Skip to content

[Gradle]: Bump io.sentry:sentry-android from 8.35.0 to 8.39.1#609

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/gradle/dev/io.sentry-sentry-android-8.39.1
Closed

[Gradle]: Bump io.sentry:sentry-android from 8.35.0 to 8.39.1#609
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/gradle/dev/io.sentry-sentry-android-8.39.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps io.sentry:sentry-android from 8.35.0 to 8.39.1.

Release notes

Sourced from io.sentry:sentry-android's releases.

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

8.37.1

Fixes

  • Fix deadlock in SentryContextStorage.root() with virtual threads and OpenTelemetry agent (#5234)

8.37.0

Fixes

  • Session Replay: Fix Compose text masking mismatch with weighted text (#5218)

... (truncated)

Changelog

Sourced from io.sentry:sentry-android's changelog.

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

  • Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

8.37.1

Fixes

  • Fix deadlock in SentryContextStorage.root() with virtual threads and OpenTelemetry agent (#5234)

8.37.0

... (truncated)

Commits
  • d23b4b6 release: 8.39.1
  • 7bd7bbf fix changelog for unreleased SDK hang fix (#5298)
  • bfc5ee1 fix(sentry): Recover object readers after deserialization errors (#5293)
  • 6cf6485 Merge branch 'release/8.39.0'
  • 12c8c2a release: 8.39.0
  • de6a178 fix(gestures): Replace GestureDetectorCompat with lightweight detector to fix...
  • ce4b2c1 chore(deps): update Gradle to v9.4.1 (#5063)
  • 0675272 build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#5285)
  • 3af77f4 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#5287)
  • 7935b26 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#5286)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
[Gradle]: Bump io.sentry:sentry-android from 8.35.0 to 8.39.1
7c95105 
Bumps [io.sentry:sentry-android](https://github.com/getsentry/sentry-java) from 8.35.0 to 8.39.1.
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.35.0...8.39.1)

---
updated-dependencies:
- dependency-name: io.sentry:sentry-android
  dependency-version: 8.39.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot mentioned this pull request Apr 20, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 27, 2026

Superseded by #612.

@dependabot dependabot Bot closed this Apr 27, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/dev/io.sentry-sentry-android-8.39.1 branch April 27, 2026 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants