Skip to content

fix(server): bump wrangler to resolve ws and undici advisories#58

Open
adamsimms wants to merge 1 commit into
kavinsood:mainfrom
adamsimms:fix/wrangler-ws-security
Open

fix(server): bump wrangler to resolve ws and undici advisories#58
adamsimms wants to merge 1 commit into
kavinsood:mainfrom
adamsimms:fix/wrangler-ws-security

Conversation

@adamsimms

Copy link
Copy Markdown

Summary

  • Bumps wrangler from 4.69.0 to 4.104.0 in server/
  • Bumps @cloudflare/workers-types to 4.20260624.1 to match the workerd peer range
  • Resolves transitive dev dependency advisories for ws (8.18.0 → 8.21.0) and undici via miniflare

ws and undici are only pulled in through wranglerminiflare for local wrangler dev; they are not part of the deployed Worker runtime. Still worth patching so deploy repos and CI do not carry known advisories.

npm audit reports 0 vulnerabilities after this change. npm run typecheck passes.

Note on Node version

wrangler@4.104 requires Node >= 22 for local development. This is a dev-tooling requirement only; Cloudflare deploys are unaffected.

Test plan

  • cd server && npm install
  • npm audit → 0 vulnerabilities
  • npm run typecheck → passes

Made with Cursor

Update wrangler from 4.69.0 to 4.104.0 so the miniflare dev
dependency chain picks up ws >= 8.21.0 and patched undici/esbuild
releases. npm audit reports 0 vulnerabilities after the bump.

Note: wrangler 4.104 requires Node >= 22 for local development.
Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant