Skip to content

chore(deps): bump wrangler from 3.114.15 to 4.92.0#63

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/wrangler-4.92.0
Open

chore(deps): bump wrangler from 3.114.15 to 4.92.0#63
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/wrangler-4.92.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps wrangler from 3.114.15 to 4.92.0.

Release notes

Sourced from wrangler's releases.

wrangler@4.92.0

Minor Changes

  • #13670 506aa02 Thanks @​elithrar! - Add wrangler artifacts commands for managing Artifacts repos and repo tokens.

    This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.

    The new commands support both human-readable output and --json output so they fit existing Wrangler automation patterns.

  • #13916 be8a98c Thanks @​emily-shen! - Add --keep-vars flag to wrangler versions upload, matching the existing behavior in wrangler deploy. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.

Patch Changes

  • #13926 19ed49a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260511.1 1.20260515.1

  • #11471 3ff0a50 Thanks @​HW13! - Improve wrangler types --env-interface for multi-worker projects.

    Custom env interfaces generated by wrangler types no longer expand from Cloudflare.Env, avoiding some unintended type expansion when multiple workers' generated types are used together.

  • #13910 bf688f7 Thanks @​timoconnellaus! - Fix Failed to fetch auth token: 401 Unauthorized from sibling-rotated refresh tokens

    refreshToken previously used the refresh token from module-level localState, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (~/Library/Preferences/.wrangler/config/default.toml on macOS). The long-lived process — typically wrangler dev — then sends its stale in-memory token on the next refresh and gets 401 Unauthorized from https://dash.cloudflare.com/oauth2/token, falling through to interactive login and timing out unattended.

    refreshToken now calls reinitialiseAuthTokens() before exchanging, picking up the latest refresh token written by any sibling process. The previously empty catch {} also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving.

  • #13843 2e72c83 Thanks @​nzws! - Fix wrangler versions secret put/delete/bulk to preserve the existing version's placement settings

    When creating a new version via wrangler versions secret, the previous code only re-emitted a bare { mode: "smart" } placement when the API reported placement_mode === "smart", dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip.

  • #13908 802eaf4 Thanks @​shiminshen! - fix: stop rewriting query strings that happen to contain the request Host

    wrangler dev previously rewrote occurrences of the outer host inside request.url's query string. For example, a request to ?echo=https%3A%2F%2Fdevelopment.test%2Fpath with Host: development.test would be seen by the user worker as ?echo=https%3A%2F%2Fproduction.test%2Fpath, silently mutating opaque application data such as redirect_uri values in OAuth flows.

    The proxy worker now sets the internal MF-Original-URL header after its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string.

  • #13827 8f5cdb1 Thanks @​greyvugrin! - Fix multi-environment warning when CLOUDFLARE_ENV is set

    Commands that warn when multiple environments are configured but none is specified (e.g. wrangler deploy, wrangler secret put) were not accounting for the CLOUDFLARE_ENV environment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified via CLOUDFLARE_ENV.

  • Updated dependencies [19ed49a]:

    • miniflare@4.20260515.0

wrangler@4.91.0

Minor Changes

... (truncated)

Commits
  • a3fa623 Version Packages (#13918)
  • 802eaf4 fix(wrangler): stop rewriting query strings that contain the request Host (#1...
  • 2e72c83 [wrangler] Preserve placement on versions secret commands (#13843)
  • 19ed49a build(deps): bump the workerd-and-workers-types group with 2 updates (#13926)
  • 3ff0a50 fix: wrangler types decouple env-interface from namespace (#11471)
  • 506aa02 [wrangler] Add artifacts CLI commands (#13670)
  • 8f5cdb1 fix(wrangler): hide multi-env warning when env is set via CLOUDFLARE_ENV (#13...
  • be8a98c refactor deploy/versions upload (part 1) (#13916)
  • bf688f7 [wrangler] fix: re-read refresh_token from disk to avoid 401 from sibling-pro...
  • adbf8cb Version Packages (#13895)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for wrangler since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump wrangler from 3.114.15 to 4.92.0
fe0c652 
Bumps [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) from 3.114.15 to 4.92.0.
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.92.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: wrangler
  dependency-version: 4.92.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 18, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request May 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants