Wrangler Changelog

2024-02-06

3.27.0

#4877 3e7cd6e4 Thanks @magnusdahlstrand! - fix: Do not show unnecessary errors during watch rebuilds
When Pages is used in conjunction with a full stack framework, the framework build will temporarily remove files that are being watched by Pages, such as _worker.js and _routes.json. Previously we would display errors for these changes, which adds confusing and excessive messages to the Pages dev output. Now builds are skipped if a watched _worker.js or _routes.json is removed.
#4901 2469e9fa Thanks @penalosa! - feature: implemented Python support in Wrangler
Python Workers are now supported by wrangler deploy and wrangler dev.
#4922 4c7031a6 Thanks @dario-piotrowicz! - feature: add a ctx field to the getBindingsProxy result
Add a new ctx filed to the getBindingsProxy result that people can use to mock the production ExecutionContext object.
Example:
```
const { ctx } = await getBindingsProxy();ctx.waitUntil(myPromise);
```
#4914 e61dba50 Thanks @nora-soderlund! - fix: ensure d1 validation errors render user friendly messages
#4907 583e4451 Thanks @mrbbot! - fix: mark R2 object and bucket not found errors as unreportable
Previously, running wrangler r2 objects {get,put} with an object or bucket that didn’t exist would ask if you wanted to report that error to Cloudflare. There’s nothing we can do to fix this, so this change prevents the prompt in this case.
#4872 5ef56067 Thanks @rozenmd! - fix: intercept and stringify errors thrown by d1 execute in –json mode
Prior to this PR, if a query threw an error when run in wrangler d1 execute ... --json, wrangler would swallow the error.
This PR returns the error as JSON. For example, the invalid query SELECT asdf; now returns the following in JSON mode:
```
{	"error": {		"text": "A request to the Cloudflare API (/accounts/xxxx/d1/database/xxxxxxx/query) failed.",		"notes": [			{				"text": "no such column: asdf at offset 7 [code: 7500]"			}		],		"kind": "error",		"name": "APIError",		"code": 7500	}
}
```
#4888 3679bc18 Thanks @petebacondarwin! - fix: ensure that the Pages dev proxy server does not change the Host header
Previously, when configuring wrangler pages dev to use a proxy to a 3rd party dev server, the proxy would replace the Host header, resulting in problems at the dev server if it was checking for cross-site scripting attacks.
Now the proxy server passes through the Host header unaltered making it invisible to the 3rd party dev server.
Fixes #4799
#4909 34b6ea1e Thanks @rozenmd! - feat: add an experimental insights command to wrangler d1
This PR adds a wrangler d1 insights <DB_NAME> command, to let D1 users figure out which of their queries to D1 need to be optimised.
This command defaults to fetching the top 5 queries that took the longest to run in total over the last 24 hours.
You can also fetch the top 5 queries that consumed the most rows read over the last week, for example:
```
npx wrangler d1 insights northwind --sortBy reads --timePeriod 7d
```
Or the top 5 queries that consumed the most rows written over the last month, for example:
```
npx wrangler d1 insights northwind --sortBy writes --timePeriod 31d
```
Or the top 5 most frequently run queries in the last 24 hours, for example:
```
npx wrangler d1 insights northwind --sortBy count
```
#4830 48f90859 Thanks @Lekensteyn! - fix: listen on loopback for wrangler dev port check and login
Avoid listening on the wildcard address by default to reduce the attacker’s surface and avoid firewall prompts on macOS.
Relates to #4430.
#4907 583e4451 Thanks @mrbbot! - fix: ensure wrangler dev --log-level flag applied to all logs
Previously, wrangler dev may have ignored the --log-level flag for some startup logs. This change ensures the --log-level flag is applied immediately.
Updated dependencies [ 148feff6]:
- miniflare@3.20240129.1

2024-01-31

3.26.0

#4847 6968e11f Thanks @dario-piotrowicz! - feature: expose new (no-op) caches field in getBindingsProxy result
Add a new caches field to the getBindingsProxy result, such field implements a no operation (no-op) implementation of the runtime caches
Note: Miniflare exposes a proper caches mock, we will want to use that one in the future but issues regarding it must be ironed out first, so for the time being a no-op will have to do
#4860 b92e5ac0 Thanks @Sibirius! - fix: allow empty strings in secret:bulk upload
Previously, the secret:bulk command would fail if any of the secrets in the secret.json file were empty strings and they already existed remotely.
#4869 fd084bc0 Thanks @jculvey! - feature: Expose AI bindings to getBindingsProxy.
The getBindingsProxy utility function will now contain entries for any AI bindings specified in wrangler.toml.
#4880 65da40a1 Thanks @petebacondarwin! - fix: do not attempt login during dry-run
The “standard pricing” warning was attempting to make an API call that was causing a login attempt even when on a dry-run. Now this warning is disabled during dry-runs.
Fixes #4723
#4819 6a4cb8c6 Thanks @magnusdahlstrand! - fix: Use appropriate logging levels when parsing headers and redirects in wrangler pages dev.
Updated dependencies [ 1e424ff2, 749fa3c0]:
- miniflare@3.20240129.0

2024-01-26

3.25.0

#4815 030360d6 Thanks @jonesphillip! - feature: adds support for configuring Sippy with Google Cloud Storage (GCS) provider.
Sippy (https://developers.cloudflare.com/r2/data-migration/sippy/) now supports Google Cloud Storage. This change updates the wrangler r2 sippy commands to take a provider (AWS or GCS) and appropriate configuration arguments. If you don’t specify --provider argument then the command will enter an interactive flow for the user to set the configuration. Note that this is a breaking change from the previous behaviour where you could configure AWS as the provider without explictly specifying the --provider argument. (This breaking change is allowed in a minor release because the Sippy feature and wrangler r2 sippy commands are marked as beta.)
#4841 10396125 Thanks @rozenmd! - fix: replace D1’s dashed time-travel endpoints with underscored ones
D1 will maintain its d1/database/${databaseId}/time-travel/* endpoints until GA, at which point older versions of wrangler will start throwing errors to users, asking them to upgrade their wrangler version to continue using Time Travel via CLI.
#4656 77b0bce3 Thanks @petebacondarwin! - fix: ensure upstream_protocol is passed to the Worker
In wrangler dev it is possible to set the upstream_protocol, which is the protocol under which the User Worker believes it has been requested, as recorded in the request.url that can be used for forwarding on requests to the origin.
Previously, it was not being passed to wrangler dev in local mode. Instead it was always set to http.
Note that setting upstream_protocol to http is not supported in wrangler dev remote mode, which is the case since Wrangler v2.0.
This setting now defaults to https in remote mode (since that is the only option), and to the same as local_protocol in local mode.
Fixes #4539
#4810 6eb2b9d1 Thanks @gabivlj! - fix: Cloudchamber command shows json error message on load account if –json specified
If the user specifies a json option, we should see a more detailed error on why loadAccount failed.
#4820 b01c1548 Thanks @mrbbot! - fix: show up-to-date sources in DevTools when saving source files
Previously, DevTools would never refresh source contents after opening a file, even if it was updated on-disk. This could cause issues with step-through debugging as breakpoints set in source files would map to incorrect locations in bundled Worker code. This change ensures DevTools’ source cache is cleared on each reload, preventing outdated sources from being displayed.
Updated dependencies [ 8166eefc]:
- miniflare@3.20231218.4

2024-01-23

3.24.0

#4523 9f96f28b Thanks @dario-piotrowicz! - Add new getBindingsProxy utility to the wrangler package
The new utility is part of wrangler’s JS API (it is not part of the wrangler CLI) and its use is to provide proxy objects to bindings, such objects can be used in Node.js code as if they were actual bindings
The utility reads the wrangler.toml file present in the current working directory in order to discern what bindings should be available (a wrangler.json file can be used too, as well as config files with custom paths).
Example
Assuming that in the current working directory there is a wrangler.toml file with the following content:
```
[[kv_namespaces]]
binding = "MY_KV"
id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```
The utility could be used in a nodejs script in the following way:
```
import { getBindingsProxy } from "wrangler";

const { bindings, dispose } = await getBindingsProxy();

try {	const myKv = bindings.MY_KV;	const kvValue = await myKv.get("my-kv-key");
	console.log(`KV Value = ${kvValue}`);
} finally {	await dispose();
}
```
#3427 b79e93a3 Thanks @ZakKemble! - fix: Use Windows SYSTEMROOT env var for finding netstat
Currently, the drive letter of os.homedir() (the user’s home directory) is used to build the path to netstat.exe. However, user directories are not always on the same drive as the Windows installation, in which case the path to netstat will be incorrect. Now we use the %SYSTEMROOT% environment variable which correctly points to the installation path of Windows.
#4768 c3e410c2 Thanks @petebacondarwin! - ci: bump undici versions to 5.28.2
Updated dependencies [ c3e410c2]:
- miniflare@3.20231218.3

2024-01-18

3.23.0

#4310 dae30015 Thanks @gabivlj! - Added wrangler cloudchamber commands
See #4310 for more details.
#4674 54ea6a53 Thanks @matthewdavidrodgers! - Fix usage of patch API in bulk secrets update
Only specifying the name and type of a binding instructs the patch API to copy the existing binding over - but we were including the contents of the binding as well. Normally that’s OK, but there are some subtle differences between what you specify to create a binding vs what it looks like once it’s created, specifically for Durable Objects. So instead, we just use the simpler inheritance.
#4772 4a9f03cf Thanks @mrbbot! - fix: ensure dev server doesn’t change request URLs
Previously, Wrangler’s dev server could change incoming request URLs unexpectedly (e.g. rewriting http://localhost:8787//test to http://localhost:8787/test). This change ensures URLs are passed through without modification.
Fixes #4743.

2.21.0

#4765 2732007d Thanks @mrbbot! - chore: bump miniflare to 2.14.2

2024-01-16

3.22.5

#4707 96a27f3d Thanks @mrbbot! - fix: only offer to report unknown errors
Previously, Wrangler would offer to report any error to Cloudflare. This included errors caused by misconfigurations or invalid commands. This change ensures those types of errors aren’t reported.
#4676 078cf84d Thanks @dario-piotrowicz! - make sure the script path is correctly resolved in pages dev when no directory is specified
#4722 5af6df13 Thanks @mrbbot! - fix: don’t require auth for wrangler r2 object --local operations
Previously, Wrangler would ask you to login when reading or writing from local R2 buckets. This change ensures no login prompt is displayed, as authentication isn’t required for these operations.
#4719 c37d94b5 Thanks @mrbbot! - fix: ensure miniflare and wrangler can source map in the same process
Previously, if in a wrangler dev session you called console.log() and threw an unhandled error you’d see an error like [ERR_ASSERTION]: The expression evaluated to a falsy value. This change ensures you can do both of these things in the same session.
#4683 24147166 Thanks @mrbbot! - fix: ensure logs containing at not truncated to at [object Object]
Previously, logs containing at were always treated as stack trace call sites requiring source mapping. This change updates the call site detection to avoid false positives.
#4748 3603a60d Thanks @Cherry! - fix: resolve imports in a more node-like fashion for packages that do not declare exports
Previously, trying to import a file that wasn’t explicitly exported from a module would result in an error, but now, better attempts are made to resolve the import using node’s module resolution algorithm. It’s now possible to do things like this:
```
import JPEG_DEC_WASM from "@jsquash/jpeg/codec/dec/mozjpeg_dec.wasm";
```
This works even if the mozjpeg_dec.wasm file isn’t explicitly exported from the @jsquash/jpeg module.
Fixes #4726
#4687 0a488f66 Thanks @mrbbot! - fix: remove confusing --local messaging from wrangler pages dev
Running wrangler pages dev would previously log a warning saying --local is no longer required even though --local was never set. This change removes this warning.
Updated dependencies [ 4f6999ea, c37d94b5]:
- miniflare@3.20231218.2

2024-01-09

3.22.4

#4699 4b4c1416 Thanks @mrbbot! - fix: prevent repeated reloads with circular service bindings
wrangler@3.19.0 introduced a bug where starting multiple wrangler dev sessions with service bindings to each other resulted in a reload loop. This change ensures Wrangler only reloads when dependent wrangler dev sessions start/stop.

2024-01-04

3.22.3

#4693 93e88c43 Thanks @mrbbot! - fix: ensure wrangler dev exits with code 0 on clean exit
