Minor Changes
-
#13670
506aa02Thanks @elithrar! - Addwrangler artifactscommands for managing Artifacts repos and repo tokens.This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.
The new commands support both human-readable output and
--jsonoutput so they fit existing Wrangler automation patterns. -
#13916
be8a98cThanks @emily-shen! - Add--keep-varsflag towrangler versions upload, matching the existing behavior inwrangler deploy. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.
Patch Changes
-
#13926
19ed49aThanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260511.1 1.20260515.1 -
#11471
3ff0a50Thanks @HW13! - Improvewrangler types --env-interfacefor multi-worker projects.Custom env interfaces generated by
wrangler typesno longer expand fromCloudflare.Env, avoiding some unintended type expansion when multiple workers' generated types are used together. -
#13910
bf688f7Thanks @timoconnellaus! - FixFailed to fetch auth token: 401 Unauthorizedfrom sibling-rotated refresh tokensrefreshTokenpreviously used the refresh token from module-levellocalState, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (~/Library/Preferences/.wrangler/config/default.tomlon macOS). The long-lived process — typicallywrangler dev— then sends its stale in-memory token on the next refresh and gets401 Unauthorizedfromhttps://dash.cloudflare.com/oauth2/token, falling through to interactive login and timing out unattended.refreshTokennow callsreinitialiseAuthTokens()before exchanging, picking up the latest refresh token written by any sibling process. The previously emptycatch {}also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving. -
#13843
2e72c83Thanks @nzws! - Fixwrangler versions secret put/delete/bulkto preserve the existing version's placement settingsWhen creating a new version via
wrangler versions secret, the previous code only re-emitted a bare{ mode: "smart" }placement when the API reportedplacement_mode === "smart", dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip. -
#13908
802eaf4Thanks @shiminshen! - fix: stop rewriting query strings that happen to contain the requestHostwrangler devpreviously rewrote occurrences of the outer host insiderequest.url's query string. For example, a request to?echo=https%3A%2F%2Fdevelopment.test%2FpathwithHost: development.testwould be seen by the user worker as?echo=https%3A%2F%2Fproduction.test%2Fpath, silently mutating opaque application data such asredirect_urivalues in OAuth flows.The proxy worker now sets the internal
MF-Original-URLheader after its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string. -
#13827
8f5cdb1Thanks @greyvugrin! - Fix multi-environment warning when CLOUDFLARE_ENV is setCommands that warn when multiple environments are configured but none is specified (e.g.
wrangler deploy,wrangler secret put) were not accounting for theCLOUDFLARE_ENVenvironment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified viaCLOUDFLARE_ENV. -
Updated dependencies [
19ed49a]:- miniflare@4.20260515.0