_DELIVERED_TO_SANDBOX_DETAIL_ID) the call reached the
receiving sandbox, so the caller can distinguish failures that are safe
to retry as a fresh attempt from those that may have run user code.

Set the DELIVERED detail in WorkerEntrypoint's actor exception catch
(request + connect) before exceptionToPropagate(), so it survives the
internal-exception description rewrite and serializes back across the
RPC boundary. No behavior change; the detail is currently only read for
metrics classification.

Release note: None
Adds the `d1_binding_jsrpc` compatibility flag and routes D1 query
requests through the JSRPC query API when enabled. Keeps the legacy
calls to the `fetch` function when the flag is disabled.
Add an explicit `d1_binding_jsrpc` D1 test config and teach the D1 mock
to serve query() over DO RPC.
STOR-5304: Add actor-call delivery-position exception detail IDs

See merge request cloudflare/ew/workerd!381
CFSQL-1705: D1 add support for the JSRPC `.query` method

See merge request cloudflare/ew/workerd!410
* Use non-sandbox buffer to read in internal.c++

In case the sandbox array buffers are under MPK
protection we provide a temporary buffer for
the kj sink to write into.

See merge request cloudflare/ew/workerd!422
Use non-sandbox buffer to read in internal.c++

See merge request cloudflare/ew/workerd!422
Clean up JsRpcProperty MAX_PROPERTY_DEPTH

See merge request cloudflare/ew/workerd!420
mikea and others added 19 commits July 15, 2026 18:22
use WeakRc for weak IoContext

See merge request cloudflare/ew/workerd!487
I noticed some false negatives, this catches more.
…itlab'

[clang-tidy] improved iocontext capture check

See merge request cloudflare/ew/workerd!504
…ew module registry

* Update getBuiltinModule test expectations to default-export semantics

* Fix getBuiltinModule to return default export for node built-ins in new module registry

See merge request cloudflare/ew/workerd!495
Fix getBuiltinModule to return default export for node built-ins in new module registry

See merge request cloudflare/ew/workerd!495
…istry

* Ignore query/fragment when redirecting node:process in new module registry

See merge request cloudflare/ew/workerd!496
Ignore query/fragment when redirecting node:process in new module registry

See merge request cloudflare/ew/workerd!496
[build] split small io pieces

See merge request cloudflare/ew/workerd!507
hardening IoContext& in api/streams

See merge request cloudflare/ew/workerd!506
* Reject require() of top-level-await module even when already evaluated

The synchronous require() path checked RequireOption::NO_TOP_LEVEL_AWAIT
only after the early-return that hands back the cached namespace for a
module that is already kEvaluated/kEvaluating. So require() of an ESM that
uses top-level await threw ERR_REQUIRE_ASYNC_MODULE-style only if the
module had not already been evaluated by an earlier import; otherwise it
silently returned the cached namespace. This made require()'s behavior
order-dependent and inconsistent with Node.js.

Perform the top-level-await check inside the already-evaluated branch as
well (the module is instantiated there, so IsGraphAsync() is valid).

Also strengthen the regression test to evaluate the module via import()
before require()ing it.

See merge request cloudflare/ew/workerd!498
Reject require() of a top-level-await module even when already evaluated

See merge request cloudflare/ew/workerd!498
* Fix normalizePathEncoding dropping encoded slash after a non-%2f escape

normalizePathEncoding's findNext helper only inspected the first "%2"
occurrence in the pathname. If that first "%2" was not "%2f"/"%2F"
(e.g. "%25", "%20", "%2E"), it returned kj::none and gave up, so a
later "%2f" in the same chunk was percent-decoded into a real '/'. This
silently turned an in-segment encoded slash into a path separator,
changing the resolved module path. It also read input[pos+2] without a
bounds check, which is out of range when the pathname ends in a bare
"%2".

Scan all "%2" occurrences and bounds-check the third character.

See merge request cloudflare/ew/workerd!497
…gitlab'

Fix normalizePathEncoding dropping encoded slash after a non-%2f escape

See merge request cloudflare/ew/workerd!497
just format

See merge request cloudflare/ew/workerd!508
@mikea
mikea requested review from a team as code owners July 16, 2026 15:56
@mikea
mikea requested a review from jamesopstad July 16, 2026 15:56
@github-actions

Copy link
Copy Markdown


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.


I have read the CLA Document and I hereby sign the CLA


19 out of 24 committers have signed the CLA.
✅ (jasnell)[https://github.com/jasnell]
✅ (BSFishy)[https://github.com/BSFishy]
✅ (mikea)[https://github.com/mikea]
✅ (fhanau)[https://github.com/fhanau]
✅ (apeacock1991)[https://github.com/apeacock1991]
✅ (FlorentCollin)[https://github.com/FlorentCollin]
✅ (erikcorry)[https://github.com/erikcorry]
✅ (dom96)[https://github.com/dom96]
✅ (npaun)[https://github.com/npaun]
✅ (ketanhwr)[https://github.com/ketanhwr]
✅ (Caio-Nogueira)[https://github.com/Caio-Nogueira]
✅ (Brooooooklyn)[https://github.com/Brooooooklyn]
✅ (logan-gatlin)[https://github.com/logan-gatlin]
✅ (guybedford)[https://github.com/guybedford]
✅ (ObsidianMinor)[https://github.com/ObsidianMinor]
✅ (ryanking13)[https://github.com/ryanking13]
✅ (Ankcorn)[https://github.com/Ankcorn]
✅ (dcarney-cf)[https://github.com/dcarney-cf]
✅ (danlapid)[https://github.com/danlapid]
@Ibby
@ibrahim Khajanchi
@flakey5
@kira Kaviani
@spahl
ibby, Ibrahim Khajanchi, Kira Kaviani seem not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@ask-bonk

ask-bonk Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

LGTM

github run

@codspeed-hq

codspeed-hq Bot commented Jul 16, 2026

Copy link
Copy Markdown

Merging this PR will degrade performance by 8.64%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

❌ 1 regressed benchmark
✅ 71 untouched benchmarks
⏩ 129 skipped benchmarks1

Warning

Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

Benchmark BASE HEAD Efficiency
simpleStringBody[Response] 22 µs 24.1 µs -8.64%

Tip

Investigate this regression by commenting @codspeedbot fix this regression on this PR, or directly use the CodSpeed MCP with your agent.


Comparing maizatskyi/2026-07-16-upstream (281677d) with main (f71dab4)

Open in CodSpeed

Footnotes

  1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.