Skip to content

chore(deps): bump undici and wrangler#1029

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-50dbf4ce0a
Open

chore(deps): bump undici and wrangler#1029
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-50dbf4ce0a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps undici to 8.7.0 and updates ancestor dependency wrangler. These dependencies need to be updated together.

Updates undici from 7.24.1 to 8.7.0

Release notes

Sourced from undici's releases.

v8.7.0

What's Changed

New Contributors

Full Changelog: nodejs/undici@v8.6.0...v8.7.0

v8.6.0

What's Changed

... (truncated)

Commits
  • cb4c2f1 Bumped v8.7.0 (#5501)
  • a8d1a95 fix: auto-detect HTTP proxy tunneling (#5116)
  • cb30e58 fix: add static buildDispatch method to RedirectHandler type definition (#5442)
  • 0c08579 fix(h2): requeue request on GOAWAY'd session instead of crashing (#5453)
  • e5b3364 fix(h2): guard onResponse against a 'response' event delivered after completi...
  • c0007f4 docs: add reproduction guide and update bug report template (#5451)
  • e529cab fix: ignore an unparseable Set-Cookie Expires attribute (#5488)
  • 754742c fix(h2): destroy the stream on abort instead of relying on close() (#5462)
  • db34f5f fix(readable): ignore late consume chunks (#5375)
  • 4ea05a8 fix: reject non-ascii octets in validateCookiePath (#5452)
  • Additional commits viewable in compare view

Updates wrangler from 4.65.0 to 4.108.0

Release notes

Sourced from wrangler's releases.

wrangler@4.108.0

Minor Changes

  • #14312 54f74b8 Thanks @​MattieTK! - Delegate agent-driven static Pages deploys to Workers

    When wrangler pages deploy or wrangler pages project create is run by an AI coding agent against a brand-new, purely static project, Wrangler now delegates it to Workers static assets (using autoconfig) instead of Cloudflare Pages. Accounts that already have Cloudflare Pages projects, non-agent (human) sessions, and projects using Pages features that can't be carried across to Workers (Pages Functions, a _worker.js, or a _routes.json file) are unaffected and continue to use Pages. Passing --force to either command opts out of the delegation and deploys to Pages directly. Once the Workers deploy starts it is not silently swapped back to Pages: if it fails, the error is surfaced and the --force opt-out is suggested.

Patch Changes

  • #14567 0852346 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler", "create-cloudflare"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260702.1 1.20260706.1
    @​cloudflare/workers-types 4.20260702.1 5.20260706.1
  • #14312 54f74b8 Thanks @​MattieTK! - Avoid silently overwriting an existing Worker during non-interactive deploys that cannot prove they own the name

    A non-interactive deploy (an agent, CI, or the agent-delegated wrangler pages deploy) has no way to prompt before overwriting a Worker, so it now stops if the target name is already taken and this run cannot show it owns that Worker. This applies when there is no Wrangler configuration file naming the Worker and either the name was generated automatically or the deploy is the Pages-to-Workers delegation (where the name carried across is a Pages project name, not proof of Worker ownership). The check reuses the service metadata the deploy already fetches, so it adds no extra API calls.

    Deploys are unaffected when a configuration file names the Worker (so repeat deployments continue to update it), and interactive deploys keep their existing confirmation flow. To update an existing Worker in one of the guarded cases, add a Wrangler configuration file naming it, or deploy under a different name.

  • Updated dependencies [0852346]:

    • miniflare@4.20260706.0

wrangler@4.107.1

Patch Changes

  • #14514 d88555e Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260701.1 1.20260702.1
  • #14564 5fd8bee Thanks @​jibin7jose! - Fix an issue where wrangler dev would not override config vars with values from .dev.vars during local development when the secrets field was defined in the configuration file.

  • #14332 5d9990e Thanks @​Divkix! - Fix misleading error guidance when deploying a new Worker with secrets.required

    When a Worker declares secrets.required and has never been deployed before, the previous error message suggested running wrangler secret put <NAME>, which doesn't work because the Worker doesn't exist yet.

    The one path that does work — wrangler deploy --secrets-file <path> — was not mentioned anywhere in the error output.

    The pre-deploy error now explains that wrangler secret put cannot be used for a new Worker, and directs users to the --secrets-file flag instead. The post-deploy error for existing Workers now also mentions --secrets-file alongside wrangler secret put.

  • #14507 bf49a41 Thanks @​joey727! - Fix a potential crash when displaying certain CLI output

... (truncated)

Commits
  • e57b77c Version Packages (#14592)
  • 0852346 Bump the workerd-and-workers-types group with 2 updates (#14567)
  • 54f74b8 [wrangler] Experiment: redirect agent-driven static Pages deploys to Workers ...
  • c5d5e89 Version Packages (#14536)
  • 5fd8bee fix(wrangler): override config vars with .dev.vars when secrets is de… (#14564)
  • f416dd9 [miniflare] Key local rate limit counters by namespace_id (#14572)
  • b973ed3 fix(wrangler): emit an error event for watch-mode rebuild failures (#14561)
  • b8439fb [miniflare][wrangler] Fix Windows CI flakes: local-explorer ECONNRESET retry,...
  • 1ca8d8f [wrangler] Upgrade signal-exit to v4 for ESM compatibility (#14570)
  • 5d9990e [wrangler] Fix first-deploy guidance for required secrets (#14332)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [undici](https://github.com/nodejs/undici) to 8.7.0 and updates ancestor dependency [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler). These dependencies need to be updated together.


Updates `undici` from 7.24.1 to 8.7.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.24.1...v8.7.0)

Updates `wrangler` from 4.65.0 to 4.108.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.108.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 8.7.0
  dependency-type: indirect
- dependency-name: wrangler
  dependency-version: 4.108.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 8, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
landing-page b15726e Jul 08 2026, 03:20 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants