chore(deps): bump @cloudflare/sandbox from 0.7.21 to 0.10.0

[dependabot]

Bumps @cloudflare/sandbox from 0.7.21 to 0.10.0.

Release notes

Sourced from @​cloudflare/sandbox's releases.

@​cloudflare/sandbox@​0.10.0

Minor Changes

• #659 7c09e87 Thanks @​mvanhorn! - Update the default sandbox image runtime from Node.js 20 to Node.js 24 so published images use the current Node.js LTS release. If your workload needs a different Node.js version, build a custom image with the NODE_VERSION Docker build argument.

Patch Changes

• #679 21a5a2e Thanks @​aron-cf! - Fixed createBackup and restoreBackup with localBucket: true failing on the rpc transport for archives larger than ~24 MiB.

• #659 7c09e87 Thanks @​mvanhorn! - Add NODE_VERSION build arg to the Dockerfile, allowing operators to customize the Node.js version used in sandbox container images.

@​cloudflare/sandbox@​0.9.4

Patch Changes

• #669 10d3239 Thanks @​aron-cf! - Ensure the RPC transport successfully connects once the container has started. This should reduce the likelihood of hitting an RPCTransportError: WebSocket upgrade failed: 503 Service Unavailable error when interacting with a sandbox before the container is ready.

@​cloudflare/sandbox@​0.9.3

Patch Changes

• #666 e8f57c8 Thanks @​scuffi! - Speed up backup and restore for larger archives with faster default compression, multipart R2 uploads, and parallel range downloads that write directly into the restored archive.

• #647 68c4f9b Thanks @​aron-cf! - Introduce new rpc transport to consolidate http and websocket transports.

  The intention is to replace http and websocket transports with a single implementation.

  • No sub-request limitations (currently affects the http transport).
  • No limit on write file size (currently affects both http and websocket transports).

  To enable the transport set SANDBOX_TRANSPORT to rpc in your wrangler config.

  A ReadableStream instance can now be passed to sandbox.writeFile() when using the rpc transport to avoid the 32mb file limit.

  {
    fetch(req, env) {
      const sandbox = getSandbox(env.Sandbox, "my-sandbox");
  // A ReadableStream can be passed as the content to writeFile().
  sandbox.writeFile("/workspace/archive.tar.gz", req.body);
  return new Response("OK");
  
  }
  }

• #653 e18ba4d Thanks @​ask-bonk! - Surface s3fs mount failures from mountBucket(). Mount errors (bad credentials, wrong bucket name, network failures) now throw S3FSMountError with the underlying s3fs log output, instead of silently returning success and leaving no filesystem attached.

... (truncated)

Commits

• ac60237 Version Packages (#676)
• 663ed58 Skip large backup test on websocket transport
• d87be52 Remove unused import in claude-code example
• 21a5a2e Fix local backup/restore when using RPC transport
• 147186f Inject credentials into HTTP requests in Claude Code example (#673)
• 7c09e87 feat: add NODE_VERSION build arg to sandbox Dockerfile (#610) (#659)
• b7895c7 Inject auth credentials in OpenCode example (#675)
• 2c298eb Version Packages (#671)
• c516e32 Refactor e2e code intepreter tests (#672)
• 487ada7 Add bridge test suite to CI (#652)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #26.