Update dependency @opennextjs/cloudflare to v1.14.8

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@opennextjs/cloudflare (source)	1.3.1 → 1.14.8

---

Release Notes

opennextjs/opennextjs-cloudflare (@​opennextjs/cloudflare)

v1.14.8

Compare Source

Patch Changes

• #​1064 9222070 Thanks @​vicb! - fix r2 bulk put to respect bucket jurisdiction

v1.14.7

Compare Source

Patch Changes

• #​1053 d447125 Thanks @​vicb! - Support composable cache in Next 16

v1.14.6

Compare Source

Patch Changes

• #​1043 c83cb83 Thanks @​vicb! - fix for CVE-2025-67779

  See https://nextjs.org/blog/security-update-2025-12-11

v1.14.5

Compare Source

Patch Changes

• #​1042 763c4ec Thanks @​vicb! - Bump Next, React, and @​opennextjs/aws to fix vulnerabilities (CVE-2025-55184 and CVE-2025-55183)

  See https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
  See https://nextjs.org/blog/security-update-2025-12-11
  See https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.5

• #​1034 721bff0 Thanks @​james-elicx! - output more wrangler command logs when the command fails

• #​1023 a4a2f02 Thanks @​dario-piotrowicz! - When running wrangler deploy add a OPEN_NEXT_DEPLOY environment variable to let wrangler know that it is being run by open-next

v1.14.4

Compare Source

Patch Changes

• #​1020 07919d8 Thanks @​dario-piotrowicz! - Add missing WORKER_SELF_REFERENCE service binding in the wrangler.jsonc that the CLI creates

• #​1032 1de4899 Thanks @​vicb! - fix(images): allow any local path when no localPatterns are specified

v1.14.3

Compare Source

Patch Changes

• #​1025 c3aba94 Thanks @​vicb! - bump @opennextjs/aws to 3.9.4

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.4

• #​1025 c3aba94 Thanks @​vicb! - Bump Next

v1.14.2

Compare Source

Patch Changes

• #​1021 250aba2 Thanks @​vicb! - bump @opennextjs/aws to 3.9.3

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.3

• #​1021 250aba2 Thanks @​vicb! - Bump Next

v1.14.1

Compare Source

Patch Changes

• #​1016 2200b4b Thanks @​vicb! - Update e2e tests to Next 16 (webpack)

• #​1015 e8971cd Thanks @​vicb! - memory queue: retrieve the preview ID from process.env

• #​1012 5f6c0a6 Thanks @​pilcrowonpaper! - Add image binding to Wrangler configuration template file

• #​1017 a6904a4 Thanks @​vicb! - fix: response.validate with the turbo pages runtime

• #​1014 f4b53b9 Thanks @​vicb! - bump @opennextjs/aws to 3.9.1

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.1

• #​1019 2a3ee86 Thanks @​vicb! - await headers()

v1.14.0

Compare Source

Minor Changes

• #​999 50d7427 Thanks @​pilcrowonpaper! - feat: support image optimization using the image binding

v1.13.1

Compare Source

Patch Changes

• #​1001 fdf61b4 Thanks @​vicb! - Bump wrangler to ^4.49.1

• #​998 f69787c Thanks @​vicb! - Warn when using Next 16

v1.13.0

Compare Source

Minor Changes

• #​991 b95e7ca Thanks @​vicb! - use wrangler r2 bulk put for R2 cache population

Patch Changes

• #​994 ab2d805 Thanks @​vicb! - bump @opennextjs/aws to 3.9.0

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.0

v1.12.0

Compare Source

Minor Changes

• #​973 8cb7669 Thanks @​petebacondarwin! - Add standard Next template generated from create-next-app that will be used by create-cloudflare going forward

• #​983 68aed26 Thanks @​vicb! - feat: turbopack support

v1.11.1

Compare Source

Patch Changes

• #​968 ddb0589 Thanks @​rgembalik! - fix: Compiled config is now imported using pathToFileURL to avoid crashes on Windows.

• #​958 7edf91c Thanks @​vicb! - fix: add missing awaits

• #​978 d7ad53e Thanks @​vicb! - error early when a node middleware is detected

• #​976 93f4c8a Thanks @​rgembalik! - fix: shell quoting on windows machines to avoid upload errors for routes with [...path] segments

v1.11.0

Compare Source

Minor Changes

• #​925 62fee71 Thanks @​krzysztof-palka-monogo! - feature: optional batch upload for faster R2 cache population

  This update adds optional batch upload support for R2 cache population, significantly improving upload performance for large caches when enabled via .env or environment variables.

  Key Changes:

  1. Optional Batch Upload: Configure R2 credentials via .env or environment variables to enable faster batch uploads:

     • R2_ACCESS_KEY_ID
     • R2_SECRET_ACCESS_KEY
     • CF_ACCOUNT_ID

  2. Automatic Detection: When credentials are detected, batch upload is automatically used for better performance

  3. Smart Fallback: If credentials are not configured, the CLI falls back to standard Wrangler uploads with a helpful message about enabling batch upload for better performance

  All deployment commands support batch upload:

  • populateCache - Explicit cache population
  • deploy - Deploy with cache population
  • upload - Upload version with cache population
  • preview - Preview with cache population

  Performance Benefits (when batch upload is enabled):

  • Parallel transfer capabilities (32 concurrent transfers)
  • Significantly faster for large caches
  • Reduced API calls to Cloudflare

  Usage:

  Add the credentials in a .env/.dev.vars file in your project root:

  R2_ACCESS_KEY_ID=your_key
  R2_SECRET_ACCESS_KEY=your_secret
  CF_ACCOUNT_ID=your_account

  You can also set the environment variables for CI builds.

  Note:

  You can follow documentation https://developers.cloudflare.com/r2/api/tokens/ for creating API tokens with appropriate permissions for R2 access.

Patch Changes

• #​951 e3aba83 Thanks @​vicb! - bump @opennextjs/aws to 3.8.5

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.8.5

• #​948 0c655c3 Thanks @​vicb! - refactor: do not create a wrangler config when a custom one is passed

v1.10.1

Compare Source

Patch Changes

• #​945 f73ac0f Thanks @​vicb! - bump @opennextjs/aws to 3.8.4

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.8.4

v1.10.0

Compare Source

Minor Changes

• #​937 32ba91a Thanks @​vicb! - feat: retrieve CLI environment variables from process.env and .env* files

  Recommended usage on CI:

  • Add your secrets to process.env (i.e. CF_ACCOUNT_ID)
  • Add public values to the wrangler config wrangler.jsonc (i.e. R2_CACHE_PREFIX_ENV_NAME)

  Recommended usage for local dev:

  • Add your secrets to either a .dev.vars* or .env* file (i.e. CF_ACCOUNT_ID)
  • Add public values to the wrangler config wrangler.jsonc (i.e. R2_CACHE_PREFIX_ENV_NAME)

Patch Changes

• #​941 59f52e0 Thanks @​vicb! - bump @opennextjs/aws to 3.8.2

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.8.2

• #​939 54c47e5 Thanks @​vicb! - perf: low-hanging fruits

v1.9.2

Compare Source

Patch Changes

• #​932 0c7d1ae Thanks @​vicb! - bump @opennextjs/aws to 3.8.1

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.8.1

v1.9.1

Compare Source

Patch Changes

• #​918 eeb18bb Thanks @​vicb! - refactor: account for empty tag list in tag cache

• #​921 07487a4 Thanks @​vicb! - bump @opennextjs/aws to 3.8.0

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.8.0

v1.9.0

Compare Source

Minor Changes

• #​906 dcc864d Thanks @​vicb! - feat: add an experimental KV based tag cache

Patch Changes

• #​907 ba4cac5 Thanks @​vicb! - refactor: only try to purge the cache when invalidation is configured

v1.8.5

Compare Source

Patch Changes

• #​901 17a4bea Thanks @​vicb! - chore: bump wrangler to ^4.38.0

• #​903 7fced0f Thanks @​vicb! - fix: enable using workerd process v2

  process v2 is an updated version of node:process active by default after 2025-09-15

v1.8.4

Compare Source

Patch Changes

• #​888 51322a8 Thanks @​james-elicx! - fix: remote flag not working for preview command's cache population

  Previously, passing the --remote flag when running opennextjs-cloudflare preview --remote would not result in the remote preview binding being populated, and would throw errors due to a missing preview flag when populating Workers KV. The remote flag is now supported for the cache popoulation step when running the preview command.

  • opennextjs-cloudflare preview --remote will populate the remote binding for the preview ID specified in your Wrangler config.
  • opennextjs-cloudflare preview will continue to populate the local binding in your Wrangler config.

v1.8.3

Compare Source

Patch Changes

• #​892 1ee505f Thanks @​vicb! - Bump @​opennextjs/aws to 3.7.7

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.7.7

v1.8.2

Compare Source

Patch Changes

• #​883 bf1a6f6 Thanks @​vicb! - fix: type error during build

v1.8.1

Compare Source

Patch Changes

• #​878 23b67ce Thanks @​sommeeeer! - fix: Respect trailing slash config for _next/image route in worker

• #​882 a6283af Thanks @​vicb! - perf: skip lazy update on cache hit when cache purge is enabled

• #​881 9a746d2 Thanks @​vicb! - fix: detection of cache purge

v1.8.0

Compare Source

Minor Changes

• #​862 728ad99 Thanks @​james-elicx! - feat: support for a custom OpenNext config path with the --openNextConfigPath flag

Patch Changes

• #​872 dc76d6e Thanks @​alex-all3dp! - Fix check for missing CACHE_PURGE_ZONE_ID

• #​862 728ad99 Thanks @​james-elicx! - refactor: deprecate usage of the --configPath flag for the Wrangler config, in favour of the --config flag.

v1.7.1

Compare Source

Patch Changes

• #​865 f1e9457 Thanks @​sommeeeer! - fix: Ensure request.url reflects the actual host protocol in route handlers

• #​867 2c1de0b Thanks @​vicb! - Log cache purge errors as errors

v1.7.0

Compare Source

Minor Changes

• #​848 f80c801 Thanks @​sommeeeer! - Ensure that the initial request.signal is passed to the wrapper

  request.signal.onabort is now supported in route handlers. It requires that the signal from the original worker's request is passed to the handler. It will then pass along that AbortSignal through the streamCreator in the wrapper. This signal will destroy the response sent to NextServer when a client aborts, thus triggering the signal in the route handler.

  See the changelog in Cloudflare here.

  Note:
  If you have a custom worker, you must update your code to pass the original request.signal to the handler. You also need to enable the compatibility flag enable_request_signal to use this feature.

  For example:

  // Before:
  return handler(reqOrResp, env, ctx);
  
  // After:
  return handler(reqOrResp, env, ctx, request.signal);

• #​850 ce5c7b4 Thanks @​dario-piotrowicz! - Add option for regional cache to skip tagCache on cache hits

  When the tag regional cache finds a value in the incremental cache, checking such value in the tagCache can be skipped, this helps reducing response times at the tradeoff that the user needs to either use the automatic cache purging or manually purge the cache when appropriate. For this the bypassTagCacheOnCacheHit option is being added to the RegionalCache class.

  Example:

  import { defineCloudflareConfig } from "@​opennextjs/cloudflare";
  import d1NextTagCache from "@​opennextjs/cloudflare/overrides/tag-cache/d1-next-tag-cache";
  import memoryQueue from "@​opennextjs/cloudflare/overrides/queue/memory-queue";
  import r2IncrementalCache from "@​opennextjs/cloudflare/overrides/incremental-cache/r2-incremental-cache";
  import { withRegionalCache } from "@​opennextjs/cloudflare/overrides/incremental-cache/regional-cache";
  
  export default defineCloudflareConfig({
  	incrementalCache: withRegionalCache(r2IncrementalCache, {
  		mode: "long-lived",
  		bypassTagCacheOnCacheHit: true,
  	}),
  	tagCache: d1NextTagCache,
  	queue: memoryQueue,
  });

Patch Changes

• #​858 7233c03 Thanks @​vicb! - bump @​opennextjs/aws to 3.7.6

  See the changes at opennextjs/opennextjs-aws@v3.7.4...v3.7.6

• #​857 b8b38ee Thanks @​vicb! - Clean output directory before next build

v1.6.5

Compare Source

Patch Changes

• #​843 10fc603 Thanks @​vicb! - perf: drop the babel dependency

v1.6.4

Compare Source

Patch Changes

• #​838 90f451d Thanks @​conico974! - bump @​opennextjs/aws to 3.7.4

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.7.4

• #​833 c9705e5 Thanks @​sommeeeer! - Update the patches to support Next.js 15.4"

v1.6.3

Compare Source

Patch Changes

• #​828 d00b3a1 Thanks @​vicb! - bump @​opennextjs/aws to 3.7.2

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.7.2

• #​830 daf36fa Thanks @​vicb! - detect more image types

  Sync of vercel/next.js#82118

• #​832 67e71b9 Thanks @​vicb! - fix: --noMinify stop minifying the bundle

v1.6.2

Compare Source

Patch Changes

• #​820 c202302 Thanks @​conico974! - Fix regional cache for the DOShardedTagCache

• #​818 be6a492 Thanks @​dario-piotrowicz! - fix deploy and upload commands not taking into account environment variables

• #​825 3de7962 Thanks @​conico974! - Add an option to persist missing tags in the regional tag cache

• #​816 c46eeee Thanks @​vicb! - bump @​opennextjs/aws to 3.7.1

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.7.1

v1.6.1

Compare Source

Patch Changes

• #​814 89ce96b Thanks @​james-elicx! - fix: wrangler config not passed to cache population

v1.6.0

Compare Source

Minor Changes

• #​791 b158e8b Thanks @​james-elicx! - refactor: use yargs for the cli

Patch Changes

• #​810 fdfa5af Thanks @​vicb! - fix skew protection handling of POST requests

v1.5.3

Compare Source

Patch Changes

• #​804 72d8d5b Thanks @​alex-all3dp! - Fix missing SQL parameter bindings in D1NextModeTagCache.getLastRevalidated()

v1.5.2

Compare Source

Patch Changes

• #​785 e0f39b6 Thanks @​vicb! - Cancel the unused stream (body)

• #​789 040731c Thanks @​vicb! - cancel the body stream when unconsumed

• #​795 d18cd9d Thanks @​sommeeeer! - fix(patches): Update patchInstrumentation and loadManifest to work with Next 15.4

• #​800 a3e7551 Thanks @​vicb! - wrangler should not load .env files

v1.5.1

Compare Source

Patch Changes

• #​781 e984e8f Thanks @​vicb! - fallback to the upstream image content-type header

• #​779 224a2f0 Thanks @​petebacondarwin! - Ensure that the cloudflare library is available at runtime

  Previously it was only a devDependency which meant it was missing in real life installations of the tool.

  The error looked like:

  Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'cloudflare' imported from @​opennextjs/cloudflare/dist/cli/commands/skew-protection.js
  

v1.5.0

Compare Source

Minor Changes

• #​768 40f7e72 Thanks @​vicb! - Add an asset resolver to support run_worker_first=true

• #​746 6d020fe Thanks @​vicb! - feat: add support for experimental skew protection

Patch Changes

• #​776 bd448a8 Thanks @​vicb! - Add support for images CSP, disposition, and allow SVG

v1.4.0

Compare Source

Minor Changes

• #​764 af963f0 Thanks @​vicb! - Update @​opennextjs/aws to 3.7.0

  3.7.0 Release notes

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

This change is 

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	web4	260c38d	Jan 06 2026, 12:55 PM

[guardrails]

All previously detected findings have been fixed. Good job! 👍🎉

We will keep this comment up-to-date as you go along and notify you of any security issues that we identify.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[openzeppelin-code]

Update dependency @opennextjs/cloudflare to v1.14.7

Generated at commit: 260c38d820713bc64d41ed20d3adb319c1f7c68f

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: web4@undefined
npm error Found: next@15.4.5
npm error node_modules/next
npm error   next@"15.4.5" from the root project
npm error
npm error Could not resolve dependency:
npm error peer next@"^14.2.35 || ~15.0.7 || ~15.1.11 || ~15.2.8 || ~15.3.8 || ~15.4.10 || ~15.5.9 || ^16.0.10" from @opennextjs/cloudflare@1.14.8
npm error node_modules/@opennextjs/cloudflare
npm error   @opennextjs/cloudflare@"1.14.8" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-01-08T20_04_55_446Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-08T20_04_55_446Z-debug-0.log

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud