build(deps): bump the npm-dependencies group with 3 updates

[dependabot]

Bumps the npm-dependencies group with 3 updates: jose, postal-mime and wrangler.

Updates jose from 6.2.0 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• d491aa9 chore(release): 6.2.1
• d4231f9 refactor: reorganize internals, less files, smaller footprint
• 7b22ba8 test: use playwright instead of testcafe
• 00965b4 chore: bump packages
• Additional commits viewable in compare view

Updates postal-mime from 2.7.3 to 2.7.4

Release notes

Sourced from postal-mime's releases.

v2.7.4

2.7.4 (2026-03-17)

Bug Fixes

• add missing originalKey to Header type and Uint8Array to Attachment content (92cc91c)
• include originalKey in parsed headers output (83521c8)
• preserve __esModule and .default in CJS build for bundler interop (1466910)
• prevent RFC 2047 encoded-word address fabrication (844f920)

Changelog

Sourced from postal-mime's changelog.

2.7.4 (2026-03-17)

Bug Fixes

• add missing originalKey to Header type and Uint8Array to Attachment content (92cc91c)
• include originalKey in parsed headers output (83521c8)
• preserve __esModule and .default in CJS build for bundler interop (1466910)
• prevent RFC 2047 encoded-word address fabrication (844f920)

Commits

• 178f1ef chore(master): release 2.7.4 (#88)
• 1f7ba61 chore: bump devDependencies
• 83521c8 fix: include originalKey in parsed headers output
• b0d7b11 test: improve test coverage across codebase
• ebc5ce6 refactor: simplify and clean up codebase
• 1466910 fix: preserve __esModule and .default in CJS build for bundler interop
• 844f920 fix: prevent RFC 2047 encoded-word address fabrication
• 24dc6c6 test: update type check test with originalKey property
• 92cc91c fix: add missing originalKey to Header type and Uint8Array to Attachment content
• aa5baea docs: add link to full documentation site
• See full diff in compare view

Updates wrangler from 4.71.0 to 4.76.0

Release notes

Sourced from wrangler's releases.

wrangler@4.76.0

Minor Changes

• #12893 782df44 Thanks @​gpanders! - Rewrite wrangler containers list to use the paginated Dash API endpoint

  wrangler containers list now fetches from the /dash/applications endpoint instead of /applications, displaying results in a paginated table with columns for ID, Name, State, Live Instances, and Last Modified. Container state is derived from health instance counters (active, degraded, provisioning, ready).

  The command supports --per-page (default 25) for interactive pagination with Enter to load more and q/Esc to quit, and --json for machine-readable output. Non-interactive environments load all results in a single request.

• #12957 62545c9 Thanks @​natewong1313! - Add Stream binding support to Wrangler and workers-utils

  Wrangler and workers-utils now recognize the stream binding in configuration, deployment metadata, and generated worker types. This enables projects to declare Stream bindings in wrangler.json and have the binding represented consistently across validation, metadata mapping, and type generation.

• #12848 ce48b77 Thanks @​emily-shen! - Enable local explorer by default

  This ungates the local explorer, a UI that lets you inspect the state of D1, DO and KV resources locally by visiting /cdn-cgi/explorer during local development.

  Note: this feature is still experimental, and can be disabled by setting the env var X_LOCAL_EXPLORER=false.

Patch Changes

• #12938 71ab981 Thanks @​dario-piotrowicz! - Add backward-compatible autoconfig support for Astro v5 and v4 projects

  The astro add cloudflare command in older Astro versions installs the latest adapter version, which causes compatibility issues. This change adds manual configuration logic for projects using Astro versions before 6.0.0:

  • Astro 6.0.0+: Uses the native astro add cloudflare command (unchanged behavior)
  • Astro 5.x: Installs @astrojs/cloudflare@12 and manually configures the adapter
  • Astro 4.x: Installs @astrojs/cloudflare@11 and manually configures the adapter
  • Astro < 4.0.0: Returns an error prompting the user to upgrade

• #11892 7c3c6c6 Thanks @​staticpayload! - Handle registry ports when matching container image digests

  Wrangler now strips tags without breaking registry ports when comparing local images to remote digests. This prevents unnecessary pushes for tags like localhost:5000/app:tag.

• Updated dependencies [3c988e2, d028ffb, cb71403, 3a1c149, ce48b77, 8729f3d]:

  • miniflare@4.20260317.1
  • @​cloudflare/unenv-preset@​2.16.0

wrangler@4.75.0

Minor Changes

• #12492 3b81fc6 Thanks @​thomasgauvin! - feat: add wrangler tunnel commands for managing Cloudflare Tunnels

  Adds a new set of commands for managing remotely-managed Cloudflare Tunnels directly from Wrangler:

  • wrangler tunnel create <name> - Create a new Cloudflare Tunnel
  • wrangler tunnel list - List all tunnels in your account
  • wrangler tunnel info <tunnel> - Display details about a specific tunnel
  • wrangler tunnel delete <tunnel> - Delete a tunnel (with confirmation)
  • wrangler tunnel run <tunnel> - Run a tunnel using cloudflared

... (truncated)

Commits

• 7d2661b Version Packages (#12945)
• 782df44 Reimplement containers list using Dash API endpoints (#12893)
• 62545c9 [Stream] Add worker bindings support (#12957)
• 71ab981 Add backward-compatible autoconfig support for Astro v5 and v4 projects (#12938)
• aa26784 Convert from ESLint to oxlint, Prettier to oxfmt (#12930)
• 7c3c6c6 wrangler: handle registry ports in digest checks (#11892)
• d028ffb [unenv-preset] Graduate experimental Node.js module flags to date-gated (2026...
• ce48b77 Ungate local explorer (#12848)
• a671740 Version Packages (#12923)
• e25bd0e Update prettier to 3.8.1 (#12939)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions