chore(deps): bump @cloudflare/sandbox from 0.7.21 to 0.10.1

[dependabot]

Bumps @cloudflare/sandbox from 0.7.21 to 0.10.1.

Release notes

Sourced from @​cloudflare/sandbox's releases.

@​cloudflare/sandbox@​0.10.1

Patch Changes

• #683 718d4e7 Thanks @​aron-cf! - readFile now accepts encoding: 'none' on the rpc transport, returning a result whose content is a ReadableStream<Uint8Array> of raw binary data with no base64 encoding or buffering. Mirrors the existing writeFile support for ReadableStream input.

  // Stream a binary file without buffering or base64 overhead (rpc transport only)
  const { content, size, mimeType } = await sandbox.readFile(
    '/workspace/image.png',
    { encoding: 'none' }
  );

@​cloudflare/sandbox@​0.10.0

Minor Changes

• #659 7c09e87 Thanks @​mvanhorn! - Update the default sandbox image runtime from Node.js 20 to Node.js 24 so published images use the current Node.js LTS release. If your workload needs a different Node.js version, build a custom image with the NODE_VERSION Docker build argument.

Patch Changes

• #679 21a5a2e Thanks @​aron-cf! - Fixed createBackup and restoreBackup with localBucket: true failing on the rpc transport for archives larger than ~24 MiB.

• #659 7c09e87 Thanks @​mvanhorn! - Add NODE_VERSION build arg to the Dockerfile, allowing operators to customize the Node.js version used in sandbox container images.

@​cloudflare/sandbox@​0.9.4

Patch Changes

• #669 10d3239 Thanks @​aron-cf! - Ensure the RPC transport successfully connects once the container has started. This should reduce the likelihood of hitting an RPCTransportError: WebSocket upgrade failed: 503 Service Unavailable error when interacting with a sandbox before the container is ready.

@​cloudflare/sandbox@​0.9.3

Patch Changes

• #666 e8f57c8 Thanks @​scuffi! - Speed up backup and restore for larger archives with faster default compression, multipart R2 uploads, and parallel range downloads that write directly into the restored archive.

• #647 68c4f9b Thanks @​aron-cf! - Introduce new rpc transport to consolidate http and websocket transports.

  The intention is to replace http and websocket transports with a single implementation.

  • No sub-request limitations (currently affects the http transport).
  • No limit on write file size (currently affects both http and websocket transports).

  To enable the transport set SANDBOX_TRANSPORT to rpc in your wrangler config.

  A ReadableStream instance can now be passed to sandbox.writeFile() when using the rpc transport to avoid the 32mb file limit.

  {
    fetch(req, env) {

... (truncated)

Commits

• a14a524 Version Packages (#686)
• 1b10010 Bump fast-uri from 3.1.0 to 3.1.2 (#684)
• 718d4e7 Add readFile({ encoding: 'none' }) and move writeFileStream to client.files (...
• 50d6e97 Bump python-multipart in /bridge/examples/workspace-chat/backend (#680)
• a7d6517 Bump ip-address and express-rate-limit (#681)
• 9ab97fd Bump hono from 4.12.14 to 4.12.18 (#682)
• ac60237 Version Packages (#676)
• 663ed58 Skip large backup test on websocket transport
• d87be52 Remove unused import in claude-code example
• 21a5a2e Fix local backup/restore when using RPC transport
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #29.