Skip to content

chore(deps): update dependency wrangler to v4.106.0#70

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/wrangler-4.x-lockfile
Open

chore(deps): update dependency wrangler to v4.106.0#70
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/wrangler-4.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented May 1, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
wrangler (source) 4.13.24.106.0 age confidence

Release Notes

cloudflare/workers-sdk (wrangler)

v4.106.0

Compare Source

Minor Changes
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add wrangler ai-search jobs commands for managing AI Search indexing jobs

    You can now list, trigger, inspect, cancel, and read the logs of indexing jobs for an AI Search instance:

    wrangler ai-search jobs list <instance>
    wrangler ai-search jobs create <instance> --description "manual reindex"
    wrangler ai-search jobs get <instance> <job-id>
    wrangler ai-search jobs cancel <instance> <job-id>
    wrangler ai-search jobs logs <instance> <job-id>
    

    All commands accept --namespace/-n (defaults to default). All commands except cancel also accept --json for clean machine-readable output.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add --source-jurisdiction to wrangler ai-search create for R2-backed instances

    R2 buckets can live in a specific jurisdiction (for example eu or fedramp). You can now point an AI Search instance at a bucket in one of those jurisdictions:

    wrangler ai-search create my-instance --type r2 --source my-bucket --source-jurisdiction eu

    When run interactively, the R2 source flow also prompts for a jurisdiction and lists (and can create) buckets within it. The value is a free-form string forwarded to the API as source_params.r2_jurisdiction (server-side validated); omit the flag for no specific jurisdiction. This AI Search command is in open beta.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add auth profiles for managing multiple OAuth logins

    Auth profiles let you maintain separate OAuth logins and bind them to directories, so you can switch between different accounts for different projects without having to re-login.

    For example:

    wrangler auth create work
    wrangler auth activate work ~/projects/work
    
    wrangler auth create personal
    wrangler auth activate personal ~/projects/personal

    New commands under wrangler auth:

    • wrangler auth create <name> — create or re-authenticate a named profile via OAuth
    • wrangler auth delete <name> — delete a profile and all its directory bindings
    • wrangler auth activate <name> [dir] — bind a profile to a directory (defaults to cwd). Sub-directories will inherit this profile.
    • wrangler auth deactivate [dir] — remove a directory binding
    • wrangler auth list — list all profiles and their corresponding directories

    There is also a new global --profile flag, which you can use to activate a profile for just that command run. Note that if you have CLOUDFLARE_API_TOKEN set, that will still take precedence over all profiles. Any account id settings (via CLOUDFLARE_ACCOUNT_ID or wrangler config) will also still be respected.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add --strict flag to wrangler versions upload and improve pre-upload safety checks

    wrangler versions upload now runs the same pre-upload checks as wrangler deploy:

    • When the Worker was last edited via the Cloudflare Dashboard, the local and remote configurations are diffed and you are warned only if the diff is destructive (previously, an unconditional warning was shown).
    • When local configuration values conflict with remote secrets, a warning is shown before proceeding.
    • When deploying workflows that belong to a different Worker, a warning is shown before proceeding.

    The new --strict flag (already available on wrangler deploy) causes wrangler versions upload to abort in non-interactive/CI environments when any of these conflicts are detected, instead of auto-continuing.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add D1 migration setup to createTestHarness() Worker handles

    Tests using createTestHarness() can now apply local D1 migrations before running requests:

    const worker = server.getWorker();
    
    beforeEach(async () => {
      await worker.applyD1Migrations("DATABASE");
    });
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add Workflow introspection to createTestHarness()

    Worker handles can now introspect Workflow bindings by name, allowing tests to disable sleeps, mock step results, and wait for Workflow outcomes. Tests can introspect a known Workflow instance by ID or track instances created after introspection starts.

    const harness = createTestHarness({
    	workers: [{ configPath: "./wrangler.json" }],
    });
    
    const worker = harness.getWorker();
    await using workflow = await worker.introspectWorkflow("MY_WORKFLOW");
    
    await workflow.modifyAll((modifier) =>
    	modifier.disableSleeps([{ name: "wait-for-approval" }])
    );
    
    const response = await worker.fetch("/start-workflow");
    const [instance] = await workflow.get();
    await instance.waitForStatus("complete");
  • #​14446 e0cc2cb Thanks @​edmundhung! - Add bindingOverrides and getExport() to createTestHarness()

    Test harness workers loaded from Wrangler config files can now replace a configured binding with a Worker in the same harness. This is useful for replacing platform bindings with test Workers while keeping the source Worker config production-like. You can also call getExport() on a Worker returned by server.getWorker(name) to access JSRPC methods on the default Worker export, including mock Workers used as override targets.

    const server = createTestHarness({
      workers: [
        {
          configPath: "./workers/app/wrangler.jsonc",
          bindingOverrides: { BROWSER: "mock-browser" },
        },
        {
          // A mock Worker implementing the Browser Rendering binding named "mock-browser".
          configPath: "./workers/mock-browser/wrangler.jsonc",
        },
      ],
    });
    
    const mockBrowser = await server
      .getWorker<WebEnv, typeof import("./workers/mock-browser")>("mock-browser")
      .getExport();
    await mockBrowser.setScreenshot(stubPng);
    
    const response = await server.fetch("/reports/2026-05-29.png");
    expect(await response.bytes()).toEqual(stubPng);
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve wrangler tail resilience and shutdown behaviour

    wrangler tail previously crashed with a raw stack trace when the keep-alive ping to the Worker timed out, and could exit with an ugly error on Ctrl-C.

    • Errors now flow through wrangler's usual error pipeline instead of escaping as uncaught exceptions.
    • The keep-alive timeout message now clearly explains what happened and no longer prints a stack trace.
    • When the tail connection drops unexpectedly, wrangler tail now automatically tries to reconnect with exponential back-off (up to 5 retries).
    • Ctrl-C now prints a short "Stopping tail..." message (in pretty mode), awaits the server-side tail deletion, and exits cleanly with code 0.
Patch Changes
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260625.1 1.20260629.1
  • #​14478 f10d4ad Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260629.1 1.20260630.1
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve the deploy warning shown when a Workflow name already belongs to another Worker

    The warning still notes that deploying reassigns the workflow to the current Worker, and now also explains why this happens (workflow names must be unique per account) and how to resolve it (rename the workflow in the Wrangler config).

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - use stream instead of deprecated pipeline key in pipelines setup config snippet

    The wrangler pipelines setup and wrangler pipelines create commands now output the correct stream property name in the configuration snippet, matching the rename from pipeline to stream that was applied across the rest of the codebase.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve KV error messages to be clearer and more actionable

    Error messages for KV namespace and key operations now consistently explain what went wrong, which flags or config fields to use, and what commands to run as alternatives. This covers namespace selection errors (delete, rename), binding resolution errors, config file issues, and preview namespace ambiguity.

  • #​14479 d292046 Thanks @​dario-piotrowicz! - Improve R2 error messages to be clearer and more actionable

    Error messages for r2 bucket lifecycle, r2 bucket lock, r2 bucket catalog, and r2 sql commands now include the specific flag or argument that is missing or invalid, along with usage examples showing the correct syntax.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve wrangler versions deploy error messages for non-interactive usage

    Error messages in wrangler versions deploy are now clearer and more actionable, especially for non-interactive and agent-driven usage. Each error now explains what went wrong, what was expected, and how to fix it (e.g. suggesting the correct flag or command syntax).

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Fix the remote secrets override check during deploy targeting the wrong Worker when --name is passed

    The check that warns when a config value would override an existing remote secret was using the Worker name from the config file rather than the resolved name. If you passed --name <other-worker>, the check ran against the config-file Worker name instead of the Worker actually being uploaded.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Abort in-flight custom builds when wrangler dev exits or restarts a build

    Previously, wrangler dev marked in-flight custom builds as stale but did not pass the abort signal to the spawned build command. This meant Ctrl-C could appear to hang while Wrangler waited for a custom build command to finish naturally. Custom build commands are now cancelled when the dev session tears down or a newer watched build supersedes them.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Replace existing bindings when adding newly created resources to Wrangler configuration

    When config updates are authorized interactively or through --update-config or --binding, Wrangler now replaces an existing resource binding with the selected name instead of adding a duplicate entry. This allows template bindings with placeholder resource IDs to be updated in both interactive and non-interactive workflows.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Verify Docker is installed and running before wrangler containers build

    Previously, running wrangler containers build without Docker installed or with the Docker daemon stopped would fail with an unhelpful spawn error. Now the command checks that Docker is reachable upfront and shows a clear, actionable error message with installation and troubleshooting steps.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add images as a valid --source for queues subscription create

    The Cloudflare Images service can emit events (e.g. image.uploaded) to a Cloudflare Queue via the event subscriptions API, and this is supported by both the REST API and the Cloudflare Dashboard. However, the wrangler CLI was missing images from the hardcoded --source choices list, causing the command to reject it with an "Invalid values" error.

    You can now subscribe a queue to Cloudflare Images events via the CLI:

    wrangler queues subscription create <queue> --source images --events image.uploaded
  • Updated dependencies [75d8cb0, f10d4ad, 75d8cb0, 75d8cb0]:

    • miniflare@​4.20260630.0

v4.105.0

Compare Source

Minor Changes
  • #​14311 34e0cef Thanks @​sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

    wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.

    • The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
    • The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
    • Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
    <path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key
Patch Changes
  • #​14424 5f40dd5 Thanks @​MattieTK! - Bump am-i-vibing from 0.4.0 to 0.5.0

    This updates the agentic environment detection library to the latest version, which adds detection for the Pi coding agent (earendil-works/pi).

  • #​14406 3b743c1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260623.1 1.20260625.1
  • #​14343 daa5389 Thanks @​th0m! - Use digest-pinned image references for Dockerfile container deploys

    Dockerfile-backed container deploys now use the pushed image digest when deploying the container application. This lets snapshot-enabled container apps pass Cloudchamber validation while keeping local, non-pushed builds and registry image URI deploys unchanged.

  • #​14394 8a5cf8c Thanks @​Partha-Shankar! - fix(d1): escape migrationsTableName and filenames in SQLite queries

    D1 migration commands in both wrangler and @cloudflare/vitest-pool-workers interpolated the migrationsTableName config value and migration filenames directly into SQL strings without any escaping. This meant:

    • A table name such as my"table would produce invalid SQL in CREATE TABLE, SELECT, and INSERT statements, and
    • A migration filename containing an apostrophe (e.g. what's-new.sql) would break the INSERT INTO ... VALUES ('...') statement appended after each migration in wrangler.

    Both identifiers are now properly escaped before interpolation: migrationsTableName is wrapped in double-quotes with internal double-quotes doubled (SQL-standard identifier quoting), and migration filenames used as string literals have their single-quotes doubled before insertion.

  • Updated dependencies [3b743c1]:

    • miniflare@​4.20260625.0

v4.104.0

Compare Source

Minor Changes
  • #​14369 e312dec Thanks @​edmundhung! - Add getEnv() to createTestHarness() Worker handles

    Tests can now access the full env object for a Worker with await server.getWorker<Env>().getEnv(), including vars, secrets, and bindings.

Patch Changes
  • #​14364 a085dec Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260617.1 1.20260619.1
  • #​14383 9a0de8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260619.1 1.20260621.1
  • #​14397 fab565f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260621.1 1.20260623.1
  • #​14388 3f02864 Thanks @​petebacondarwin! - Stop erroring when find_additional_modules discovers a file that only matches a inactive module rule

    Module rules assign module types to imported files — they are not include/exclude filters. Also, setting fallthrough: false in a rule will cause subsequent rules to become inactive. Previously, when find_additional_modules walked the filesystem and discovered a file whose only matching rule is inactive, Wrangler would throw an error and fail the build.

    This meant that adding a user rule like the one below would break the build for any .txt, .html, .sql, .bin or .wasm file that didn't match the user-supplied globs but lived somewhere under the module root:

    // wrangler.json
    {
      "rules": [
        {
          "type": "Text",
          "globs": ["html/includeme.html"],
          "fallthrough": false
        }
      ]
    }

    Discovered files that only match an inactive rule are now silently skipped (a debug-level log records each skip for troubleshooting), so users can use fallthrough: false to narrow the set of files attached to their Worker without having to delete or move untouched files on disk.

    The direct-import path is unchanged: importing a file in code that only matches an inactive rule is still a hard error, because the imported file genuinely needs a defined module type.

    Fixes #​14257.

  • #​14358 4ef872f Thanks @​gabivlj! - Fix container egress interception on arm64 Docker runtimes

    Both wrangler dev and the Cloudflare Vite plugin no longer force the proxy-everything sidecar image to pull as linux/amd64, allowing Docker to select the native image from the multi-platform manifest. Set MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM to force a specific platform when needed.

  • #​14362 2a02858 Thanks @​sherryliu-lsy! - Don't require the private credential when reusing an existing Secrets Store secret in containers registries configure

    wrangler containers registries configure now checks whether the target Secrets Store secret already exists before resolving the private credential. When the secret already exists it is reused by reference, so the private credential no longer needs to be supplied (via stdin in non-interactive mode, or via a prompt interactively). This applies to all external registries.

    The new-secret path is unchanged: the credential is still required and stored. The only visible interactive change is that the secret prompt now appears last and only when a new secret is being created.

  • Updated dependencies [a085dec, 9a0de8f, fab565f]:

    • miniflare@​4.20260623.0

v4.103.0

Compare Source

Minor Changes
  • #​14295 cfd6205 Thanks @​dario-piotrowicz! - Move unstable_getWorkerNameFromProject from wrangler to @cloudflare/workers-utils

    The unstable_getWorkerNameFromProject export has been removed from the wrangler package. This function is now available as getWorkerNameFromProject (without the unstable_ prefix) from @cloudflare/workers-utils. If you were importing this function from wrangler, update your import to use @cloudflare/workers-utils instead.

  • #​14295 cfd6205 Thanks @​dario-piotrowicz! - Remove experimental autoconfig exports

    The experimental autoconfig exports (experimental_getDetailsForAutoConfig, experimental_runAutoConfig, experimental_AutoConfigFramework) have been removed. This logic has been moved to the @cloudflare/autoconfig package (without the experimental_ prefixes since the package itself is pre-v1).

Patch Changes
  • #​14366 c6579d3 Thanks @​jamesopstad! - Resolve relative cf-worker entrypoint imports relative to the importing module

    When loading the experimental cloudflare.config.ts, a relative entrypoint imported with import ... with { type: "cf-worker" } (e.g. ./src/index.ts) is now anchored to the module where the import is written, rather than being passed through verbatim and later resolved against the top-level config file. This fixes incorrect resolution when the import lives in a file other than the entry config — for example a config that re-exports from a nested file.

    Bare specifiers (such as @scope/pkg) and virtual modules (such as virtual:foo) are still left unresolved so that consumers can apply their own resolution.

  • #​14316 444b75e Thanks @​matingathani! - Prevent wrangler dev crash when source-mapping a truncated error chunk

    When a worker logs many errors in quick succession, the stderr chunks received by wrangler dev can be truncated mid-stack-frame, leaving a call site with an invalid column number. The source map library throws in that case, which was crashing the wrangler process entirely. The error is now caught and the original (un-source-mapped) text is returned instead.

  • #​14118 b38823f Thanks @​aicayzer! - Fix Uint8Array step outputs in local Workflows being persisted with the full backing ArrayBuffer

    A Uint8Array returned from a Workflows step under wrangler dev was serialised together with its full underlying ArrayBuffer, causing a raw SQLITE_TOOBIG error at view sizes well below the documented 1MiB step-output limit. For example, a 200KB view sliced from an 800KB buffer (a common pattern from crypto.getRandomValues or arr.slice(...) on a larger pool) would fail. The view's bytes are now copied to a tight buffer before persistence, bringing local behaviour in line with production. Fixes #​14101.

  • Updated dependencies [b38823f]:

    • miniflare@​4.20260617.1

v4.102.0

Compare Source

Minor Changes
  • #​14340 f6e49dd Thanks @​emily-shen! - Add cf-wrangler build delegate support

    The experimental cf-wrangler delegate binary now accepts build and emits the Build Output API directory through Wrangler's new-config build path. This lets parent tools invoke Wrangler's build-output implementation with cf-wrangler build instead of shelling out through the public Wrangler CLI.

  • #​14324 36777db Thanks @​jamesopstad! - Add experimental --experimental-cf-build-output flag to wrangler build

    When used alongside --experimental-new-config, wrangler build now emits a self-contained Build Output API directory under .cloudflare/output/v0/ instead of delegating to wrangler deploy --dry-run.

Patch Changes
  • #​14347 673b09e Thanks @​jamesopstad! - Update undici from 7.24.8 to 7.28.0

  • #​14346 e930bd4 Thanks @​haidargit! - Bump ws from 8.20.1 to 8.21.0 to address GHSA-96hv-2xvq-fx4p

    GHSA-96hv-2xvq-fx4p / CVE-2026-48779 (high severity) reports a remote memory-exhaustion DoS in ws@<8.21.0: a peer sending a high volume of tiny fragments and data chunks over modest network traffic can crash a ws server or client via OOM. The fix shipped in ws@8.21.0 (commit 2b2abd45, released 2026-05-22), which also introduces the maxBufferedChunks and maxFragments options. This change bumps the workspace catalog entry so that miniflare, wrangler, and @cloudflare/vite-plugin all pick up the patched release.

  • #​14314 5c3bb11 Thanks @​harryzcy! - Bump esbuild to 0.28.1

    This update includes several bug fixes from esbuild versions 0.27.3 through 0.28.1. See the esbuild changelog for details.

  • #​14331 296ad65 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260616.1 1.20260617.1
  • #​14275 594544d Thanks @​alsuren! - Resolve auto-provisioned D1 bindings via the API in remote subcommands

    Remote D1 subcommands (d1 execute --remote, d1 export --remote, d1 info, d1 insights, d1 delete, d1 migrations apply --remote, d1 migrations list --remote, d1 time-travel) previously failed with:

    Found a database with name or binding DB but it is missing a database_id, which is needed for operations on remote resources.

    when the [[d1_databases]] config entry only had binding and database_name (the shape wrangler deploy writes for automatically-provisioned bindings). They now resolve the real database UUID via GET /accounts/:accountId/d1/database/:name?fields=uuid and proceed as if database_id had been set in config.

    If the config entry only has a binding (no database_name, no database_id), the lookup uses the same name wrangler deploy would create via auto provisioning (<worker name>-<binding-lowercased-with-dashes>).

    Non-404 API failures (auth, rate-limit, server errors) now propagate verbatim instead of being masked as "database not found".

  • #​14315 a79b899 Thanks @​matingathani! - Respect find_additional_modules = false when no_bundle is set

    When using no_bundle = true, wrangler was always scanning for and attaching additional modules even if find_additional_modules was explicitly set to false in the config. Additional modules are now only collected when find_additional_modules is not false, consistent with the bundled code path.

  • #​14269 5dfb788 Thanks @​mattjohnsonpint! - Support dev.plugin on typed services bindings

    Wrangler only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a "directly supported by wrangler" warning. Typed services bindings now accept the same dev: { plugin, options? } shape, route the binding through Miniflare's external-plugin pathway in wrangler dev, and strip the field at deploy time. Validation rejects malformed dev shapes.

  • #​14328 ca61558 Thanks @​edevil! - Mention temporary preview accounts in wrangler whoami output when unauthenticated

    When you run wrangler whoami without being logged in, Wrangler now also tells you that you can deploy without logging in by running a command like wrangler deploy --temporary to use a temporary preview account.

  • Updated dependencies [673b09e, e930bd4, 5c3bb11, 296ad65]:

    • miniflare@​4.20260617.0

v4.101.0

Compare Source

Minor Changes
  • #​14276 32f9307 Thanks @​dario-piotrowicz! - Graduate autoconfig from experimental to stable

    The --experimental-autoconfig and --x-autoconfig deploy CLI flags have been replaced with --autoconfig.

    Note that the --autoconfig flag defaults to true and that it can be used to disable Wrangler's auto-configuration logic by setting it to false via --autoconfig=false or --no-autoconfig

  • #​14287 41f391f Thanks @​edmundhung! - Add per-Worker resource accessors to createTestHarness()

    createTestHarness() now provides methods for accessing configured KV namespaces, R2 buckets, D1 databases, and Durable Object namespaces. Use server.getWorker(name) to access resources scoped to that specific Worker:

    const worker = server.getWorker("api-worker");
    const bucket = await worker.getR2Bucket("BUCKET");
    const db = await worker.getD1Database("DB");
  • #​14264 21dbc12 Thanks @​dario-piotrowicz! - Suggest Cloudflare skills installation after commands instead of before

    The automatic prompt to install Cloudflare skills for detected AI coding agents no longer runs before every Wrangler command. Instead, Wrangler now suggests installing skills, when appropriate, after some commands complete successfully. Commands that output JSON suppress the suggestion to keep their output clean. The --install-skills flag remains available on all commands to explicitly run the skills installation flow before the command executes, without prompting.

    As before, Wrangler asks the skills installation question at most once. The skills install metadata file is now written before the confirmation prompt is shown, so even if the user interrupts the process (e.g. CTRL+C, closing the terminal) during the prompt, the question is recorded as unanswered and will not reappear on subsequent runs.

  • #​14042 7e63948 Thanks @​edevil! - Add a --temporary flag that creates and uses a temporary Cloudflare preview account when you have no credentials, instead of starting the OAuth login flow.

    It's registered only on the commands the short-lived account token can serve — Workers (deploy, versions upload, and related commands), KV, D1, Hyperdrive, Queues, and certificate commands — and is for unauthenticated use only: passing it while already authenticated (OAuth, CLOUDFLARE_API_TOKEN, or a global API key) errors rather than silently ignoring the flag. Before provisioning, Wrangler handles Cloudflare's Terms of Service and Privacy Policy (interactive terminals prompt for yes; non-interactive shells print a notice and continue). Wrangler then runs with the short-lived token and prints a claim URL so the account can be claimed before it expires. The cached account is cleared on successful login or logout.

  • #​14299 035917f Thanks @​petebacondarwin! - Send the login user telemetry event when wrangler login --scopes ... succeeds

    wrangler login was already reporting the login user event when called without --scopes, but the scoped login path returned early before the event could be sent. Both paths now report the event, so successful scoped logins are counted alongside unscoped ones.

Patch Changes
  • #​14271 27db82c Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260611.1 1.20260612.1
  • #​14298 2a6a26b Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260612.1 1.20260615.1
  • #​14317 9a424ed Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260615.1 1.20260616.1
  • #​14282 ecfdd5a Thanks @​edmundhung! - Fix wrangler dev asset fallback with custom routes

    wrangler dev now applies Workers Assets fallback behavior consistently when routes are configured, including SPA fallback and 404-page handling.

  • #​13763 604be26 Thanks @​matingathani! - Show a clear error when deploying a service-worker format Worker with Durable Object migrations or bindings instead of an opaque API error

  • #​14240 1fb7ba5 Thanks @​ttoino! - Fix wrangler email sending commands

    The email sending commands previously failed against the Cloudflare API. They now work as expected:

    • email sending enable <domain> enables Email Sending for a domain
    • email sending disable <domain> disables Email Sending for a domain
    • email sending settings <domain> shows the Email Sending configuration for a domain
    • email sending dns get <domain> shows the DNS records to set up for a domain
    • email sending list previously listed zones. It now lists the domains that have Email Sending enabled — every enabled domain across your account by default, or just those under a specific domain when you pass a domain (or --zone-id).
  • #​13838 208b3bb Thanks @​matingathani! - Fix unhandled promise rejection when the worker entry point is deleted or moved during wrangler dev hot-reload — now logs a warning and skips the update instead of crashing

  • #​14241 8b2ce41 Thanks @​dario-piotrowicz! - Improve error messages for CLI flags, type generation, auth scopes, dev server tunnels, and compatibility flags

    Error messages across several areas now name the exact flags or values involved and suggest how to fix the problem:

    • KV commands (kv key put, kv key get, kv key delete): error messages now include -- prefixes and clear "Missing required option" / "Conflicting options" phrasing instead of the vague "Exactly one of the arguments ... is required".
    • wrangler types --include-env=false --include-runtime=false: the error now names both flags and explains what each does.
    • wrangler login --scopes: invalid scopes are individually identified instead of dumping the entire array.
    • wrangler dev --tunnel --remote: the error now explains why tunnels require local mode and suggests two concrete fixes.
    • Conflicting compatibility flags (nodejs_compat_populate_process_env / nodejs_compat_do_not_populate_process_env, global_navigator / no_global_navigator): errors now name the specific conflicting flags.
  • #​14228 3578919 Thanks @​dario-piotrowicz! - Improve Hyperdrive error messages for missing required options

    Error messages thrown when creating or updating a Hyperdrive config with missing individual parameters (e.g. --origin-host, --origin-port, --database, --origin-user, --origin-password, --origin-scheme, --access-client-id/--access-client-secret) now clearly state which option is missing, provide a usage example, and suggest --connection-string as an alternative where applicable.

  • #​14304 ee82c76 Thanks @​emily-shen! - Skip resource provisioning for asset-only deployments

    Previously, asset-only deployments would provision resources even when there was no user Worker script. On a subsequent deploy, we would re-attempt provisioning as the previous asset-only upload would/could not be bound to the previously provisioned resource. Provisioning would then error as the resource had already been created, blocking the deploy.

  • Updated dependencies [0e055d3, 27db82c, 2a6a26b, 9a424ed, 41f391f]:

    • miniflare@​4.20260616.0

v4.100.0

Compare Source

Minor Changes
  • #​14119 2047a32 Thanks @​tahmid-23! - Serve local R2 bucket objects publicly via the dev server

    When running wrangler dev locally, objects in each local R2 binding are now reachable under /cdn-cgi/local/r2/public/<bucket-id>/<key> on the existing dev server, simulating a public bucket. The <bucket-id> is the bucket's bucket_name when set, otherwise its binding. Bindings configured with remote: true are not exposed.

  • #​14202 e8561c2 Thanks @​jamesopstad! - Add experimental --x-new-config flag for authoring config in TypeScript

    This is an experimental, opt-in feature. When enabled, wrangler dev, wrangler build, wrangler deploy, wrangler versions upload, and wrangler versions deploy load the Worker's configuration from a cloudflare.config.ts file instead of wrangler.json / wrangler.jsonc / wrangler.toml. Additionally, an optional wrangler.config.ts file can be provided for Wrangler-specific dev/build configuration.

    • cloudflare.config.ts (required) — Worker runtime configuration (bindings, triggers, observability, placement, limits, compatibility, routes, etc.). Authored via defineWorker from wrangler/experimental-config.
    • wrangler.config.ts (optional) — Tooling / bundling / dev-server configuration (noBundle, minify, alias, define, rules, tsconfig, build, dev, assetsDirectory, etc.). Authored via defineWranglerConfig from wrangler/experimental-config.

    Per-environment configuration is via ctx.mode branching inside the function form of either file.

    Example cloudflare.config.ts:

    import { defineWorker, bindings } from "wrangler/experimental-config";
    import * as entrypoint from "./src/index.ts" with { type: "cf-worker" };
    
    export default defineWorker((ctx) => ({
    	name: "my-worker",
    	entrypoint,
    	compatibilityDate: "2026-05-18",
    	env: {
    		MY_KV: bindings.kv(),
    		MY_TEXT: bindings.text(`The mode is ${ctx.mode}`),
    	},
    }));

    Example wrangler.config.ts:

    import { defineWranglerConfig } from "wrangler/experimental-config";
    
    export default defineWranglerConfig({
      minify: true,
      assetsDirectory: "./public",
    });

    Because this is experimental, the flag, the config formats, and the wrangler/experimental-config exports may change in any release.

Patch Changes
  • #​14185 98c9afe Thanks @​penalosa! - Use the shared env-credential resolver from @cloudflare/workers-auth

    No user-facing behaviour change. Credential resolution order (global API key + email → CLOUDFLARE_API_TOKEN → stored OAuth token) is preserved.

  • #​14184 e305126 Thanks @​penalosa! - Add an experimental cf-wrangler delegate entrypoint for projects that can't use @cloudflare/vite-plugin (service workers, old compatibility dates, Python, Rust, etc.).

    cf-wrangler dev starts the same local dev server as wrangler dev — it sits directly on wrangler's internal dev server, so the bundling and runtime behaviour are identical — but exposes a deliberately narrow CLI surface (--mode, --port, --host, --local) for a parent CLI to delegate to, and other dev server config options are read from the wrangler config file.

    This replaces the separate @cloudflare/wrangler-bundler package. This is an internal integration point and is not intended to be run directly by users.

  • #​14246 f3990b2 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260609.1 1.20260610.1
  • [#​14

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot

changeset-bot Bot commented May 1, 2025

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: ccda8ba

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 6883d62 to dfb42b4 Compare May 6, 2025 15:06
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.1 chore(deps): update dependency wrangler to v4.14.2 May 6, 2025
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.2 chore(deps): update dependency wrangler to v4.14.1 May 6, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch 2 times, most recently from 07ab307 to fdf8eb4 Compare May 7, 2025 15:07
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.1 chore(deps): update dependency wrangler to v4.14.3 May 7, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from fdf8eb4 to c7fa805 Compare May 8, 2025 09:37
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.3 chore(deps): update dependency wrangler to v4.14.4 May 8, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from c7fa805 to 19cd2da Compare May 13, 2025 15:56
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.4 chore(deps): update dependency wrangler to v4.15.0 May 13, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 19cd2da to 2eb3051 Compare May 14, 2025 01:15
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.15.0 chore(deps): update dependency wrangler to v4.14.4 May 14, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 2eb3051 to 59f3655 Compare May 17, 2025 23:30
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.14.4 chore(deps): update dependency wrangler to v4.15.2 May 17, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch 2 times, most recently from 13d053a to bd81bc6 Compare May 20, 2025 14:03
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.15.2 chore(deps): update dependency wrangler to v4.16.0 May 20, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from bd81bc6 to f3b7e5b Compare May 22, 2025 10:16
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.16.0 chore(deps): update dependency wrangler to v4.16.1 May 22, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from f3b7e5b to bc5c3eb Compare May 27, 2025 14:55
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.16.1 chore(deps): update dependency wrangler to v4.17.0 May 27, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch 2 times, most recently from 42e5ac9 to f6e0c02 Compare May 29, 2025 16:38
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.17.0 chore(deps): update dependency wrangler to v4.18.0 May 29, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from f6e0c02 to 7778367 Compare June 3, 2025 13:02
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.18.0 chore(deps): update dependency wrangler to v4.19.0 Jun 3, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 7778367 to b21c588 Compare June 3, 2025 19:39
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.19.0 chore(deps): update dependency wrangler to v4.18.0 Jun 3, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from b21c588 to 96b6dd2 Compare June 3, 2025 23:05
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 24b574a to cef1fa2 Compare June 20, 2025 22:04
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.20.3 chore(deps): update dependency wrangler to v4.20.5 Jun 20, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from cef1fa2 to 43731ef Compare June 23, 2025 21:05
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.20.5 chore(deps): update dependency wrangler to v4.21.0 Jun 23, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 43731ef to 8fbeb9d Compare June 24, 2025 21:33
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.21.0 chore(deps): update dependency wrangler to v4.21.1 Jun 24, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 8fbeb9d to da8146a Compare June 25, 2025 04:52
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.21.1 chore(deps): update dependency wrangler to v4.21.2 Jun 25, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from da8146a to d702d42 Compare June 26, 2025 15:05
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.21.2 chore(deps): update dependency wrangler to v4.22.0 Jun 26, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch 2 times, most recently from f6ffd21 to fcc45e5 Compare July 3, 2025 09:08
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.22.0 chore(deps): update dependency wrangler to v4.23.0 Jul 3, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from fcc45e5 to 4fa7197 Compare July 8, 2025 15:34
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.23.0 chore(deps): update dependency wrangler to v4.24.0 Jul 8, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 4fa7197 to bbffdb0 Compare July 10, 2025 15:28
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.24.0 chore(deps): update dependency wrangler to v4.24.2 Jul 10, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from bbffdb0 to 087007a Compare July 10, 2025 21:12
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.24.2 chore(deps): update dependency wrangler to v4.24.3 Jul 10, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 087007a to c932b66 Compare July 16, 2025 19:10
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.24.3 chore(deps): update dependency wrangler to v4.24.4 Jul 16, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from c932b66 to 2cc8940 Compare July 17, 2025 17:56
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.24.4 chore(deps): update dependency wrangler to v4.25.0 Jul 17, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 2cc8940 to 9d200b8 Compare July 22, 2025 16:44
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.25.0 chore(deps): update dependency wrangler to v4.25.1 Jul 22, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 9d200b8 to e24adf3 Compare July 24, 2025 18:11
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.25.1 chore(deps): update dependency wrangler to v4.26.0 Jul 24, 2025
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from e24adf3 to fb748d8 Compare July 29, 2025 13:49
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to v4.26.0 chore(deps): update dependency wrangler to v4.26.1 Jul 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants