chore(deps): bump @cloudflare/sandbox from 0.7.21 to 0.11.0

[dependabot]

Bumps @cloudflare/sandbox from 0.7.21 to 0.11.0.

Release notes

Sourced from @​cloudflare/sandbox's releases.

@​cloudflare/sandbox@​0.11.0

Minor Changes

• #708 287ec04 Thanks @​ghostwriternr! - Prevent stale preview URLs from waking or reaching sandbox runtimes. Invalid, revoked, or destroyed preview URLs return 404 INVALID_TOKEN; authorized URLs that are not activated for the current runtime return 410 STALE_PREVIEW_URL until the port is exposed again. Existing preview URLs that previously survived container restart now return 410 STALE_PREVIEW_URL after a restart until the port is exposed again in the new runtime.

  getExposedPorts() and isPortExposed() now report only ports that are currently preview-forwardable in the active runtime. unexposePort() is now idempotent: revoking a port that is not currently exposed succeeds without contacting the container. Preview URL state no longer uses the container-local exposed-port registry or proxy routes.

Patch Changes

• #733 d4a739b Thanks @​scuffi! - Allow backup and restore presigned URLs to target non-default R2 endpoints. Set BACKUP_BUCKET_ENDPOINT, for example https://<account_id>.eu.r2.cloudflarestorage.com, when your backup bucket uses an R2 jurisdiction.

• #732 8b9ec84 Thanks @​ghostwriternr! - Add bridge endpoints for managing tunnels to sandbox services. HTTP clients can call POST /v1/sandbox/:id/tunnel/:port with an optional name body field for a predictable named URL, and DELETE /v1/sandbox/:id/tunnel/:port to remove the tunnel.

• #730 de68927 Thanks @​ghostwriternr! - Classify Office Open XML files such as .xlsx and .docx as binary when reading files so they are returned with base64 encoding instead of text decoding.

• #722 95bb7b9 Thanks @​aron-cf! - Add named-tunnel support to sandbox.tunnels.get(port, { name }). Named tunnels bind a user-controlled hostname (<name>.<your-zone>) backed by a Cloudflare Tunnel and a proxied CNAME on your zone, so the URL is stable across container restarts and across sandboxes that share the same name. Calling sandbox.destroy() tears down the Cloudflare tunnel and DNS record alongside the container.

  const tunnel = await sandbox.tunnels.get(8080, { name: 'app' });
  console.log(tunnel.url); // → https://app.example.com

@​cloudflare/sandbox@​0.10.3

Patch Changes

• #715 453b577 Thanks @​aron-cf! - Upgrade capnweb to 0.8.0.

• #714 0ec4f42 Thanks @​aron-cf! - Bundle cloudflared into the musl/Alpine images.

• #706 ae5f9a1 Thanks @​scuffi! - Add sessionless execution mode with a configurable default-session policy.

  Set enableDefaultSession: false in SandboxOptions to run implicit top-level operations without a persistent shell — each command gets a fresh process with no shared state. The option is scoped to the sandbox object returned by getSandbox(...); explicit per-call session IDs continue to target that session.

@​cloudflare/sandbox@​0.10.2

Patch Changes

• #695 c6bf7dc Thanks @​aron-cf! - Add sandbox.tunnels namespace with quick-tunnel support. Call sandbox.tunnels.get(port) to obtain a https://<words>.trycloudflare.com URL that proxies to localhost:<port> inside the sandbox. The call is idempotent: repeated calls for the same port return the same record from per-sandbox Durable Object storage. No Cloudflare account or DNS setup required.

  const tunnel = await sandbox.tunnels.get(8080);
  console.log(tunnel.url);
  // → https://random-words-here.trycloudflare.com
  const same = await sandbox.tunnels.get(8080);
  console.log(same.url === tunnel.url); // true
  await sandbox.tunnels.list();
  await sandbox.tunnels.destroy(8080); // or destroy(tunnel)

... (truncated)

Commits

• 14848f5 Stabilize Playwright browser caching
• 8d5b62f Version Packages (#729)
• 8b9ec84 Add exposed-port endpoint to Sandbox Bridge (#732)
• d4a739b Allow backup bucket URL override (#733)
• de68927 Fix Office file binary detection (#730)
• d05c6c7 Remove container-local preview port registry (#710)
• 986dbf8 Align preview port APIs with forwarding (#709)
• 287ec04 Enforce preview URL runtime activation (#708)
• 95bb7b9 Add support for named tunnels (#722)
• 4975fbf Allow more time for trycloudflare DNS to propagate in E2E (#728)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #35.