Skip to content

build(deps): bump io.sentry:sentry from 8.37.1 to 8.40.0#10

Merged
uvd merged 1 commit into
mainfrom
dependabot/gradle/io.sentry-sentry-8.40.0
May 3, 2026
Merged

build(deps): bump io.sentry:sentry from 8.37.1 to 8.40.0#10
uvd merged 1 commit into
mainfrom
dependabot/gradle/io.sentry-sentry-8.40.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Copy link
Copy Markdown
Contributor

Bumps io.sentry:sentry from 8.37.1 to 8.40.0.

Release notes

Sourced from io.sentry:sentry's releases.

8.40.0

Fixes

  • Fix NoSuchMethodError for LayoutCoordinates.localBoundingBoxOf$default on Compose touch dispatch with AGP 8.13 and minSdk < 24 (#5302)
  • Fix reporting OkHttp's synthetic 504 "Unsatisfiable Request" responses as errors for CacheControl.FORCE_CACHE cache misses (#5299)
  • Make SentryGestureDetector thread-safe and recycle VelocityTracker per gesture (#5301)
  • Fix duplicate ui.click breadcrumbs when another Window.Callback wraps SentryWindowCallback (#5300)

Dependencies

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

... (truncated)

Changelog

Sourced from io.sentry:sentry's changelog.

8.40.0

Fixes

  • Fix NoSuchMethodError for LayoutCoordinates.localBoundingBoxOf$default on Compose touch dispatch with AGP 8.13 and minSdk < 24 (#5302)
  • Fix reporting OkHttp's synthetic 504 "Unsatisfiable Request" responses as errors for CacheControl.FORCE_CACHE cache misses (#5299)
  • Make SentryGestureDetector thread-safe and recycle VelocityTracker per gesture (#5301)
  • Fix duplicate ui.click breadcrumbs when another Window.Callback wraps SentryWindowCallback (#5300)

Dependencies

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).

... (truncated)

Commits
  • 2f670da release: 8.40.0
  • 2fcda64 fix(gestures): Thread-safe SentryGestureDetector with per-gesture VelocityTra...
  • 952b180 fix(gestures): Prevent duplicate ui.click breadcrumbs from buried window call...
  • 40234a9 fix(sentry-okhttp): Skip synthetic 504 for FORCE_CACHE cache misses (#5299)
  • 0220a5c fix(security): Add integrity verification before chmod +x in btrace-perfetto ...
  • 16a07c4 fix(compose): NoSuchMethodError for `LayoutCoordinates.localBoundingBoxOf$d...
  • 35c8ffa build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • e442d80 build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#5310)
  • 2dffe01 build(deps): bump getsentry/craft from 2.25.2 to 2.25.4 (#5309)
  • 6a9020c build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#5308)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 29, 2026
Bumps [io.sentry:sentry](https://github.com/getsentry/sentry-java) from 8.37.1 to 8.40.0.
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.37.1...8.40.0)

---
updated-dependencies:
- dependency-name: io.sentry:sentry
  dependency-version: 8.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump io.sentry:sentry from 8.31.0 to 8.40.0 build(deps): bump io.sentry:sentry from 8.37.1 to 8.40.0 May 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/io.sentry-sentry-8.40.0 branch from 5f10885 to 8f00aae Compare May 3, 2026 07:43
@uvd uvd merged commit 71c03bf into main May 3, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/gradle/io.sentry-sentry-8.40.0 branch May 3, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant