chore(deps): update dependency wrangler to v4.61.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
wrangler (source)	4.59.2 → 4.61.1

---

Release Notes

cloudflare/workers-sdk (wrangler)

v4.61.1

Compare Source

Patch Changes

• #​12189 eb8a415 Thanks @​NuroDev! - Fixed Durable Object missing migrations warning message.

  If a Workers project includes some durable_objects in it but no migrations we show a warning to the user to add migrations to their config. However, this warning recommended new_classes for their migrations, but we instead now recommend all users use new_sqlite_classes instead.

• #​11804 3b06b18 Thanks @​emily-shen! - fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config.

• #​12183 17961bb Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260124.0	1.20260127.0

• #​12196 52fdfe7 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260127.0	1.20260128.0

• #​12199 6d8d9cd Thanks @​petebacondarwin! - Prevent wrangler logout from failing when the Wrangler configuration file is invalid

  Previously, if your wrangler.toml or wrangler.json file contained syntax errors or invalid values, the wrangler logout command would fail. Now, configuration parsing errors are caught and logged at debug level, allowing you to log out regardless of the state of your configuration file.

• #​12153 cb72c11 Thanks @​petebacondarwin! - Sanitize commands and arguments in telemetry to prevent accidentally capturing sensitive information.

  Changes:

  • Renamed telemetry fields from command/args to sanitizedCommand/sanitizedArgs to distinguish from historical fields that may have contained sensitive data in older versions
  • Command names now come from command definitions rather than user input, preventing accidental capture of sensitive data pasted as positional arguments
  • Sentry breadcrumbs now use the safe command name from definitions
  • Argument values are only included if explicitly allowed via COMMAND_ARG_ALLOW_LIST
  • Argument keys (names) are always included since they come from command definitions, not user input

• Updated dependencies [8a210af, 17961bb, 52fdfe7, 5f060c9]:

  • miniflare@​4.20260128.0
  • @​cloudflare/unenv-preset@​2.12.0

v4.61.0

Compare Source

Minor Changes

• #​12008 e414f05 Thanks @​penalosa! - Add support for customising the inspector IP address

  Adds a new --inspector-ip CLI flag and dev.inspector_ip configuration option to allow customising the IP address that the inspector server listens on. Previously, the inspector was hardcoded to listen only on 127.0.0.1.

  Example usage:

  # CLI flag
  wrangler dev --inspector-ip 0.0.0.0

  // wrangler.json
  {
  	"dev": {
  		"inspector_ip": "0.0.0.0",
  	},
  }

• #​12034 05714f8 Thanks @​emily-shen! - Add a no-op local explorer worker, which is gated by the experimental flag X_LOCAL_EXPLORER.

Patch Changes

• #​12134 a0a9ef6 Thanks @​NuroDev! - Fixed Fish shell tab completions.

  The wrangler tab completions are powered by @bomb.sh/tab which has been upgraded to version 0.0.12 which includes a fix for the Fish shell which was previously not working at all.

• #​12006 ad4666c Thanks @​penalosa! - Remove --use-remote option from wrangler hyperdrive create command

  Hyperdrive does not support remote bindings during local development - it requires a localConnectionString to connect to a local database. This change removes the confusing "remote resource" prompt that was shown when creating a Hyperdrive config.

  Fixes #​11674

• #​11853 014e7aa Thanks @​43081j! - Use built-in stripVTControlCharacters utility rather than the strip-ansi package.

• #​12040 77e82d2 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260120.0	1.20260122.0

• #​12061 f08ef21 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260122.0	1.20260123.0

• #​12088 0641e6c Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260123.0	1.20260124.0

• #​12044 eacedba Thanks @​edmundhung! - Fix wrangler secret list to error when the Worker is not found

  Previously, running wrangler secret list against a non-existent Worker would silently return an empty array, making it difficult to diagnose issues like being logged into the wrong account. It now returns an error with suggestions for common causes.

• #​12150 e8b2ef5 Thanks @​dario-piotrowicz! - Emit autoconfig summary as a separate output entry

  Move the autoconfig summary from the deploy output entry to a dedicated autoconfig output entry type. This entry is now emitted by both wrangler deploy and wrangler setup commands when autoconfig runs, making it easier to track autoconfig results independently of deployments.

• Updated dependencies [014e7aa, e414f05, 77e82d2, f08ef21, 0641e6c, 05714f8, bbd8a5e]:

  • miniflare@​4.20260124.0

v4.60.0

Compare Source

Minor Changes

• #​11113 bba0968 Thanks @​AmirSa12! - Add wrangler complete command for shell completion scripts (bash, zsh, powershell)

  Usage:

  # Bash
  wrangler complete bash >> ~/.bashrc
  
  # Zsh
  wrangler complete zsh >> ~/.zshrc
  
  # Fish
  wrangler complete fish >> ~/.config/fish/completions/wrangler.fish
  
  # PowerShell
  wrangler complete powershell > $PROFILE

  • Uses @bomb.sh/tab library for cross-shell compatibility
  • Completions are dynamically generated from experimental_getWranglerCommands() API

• #​11893 f9e8a45 Thanks @​NuroDev! - wrangler types now generates per-environment TypeScript interfaces when named environments exist in your configuration.

  When your configuration has named environments (an env object), wrangler types now generates both:

  • Per-environment interfaces (e.g., StagingEnv, ProductionEnv) containing only the bindings explicitly declared in each environment, plus inherited secrets
  • An aggregated Env interface with all bindings from all environments (top-level + named environments), where:
    • Bindings present in all environments are required
    • Bindings not present in all environments are optional
    • Secrets are always required (since they're inherited everywhere)
    • Conflicting binding types across environments produce union types (e.g., KVNamespace | R2Bucket)

  However, if your config does not contain any environments, or you manually specify an environment via --env, wrangler types will continue to generate a single interface as before.

  Example:

  Given the following wrangler.jsonc:

  {
  	"name": "my-worker",
  	"kv_namespaces": [
  		{
  			"binding": "SHARED_KV",
  			"id": "abc123",
  		},
  	],
  	"env": {
  		"staging": {
  			"kv_namespaces": [
  				{ "binding": "SHARED_KV", "id": "staging-kv" },
  				{ "binding": "STAGING_CACHE", "id": "staging-cache" },
  			],
  		},
  	},
  }

  Running wrangler types will generate:

  declare namespace Cloudflare {
  	interface StagingEnv {
  		SHARED_KV: KVNamespace;
  		STAGING_CACHE: KVNamespace;
  	}
  	interface Env {
  		SHARED_KV: KVNamespace; // Required: in all environments
  		STAGING_CACHE?: KVNamespace; // Optional: only in staging
  	}
  }
  interface Env extends Cloudflare.Env {}

Patch Changes

• #​12030 614bbd7 Thanks @​jbwcloudflare! - Fix wrangler pages project validate to respect file count limits from CF_PAGES_UPLOAD_JWT

• #​11993 788bf78 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260116.0	1.20260120.0

• #​12039 1375577 Thanks @​dimitropoulos! - Fixed the flag casing for the time period flag for the d1 insights command.

• #​12026 c3407ad Thanks @​dario-piotrowicz! - Fix wrangler setup not automatically selecting workers as the target for new SvelteKit apps

  The Sveltekit adapter:cloudflare adapter now accepts two different targets workers or pages. Since the wrangler auto configuration only targets workers, wrangler should instruct the adapter to use the workers variant. (The auto configuration process would in any case not work if the user were to target pages.)

• Updated dependencies [788bf78, ae108f0]:

  • miniflare@​4.20260120.0
  • @​cloudflare/unenv-preset@​2.11.0
  • @​cloudflare/kv-asset-handler@​0.4.2

v4.59.3

Compare Source

Patch Changes

• #​9396 75386b1 Thanks @​gnekich! - Fix wrangler login with custom callback-host/callback-port

  The Cloudflare OAuth API always requires the redirect_uri to be localhost:8976. However, sometimes the Wrangler OAuth server needed to listen on a different host/port, for example when running from inside a container. We were previously incorrectly setting the redirect_uri to the configured callback host/port, but it needs to be up to the user to map localhost:8976 to the Wrangler OAuth server in the container.

  Example:

  You might run Wrangler inside a docker container like this: docker run -p 8989:8976 <image>, which forwards port 8976 on your host to 8989 inside the container.

  Then inside the container, run wrangler login --callback-host=0.0.0.0 --callback-port=8989

  The OAuth link still has a redirect_uri set tolocalhost:8976. For example https://dash.cloudflare.com/oauth2/auth?...&redirect_uri=http%3A%2F%2Flocalhost%3A8976%2Foauth%2Fcallback&...

  However the redirect to localhost:8976 is then forwarded to the Wrangler OAuth server inside your container, allowing the login to complete.

• #​11925 8e4a0e5 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260114.0	1.20260115.0

• #​11942 133bf95 Thanks @​penalosa! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260115.0	1.20260116.0

• #​11922 93d8d78 Thanks @​dario-piotrowicz! - Improve telemetry errors being sent to Sentry by wrangler init when it delegates to C3 by ensuring that they contain the output of the C3 execution.

• #​11940 69ff962 Thanks @​penalosa! - Show helpful messages for file not found errors (ENOENT)

  When users encounter file not found errors, Wrangler now displays a helpful message with the missing file path and common causes, instead of reporting to Sentry.

• #​11904 22727c2 Thanks @​danielrs! - Fix false positive infinite loop detection for exact path redirects

  Fixed an issue where the redirect validation incorrectly flagged exact path redirects like / /index.html 200 as infinite loops. This was particularly problematic when html_handling is set to "none", where such redirects are valid.

  The fix makes the validation more specific to only block wildcard patterns (like /* /index.html) that would actually cause infinite loops, while allowing exact path matches that are valid in certain configurations.

  Fixes: #​11824

• #​11946 fa39a73 Thanks @​MattieTK! - Fix configFileName returning wrong filename for .jsonc config files

  Previously, users with a wrangler.jsonc config file would see error messages and hints referring to wrangler.json instead of wrangler.jsonc. This was because the configFormat function collapsed both .json and .jsonc files into a single "jsonc" value, losing the distinction between them.

  Now configFormat returns "json" for .json files and "jsonc" for .jsonc files, allowing configFileName to return the correct filename for each format.

• #​11968 4ac7c82 Thanks @​MattieTK! - fix: include version components in command event metrics

  Adds wranglerMajorVersion, wranglerMinorVersion, and wranglerPatchVersion to command events (wrangler command started, wrangler command completed, wrangler command errored). These properties were previously only included in adhoc events.

• #​11940 69ff962 Thanks @​penalosa! - Improve error message when creating duplicate KV namespace

  When attempting to create a KV namespace with a title that already exists, Wrangler now provides a clear, user-friendly error message instead of the generic API error. The new message explains that the namespace already exists and suggests running wrangler kv namespace list to see existing namespaces with their IDs, or choosing a different namespace name.

• #​11962 029531a Thanks @​dario-piotrowicz! - Cache chosen account in memory to avoid repeated prompts

  When users have multiple accounts and no node_modules directory exists for file caching, Wrangler (run via npx and equivalent commands) would prompt for account selection multiple times during a single command. Now the selected account is also stored in process memory, preventing duplicate prompts and potential issues from inconsistent account choices.

• #​11964 d58fbd1 Thanks @​dario-piotrowicz! - Make name the positional argument for wrangler delete instead of script

  The script argument was meaningless for the delete command since it deletes by worker name, not by entry point path. The name argument is now accepted as a positional argument, allowing users to run wrangler delete my-worker instead of wrangler delete --name my-worker. The script argument is now hidden but still accepted for backwards compatibility.

• #​11967 202c59e Thanks @​emily-shen! - chore: update undici

  The following dependency versions have been updated:

  Dependency	From	To
  undici	7.14.0	7.18.2

• #​11940 69ff962 Thanks @​penalosa! - Improve error handling for Vite config transformations

  Replace assertions with proper error handling when transforming Vite configs. When Wrangler encounters a Vite config that uses a function or lacks a plugins array, it now provides clear, actionable error messages instead of crashing with assertion failures. The check function gracefully skips incompatible configs with debug logging.

• Updated dependencies [8e4a0e5, 133bf95, 202c59e, 133bf95, 25e2c60]:

  • miniflare@​4.20260116.0

---

Configuration

📅 Schedule: Branch creation - "before 3am" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.