Wrangler Changelog
2024-02-13
3.28.2
#4950
05360e43Thanks @petebacondarwin! - fix: ensure we do not rewrite external Origin headers in wrangler devIn https://github.com/cloudflare/workers-sdk/pull/4812 we tried to fix the Origin headers to match the Host header but were overzealous and rewrote Origin headers for external origins (outside of the proxy server’s origin).
This is now fixed, and moreover we rewrite any headers that refer to the proxy server on the request with the configured host and vice versa on the response.
This should ensure that CORS is not broken in browsers when a different host is being simulated based on routes in the Wrangler configuration.
#4997
bfeefe27Thanks @dario-piotrowicz! - chore: add missingdefineNavigatorUserAgentdependency to useEsbuild hook#4966
36692326Thanks @penalosa! - fix: Report Custom Build failures asUserErrors#5002
315a651bThanks @dario-piotrowicz! - chore: renamegetBindingsProxytogetPlatformProxyinitially
getBindingsProxywas supposed to only provide proxies for bindings, the utility has however grown, including nowcf,ctxandcaches, to clarify the increased scope the utility is getting renamed togetPlatformProxyand itsbindingsfield is getting renamedenvnote:
getBindingProxywith its signature is still kept available, making this a non breaking changeUpdated dependencies [
05360e43]:
2024-02-09
3.28.1
#4962
d6585178Thanks @mrbbot! - fix: ensurewrangler devcan reload without crashing when importingnode:*modulesThe previous Wrangler release introduced a regression that caused reloads to fail when importing
node:*modules. This change fixes that, and ensures these modules can always be resolved.#4951
ffafe8adThanks @nora-soderlund! - fix: D1 batch splitting to handle CASE as compound statement starts
2024-02-08
3.28.0
#4499
cf9c029bThanks @penalosa! - feat: Support runtime-agnostic polyfillsPreviously, Wrangler treated any imports of
node:*modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here’s an example of a function that would cause Wrangler to fail to build:export function randomBytes(length: number) {if (navigator.userAgent !== "Cloudflare-Workers") {return new Uint8Array(require("node:crypto").randomBytes(length));} else {return crypto.getRandomValues(new Uint8Array(length));}}This function should work in both Workers and Node, since it gates Node-specific functionality behind a user agent check, and falls back to the built-in Workers crypto API. Instead, Wrangler detected the
node:cryptoimport and failed with the following error:✘ [ERROR] Could not resolve "node:crypto" src/randomBytes.ts:5:36: 5 │ ... return new Uint8Array(require('node:crypto').randomBytes(length)); ╵ ~~~~~~~~~~~~~ The package "node:crypto" wasn't found on the file system but is built into node. Add "node_compat = true" to your wrangler.toml file to enable Node.js compatibility.This change turns that Wrangler build failure into a warning, which users can choose to ignore if they know the import of
node:*APIs is safe (because it will never trigger at runtime, for instance):▲ [WARNING] The package "node:crypto" wasn't found on the file system but is built into node. Your Worker may throw errors at runtime unless you enable the "nodejs_compat" compatibility flag. Refer to https://developers.cloudflare.com/workers/runtime-apis/nodejs/ for more details. Imported from: - src/randomBytes.tsHowever, in a lot of cases, it’s possible to know at build time whether the import is safe. This change also injects
navigator.userAgentintoesbuild’s bundle settings as a predefined constant, which means thatesbuildcan tree-shake away imports ofnode:*APIs that are guaranteed not to be hit at runtime, supressing the warning entirely.#4926
a14bd1d9Thanks @dario-piotrowicz! - feature: add acffield to thegetBindingsProxyresultAdd a new
cffield to thegetBindingsProxyresult that people can use to mock the productioncf(IncomingRequestCfProperties) object.Example:
const { cf } = await getBindingsProxy();console.log(`country = ${cf.country}; colo = ${cf.colo}`);#4931
321c7ed7Thanks @dario-piotrowicz! - fix: make the entrypoint optional for thetypescommandCurrently running
wrangler typesagainst awrangler.tomlfile without a defined entrypoint (mainvalue) causes the command to error with the following message:✘ [ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g. `wrangler types path/to/script`) or the `main` config field.However developers could want to generate types without the entrypoint being defined (for example when using
getBindingsProxy), so these changes make the entrypoint optional for thetypescommand, assuming modules syntax if none is specified.#4867
d637bd59Thanks @RamIdeas! - fix: inflight requests to UserWorker which failed across reloads are now retriedPreviously, when running
wrangler dev, requests inflight during a UserWorker reload (due to config or source file changes) would fail.Now, if those inflight requests are GET or HEAD requests, they will be reproxied against the new UserWorker. This adds to the guarantee that requests made during local development reach the latest worker.
#4928
4a735c46Thanks @sdnts! - fix: Update API calls for Sippy’s endpoints#4938
75bd08aeThanks @rozenmd! - fix: print wrangler banner at the start of every d1 commandThis PR adds a wrangler banner to the start of every D1 command (except when invoked in JSON-mode)
For example:
⛅️ wrangler 3.27.0 ------------------- ...#4953
d96bc7ddThanks @mrbbot! - fix: allowportoption to be specified withunstable_dev()Previously, specifying a non-zero
portwhen usingunstable_dev()would try to start two servers on thatport. This change ensures we only start the user-facing server on the specifiedport, allowunstable_dev()to startup correctly.
2024-02-06
3.27.0
#4877
3e7cd6e4Thanks @magnusdahlstrand! - fix: Do not show unnecessary errors during watch rebuildsWhen Pages is used in conjunction with a full stack framework, the framework build will temporarily remove files that are being watched by Pages, such as
_worker.jsand_routes.json. Previously we would display errors for these changes, which adds confusing and excessive messages to the Pages dev output. Now builds are skipped if a watched_worker.jsor_routes.jsonis removed.#4901
2469e9faThanks @penalosa! - feature: implemented Python support in WranglerPython Workers are now supported by
wrangler deployandwrangler dev.#4922
4c7031a6Thanks @dario-piotrowicz! - feature: add actxfield to thegetBindingsProxyresultAdd a new
ctxfiled to thegetBindingsProxyresult that people can use to mock the productionExecutionContextobject.Example:
const { ctx } = await getBindingsProxy();ctx.waitUntil(myPromise);#4914
e61dba50Thanks @nora-soderlund! - fix: ensure d1 validation errors render user friendly messages#4907
583e4451Thanks @mrbbot! - fix: mark R2 object and bucket not found errors as unreportablePreviously, running
wrangler r2 objects {get,put}with an object or bucket that didn’t exist would ask if you wanted to report that error to Cloudflare. There’s nothing we can do to fix this, so this change prevents the prompt in this case.#4872
5ef56067Thanks @rozenmd! - fix: intercept and stringify errors thrown by d1 execute in –json modePrior to this PR, if a query threw an error when run in
wrangler d1 execute ... --json, wrangler would swallow the error.This PR returns the error as JSON. For example, the invalid query
SELECT asdf;now returns the following in JSON mode:{"error": {"text": "A request to the Cloudflare API (/accounts/xxxx/d1/database/xxxxxxx/query) failed.","notes": [{"text": "no such column: asdf at offset 7 [code: 7500]"}],"kind": "error","name": "APIError","code": 7500}}#4888
3679bc18Thanks @petebacondarwin! - fix: ensure that the Pages dev proxy server does not change the Host headerPreviously, when configuring
wrangler pages devto use a proxy to a 3rd party dev server, the proxy would replace the Host header, resulting in problems at the dev server if it was checking for cross-site scripting attacks.Now the proxy server passes through the Host header unaltered making it invisible to the 3rd party dev server.
Fixes #4799
#4909
34b6ea1eThanks @rozenmd! - feat: add an experimentalinsightscommand towrangler d1This PR adds a
wrangler d1 insights <DB_NAME>command, to let D1 users figure out which of their queries to D1 need to be optimised.This command defaults to fetching the top 5 queries that took the longest to run in total over the last 24 hours.
You can also fetch the top 5 queries that consumed the most rows read over the last week, for example:
npx wrangler d1 insights northwind --sortBy reads --timePeriod 7dOr the top 5 queries that consumed the most rows written over the last month, for example:
npx wrangler d1 insights northwind --sortBy writes --timePeriod 31dOr the top 5 most frequently run queries in the last 24 hours, for example:
npx wrangler d1 insights northwind --sortBy count#4830
48f90859Thanks @Lekensteyn! - fix: listen on loopback for wrangler dev port check and loginAvoid listening on the wildcard address by default to reduce the attacker’s surface and avoid firewall prompts on macOS.
Relates to #4430.
#4907
583e4451Thanks @mrbbot! - fix: ensurewrangler dev --log-levelflag applied to all logsPreviously,
wrangler devmay have ignored the--log-levelflag for some startup logs. This change ensures the--log-levelflag is applied immediately.Updated dependencies [
148feff6]:
2024-01-31
3.26.0
#4847
6968e11fThanks @dario-piotrowicz! - feature: expose new (no-op)cachesfield ingetBindingsProxyresultAdd a new
cachesfield to thegetBindingsProxyresult, such field implements a no operation (no-op) implementation of the runtimecachesNote: Miniflare exposes a proper
cachesmock, we will want to use that one in the future but issues regarding it must be ironed out first, so for the time being a no-op will have to do#4860
b92e5ac0Thanks @Sibirius! - fix: allow empty strings in secret:bulk uploadPreviously, the
secret:bulkcommand would fail if any of the secrets in the secret.json file were empty strings and they already existed remotely.#4869
fd084bc0Thanks @jculvey! - feature: Expose AI bindings togetBindingsProxy.The
getBindingsProxyutility function will now contain entries for any AI bindings specified inwrangler.toml.#4880
65da40a1Thanks @petebacondarwin! - fix: do not attempt login during dry-runThe “standard pricing” warning was attempting to make an API call that was causing a login attempt even when on a dry-run. Now this warning is disabled during dry-runs.
Fixes #4723
#4819
6a4cb8c6Thanks @magnusdahlstrand! - fix: Use appropriate logging levels when parsing headers and redirects inwrangler pages dev.
2024-01-26
3.25.0
#4815
030360d6Thanks @jonesphillip! - feature: adds support for configuring Sippy with Google Cloud Storage (GCS) provider.Sippy (https://developers.cloudflare.com/r2/data-migration/sippy/) now supports Google Cloud Storage. This change updates the
wrangler r2 sippycommands to take a provider (AWS or GCS) and appropriate configuration arguments. If you don’t specify--providerargument then the command will enter an interactive flow for the user to set the configuration. Note that this is a breaking change from the previous behaviour where you could configure AWS as the provider without explictly specifying the--providerargument. (This breaking change is allowed in a minor release because the Sippy feature andwrangler r2 sippycommands are marked as beta.)#4841
10396125Thanks @rozenmd! - fix: replace D1’s dashed time-travel endpoints with underscored onesD1 will maintain its
d1/database/${databaseId}/time-travel/*endpoints until GA, at which point older versions of wrangler will start throwing errors to users, asking them to upgrade their wrangler version to continue using Time Travel via CLI.#4656
77b0bce3Thanks @petebacondarwin! - fix: ensure upstream_protocol is passed to the WorkerIn
wrangler devit is possible to set theupstream_protocol, which is the protocol under which the User Worker believes it has been requested, as recorded in therequest.urlthat can be used for forwarding on requests to the origin.Previously, it was not being passed to
wrangler devin local mode. Instead it was always set tohttp.Note that setting
upstream_protocoltohttpis not supported inwrangler devremote mode, which is the case since Wrangler v2.0.This setting now defaults to
httpsin remote mode (since that is the only option), and to the same aslocal_protocolin local mode.Fixes #4539
#4810
6eb2b9d1Thanks @gabivlj! - fix: Cloudchamber command shows json error message on load account if –json specifiedIf the user specifies a json option, we should see a more detailed error on why
loadAccountfailed.#4820
b01c1548Thanks @mrbbot! - fix: show up-to-date sources in DevTools when saving source filesPreviously, DevTools would never refresh source contents after opening a file, even if it was updated on-disk. This could cause issues with step-through debugging as breakpoints set in source files would map to incorrect locations in bundled Worker code. This change ensures DevTools’ source cache is cleared on each reload, preventing outdated sources from being displayed.
Updated dependencies [
8166eefc]:
2024-01-23
3.24.0
#4523
9f96f28bThanks @dario-piotrowicz! - Add newgetBindingsProxyutility to the wrangler packageThe new utility is part of wrangler’s JS API (it is not part of the wrangler CLI) and its use is to provide proxy objects to bindings, such objects can be used in Node.js code as if they were actual bindings
The utility reads the
wrangler.tomlfile present in the current working directory in order to discern what bindings should be available (awrangler.jsonfile can be used too, as well as config files with custom paths). Example
Assuming that in the current working directory there is a
wrangler.tomlfile with the following content:[[kv_namespaces]] binding = "MY_KV" id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"The utility could be used in a nodejs script in the following way:
import { getBindingsProxy } from "wrangler";const { bindings, dispose } = await getBindingsProxy();try {const myKv = bindings.MY_KV;const kvValue = await myKv.get("my-kv-key");console.log(`KV Value = ${kvValue}`);} finally {await dispose();}#3427
b79e93a3Thanks @ZakKemble! - fix: Use Windows SYSTEMROOT env var for finding netstatCurrently, the drive letter of os.homedir() (the user’s home directory) is used to build the path to netstat.exe. However, user directories are not always on the same drive as the Windows installation, in which case the path to netstat will be incorrect. Now we use the %SYSTEMROOT% environment variable which correctly points to the installation path of Windows.
#4768
c3e410c2Thanks @petebacondarwin! - ci: bump undici versions to 5.28.2Updated dependencies [
c3e410c2]:
2024-01-18
3.23.0
#4310
dae30015Thanks @gabivlj! - Addedwrangler cloudchambercommandsSee #4310 for more details.
#4674
54ea6a53Thanks @matthewdavidrodgers! - Fix usage of patch API in bulk secrets updateOnly specifying the name and type of a binding instructs the patch API to copy the existing binding over - but we were including the contents of the binding as well. Normally that’s OK, but there are some subtle differences between what you specify to create a binding vs what it looks like once it’s created, specifically for Durable Objects. So instead, we just use the simpler inheritance.
#4772
4a9f03cfThanks @mrbbot! - fix: ensure dev server doesn’t change request URLsPreviously, Wrangler’s dev server could change incoming request URLs unexpectedly (e.g. rewriting
http://localhost:8787//testtohttp://localhost:8787/test). This change ensures URLs are passed through without modification.Fixes #4743.
2.21.0
2024-01-16
3.22.5
#4707
96a27f3dThanks @mrbbot! - fix: only offer to report unknown errorsPreviously, Wrangler would offer to report any error to Cloudflare. This included errors caused by misconfigurations or invalid commands. This change ensures those types of errors aren’t reported.
#4676
078cf84dThanks @dario-piotrowicz! - make sure the script path is correctly resolved inpages devwhen no directory is specified#4722
5af6df13Thanks @mrbbot! - fix: don’t require auth forwrangler r2 object --localoperationsPreviously, Wrangler would ask you to login when reading or writing from local R2 buckets. This change ensures no login prompt is displayed, as authentication isn’t required for these operations.
#4719
c37d94b5Thanks @mrbbot! - fix: ensureminiflareandwranglercan source map in the same processPreviously, if in a
wrangler devsession you calledconsole.log()and threw an unhandled error you’d see an error like[ERR_ASSERTION]: The expression evaluated to a falsy value. This change ensures you can do both of these things in the same session.#4683
24147166Thanks @mrbbot! - fix: ensure logs containingatnot truncated toat [object Object]Previously, logs containing
atwere always treated as stack trace call sites requiring source mapping. This change updates the call site detection to avoid false positives.#4748
3603a60dThanks @Cherry! - fix: resolve imports in a more node-like fashion for packages that do not declare exportsPreviously, trying to import a file that wasn’t explicitly exported from a module would result in an error, but now, better attempts are made to resolve the import using node’s module resolution algorithm. It’s now possible to do things like this:
import JPEG_DEC_WASM from "@jsquash/jpeg/codec/dec/mozjpeg_dec.wasm";This works even if the
mozjpeg_dec.wasmfile isn’t explicitly exported from the@jsquash/jpegmodule.Fixes #4726
#4687
0a488f66Thanks @mrbbot! - fix: remove confusing--localmessaging fromwrangler pages devRunning
wrangler pages devwould previously log a warning saying--local is no longer requiredeven though--localwas never set. This change removes this warning.