fix(deps): update dependency @cloudflare/sandbox to v0.11.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@cloudflare/sandbox	0.10.3 → 0.11.0

---

Release Notes

cloudflare/sandbox-sdk (@​cloudflare/sandbox)

v0.11.0

Compare Source

Minor Changes

• #​708 287ec04 Thanks @​ghostwriternr! - Prevent stale preview URLs from waking or reaching sandbox runtimes. Invalid, revoked, or destroyed preview URLs return 404 INVALID_TOKEN; authorized URLs that are not activated for the current runtime return 410 STALE_PREVIEW_URL until the port is exposed again. Existing preview URLs that previously survived container restart now return 410 STALE_PREVIEW_URL after a restart until the port is exposed again in the new runtime.

  getExposedPorts() and isPortExposed() now report only ports that are currently preview-forwardable in the active runtime. unexposePort() is now idempotent: revoking a port that is not currently exposed succeeds without contacting the container. Preview URL state no longer uses the container-local exposed-port registry or proxy routes.

Patch Changes

• #​733 d4a739b Thanks @​scuffi! - Allow backup and restore presigned URLs to target non-default R2 endpoints. Set BACKUP_BUCKET_ENDPOINT, for example https://<account_id>.eu.r2.cloudflarestorage.com, when your backup bucket uses an R2 jurisdiction.

• #​732 8b9ec84 Thanks @​ghostwriternr! - Add bridge endpoints for managing tunnels to sandbox services. HTTP clients can call POST /v1/sandbox/:id/tunnel/:port with an optional name body field for a predictable named URL, and DELETE /v1/sandbox/:id/tunnel/:port to remove the tunnel.

• #​730 de68927 Thanks @​ghostwriternr! - Classify Office Open XML files such as .xlsx and .docx as binary when reading files so they are returned with base64 encoding instead of text decoding.

• #​722 95bb7b9 Thanks @​aron-cf! - Add named-tunnel support to sandbox.tunnels.get(port, { name }). Named tunnels bind a user-controlled hostname (<name>.<your-zone>) backed by a Cloudflare Tunnel and a proxied CNAME on your zone, so the URL is stable across container restarts and across sandboxes that share the same name. Calling sandbox.destroy() tears down the Cloudflare tunnel and DNS record alongside the container.

  const tunnel = await sandbox.tunnels.get(8080, { name: 'app' });
  console.log(tunnel.url); // → https://app.example.com

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	45.48%	15807 / 34749
🔵	Statements	45.33%	16194 / 35718
🔵	Functions	40.52%	2914 / 7191
🔵	Branches	40.59%	11316 / 27873

File Coverage

No changed files found.

Generated in workflow #11309 for commit 361cdef by the Vitest Coverage Report Action