github-starred/cs249r_book
2
0
Fork 0
mirror of https://github.com/harvard-edge/cs249r_book.git synced 2026-05-22 22:33:28 -05:00
Code Issues 114 Packages Projects Releases 24 Wiki Activity

[PR #1773] [MERGED] deps(vault-worker): bump wrangler from 4.90.0 to 4.92.0 in /interviews/staffml-vault-worker #15724

New Issue
Closed
opened 2026-05-20 14:04:36 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-20 14:04:36 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/harvard-edge/cs249r_book/pull/1773
Author: @dependabot[bot]
Created: 5/18/2026
Status: Merged
Merged: 5/18/2026
Merged by: @profvjreddi

Base: devHead: dependabot/npm_and_yarn/interviews/staffml-vault-worker/dev/wrangler-4.92.0

📝 Commits (1)

  • 6eb2e6d deps(vault-worker): bump wrangler in /interviews/staffml-vault-worker

📊 Changes

2 files changed (+38 additions, -38 deletions)

View changed files

📝 interviews/staffml-vault-worker/package-lock.json (+37 -37)
📝 interviews/staffml-vault-worker/package.json (+1 -1)

📄 Description

Bumps wrangler from 4.90.0 to 4.92.0.

Release notes

Sourced from wrangler's releases.

wrangler@4.92.0

Minor Changes

  • #13670 506aa02 Thanks @​elithrar! - Add wrangler artifacts commands for managing Artifacts repos and repo tokens.

    This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.

    The new commands support both human-readable output and --json output so they fit existing Wrangler automation patterns.

  • #13916 be8a98c Thanks @​emily-shen! - Add --keep-vars flag to wrangler versions upload, matching the existing behavior in wrangler deploy. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.

Patch Changes

  • #13926 19ed49a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260511.1 1.20260515.1

  • #11471 3ff0a50 Thanks @​HW13! - Improve wrangler types --env-interface for multi-worker projects.

    Custom env interfaces generated by wrangler types no longer expand from Cloudflare.Env, avoiding some unintended type expansion when multiple workers' generated types are used together.

  • #13910 bf688f7 Thanks @​timoconnellaus! - Fix Failed to fetch auth token: 401 Unauthorized from sibling-rotated refresh tokens

    refreshToken previously used the refresh token from module-level localState, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (~/Library/Preferences/.wrangler/config/default.toml on macOS). The long-lived process — typically wrangler dev — then sends its stale in-memory token on the next refresh and gets 401 Unauthorized from https://dash.cloudflare.com/oauth2/token, falling through to interactive login and timing out unattended.

    refreshToken now calls reinitialiseAuthTokens() before exchanging, picking up the latest refresh token written by any sibling process. The previously empty catch {} also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving.

  • #13843 2e72c83 Thanks @​nzws! - Fix wrangler versions secret put/delete/bulk to preserve the existing version's placement settings

    When creating a new version via wrangler versions secret, the previous code only re-emitted a bare { mode: "smart" } placement when the API reported placement_mode === "smart", dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip.

  • #13908 802eaf4 Thanks @​shiminshen! - fix: stop rewriting query strings that happen to contain the request Host

    wrangler dev previously rewrote occurrences of the outer host inside request.url's query string. For example, a request to ?echo=https%3A%2F%2Fdevelopment.test%2Fpath with Host: development.test would be seen by the user worker as ?echo=https%3A%2F%2Fproduction.test%2Fpath, silently mutating opaque application data such as redirect_uri values in OAuth flows.

    The proxy worker now sets the internal MF-Original-URL header after its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string.

  • #13827 8f5cdb1 Thanks @​greyvugrin! - Fix multi-environment warning when CLOUDFLARE_ENV is set

    Commands that warn when multiple environments are configured but none is specified (e.g. wrangler deploy, wrangler secret put) were not accounting for the CLOUDFLARE_ENV environment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified via CLOUDFLARE_ENV.

  • Updated dependencies [19ed49a]:

wrangler@4.91.0

Minor Changes

... (truncated)

Commits
  • a3fa623 Version Packages (#13918)
  • 802eaf4 fix(wrangler): stop rewriting query strings that contain the request Host (#1...
  • 2e72c83 [wrangler] Preserve placement on versions secret commands (#13843)
  • 19ed49a build(deps): bump the workerd-and-workers-types group with 2 updates (#13926)
  • 3ff0a50 fix: wrangler types decouple env-interface from namespace (#11471)
  • 506aa02 [wrangler] Add artifacts CLI commands (#13670)
  • 8f5cdb1 fix(wrangler): hide multi-env warning when env is set via CLOUDFLARE_ENV (#13...
  • be8a98c refactor deploy/versions upload (part 1) (#13916)
  • bf688f7 [wrangler] fix: re-read refresh_token from disk to avoid 401 from sibling-pro...
  • adbf8cb Version Packages (#13895)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/harvard-edge/cs249r_book/pull/1773 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 5/18/2026 **Status:** ✅ Merged **Merged:** 5/18/2026 **Merged by:** [@profvjreddi](https://github.com/profvjreddi) **Base:** `dev` ← **Head:** `dependabot/npm_and_yarn/interviews/staffml-vault-worker/dev/wrangler-4.92.0` --- ### 📝 Commits (1) - [`6eb2e6d`](https://github.com/harvard-edge/cs249r_book/commit/6eb2e6de18bf538a1520fb4299596e1e3fa68a36) deps(vault-worker): bump wrangler in /interviews/staffml-vault-worker ### 📊 Changes **2 files changed** (+38 additions, -38 deletions) <details> <summary>View changed files</summary> 📝 `interviews/staffml-vault-worker/package-lock.json` (+37 -37) 📝 `interviews/staffml-vault-worker/package.json` (+1 -1) </details> ### 📄 Description Bumps [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) from 4.90.0 to 4.92.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cloudflare/workers-sdk/releases">wrangler's releases</a>.</em></p> <blockquote> <h2>wrangler@4.92.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13670">#13670</a> <a href="https://github.com/cloudflare/workers-sdk/commit/506aa0243dbec68718170a9cf30f03c0ad0dd2b5"><code>506aa02</code></a> Thanks <a href="https://github.com/elithrar"><code>@​elithrar</code></a>! - Add <code>wrangler artifacts</code> commands for managing Artifacts repos and repo tokens.</p> <p>This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.</p> <p>The new commands support both human-readable output and <code>--json</code> output so they fit existing Wrangler automation patterns.</p> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13916">#13916</a> <a href="https://github.com/cloudflare/workers-sdk/commit/be8a98c2be0c83a270415ff4591e1b9971aab747"><code>be8a98c</code></a> Thanks <a href="https://github.com/emily-shen"><code>@​emily-shen</code></a>! - Add <code>--keep-vars</code> flag to <code>wrangler versions upload</code>, matching the existing behavior in <code>wrangler deploy</code>. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13926">#13926</a> <a href="https://github.com/cloudflare/workers-sdk/commit/19ed49a008be273df0ce60a817f4f367f4cea8fd"><code>19ed49a</code></a> Thanks <a href="https://github.com/apps/dependabot"><code>@​dependabot</code></a>! - Update dependencies of &quot;miniflare&quot;, &quot;wrangler&quot;</p> <p>The following dependency versions have been updated:</p> <table> <thead> <tr> <th>Dependency</th> <th>From</th> <th>To</th> </tr> </thead> <tbody> <tr> <td>workerd</td> <td>1.20260511.1</td> <td>1.20260515.1</td> </tr> </tbody> </table> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/11471">#11471</a> <a href="https://github.com/cloudflare/workers-sdk/commit/3ff0a50349a78c17d64c45c0411771cc2d2dba0a"><code>3ff0a50</code></a> Thanks <a href="https://github.com/HW13"><code>@​HW13</code></a>! - Improve <code>wrangler types --env-interface</code> for multi-worker projects.</p> <p>Custom env interfaces generated by <code>wrangler types</code> no longer expand from <code>Cloudflare.Env</code>, avoiding some unintended type expansion when multiple workers' generated types are used together.</p> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13910">#13910</a> <a href="https://github.com/cloudflare/workers-sdk/commit/bf688f7735d602e963a7907a4a703aa7de2038fe"><code>bf688f7</code></a> Thanks <a href="https://github.com/timoconnellaus"><code>@​timoconnellaus</code></a>! - Fix <code>Failed to fetch auth token: 401 Unauthorized</code> from sibling-rotated refresh tokens</p> <p><code>refreshToken</code> previously used the refresh token from module-level <code>localState</code>, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (<code>~/Library/Preferences/.wrangler/config/default.toml</code> on macOS). The long-lived process — typically <code>wrangler dev</code> — then sends its stale in-memory token on the next refresh and gets <code>401 Unauthorized</code> from <code>https://dash.cloudflare.com/oauth2/token</code>, falling through to interactive login and timing out unattended.</p> <p><code>refreshToken</code> now calls <code>reinitialiseAuthTokens()</code> before exchanging, picking up the latest refresh token written by any sibling process. The previously empty <code>catch {}</code> also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving.</p> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13843">#13843</a> <a href="https://github.com/cloudflare/workers-sdk/commit/2e72c83aa95d25de343c396df67c0a35b83b70cd"><code>2e72c83</code></a> Thanks <a href="https://github.com/nzws"><code>@​nzws</code></a>! - Fix <code>wrangler versions secret put/delete/bulk</code> to preserve the existing version's placement settings</p> <p>When creating a new version via <code>wrangler versions secret</code>, the previous code only re-emitted a bare <code>{ mode: &quot;smart&quot; }</code> placement when the API reported <code>placement_mode === &quot;smart&quot;</code>, dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip.</p> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13908">#13908</a> <a href="https://github.com/cloudflare/workers-sdk/commit/802eaf47fa28f5bfa3a07b0782acdaac6f12781d"><code>802eaf4</code></a> Thanks <a href="https://github.com/shiminshen"><code>@​shiminshen</code></a>! - fix: stop rewriting query strings that happen to contain the request <code>Host</code></p> <p><code>wrangler dev</code> previously rewrote occurrences of the outer host inside <code>request.url</code>'s query string. For example, a request to <code>?echo=https%3A%2F%2Fdevelopment.test%2Fpath</code> with <code>Host: development.test</code> would be seen by the user worker as <code>?echo=https%3A%2F%2Fproduction.test%2Fpath</code>, silently mutating opaque application data such as <code>redirect_uri</code> values in OAuth flows.</p> <p>The proxy worker now sets the internal <code>MF-Original-URL</code> header <em>after</em> its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string.</p> </li> <li> <p><a href="https://redirect.github.com/cloudflare/workers-sdk/pull/13827">#13827</a> <a href="https://github.com/cloudflare/workers-sdk/commit/8f5cdb14dda20f6036c2305195041105d4d109e3"><code>8f5cdb1</code></a> Thanks <a href="https://github.com/greyvugrin"><code>@​greyvugrin</code></a>! - Fix multi-environment warning when CLOUDFLARE_ENV is set</p> <p>Commands that warn when multiple environments are configured but none is specified (e.g. <code>wrangler deploy</code>, <code>wrangler secret put</code>) were not accounting for the <code>CLOUDFLARE_ENV</code> environment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified via <code>CLOUDFLARE_ENV</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/cloudflare/workers-sdk/commit/19ed49a008be273df0ce60a817f4f367f4cea8fd"><code>19ed49a</code></a>]:</p> <ul> <li>miniflare@4.20260515.0</li> </ul> </li> </ul> <h2>wrangler@4.91.0</h2> <h3>Minor Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cloudflare/workers-sdk/commit/a3fa623f2abf192e57d876c727bfa107aa297ec9"><code>a3fa623</code></a> Version Packages (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13918">#13918</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/802eaf47fa28f5bfa3a07b0782acdaac6f12781d"><code>802eaf4</code></a> fix(wrangler): stop rewriting query strings that contain the request Host (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/1">#1</a>...</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/2e72c83aa95d25de343c396df67c0a35b83b70cd"><code>2e72c83</code></a> [wrangler] Preserve placement on versions secret commands (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13843">#13843</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/19ed49a008be273df0ce60a817f4f367f4cea8fd"><code>19ed49a</code></a> build(deps): bump the workerd-and-workers-types group with 2 updates (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13926">#13926</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/3ff0a50349a78c17d64c45c0411771cc2d2dba0a"><code>3ff0a50</code></a> fix: wrangler types decouple env-interface from namespace (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/11471">#11471</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/506aa0243dbec68718170a9cf30f03c0ad0dd2b5"><code>506aa02</code></a> [wrangler] Add artifacts CLI commands (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13670">#13670</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/8f5cdb14dda20f6036c2305195041105d4d109e3"><code>8f5cdb1</code></a> fix(wrangler): hide multi-env warning when env is set via CLOUDFLARE_ENV (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13">#13</a>...</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/be8a98c2be0c83a270415ff4591e1b9971aab747"><code>be8a98c</code></a> refactor deploy/versions upload (part 1) (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13916">#13916</a>)</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/bf688f7735d602e963a7907a4a703aa7de2038fe"><code>bf688f7</code></a> [wrangler] fix: re-read refresh_token from disk to avoid 401 from sibling-pro...</li> <li><a href="https://github.com/cloudflare/workers-sdk/commit/adbf8cb537e385256981746eb06ab32045d25ae7"><code>adbf8cb</code></a> Version Packages (<a href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13895">#13895</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cloudflare/workers-sdk/commits/wrangler@4.92.0/packages/wrangler">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wrangler&package-manager=npm_and_yarn&previous-version=4.90.0&new-version=4.92.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-20 14:04:36 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area: book
area: collabs
area: kits
area: labs
area: socratiq
area: tinytorch
area: tools
area: website
bug
dependencies
format: epub
format: pdf
javascript
link-health
link-rot
priority-high
pull-request
Mirrored from GitHub Pull Request
 staffml
type: bug
type: citation
type: code
type: errata
type: improvement
type: new
type: question
vault-sli
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/cs249r_book#15724
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?