build(deps-dev): bump @opennextjs/cloudflare from 1.19.7 to 1.19.11 in /web

[dependabot]

Bumps @opennextjs/cloudflare from 1.19.7 to 1.19.11.

Release notes

Sourced from @​opennextjs/cloudflare's releases.

@​opennextjs/cloudflare@​1.19.11

Patch Changes

• #1270 802047e Thanks @​alex-all3dp! - fix: skip non-upload-triggered worker versions when building skew-protection deployment mapping

  Worker versions created by metadata-only operations (e.g. Cloudflare API secret updates) do not include the static assets bundle. Previously, such versions could become the "latest" target in the skew-protection mapping, causing /_next/static/* requests to return 404 on past deployments. Versions are now filtered to those with workers/triggered_by in {upload, version_upload}.

  Closes #1230

@​opennextjs/cloudflare@​1.19.10

Patch Changes

• #1261 780dd4f Thanks @​vicb! - Allow populating R2 when the domain is protected by Cloudflare Access

  You need to:

  • create a "Service Auth" policy for "open-next-cache-populate..workers.dev"
  • add an "Include" rule for "Any Access Service Token" or for a given service token ("Service Token")
  • populate the env variables CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET

@​opennextjs/cloudflare@​1.19.9

Patch Changes

• #1259 3b35c6e Thanks @​vicb! - chore: bump Next.js to 15.5.18 / 16.2.6 and @​opennextjs/aws to 4.0.2

@​opennextjs/cloudflare@​1.19.8

Patch Changes

• #1256 9696cd0 Thanks @​vicb! - bump @opennextjs/aws to 4.0.1

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v4.0.1

Changelog

Sourced from @​opennextjs/cloudflare's changelog.

1.19.11

Patch Changes

• #1270 802047e Thanks @​alex-all3dp! - fix: skip non-upload-triggered worker versions when building skew-protection deployment mapping

  Worker versions created by metadata-only operations (e.g. Cloudflare API secret updates) do not include the static assets bundle. Previously, such versions could become the "latest" target in the skew-protection mapping, causing /_next/static/* requests to return 404 on past deployments. Versions are now filtered to those with workers/triggered_by in {upload, version_upload}.

  Closes #1230

1.19.10

Patch Changes

• #1261 780dd4f Thanks @​vicb! - Allow populating R2 when the domain is protected by Cloudflare Access

  You need to:

  • create a "Service Auth" policy for "open-next-cache-populate..workers.dev"
  • add an "Include" rule for "Any Access Service Token" or for a given service token ("Service Token")
  • populate the env variables CLOUDFLARE_ACCESS_CLIENT_ID and CLOUDFLARE_ACCESS_CLIENT_SECRET

1.19.9

Patch Changes

• #1259 3b35c6e Thanks @​vicb! - chore: bump Next.js to 15.5.18 / 16.2.6 and @​opennextjs/aws to 4.0.2

1.19.8

Patch Changes

• #1256 9696cd0 Thanks @​vicb! - bump @opennextjs/aws to 4.0.1

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v4.0.1

Commits

• 596f924 Version Packages (#1271)
• 802047e fix: skip non-upload-triggered worker versions in skew-protection (#1270)
• dd78941 docs: clarify Cloudflare Access setup in populate-cache comment (#1267)
• 49eade5 Version Packages (#1266)
• 780dd4f Allow populating R2 when the domain is protected by Cloudflare Access (#1261)
• f07200e Version Packages (#1260)
• 3b35c6e Bump Next.js (#1259)
• 8786774 Version Packages (#1257)
• 9696cd0 bump @opennextjs/aws to 4.0.1 (#1256)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[github-actions]

Thanks @dependabot[bot] for taking the time to contribute.

This repository is observing a maintainer-managed PR intake gate in dry-run mode, so this pull request is staying open. This note helps maintainers prepare the allowlist before any enforcement is considered.

Please read CONTRIBUTING.md for the expected contribution shape. A maintainer can grant recurring PR access by commenting /lgtm on a pull request.