Skip to content

Update dependency e2b#306

Merged
mishushakov merged 1 commit into
mainfrom
renovate/e2b-2.x-lockfile
Jul 14, 2026
Merged

Update dependency e2b#306
mishushakov merged 1 commit into
mainfrom
renovate/e2b-2.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
e2b (source) 2.31.02.32.0 age confidence
e2b (source) 2.32.02.33.0 age confidence

Release Notes

e2b-dev/e2b (e2b)

v2.32.0

Compare Source

Minor Changes
  • 2b7dd17: Add a gzip option to the template copy layer to control whether copied
    files are gzipped before upload.

    Gzip is enabled by default (matching the previous behavior). Pass
    gzip: false (gzip=False in Python) to upload an uncompressed tar archive
    instead — useful when copying already-compressed files where gzipping adds
    CPU cost without shrinking the payload.

    // JS/TS
    template.copy('model.bin', '/app/', { gzip: false })
    # Python
    template.copy('model.bin', '/app/', gzip=False)
Patch Changes
  • bb45f18: Introduce a generic, reusable paginator base class and migrate the sandbox and snapshot list paginators onto it. The base owns the shared cursor-based pagination state (hasNext/has_next, nextToken/next_token, and reading the x-next-token header) while each concrete paginator implements nextItems/next_items to fetch its own page, so future list endpoints can add pagination by subclassing it without reimplementing the bookkeeping. No public API changes.
  • f160f08: Keep integration user-agent attribution on ConnectionConfig instead of exposing it through sandbox, template, volume, or per-call API option types.
  • c385566: Correct Sandbox.list() documentation across both SDKs: it returns a paginator (SandboxPaginator / AsyncSandboxPaginator), not a list, and by default the server returns sandboxes in both running and paused states. The docstrings now describe the return type accurately and show how to iterate pages via paginator.next_items() / await paginator.nextItems() while paginator.has_next / paginator.hasNext is true. No behavior change.
  • bb16968: Template builds: the build-context tar archive is now spooled to a temporary file and streamed from disk during upload instead of being held in memory (JS and Python, sync and async), while keeping the explicit Content-Length required by S3 presigned URLs. Temp-file cleanup is now best-effort, so a cleanup failure after the upload no longer masks a successful upload as an error (nor overwrites the real upload error on failure). The Python SDK now uploads the archive with a 1-hour default timeout (overridable via request_timeout) instead of the 60s general API timeout, matching the JS SDK and preventing large uploads from timing out.

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@mishushakov mishushakov enabled auto-merge (squash) July 14, 2026 10:47

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a87578e6c5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread pnpm-lock.yaml
engines: {node: '>=20.18.1'}
e2b@2.33.0:
resolution: {integrity: sha512-n6W0nsJMetz8m30sLPMYfliPTW0VpuaDTUOjB0ZdYZ87li4zyX0UQqeQ5S/YPvq8EX9zEYcy3SijBxn1FGFlkQ==}
engines: {node: '>=20.18.1 <21 || >=22'}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Align the advertised Node range with e2b

In Node 21 environments, this new transitive engines constraint rejects installs, but js/package.json:68 still advertises node: >=20 and the repo has .npmrc:6 set to engine-strict=true; pnpm's engines docs note that dependency engines become enforced when engineStrict is set (docs). That means a checkout using a Node version the package claims to support can fail during pnpm install before tests/builds run, so either exclude Node 21 from the package engine range or avoid this e2b version if Node 21 remains supported.

Useful? React with 👍 / 👎.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — this is a lockfile-only dependency bump for the e2b SDK (JS 2.32.0→2.33.0, Python 2.31.0→2.32.0), plus routine transitive dependency updates.

What was reviewed: confirmed the diffs are limited to pnpm-lock.yaml and python/poetry.lock (no source/config changes), checked the e2b changelog entries (gzip copy option, paginator refactor, streamed upload for template builds) for any breaking API changes affecting this repo — none found. Also checked the tightened Node engine range (>=20.18.1 <21 || >=22) introduced by the JS bump — this only affects users installing under Node 21 with engine-strict, not this repo's own build/CI.

Extended reasoning...

Overview

This PR is an automated Renovate dependency update touching only two lockfiles: pnpm-lock.yaml and python/poetry.lock. It bumps the e2b SDK dependency (JS: 2.32.0→2.33.0, Python: 2.31.0→2.32.0) along with a handful of transitive dependencies (postcss, nanoid, tar, connectrpc, etc.) that came along for the ride. No application source code, configuration, or CI files are modified.

Security risks

None identified. Lockfile-only changes carry no direct security risk beyond the integrity of the upstream packages themselves, which are resolved via their published checksums (already present in the diff). The e2b release notes describe internal refactors (paginator base class, streamed tar uploads) and a new opt-in gzip option — none of which touch auth, crypto, or permission logic in this repository.

Level of scrutiny

Low. This is exactly the kind of mechanical, bot-generated dependency bump that fits the approval criteria: no ambiguity, no design decisions, and the diff is fully mechanical (lockfile regeneration). The bug hunting system found no issues, and the one candidate concern raised (Node engine-range tightening) was investigated and does not affect this repo's supported Node versions.

Other factors

No prior reviews exist on this PR. The changesets in the e2b release notes (gzip option, paginator refactor, streaming uploads) are backward compatible per the release notes ("No public API changes" / "No behavior change" noted for two of the three patches), reducing the risk that this bump silently changes behavior for consumers of the SDK in this repo.

@mishushakov mishushakov merged commit 4be824a into main Jul 14, 2026
16 checks passed
@mishushakov mishushakov deleted the renovate/e2b-2.x-lockfile branch July 14, 2026 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant