chore(deps): update dependency wrangler to v4.86.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
wrangler (source)	4.83.0 → 4.86.0

---

Release Notes

cloudflare/workers-sdk (wrangler)

v4.86.0

Compare Source

Minor Changes

• #​13605 ea943ff Thanks @​danielgek! - Add namespace support to wrangler ai-search commands

  All wrangler ai-search instance commands (create, list, get, update, delete, stats, search) now accept a --namespace (or -n) flag to target a specific AI Search namespace. When the flag is omitted, commands default to the default namespace that Cloudflare automatically provisions for every account.

  wrangler ai-search list now displays a namespace column, and wrangler ai-search create offers an interactive picker for existing namespaces (with an option to create a new one) when --namespace is not supplied in an interactive session.

  A new wrangler ai-search namespace subcommand group is also introduced, with list, create, get, update, and delete subcommands for managing namespaces directly.

  wrangler ai-search list --namespace blog
  wrangler ai-search create my-instance --namespace blog --type r2 --source my-bucket
  wrangler ai-search namespace create blog --description "Blog content"

• #​13637 9eb9e69 Thanks @​edmundhung! - Add --tunnel flag to wrangler dev for sharing your local dev server via Cloudflare Quick Tunnels

  You can now expose your local dev server publicly by passing --tunnel:

  wrangler dev --tunnel

  This starts a Cloudflare Quick Tunnel that gives you a random *.trycloudflare.com URL to share. The tunnel stops automatically when the dev session ends. Quick tunnels don't require a Cloudflare account or any configuration.

  A warning is shown when Server-Sent Events (SSE) responses are detected through the tunnel, since quick tunnels don't support SSE.

• #​13661 0a5db08 Thanks @​aspizu! - wrangler tail will now log stack traces. These stack traces already include resolved frames if you have chosen to upload sourcemaps.

• #​13617 118027d Thanks @​roerohan! - Force Flagship bindings to always use remote mode in local dev

  Flagship bindings now always access the remote Flagship service during local development, matching the behavior of AI bindings. Previously, Flagship supported both local and remote modes, but the local stub only returned default values, providing no real functionality and creating a dual source of truth for flag evaluations.

  The remote config field is retained for backward compatibility but only controls whether a warning is displayed. Setting remote: true suppresses the warning that Flagship bindings always access remote resources and may incur usage charges in local dev.

• #​13254 e867ac2 Thanks @​tgarg-cf! - Add wrangler queues consumer list subcommands for listing queue consumers

  Three new commands are available for listing consumers on a queue:

  • wrangler queues consumer list <queue-name> — lists all consumers (both worker and HTTP pull), grouped by type
  • wrangler queues consumer worker list <queue-name> — lists only worker consumers
  • wrangler queues consumer http list <queue-name> — lists only HTTP pull consumers

Patch Changes

• #​13696 62e9f2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260424.1	1.20260426.1

• #​13576 2dc6175 Thanks @​MattieTK! - Restore telemetry tracking for common CLI flags that were unintentionally dropped during sanitisation

  When argument sanitisation was introduced, only explicitly allow-listed args had their values included in telemetry. The allow list was very conservative, which meant common boolean flags like --remote, --json, --dry-run, --force, and many others were no longer being captured in sanitizedArgs despite previously being tracked. Boolean flags are inherently safe (values are only true/false), so these have now been added back to the global allow list. A small number of fixed-choice args (--local-protocol, --upstream-protocol, --containers-rollout) have also been added with their known value sets.

• #​13649 ae8eae3 Thanks @​petebacondarwin! - Fix service binding and tail consumer props being dropped between workers in different local dev instances

  When a service binding or tail consumer configured with props targeted a worker running in a separate wrangler dev instance (via the dev registry), the props were silently dropped and the remote entrypoint saw an empty ctx.props. Props are now forwarded correctly across the dev registry boundary, matching the behavior users get when all workers run in a single instance.

  // wrangler.json
  {
    "services": [
      {
        "binding": "AUTH",
        "service": "auth-worker", // may be in a separate `wrangler dev` process
        "entrypoint": "SessionEntry",
        "props": { "tenant": "acme" }
      }
    ]
  }

  The target worker's SessionEntry entrypoint now correctly receives { tenant: "acme" } on ctx.props regardless of which local dev instance it runs in.

• #​13662 f2e2241 Thanks @​petebacondarwin! - Fix three resource leaks in unstable_startWorker teardown that could prevent Node from exiting cleanly after worker.dispose().

  • The esbuild context created by bundleWorker is now disposed when the initial build fails. Previously a failing initial build (e.g. an unresolvable entrypoint, or a worker started with an invalid config via setConfig) left the esbuild child process running for the lifetime of the parent Node process.
  • runBuild's cleanup function now awaits the in-flight build before running the bundler's stop handler. Previously teardown could return before esbuild.BuildContext.dispose() had been called, so the esbuild watcher kept the event loop alive after dispose had resolved.
  • BundlerController.teardown() now runs the esbuild cleanup before removing the bundler's temporary directory, and aborts the in-flight bundle build so it cannot emit stale bundleStart/bundleComplete events after teardown. Previously the tmpdir was removed first, which in race with an in-flight rebuild produced confusing "Could not resolve .wrangler/tmp/bundle-XXXX/middleware-loader.entry.ts" errors during dispose.

• #​13674 4f6ed93 Thanks @​petebacondarwin! - Stop emitting a misleading [wrangler:error] Docker build exited with code: <n> log when the user aborts an in-progress container image build (for example by pressing the r rebuild hotkey while the previous build is still running).

  The abort-detection branch in the local and multi-worker runtime controllers was matching the wrong error message — it checked for "Build exited with code: 1", but the error thrown by the docker build helper is actually "Docker build exited with code: <n>", and the exit code after a process-group SIGINT/SIGKILL is typically 130/137/143, not 1. As a result, every legitimate user-initiated rebuild abort produced a spurious error event and [wrangler:error] log line. The check now matches the real error message prefix and ignores any non-zero exit code from the aborted build, so a user-requested rebuild while another build is in progress is silent.

• #​13667 ed2f4ec Thanks @​emily-shen! - fix: Preserve auth in remote proxy session data to avoid unnecessary session restarts

  maybeStartOrUpdateRemoteProxySession was not including auth in its return value, so on subsequent calls preExistingRemoteProxySessionData.auth was always undefined. This caused the auth comparison to always detect a change, disposing and recreating the remote proxy session on every reload even when auth had not changed.

• #​13695 92bb8a5 Thanks @​alexanderniebuhr! - wrangler types --check no longer throws when the types file was generated with an explicit boolean flag. Previously, yargs would parse such flags as actual booleans rather than strings, causing an internal parse error.

• #​13662 f2e2241 Thanks @​petebacondarwin! - Fix the wrangler tail command leaking a signal-exit listener after the tail has been cleanly closed.

  The tail command registered both a tail.on("close", exit) listener and a process-level onExit(exit) handler, but never removed the latter after exit() had run. In long-lived CLI processes this is harmless — the handler eventually runs once on shutdown — but in unit tests that repeatedly invoke wrangler tail, every invocation accumulates a handler that fires during test-runner shutdown. Those late invocations call deleteTail() after the test's auth mocks have been torn down, producing spurious "Not logged in" unhandled rejections which fail the Linux CI runs.

  The handler is now removed as soon as exit() runs, and exit() is guarded against re-entry so it is idempotent if both the WebSocket close event and a real signal fire for the same session.

• #​13187 fcc491a Thanks @​dario-piotrowicz! - Recognize Hydrogen as a known unsupported framework in autoconfig

  Previously, Hydrogen projects were incorrectly identified as React Router (since Hydrogen uses React Router under the hood), leading to a confusing autoconfig experience. Hydrogen is now recognized as a distinct unsupported framework, so users see a clear message that Hydrogen is not yet supported instead of being guided through React Router configuration.

• #​13628 e6c437a Thanks @​emily-shen! - fix: prioritise CLOUDFLARE_ACCOUNT_ID over a cached account id for all Pages commands

  Previously, some Pages commands (pages deploy, pages deployment list/delete/tail, pages download config, pages secret) used a cached account id over the CLOUDFLARE_ACCOUNT_ID environment variable. The pages project commands already correctly prioritised CLOUDFLARE_ACCOUNT_ID.

• Updated dependencies [21b87b2, 62e9f2a, 033d6ec, ae8eae3, ef24ff2, 6d27479, 118027d]:

  • miniflare@​4.20260426.0

v4.85.0

Compare Source

Minor Changes

• #​13222 5680287 Thanks @​maxwellpeterson! - Add enabled and previews_enabled support for custom domain routes

  Custom domain routes can now include optional enabled and previews_enabled boolean fields to control whether a custom domain serves production and/or preview traffic. When omitted, the API defaults apply (production enabled, previews disabled).

Patch Changes

• #​13622 5a2968a Thanks @​petebacondarwin! - Fix inherited ai_search_namespaces binding display in wrangler deploy

  When an ai_search_namespaces binding inherits from the existing deployment, the bindings table now correctly shows (inherited) instead of a raw Symbol(inherit_binding) string.

• #​13633 3494842 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260421.1	1.20260422.1

• #​13645 7d728fb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260422.1	1.20260423.1

• #​13657 df9319d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260423.1	1.20260424.1

• #​13574 d5e3c57 Thanks @​dario-piotrowicz! - Detect Cloudflare WAF block pages and include Ray ID in API error messages

  When the Cloudflare WAF blocks an API request, the response is an HTML page rather than JSON. Previously, this caused a confusing "Received a malformed response from the API" error with a truncated HTML snippet. Wrangler now detects WAF block pages and displays a clear error message explaining that the request was blocked by the firewall, along with the Cloudflare Ray ID (when available) for use in support tickets.

  For other non-JSON responses that aren't WAF blocks, the "malformed response" error also now includes the Ray ID to help reference failing requests in support tickets.

• #​13560 7567ef7 Thanks @​vaishnav-mk! - Preserve NonRetryableError message and name when the workflows_preserve_non_retryable_error_message compatibility flag is enabled, instead of replacing it with a generic error message.

• #​11784 2831b54 Thanks @​JPeer264! - fix(wrangler): Bind the console methods directly instead of using a global proxy

• #​13644 377715d Thanks @​MattieTK! - Update @clack/core and @clack/prompts to v1.2.0

  Bumps the bundled @clack/core dependency used internally by @cloudflare/cli from 0.3.x to 1.2.0, and the @clack/prompts dependency in create-cloudflare from 0.6.x to 1.2.0. Clack v1 includes a number of API changes, but no user-facing prompt behaviour changes are expected.

• Updated dependencies [3494842, 7d728fb, df9319d, 3ceeec3, 7567ef7, 0a95061, 7fc50c1, 377715d]:

  • miniflare@​4.20260424.0
  • @​cloudflare/unenv-preset@​2.16.1

v4.84.1

Compare Source

Patch Changes

• #​13615 8fec8b8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260420.1	1.20260421.1

• #​13572 a610749 Thanks @​dario-piotrowicz! - Fix wrangler types --check ignoring --env-interface and secondary --config entries

  Previously, wrangler types --check ran its staleness check before resolving the --env-interface flag and before collecting secondary worker entry points from additional --config arguments. This meant it could incorrectly report types as up to date when they were actually stale due to a different env interface name or changes in secondary worker configs. The check now runs after all options are fully resolved, so it correctly detects mismatches.

• Updated dependencies [8fec8b8, 2f3d7b9]:

  • miniflare@​4.20260421.0

v4.84.0

Compare Source

Minor Changes

• #​13326 4a9ba90 Thanks @​mattzcarey! - Add Artifacts binding support to wrangler

  You can now configure Artifacts bindings in your wrangler configuration:

  // wrangler.jsonc
  {
    "artifacts": [{ "binding": "MY_ARTIFACTS", "namespace": "default" }]
  }

  Type generation produces the correct Artifacts type reference from the workerd type definitions:

  interface Env {
    MY_ARTIFACTS: Artifacts;
  }

• #​13567 d8c895a Thanks @​gpanders! - Rename the documented containers SSH config option to ssh

  Wrangler now accepts and documents containers.ssh in config files while continuing to accept containers.wrangler_ssh as an undocumented backwards-compatible alias. Wrangler still sends and reads wrangler_ssh when talking to the containers API.

• #​13571 7dc0433 Thanks @​must108! - Add regional and jurisdictional placement constraints for Containers. Users can now set constraints.regions and constraints.jurisdiction in wrangler config to control where containers run.

• #​12600 50bf819 Thanks @​penalosa! - Use workerd's debug port to power cross-process service bindings, Durable Objects, and tail workers via the dev registry. This enables Durable Object RPC via the dev registry, and is an overall stability improvement.

Patch Changes

• #​13160 05f4443 Thanks @​JoaquinGimenez1! - Log a helpful error message when AI binding requests fail with a 403 authentication error

  Previously, when the AI proxy token expired during a long session, users received an unhelpful 403 error. Now, wrangler detects error code 1031 and suggests running wrangler login to refresh the token.

• #​13557 8ca78bb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260415.1	1.20260416.2

• #​13579 b6e1351 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260416.2	1.20260417.1

• #​13604 d8314c6 Thanks @​petebacondarwin! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260417.1	1.20260420.1

• #​13515 b35617b Thanks @​petebacondarwin! - fix: ensure esbuild context is disposed during teardown

  The esbuild bundler cleanup function could race with the initial build. If BundlerController.teardown() ran before the initial build() completed, the stopWatching closure variable would still be undefined, so the esbuild context was never disposed. This left the esbuild child process running, keeping the Node.js event loop alive and causing processes to hang instead of exiting cleanly.

  The cleanup function now awaits the build promise before calling stopWatching, ensuring the esbuild context is always properly disposed.

• #​13470 4fda685 Thanks @​penalosa! - fix: prevent remote binding sessions from expiring during long-running dev sessions

  Preview tokens for remote bindings expire after one hour. Previously, the first request after expiry would fail before a refresh was triggered. This change proactively refreshes the token at 50 minutes so no request ever sees an expired session.

  The reactive recovery path is also improved: error code: 1031 responses (returned by bindings such as Workers AI when their session times out) now correctly trigger a refresh, where previously only Invalid Workers Preview configuration HTML responses did.

  Auth credentials are now resolved lazily when a remote proxy session starts rather than at bundle-complete time. This means that if your OAuth access token has been refreshed since wrangler dev started, the new token is used rather than the one captured at startup.

• #​12456 59eec63 Thanks @​venkatnikhilm! - Improve validation and error messaging for R2 CORS configuration files to catch AWS S3-style formatting mistake.

• #​13444 cc1413a Thanks @​naile! - fix: Pass force query parameter to API in pages deployment delete

• #​11918 d0a9d1c Thanks @​ksawaneh! - Allow wrangler r2 bucket list to run without a valid Wrangler config

  This is an account-level command and does not require parsing wrangler.toml/wrangler.jsonc. Previously, an invalid local config could prevent listing buckets, making it harder to fix the config.

• #​13516 4eb1da9 Thanks @​jonnyparris! - Rename "Browser Rendering" to "Browser Run" in all user-facing strings, error messages, and CLI output.

• #​13575 6d887db Thanks @​lambrospetrou! - Add D1 export prompt message for unavailability, use --skip-confirmation to not show the prompt.

• #​13473 5716d69 Thanks @​MattieTK! - Update am-i-vibing to v0.1.1 for improved agentic environment detection

• Updated dependencies [4a9ba90, b35617b, 8ca78bb, b6e1351, d8314c6, 7f50300, 4fda685, be5e6a0, e456952, 50bf819, 4eb1da9, 8ca78bb, 266c418]:

  • miniflare@​4.20260420.0

---

Configuration

📅 Schedule: (in timezone Asia/Makassar)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
domus	Error		Apr 28, 2026 3:56pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.06%. Comparing base (b531327) to head (4ce44dd).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #286   +/-   ##
=======================================
  Coverage   54.06%   54.06%           
=======================================
  Files         128      128           
  Lines        4056     4056           
  Branches      828      828           
=======================================
  Hits         2193     2193           
  Misses       1860     1860           
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	domus-cron	4ce44dd	Commit Preview URL Branch Preview URL	Apr 28 2026, 03:57 PM