chore(deps): update dependency wrangler to v3.28.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
wrangler (source)	3.26.0 -> 3.28.1

---

Release Notes

cloudflare/workers-sdk (wrangler)

v3.28.1

Compare Source

Patch Changes

• #​4962 d6585178 Thanks @​mrbbot! - fix: ensure wrangler dev can reload without crashing when importing node:* modules

  The previous Wrangler release introduced a regression that caused reloads to fail when importing node:* modules. This change fixes that, and ensures these modules can always be resolved.

• #​4951 ffafe8ad Thanks @​nora-soderlund! - fix: D1 batch splitting to handle CASE as compound statement starts

v3.28.0

Compare Source

Minor Changes

• #​4499 cf9c029b Thanks @​penalosa! - feat: Support runtime-agnostic polyfills

  Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here's an example of a function that would cause Wrangler to fail to build:

  export function randomBytes(length: number) {
  	if (navigator.userAgent !== "Cloudflare-Workers") {
  		return new Uint8Array(require("node:crypto").randomBytes(length));
  	} else {
  		return crypto.getRandomValues(new Uint8Array(length));
  	}
  }

  This function should work in both Workers and Node, since it gates Node-specific functionality behind a user agent check, and falls back to the built-in Workers crypto API. Instead, Wrangler detected the node:crypto import and failed with the following error:

  ✘ [ERROR] Could not resolve "node:crypto"
  
      src/randomBytes.ts:5:36:
        5 │ ... return new Uint8Array(require('node:crypto').randomBytes(length));
          ╵                                   ~~~~~~~~~~~~~
  
    The package "node:crypto" wasn't found on the file system but is built into node.
    Add "node_compat = true" to your wrangler.toml file to enable Node.js compatibility.
  

  This change turns that Wrangler build failure into a warning, which users can choose to ignore if they know the import of node:* APIs is safe (because it will never trigger at runtime, for instance):

  ▲ [WARNING] The package "node:crypto" wasn't found on the file system but is built into node.
  
    Your Worker may throw errors at runtime unless you enable the "nodejs_compat"
    compatibility flag. Refer to
    https://developers.cloudflare.com/workers/runtime-apis/nodejs/ for more details.
    Imported from:
     - src/randomBytes.ts
  

  However, in a lot of cases, it's possible to know at build time whether the import is safe. This change also injects navigator.userAgent into esbuild's bundle settings as a predefined constant, which means that esbuild can tree-shake away imports of node:* APIs that are guaranteed not to be hit at runtime, supressing the warning entirely.

• #​4926 a14bd1d9 Thanks @​dario-piotrowicz! - feature: add a cf field to the getBindingsProxy result

  Add a new cf field to the getBindingsProxy result that people can use to mock the production
  cf (IncomingRequestCfProperties) object.

  Example:

  const { cf } = await getBindingsProxy();
  
  console.log(`country = ${cf.country}; colo = ${cf.colo}`);

Patch Changes

• #​4931 321c7ed7 Thanks @​dario-piotrowicz! - fix: make the entrypoint optional for the types command

  Currently running wrangler types against a wrangler.toml file without a defined entrypoint (main value)
  causes the command to error with the following message:

  ✘ [ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g. `wrangler types path/to/script`) or the `main` config field.
  

  However developers could want to generate types without the entrypoint being defined (for example when using getBindingsProxy), so these changes
  make the entrypoint optional for the types command, assuming modules syntax if none is specified.

• #​4867 d637bd59 Thanks @​RamIdeas! - fix: inflight requests to UserWorker which failed across reloads are now retried

  Previously, when running wrangler dev, requests inflight during a UserWorker reload (due to config or source file changes) would fail.

  Now, if those inflight requests are GET or HEAD requests, they will be reproxied against the new UserWorker. This adds to the guarantee that requests made during local development reach the latest worker.

• #​4928 4a735c46 Thanks @​sdnts! - fix: Update API calls for Sippy's endpoints

• #​4938 75bd08ae Thanks @​rozenmd! - fix: print wrangler banner at the start of every d1 command

  This PR adds a wrangler banner to the start of every D1 command (except when invoked in JSON-mode)

  For example:

v3.27.0

Compare Source

Minor Changes

• #​4877 3e7cd6e4 Thanks @​magnusdahlstrand! - fix: Do not show unnecessary errors during watch rebuilds

  When Pages is used in conjunction with a full stack framework, the framework
  build will temporarily remove files that are being watched by Pages, such as
  _worker.js and _routes.json.
  Previously we would display errors for these changes, which adds confusing and excessive messages to the Pages dev output. Now builds are skipped if a watched _worker.js or _routes.json is removed.

• #​4901 2469e9fa Thanks @​penalosa! - feature: implemented Python support in Wrangler

  Python Workers are now supported by wrangler deploy and wrangler dev.

• #​4922 4c7031a6 Thanks @​dario-piotrowicz! - feature: add a ctx field to the getBindingsProxy result

  Add a new ctx filed to the getBindingsProxy result that people can use to mock the production
  ExecutionContext object.

  Example:

  const { ctx } = await getBindingsProxy();
  ctx.waitUntil(myPromise);

Patch Changes

• #​4914 e61dba50 Thanks @​nora-soderlund! - fix: ensure d1 validation errors render user friendly messages

• #​4907 583e4451 Thanks @​mrbbot! - fix: mark R2 object and bucket not found errors as unreportable

  Previously, running wrangler r2 objects {get,put} with an object or bucket that didn't exist would ask if you wanted to report that error to Cloudflare. There's nothing we can do to fix this, so this change prevents the prompt in this case.

• #​4872 5ef56067 Thanks @​rozenmd! - fix: intercept and stringify errors thrown by d1 execute in --json mode

  Prior to this PR, if a query threw an error when run in wrangler d1 execute ... --json, wrangler would swallow the error.

  This PR returns the error as JSON. For example, the invalid query SELECT asdf; now returns the following in JSON mode:

  {
  	"error": {
  		"text": "A request to the Cloudflare API (/accounts/xxxx/d1/database/xxxxxxx/query) failed.",
  		"notes": [
  			{
  				"text": "no such column: asdf at offset 7 [code: 7500]"
  			}
  		],
  		"kind": "error",
  		"name": "APIError",
  		"code": 7500
  	}
  }

• #​4888 3679bc18 Thanks @​petebacondarwin! - fix: ensure that the Pages dev proxy server does not change the Host header

  Previously, when configuring wrangler pages dev to use a proxy to a 3rd party dev server,
  the proxy would replace the Host header, resulting in problems at the dev server if it was
  checking for cross-site scripting attacks.

  Now the proxy server passes through the Host header unaltered making it invisible to the
  3rd party dev server.

  Fixes #​4799

• #​4909 34b6ea1e Thanks @​rozenmd! - feat: add an experimental insights command to wrangler d1

  This PR adds a wrangler d1 insights <DB_NAME> command, to let D1 users figure out which of their queries to D1 need to be optimised.

  This command defaults to fetching the top 5 queries that took the longest to run in total over the last 24 hours.

  You can also fetch the top 5 queries that consumed the most rows read over the last week, for example:

  npx wrangler d1 insights northwind --sortBy reads --timePeriod 7d

  Or the top 5 queries that consumed the most rows written over the last month, for example:

  npx wrangler d1 insights northwind --sortBy writes --timePeriod 31d

  Or the top 5 most frequently run queries in the last 24 hours, for example:

  npx wrangler d1 insights northwind --sortBy count

• #​4830 48f90859 Thanks @​Lekensteyn! - fix: listen on loopback for wrangler dev port check and login

  Avoid listening on the wildcard address by default to reduce the attacker's
  surface and avoid firewall prompts on macOS.

  Relates to #​4430.

• #​4907 583e4451 Thanks @​mrbbot! - fix: ensure wrangler dev --log-level flag applied to all logs

  Previously, wrangler dev may have ignored the --log-level flag for some startup logs. This change ensures the --log-level flag is applied immediately.

• Updated dependencies [148feff6]:

  • [email protected]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.