Bump the github-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the github-dependencies group with 2 updates in the / directory: io.sentry:sentry and org.jetbrains.intellij.platform.

Updates io.sentry:sentry from 8.36.0 to 8.38.0

Release notes

Sourced from io.sentry:sentry's releases.

8.38.0

Features

• Prevent cross-organization trace continuation (#5136)
  • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
  • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
  • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
• Android: Attachments on the scope will now be synced to native (#5211)
• Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

• Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

8.37.1

Fixes

• Fix deadlock in SentryContextStorage.root() with virtual threads and OpenTelemetry agent (#5234)

8.37.0

Fixes

• Session Replay: Fix Compose text masking mismatch with weighted text (#5218)

Features

• Add cache tracing instrumentation for Spring Boot 2, 3, and 4 (#5165)
  • Wraps Spring CacheManager and Cache beans to produce cache spans
  • Set sentry.enable-cache-tracing to true to enable this feature
• Add JCache (JSR-107) cache tracing via new sentry-jcache module (#5165)
  • Wraps JCache Cache with SentryJCacheWrapper to produce cache spans
  • Set the enableCacheTracing option to true to enable this feature
• Add configurable IScopesStorageFactory to SentryOptions for providing a custom IScopesStorage, e.g. when the default ThreadLocal-backed storage is incompatible with non-pinning thread models (#5199)
• Android: Add beforeErrorSampling callback to Session Replay (#5214)
  • Allows filtering which errors trigger replay capture before the onErrorSampleRate is checked
  • Returning false skips replay capture entirely for that error; returning true proceeds with the normal sample rate check
  • Example usage:

    SentryAndroid.init(context) { options ->
        options.sessionReplay.beforeErrorSampling =
            SentryReplayOptions.BeforeErrorSamplingCallback { event, hint ->
                // Only capture replay for crashes (excluding e.g. handled exceptions)
                event.isCrashed
            }
    }

Dependencies

• Bump Native SDK from v0.13.2 to v0.13.3 (#5215)

... (truncated)

Changelog

Sourced from io.sentry:sentry's changelog.

8.38.0

Features

• Prevent cross-organization trace continuation (#5136)
  • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
  • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
  • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
• Android: Attachments on the scope will now be synced to native (#5211)
• Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

• Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

8.37.1

Fixes

• Fix deadlock in SentryContextStorage.root() with virtual threads and OpenTelemetry agent (#5234)

8.37.0

Fixes

• Session Replay: Fix Compose text masking mismatch with weighted text (#5218)

Features

• Add cache tracing instrumentation for Spring Boot 2, 3, and 4 (#5165)
  • Wraps Spring CacheManager and Cache beans to produce cache spans
  • Set sentry.enable-cache-tracing to true to enable this feature
• Add JCache (JSR-107) cache tracing via new sentry-jcache module (#5165)
  • Wraps JCache Cache with SentryJCacheWrapper to produce cache spans
  • Set the enableCacheTracing option to true to enable this feature
• Add configurable IScopesStorageFactory to SentryOptions for providing a custom IScopesStorage, e.g. when the default ThreadLocal-backed storage is incompatible with non-pinning thread models (#5199)
• Android: Add beforeErrorSampling callback to Session Replay (#5214)
  • Allows filtering which errors trigger replay capture before the onErrorSampleRate is checked
  • Returning false skips replay capture entirely for that error; returning true proceeds with the normal sample rate check
  • Example usage:

    SentryAndroid.init(context) { options ->
        options.sessionReplay.beforeErrorSampling =
            SentryReplayOptions.BeforeErrorSamplingCallback { event, hint ->
                // Only capture replay for crashes (excluding e.g. handled exceptions)
                event.isCrashed
            }
    }

... (truncated)

Commits

• b572de2 release: 8.38.0
• 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
• 2195398 chore: Update validate-pr workflow (#5252)
• 62c14b0 chore(tooling): Add dotagents configuration (#5230)
• a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
• 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
• a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
• 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
• d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
• 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
• Additional commits viewable in compare view

Updates org.jetbrains.intellij.platform from 2.13.1 to 2.14.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions