chore(deps): update dependency wrangler to v4.90.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
wrangler (source)	4.90.0 → 4.90.1

---

Release Notes

cloudflare/workers-sdk (wrangler)

v4.90.1

Compare Source

Patch Changes

• #​13866 4e44ce6 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260507.1	1.20260508.1

• #​13837 b0cee1d Thanks @​matingathani! - Fix beta/open-beta status message ignoring printBanner: false — when a command sets printBanner: (args) => !args.json, the status banner no longer appears in JSON output

• #​13887 d878e13 Thanks @​apeacock1991! - Fix wrangler dev hanging on shutdown when remote bindings are present

  startDev() registers dev hotkeys before authenticating the user. During interactive dev sessions, the auth callback re-registers hotkeys, which updates the local unregisterHotKeys variable to a new cleanup function. However, the unregisterHotKeys value returned to callers was captured as a direct reference to the initial registration, so it would call the stale cleanup function instead of the current one.

  This has been fixed by returning a wrapper function () => unregisterHotKeys?.() instead of the variable directly. The wrapper evaluates unregisterHotKeys at call time, ensuring it always invokes the latest cleanup function even after re-registration.

• #​13867 971dfe3 Thanks @​petebacondarwin! - Fix race in RemoteProxySession.updateBindings so it waits for the remote worker to finish reloading with the new bindings before resolving

  Previously, updateBindings resolved as soon as the config update event was dispatched, long before the remote worker had been re-uploaded and the local proxy worker had unpaused. Callers that issued requests immediately afterwards could see flaky failures — typically "WebSocket connection failed" for JSRPC bindings such as service bindings or dispatch namespaces — because the local proxy worker was still in its paused state during the reload window. updateBindings now waits for the next reloadComplete event and for the local proxy worker's runtime-message queue to drain before returning, so callers can safely issue requests after await session.updateBindings(...). If the reload fails, the rejection from updateBindings carries the underlying error.

• #​13867 971dfe3 Thanks @​petebacondarwin! - Fix unhandled AbortError from wrangler dev's remote tail WebSocket when the bundle rebuilds or the dev session shuts down

  The remote-runtime tail-logs WebSocket (#activeTail in RemoteRuntimeController) was constructed with the same AbortSignal that onBundleStart aborts to cancel in-flight preview-session operations. The abort destroyed the WebSocket's underlying upgrade request with AbortError, which had no error listener attached and propagated as an unhandled exception. We now attach an error listener at WebSocket construction that ignores errors (logging at debug level), matching the safeguards already present on the terminate paths in #previewToken and teardown().

• Updated dependencies [4e44ce6, 5d936c5]:

  • miniflare@​4.20260508.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
@better-auth/api-key @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/core @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/drizzle-adapter @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/kysely-adapter @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/memory-adapter @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/mongo-adapter @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/passkey @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/prisma-adapter @ 1.6.10 pnpm-lock.yaml				🔗
@better-auth/telemetry @ 1.6.10 pnpm-lock.yaml				🔗
@cloudflare/workerd-darwin-64 @ 1.20260508.1 pnpm-lock.yaml				🔗
@cloudflare/workerd-darwin-arm64 @ 1.20260508.1 pnpm-lock.yaml				🔗
@cloudflare/workerd-linux-64 @ 1.20260508.1 pnpm-lock.yaml				🔗
@cloudflare/workerd-linux-arm64 @ 1.20260508.1 pnpm-lock.yaml				🔗
@cloudflare/workerd-windows-64 @ 1.20260508.1 pnpm-lock.yaml				🔗
better-auth @ 1.6.10 pnpm-lock.yaml				🔗
miniflare @ 4.20260508.0 pnpm-lock.yaml				🔗
workerd @ 1.20260508.1 pnpm-lock.yaml				🔗
wrangler @ 4.90.1 pnpm-lock.yaml				🔗

View complete scan results →

_{This report is generated by SafeDep Github App}

[Innei]

@renovatebot rebase

[Innei]

Superseded by #2713 (merged batch bump).