Update dependency e2b

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
e2b (source)	2.28.1 → 2.29.4
e2b (source)	2.29.1 → 2.30.4

---

Release Notes

e2b-dev/e2b (e2b)

v2.29.1

Compare Source

Patch Changes

• 1d5259c: Fix a batch of connection-handling bugs in the JS and Python SDKs:
  • Python: HTTP transport caches now key on the configured proxy, so clients created with different (or no) proxy settings no longer silently reuse a transport built for the first proxy seen.
  • Python: request_timeout is now applied to control-plane (E2B API) requests; previously the underlying httpx client was built with no timeout at all.
  • Python: the server-stream parser no longer stalls (or drops the final envelope) when the remaining payload of an envelope is shorter than the 5-byte envelope header.
  • JS + Python: passing debug: false explicitly now overrides the E2B_DEBUG=true environment variable instead of being ignored.
  • JS: the RPC logger no longer crashes requests with a TypeError when a response contains protobuf int64 (bigint) fields; they are now logged as strings.

v2.29.0

Compare Source

Minor Changes

• 961ffba: feat(sdks): expose user-defined file metadata on sandbox.files

  Adds a metadata option to file uploads (write / writeFiles / write_files) and surfaces persisted metadata on every EntryInfo / WriteInfo returned by getInfo, list, rename, and write responses. On upload, metadata is sent as X-Metadata-<key>: <value> request headers; envd persists the values as extended attributes in the user.e2b. xattr namespace and returns them on subsequent filesystem reads (including user.e2b.* xattrs set out-of-band). Keys are sent as HTTP header names and are lowercased by the sandbox; metadata is validated client-side (keys must be valid HTTP header tokens, values must be printable US-ASCII) and invalid input raises InvalidArgumentError / InvalidArgumentException. The same metadata map is applied to every file in a multi-file upload. Requires envd 0.6.2 or later.

• da85b1e: Add an includeEntry/include_entry option to filesystem directory watching. When enabled, each FilesystemEvent carries the affected entry's EntryInfo (best-effort; left unset for events where the path no longer exists, such as remove/rename-away). Requires envd 0.6.3 or later; watching with this option against an older sandbox raises a template error.

Patch Changes

• 7dc861f: fix: align behavior between the JS and Python SDKs

  Python SDK:

  • commands.send_stdin and CommandHandle.send_stdin now accept bytes in addition to str, and the handle's send_stdin / close_stdin now accept a request_timeout.
  • git.reset now accepts a typed GitResetMode and its validation error matches the JS SDK wording/ordering. GitResetMode is now exported.
  • sandbox_url is now propagated through get_api_params.
  • Template.from_image() now raises when only one of username / password is provided.
  • get_info() no longer carries the envd access token on the returned SandboxInfo (the _envd_access_token field was unused), matching the JS SDK which strips it from getInfo.
  • get_metrics() now raises TemplateException (was SandboxException) with the same message as the JS SDK when the sandbox is too old.

  JS SDK:

  • Sandbox.getInfo() now includes sandboxDomain, matching the Python SDK's single get_info. getFullInfo is deprecated and now just wraps getInfo (it no longer returns the envd access token).
  • Sandbox.getMetrics() now returns [] in debug mode, matching the Python SDK. The debug short-circuit for getMetrics / kill is implemented on both the instance and static methods, so it applies consistently whether called as Sandbox.kill(sandboxId) or sandbox.kill().
  • Template.fromImage() now requires both username and password when registry credentials are provided.
  • Template.getBuildStatus() now defaults logsOffset to 0.
  • requestTimeoutMs: 0 now explicitly disables the request timeout.
  • getMetrics() now throws TemplateError (was SandboxError) when the sandbox is too old to support metrics.

v2.28.2

Compare Source

Patch Changes

• 4e16cff: Add proxy connection parameter to route SDK requests through an HTTP proxy, matching the Python SDK. When set, it applies to API requests, all requests made to the returned sandbox, and volume requests.
• 4e16cff: Fix proxy not being applied to volume content requests. Volume.create/Volume.connect now store the proxy on the returned instance, so instance methods (list, readFile, writeFile, makeDir, getInfo, updateMetadata, remove, …) route through it without having to pass proxy on every call. A per-call proxy still takes precedence.

e2b-dev/e2b (e2b)

v2.30.4

Compare Source

Patch Changes

• 726ced6: Fix duplicate logo on NPM/PyPI by switching to <picture> element.

v2.30.3

Compare Source

Patch Changes

• f3e7f33: Tidy up SDK authentication and deprecate the access token in ConnectionConfig.

  • Deprecated the accessToken (JS) / access_token (Python) option on ConnectionConfig. It still works exactly as before — when set (or via E2B_ACCESS_TOKEN), the Authorization: Bearer header is still sent — but you should pass custom auth through apiHeaders instead, e.g. new ConnectionConfig({ apiHeaders: { Authorization: 'Bearer <token>' } }).
  • The SDK now raises a clear error when no API key is supplied, pointing to the API Keys tab (https://e2b.dev/dashboard?tab=keys). In JS this is controlled by a requireApiKey option (default true) so callers that authenticate differently — like the CLI hitting /teams with an access token — can opt out; in Python the API key is always required.
  • Removed the unused access-token toggle from the API clients: requireAccessToken (JS) and require_access_token (Python). No caller ever set it to a non-default value, so behavior is unchanged.
  • The CLI now passes the access token to the /teams endpoint through apiHeaders instead of the deprecated option.
  • Decoupled the sandbox-scoped envd access token from ConnectionConfig: EnvdApiClient now owns its own accessToken field and sets the X-Access-Token header itself.

• 0a5d524: Update package logos with theme-aware dark/light variants for GitHub.

v2.30.2

Compare Source

Patch Changes

• 706c553: Template SDK fixes:

  • Sort files by full path in getAllFilesInPath so the files hash no longer depends on filesystem traversal order (the previous sort() was a no-op on glob Path objects).
  • Match the exact listening port in waitForPort (via ss's sport filter) so e.g. port 80 no longer matches 8080.
  • Shell-quote the URL, filename, and process name in waitForURL, waitForFile, and waitForProcess.
  • Shell-quote paths and arguments in remove, rename, makeDir, makeSymlink, gitClone (URL/branch/path), and the devcontainer helpers so values with spaces or shell metacharacters work correctly.
  • Keep fetching build logs after a terminal build status is returned so the tail of the logs (beyond the 100-entries-per-call API limit) is no longer dropped.
  • Collect one stack trace per COPY instruction so failed-step stack traces stay aligned after copy() with multiple sources or copyItems().
  • Strip ANSI escape codes in LogEntry messages, matching the Python SDK.

• 432c091: Add integration attribution options that append integration metadata to the SDK User-Agent.

• 71b450f: Recognize Bun and Deno connection-dropped errors in the sandbox health check. When the connection to a sandbox is dropped mid-request, each JS runtime surfaces it with different wording (Node/undici: terminated, Bun: The socket connection was closed unexpectedly, Deno: error reading a body from connection). All known variants are now matched, so a sandbox killed mid-request is reported as a TimeoutError on Bun and Deno too, matching Node.

v2.30.1

Compare Source

Patch Changes

• e88ae33: Fix signed URL expiration edge cases in uploadUrl/downloadUrl (upload_url/download_url):

  • Python now raises InvalidArgumentException when use_signature_expiration is passed for an unsecured sandbox, matching the JS SDK behavior (which now throws InvalidArgumentError instead of a plain Error).
  • A signature expiration of 0 now produces an immediately expiring URL instead of silently creating a never-expiring one.

• 78c200a: Allow disabling client-side API key format validation. Set the E2B_VALIDATE_API_KEY environment variable to false, or pass the validateApiKey: false (JS) / validate_api_key=False (Python) connection option, when your deployment issues API keys that don't match the default e2b_ format.

• cb061d2: Fix command and PTY streaming issues:

  • Decode stdout/stderr incrementally so multibyte UTF-8 characters split across command stream chunks are no longer corrupted
  • Avoid mutating the caller's envs object when applying default TERM/LANG/LC_ALL values in pty.create()

• 82add5b: Raise a typed, actionable error when the sandbox dies while a request is in flight. When the connection is dropped mid-request (streaming RPC calls — commands, PTY, directory watch — and filesystem read/write), the SDKs now probe the sandbox health endpoint: if the sandbox is confirmed gone, a TimeoutError (JS) / TimeoutException (Python) is raised stating the sandbox was killed or reached its end of life — consistent with how requests to an already-dead sandbox surface. In all other cases the original error propagates unchanged.

• 5ea287b: Make the gzip: true upload option imply the application/octet-stream upload path so it is no longer silently ignored on the default multipart/form-data path. On envd versions older than 0.5.7 the upload still falls back to uncompressed multipart/form-data.

• b52eb3c: Skip the control plane request in Sandbox.connect() when running in debug mode, matching the behavior of Sandbox.create(). In the Python SDK, Sandbox.connect() now also normalizes missing envd and traffic access tokens to None instead of leaking the Unset sentinel, which previously broke download_url()/upload_url() for non-secure sandboxes.

v2.30.0

Compare Source

Minor Changes

• e873ee9: Add an allowNetworkMounts/allow_network_mounts option to filesystem directory watching. When enabled, paths on network filesystem mounts (NFS, CIFS, SMB, FUSE) can be watched — they are rejected by default because events on network mounts may be unreliable or not delivered at all. Requires envd 0.6.4 or later; watching with this option against an older sandbox raises a template error.

Patch Changes

• cab59ca: Fix Sandbox.getMetrics() sending start and end as path parameters instead of query parameters, which caused the requested time range to be silently ignored
• 0b0c728: Fix Volume.readFile returning undefined instead of an empty Blob/ReadableStream for empty files, and apply the documented 60s default request timeout to volume content requests.
• feb2d45: Return boolean from the Sandbox.kill() instance method (true if the sandbox was killed, false if it was not found), matching the static Sandbox.kill() and the Python SDK.
• 91e84d9: Raise an error for non-2xx API and envd responses with empty bodies (e.g. Content-Length: 0) instead of treating them as successful.

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.