Skip to content

build(deps): bump undici and wrangler#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-ab58453135
Open

build(deps): bump undici and wrangler#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-ab58453135

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Bumps undici to 7.24.8 and updates ancestor dependency wrangler. These dependencies need to be updated together.

Updates undici from 7.18.2 to 7.24.8

Release notes

Sourced from undici's releases.

v7.24.8

What's Changed

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

v7.24.5

What's Changed

... (truncated)

Commits
  • 7a6f7fe Bumped v7.24.8 (#5020)
  • 1f85ae4 fix: avoid 401 failures for stream-backed request bodies (#4941) (#5006)
  • c661067 chore: update v7.x maintenance release flow
  • 84f23e2 Bumped v7.24.7 (#4947)
  • a770b10 ignore AGENTS.md (#4942)
  • 6acd19b fix: correctly handle multi-value rawHeaders in fetch (#4938)
  • 1da1c74 test: skip IPv6 tests when IPv6 is not available (#4939)
  • 04cb773 fix(types): Fix clone method type declaration to be an instance method rather...
  • 5145a7c fix(types): align Response with DOM fetch types (#4867)
  • ec23620 test: skip flaky macOS Node 20 cookie fetch cases
  • Additional commits viewable in compare view

Updates wrangler from 4.69.0 to 4.93.0

Release notes

Sourced from wrangler's releases.

wrangler@4.93.0

Minor Changes

  • #13901 aac7ca0 Thanks @​bghira! - Add wrangler ai models schema command for fetching model schemas

    You can now run wrangler ai models schema <model> to fetch the input and output schema for a Workers AI model from the public model catalog schema endpoint.

  • #12656 ae047ee Thanks @​mikenomitch! - Add --containers-rollout=none

    This allows you to skip deploying a container. This is useful if you know that your container is not going to be updated or you don't have Docker locally, but still want to make changes to your Worker.

  • #13901 aac7ca0 Thanks @​bghira! - Add wrangler ai models list command for querying the Workers AI model catalog

    wrangler ai models list accepts --search, --task, --author, --source, and --hide-experimental, matching the public model catalog search endpoint.

Patch Changes

  • #13948 b25dc0d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260515.1 1.20260518.1

  • #13882 a4f22bc Thanks @​matingathani! - Throw a clear error when a D1 migration is cancelled instead of silently returning

  • #13950 f78d435 Thanks @​dario-piotrowicz! - Improve the Docker CLI error message to be more actionable.

    Include a link to Docker installation docs, platform-specific instructions for starting the daemon, and guidance for alternative Docker-compatible CLIs.

  • #11896 c5c9e20 Thanks @​staticpayload! - Surface remote proxy session errors

    When remote bindings fail to start, include the controller reason and root cause in the error message to make failures like missing cloudflared clearer.

  • #13932 ebf4b24 Thanks @​zebp! - Fix local Workflow startup when compatibility flags include experimental

    Miniflare now deduplicates compatibility flags for the internal Workflow engine service. This prevents wrangler dev from failing with Compatibility flag specified multiple times: experimental when the user's Worker already enables that flag.

  • #13929 895baf5 Thanks @​Caio-Nogueira! - Prompt to provision a workers.dev subdomain before deploying Workflows

    Wrangler now checks for the account-level workers.dev subdomain when deploying Workflows, even if the Worker is not being published to workers.dev. If the subdomain has not been registered yet, Wrangler prompts to create one before calling the Workflows deploy API so users avoid an opaque server-side deployment failure.

  • #13930 7bcdf45 Thanks @​shiminshen! - Sweep stale .wrangler/tmp/* dirs left behind by abnormal exits

    A wrangler dev session creates .wrangler/tmp/bundle-* and .wrangler/tmp/dev-* directories at startup and removes them via a signal-exit hook on graceful shutdown. When the process exited abnormally (SIGKILL, OOM, host crash) those directories were left behind and accumulated across sessions, slowing down dependency-walking tools that follow the bundle-emitted absolute-path imports.

    wrangler now sweeps entries in .wrangler/tmp/ older than 24 hours when a new temporary directory is requested, bounding the leak regardless of how prior sessions exited.

  • Updated dependencies [b25dc0d, ebf4b24, b27eb18]:

... (truncated)

Commits
  • ee8857f Version Packages (#13931)
  • a4f22bc [wrangler] fix: throw clear error when D1 migration execution returns null (#...
  • f78d435 Improve the Docker CLI error message to be more actionable (#13950)
  • b25dc0d Bump the workerd-and-workers-types group with 2 updates (#13948)
  • ae047ee Adds option to skip container rollout on deploy (#12656)
  • 1d8924f [wrangler] fix: update remote proxy session error test snapshots (#13935)
  • c5c9e20 [wrangler] Surface remote proxy session errors (#11896)
  • 895baf5 WOR-1251: provision workers.dev subdomain when a script has a workflo… (#13929)
  • aac7ca0 add missing model catalogue search parameters (search, task, author, source) ...
  • 7bcdf45 [wrangler] sweep stale .wrangler/tmp/* dirs at startup (#13930)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump undici and wrangler
26f2a98 
Bumps [undici](https://github.com/nodejs/undici) to 7.24.8 and updates ancestor dependency [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler). These dependencies need to be updated together.


Updates `undici` from 7.18.2 to 7.24.8
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.18.2...v7.24.8)

Updates `wrangler` from 4.69.0 to 4.93.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.93.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.8
  dependency-type: indirect
- dependency-name: wrangler
  dependency-version: 4.93.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 19, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 19, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedwrangler@​4.69.0 ⏵ 4.93.099 +110092 -396 +1100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants