chore(deps): bump @cloudflare/sandbox from 0.7.21 to 0.9.2

[dependabot]

Bumps @cloudflare/sandbox from 0.7.21 to 0.9.2.

Release notes

Sourced from @​cloudflare/sandbox's releases.

@​cloudflare/sandbox@​0.9.2

Patch Changes

• #645 2d0687b Thanks @​scuffi! - Fix createBackup() excludes that use gitignore-style ** globstars.

  Normalize globstar excludes to the mksquashfs-compatible patterns used by the backup pipeline so local and production backups handle them consistently.

@​cloudflare/sandbox@​0.9.1

Patch Changes

• 51f1d04 Thanks @​whoiskatrin! - Coalesce concurrent Sandbox.destroy() calls onto a single teardown. If a previous destroy() is still in flight, subsequent calls await the same underlying work instead of starting a second teardown, and emit a canonical sandbox.destroy.coalesced event per coalesced call for observability. Once the in-flight teardown settles, later destroy() calls run a fresh teardown as before. Fixes observed destroy-recreate thrash where external health checks can invoke destroy() faster than the sandbox can initialize.

• #592 b2bf021 Thanks @​whoiskatrin! - Add sandbox.getContainerPlacementId() to retrieve the Cloudflare placement ID observed for the underlying container.

  The placement ID identifies the current container placement and changes when the container is replaced by the platform. Compare the returned value against a stored value to detect container replacement and trigger reconciliation.

  The placement ID is captured during the session-create handshake and cached in Durable Object storage, so reads are cheap and do not require a healthy container. A fresh placement ID is captured on each subsequent handshake, so a replacement is reflected the next time the sandbox is used.

  Returns undefined when no session-create handshake has been observed yet on this sandbox — call any method that triggers session creation (such as exec()) first. Returns null when a handshake has completed but the container's CLOUDFLARE_PLACEMENT_ID environment variable is not set, such as in local development with wrangler.

  await sandbox.exec('true'); // ensures the handshake has run
  const containerPlacementId = await sandbox.getContainerPlacementId();
  if (
    typeof containerPlacementId === 'string' &&
    containerPlacementId !== lastKnownPlacementId
  ) {
    // Container was replaced — reconcile state
  }

@​cloudflare/sandbox@​0.9.0

Minor Changes

... (truncated)

Commits

• 48c0bf3 Version Packages (#649)
• f3ffbe5 Improve handling of transport errors when using RPC transport (#655)
• d66fc9f Serialize Bonk per pull request (#654)
• 05aaa7d Pin Bonk opencode version (#648)
• 2d0687b Normalize globstar exclude patterns for backups (#645)
• ea69312 Version Packages (#644)
• 51f1d04 Coalesce concurrent destroy() calls (#601)
• b2bf021 Expose container placement ID on the sandbox (#592)
• 2b0d867 Run the rpc transport e2e tests (#640)
• 14aebad Two fixes for rpc transport (#643)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #25.