chore(deps): bump wrangler to 4.110.0 to match workers-types v5#4102
chore(deps): bump wrangler to 4.110.0 to match workers-types v5#4102waynesun09 wants to merge 2 commits into
Conversation
The root package.json declares @cloudflare/workers-types@^5.20260708.1 (bumped in #4002 to satisfy the wrangler@4.110.0 peer requirement pulled in transitively via @cloudflare/vitest-pool-workers), but the direct wrangler devDependency was left at ^4.36.0, whose peer dependency wants @cloudflare/workers-types@^4.x. npm's resolver correctly refuses to install this combination, which broke `npm ci` in the Deploy Site workflow once a new v5 workers-types patch published and made the root's floating range diverge from the locked resolution. Bump wrangler to ^4.110.0 so its peer requirement matches the already-pinned workers-types major version, and bump the matching wranglerVersion pins (and inline `npx wrangler@` invocations) in site-deploy.yml so the wrangler-action install step stays consistent. Assisted-by: Claude Signed-off-by: Wayne Sun <gsun@redhat.com>
|
🤖 Review · |
PR Summary by QodoFix Cloudflare Wrangler peer-dep mismatch by bumping wrangler to 4.110.0
AI Description
Diagram
High-Level Assessment
Files changed (2)
|
Code Review by Qodo
1.
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Review feedback on the wrangler bump: the preCommands ran `npx wrangler@<version> versions secret bulk`, which pins the version a second time separately from `wranglerVersion`. wrangler- action already installs the pinned version and rewrites any command starting with `wrangler` to `npx wrangler ...` (no version), so dropping the inline version reuses the action-installed wrangler and removes the duplicate pin that caused this class of drift. Also update the deployment troubleshooting doc, which still stated the workflow pins 4.36.0. Assisted-by: Claude Signed-off-by: Wayne Sun <gsun@redhat.com>
|
🤖 Finished Review · ✅ Success · Started 12:38 PM UTC · Completed 12:50 PM UTC |
ReviewFindingsHigh
Low
|
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | ||
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | ||
| preCommands: set -eu; secrets_file="$(mktemp)"; printf '%s\n' "GITHUB_APP_CLIENT_SECRET=${GITHUB_APP_CLIENT_SECRET}" "TURNSTILE_SECRET_KEY=${TURNSTILE_SECRET_KEY}" >"$secrets_file"; npx wrangler@4.36.0 versions secret bulk "$secrets_file" --message "Production secrets (workflow-run ${{ github.event.workflow_run.id }})"; rm -f "$secrets_file" | ||
| preCommands: set -eu; secrets_file="$(mktemp)"; printf '%s\n' "GITHUB_APP_CLIENT_SECRET=${GITHUB_APP_CLIENT_SECRET}" "TURNSTILE_SECRET_KEY=${TURNSTILE_SECRET_KEY}" >"$secrets_file"; wrangler versions secret bulk "$secrets_file" --message "Production secrets (workflow-run ${{ github.event.workflow_run.id }})"; rm -f "$secrets_file" |
There was a problem hiding this comment.
[low] pattern-consistency
The preCommands wrangler invocation changed from an explicit version pin (npx wrangler@4.36.0) to unpinned (wrangler). The wrangler-action wranglerVersion input installs 4.110.0 into PATH, so bare wrangler resolves correctly at runtime. The prior pattern was more defensive against potential changes in the action install behavior.
Suggested fix: Consider using npx wrangler@4.110.0 in preCommands to maintain the explicit version pin pattern.
Summary
The Deploy Site workflow's
npm cistep has been failing since ~03:13 UTC today with an ERESOLVE peer dependency conflict. This fixes an internally inconsistent version pin inpackage.jsonleft over from #4002.Related Issue
None filed — root cause identified from the failing Deploy Site run.
Changes
package.json/package-lock.json: bumpwranglerdevDependency from^4.36.0to^4.110.0..github/workflows/site-deploy.yml: bump the twowranglerVersioninputs and the two inlinenpx wrangler@invocations inpreCommandsfrom4.36.0to4.110.0, so the wrangler-action install step stays consistent with the npm-resolved version.Root cause
#4002 bumped
@cloudflare/workers-typesfrom^4.xto^5.20260708.1inpackage.jsonto satisfy the peer requirement ofwrangler@4.110.0, which is pulled in transitively via@cloudflare/vitest-pool-workers@0.18.4. That PR did not also bump the directwranglerdevDependency, which stayed at^4.36.0— andwrangler@4.36.0's own peer dependency wants@cloudflare/workers-types@^4.x. This left the root project simultaneously requiring v4 and v5 of@cloudflare/workers-types, whichnpm cicorrectly refuses to resolve. The conflict was latent until a new@cloudflare/workers-types5.x patch published today and the floating^5.20260708.1range diverged from what was in the lockfile, turning it into a hard failure.Note: the
renovate/cloudflare-workersgrouping rule added in #4007 doesn't cover this — #4002 was a manual/agent-assisted bump that didn't go through Renovate, so the two Cloudflare packages drifted apart in the same commit despite the grouping rule.Testing
make lintpasses (staged changes first)npm cisucceeds cleanly (previously failed with ERESOLVE)npx wrangler --versionresolves to4.110.0Checklist
!for breaking changes)