ci: bump wrangler from 4.73.0 to 4.74.0 in /.github in the minor-and-patch group

[dependabot]

Bumps the minor-and-patch group in /.github with 1 update: wrangler.

Updates wrangler from 4.73.0 to 4.74.0

Release notes

Sourced from wrangler's releases.

wrangler@4.74.0

Minor Changes

• #10896 351e1e1 Thanks @​devin-ai-integration! - feat: add --secrets-file parameter to wrangler deploy and wrangler versions upload

  You can now upload secrets alongside your Worker code in a single operation using the --secrets-file parameter on both wrangler deploy and wrangler versions upload. The file format matches what's used by wrangler versions secret bulk, supporting both JSON and .env formats.

  Example usage:

  wrangler deploy --secrets-file .env.production
  wrangler versions upload --secrets-file secrets.json

  Secrets not included in the file will be inherited from the previous version, matching the behavior of wrangler versions secret bulk.

• #12873 2b9a186 Thanks @​gpanders! - Add wrangler containers instances <application_id> command to list container instances

  Lists all container instances for a given application, matching the Dash instances view. Displays instance ID, state, location, version, and creation time. Supports pagination for applications with many instances. Also adds paginated request support to the containers-shared API client.

Patch Changes

• #12873 2b9a186 Thanks @​gpanders! - Add escapeCodeTimeout option to onKeyPress utility for faster Esc key detection

  The onKeyPress utility now accepts an optional escapeCodeTimeout parameter that controls how long readline waits to disambiguate a standalone Esc press from multi-byte escape sequences (e.g. arrow keys). The default remains readline's built-in 500ms, but callers can pass a lower value (e.g. 25ms) for near-instant Esc handling in interactive prompts.

• #12676 65f1092 Thanks @​dario-piotrowicz! - Fix autoconfig package installation always failing at workspace roots

  When running autoconfig at the root of a monorepo workspace, package installation commands now include the appropriate workspace root flags (--workspace-root for pnpm, -W for yarn). This prevents errors like "Running this command will add the dependency to the workspace root" that previously occurred when configuring projects at the workspace root.

  Additionally, autoconfig now allows running at the workspace root if the root directory itself is listed as a workspace package (e.g., workspaces: ["packages/*", "."]).

• #12841 7b0d8f5 Thanks @​dario-piotrowicz! - Fix unclear error when assets upload session returns a null response

  When deploying assets, if the Cloudflare API returns a null response object, Wrangler now provides a clear error message asking users to retry instead of failing with a confusing error.

• Updated dependencies [ade0aed]:

  • miniflare@4.20260312.1

Commits

• 2e6b4ab Version Packages (#12876)
• 65f1092 Fix autoconfig package installation always failing at workspace roots (#12676)
• 2b9a186 Add wrangler containers instances command (#12873)
• 351e1e1 [wrangler] feat: add --secrets-file parameter to deploy and versions upload (...
• bd079a6 [wrangler] Deduplicate unenv-preset e2e tests and bump beforeAll timeout (#12...
• 7b0d8f5 Fix unclear error when assets upload session returns a null response (#12841)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/miniflare	4.20260312.1	Unknown	Unknown
npm/wrangler	4.74.0	Unknown	Unknown

Scanned Files

• .github/package-lock.json

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​wrangler@​4.74.0

View full report

[Aureliolo]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0d34fdf5-e5f2-40f4-8aa9-96d0c5d0a5bd

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Updates the wrangler dependency version from 4.73.0 to 4.74.0 in .github/package.json. No logic or structural changes to the codebase.

Changes

Cohort / File(s)	Summary
Dependency Update .github/package.json	Bumps wrangler from version 4.73.0 to 4.74.0

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• ci: add npm and pre-commit ecosystems to Dependabot #369 — Also modifies the same .github/package.json wrangler dependency version pinning.

Suggested labels

type:chore

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping the wrangler dependency from 4.73.0 to 4.74.0 in the /.github directory's minor-and-patch group.
Description check	✅ Passed	The description is fully related to the changeset, providing detailed release notes for wrangler 4.74.0 with minor features and patch fixes, along with Dependabot metadata and commands.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/dot-github/minor-and-patch-3ec4320e82

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch dependabot/npm_and_yarn/dot-github/minor-and-patch-3ec4320e82

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Aureliolo]

Reviewed: wrangler 4.73.0→4.74.0 (minor). New features (--secrets-file, containers instances) don't affect our usage (pages deploy only). Assets upload null-response error fix is a nice defensive improvement. Clean update.