build(deps-dev): bump wrangler from 4.90.1 to 4.91.0 in /cornucopia.owasp.org

[dependabot]

Bumps wrangler from 4.90.1 to 4.91.0.

Release notes

Sourced from wrangler's releases.

wrangler@4.91.0

Minor Changes

• #13822 c8be316 Thanks @​edmundhung! - Add named tunnel support and tunnel shortcuts to wrangler dev

  You can now use wrangler dev --tunnel --tunnel-name <name> to start a dev session with an existing named Cloudflare Tunnel, or set --tunnel-name ahead of time and start it later by pressing t to start or close the tunnel. This gives you a stable public hostname for local development instead of the temporary trycloudflare.com URL used by Quick Tunnels.

Patch Changes

• #13848 d4794a8 Thanks @​MattieTK! - Condense repeated environment configuration warnings

  Wrangler now summarises repeated missing vars and define entries in environment configuration warnings. Experimental unsafe warnings are also only emitted once when the field appears at both the top level and in the active environment.

• #13894 58b4403 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260508.1	1.20260511.1

• #13780 4352f87 Thanks @​matingathani! - Normalize legacy instance type aliases (standard → standard-1, dev → lite) to prevent phantom EDIT diffs on every deploy

• #13834 a9e6741 Thanks @​matingathani! - fix: hotkeys now work with Caps Lock enabled

  Wrangler's dev server hotkeys (e.g. b to open browser and x to exit) did not respond when Caps Lock was enabled. These hotkeys now work consistently whether or not Caps Lock is on.

• #13750 da664d5 Thanks @​matingathani! - fix: automatically delete log files older than 30 days and add WRANGLER_WRITE_LOGS=false to disable disk logging

  Wrangler previously accumulated log files in ~/.wrangler/logs/ indefinitely, causing some users to accumulate gigabytes of logs over time.

  Log files older than 30 days are now automatically cleaned up on the first log write. Disk logging can be disabled entirely by setting WRANGLER_WRITE_LOGS=false.

• #13914 bdc398c Thanks @​Maximo-Guk! - preserve native shape of non-string vars in worker previews

  wrangler preview previously coerced every non-string entry in previews.vars (arrays, objects, numbers, booleans) into a plain_text binding via JSON.stringify, so at runtime the worker saw a literal string instead of the value declared in wrangler.jsonc. wrangler deploy already serializes non-string vars as json bindings so the Workers runtime parses them back into native JS values; previews now match.

  Before:

  // wrangler.jsonc — previews.vars
  { "ALLOWLIST": ["a@example.com", "b@example.com"] }
  // runtime
  typeof env.ALLOWLIST === "string" // true (was '["a@example.com","b@example.com"]')

  After:

  typeof env.ALLOWLIST === "object"; // Array.isArray(env.ALLOWLIST) === true

... (truncated)

Commits

• adbf8cb Version Packages (#13895)
• 7ce6f6f feat(vite-plugin-cloudflare): named tunnel support (#13903)
• bdc398c fix(wrangler): preserve native shape of non-string vars in worker previews (#...
• c8be316 feat(wrangler): named tunnel support (#13822)
• 1420f10 fix(wrangler): propagate unsafe.bindings and cross_account_grant to worker pr...
• a9e6741 [wrangler] fix: hotkeys work with Caps Lock enabled (#13834)
• 58b4403 Bump the workerd-and-workers-types group with 2 updates (#13894)
• da664d5 [wrangler] fix: auto-delete logs older than 7 days and add WRANGLER_LOG_DISK ...
• 4352f87 [wrangler] fix: normalize legacy instance type aliases to prevent phantom EDI...
• See full diff in compare view

[sydseter]

@dependabot rebase