Previously, wrangler dev would exit with a non-zero exit code when pressing CTRL+C or x. This change ensures wrangler exits with code 0 in these cases.
#4630 037de5ec Thanks @petebacondarwin! - fix: ensure User Worker gets the correct Host header in wrangler dev local mode
Some full-stack frameworks, such as Next.js, check that the Host header for a server side action request matches the host where the application is expected to run.
In wrangler dev we have a Proxy Worker in between the browser and the actual User Worker. This Proxy Worker is forwarding on the request from the browser, but then the actual User Worker is running on a different host:port combination than that which the browser thinks it should be on. This was causing the framework to think the request is malicious and blocking it.
Now we update the request’s Host header to that passed from the Proxy Worker in a custom MF-Original-Url header, but only do this if the request also contains a shared secret between the Proxy Worker and User Worker, which is passed via the MF-Proxy-Shared-Secret header. This last feature is to prevent a malicious website from faking the Host header in a request directly to the User Worker.
Fixes https://github.com/cloudflare/next-on-pages/issues/588
#4695 0f8a03c0 Thanks @mrbbot! - fix: ensure API failures without additional messages logged correctly
#4693 93e88c43 Thanks @mrbbot! - fix: ensure wrangler pages dev exits cleanly
Previously, pressing CTRL+C or x when running wrangler pages dev wouldn’t actually exit wrangler. You’d need to press CTRL+C a second time to exit the process. This change ensures wrangler exits the first time.
#4696 624084c4 Thanks @mrbbot! - fix: include additional modules in largest dependencies warning
If your Worker fails to deploy because it’s too large, Wrangler will display of list of your Worker’s largest dependencies. Previously, this just included JavaScript dependencies. This change ensures additional module dependencies (e.g. WebAssembly, text blobs, etc.) are included when computing this list.
Updated dependencies [ 037de5ec]:
- miniflare@3.20231218.1

2024-01-02

3.22.2

#4600 4233e514 Thanks @mrbbot! - fix: apply source mapping to deployment validation errors
Previously if a Worker failed validation during wrangler deploy, the displayed error would reference locations in built JavaScript files. This made it more difficult to debug validation errors. This change ensures these errors are now source mapped, referencing locations in source files instead.
#4440 15717333 Thanks @mrbbot! - fix: automatically create required directories for wrangler r2 object get
Previously, if you tried to use wrangler r2 object get with an object name containing a / or used the --file flag with a path containing a /, and the specified directory didn’t exist, Wrangler would throw an ENOENT error. This change ensures Wrangler automatically creates required parent directories if they don’t exist.
#4592 20da658e Thanks @mrbbot! - fix: throw helpful error if email validation required
Previously, Wrangler would display the raw API error message and code if email validation was required during wrangler deploy. This change ensures a helpful error message is displayed instead, prompting users to check their emails or visit the dashboard for a verification link.
#4597 e1d50407 Thanks @mrbbot! - fix: suggest checking permissions on authentication error with API token set
#4593 c370026d Thanks @mrbbot! - fix: include messages from API in errors
#4588 4e5ed0b2 Thanks @mrbbot! - fix: require worker name for rollback
Previously, Wrangler would fail with a cryptic error if you tried to run wrangler rollback outside of a directory containing a Wrangler configuration file with a name defined. This change validates that a worker name is defined, and allows you to set it from the command line using the --name flag.
Updated dependencies [ c410ea14]:
- miniflare@3.20231218.0

Wrangler Changelog

​​ 2024-02-06

​​ 3.27.0

​​ 2024-01-31

​​ 3.26.0

​​ 2024-01-26

​​ 3.25.0

​​ 2024-01-23

​​ 3.24.0

​​ Example

​​ 2024-01-18

​​ 3.23.0

​​ 2.21.0

​​ 2024-01-16

​​ 3.22.5

​​ 2024-01-09

​​ 3.22.4

​​ 2024-01-04

​​ 3.22.3

​​ 2024-01-02

​​ 3.22.2

2024-02-06

3.27.0

2024-01-31

3.26.0

2024-01-26

3.25.0

2024-01-23

3.24.0

Example

2024-01-18

3.23.0

2.21.0

2024-01-16

3.22.5

2024-01-09

3.22.4

2024-01-04

3.22.3

2024-01-02

3.22.2