chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp

[dependabot]

Bumps agents from 0.2.32 to 0.3.10.

Release notes

Sourced from agents's releases.

agents@0.3.10

Patch Changes

• #839 68916bf Thanks @​whoiskatrin! - Invalidate query cache on disconnect to fix stale auth tokens

• #841 3f490d0 Thanks @​mattzcarey! - Escape authError to prevent XSS attacks and store it in the connection state to avoid needing script tags to display error.

• Updated dependencies [83f137f]:

  • @​cloudflare/ai-chat@​0.0.6

agents@0.3.9

Patch Changes

• #837 b11b9dd Thanks @​threepointone! - Fix AgentWorkflow run() method not being called in production

  The run() method wrapper was being set as an instance property in the constructor, but Cloudflare's RPC system invokes methods from the prototype chain. This caused the initialization wrapper to be bypassed in production, resulting in _initAgent never being called.

  Changed to wrap the subclass prototype's run method directly with proper safeguards:

  • Uses Object.hasOwn() to only wrap prototypes that define their own run method (prevents double-wrapping inherited methods)
  • Uses a WeakSet to track wrapped prototypes (prevents re-wrapping on subsequent instantiations)
  • Uses an instance-level __agentInitCalled flag to prevent double initialization if super.run() is called from a subclass

agents@0.3.8

Patch Changes

• #833 6c80022 Thanks @​tarushnagpal! - On invalid OAuth state, clear auth_url in storage and set the MCP connection state to FAILED ready for reconnection.

• #834 2b4aecd Thanks @​threepointone! - Fix AgentClient.close() to immediately reject pending RPC calls instead of waiting for WebSocket close handshake timeout.

  Previously, calling client.close() would not reject pending RPC calls until the WebSocket close handshake completed (which could take 15+ seconds in some environments). Now pending calls are rejected immediately when close() is called, providing faster feedback on intentional disconnects.

agents@0.3.7 Release Notes

This release introduces Cloudflare Workflows integration for durable multi-step processing, secure email reply routing with HMAC-SHA256 signatures, 15+ new documentation files, and significant improvements to state management, the callable RPC system, and scheduling.

agents@0.3.6

Patch Changes

• #786 395f461 Thanks @​deathbyknowledge! - fix: allow callable methods to return this.state

• #783 f27e62c Thanks @​Muhammad-Bin-Ali! - fix saving initialize params for stateless MCP server (effects eliciations and other optional features)

• Updated dependencies [93c613e]:

  • @​cloudflare/codemode@​0.0.5

agents@0.3.5

Patch Changes

• #752 473e53c Thanks @​mattzcarey! - bump mcp sdk version to 1.25.2. changes error handling for not found see: cloudflare/agents#752

... (truncated)

Changelog

Sourced from agents's changelog.

0.3.10

Patch Changes

• #839 68916bf Thanks @​whoiskatrin! - Invalidate query cache on disconnect to fix stale auth tokens

• #841 3f490d0 Thanks @​mattzcarey! - Escape authError to prevent XSS attacks and store it in the connection state to avoid needing script tags to display error.

• Updated dependencies [83f137f]:

  • @​cloudflare/ai-chat@​0.0.6

0.3.9

Patch Changes

• #837 b11b9dd Thanks @​threepointone! - Fix AgentWorkflow run() method not being called in production

  The run() method wrapper was being set as an instance property in the constructor, but Cloudflare's RPC system invokes methods from the prototype chain. This caused the initialization wrapper to be bypassed in production, resulting in _initAgent never being called.

  Changed to wrap the subclass prototype's run method directly with proper safeguards:

  • Uses Object.hasOwn() to only wrap prototypes that define their own run method (prevents double-wrapping inherited methods)
  • Uses a WeakSet to track wrapped prototypes (prevents re-wrapping on subsequent instantiations)
  • Uses an instance-level __agentInitCalled flag to prevent double initialization if super.run() is called from a subclass

0.3.8

Patch Changes

• #833 6c80022 Thanks @​tarushnagpal! - On invalid OAuth state, clear auth_url in storage and set the MCP connection state to FAILED ready for reconnection.

• #834 2b4aecd Thanks @​threepointone! - Fix AgentClient.close() to immediately reject pending RPC calls instead of waiting for WebSocket close handshake timeout.

  Previously, calling client.close() would not reject pending RPC calls until the WebSocket close handshake completed (which could take 15+ seconds in some environments). Now pending calls are rejected immediately when close() is called, providing faster feedback on intentional disconnects.

0.3.7

agents@0.3.7 Release Notes

This release introduces Cloudflare Workflows integration for durable multi-step processing, secure email reply routing with HMAC-SHA256 signatures, 15+ new documentation files, and significant improvements to state management, the callable RPC system, and scheduling.

Highlights

• Workflows Integration - Seamless integration between Cloudflare Agents and Cloudflare Workflows for durable, multi-step background processing
• Secure Email Routing - HMAC-SHA256 signed email headers prevent unauthorized routing of emails to agent instances
• Comprehensive Documentation - 15+ new docs covering getting started, state, routing, HTTP/WebSocket lifecycle, callable methods, MCP, and scheduling
• Synchronous setState() - State updates are now synchronous with a new validateStateChange() validation hook
• scheduleEvery() Method - Fixed-interval recurring tasks with overlap prevention
• Callable System Improvements - Client-side RPC timeouts, streaming error signaling, introspection API
• 100+ New Tests - Comprehensive test coverage across state, routing, callable, and email utilities

... (truncated)

Commits

• 069c584 Version Packages (#840)
• 3f490d0 fix: escape html in external oauth error message (#841)
• 68916bf Invalidate query cache on disconnect to fix stale auth tokens (#839)
• e69eae5 Version Packages (#838)
• b11b9dd Fix AgentWorkflow run() method not being called in production (#837)
• 72b4406 Version Packages (#835)
• 6c80022 Handle invalid OAUth state (#833)
• 2b4aecd Fix slow RPC rejection on close; add browser integration tests (#834)
• 9647577 Version Packages (#802)
• 6218541 docs/tests/enhancements (#812)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.