Bump wrangler from 4.80.0 to 4.81.0

[dependabot]

Bumps wrangler from 4.80.0 to 4.81.0.

Release notes

Sourced from wrangler's releases.

wrangler@4.81.0

Minor Changes

• #12932 96ee5d4 Thanks @​thomasgauvin! - feat: add wrangler email routing and wrangler email sending commands

  Email Routing commands:

  • wrangler email routing list - list zones with email routing status
  • wrangler email routing settings <domain> - get email routing settings for a zone
  • wrangler email routing enable/disable <domain> - enable or disable email routing
  • wrangler email routing dns get/unlock <domain> - manage DNS records
  • wrangler email routing rules list/get/create/update/delete <domain> - manage routing rules (use catch-all as the rule ID for the catch-all rule)
  • wrangler email routing addresses list/get/create/delete - manage destination addresses

  Email Sending commands:

  • wrangler email sending list - list zones with email sending
  • wrangler email sending settings <domain> - get email sending settings for a zone
  • wrangler email sending enable <domain> - enable email sending for a zone or subdomain
  • wrangler email sending disable <domain> - disable email sending for a zone or subdomain
  • wrangler email sending dns get <domain> - get DNS records for a sending domain
  • wrangler email sending send - send an email using the builder API
  • wrangler email sending send-raw - send a raw MIME email message

  Also adds email_routing:write and email_sending:write OAuth scopes to wrangler login.

Patch Changes

• #13241 7d318e1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260401.1	1.20260402.1

• #13305 fa6d84f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260402.1	1.20260405.1

• #13193 78cbe37 Thanks @​dario-piotrowicz! - During autoconfig filter out Hono when there are 2 detected frameworks

  During the auto-configuration process Hono is now treated as an auxiliary framework (like Vite) and automatically filtered out when two frameworks are detected (before Hono was being filtered out only when the other framework was Waku).

• #13205 6fa5dfd Thanks @​petebacondarwin! - fix: use formatConfigSnippet for compatibility_date warning in wrangler dev

... (truncated)

Commits

• 36c2c13 Version Packages (#13251)
• fa6d84f Bump the workerd-and-workers-types group with 2 updates (#13305)
• 6fa5dfd [wrangler] Use formatConfigSnippet for compatibility_date warning in dev (#13...
• 7d318e1 Bump the workerd-and-workers-types group across 1 directory with 2 updates (#...
• 8f0c544 Make argsIgnorePattern for no-unused-vars lint rule more strict (#13180)
• 96ee5d4 feat: add wrangler email routing commands (#12932)
• 78cbe37 During autoconfig filter out Hono when there are 2 detected frameworks (#13193)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	wrangler@​4.80.0 ⏵ 4.81.0			+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Embedded URLs or IPs: npm miniflare URLs: http://fb.me/use-check-prop-types, https://fb.me/react-async-component-lifecycle-hooks, https://bit.ly/3cXEKWf, request.cf, cf.miniflare.name, https://github.com/parshap/node-sanitize-filename/blob/209c39b914c8eb48ee27bcbde64b2c7822fdf3de/index.js#L4-L37, t.style?t.style+=, http://www.w3.org/2000/svg, F.windows?, t.name.new??, https://developers.cloudflare.com/workflows/build/sleeping-and-retrying/, vnd.ahead.space, vnd.curl.car, vnd.dece.data, vnd.gmx, vnd.muvee.style, vnd.nokia.n-gage.data, vnd.oasis.opendocument.graphics, vnd.previewsystems.box, vnd.sun.xml.writer.global, vnd.dece.audio, vnd.rip, vnd.fly, vnd.in3d.spot, vnd.dece.mobile, vnd.dece.sd, vnd.dece.video, vnd.vivo, e.name??, https://tanstack.com/router/v1/docs/framework/react/guide/not-found-errors#migrating-from-notfoundroute, https://react.dev/errors/, http://www.w3.org/1998/Math/MathML, http://www.w3.org/1999/xlink, http://www.w3.org/XML/1998/namespace, https://www.cloudflare.com, https://base-ui.com/production-error/, https://miniflare.dev/get-started/migrating, https://developers.cloudflare.com/email-routing/email-workers/reply-email-workers/., example.com, https://customer-placeholder.cloudflarestream.com/, http://www.example.com, http://dogs.are.great, https://developers.facebook.com/community/threads/320013549791141/, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/FinalizationRegistry, https://dash.cloudflare.com/?account=workers/plans, https://developers.cloudflare.com/workers/about/limits/#number-of-requests-limit, https://workers.cloudflare.com?utm_source=error_footer Location: Package overview From: ? → npm/wrangler@4.81.0 → npm/miniflare@4.20260405.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/miniflare@4.20260405.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm wrangler URLs: https://developers.cloudflare.com/containers/examples/env-vars-and-secrets/, https://developers.cloudflare.com/workers/wrangler/configuration/#types-of-routes, https://developers.cloudflare.com/workers/platform/cron-triggers, https://developers.cloudflare.com/workers/wrangler/configuration/#triggers, https://developers.cloudflare.com/workers/wrangler/configuration/#limits, https://developers.cloudflare.com/workers/wrangler/configuration/#bundling, https://developers.cloudflare.com/workers/cli-wrangler/configuration#build, https://developers.cloudflare.com/workers/wrangler/configuration/#custom-builds, https://esbuild.github.io/api/#keep-names, https://blog.cloudflare.com/logpush-for-workers/, https://developers.cloudflare.com/workers/wrangler/configuration/#source-maps, https://developers.cloudflare.com/workers/platform/smart-placement/, https://developers.cloudflare.com/workers/frameworks/, https://developers.cloudflare.com/workers/wrangler/configuration/#assets, https://developers.cloudflare.com/workers/wrangler/configuration/#observability, https://developers.cloudflare.com/workers/wrangler/configuration/#environment-variables, https://developers.cloudflare.com/workers/learning/using-durable-objects, https://developers.cloudflare.com/workers/wrangler/configuration/#durable-objects, https://developers.cloudflare.com/workers/learning/how-kv-works, https://developers.cloudflare.com/workers/wrangler/configuration/#kv-namespaces, https://developers.cloudflare.com/workers/wrangler/configuration/#email-bindings, https://developers.cloudflare.com/workers/wrangler/configuration/#queues, https://developers.cloudflare.com/workers/wrangler/configuration/#r2-buckets, https://developers.cloudflare.com/workers/wrangler/configuration/#d1-databases, https://developers.cloudflare.com/workers/wrangler/configuration/#vectorize-indexes, https://developers.cloudflare.com/workers/wrangler/configuration/#hyperdrive, https://developers.cloudflare.com/workers/wrangler/configuration/#service-bindings, https://developers.cloudflare.com/workers/wrangler/configuration/#analytics-engine-datasets, https://developers.cloudflare.com/workers/wrangler/configuration/#browser-rendering, https://developers.cloudflare.com/workers/wrangler/configuration/#workers-ai, https://developers.cloudflare.com/workers/wrangler/configuration/#images, https://volta.sh/, https://github.com/nvm-sh/nvm., http://example.com, 127.0.0.1, devtools.devprod.cloudflare.dev, cloudflare-devtools.devprod.workers.dev, cloudflare-devtools.pages.dev, https://devtools.devprod.cloudflare.dev/js_app?theme=systemPreferred&debugger=true&ws=, https://workers.cloudflare.com/favicon.ico, https://devtools.devprod.cloudflare.dev Location: Package overview From: package.json → npm/wrangler@4.81.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/wrangler@4.81.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report