Skip to content

Bump sentry.version from 8.37.1 to 8.38.0#1684

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/maven/main/sentry.version-8.38.0
Apr 10, 2026
Merged

Bump sentry.version from 8.37.1 to 8.38.0#1684
github-actions[bot] merged 1 commit into
mainfrom
dependabot/maven/main/sentry.version-8.38.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026

Copy link
Copy Markdown
Contributor

Bumps sentry.version from 8.37.1 to 8.38.0.
Updates io.sentry:sentry from 8.37.1 to 8.38.0

Release notes

Sourced from io.sentry:sentry's releases.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Changelog

Sourced from io.sentry:sentry's changelog.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Commits
  • b572de2 release: 8.38.0
  • 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
  • 2195398 chore: Update validate-pr workflow (#5252)
  • 62c14b0 chore(tooling): Add dotagents configuration (#5230)
  • a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
  • 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
  • a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
  • d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
  • 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
  • Additional commits viewable in compare view

Updates io.sentry:sentry-jdbc from 8.37.1 to 8.38.0

Release notes

Sourced from io.sentry:sentry-jdbc's releases.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Changelog

Sourced from io.sentry:sentry-jdbc's changelog.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Commits
  • b572de2 release: 8.38.0
  • 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
  • 2195398 chore: Update validate-pr workflow (#5252)
  • 62c14b0 chore(tooling): Add dotagents configuration (#5230)
  • a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
  • 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
  • a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
  • d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
  • 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
  • Additional commits viewable in compare view

Updates io.sentry:sentry-quartz from 8.37.1 to 8.38.0

Release notes

Sourced from io.sentry:sentry-quartz's releases.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Changelog

Sourced from io.sentry:sentry-quartz's changelog.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Commits
  • b572de2 release: 8.38.0
  • 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
  • 2195398 chore: Update validate-pr workflow (#5252)
  • 62c14b0 chore(tooling): Add dotagents configuration (#5230)
  • a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
  • 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
  • a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
  • d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
  • 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
  • Additional commits viewable in compare view

Updates io.sentry:sentry-spring-boot-4-starter from 8.37.1 to 8.38.0

Release notes

Sourced from io.sentry:sentry-spring-boot-4-starter's releases.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Changelog

Sourced from io.sentry:sentry-spring-boot-4-starter's changelog.

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)
Commits
  • b572de2 release: 8.38.0
  • 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
  • 2195398 chore: Update validate-pr workflow (#5252)
  • 62c14b0 chore(tooling): Add dotagents configuration (#5230)
  • a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
  • 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
  • a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
  • d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
  • 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependency (automated) dependency update infrastructure build infrastructure (Maven plugins, CI related, ...) labels Apr 9, 2026
@github-actions

github-actions Bot commented Apr 9, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA c7577b1.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
io.sentry:sentry8.38.0NullUnknown License
io.sentry:sentry-jdbc8.38.0NullUnknown License
io.sentry:sentry-quartz8.38.0NullUnknown License
io.sentry:sentry-spring-boot-4-starter8.38.0NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, LGPL-2.1-only, EPL-2.0, EPL-1.0
Excluded from license check: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.5?type=jar, pkg:maven/jakarta.ws.rs:jakarta.ws.rs-api@4.0.0?type=jar

OpenSSF Scorecard

PackageVersionScoreDetails
maven/io.sentry:sentry 8.38.0 UnknownUnknown
maven/io.sentry:sentry-jdbc 8.38.0 UnknownUnknown
maven/io.sentry:sentry-quartz 8.38.0 UnknownUnknown
maven/io.sentry:sentry-spring-boot-4-starter 8.38.0 UnknownUnknown

Scanned Files

  • pom.xml

@github-actions github-actions Bot removed the infrastructure build infrastructure (Maven plugins, CI related, ...) label Apr 9, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 9, 2026 21:06
@codecov

codecov Bot commented Apr 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Impacted file tree graph

@@           Coverage Diff            @@
##             main   #1684     +/-   ##
========================================
+ Coverage       5%     78%    +73%     
  Complexity    130     130             
========================================
  Files         157     157             
  Lines        7799    7799             
  Branches      715     715             
========================================
+ Hits          351    6009   +5658     
+ Misses       7420    1377   -6043     
- Partials       28     413    +385     

see 140 files with indirect coverage changes

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Apr 9, 2026

Copy link
Copy Markdown

Test Results

479 tests   472 ✅  5m 11s ⏱️
 54 suites    1 💤
 54 files      6 ❌

For more details on these failures, see this check.

Results for commit d68b9f7.

♻️ This comment has been updated with latest results.

@dependabot dependabot Bot force-pushed the dependabot/maven/main/sentry.version-8.38.0 branch from f863152 to d68b9f7 Compare April 10, 2026 08:29
Bumps `sentry.version` from 8.37.1 to 8.38.0.

Updates `io.sentry:sentry` from 8.37.1 to 8.38.0
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.38.0)

Updates `io.sentry:sentry-jdbc` from 8.37.1 to 8.38.0
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.38.0)

Updates `io.sentry:sentry-quartz` from 8.37.1 to 8.38.0
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.38.0)

Updates `io.sentry:sentry-spring-boot-4-starter` from 8.37.1 to 8.38.0
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.38.0)

---
updated-dependencies:
- dependency-name: io.sentry:sentry
  dependency-version: 8.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.sentry:sentry-jdbc
  dependency-version: 8.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.sentry:sentry-quartz
  dependency-version: 8.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.sentry:sentry-spring-boot-4-starter
  dependency-version: 8.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/main/sentry.version-8.38.0 branch from d68b9f7 to c7577b1 Compare April 10, 2026 08:53
@github-actions github-actions Bot merged commit ec63c2a into main Apr 10, 2026
1 check passed
@github-actions github-actions Bot deleted the dependabot/maven/main/sentry.version-8.38.0 branch April 10, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependency (automated) dependency update

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant