Bump wrangler from 3.28.4 to 4.45.0 in the npm-major group

[dependabot]

Bumps the npm-major group with 1 update: wrangler.

Updates wrangler from 3.28.4 to 4.45.0

Release notes

Sourced from wrangler's releases.

wrangler@4.45.0

Minor Changes

• #11030 1a8088a Thanks @​penalosa! - Enable automatic resource provisioning by default in Wrangler. This is still an experimental feature, but we're turning on the flag by default to make it easier for people to test it and try it out. You can disable the feature using the --no-x-provision flag. It currently works for R2, D1, and KV bindings.

  To use this feature, add a binding to your config file without a resource ID:

  {
  	"kv_namespaces": [{ "binding": "MY_KV" }],
  	"d1_databases": [{ "binding": "MY_DB" }],
  	"r2_buckets": [{ "binding": "MY_R2" }],
  }

  wrangler dev will automatically create these resources for you locally, and when you next run wrangler deploy Wrangler will call the Cloudflare API to create the requested resources and link them to your Worker. They'll stay linked across deploys, and you don't need to add the resource IDs to the config file for future deploys to work. This is especially good for shared templates, which now no longer need to include account-specific resource ID when adding a binding.

Patch Changes

• #11037 4bd4c29 Thanks @​danielrs! - Better Wrangler subdomain defaults warning.

  Improves the warnings that we show users when either worker_dev or preview_urls are missing.

• #10927 31e1330 Thanks @​dom96! - Implements python_modules.excludes wrangler config field

  [python_modules]
  excludes = ["**/*.pyc", "**/__pycache__"]

• #10741 2f57345 Thanks @​penalosa! - Remove obsolete --x-remote-bindings flag

• Updated dependencies [ca6c010]:

  • miniflare@4.20251011.1

wrangler@4.44.0

Minor Changes

• #10939 d4b4c90 Thanks @​danielrs! - Config preview_urls defaults to workers_dev value.

  Originally, we were defaulting config.preview_urls to true, but we were accidentally enabling Preview URLs for users that only had config.workers_dev=false.

  Then, we set the default value of config.preview_urls to false, but we were accidentally disabling Preview URLs for users that only had config.workers_dev=true.

  Rather than defaulting config.preview_urls to true or false, we default to the resolved value of config.workers_dev. Should result in a

... (truncated)

Changelog

Sourced from wrangler's changelog.

4.45.0

Minor Changes

• #11030 1a8088a Thanks @​penalosa! - Enable automatic resource provisioning by default in Wrangler. This is still an experimental feature, but we're turning on the flag by default to make it easier for people to test it and try it out. You can disable the feature using the --no-x-provision flag. It currently works for R2, D1, and KV bindings.

  To use this feature, add a binding to your config file without a resource ID:

  {
  	"kv_namespaces": [{ "binding": "MY_KV" }],
  	"d1_databases": [{ "binding": "MY_DB" }],
  	"r2_buckets": [{ "binding": "MY_R2" }],
  }

  wrangler dev will automatically create these resources for you locally, and when you next run wrangler deploy Wrangler will call the Cloudflare API to create the requested resources and link them to your Worker. They'll stay linked across deploys, and you don't need to add the resource IDs to the config file for future deploys to work. This is especially good for shared templates, which now no longer need to include account-specific resource ID when adding a binding.

Patch Changes

• #11037 4bd4c29 Thanks @​danielrs! - Better Wrangler subdomain defaults warning.

  Improves the warnings that we show users when either worker_dev or preview_urls are missing.

• #10927 31e1330 Thanks @​dom96! - Implements python_modules.excludes wrangler config field

  [python_modules]
  excludes = ["**/*.pyc", "**/__pycache__"]

• #10741 2f57345 Thanks @​penalosa! - Remove obsolete --x-remote-bindings flag

• Updated dependencies [ca6c010]:

  • miniflare@4.20251011.1

4.44.0

Minor Changes

• #10939 d4b4c90 Thanks @​danielrs! - Config preview_urls defaults to workers_dev value.

  Originally, we were defaulting config.preview_urls to true, but we were accidentally enabling Preview URLs for users that only had config.workers_dev=false.

  Then, we set the default value of config.preview_urls to false, but we were accidentally disabling Preview URLs for users that only had config.workers_dev=true.

... (truncated)

Commits

• a5eb513 Version Packages (#11054)
• 2f57345 Remove remote bindings flag (#10741)
• 1a8088a Enable provisioning by default (#11030)
• 4bd4c29 wrangler: feat: better wrangler subdomain defaults warning (#11037)
• 31e1330 Configurable rules for exclusions in bundling of python_modules (#10927)
• b57cd44 rename !legacyEnv to useServiceEnvironments (#10903)
• 0bfbfa0 Version Packages (#10980)
• 1a2bbf8 Set default values when statically replacing process.env.NODE_ENV (#11027)
• daa3529 Change AI model in tests (#11035)
• cf16deb CC-6280: Correctly handle image names that contain a slash (#11007)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​wrangler@​3.28.4 ⏵ 4.51.0	+1		-2	+1

View full report