build(deps-dev): bump wrangler from 4.99.0 to 4.100.0 in /cornucopia.owasp.org

[dependabot]

Bumps wrangler from 4.99.0 to 4.100.0.

Release notes

Sourced from wrangler's releases.

wrangler@4.100.0

Minor Changes

• #14119 2047a32 Thanks @​tahmid-23! - Serve local R2 bucket objects publicly via the dev server

  When running wrangler dev locally, objects in each local R2 binding are now reachable under /cdn-cgi/local/r2/public/<bucket-id>/<key> on the existing dev server, simulating a public bucket. The <bucket-id> is the bucket's bucket_name when set, otherwise its binding. Bindings configured with remote: true are not exposed.

• #14202 e8561c2 Thanks @​jamesopstad! - Add experimental --x-new-config flag for authoring config in TypeScript

  This is an experimental, opt-in feature. When enabled, wrangler dev, wrangler build, wrangler deploy, wrangler versions upload, and wrangler versions deploy load the Worker's configuration from a cloudflare.config.ts file instead of wrangler.json / wrangler.jsonc / wrangler.toml. Additionally, an optional wrangler.config.ts file can be provided for Wrangler-specific dev/build configuration.

  • cloudflare.config.ts (required) — Worker runtime configuration (bindings, triggers, observability, placement, limits, compatibility, routes, etc.). Authored via defineWorker from wrangler/experimental-config.
  • wrangler.config.ts (optional) — Tooling / bundling / dev-server configuration (noBundle, minify, alias, define, rules, tsconfig, build, dev, assetsDirectory, etc.). Authored via defineWranglerConfig from wrangler/experimental-config.

  Per-environment configuration is via ctx.mode branching inside the function form of either file.

  Example cloudflare.config.ts:

  import { defineWorker, bindings } from "wrangler/experimental-config";
  import * as entrypoint from "./src/index.ts" with { type: "cf-worker" };
  export default defineWorker((ctx) => ({
  name: "my-worker",
  entrypoint,
  compatibilityDate: "2026-05-18",
  env: {
  MY_KV: bindings.kv(),
  MY_TEXT: bindings.text(The mode is ${ctx.mode}),
  },
  }));

  Example wrangler.config.ts:

  import { defineWranglerConfig } from "wrangler/experimental-config";
  export default defineWranglerConfig({
  minify: true,
  assetsDirectory: "./public",
  });

  Because this is experimental, the flag, the config formats, and the wrangler/experimental-config exports may change in any release.

Patch Changes

• #14185 98c9afe Thanks @​penalosa! - Use the shared env-credential resolver from @cloudflare/workers-auth

... (truncated)

Commits

• 341bd13 Version Packages (#14237)
• e8561c2 Wrangler support for experimental new config (#14202)
• 4597f08 Bump the workerd-and-workers-types group with 2 updates (#14256)
• 2ae6099 move build earlier in deploy path (#14259)
• 25722ac Gate Network.enable on an attached DevTools client (#14243)
• 98c9afe [workers-auth] Make OAuth identity and token storage injectable for reuse by ...
• 10b5538 Improve authentication error messages with specific failure reasons (#14213)
• e305126 [wrangler] Add cf-wrangler delegate entrypoint; remove @​cloudflare/wrangler-b...
• 818c105 Improve R2 Sippy error messages (#14233)
• f3990b2 Bump the workerd-and-workers-types group with 2 updates (#14246)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)