ci: bump wrangler from 4.74.0 to 4.75.0 in /.github in the minor-and-patch group

[dependabot]

Bumps the minor-and-patch group in /.github with 1 update: wrangler.

Updates wrangler from 4.74.0 to 4.75.0

Release notes

Sourced from wrangler's releases.

wrangler@4.75.0

Minor Changes

• #12492 3b81fc6 Thanks @​thomasgauvin! - feat: add wrangler tunnel commands for managing Cloudflare Tunnels

  Adds a new set of commands for managing remotely-managed Cloudflare Tunnels directly from Wrangler:

  • wrangler tunnel create <name> - Create a new Cloudflare Tunnel
  • wrangler tunnel list - List all tunnels in your account
  • wrangler tunnel info <tunnel> - Display details about a specific tunnel
  • wrangler tunnel delete <tunnel> - Delete a tunnel (with confirmation)
  • wrangler tunnel run <tunnel> - Run a tunnel using cloudflared
  • wrangler tunnel quick-start <url> - Start a temporary tunnel (Try Cloudflare)

  The run and quick-start commands automatically download and manage the cloudflared binary, caching it in ~/.wrangler/cloudflared/. Users are prompted before downloading and warned if their PATH-installed cloudflared is outdated. You can override the binary location with the CLOUDFLARED_PATH environment variable.

  All commands are marked as experimental.

Patch Changes

• #12927 c9b3184 Thanks @​penalosa! - Bump undici from 7.18.2 to 7.24.4

• #12875 13df6c7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260312.1	1.20260316.1

• #12935 df0d112 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260316.1	1.20260317.1

• #12928 81ee98e Thanks @​petebacondarwin! - Migrate chrome-devtools-patches deployment from Cloudflare Pages to Workers + Assets

  The DevTools frontend is now deployed as a Cloudflare Workers + Assets project instead of a Cloudflare Pages project. This uses wrangler deploy for production deployments and wrangler versions upload for PR preview deployments.

  The inspector proxy origin allowlists in both wrangler and miniflare have been updated to accept connections from the new workers.dev domain patterns, while retaining the legacy pages.dev patterns for backward compatibility.

• #12835 c600ce0 Thanks @​dario-piotrowicz! - Fix execution freezing on debugger statements when DevTools is not attached

  Previously, wrangler always sent Debugger.enable to the runtime on connection, even when DevTools wasn't open. This caused scripts to freeze on debugger statements. Now Debugger.enable is only sent when DevTools is actually attached, and Debugger.disable is sent when DevTools disconnects to stop the runtime from performing debugging work.

• #12894 f509d13 Thanks @​gpanders! - Simplify description of --json option

... (truncated)

Commits

• a671740 Version Packages (#12923)
• e25bd0e Update prettier to 3.8.1 (#12939)
• df0d112 Bump the workerd-and-workers-types group with 2 updates (#12935)
• 81ee98e [chrome-devtools-patches] Migrate deployment from Cloudflare Pages to Workers...
• 3b81fc6 feat(wrangler): add wrangler tunnel (#12492)
• 13df6c7 Bump the workerd-and-workers-types group with 2 updates (#12875)
• 0a7fef9 wrangler: reject cross-drive module paths (#11888)
• f509d13 Remove superfluous adjective from --json description (#12894)
• c600ce0 Fix execution freezing on debugger statements when DevTools is not attached...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@cloudflare/workerd-darwin-64	1.20260317.1	Unknown	Unknown
npm/@cloudflare/workerd-darwin-arm64	1.20260317.1	Unknown	Unknown
npm/@cloudflare/workerd-linux-64	1.20260317.1	Unknown	Unknown
npm/@cloudflare/workerd-linux-arm64	1.20260317.1	Unknown	Unknown
npm/@cloudflare/workerd-windows-64	1.20260317.1	Unknown	Unknown
npm/miniflare	4.20260317.0	Unknown	Unknown
npm/undici	7.24.4	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Code-Review 🟢 4 Found 13/28 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations
npm/workerd	1.20260317.1	Unknown	Unknown
npm/wrangler	4.75.0	Unknown	Unknown

Scanned Files

• .github/package-lock.json

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm miniflare is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: .github/package-lock.json → npm/miniflare@4.20260317.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/miniflare@4.20260317.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report