Update dependency wrangler to v4.91.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
wrangler (source)	4.88.0 → 4.91.0

---

Release Notes

cloudflare/workers-sdk (wrangler)

v4.91.0

Compare Source

Minor Changes

• #​13822 c8be316 Thanks @​edmundhung! - Add named tunnel support and tunnel shortcuts to wrangler dev

  You can now use wrangler dev --tunnel --tunnel-name <name> to start a dev session with an existing named Cloudflare Tunnel, or set --tunnel-name ahead of time and start it later by pressing t to start or close the tunnel. This gives you a stable public hostname for local development instead of the temporary trycloudflare.com URL used by Quick Tunnels.

Patch Changes

• #​13848 d4794a8 Thanks @​MattieTK! - Condense repeated environment configuration warnings

  Wrangler now summarises repeated missing vars and define entries in environment configuration warnings. Experimental unsafe warnings are also only emitted once when the field appears at both the top level and in the active environment.

• #​13894 58b4403 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260508.1	1.20260511.1

• #​13780 4352f87 Thanks @​matingathani! - Normalize legacy instance type aliases (standard → standard-1, dev → lite) to prevent phantom EDIT diffs on every deploy

• #​13834 a9e6741 Thanks @​matingathani! - fix: hotkeys now work with Caps Lock enabled

  Wrangler's dev server hotkeys (e.g. b to open browser and x to exit) did not respond when Caps Lock was enabled. These hotkeys now work consistently whether or not Caps Lock is on.

• #​13750 da664d5 Thanks @​matingathani! - fix: automatically delete log files older than 30 days and add WRANGLER_WRITE_LOGS=false to disable disk logging

  Wrangler previously accumulated log files in ~/.wrangler/logs/ indefinitely, causing some users to accumulate gigabytes of logs over time.

  Log files older than 30 days are now automatically cleaned up on the first log write. Disk logging can be disabled entirely by setting WRANGLER_WRITE_LOGS=false.

• #​13914 bdc398c Thanks @​Maximo-Guk! - preserve native shape of non-string vars in worker previews

  wrangler preview previously coerced every non-string entry in previews.vars (arrays, objects, numbers, booleans) into a plain_text binding via JSON.stringify, so at runtime the worker saw a literal string instead of the value declared in wrangler.jsonc. wrangler deploy already serializes non-string vars as json bindings so the Workers runtime parses them back into native JS values; previews now match.

  Before:

  // wrangler.jsonc — previews.vars
  { "ALLOWLIST": ["a@example.com", "b@example.com"] }
  // runtime
  typeof env.ALLOWLIST === "string" // true (was '["a@example.com","b@example.com"]')

  After:

  typeof env.ALLOWLIST === "object"; // Array.isArray(env.ALLOWLIST) === true

• #​13778 1420f10 Thanks @​maxwellpeterson! - Propagate unsafe.bindings and service binding cross_account_grant to worker previews

  Worker previews now propagate unsafe.bindings declared on the previews config block to the deployment metadata, mirroring the deploy-time behavior. Without this, internal binding shapes that wrangler doesn't yet model (notably service bindings carrying cross_account_grant) were silently dropped on previews while working fine on regular deploys. The same change wires through cross_account_grant on typed services bindings.

• Updated dependencies [58b4403, f781a2b]:

  • miniflare@​4.20260511.0

v4.90.1

Compare Source

Patch Changes

• #​13866 4e44ce6 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260507.1	1.20260508.1

• #​13837 b0cee1d Thanks @​matingathani! - Fix beta/open-beta status message ignoring printBanner: false — when a command sets printBanner: (args) => !args.json, the status banner no longer appears in JSON output

• #​13887 d878e13 Thanks @​apeacock1991! - Fix wrangler dev hanging on shutdown when remote bindings are present

  startDev() registers dev hotkeys before authenticating the user. During interactive dev sessions, the auth callback re-registers hotkeys, which updates the local unregisterHotKeys variable to a new cleanup function. However, the unregisterHotKeys value returned to callers was captured as a direct reference to the initial registration, so it would call the stale cleanup function instead of the current one.

  This has been fixed by returning a wrapper function () => unregisterHotKeys?.() instead of the variable directly. The wrapper evaluates unregisterHotKeys at call time, ensuring it always invokes the latest cleanup function even after re-registration.

• #​13867 971dfe3 Thanks @​petebacondarwin! - Fix race in RemoteProxySession.updateBindings so it waits for the remote worker to finish reloading with the new bindings before resolving

  Previously, updateBindings resolved as soon as the config update event was dispatched, long before the remote worker had been re-uploaded and the local proxy worker had unpaused. Callers that issued requests immediately afterwards could see flaky failures — typically "WebSocket connection failed" for JSRPC bindings such as service bindings or dispatch namespaces — because the local proxy worker was still in its paused state during the reload window. updateBindings now waits for the next reloadComplete event and for the local proxy worker's runtime-message queue to drain before returning, so callers can safely issue requests after await session.updateBindings(...). If the reload fails, the rejection from updateBindings carries the underlying error.

• #​13867 971dfe3 Thanks @​petebacondarwin! - Fix unhandled AbortError from wrangler dev's remote tail WebSocket when the bundle rebuilds or the dev session shuts down

  The remote-runtime tail-logs WebSocket (#activeTail in RemoteRuntimeController) was constructed with the same AbortSignal that onBundleStart aborts to cancel in-flight preview-session operations. The abort destroyed the WebSocket's underlying upgrade request with AbortError, which had no error listener attached and propagated as an unhandled exception. We now attach an error listener at WebSocket construction that ignores errors (logging at debug level), matching the safeguards already present on the terminate paths in #previewToken and teardown().

• Updated dependencies [4e44ce6, 5d936c5]:

  • miniflare@​4.20260508.0

v4.90.0

Compare Source

Minor Changes

• #​12279 248bc08 Thanks @​penalosa! - Add deprecation warning for delivery_delay in queue producer bindings

  The delivery_delay setting in [[queues.producers]] was silently having no effect since 2024. This change adds a deprecation warning when the setting is used, informing users that queue-level settings should be configured using wrangler queues update instead. The setting will be removed in a future version.

Patch Changes

• #​13853 8852b0c Thanks @​gpanders! - Fix Containers SSH config

• #​13858 e414e56 Thanks @​penalosa! - Fix wrangler whoami and account selection failing for Account API Tokens

  The /memberships fallback for Account API Tokens was checking for code 9109, but /memberships actually returns 9106 for that case. Correct the code so the fallback to /accounts triggers as intended.

• Updated dependencies []:

  • miniflare@​4.20260507.1

v4.89.1

Compare Source

Patch Changes

• #​13824 dd3baf3 Thanks @​emily-shen! - Fix container deployment being skipped for Workers for Platforms user workers

  Previously, deploying a worker with --dispatch-namespace would early-exit before calling deployContainers(), meaning container-app registration that links the image to the Durable Object namespace was never executed for WfP user workers. Container deployment now runs before the WfP early exit.

• Updated dependencies [5cf6f81]:

  • miniflare@​4.20260507.1

v4.89.0

Compare Source

Minor Changes

• #​13055 f3fed88 Thanks @​GregBrimble! - Introducing the cache configuration option for Workers.

  You can now set { cache: { enabled: true } } in your Wrangler configuration file to enable a HTTP cache in front of your Worker's fetch handler. This is also supported in [previews] configuration — previews.cache overrides the top-level cache setting for preview deployments, and falls back to the top-level value when absent. More information can be found in our documentation.

• #​13776 1a54ac5 Thanks @​petebacondarwin! - wrangler dev and other Miniflare-backed commands now run the local workerd runtime with TZ=UTC to match production

  Previously, wrangler dev (and other commands that spin up Miniflare, such as wrangler kv, wrangler d1, wrangler r2, wrangler check) inherited the host machine's timezone, so Date and Intl APIs inside a Worker observed the developer's local timezone during local development but UTC in production. This caused subtle, hard-to-debug differences between local and deployed behaviour.

  Local development now matches production. Code that previously relied on the host timezone during wrangler dev will need to either accept UTC (the production behaviour) or explicitly construct dates/formatters with the desired timezone.

Patch Changes

• #​13829 2284f20 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260504.1	1.20260506.1

• #​13841 332f527 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260506.1	1.20260507.1

• #​13777 18e833d Thanks @​matingathani! - fix: throw a clear error when _routes.json contains invalid JSON instead of silently skipping it

• #​13751 b6cea17 Thanks @​matingathani! - fix: ensure wrangler types --check --env-file does not falsely report stale types when .dev.vars exists

• #​13775 53e846a Thanks @​maxwellpeterson! - Fix wrangler preview not propagating the assets binding to preview deployments

  Previously, wrangler preview would upload the asset manifest correctly but the resulting preview deployment had no ASSETS binding (or whatever name was configured under assets.binding). Workers reading from the binding would see undefined and fail at runtime.

  The fix emits the assets binding into the deployment's env map alongside other bindings, mirroring wrangler deploy.

• #​13770 beff19c Thanks @​petebacondarwin! - Only show accounts available for the current login auth in wrangler whoami and the interactive account picker

  Wrangler now lists the intersection of /accounts and /memberships instead of either endpoint alone, dropping accounts the active OAuth token or API token has no membership in. The accounts field of wrangler whoami --json is filtered the same way. When /memberships is inaccessible to the current auth (e.g. Account API Tokens) Wrangler falls back to /accounts so those tokens continue to work as before.

• #​13832 af42fed Thanks @​gpanders! - Show containers ssh in wrangler containers --help and in wrangler containers ssh --help

  The containers ssh command was previously hidden, so it did not appear in the list of subcommands shown by wrangler containers --help, and its description was omitted from wrangler containers ssh --help. The command is now listed with its description in both places.

• Updated dependencies [2284f20, 332f527, 039bada, 1a54ac5]:

  • miniflare@​4.20260507.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	editor	91d1bcd	Commit Preview URL Branch Preview URL	May 14 2026, 12:58 PM