chore(deps): update dependency wrangler to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
wrangler (source)	^3.110.0 -> ^4.0.0

---

Release Notes

cloudflare/workers-sdk (wrangler)

v4.0.0

Compare Source

Major Changes

• #​7334 869ec7b Thanks @​penalosa! - Use --local by default for wrangler kv key and wrangler r2 object commands

• #​7334 869ec7b Thanks @​dario-piotrowicz! - chore: remove deprecated getBindingsProxy

  remove the deprecated getBindingsProxy utility which has been replaced with getPlatformProxy

• #​7334 869ec7b Thanks @​penalosa! - Remove the deprecated --format argument on wrangler deploy and wrangler dev.

  Remove deprecated config fields:

  • type
  • webpack_config
  • miniflare
  • build.upload
  • zone_id
  • usage_model
  • experimental_services
  • kv-namespaces

• #​7334 869ec7b Thanks @​rozenmd! - Remove wrangler d1 backups

  This change removes wrangler d1 backups, a set of alpha-only commands that would allow folks to interact with backups of their D1 alpha DBs.

  For production D1 DBs, you can restore previous versions of your database with wrangler d1 time-travel and export it at any time with wrangler d1 export.

  Closes #​7470

• #​7334 869ec7b Thanks @​rozenmd! - Remove --batch-size as an option for wrangler d1 execute and wrangler d1 migrations apply

  This change removes the deprecated --batch-size flag, as it is no longer necessary to decrease the number of queries wrangler sends to D1.

  Closes #​7470

• #​7334 869ec7b Thanks @​rozenmd! - Remove alpha support from wrangler d1 migrations apply

  This change removes code that would take a backup of D1 alpha databases before proceeding with applying a migration.

  We can remove this code as alpha DBs have not accepted queries in months.

  Closes #​7470

• #​7334 869ec7b Thanks @​penalosa! - Remove the deprecated wrangler generate command. Instead, use the C3 CLI to create new projects: https://developers.cloudflare.com/pages/get-started/c3/

• #​7334 869ec7b Thanks @​penalosa! - Remove the deprecated wrangler init --no-delegate-c3 command. wrangler init is still available, but will always delegate to C3.

• #​7334 869ec7b Thanks @​penalosa! - Remove support for legacy assets.

  This removes support for legacy assets using the --legacy-assets flag or legacy_assets config field. Instead, you should use Workers Assets

• #​7334 869ec7b Thanks @​penalosa! - Remove the deprecated wrangler publish command. Instead, use wrangler deploy, which takes exactly the same arguments.

  Additionally, remove the following deprecated commands, which are no longer supported.

  • wrangler config
  • wrangler preview
  • wrangler route
  • wrangler subdomain

  Remove the following deprecated command aliases:

  • wrangler secret:*, replaced by wrangler secret *
  • wrangler kv:*, replaced by wrangler kv *

• #​7334 869ec7b Thanks @​penalosa! - Remove the deprecated wrangler version command. Instead, use wrangler --version to check the current version of Wrangler.

• #​7334 869ec7b Thanks @​penalosa! - The --node-compat flag and node_compat config properties are no longer supported as of Wrangler v4. Instead, use the nodejs_compat compatibility flag. This includes the functionality from legacy node_compat polyfills and natively implemented Node.js APIs. See https://developers.cloudflare.com/workers/runtime-apis/nodejs for more information.

  If you need to replicate the behaviour of the legacy node_compat feature, refer to https://developers.cloudflare.com/workers/wrangler/migration/update-v3-to-v4/ for a detailed guide.

• #​7334 869ec7b Thanks @​threepointone! - chore: update esbuild

  This patch updates esbuild from 0.17.19 to 0.24.2. That's a big bump! Lots has gone into esbuild since May '23. All the details are available at https://github.com/evanw/esbuild/blob/main/CHANGELOG.md / https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md.

  • We now support all modern JavasScript/TypeScript features suported by esbuild (as of December 2024). New additions include standard decorators, auto-accessors, and the using syntax.

  • 0.18 introduced wider support for configuration specified via tsconfig.json https://github.com/evanw/esbuild/issues/3019. After observing the (lack of) any actual broken code over the last year for this release, we feel comfortable releasing this without considering it a breaking change.

  • 0.19.3 introduced support for import attributes

    import stuff from './stuff.json' with { type: 'json' }

    While we don't currently expose the esbuild configuration for developers to add their own plugins to customise how modules with import attributes are bundled, we may introduce new "types" ourselves in the future.

  • 0.19.0 introduced support for wildcard imports. Specifics here (https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md#0190). tl;dr -

    • These 2 patterns will bundle all files that match the glob pattern into a single file.

      const json1 = await import("./data/" + kind + ".json");

      const json2 = await import(`./data/${kind}.json`);

    • This pattern will NOT bundle any matching patterns:

      const path = "./data/" + kind + ".js";
      const json2 = await import(path);

      You can use find_additional_modules to bundle any additional modules that are not referenced in the code but are required by the project.

    Now, this MAY be a breaking change for some. Specifically, if you were previously using the pattern (that will now include all files matching the glob pattern in the bundle), BUT find_additional_modules was NOT configured to include some files, those files would now be included in the bundle. For example, consider this code:

    // src/index.js
    export default {
    	async fetch() {
    		const url = new URL(request.url);
    		const name = url.pathname;
    		const value = (await import("." + name)).default;
    		return new Response(value);
    	},
    };

    Imagine if in that folder, you had these 3 files:

    // src/one.js
    export default "one";

    // src/two.js
    export default "two";

    // src/hidden/secret.js
    export default "do not share this secret";

    And your wrangler.toml was:

    name = "my-worker"
    main = "src/index.js

    Before this update:

    1. A request to anything but http://localhost:8787/ would error. For example, a request to http://localhost:8787/one.js would error with No such module "one.js".
    2. Let's configure wrangler.toml to include all .js files in the src folder:

    name = "my-worker"
    main = "src/index.js
    
    find_additional_modules = true
    rules = [
      { type = "ESModule", globs = ["*.js"]}
    ]

    Now, a request to http://localhost:8787/one.js would return the contents of src/one.js, but a request to http://localhost:8787/hidden/secret.js would error with No such module "hidden/secret.js". To include this file, you could expand the rules array to be:

    rules = [
      { type = "ESModule", globs = ["**/*.js"]}
    ]

    Then, a request to http://localhost:8787/hidden/secret.js will return the contents of src/hidden/secret.js.

    After this update:

    • Let's put the wrangler.toml back to its original configuration:

    name = "my-worker"
    main = "src/index.js

    • Now, a request to http://localhost:8787/one.js will return the contents of src/one.js, but a request to http://localhost:8787/hidden/secret.js will ALSO return the contents of src/hidden/secret.js. THIS MAY NOT BE WHAT YOU WANT. You can "fix" this in 2 ways:

      1. Remove the inline wildcard import:

      // src/index.js
      export default {
      	async fetch() {
      		const name = new URL(request.url).pathname;
      		const moduleName = "./" + name;
      		const value = (await import(moduleName)).default;
      		return new Response(value);
      	},
      };

      Now, no extra modules are included in the bundle, and a request to http://localhost:8787/hidden/secret.js will throw an error. You can use the find_additional_modules feature to include it again.

      2. Don't use the wildcard import pattern:

      // src/index.js
      import one from "./one.js";
      import two from "./two.js";
      
      export default {
      	async fetch() {
      		const name = new URL(request.url).pathname;
      		switch (name) {
      			case "/one.js":
      				return new Response(one);
      			case "/two.js":
      				return new Response(two);
      			default:
      				return new Response("Not found", { status: 404 });
      		}
      	},
      };

      Further, there may be some files that aren't modules (js/ts/wasm/text/binary/etc) that are in the folder being included (For example, a photo.jpg file). This pattern will now attempt to include them in the bundle, and throw an error. It will look like this:

      [ERROR] No loader is configured for ".png" files: src/photo.jpg

      To fix this, simply move the offending file to a different folder.

      In general, we DO NOT recommend using the wildcard import pattern. If done wrong, it can leak files into your bundle that you don't want, or make your worker slightly slower to start. If you must use it (either with a wildcard import pattern or with find_additional_modules) you must be diligent to check that your worker is working as expected and that you are not leaking files into your bundle that you don't want. You can configure eslint to disallow dynamic imports like this:

      // eslint.config.js
      export default [
      	{
      		rules: {
      			"no-restricted-syntax": [
      				"error",
      				{
      					selector: "ImportExpression[argument.type!='Literal']",
      					message:
      						"Dynamic imports with non-literal arguments are not allowed.",
      				},
      			],
      		},
      	},
      ];

• #​7334 869ec7b Thanks @​pmiguel! - Remove worker name prefix from KV namespace create

  When running wrangler kv namespace create <name>, previously the name of the namespace was automatically prefixed with the worker title, or worker- when running outside the context of a worker.
  After this change, KV namespaces will no longer get prefixed, and the name used is the name supplied, verbatim.

• #​7334 869ec7b Thanks @​penalosa! - Packages in Workers SDK now support the versions of Node that Node itself supports (Current, Active, Maintenance). Currently, that includes Node v18, v20, and v22.

Minor Changes

• #​7334 869ec7b Thanks @​emily-shen! - Include runtime types in the output of wrangler types by default

  wrangler types will now produce one file that contains both Env types and runtime types based on your compatibility date and flags. This is located at worker-configuration.d.ts by default.

  This behaviour was previously gated behind --experimental-include-runtime. That flag is no longer necessary and has been removed. It has been replaced by --include-runtime and --include-env, both of which are set to true by default. If you were previously using --x-include-runtime, you can drop that flag and remove the separate runtime.d.ts file.

  If you were previously using @cloudflare/workers-types we recommend you run uninstall (e.g. npm uninstall @​cloudflare/workers-types) and run wrangler types instead. Note that @cloudflare/workers-types will continue to be published.

• #​7334 869ec7b Thanks @​penalosa! - feat: prompt users to rerun wrangler types during wrangler dev

  If a generated types file is found at the default output location of wrangler types (worker-configuration.d.ts), remind users to rerun wrangler types if it looks like they're out of date.

Patch Changes

• Updated dependencies [869ec7b, 869ec7b]:
  • miniflare@4.20250310.0
  • @​cloudflare/kv-asset-handler@​0.4.0

v3.114.1

Compare Source

Patch Changes

• #​8383 8d6d722 Thanks @​matthewdavidrodgers! - Make kv bulk put --local respect base64:true

  The bulk put api has an optional "base64" boolean property for each key.
  Before storing the key, the value should be decoded from base64.

  For real (remote) kv, this is handled by the rest api. For local kv, it
  seems the base64 field was ignored, meaning encoded base64 content was
  stored locally rather than the raw values.

  To fix, we need to decode each value before putting to the local
  miniflare namespace when base64 is true.

• #​8273 e3efd68 Thanks @​penalosa! - Support AI, Vectorize, and Images bindings when using @cloudflare/vite-plugin

• #​8427 a352798 Thanks @​vicb! - update unenv-preset dependency to fix bug with Performance global

  Fixes #​8407
  Fixes #​8409
  Fixes #​8411

• #​8390 53e6323 Thanks @​GregBrimble! - Parse and apply metafiles (_headers and _redirects) in wrangler dev for Workers Assets

• #​8392 4d9d9e6 Thanks @​jahands! - fix: retry zone and route lookup API calls

  In rare cases, looking up Zone or Route API calls may fail due to transient errors. This change improves the reliability of wrangler deploy when these errors occur.

  Also fixes a rare issue where concurrent API requests may fail without correctly throwing an error which may cause a deployment to incorrectly appear successful.

• Updated dependencies [8242e07, 53e6323]:

  • miniflare@3.20250310.0

v3.114.0

Compare Source

Minor Changes

• #​8367 7b6b0c2 Thanks @​jonesphillip! - Deprecated --id parameter in favor of --name for both the wrangler r2 bucket lifecycle and wrangler r2 bucket lock commands

v3.113.0

Compare Source

Minor Changes

• #​8300 bca1fb5 Thanks @​vicb! - Use the unenv preset for Cloudflare from @cloudflare/unenv-preset

Patch Changes

• #​8338 2d40989 Thanks @​GregBrimble! - feat: Upload _headers and _redirects if present with Workers Assets as part of wrangler deploy and wrangler versions upload.

• #​8288 cf14e17 Thanks @​CarmenPopoviciu! - feat: Add assets Proxy Worker skeleton in miniflare

  This commit implements a very basic Proxy Worker skeleton, and wires it in the "pipeline" miniflare creates for assets. This Worker will be incrementally worked on, but for now, the current implementation will forward all incoming requests to the Router Worker, thus leaving the current assets behaviour in local dev, the same.

  This is an experimental feature available under the --x-assets-rpc flag: wrangler dev --x-assets-rpc.

• #​8216 af9a57a Thanks @​ns476! - Support Images binding in wrangler types

• #​8304 fbba583 Thanks @​jahands! - chore: add concurrency and caching for Zone IDs and Workers routes lookups

  Workers with many routes can result in duplicate Zone lookups during deployments, making deployments unnecessarily slow. This compounded by the lack of concurrency when making these API requests.

  This change deduplicates these requests and adds concurrency to help speed up deployments.

• Updated dependencies [2d40989, da568e5, cf14e17, 79c7810]:

  • miniflare@3.20250224.0

v3.112.0

Compare Source

Minor Changes

• #​8256 f59d95b Thanks @​jbwcloudflare! - Add two new Queues commands: pause-delivery and resume-delivery

  These new commands allow users to pause and resume the delivery of messages to Queue Consumers

Patch Changes

• #​8274 fce642d Thanks @​emily-shen! - fix bindings to entrypoints on the same worker in workers with assets

• #​8201 2cad136 Thanks @​ichernetsky-cf! - fix: interactively list Cloudchamber deployments using labels

• #​8289 a4909cb Thanks @​penalosa! - Add the experimental --x-assets-rpc flag to gate feature work to support JSRPC with Workers + Assets projects.

• Updated dependencies [fce642d, a4909cb]:

  • miniflare@3.20250214.2

v3.111.0

Compare Source

Minor Changes

• #​7977 36ef9c6 Thanks @​jkoe-cf! - Added wrangler r2 commands for bucket lock configuration

Patch Changes

• #​8248 1cb2d34 Thanks @​GregBrimble! - feat: Omits Content-Type header for files of an unknown extension in Workers Assets

• #​7977 36ef9c6 Thanks @​jkoe-cf! - fixing the format of the R2 lifecycle rule date input to be parsed as string instead of number

---

Configuration

📅 Schedule: Branch creation - "after 1am and before 5am" in timezone EST, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7650ae0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in Stackblitz

npm i https://pkg.pr.new/svelte-ux@579

commit: 7650ae0

[github-actions]

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name	Status	Preview	Last Commit
svelte-ux	✅ Ready (View Log)	Visit Preview	7650ae0