Add 240/ ranges to Miniflare

[penalosa]

What this PR solves / how to test

refs capnproto/capnproto#2066

Fixes #[insert GH or internal issue number(s)].

Author has addressed the following

• Tests
  • TODO (before merge)
  • Included
  • Not necessary because:
• E2E Tests CI Job required? (Use "e2e" label or ask maintainer to run separately)
  • I don't know
  • Required / Maybe required
  • Not required because:
• Changeset (Changeset guidelines)
  • TODO (before merge)
  • Included
  • Not necessary because:
• Public documentation
  • TODO (before merge)
  • Cloudflare docs PR(s):
  • Not necessary because:

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4936034

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

A wrangler prerelease is available for testing. You can install this latest build in your project with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-wrangler-6273

You can reference the automatically updated head of this PR with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/6273/npm-package-wrangler-6273

Or you can use npx with this latest build directly:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-wrangler-6273 dev path/to/script.js

Additional artifacts:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-create-cloudflare-6273 --no-auto-update

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-cloudflare-kv-asset-handler-6273

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-miniflare-6273

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-cloudflare-pages-shared-6273

npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/9960376038/npm-package-cloudflare-vitest-pool-workers-6273

Note that these links will no longer work once the GitHub Actions artifact expires.

---

wrangler@3.65.0 includes the following runtime dependencies:

Package	Constraint	Resolved
miniflare	workspace:*	3.20240712.0
workerd	1.20240712.0	1.20240712.0
workerd --version	1.20240712.0	2024-07-12

Please ensure constraints are pinned, and miniflare/workerd minor versions match.

[irvinebroque]

@kentonv - any thoughts on just enabling this for everyone vs. needing to make it opt-in via some way of configuring Wrangler?

[kentonv]

I guess this is fine, given that "private" is already listed.

But I'm a little worried about the fact that we allow "private" here. This makes fetch() in test behave differently than in production, and also makes wrangler dev unsafe to expose to the internet (which hopefully people aren't doing anyway, but someone might).

The right way for people to point their worker at test backends running on localhost is to represent them as bindings. A binding can point anywhere, while still keeping global fetch() restricted to the internet. Plus then in production, you can have the binding point at a private origin server or Argo Tunnel or something. (We, uh, don't support all those options today in production, but we should.)

Similarly, the right way to support 240.0.0.0 would be via a binding. (workerd supports such bindings today -- you'd define a separate network binding with a different allow list.)

But this all requires a fair amount of user education. Maybe given we already list "private" here, the best thing to do for now is punt on this?

[irvinebroque]

Makes sense, think need to punt on that but I hear you about the "should be bindings" bit.

Think clearest path is to ship this as-is. We know that it solves the problem. No extra config.