Update dependency e2b#299
Conversation
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
There was a problem hiding this comment.
LGTM — Renovate lockfile bump for e2b (Python 2.26→2.30, JS 2.28→2.31), no source changes.
Extended reasoning...
Overview
This is a Renovate-generated dependency update PR that touches only two lockfiles: pnpm-lock.yaml and python/poetry.lock. It bumps the e2b SDK — Python from 2.26.0 → 2.30.0 and JS from 2.28.0 → 2.31.0 — and pulls along transitive updates (@bufbuild/protobuf 2.12.0→2.12.1, undici 7.27.0→7.28.0, tar 7.5.16→7.5.19, brace-expansion 5.0.6→5.0.7, picomatch 4.0.4→4.0.5). No application source code, config, or CI is modified.
Security risks
None introduced by this change itself. The transitive updates are patch-level bumps that generally include fixes. The e2b release notes are dominated by bug fixes (connection handling, timeout propagation, rate-limit error consistency, empty-response handling) and additive features (metadata on uploads, network-mount watch option, proxy propagation) — nothing here weakens the security posture.
Level of scrutiny
Low. This is a lockfile-only Renovate PR within the same minor-version band (2.x → 2.x) of a package the project already depends on. The bug-hunting pass produced no findings, and there is no logic change to review.
Other factors
The upstream release notes explicitly call out backwards-compatible additive features and bug fixes; the couple of behavior changes (e.g. getMetrics() now throws TemplateError, Sandbox.kill() now returns a boolean in JS) are unlikely to affect this repository unless it exercises those exact code paths, which a lockfile-only change would not silently break at runtime import. Prior commits show a pattern of routinely merging similar Renovate updates.
This PR contains the following updates:
2.26.0→2.30.02.28.0→2.31.0Release Notes
e2b-dev/e2b (e2b)
v2.30.0Minor Changes
e873ee9: Add anallowNetworkMounts/allow_network_mountsoption to filesystem directory watching. When enabled, paths on network filesystem mounts (NFS, CIFS, SMB, FUSE) can be watched — they are rejected by default because events on network mounts may be unreliable or not delivered at all. Requires envd 0.6.4 or later; watching with this option against an older sandbox raises a template error.Patch Changes
cab59ca: FixSandbox.getMetrics()sendingstartandendas path parameters instead of query parameters, which caused the requested time range to be silently ignored0b0c728: FixVolume.readFilereturningundefinedinstead of an emptyBlob/ReadableStreamfor empty files, and apply the documented 60s default request timeout to volume content requests.feb2d45: Returnbooleanfrom theSandbox.kill()instance method (trueif the sandbox was killed,falseif it was not found), matching the staticSandbox.kill()and the Python SDK.91e84d9: Raise an error for non-2xx API and envd responses with empty bodies (e.g.Content-Length: 0) instead of treating them as successful.v2.29.1Compare Source
Patch Changes
1d5259c: Fix a batch of connection-handling bugs in the JS and Python SDKs:request_timeoutis now applied to control-plane (E2B API) requests; previously the underlying httpx client was built with no timeout at all.debug: falseexplicitly now overrides theE2B_DEBUG=trueenvironment variable instead of being ignored.TypeErrorwhen a response contains protobuf int64 (bigint) fields; they are now logged as strings.v2.29.0Compare Source
Minor Changes
961ffba: feat(sdks): expose user-defined file metadata onsandbox.filesAdds a
metadataoption to file uploads (write/writeFiles/write_files) and surfaces persisted metadata on everyEntryInfo/WriteInforeturned bygetInfo,list,rename, and write responses. On upload, metadata is sent asX-Metadata-<key>: <value>request headers; envd persists the values as extended attributes in theuser.e2b.xattr namespace and returns them on subsequent filesystem reads (includinguser.e2b.*xattrs set out-of-band). Keys are sent as HTTP header names and are lowercased by the sandbox; metadata is validated client-side (keys must be valid HTTP header tokens, values must be printable US-ASCII) and invalid input raisesInvalidArgumentError/InvalidArgumentException. The same metadata map is applied to every file in a multi-file upload. Requires envd 0.6.2 or later.da85b1e: Add anincludeEntry/include_entryoption to filesystem directory watching. When enabled, eachFilesystemEventcarries the affected entry'sEntryInfo(best-effort; left unset for events where the path no longer exists, such as remove/rename-away). Requires envd 0.6.3 or later; watching with this option against an older sandbox raises a template error.Patch Changes
7dc861f: fix: align behavior between the JS and Python SDKsPython SDK:
commands.send_stdinandCommandHandle.send_stdinnow acceptbytesin addition tostr, and the handle'ssend_stdin/close_stdinnow accept arequest_timeout.git.resetnow accepts a typedGitResetModeand its validation error matches the JS SDK wording/ordering.GitResetModeis now exported.sandbox_urlis now propagated throughget_api_params.Template.from_image()now raises when only one ofusername/passwordis provided.get_info()no longer carries the envd access token on the returnedSandboxInfo(the_envd_access_tokenfield was unused), matching the JS SDK which strips it fromgetInfo.get_metrics()now raisesTemplateException(wasSandboxException) with the same message as the JS SDK when the sandbox is too old.JS SDK:
Sandbox.getInfo()now includessandboxDomain, matching the Python SDK's singleget_info.getFullInfois deprecated and now just wrapsgetInfo(it no longer returns the envd access token).Sandbox.getMetrics()now returns[]in debug mode, matching the Python SDK. The debug short-circuit forgetMetrics/killis implemented on both the instance and static methods, so it applies consistently whether called asSandbox.kill(sandboxId)orsandbox.kill().Template.fromImage()now requires bothusernameandpasswordwhen registry credentials are provided.Template.getBuildStatus()now defaultslogsOffsetto0.requestTimeoutMs: 0now explicitly disables the request timeout.getMetrics()now throwsTemplateError(wasSandboxError) when the sandbox is too old to support metrics.v2.28.2Compare Source
Patch Changes
4e16cff: Addproxyconnection parameter to route SDK requests through an HTTP proxy, matching the Python SDK. When set, it applies to API requests, all requests made to the returned sandbox, and volume requests.4e16cff: Fixproxynot being applied to volume content requests.Volume.create/Volume.connectnow store theproxyon the returned instance, so instance methods (list,readFile,writeFile,makeDir,getInfo,updateMetadata,remove, …) route through it without having to passproxyon every call. A per-callproxystill takes precedence.v2.28.1Compare Source
Patch Changes
08012ee: feat: addsendStdin/send_stdinandcloseStdin/close_stdintoCommandHandleYou can now send and close stdin directly on a background command handle instead of going through
sandbox.commandswith the command's PID.ca18220: Usecomponents['schemas'][...]instead of verbosepaths[...]traversal for OpenAPI-generated type references.v2.28.0Compare Source
Minor Changes
073661a: Add API-only custom header options for the JavaScript and Python SDKs.Patch Changes
e7a82ea: Remove unused internal code:waithelper (js-sdk),asSandboxTemplate/asHeadline/selectOption/basicDockerfile(cli), andformat_execution_timeout_error(python-sdk). No public API changes.5b2bb94: Return a dedicated rate limit error for HTTP 429 responses from the envd API. Previously these were surfaced as a generic sandbox error, unlike the main API client which already raisedRateLimitError(JS) /RateLimitException(Python). Rate limit errors are now consistent across all SDK request paths.v2.27.1Compare Source
Patch Changes
ad37796: fix: await async callbacks in CommandHandle.wait()b7fa99e: Silence the undici HTTP/2 fallback warning.v2.27.0Compare Source
Minor Changes
2691c73: Sync OpenAPI spec frome2b-dev/infra. Notable changes:SandboxMetricsgainsmemCache/mem_cache(cached memory in bytes),NodeStatusgainsstandby,TeamUser.emailis now nullable and deprecated, andPOST /v3/templatescan now return403.Patch Changes
a6bf71a: fix(sdks):Template.fromDockerfile/Template.from_dockerfilenow correctly handle multi-sourceCOPY/ADDinstructions. Previously, only the first source was kept and all intermediate sources were silently dropped; now each source is emitted as its owncopy()call to the same destination.4a4bb36: Validate the E2B API key format client-side. SDKs now throw anAuthenticationError/AuthenticationExceptionwith an example token (e.g.e2b_0000000000000000000000000000000000000000) when the key does not start withe2b_followed by hex characters.Configuration
📅 Schedule: (in timezone UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.