build(deps-dev): Bump e2b from 2.29.5 to 2.29.6

[dependabot]

Bumps e2b from 2.29.5 to 2.29.6.

Release notes

Sourced from e2b's releases.

e2b@2.30.6

Patch Changes

• 2a98cce: Fix CommandHandle.disconnect() leaking the output subscription in the JS SDK. disconnect() now cooperatively gates event handling with a flag that is checked before every dispatch, so onStdout/onStderr/onPty are guaranteed not to fire for output that arrives after the call (previously they could keep firing when the underlying HTTP/2 abort did not promptly tear down the stream). The call returns promptly and never blocks on an idle command's stream.

e2b@2.30.5

Patch Changes

• 60feee3: Stream uploads instead of buffering streaming input entirely in memory:

  • Sandbox.files.write() / write_files(): ReadableStream data (JS, outside the browser) and file-like objects (Python) are streamed to the sandbox, including when gzip is enabled (compression now happens chunk by chunk). useOctetStream/use_octet_stream now defaults to auto-detect — octet-stream is used when any entry is streamable (so streamed uploads aren't silently buffered) and multipart/form-data otherwise; browsers always use multipart/form-data. A streamed upload is bounded by a per-chunk timeout on the wire (Python's per-write httpx timeout, default the request timeout); a stalled upload that this can't observe is bounded server-side. On Python's AsyncSandbox, the blocking file reads and gzip compression of a streamed upload now run in a worker thread so a large upload doesn't stall the event loop.
  • Sandbox.files.read(format="stream"): the request timeout now bounds only the initial handshake instead of killing the stream while it's being consumed. The body is bounded by a per-chunk idle timeout on the wire (streamIdleTimeoutMs in JS, stream_idle_timeout in Python, default the request timeout — 60s — 0/None to disable): it aborts only when the server stops sending mid-stream, and a slow or paused consumer never trips it (a held-but-unread stream is reclaimed server-side). Use signal (JS) to cancel an in-flight stream. A dropped connection during the stream handshake now surfaces the same typed, health-checked error as non-stream reads. The stream holds a pooled connection until it is consumed to the end, cancelled/closed, errors, or the idle timeout fires — consume it fully, use the context manager, or close it.
  • Python Sandbox.files.read(format="stream"): the response body is now streamed from the sandbox instead of being downloaded into memory before iteration (sync and async).
  • JS Sandbox.files.read() with blob or stream format now returns an empty Blob/ReadableStream for empty files instead of "".

• c1415f3: Stream volume file uploads and downloads instead of buffering in memory:

  • Volume.writeFile() / Volume.write_file(): ReadableStream data (JS, outside the browser) and file-like objects (Python) are now streamed to the API in chunks.
  • Volume.readFile(format="stream") / read_file(format="stream"): the request timeout now bounds only the initial handshake instead of killing the stream while it's being consumed (Python disables the read timeout; JS bounds the handshake and supports signal to cancel an in-flight stream). A dropped connection during the stream handshake now surfaces the same typed, health-checked error as non-stream reads.

e2b@2.30.4

Patch Changes

• 726ced6: Fix duplicate logo on NPM/PyPI by switching to <picture> element.

e2b@2.30.3

Patch Changes

• f3e7f33: Tidy up SDK authentication and deprecate the access token in ConnectionConfig.

  • Deprecated the accessToken (JS) / access_token (Python) option on ConnectionConfig. It still works exactly as before — when set (or via E2B_ACCESS_TOKEN), the Authorization: Bearer header is still sent — but you should pass custom auth through apiHeaders instead, e.g. new ConnectionConfig({ apiHeaders: { Authorization: 'Bearer <token>' } }).
  • The SDK now raises a clear error when no API key is supplied, pointing to the API Keys tab (https://e2b.dev/dashboard?tab=keys). In JS this is controlled by a requireApiKey option (default true) so callers that authenticate differently — like the CLI hitting /teams with an access token — can opt out; in Python the API key is always required.
  • Removed the unused access-token toggle from the API clients: requireAccessToken (JS) and require_access_token (Python). No caller ever set it to a non-default value, so behavior is unchanged.
  • The CLI now passes the access token to the /teams endpoint through apiHeaders instead of the deprecated option.
  • Decoupled the sandbox-scoped envd access token from ConnectionConfig: EnvdApiClient now owns its own accessToken field and sets the X-Access-Token header itself.

• 0a5d524: Update package logos with theme-aware dark/light variants for GitHub.

e2b@2.30.2

Patch Changes

• 706c553: Template SDK fixes:

  • Sort files by full path in getAllFilesInPath so the files hash no longer depends on filesystem traversal order (the previous sort() was a no-op on glob Path objects).
  • Match the exact listening port in waitForPort (via ss's sport filter) so e.g. port 80 no longer matches 8080.
  • Shell-quote the URL, filename, and process name in waitForURL, waitForFile, and waitForProcess.
  • Shell-quote paths and arguments in remove, rename, makeDir, makeSymlink, gitClone (URL/branch/path), and the devcontainer helpers so values with spaces or shell metacharacters work correctly.
  • Keep fetching build logs after a terminal build status is returned so the tail of the logs (beyond the 100-entries-per-call API limit) is no longer dropped.
  • Collect one stack trace per COPY instruction so failed-step stack traces stay aligned after copy() with multiple sources or copyItems().
  • Strip ANSI escape codes in LogEntry messages, matching the Python SDK.

• 432c091: Add integration attribution options that append integration metadata to the SDK User-Agent.

• 71b450f: Recognize Bun and Deno connection-dropped errors in the sandbox health check. When the connection to a sandbox is dropped mid-request, each JS runtime surfaces it with different wording (Node/undici: terminated, Bun: The socket connection was closed unexpectedly, Deno: error reading a body from connection). All known variants are now matched, so a sandbox killed mid-request is reported as a TimeoutError on Bun and Deno too, matching Node.

... (truncated)

Commits

• 5370d54 feat(cli): replace access token auth with Hydra OAuth flow (#1481)
• 2a98cce fix(js-sdk): stop CommandHandle.disconnect() leaking the output subscription ...
• 21af1f8 fix(python): avoid quadratic stdout/stderr accumulation in command ha… (#1472)
• dabac31 Reuse toUploadBody in JS volume writeFile (#1473)
• 7d4d620 [skip ci] Release new versions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)