Skip to content

Update dependency wrangler to v4.92.0#11514

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/wrangler-4.x-lockfile
May 17, 2026
Merged

Update dependency wrangler to v4.92.0#11514
renovate[bot] merged 1 commit into
mainfrom
renovate/wrangler-4.x-lockfile

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 15, 2026

This PR contains the following updates:

Package Change Age Confidence
wrangler (source) 4.90.14.92.0 age confidence

Release Notes

cloudflare/workers-sdk (wrangler)

v4.92.0

Compare Source

Minor Changes

  • #​13670 506aa02 Thanks @​elithrar! - Add wrangler artifacts commands for managing Artifacts repos and repo tokens.

    This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.

    The new commands support both human-readable output and --json output so they fit existing Wrangler automation patterns.

  • #​13916 be8a98c Thanks @​emily-shen! - Add --keep-vars flag to wrangler versions upload, matching the existing behavior in wrangler deploy. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.

Patch Changes

  • #​13926 19ed49a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260511.1 1.20260515.1

  • #​11471 3ff0a50 Thanks @​HW13! - Improve wrangler types --env-interface for multi-worker projects.

    Custom env interfaces generated by wrangler types no longer expand from Cloudflare.Env, avoiding some unintended type expansion when multiple workers' generated types are used together.

  • #​13910 bf688f7 Thanks @​timoconnellaus! - Fix Failed to fetch auth token: 401 Unauthorized from sibling-rotated refresh tokens

    refreshToken previously used the refresh token from module-level localState, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (~/Library/Preferences/.wrangler/config/default.toml on macOS). The long-lived process — typically wrangler dev — then sends its stale in-memory token on the next refresh and gets 401 Unauthorized from https://dash.cloudflare.com/oauth2/token, falling through to interactive login and timing out unattended.

    refreshToken now calls reinitialiseAuthTokens() before exchanging, picking up the latest refresh token written by any sibling process. The previously empty catch {} also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving.

  • #​13843 2e72c83 Thanks @​nzws! - Fix wrangler versions secret put/delete/bulk to preserve the existing version's placement settings

    When creating a new version via wrangler versions secret, the previous code only re-emitted a bare { mode: "smart" } placement when the API reported placement_mode === "smart", dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip.

  • #​13908 802eaf4 Thanks @​shiminshen! - fix: stop rewriting query strings that happen to contain the request Host

    wrangler dev previously rewrote occurrences of the outer host inside request.url's query string. For example, a request to ?echo=https%3A%2F%2Fdevelopment.test%2Fpath with Host: development.test would be seen by the user worker as ?echo=https%3A%2F%2Fproduction.test%2Fpath, silently mutating opaque application data such as redirect_uri values in OAuth flows.

    The proxy worker now sets the internal MF-Original-URL header after its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string.

  • #​13827 8f5cdb1 Thanks @​greyvugrin! - Fix multi-environment warning when CLOUDFLARE_ENV is set

    Commands that warn when multiple environments are configured but none is specified (e.g. wrangler deploy, wrangler secret put) were not accounting for the CLOUDFLARE_ENV environment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified via CLOUDFLARE_ENV.

  • Updated dependencies [19ed49a]:

    • miniflare@​4.20260515.0

v4.91.0

Compare Source

Minor Changes

  • #​13822 c8be316 Thanks @​edmundhung! - Add named tunnel support and tunnel shortcuts to wrangler dev

    You can now use wrangler dev --tunnel --tunnel-name <name> to start a dev session with an existing named Cloudflare Tunnel, or set --tunnel-name ahead of time and start it later by pressing t to start or close the tunnel. This gives you a stable public hostname for local development instead of the temporary trycloudflare.com URL used by Quick Tunnels.

Patch Changes

  • #​13848 d4794a8 Thanks @​MattieTK! - Condense repeated environment configuration warnings

    Wrangler now summarises repeated missing vars and define entries in environment configuration warnings. Experimental unsafe warnings are also only emitted once when the field appears at both the top level and in the active environment.

  • #​13894 58b4403 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260508.1 1.20260511.1

  • #​13780 4352f87 Thanks @​matingathani! - Normalize legacy instance type aliases (standardstandard-1, devlite) to prevent phantom EDIT diffs on every deploy

  • #​13834 a9e6741 Thanks @​matingathani! - fix: hotkeys now work with Caps Lock enabled

    Wrangler's dev server hotkeys (e.g. b to open browser and x to exit) did not respond when Caps Lock was enabled. These hotkeys now work consistently whether or not Caps Lock is on.

  • #​13750 da664d5 Thanks @​matingathani! - fix: automatically delete log files older than 30 days and add WRANGLER_WRITE_LOGS=false to disable disk logging

    Wrangler previously accumulated log files in ~/.wrangler/logs/ indefinitely, causing some users to accumulate gigabytes of logs over time.

    Log files older than 30 days are now automatically cleaned up on the first log write. Disk logging can be disabled entirely by setting WRANGLER_WRITE_LOGS=false.

  • #​13914 bdc398c Thanks @​Maximo-Guk! - preserve native shape of non-string vars in worker previews

    wrangler preview previously coerced every non-string entry in previews.vars (arrays, objects, numbers, booleans) into a plain_text binding via JSON.stringify, so at runtime the worker saw a literal string instead of the value declared in wrangler.jsonc. wrangler deploy already serializes non-string vars as json bindings so the Workers runtime parses them back into native JS values; previews now match.

    Before:

    // wrangler.jsonc — previews.vars
{ "ALLOWLIST": ["a@example.com", "b@example.com"] }
// runtime
typeof env.ALLOWLIST === "string" // true (was '["a@example.com","b@example.com"]')

    After:

    typeof env.ALLOWLIST === "object"; // Array.isArray(env.ALLOWLIST) === true

  • #​13778 1420f10 Thanks @​maxwellpeterson! - Propagate unsafe.bindings and service binding cross_account_grant to worker previews

    Worker previews now propagate unsafe.bindings declared on the previews config block to the deployment metadata, mirroring the deploy-time behavior. Without this, internal binding shapes that wrangler doesn't yet model (notably service bindings carrying cross_account_grant) were silently dropped on previews while working fine on regular deploys. The same change wires through cross_account_grant on typed services bindings.

  • Updated dependencies [58b4403, f781a2b]:

    • miniflare@​4.20260511.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch 5 times, most recently from 9c6000e to 1fe04d3 Compare May 16, 2026 16:51
@renovate renovate Bot force-pushed the renovate/wrangler-4.x-lockfile branch from 1fe04d3 to cee8c6f Compare May 16, 2026 20:50
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 16, 2026

Code Coverage Report: Only Changed Files listed

Package Base Coverage New Coverage Difference
app/javascript/BuiltInFormControls/AddFileModal.tsx 🔴 33.33% 🔴 0% 🔴 -33.33%
app/javascript/BuiltInFormControls/LiquidInput.tsx 🟠 60% 🟠 57.5% 🔴 -2.5%
Overall Coverage 🟢 53.08% 🟢 53.05% 🔴 -0.03%

Minimum allowed coverage is 0%, this run produced 53.05%

@renovate renovate Bot merged commit 3fedf73 into main May 17, 2026
17 checks passed
@renovate renovate Bot deleted the renovate/wrangler-4.x-lockfile branch May 17, 2026 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants