chore(deps): bump the npm_and_yarn group across 34 directories with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/agent-scheduler directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/agent-task-manager directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/agent-task-manager-human-in-the-loop directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/evaluator-optimiser directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/image-generation directory: hono and wrangler.
Bumps the npm_and_yarn group with 1 update in the /demos/mcp-client directory: wrangler.
Bumps the npm_and_yarn group with 3 updates in the /demos/mcp-server-bearer-auth directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/mcp-slack-oauth directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/mcp-stytch-b2b-okr-manager directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 2 updates in the /demos/mcp-stytch-consumer-todo-list directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/model-scraper directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/orchestrator-workers directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/parallelisation directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/prompt-chaining directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/python-workers-mcp directory: wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-authkit directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 2 updates in the /demos/remote-mcp-authless directory: wrangler and undici.
Bumps the npm_and_yarn group with 2 updates in the /demos/remote-mcp-cf-access directory: wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-github-oauth directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-google-oauth directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-logto directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-server directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-server-autorag directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 3 updates in the /demos/remote-mcp-server-descope-auth directory: hono, wrangler and undici.
Bumps the npm_and_yarn group with 2 updates in the /demos/routing directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/structured-output directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/text-generation directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/text-generation-stream directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/tool-calling directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/tool-calling-stream directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/tool-calling-stream-traditional directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/ui-worker directory: hono and wrangler.
Bumps the npm_and_yarn group with 2 updates in the /demos/vision directory: hono and wrangler.

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in honojs/hono#4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in honojs/hono#4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in honojs/hono#4618
• test: support alg option for JWT middleware by @​yusukebe in honojs/hono#4624

New Contributors

• @​flathill404 made their first contribution in honojs/hono#4607

... (truncated)

Commits

• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• 4e87275 test(utils/jwt): add missing algorithm types in jwa.test.ts (#4606) (#4607)
• See full diff in compare view

Updates wrangler from 4.56.0 to 4.59.1

Release notes

Sourced from wrangler's releases.

wrangler@4.59.1

Patch Changes

• #11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

wrangler@4.59.0

Minor Changes

• #11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments, allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account basis. The default limit remains at 20,000 assets.

• #11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

Patch Changes

• #11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

... (truncated)

Commits

• 37a8607 Version Packages (#11890)
• 99b1f32 fix: execute git commands in pages deploy safely (#11889)
• e98c95a Version Packages (#11836)
• ad65efa Add --check flag to wrangler types (#11852)
• beb96af feat(unenv-preset): add support for native node:sqlite module (#11841)
• b0e54b2 [wrangler] Add AI agent detection to analytics events (#11820)
• 2203af4 Add Node.js 24 and 25 compatibility to the test suites for Miniflare, Wrangle...
• b6148ed chore(deps): bump the workerd-and-workers-types group with 2 updates (#11872)
• 0eb973d Do not warn user when using a redirected config that came from a config with ...
• 0f8d69d containers: users can set multiple tiers for constraints (#11755)
• Additional commits viewable in compare view

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in honojs/hono#4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in honojs/hono#4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in honojs/hono#4618
• test: support alg option for JWT middleware by @​yusukebe in honojs/hono#4624

New Contributors

• @​flathill404 made their first contribution in honojs/hono#4607

... (truncated)

Commits

• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• 4e87275 test(utils/jwt): add missing algorithm types in jwa.test.ts (#4606) (#4607)
• See full diff in compare view

Updates wrangler from 4.56.0 to 4.59.3

Release notes

Sourced from wrangler's releases.

wrangler@4.59.1

Patch Changes

• #11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

wrangler@4.59.0

Minor Changes

• #11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments, allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account basis. The default limit remains at 20,000 assets.

• #11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

Patch Changes

• #11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

... (truncated)

Commits

• 37a8607 Version Packages (#11890)
• 99b1f32 fix: execute git commands in pages deploy safely (#11889)
• e98c95a Version Packages (#11836)
• ad65efa Add --check flag to wrangler types (#11852)
• beb96af feat(unenv-preset): add support for native node:sqlite module (#11841)
• b0e54b2 [wrangler] Add AI agent detection to analytics events (#11820)
• 2203af4 Add Node.js 24 and 25 compatibility to the test suites for Miniflare, Wrangle...
• b6148ed chore(deps): bump the workerd-and-workers-types group with 2 updates (#11872)
• 0eb973d Do not warn user when using a redirected config that came from a config with ...
• 0f8d69d containers: users can set multiple tiers for constraints (#11755)
• Additional commits viewable in compare view

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in honojs/hono#4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in honojs/hono#4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in honojs/hono#4618
• test: support alg option for JWT middleware by @​yusukebe in honojs/hono#4624

New Contributors

• @​flathill404 made their first contribution in honojs/hono#4607

... (truncated)

Commits

• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• 4e87275 test(utils/jwt): add missing algorithm types in jwa.test.ts (#4606) (#4607)
• See full diff in compare view

Updates wrangler from 4.56.0 to 4.59.3

Release notes

Sourced from wrangler's releases.

wrangler@4.59.1

Patch Changes

• #11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

wrangler@4.59.0

Minor Changes

• #11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments, allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account basis. The default limit remains at 20,000 assets.

• #11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

Patch Changes

• #11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

... (truncated)

Commits

• 37a8607 Version Packages (#11890)
• 99b1f32 fix: execute git commands in pages deploy safely (#11889)
• e98c95a Version Packages (#11836)
• ad65efa Add --check flag to wrangler types (#11852)
• beb96af feat(unenv-preset): add support for native node:sqlite module (#11841)
• b0e54b2 [wrangler] Add AI agent detection to analytics events (#11820)
• 2203af4 Add Node.js 24 and 25 compatibility to the test suites for Miniflare, Wrangle...
• b6148ed chore(deps): bump the workerd-and-workers-types group with 2 updates (#11872)
• 0eb973d Do not warn user when using a redirected config that came from a config with ...
• 0f8d69d containers: users can set multiple tiers for constraints (#11755)
• Additional commits viewable in compare view

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in honojs/hono#4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in honojs/hono#4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in honojs/hono#4618
• test: support alg option for JWT middleware by @​yusukebe in honojs/hono#4624

New Contributors

• @​flathill404 made their first contribution in honojs/hono#4607

... (truncated)

Commits

• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• 4e87275 test(utils/jwt): add missing algorithm types in jwa.test.ts (#4606) (#4607)
• See full diff in compare view

Updates wrangler from 4.56.0 to 4.59.3

Release notes

Sourced from wrangler's releases.

wrangler@4.59.1

Patch Changes

• #11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

wrangler@4.59.0

Minor Changes

• #11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments, allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account basis. The default limit remains at 20,000 assets.

• #11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

Patch Changes

• #11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

... (truncated)

Commits

• 37a8607 Version Packages (#11890)
• 99b1f32 fix: execute git commands in pages deploy safely (#11889)
• e98c95a Version Packages (#11836)
• ad65efa Add --check flag to wrangler types (#11852)
• beb96af feat(unenv-preset): add support for native node:sqlite module (#11841)
• b0e54b2 [wrangler] Add AI agent detection to analytics events (#11820)
• 2203af4 Add Node.js 24 and 25 compatibility to the test suites for Miniflare, Wrangle...
• b6148ed chore(deps): bump the workerd-and-workers-types group with 2 updates (#11872)
• 0eb973d Do not warn user when using a redirected config that came from a config with ...
• 0f8d69d containers: users can set multiple tiers for constraints (#11755)
• Additional commits viewable in compare view

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in honojs/hono#4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in honojs/hono#4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in honojs/hono#4618
• test: support alg option for JWT middleware by @​yusukebe in honojs/hono#4624

New Contributors

• @​flathill404 made their first contribution in honojs/hono#4607

... (truncated)

Commits

• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• 4e87275 test(utils/jwt): add missing algorithm types in jwa.test.ts (#4606) (#4607)
• See full diff in compare view

Updates wrangler from 4.56.0 to 4.59.3

Release notes

Sourced from wrangler's releases.

wrangler@4.59.1

Patch Changes

• #11889 99b1f32 Thanks @​emily-shen! - Use argument array when executing git commands with wrangler pages deploy

  Pass user provided values from --commit-hash safely to underlying git command.

wrangler@4.59.0

Minor Changes

• #11852 ad65efa Thanks @​NuroDev! - Add --check flag to wrangler types command

  The new --check flag allows you to verify that your generated types file is up-to-date without regenerating it. This is useful for CI/CD pipelines, pre-commit hooks, or any scenario where you want to ensure types have been committed after configuration changes.

  When types are up-to-date, the command exits with code 0:

  $ wrangler types --check
  ✨ Types at worker-configuration.d.ts are up to date.

  When types are out-of-date, the command exits with code 1:

  $ wrangler types --check
  ✘ [ERROR] Types at worker-configuration.d.ts are out of date. Run `wrangler types` to regenerate.

  You can also use it with a custom output path:

  $ wrangler types ./custom-types.d.ts --check

• #11529 43d5363 Thanks @​matthewdavidrodgers! - Add ability to enable higher asset count limits for Pages deployments

  Wrangler can now read asset count limits from JWT claims during Pages deployments, allowing users to be enabled for higher limits (up to 100,000 assets) on a per-account basis. The default limit remains at 20,000 assets.

• #11755 0f8d69d Thanks @​nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

Patch Changes

• #11820 b0e54b2 Thanks @​MattieTK! - Add AI agent detection to analytics events

  Wrangler now detects when commands are executed by AI coding agents (such as Claude Code, Cursor, GitHub Copilot, etc.) using the am-i-vibing library. This information is included as an agent property in all analytics events, helping Cloudflare understand how developers interact with Wrangler through AI assistants.

... (truncated)

Commits

• 37a8607 Version Packages (#11890)
• 99b1f32 fix: execute git commands in pages deploy safely (#11889)
• e98c95a Version Packages (#11836)
• ad65efa Add --check flag to wrangler types (#11852)
• beb96af feat(unenv-preset): add support for native node:sqlite module (#11841)
• b0e54b2 [wrangler] Add AI agent detection to analytics events (#11820)
• 2203af4 Add Node.js 24 and 25 compatibility to the test suites for Miniflare, Wrangle...
• b6148ed chore(deps): bump the workerd-and-workers-types group with 2 updates (#11872)
• 0eb973d Do not warn user when using a redirected config that came from a config with ...
• 0f8d69d containers: users can set multiple tiers for constraints (#11755)
• Additional commits viewable in compare view

Updates hono from 4.11.3 to 4.11.4

Release notes

Sourced from hono's releases.

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'],...
Description has been truncated

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0ed8f05

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npx https://pkg.pr.new/cloudflare/ai/ai-gateway-provider@380

npx https://pkg.pr.new/cloudflare/ai/workers-ai-provider@380

commit: 0ed8f05

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.