Wrangler
Minor Changes
#12492
3b81fc6Thanks @thomasgauvin! - feat: addwrangler tunnelcommands for managing Cloudflare TunnelsAdds a new set of commands for managing remotely-managed Cloudflare Tunnels directly from Wrangler:
wrangler tunnel create <name>- Create a new Cloudflare Tunnelwrangler tunnel list- List all tunnels in your accountwrangler tunnel info <tunnel>- Display details about a specific tunnelwrangler tunnel delete <tunnel>- Delete a tunnel (with confirmation)wrangler tunnel run <tunnel>- Run a tunnel using cloudflaredwrangler tunnel quick-start <url>- Start a temporary tunnel (Try Cloudflare)
The
runandquick-startcommands automatically download and manage the cloudflared binary, caching it in~/.wrangler/cloudflared/. Users are prompted before downloading and warned if their PATH-installed cloudflared is outdated. You can override the binary location with theCLOUDFLARED_PATHenvironment variable.All commands are marked as experimental.
Patch Changes
#12927
c9b3184Thanks @penalosa! - Bump undici from 7.18.2 to 7.24.4#12875
13df6c7Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260312.1 1.20260316.1 #12935
df0d112Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260316.1 1.20260317.1 #12928
81ee98eThanks @petebacondarwin! - Migrate chrome-devtools-patches deployment from Cloudflare Pages to Workers + AssetsThe DevTools frontend is now deployed as a Cloudflare Workers + Assets project instead of a Cloudflare Pages project. This uses
wrangler deployfor production deployments andwrangler versions uploadfor PR preview deployments.The inspector proxy origin allowlists in both wrangler and miniflare have been updated to accept connections from the new
workers.devdomain patterns, while retaining the legacypages.devpatterns for backward compatibility.#12835
c600ce0Thanks @dario-piotrowicz! - Fix execution freezing ondebuggerstatements when DevTools is not attachedPreviously,
wrangleralways sentDebugger.enableto the runtime on connection, even when DevTools wasn't open. This caused scripts to freeze ondebuggerstatements. NowDebugger.enableis only sent when DevTools is actually attached, andDebugger.disableis sent when DevTools disconnects to stop the runtime from performing debugging work.#12894
f509d13Thanks @gpanders! - Simplify description of --json optionRemove extraneous adjectives in the description of the
--jsonoption.#11888
0a7fef9Thanks @staticpayload! - Reject cross-drive module paths in Pages Functions routingOn Windows, module paths using a different drive letter could be parsed in a way that bypassed the project-root check. These paths are now parsed correctly and rejected when they resolve outside the project.
Minor Changes
#10896
351e1e1Thanks @devin-ai-integration! - feat: add--secrets-fileparameter towrangler deployandwrangler versions uploadYou can now upload secrets alongside your Worker code in a single operation using the
--secrets-fileparameter on bothwrangler deployandwrangler versions upload. The file format matches what's used bywrangler versions secret bulk, supporting both JSON and .env formats.Example usage:
wrangler deploy --secrets-file .env.production wrangler versions upload --secrets-file secrets.jsonSecrets not included in the file will be inherited from the previous version, matching the behavior of
wrangler versions secret bulk.#12873
2b9a186Thanks @gpanders! - Addwrangler containers instances <application_id>command to list container instancesLists all container instances for a given application, matching the Dash instances view. Displays instance ID, state, location, version, and creation time. Supports pagination for applications with many instances. Also adds paginated request support to the containers-shared API client.
Patch Changes
#12873
2b9a186Thanks @gpanders! - AddescapeCodeTimeoutoption toonKeyPressutility for faster Esc key detectionThe
onKeyPressutility now accepts an optionalescapeCodeTimeoutparameter that controls how long readline waits to disambiguate a standalone Esc press from multi-byte escape sequences (e.g. arrow keys). The default remains readline's built-in 500ms, but callers can pass a lower value (e.g. 25ms) for near-instant Esc handling in interactive prompts.#12676
65f1092Thanks @dario-piotrowicz! - Fix autoconfig package installation always failing at workspace rootsWhen running autoconfig at the root of a monorepo workspace, package installation commands now include the appropriate workspace root flags (
--workspace-rootfor pnpm,-Wfor yarn). This prevents errors like "Running this command will add the dependency to the workspace root" that previously occurred when configuring projects at the workspace root.Additionally, autoconfig now allows running at the workspace root if the root directory itself is listed as a workspace package (e.g.,
workspaces: ["packages/*", "."]).#12841
7b0d8f5Thanks @dario-piotrowicz! - Fix unclear error when assets upload session returns anullresponseWhen deploying assets, if the Cloudflare API returns a
nullresponse object, Wrangler now provides a clear error message asking users to retry instead of failing with a confusing error.Updated dependencies [
ade0aed]:
Minor Changes
#12853
ff543e3Thanks @gpanders! - Deprecate SSH passthrough flags inwrangler containers sshThe
--cipher,--log-file,--escape-char,--config-file,--pkcs11,--identity-file,--mac-spec,--option, and--tagflags are now deprecated. These flags expose OpenSSH-specific options that are tied to the current implementation. A future release will replace the underlying SSH transport, at which point these flags will be removed. They still function for now.#12815
e63539dThanks @NuroDev! - Support disabling persistence inunstable_startWorker()andunstable_dev()You can now disable persistence entirely by setting
persist: falsein thedevoptions:const worker = await unstable_dev("./src/worker.ts", { persist: false, });Or when using
unstable_startWorker():const worker = await unstable_startWorker({ entrypoint: "./src/worker.ts", dev: { persist: false, }, });This is useful for testing scenarios where you want to ensure a clean state on each run without any persisted data from previous runs.
Patch Changes
#12861
f7de0fdThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260310.1 1.20260312.1 #12734
8e89e85Thanks @flostellbrink! - Add back support for wrangler d1 exports with multiple tables.Example:
# All tables (default) wrangler d1 export db --output all-tables.sql # Single table (unchanged) wrangler d1 export db --output single-table.sql --table foo # Multiple tables (new) wrangler d1 export db --output multiple-tables.sql --table foo --table bar#12807
8d1e130Thanks @MaxwellCalkin! - fix:vectorizecommands now output valid jsonThis fixes:
wrangler vectorize createwrangler vectorize infowrangler vectorize insertwrangler vectorize upsertwrangler vectorize listwrangler vectorize list-vectorswrangler vectorize list-metadata-index
Also,
wrangler vectorize create --jsonnow also includes thecreated_at,modified_onanddescriptionfields.#12856
6ee18e1Thanks @dario-piotrowicz! - Fix autoconfig for Astro v6 projects to skip wrangler config generationAstro 6+ generates its own wrangler configuration on build, so autoconfig now detects the Astro version and skips creating a
wrangler.jsoncfile for projects using Astro 6 or later. This prevents conflicts between the autoconfig-generated config and Astro's built-in config generation.#12700
4bb61b9Thanks @RiscadoA! - Add client-side validation for VPC service host flagsThe
--hostname,--ipv4, and--ipv6flags onwrangler vpc service createandwrangler vpc service updatenow validate input before sending requests to the API. Previously, invalid values were accepted by the CLI and only rejected by the API with opaque error messages. Now users get clear, actionable error messages for common mistakes like passing a URL instead of a hostname, using an IP address in the--hostnameflag, or providing malformed IP addresses.
Minor Changes
#12746
211d75dThanks @NuroDev! - Add support for inheritable bindings in type generationWhen using
wrangler typeswith multiple environments, bindings from inheritable config properties (likeassets) are now correctly inherited from the top-level config in all named environments. Previously, if you definedassets.bindingat the top level with named environments, the binding would be marked as optional in the generatedEnvtype because the type generation didn't account for inheritance.Example:
{ "assets": { "binding": "ASSETS", "directory": "./public" }, "env": { "staging": {}, "production": {} } }Before this change,
ASSETSwould be typed asASSETS?: Fetcher(optional). Now,ASSETSis correctly typed asASSETS: Fetcher(required). This fix currently applies to theassetsbinding, with an extensible mechanism to support additional inheritable bindings in the future.#12826
de65c58Thanks @gabivlj! - Enable container egress interception in local dev without theexperimentalcompatibility flagContainer local development now always prepares the egress interceptor sidecar image needed for
interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.
Patch Changes
#12790
5451a7fThanks @petebacondarwin! - Bump node-forge to ^1.3.2 to address security vulnerabilitiesnode-forge had ASN.1 unbounded recursion, OID integer truncation, and ASN.1 validator desynchronization vulnerabilities. This is a bundled dependency used for local HTTPS certificate handling.
#12795
82cc2a8Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260301.1 1.20260306.1 #12811
3c67c2aThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260306.1 1.20260307.1 #12827
d645594Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260307.1 1.20260310.1 #12808
6ed249bThanks @MaxwellCalkin! - Fixwrangler d1 execute --jsonreturning"null"(string) instead ofnull(JSON null) for SQL NULL valuesWhen using
wrangler d1 execute --jsonwith local execution, SQL NULL values were incorrectly serialized as the string"null"instead of JSONnull. This produced invalid JSON output that violated RFC 4627. The fix removes the explicit null-to-string conversion so NULL values are preserved as proper JSON null in the output.#12824
9f93b54Thanks @jamesopstad! - Strip query strings from module names before writing to diskWhen bundling modules with query string suffixes (e.g.
.wasm?module), the?character was included in the output filename. Since?is not a valid filename character on Windows, this caused an ENOENT error duringwrangler dev. This was particularly visible when using Prisma Client with the D1 adapter, which imports.wasm?modulefiles.The fix strips query strings from module names before writing them to disk, while preserving correct module resolution.
#12771
b8c33f5Thanks @penalosa! - Make remote devexchange_urloptionalThe edge-preview API's
exchange_urlis now treated as optional. When unavailable or when the exchange fails, the initial token from the API response is used directly. Theprewarmstep andinspector_websockethave been removed from the remote dev flow in favour oftail_urlfor live logs.Updated dependencies [
5451a7f,82cc2a8,3c67c2a,d645594,de65c58,cb14820,a7c87d1,e4d9510]: