Skip to content

Update dependency wrangler to v4.106.0#339

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/wrangler-4.x
Open

Update dependency wrangler to v4.106.0#339
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/wrangler-4.x

Conversation

@renovate

@renovate renovate Bot commented Jun 23, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
wrangler (source) 4.103.04.106.0 age confidence

Release Notes

cloudflare/workers-sdk (wrangler)

v4.106.0

Compare Source

Minor Changes
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add wrangler ai-search jobs commands for managing AI Search indexing jobs

    You can now list, trigger, inspect, cancel, and read the logs of indexing jobs for an AI Search instance:

    wrangler ai-search jobs list <instance>
    wrangler ai-search jobs create <instance> --description "manual reindex"
    wrangler ai-search jobs get <instance> <job-id>
    wrangler ai-search jobs cancel <instance> <job-id>
    wrangler ai-search jobs logs <instance> <job-id>
    

    All commands accept --namespace/-n (defaults to default). All commands except cancel also accept --json for clean machine-readable output.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add --source-jurisdiction to wrangler ai-search create for R2-backed instances

    R2 buckets can live in a specific jurisdiction (for example eu or fedramp). You can now point an AI Search instance at a bucket in one of those jurisdictions:

    wrangler ai-search create my-instance --type r2 --source my-bucket --source-jurisdiction eu

    When run interactively, the R2 source flow also prompts for a jurisdiction and lists (and can create) buckets within it. The value is a free-form string forwarded to the API as source_params.r2_jurisdiction (server-side validated); omit the flag for no specific jurisdiction. This AI Search command is in open beta.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add auth profiles for managing multiple OAuth logins

    Auth profiles let you maintain separate OAuth logins and bind them to directories, so you can switch between different accounts for different projects without having to re-login.

    For example:

    wrangler auth create work
    wrangler auth activate work ~/projects/work
    
    wrangler auth create personal
    wrangler auth activate personal ~/projects/personal

    New commands under wrangler auth:

    • wrangler auth create <name> — create or re-authenticate a named profile via OAuth
    • wrangler auth delete <name> — delete a profile and all its directory bindings
    • wrangler auth activate <name> [dir] — bind a profile to a directory (defaults to cwd). Sub-directories will inherit this profile.
    • wrangler auth deactivate [dir] — remove a directory binding
    • wrangler auth list — list all profiles and their corresponding directories

    There is also a new global --profile flag, which you can use to activate a profile for just that command run. Note that if you have CLOUDFLARE_API_TOKEN set, that will still take precedence over all profiles. Any account id settings (via CLOUDFLARE_ACCOUNT_ID or wrangler config) will also still be respected.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add --strict flag to wrangler versions upload and improve pre-upload safety checks

    wrangler versions upload now runs the same pre-upload checks as wrangler deploy:

    • When the Worker was last edited via the Cloudflare Dashboard, the local and remote configurations are diffed and you are warned only if the diff is destructive (previously, an unconditional warning was shown).
    • When local configuration values conflict with remote secrets, a warning is shown before proceeding.
    • When deploying workflows that belong to a different Worker, a warning is shown before proceeding.

    The new --strict flag (already available on wrangler deploy) causes wrangler versions upload to abort in non-interactive/CI environments when any of these conflicts are detected, instead of auto-continuing.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add D1 migration setup to createTestHarness() Worker handles

    Tests using createTestHarness() can now apply local D1 migrations before running requests:

    const worker = server.getWorker();
    
    beforeEach(async () => {
      await worker.applyD1Migrations("DATABASE");
    });
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add Workflow introspection to createTestHarness()

    Worker handles can now introspect Workflow bindings by name, allowing tests to disable sleeps, mock step results, and wait for Workflow outcomes. Tests can introspect a known Workflow instance by ID or track instances created after introspection starts.

    const harness = createTestHarness({
    	workers: [{ configPath: "./wrangler.json" }],
    });
    
    const worker = harness.getWorker();
    await using workflow = await worker.introspectWorkflow("MY_WORKFLOW");
    
    await workflow.modifyAll((modifier) =>
    	modifier.disableSleeps([{ name: "wait-for-approval" }])
    );
    
    const response = await worker.fetch("/start-workflow");
    const [instance] = await workflow.get();
    await instance.waitForStatus("complete");
  • #​14446 e0cc2cb Thanks @​edmundhung! - Add bindingOverrides and getExport() to createTestHarness()

    Test harness workers loaded from Wrangler config files can now replace a configured binding with a Worker in the same harness. This is useful for replacing platform bindings with test Workers while keeping the source Worker config production-like. You can also call getExport() on a Worker returned by server.getWorker(name) to access JSRPC methods on the default Worker export, including mock Workers used as override targets.

    const server = createTestHarness({
      workers: [
        {
          configPath: "./workers/app/wrangler.jsonc",
          bindingOverrides: { BROWSER: "mock-browser" },
        },
        {
          // A mock Worker implementing the Browser Rendering binding named "mock-browser".
          configPath: "./workers/mock-browser/wrangler.jsonc",
        },
      ],
    });
    
    const mockBrowser = await server
      .getWorker<WebEnv, typeof import("./workers/mock-browser")>("mock-browser")
      .getExport();
    await mockBrowser.setScreenshot(stubPng);
    
    const response = await server.fetch("/reports/2026-05-29.png");
    expect(await response.bytes()).toEqual(stubPng);
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve wrangler tail resilience and shutdown behaviour

    wrangler tail previously crashed with a raw stack trace when the keep-alive ping to the Worker timed out, and could exit with an ugly error on Ctrl-C.

    • Errors now flow through wrangler's usual error pipeline instead of escaping as uncaught exceptions.
    • The keep-alive timeout message now clearly explains what happened and no longer prints a stack trace.
    • When the tail connection drops unexpectedly, wrangler tail now automatically tries to reconnect with exponential back-off (up to 5 retries).
    • Ctrl-C now prints a short "Stopping tail..." message (in pretty mode), awaits the server-side tail deletion, and exits cleanly with code 0.
Patch Changes
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260625.1 1.20260629.1
  • #​14478 f10d4ad Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260629.1 1.20260630.1
  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve the deploy warning shown when a Workflow name already belongs to another Worker

    The warning still notes that deploying reassigns the workflow to the current Worker, and now also explains why this happens (workflow names must be unique per account) and how to resolve it (rename the workflow in the Wrangler config).

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - use stream instead of deprecated pipeline key in pipelines setup config snippet

    The wrangler pipelines setup and wrangler pipelines create commands now output the correct stream property name in the configuration snippet, matching the rename from pipeline to stream that was applied across the rest of the codebase.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve KV error messages to be clearer and more actionable

    Error messages for KV namespace and key operations now consistently explain what went wrong, which flags or config fields to use, and what commands to run as alternatives. This covers namespace selection errors (delete, rename), binding resolution errors, config file issues, and preview namespace ambiguity.

  • #​14479 d292046 Thanks @​dario-piotrowicz! - Improve R2 error messages to be clearer and more actionable

    Error messages for r2 bucket lifecycle, r2 bucket lock, r2 bucket catalog, and r2 sql commands now include the specific flag or argument that is missing or invalid, along with usage examples showing the correct syntax.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Improve wrangler versions deploy error messages for non-interactive usage

    Error messages in wrangler versions deploy are now clearer and more actionable, especially for non-interactive and agent-driven usage. Each error now explains what went wrong, what was expected, and how to fix it (e.g. suggesting the correct flag or command syntax).

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Fix the remote secrets override check during deploy targeting the wrong Worker when --name is passed

    The check that warns when a config value would override an existing remote secret was using the Worker name from the config file rather than the resolved name. If you passed --name <other-worker>, the check ran against the config-file Worker name instead of the Worker actually being uploaded.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Abort in-flight custom builds when wrangler dev exits or restarts a build

    Previously, wrangler dev marked in-flight custom builds as stale but did not pass the abort signal to the spawned build command. This meant Ctrl-C could appear to hang while Wrangler waited for a custom build command to finish naturally. Custom build commands are now cancelled when the dev session tears down or a newer watched build supersedes them.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Replace existing bindings when adding newly created resources to Wrangler configuration

    When config updates are authorized interactively or through --update-config or --binding, Wrangler now replaces an existing resource binding with the selected name instead of adding a duplicate entry. This allows template bindings with placeholder resource IDs to be updated in both interactive and non-interactive workflows.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Verify Docker is installed and running before wrangler containers build

    Previously, running wrangler containers build without Docker installed or with the Docker daemon stopped would fail with an unhelpful spawn error. Now the command checks that Docker is reachable upfront and shows a clear, actionable error message with installation and troubleshooting steps.

  • #​14490 75d8cb0 Thanks @​petebacondarwin! - Add images as a valid --source for queues subscription create

    The Cloudflare Images service can emit events (e.g. image.uploaded) to a Cloudflare Queue via the event subscriptions API, and this is supported by both the REST API and the Cloudflare Dashboard. However, the wrangler CLI was missing images from the hardcoded --source choices list, causing the command to reject it with an "Invalid values" error.

    You can now subscribe a queue to Cloudflare Images events via the CLI:

    wrangler queues subscription create <queue> --source images --events image.uploaded
  • Updated dependencies [75d8cb0, f10d4ad, 75d8cb0, 75d8cb0]:

    • miniflare@​4.20260630.0

v4.105.0

Compare Source

Minor Changes
  • #​14311 34e0cef Thanks @​sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

    wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.

