chore(deps-dev): bump the cloudflare group across 1 directory with 3 updates

[dependabot]

Bumps the cloudflare group with 3 updates in the / directory: @cloudflare/containers, @cloudflare/workers-types and wrangler.

Updates @cloudflare/containers from 0.3.3 to 0.3.4

Release notes

Sourced from @​cloudflare/containers's releases.

v0.3.4

Patch Changes

• 8442f40: Fix a race in Container where concurrent container.fetch calls to a cold container could throw "start() cannot be called on a container that is already running.".

• cf01432: Ensure pending stop events are processed when the persisted container lifecycle state is still running but the underlying container has already exited.

  Migrate the root unit test suite from Jest to Vitest and add a test:unit script for running src/tests directly.

• cf41295: Fix subclass sleepAfter overrides being ignored during the initial activity timeout setup. Previously, the base Container constructor called renewActivityTimeout() inside blockConcurrencyWhile() before subclass class-field initializers ran, so the first sleepAfterMs was always computed from the base default ('10m') regardless of whether the subclass declared sleepAfter = '2h'. A container could then be killed by the activity timeout before the subclass's longer window took effect on the next renewActivityTimeout call. Declarations like:

  class BigContainer extends Container {
    sleepAfter = '2h';
  }

  are now honored from the very first alarm check.

• 07fedbb: Preserve Cloudchamber startup rate-limit errors in the Containers helper and return HTTP 429 from containerFetch() when startup is rate limited.

Changelog

Sourced from @​cloudflare/containers's changelog.

0.3.4

Patch Changes

• 8442f40: Fix a race in Container where concurrent container.fetch calls to a cold container could throw "start() cannot be called on a container that is already running.".

• cf01432: Ensure pending stop events are processed when the persisted container lifecycle state is still running but the underlying container has already exited.

  Migrate the root unit test suite from Jest to Vitest and add a test:unit script for running src/tests directly.

• cf41295: Fix subclass sleepAfter overrides being ignored during the initial activity timeout setup. Previously, the base Container constructor called renewActivityTimeout() inside blockConcurrencyWhile() before subclass class-field initializers ran, so the first sleepAfterMs was always computed from the base default ('10m') regardless of whether the subclass declared sleepAfter = '2h'. A container could then be killed by the activity timeout before the subclass's longer window took effect on the next renewActivityTimeout call. Declarations like:

  class BigContainer extends Container {
    sleepAfter = '2h';
  }

  are now honored from the very first alarm check.

• 07fedbb: Preserve Cloudchamber startup rate-limit errors in the Containers helper and return HTTP 429 from containerFetch() when startup is rate limited.

Commits

• d731038 Merge pull request #194 from cloudflare/changeset-release/main
• 7929d3c Version Packages
• b4efcc0 Merge pull request #202 from cloudflare/mjp/missing-changesets
• 3bba74f Merge pull request #203 from cloudflare/gv/running-state
• cf01432 fix: process pending stops from running state
• c5b363a test: migrate unit tests to vitest
• 8442f40 chore: add missing changeset for concurrent start race fix (#200, #201)
• 0548b5d Merge pull request #201 from mattjohnsonpint/mjp/pr-200-followup
• 3fd83cb reorder startInFlight and container.running checks
• 664b208 Merge pull request #200 from mattjohnsonpint/mjp/issue-173
• Additional commits viewable in compare view

Updates @cloudflare/workers-types from 4.20260506.1 to 4.20260511.1

Commits

• See full diff in compare view

Updates wrangler from 4.88.0 to 4.90.1

Release notes

Sourced from wrangler's releases.

wrangler@4.90.1

Patch Changes

• #13866 4e44ce6 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260507.1	1.20260508.1

• #13837 b0cee1d Thanks @​matingathani! - Fix beta/open-beta status message ignoring printBanner: false — when a command sets printBanner: (args) => !args.json, the status banner no longer appears in JSON output

• #13887 d878e13 Thanks @​apeacock1991! - Fix wrangler dev hanging on shutdown when remote bindings are present

  startDev() registers dev hotkeys before authenticating the user. During interactive dev sessions, the auth callback re-registers hotkeys, which updates the local unregisterHotKeys variable to a new cleanup function. However, the unregisterHotKeys value returned to callers was captured as a direct reference to the initial registration, so it would call the stale cleanup function instead of the current one.

  This has been fixed by returning a wrapper function () => unregisterHotKeys?.() instead of the variable directly. The wrapper evaluates unregisterHotKeys at call time, ensuring it always invokes the latest cleanup function even after re-registration.

• #13867 971dfe3 Thanks @​petebacondarwin! - Fix race in RemoteProxySession.updateBindings so it waits for the remote worker to finish reloading with the new bindings before resolving

  Previously, updateBindings resolved as soon as the config update event was dispatched, long before the remote worker had been re-uploaded and the local proxy worker had unpaused. Callers that issued requests immediately afterwards could see flaky failures — typically "WebSocket connection failed" for JSRPC bindings such as service bindings or dispatch namespaces — because the local proxy worker was still in its paused state during the reload window. updateBindings now waits for the next reloadComplete event and for the local proxy worker's runtime-message queue to drain before returning, so callers can safely issue requests after await session.updateBindings(...). If the reload fails, the rejection from updateBindings carries the underlying error.

• #13867 971dfe3 Thanks @​petebacondarwin! - Fix unhandled AbortError from wrangler dev's remote tail WebSocket when the bundle rebuilds or the dev session shuts down

  The remote-runtime tail-logs WebSocket (#activeTail in RemoteRuntimeController) was constructed with the same AbortSignal that onBundleStart aborts to cancel in-flight preview-session operations. The abort destroyed the WebSocket's underlying upgrade request with AbortError, which had no error listener attached and propagated as an unhandled exception. We now attach an error listener at WebSocket construction that ignores errors (logging at debug level), matching the safeguards already present on the terminate paths in #previewToken and teardown().

• Updated dependencies [4e44ce6, 5d936c5]:

  • miniflare@4.20260508.0

wrangler@4.90.0

Minor Changes

• #12279 248bc08 Thanks @​penalosa! - Add deprecation warning for delivery_delay in queue producer bindings

  The delivery_delay setting in [[queues.producers]] was silently having no effect since 2024. This change adds a deprecation warning when the setting is used, informing users that queue-level settings should be configured using wrangler queues update instead. The setting will be removed in a future version.

Patch Changes

• #13853 8852b0c Thanks @​gpanders! - Fix Containers SSH config

• #13858 e414e56 Thanks @​penalosa! - Fix wrangler whoami and account selection failing for Account API Tokens

  The /memberships fallback for Account API Tokens was checking for code 9109, but /memberships actually returns 9106 for that case. Correct the code so the fallback to /accounts triggers as intended.

• Updated dependencies []:

  • miniflare@4.20260507.1

wrangler@4.89.1

Patch Changes

... (truncated)

Commits

• b7d79a9 Version Packages (#13859)
• b0cee1d [wrangler] fix: suppress status badge when printBanner returns false (#13837)
• d878e13 [wrangler] Fix remote bindings hanging on shutdown (#13887)
• 4e44ce6 chore(deps): bump the workerd-and-workers-types group with 2 updates (#13866)
• 971dfe3 [wrangler] Fix races in RemoteProxySession reload and remote tail WebSocket (...
• 14d4768 Version Packages (#13856)
• e414e56 [wrangler] Fix Account API Tokens failing on /memberships (#13858)
• 8852b0c Fix Containers SSH config (#13853)
• 1527003 Migrate Workers AI references off deprecated models (#13850)
• e0c97ad Version Packages (#13851)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.