chore(deps): Bump the npm-deps group with 3 updates

[dependabot]

Bumps the npm-deps group with 3 updates: hono, @cloudflare/workers-types and wrangler.

Updates hono from 4.10.2 to 4.10.3

Release notes

Sourced from hono's releases.

v4.10.3

Securiy Fix

A security issue in the CORS middleware has been fixed. In some cases, a request header could affect the Vary response header. Please update to the latest version if you are using the CORS middleware.

What's Changed

• fix(aws-lambda): serve microsoft office files as binary in lambda handler by @​matthiasfeist in honojs/hono#4469
• fix(request-id): validation accepts = by @​ryuapp in honojs/hono#4478
• refactor(jwt): reduce the size of the code generated by minification by @​usualoma in honojs/hono#4480

New Contributors

• @​matthiasfeist made their first contribution in honojs/hono#4469

Full Changelog: honojs/hono@v4.10.2...v4.10.3

Commits

• fcefd50 4.10.3
• 95ae4d3 refactor(jwt): reduce the size of the code generated by minification (#4480)
• d9b8b4b Merge commit from fork
• 5216117 fix(request-id): validation accepts = (#4478)
• 253ec28 fix(aws-lambda): serve microsoft office files as binary in lambda handler (#4...
• See full diff in compare view

Updates @cloudflare/workers-types from 4.20251011.0 to 4.20251014.0

Commits

• See full diff in compare view

Updates wrangler from 4.43.0 to 4.45.0

Release notes

Sourced from wrangler's releases.

wrangler@4.45.0

Minor Changes

• #11030 1a8088a Thanks @​penalosa! - Enable automatic resource provisioning by default in Wrangler. This is still an experimental feature, but we're turning on the flag by default to make it easier for people to test it and try it out. You can disable the feature using the --no-x-provision flag. It currently works for R2, D1, and KV bindings.

  To use this feature, add a binding to your config file without a resource ID:

  {
  	"kv_namespaces": [{ "binding": "MY_KV" }],
  	"d1_databases": [{ "binding": "MY_DB" }],
  	"r2_buckets": [{ "binding": "MY_R2" }],
  }

  wrangler dev will automatically create these resources for you locally, and when you next run wrangler deploy Wrangler will call the Cloudflare API to create the requested resources and link them to your Worker. They'll stay linked across deploys, and you don't need to add the resource IDs to the config file for future deploys to work. This is especially good for shared templates, which now no longer need to include account-specific resource ID when adding a binding.

Patch Changes

• #11037 4bd4c29 Thanks @​danielrs! - Better Wrangler subdomain defaults warning.

  Improves the warnings that we show users when either worker_dev or preview_urls are missing.

• #10927 31e1330 Thanks @​dom96! - Implements python_modules.excludes wrangler config field

  [python_modules]
  excludes = ["**/*.pyc", "**/__pycache__"]

• #10741 2f57345 Thanks @​penalosa! - Remove obsolete --x-remote-bindings flag

• Updated dependencies [ca6c010]:

  • miniflare@4.20251011.1

wrangler@4.44.0

Minor Changes

• #10939 d4b4c90 Thanks @​danielrs! - Config preview_urls defaults to workers_dev value.

  Originally, we were defaulting config.preview_urls to true, but we were accidentally enabling Preview URLs for users that only had config.workers_dev=false.

  Then, we set the default value of config.preview_urls to false, but we were accidentally disabling Preview URLs for users that only had config.workers_dev=true.

  Rather than defaulting config.preview_urls to true or false, we default to the resolved value of config.workers_dev. Should result in a

... (truncated)

Changelog

Sourced from wrangler's changelog.

4.45.0

Minor Changes

• #11030 1a8088a Thanks @​penalosa! - Enable automatic resource provisioning by default in Wrangler. This is still an experimental feature, but we're turning on the flag by default to make it easier for people to test it and try it out. You can disable the feature using the --no-x-provision flag. It currently works for R2, D1, and KV bindings.

  To use this feature, add a binding to your config file without a resource ID:

  {
  	"kv_namespaces": [{ "binding": "MY_KV" }],
  	"d1_databases": [{ "binding": "MY_DB" }],
  	"r2_buckets": [{ "binding": "MY_R2" }],
  }

  wrangler dev will automatically create these resources for you locally, and when you next run wrangler deploy Wrangler will call the Cloudflare API to create the requested resources and link them to your Worker. They'll stay linked across deploys, and you don't need to add the resource IDs to the config file for future deploys to work. This is especially good for shared templates, which now no longer need to include account-specific resource ID when adding a binding.

Patch Changes

• #11037 4bd4c29 Thanks @​danielrs! - Better Wrangler subdomain defaults warning.

  Improves the warnings that we show users when either worker_dev or preview_urls are missing.

• #10927 31e1330 Thanks @​dom96! - Implements python_modules.excludes wrangler config field

  [python_modules]
  excludes = ["**/*.pyc", "**/__pycache__"]

• #10741 2f57345 Thanks @​penalosa! - Remove obsolete --x-remote-bindings flag

• Updated dependencies [ca6c010]:

  • miniflare@4.20251011.1

4.44.0

Minor Changes

• #10939 d4b4c90 Thanks @​danielrs! - Config preview_urls defaults to workers_dev value.

  Originally, we were defaulting config.preview_urls to true, but we were accidentally enabling Preview URLs for users that only had config.workers_dev=false.

  Then, we set the default value of config.preview_urls to false, but we were accidentally disabling Preview URLs for users that only had config.workers_dev=true.

... (truncated)

Commits

• a5eb513 Version Packages (#11054)
• 2f57345 Remove remote bindings flag (#10741)
• 1a8088a Enable provisioning by default (#11030)
• 4bd4c29 wrangler: feat: better wrangler subdomain defaults warning (#11037)
• 31e1330 Configurable rules for exclusions in bundling of python_modules (#10927)
• b57cd44 rename !legacyEnv to useServiceEnvironments (#10903)
• 0bfbfa0 Version Packages (#10980)
• 1a2bbf8 Set default values when statically replacing process.env.NODE_ENV (#11027)
• daa3529 Change AI model in tests (#11035)
• cf16deb CC-6280: Correctly handle image names that contain a slash (#11007)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions