[Snyk] Upgrade wrangler from 2.20.1 to 4.10.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade wrangler from 2.20.1 to 4.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 210 versions ahead of your current version.

• The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	169	Proof of Concept
	Insecure Randomness SNYK-JS-UNDICI-8641354	169	Proof of Concept
	Improper Handling of Insufficient Privileges SNYK-JS-WRANGLER-6140500	169	No Known Exploit
	Denial of Service (DoS) SNYK-JS-WS-7266574	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	169	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	169	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	169	No Known Exploit
	Directory Traversal SNYK-JS-WRANGLER-5819554	169	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	169	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	169	Proof of Concept
	Improper Authorization SNYK-JS-UNDICI-6564964	169	No Known Exploit
	Information Exposure SNYK-JS-UNDICI-5962466	169	No Known Exploit
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	169	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	169	No Known Exploit

Release notes

Package name: wrangler

• 4.10.0 - 2025-04-10
• 4.9.1 - 2025-04-08
• 4.9.0 - 2025-04-08
• 4.8.0 - 2025-04-07
• 4.7.2 - 2025-04-04
• 4.7.1 - 2025-04-04
• 4.7.0 - 2025-04-02
• 4.6.0 - 2025-03-28
• 4.5.1 - 2025-03-27
• 4.5.0 - 2025-03-26
• 4.4.1 - 2025-03-26
• 4.4.0 - 2025-03-22
• 4.3.0 - 2025-03-20
• 4.2.0 - 2025-03-19
• 4.1.0 - 2025-03-17
• 4.0.0 - 2025-03-13
• 4.0.0-rc.0 - 2025-02-27
• 3.114.8 - 2025-05-01
  

  Patch Changes

  • #9086 a2a56c8 Thanks @ petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

    Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.

  • #9037 d0d0025 Thanks @ CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.

  • #9093 2f2f7ba Thanks @ CarmenPopoviciu! - fix: Validate input file for Vectorize inserts

  • Updated dependencies [fc04292, a01adca]:

    • [email protected]
• 3.114.7 - 2025-04-22
• 3.114.6 - 2025-04-14
• 3.114.5 - 2025-04-09
• 3.114.4 - 2025-04-03
• 3.114.3 - 2025-03-26
• 3.114.2 - 2025-03-17
• 3.114.1 - 2025-03-11
• 3.114.0 - 2025-03-06
• 3.113.0 - 2025-03-05
• 3.112.0 - 2025-03-04
• 3.111.0 - 2025-02-27
• 3.110.0 - 2025-02-25
• 3.109.3 - 2025-02-24
• 3.109.2 - 2025-02-18
• 3.109.1 - 2025-02-14
• 3.109.0 - 2025-02-13
• 3.108.1 - 2025-02-12
• 3.108.0 - 2025-02-11
• 3.107.3 - 2025-02-04
• 3.107.2 - 2025-01-31
• 3.107.1 - 2025-01-31
• 3.107.0 - 2025-01-30
• 3.106.0 - 2025-01-28
• 3.105.1 - 2025-01-24
• 3.105.0 - 2025-01-22
• 3.104.0 - 2025-01-22
• 3.103.2 - 2025-01-17
• 3.103.1 - 2025-01-16
• 3.103.0 - 2025-01-16
• 3.102.0 - 2025-01-14
• 3.101.0 - 2025-01-09
• 3.100.0 - 2025-01-07
• 3.99.0 - 2024-12-19
• 3.98.0 - 2024-12-19
• 3.97.0 - 2024-12-17
• 3.96.0 - 2024-12-16
• 3.95.0 - 2024-12-10
• 3.94.0 - 2024-12-09
• 3.93.0 - 2024-12-06
• 3.92.0 - 2024-12-03
• 3.91.0 - 2024-11-26
• 3.90.0 - 2024-11-22
• 3.89.0 - 2024-11-21
• 3.88.0 - 2024-11-19
• 3.87.0 - 2024-11-14
• 3.86.1 - 2024-11-11
• 3.86.0 - 2024-11-08
• 3.85.0 - 2024-11-06
• 3.84.1 - 2024-10-31
• 3.84.0 - 2024-10-30
• 3.83.0 - 2024-10-24
• 3.82.0 - 2024-10-22
• 3.81.0 - 2024-10-17
• 3.80.5 - 2024-10-16
• 3.80.4 - 2024-10-11
• 3.80.3 - 2024-10-10
• 3.80.2 - 2024-10-08
• 3.80.1 - 2024-10-07
• 3.80.0 - 2024-10-04
• 3.79.0 - 2024-10-01
• 3.78.12 - 2024-09-27
• 3.78.11 - 2024-09-27
• 3.78.10 - 2024-09-25
• 3.78.9 - 2024-09-25
• 3.78.8 - 2024-09-23
• 3.78.7 - 2024-09-20
• 3.78.6 - 2024-09-19
• 3.78.5 - 2024-09-18
• 3.78.4 - 2024-09-17
• 3.78.3 - 2024-09-16
• 3.78.2 - 2024-09-13
• 3.78.1 - 2024-09-13
• 3.78.0 - 2024-09-13
• 3.77.0 - 2024-09-12
• 3.76.0 - 2024-09-10
• 3.75.0 - 2024-09-06
• 3.74.0 - 2024-09-03
• 3.73.0 - 2024-08-30
• 3.72.3 - 2024-08-27
• 3.72.2 - 2024-08-22
• 3.72.1 - 2024-08-20
• 3.72.0 - 2024-08-16
• 3.71.0 - 2024-08-13
• 3.70.0 - 2024-08-09
• 3.69.1 - 2024-08-06
• 3.69.0 - 2024-08-06
• 3.68.0 - 2024-08-01
• 3.67.1 - 2024-07-26
• 3.67.0 - 2024-07-25
• 3.66.0 - 2024-07-23
• 3.65.1 - 2024-07-19
• 3.65.0 - 2024-07-16
• 3.64.0 - 2024-07-11
• 3.63.2 - 2024-07-09
• 3.63.1 - 2024-07-04
• 3.63.0 - 2024-07-03
• 3.62.0 - 2024-06-25
• 3.61.0 - 2024-06-18
• 3.60.3 - 2024-06-14
• 3.60.2 - 2024-06-11
• 3.60.1 - 2024-06-10
• 3.60.0 - 2024-06-07
• 3.59.0 - 2024-06-04
• 3.58.0 - 2024-05-31
• 3.57.2 - 2024-05-28
• 3.57.1 - 2024-05-21
• 3.57.0 - 2024-05-17
• 3.56.0 - 2024-05-14
• 3.55.0 - 2024-05-09
• 3.53.1 - 2024-05-02
• 3.53.0 - 2024-04-30
• 3.52.0 - 2024-04-24
• 3.51.2 - 2024-04-18
• 3.51.0 - 2024-04-17
• 3.50.0 - 2024-04-11
• 3.49.0 - 2024-04-10
• 3.48.0 - 2024-04-05
• 3.47.1 - 2024-04-04
• 3.47.0 - 2024-04-04
• 3.46.0 - 2024-04-04
• 3.45.0 - 2024-04-03
• 3.44.0 - 2024-04-02
• 3.43.0 - 2024-04-02
• 3.42.0 - 2024-04-01
• 3.41.0 - 2024-03-29
• 3.40.0 - 2024-03-29
• 3.39.0 - 2024-03-27
• 3.38.0 - 2024-03-26
• 3.37.0 - 2024-03-22
• 3.36.0 - 2024-03-20
• 3.35.0 - 2024-03-19
• 3.34.2 - 2024-03-14
• 3.34.1 - 2024-03-14
• 3.34.0 - 2024-03-14
• 3.33.0 - 2024-03-12
• 3.32.0 - 2024-03-07
• 3.31.0 - 2024-03-05
• 3.30.1 - 2024-02-29
• 3.30.0 - 2024-02-27
• 3.29.0 - 2024-02-22
• 3.28.4 - 2024-02-20
• 3.28.3 - 2024-02-16
• 3.28.2 - 2024-02-13
• 3.28.1 - 2024-02-09
• 3.28.0 - 2024-02-08
• 3.27.0 - 2024-02-06
• 3.26.0 - 2024-01-31
• 3.25.0 - 2024-01-26
• 3.24.0 - 2024-01-23
• 3.23.0 - 2024-01-18
• 3.22.5 - 2024-01-16
• 3.22.4 - 2024-01-09
• 3.22.3 - 2024-01-04
• 3.22.2 - 2024-01-02
• 3.22.1 - 2023-12-20
• 3.22.0 - 2023-12-19
• 3.21.0 - 2023-12-15
• 3.20.0 - 2023-12-12
• 3.19.0 - 2023-12-05
• 3.18.0 - 2023-11-30
• 3.17.1 - 2023-11-22
• 3.17.0 - 2023-11-21
• 3.16.0 - 2023-11-16
• 3.15.0 - 2023-10-26
• 3.14.0 - 2023-10-19
• 3.13.2 - 2023-10-17
• 3.13.1 - 2023-10-12
• 3.13.0 - 2023-10-12
• 3.12.0 - 2023-10-11
• 3.11.0 - 2023-10-05
• 3.10.1 - 2023-09-28
• 3.10.0 - 2023-09-26
• 3.9.1 - 2023-09-25
• 3.9.0 - 2023-09-20
• 3.8.0 - 2023-09-13
• 3.7.0 - 2023-09-05
• 3.6.0 - 2023-08-24
• 3.5.1 - 2023-08-15
• 3.5.0 - 2023-08-08
• 3.4.0 - 2023-07-27
• 3.3.0 - 2023-07-18
• 3.2.0 - 2023-07-11
• 3.1.2 - 2023-07-06
• 3.1.1 - 2023-06-20
• 3.1.0 - 2023-06-06
• 3.0.1 - 2023-05-22
• 3.0.0 - 2023-05-17
• 2.21.3 - 2025-03-13
• 2.21.2 - 2024-10-08
• 2.21.1 - 2024-03-21
• 2.21.0 - 2024-01-18
• 2.20.2 - 2023-12-15
• 2.20.1 - 2023-08-28

from wrangler GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade wrangler from version 2.20.1 to 4.10.0 to address multiple security vulnerabilities

New Features:

• Major version upgrade with potential breaking changes

Bug Fixes:

• Resolved multiple high and medium severity security vulnerabilities in wrangler

[sourcery-ai]

Reviewer's Guide

This pull request upgrades the wrangler dependency from version 2.20.1 to 4.10.0, addressing multiple security vulnerabilities identified by Snyk.

File-Level Changes

Change	Details	Files
Upgraded wrangler dependency.	Updated wrangler version from 2.20.1 to 4.10.0 in devDependencies.	examples/caching/with-cloudflare-workers-kv/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.