    • The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
    • The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
    • Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
    <path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key
Patch Changes
  • #​14424 5f40dd5 Thanks @​MattieTK! - Bump am-i-vibing from 0.4.0 to 0.5.0

    This updates the agentic environment detection library to the latest version, which adds detection for the Pi coding agent (earendil-works/pi).

  • #​14406 3b743c1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260623.1 1.20260625.1
  • #​14343 daa5389 Thanks @​th0m! - Use digest-pinned image references for Dockerfile container deploys

    Dockerfile-backed container deploys now use the pushed image digest when deploying the container application. This lets snapshot-enabled container apps pass Cloudchamber validation while keeping local, non-pushed builds and registry image URI deploys unchanged.

  • #​14394 8a5cf8c Thanks @​Partha-Shankar! - fix(d1): escape migrationsTableName and filenames in SQLite queries

    D1 migration commands in both wrangler and @cloudflare/vitest-pool-workers interpolated the migrationsTableName config value and migration filenames directly into SQL strings without any escaping. This meant:

    • A table name such as my"table would produce invalid SQL in CREATE TABLE, SELECT, and INSERT statements, and
    • A migration filename containing an apostrophe (e.g. what's-new.sql) would break the INSERT INTO ... VALUES ('...') statement appended after each migration in wrangler.

    Both identifiers are now properly escaped before interpolation: migrationsTableName is wrapped in double-quotes with internal double-quotes doubled (SQL-standard identifier quoting), and migration filenames used as string literals have their single-quotes doubled before insertion.

  • Updated dependencies [3b743c1]:

    • miniflare@​4.20260625.0

v4.104.0

Compare Source

Minor Changes
  • #​14369 e312dec Thanks @​edmundhung! - Add getEnv() to createTestHarness() Worker handles

    Tests can now access the full env object for a Worker with await server.getWorker<Env>().getEnv(), including vars, secrets, and bindings.

Patch Changes
  • #​14364 a085dec Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260617.1 1.20260619.1
  • #​14383 9a0de8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260619.1 1.20260621.1
  • #​14397 fab565f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260621.1 1.20260623.1
  • #​14388 3f02864 Thanks @​petebacondarwin! - Stop erroring when find_additional_modules discovers a file that only matches a inactive module rule

    Module rules assign module types to imported files — they are not include/exclude filters. Also, setting fallthrough: false in a rule will cause subsequent rules to become inactive. Previously, when find_additional_modules walked the filesystem and discovered a file whose only matching rule is inactive, Wrangler would throw an error and fail the build.

    This meant that adding a user rule like the one below would break the build for any .txt, .html, .sql, .bin or .wasm file that didn't match the user-supplied globs but lived somewhere under the module root:

    // wrangler.json
    {
      "rules": [
        {
          "type": "Text",
          "globs": ["html/includeme.html"],
          "fallthrough": false
        }
      ]
    }

    Discovered files that only match an inactive rule are now silently skipped (a debug-level log records each skip for troubleshooting), so users can use fallthrough: false to narrow the set of files attached to their Worker without having to delete or move untouched files on disk.

    The direct-import path is unchanged: importing a file in code that only matches an inactive rule is still a hard error, because the imported file genuinely needs a defined module type.

    Fixes #​14257.

  • #​14358 4ef872f Thanks @​gabivlj! - Fix container egress interception on arm64 Docker runtimes

    Both wrangler dev and the Cloudflare Vite plugin no longer force the proxy-everything sidecar image to pull as linux/amd64, allowing Docker to select the native image from the multi-platform manifest. Set MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM to force a specific platform when needed.

  • #​14362 2a02858 Thanks @​sherryliu-lsy! - Don't require the private credential when reusing an existing Secrets Store secret in containers registries configure

    wrangler containers registries configure now checks whether the target Secrets Store secret already exists before resolving the private credential. When the secret already exists it is reused by reference, so the private credential no longer needs to be supplied (via stdin in non-interactive mode, or via a prompt interactively). This applies to all external registries.

    The new-secret path is unchanged: the credential is still required and stored. The only visible interactive change is that the secret prompt now appears last and only when a new secret is being created.

  • Updated dependencies [a085dec, 9a0de8f, fab565f]:

    • miniflare@​4.20260623.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge (squash) June 23, 2026 18:09
@socket-security

socket-security Bot commented Jun 23, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedwrangler@​4.106.0981009296100

View full report

@renovate renovate Bot force-pushed the renovate/wrangler-4.x branch from 2c9a89a to 56355fd Compare June 25, 2026 14:52
@renovate renovate Bot changed the title Update dependency wrangler to v4.104.0 Update dependency wrangler to v4.105.0 Jun 25, 2026
@renovate renovate Bot force-pushed the renovate/wrangler-4.x branch from 56355fd to 09a220f Compare June 30, 2026 20:54
@renovate renovate Bot changed the title Update dependency wrangler to v4.105.0 Update dependency wrangler to v4.106.0 Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants