Skip to content

chore(deps): update dependency wrangler to ^4.110.0#2399

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/wrangler-4.x
Open

chore(deps): update dependency wrangler to ^4.110.0#2399
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/wrangler-4.x

Conversation

@renovate

@renovate renovate Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
wrangler (source) ^4.107.0^4.110.0 age confidence

Release Notes

cloudflare/workers-sdk (wrangler)

v4.110.0

Compare Source

Minor Changes
  • #​14591 0283a1f Thanks @​dario-piotrowicz! - Send npm package dependency metadata with worker uploads

    Wrangler now collects npm package dependency information from the project's package.json at deploy and version upload time, and includes it in the upload metadata sent to the Cloudflare API. This enables dependency analytics and future features like vulnerability alerting.

    The collected data includes the package name, the version constraint from package.json, and the exact installed version from node_modules. Both dependencies and devDependencies are included, while workspace packages, local packages, and unresolvable packages are excluded. The list is capped at 200 entries per upload.

    To opt out, set dependencies_instrumentation.enabled to false in your Wrangler configuration file:

    {
      "dependencies_instrumentation": {
        "enabled": false
      }
    }
  • #​14535 1b965c5 Thanks @​Naapperas! - Support dynamic retry delays for Workflow steps in local dev

    A step's retries.delay can now be a function that computes the delay per failed attempt, in addition to a static duration. The function receives { ctx, error } and returns a delay (a number of milliseconds or a duration string like "30 seconds"), and its result is fed into the configured backoff.

    await step.do(
      "call flaky API",
      {
        retries: {
          limit: 5,
          backoff: "constant",
          delay: ({ ctx }) => ctx.attempt * 1000,
        },
      },
      async () => {
        /* ... */
      }
    );

    The function is invoked once per failed attempt with a 5 second timeout. If it throws, times out, or returns an invalid value, the step fails without further retries.

Patch Changes
  • #​14589 7b28392 Thanks @​jamesopstad! - Fix runtime type caching when wrangler dev auto-regenerates types

    When dev.generate_types (or wrangler dev --types) regenerated an out-of-date worker-configuration.d.ts, the written file omitted the // Begin runtime types marker (and the /* eslint-disable */ header) that wrangler types writes. As a result, later runs could not detect the cached runtime types and always regenerated them. The auto-regenerated file now matches wrangler types output, restoring the cache.

  • Updated dependencies [1b965c5]:

    • miniflare@​4.20260708.1

v4.109.0

Compare Source

Minor Changes
  • #​14489 e3f0cd6 Thanks @​edmundhung! - Add listDurableObjectIds() to createTestHarness Worker handles

    Tests using createTestHarness can now list persisted Durable Object instance IDs for a Durable Object binding. This helps integration tests discover objects created by app behavior without adding test-only endpoints.

  • #​14465 2fedb1f Thanks @​vaishnav-mk! - Add rollback support when terminating Workflow instances

    WorkflowInstance.terminate({ rollback: true }) now runs registered rollback handlers before marking a local Workflow instance as terminated. Wrangler also supports this via wrangler workflows instances terminate --rollback, including local mode.

    The rollback option is only sent for terminate operations and is rejected by the Local Explorer API for pause, resume, and restart actions.

  • #​14511 17d2fc1 Thanks @​juleslemee! - Add wrangler turnstile widget commands for managing Turnstile widgets

    You can now create, list, inspect, update, and delete Turnstile widgets from the CLI:

    wrangler turnstile widget create <name> --domain example.com --mode managed
    wrangler turnstile widget list
    wrangler turnstile widget get <sitekey>
    wrangler turnstile widget update <sitekey> --name "Renamed"
    wrangler turnstile widget delete <sitekey>
    

    All five subcommands accept --json for machine-readable output (get prints a formatted view by default; the rest print a short human summary). --domain accepts comma-separated values, e.g. --domain a.com,b.com. delete --json requires --skip-confirmation/-y to keep output pipeable.

    create prints the sitekey, the secret, and the canonical challenges.cloudflare.com/turnstile/v0/siteverify endpoint for backend verification. The hint is backend-agnostic; it doesn't assume Workers. The secret is redacted from list and update output but remains available via get for retrieval later. delete prompts for confirmation; pass --skip-confirmation/-y to bypass.

    The OAuth flow now requests the challenge-widgets.write scope (the existing Bach-derived scope for Turnstile widget CRUD). Existing OAuth sessions need to run wrangler login again to pick it up. API token users need a token with the Account.Turnstile:Edit permission.

Patch Changes
  • #​14596 8511ddf Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260706.1 1.20260708.1
    @​cloudflare/workers-types ^5.20260706.1 ^5.20260708.1
  • #​14604 9f74a5f Thanks @​vaishnav-mk! - Improve the deploy error for cron-triggered Workflows on free plans

    Wrangler now explains that Workflow schedules require a paid Workers plan instead of showing only the generic Workflows API request failure.

  • #​14616 c782e2a Thanks @​penalosa! - Fix wrangler deploy aborting in CI for autoconfigured projects

    A recent change guarded non-interactive deploys against overwriting a same-named Worker whenever there was no config file naming it. This was too broad: a plain wrangler deploy run in CI without a config file (for example an autoconfigured project whose generated config PR has not been merged) would fail with "A Worker named ... already exists in your account", even though re-deploying to that Worker is the intended behaviour.

    The guard is now limited to the Pages-to-Workers delegation, where the target name is a Pages project name that must not clobber an unrelated Worker. Plain deploys once again deploy normally.

  • Updated dependencies [e3f0cd6, 8511ddf, 2fedb1f]:

    • miniflare@​4.20260708.0

v4.108.0

Compare Source

Minor Changes
  • #​14312 54f74b8 Thanks @​MattieTK! - Delegate agent-driven static Pages deploys to Workers

    When wrangler pages deploy or wrangler pages project create is run by an AI coding agent against a brand-new, purely static project, Wrangler now delegates it to Workers static assets (using autoconfig) instead of Cloudflare Pages. Accounts that already have Cloudflare Pages projects, non-agent (human) sessions, and projects using Pages features that can't be carried across to Workers (Pages Functions, a _worker.js, or a _routes.json file) are unaffected and continue to use Pages. Passing --force to either command opts out of the delegation and deploys to Pages directly. Once the Workers deploy starts it is not silently swapped back to Pages: if it fails, the error is surfaced and the --force opt-out is suggested.

Patch Changes
  • #​14567 0852346 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler", "create-cloudflare"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260702.1 1.20260706.1
    @​cloudflare/workers-types 4.20260702.1 5.20260706.1
  • #​14312 54f74b8 Thanks @​MattieTK! - Avoid silently overwriting an existing Worker during non-interactive deploys that cannot prove they own the name

    A non-interactive deploy (an agent, CI, or the agent-delegated wrangler pages deploy) has no way to prompt before overwriting a Worker, so it now stops if the target name is already taken and this run cannot show it owns that Worker. This applies when there is no Wrangler configuration file naming the Worker and either the name was generated automatically or the deploy is the Pages-to-Workers delegation (where the name carried across is a Pages project name, not proof of Worker ownership). The check reuses the service metadata the deploy already fetches, so it adds no extra API calls.

    Deploys are unaffected when a configuration file names the Worker (so repeat deployments continue to update it), and interactive deploys keep their existing confirmation flow. To update an existing Worker in one of the guarded cases, add a Wrangler configuration file naming it, or deploy under a different name.

  • Updated dependencies [0852346]:

    • miniflare@​4.20260706.0

v4.107.1

Compare Source

Patch Changes
  • #​14514 d88555e Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260701.1 1.20260702.1
  • #​14564 5fd8bee Thanks @​jibin7jose! - Fix an issue where wrangler dev would not override config vars with values from .dev.vars during local development when the secrets field was defined in the configuration file.

  • #​14332 5d9990e Thanks @​Divkix! - Fix misleading error guidance when deploying a new Worker with secrets.required

    When a Worker declares secrets.required and has never been deployed before, the previous error message suggested running wrangler secret put <NAME>, which doesn't work because the Worker doesn't exist yet.

    The one path that does work — wrangler deploy --secrets-file <path> — was not mentioned anywhere in the error output.

    The pre-deploy error now explains that wrangler secret put cannot be used for a new Worker, and directs users to the --secrets-file flag instead. The post-deploy error for existing Workers now also mentions --secrets-file alongside wrangler secret put.

  • #​14507 bf49a41 Thanks @​joey727! - Fix a potential crash when displaying certain CLI output

    Previously, some CLI output with no content lines could cause a crash. This is now handled correctly.

  • #​14492 1ac96a1 Thanks @​penalosa! - Replace the CommonJS xdg-app-paths dependency with a vendored pure-ESM implementation

    xdg-app-paths (and its xdg-portable/os-paths dependencies) are CommonJS only, which caused "Dynamic require of 'path' is not supported" errors when the surrounding code was bundled to ESM. The global config/cache directory resolution is now provided by a small, dependency-free pure-ESM module in @cloudflare/workers-utils that reproduces the previous path resolution exactly (verified against the real package in unit tests), so existing config and credential locations are unchanged. This also drops the transitive fsevents optional dependency that xdg-app-paths pulled in.

    Miniflare and create-cloudflare now consume the shared helpers from @cloudflare/workers-utils instead of maintaining their own copies, importing node-only leaf entry points (@cloudflare/workers-utils/fs-helpers, @cloudflare/workers-utils/global-wrangler-config-path) where ESM bundling is required.

  • #​14572 f416dd9 Thanks @​petebacondarwin! - Key local rate limit counters by namespace_id instead of binding name

    wrangler dev and Miniflare previously tracked each rate limit binding's counter by its binding name, so two bindings that referenced the same namespace_id were treated as separate limiters. Counters are now keyed by namespace_id, matching production: bindings that share a namespace_id share a limit, while distinct namespaces stay isolated. This also re-enables rate limit bindings in multiworker wrangler dev sessions, where they were previously stripped from secondary Workers to avoid a startup crash.

  • #​14570 1ca8d8f Thanks @​penalosa! - Upgrade signal-exit from v3 to v4

    The bundled signal-exit dependency was CJS-only. Upgrading to v4 (which ships a dual ESM/CJS build) unblocks ESM output. Exit-cleanup behaviour is unchanged, though v4 no longer registers handlers for a few signals that are no longer supported by the OS (SIGUNUSED on Linux; SIGABRT/SIGALRM on Windows).

  • #​14561 b973ed3 Thanks @​martijnwalraven! - Emit an error event for watch-mode rebuild failures in unstable_startWorker

    Initial build failures already dispatch an error event (surfaced as buildFailed on the DevEnv bus), but watch-mode rebuild failures were only logged from inside the esbuild plugin, so programmatic consumers had no way to observe them while dev kept serving the previous bundle. Rebuild failures now route through the same error path as initial-build failures: terminal output is unchanged and buildFailed fires symmetrically.

  • Updated dependencies [e7e5780, d88555e, 1ac96a1, f416dd9, 16fbf81]:

    • miniflare@​4.20260702.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 7, 2026
@renovate renovate Bot requested a review from cameronraysmith as a code owner July 7, 2026 22:16
@renovate renovate Bot added the dependencies label Jul 7, 2026
@mergify

mergify Bot commented Jul 7, 2026

Copy link
Copy Markdown

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@renovate renovate Bot force-pushed the renovate/wrangler-4.x branch from f7029bf to 428a874 Compare July 8, 2026 22:43
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to ^4.108.0 chore(deps): update dependency wrangler to ^4.107.1 Jul 8, 2026
@renovate renovate Bot force-pushed the renovate/wrangler-4.x branch from 351262c to 05288aa Compare July 9, 2026 19:30
@renovate renovate Bot changed the title chore(deps): update dependency wrangler to ^4.107.1 chore(deps): update dependency wrangler to ^4.110.0 Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants