wrangler@4.93.1
📦 cloudflare-workersView on GitHub →
🐛 5 fixes🔧 9 symbols
Summary
This patch primarily addresses security vulnerabilities by updating the `ws` dependency and fixes several inconsistencies in local development environments related to host validation and the `CF-Worker` header. It also improves authentication token precedence and error reporting in Wrangler.
🐛 Bug Fixes
- Fixed an issue where Wrangler would incorrectly accept subdomains of exact configured routes when validating /cdn-cgi/* hosts/origins in Miniflare, ensuring exact matches are now required for non-wildcard routes.
- Fixed the outbound CF-Worker header in local development environments (@cloudflare/vite-plugin, @cloudflare/vitest-pool-workers, getPlatformProxy, wrangler dev) to correctly reflect the parent zone name instead of the route pattern hostname, aligning with production behavior.
- Fixed Wrangler reading OAuth state eagerly, which caused CLOUDFLARE_API_TOKEN from .env files to be ignored in favor of potentially expired stored OAuth tokens.
- Improved Wrangler's error handling for bad-credentials API errors (code 9106) from /memberships to show actionable hints, suggesting users run `wrangler logout` / `wrangler login`.
- Wrangler now preserves sibling container image tags during local dev cleanup when multiple containers share a Dockerfile, preventing accidental removal of earlier tags.