Skip to content

chore(deps-dev): Bump wrangler from 4.93.0 to 4.107.1#285

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/wrangler-4.107.1
Open

chore(deps-dev): Bump wrangler from 4.93.0 to 4.107.1#285
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/wrangler-4.107.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps wrangler from 4.93.0 to 4.107.1.

Release notes

Sourced from wrangler's releases.

wrangler@4.107.1

Patch Changes

  • #14514 d88555e Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260701.1 1.20260702.1
  • #14564 5fd8bee Thanks @​jibin7jose! - Fix an issue where wrangler dev would not override config vars with values from .dev.vars during local development when the secrets field was defined in the configuration file.

  • #14332 5d9990e Thanks @​Divkix! - Fix misleading error guidance when deploying a new Worker with secrets.required

    When a Worker declares secrets.required and has never been deployed before, the previous error message suggested running wrangler secret put <NAME>, which doesn't work because the Worker doesn't exist yet.

    The one path that does work — wrangler deploy --secrets-file <path> — was not mentioned anywhere in the error output.

    The pre-deploy error now explains that wrangler secret put cannot be used for a new Worker, and directs users to the --secrets-file flag instead. The post-deploy error for existing Workers now also mentions --secrets-file alongside wrangler secret put.

  • #14507 bf49a41 Thanks @​joey727! - Fix a potential crash when displaying certain CLI output

    Previously, some CLI output with no content lines could cause a crash. This is now handled correctly.

  • #14492 1ac96a1 Thanks @​penalosa! - Replace the CommonJS xdg-app-paths dependency with a vendored pure-ESM implementation

    xdg-app-paths (and its xdg-portable/os-paths dependencies) are CommonJS only, which caused "Dynamic require of 'path' is not supported" errors when the surrounding code was bundled to ESM. The global config/cache directory resolution is now provided by a small, dependency-free pure-ESM module in @cloudflare/workers-utils that reproduces the previous path resolution exactly (verified against the real package in unit tests), so existing config and credential locations are unchanged. This also drops the transitive fsevents optional dependency that xdg-app-paths pulled in.

    Miniflare and create-cloudflare now consume the shared helpers from @cloudflare/workers-utils instead of maintaining their own copies, importing node-only leaf entry points (@cloudflare/workers-utils/fs-helpers, @cloudflare/workers-utils/global-wrangler-config-path) where ESM bundling is required.

  • #14572 f416dd9 Thanks @​petebacondarwin! - Key local rate limit counters by namespace_id instead of binding name

    wrangler dev and Miniflare previously tracked each rate limit binding's counter by its binding name, so two bindings that referenced the same namespace_id were treated as separate limiters. Counters are now keyed by namespace_id, matching production: bindings that share a namespace_id share a limit, while distinct namespaces stay isolated. This also re-enables rate limit bindings in multiworker wrangler dev sessions, where they were previously stripped from secondary Workers to avoid a startup crash.

  • #14570 1ca8d8f Thanks @​penalosa! - Upgrade signal-exit from v3 to v4

    The bundled signal-exit dependency was CJS-only. Upgrading to v4 (which ships a dual ESM/CJS build) unblocks ESM output. Exit-cleanup behaviour is unchanged, though v4 no longer registers handlers for a few signals that are no longer supported by the OS (SIGUNUSED on Linux; SIGABRT/SIGALRM on Windows).

  • #14561 b973ed3 Thanks @​martijnwalraven! - Emit an error event for watch-mode rebuild failures in unstable_startWorker

    Initial build failures already dispatch an error event (surfaced as buildFailed on the DevEnv bus), but watch-mode rebuild failures were only logged from inside the esbuild plugin, so programmatic consumers had no way to observe them while dev kept serving the previous bundle. Rebuild failures now route through the same error path as initial-build failures: terminal output is unchanged and buildFailed fires symmetrically.

  • Updated dependencies [e7e5780, d88555e, 1ac96a1, f416dd9, 16fbf81]:

    • miniflare@4.20260702.0

wrangler@4.107.0

Minor Changes

... (truncated)

Commits
  • c5d5e89 Version Packages (#14536)
  • 5fd8bee fix(wrangler): override config vars with .dev.vars when secrets is de… (#14564)
  • f416dd9 [miniflare] Key local rate limit counters by namespace_id (#14572)
  • b973ed3 fix(wrangler): emit an error event for watch-mode rebuild failures (#14561)
  • b8439fb [miniflare][wrangler] Fix Windows CI flakes: local-explorer ECONNRESET retry,...
  • 1ca8d8f [wrangler] Upgrade signal-exit to v4 for ESM compatibility (#14570)
  • 5d9990e [wrangler] Fix first-deploy guidance for required secrets (#14332)
  • bf49a41 [wrangler] Fix drawBox crash on empty content array (#14507)
  • 421ae96 [wrangler] Add unit tests for shell-quote and source-maps utilities (#14508)
  • 1ac96a1 [workers-utils] Replace CJS xdg-app-paths with a vendored pure-ESM implementa...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) from 4.93.0 to 4.107.1.
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.107.1/packages/wrangler)

---
updated-dependencies:
- dependency-name: wrangler
  dependency-version: 4.107.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@dependabot dependabot Bot requested review from AnSoFuchs and ThorFuchs as code owners July 9, 2026 04:44
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants