Skip to content

Bump the github-dependencies group across 1 directory with 3 updates#360

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/github-dependencies-f0053041a0
Closed

Bump the github-dependencies group across 1 directory with 3 updates#360
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/github-dependencies-f0053041a0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026
edited
Loading

Bumps the github-dependencies group with 3 updates in the / directory: io.sentry:sentry, org.jetbrains.kotlin.jvm and org.jetbrains.intellij.platform.

Updates io.sentry:sentry from 8.36.0 to 8.40.0

Release notes

Sourced from io.sentry:sentry's releases.

8.40.0

Fixes

  • Fix NoSuchMethodError for LayoutCoordinates.localBoundingBoxOf$default on Compose touch dispatch with AGP 8.13 and minSdk < 24 (#5302)
  • Fix reporting OkHttp's synthetic 504 "Unsatisfiable Request" responses as errors for CacheControl.FORCE_CACHE cache misses (#5299)
  • Make SentryGestureDetector thread-safe and recycle VelocityTracker per gesture (#5301)
  • Fix duplicate ui.click breadcrumbs when another Window.Callback wraps SentryWindowCallback (#5300)

Dependencies

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
    • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
  • Android: Attachments on the scope will now be synced to native (#5211)
  • Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

... (truncated)

Changelog

Sourced from io.sentry:sentry's changelog.

8.40.0

Fixes

  • Fix NoSuchMethodError for LayoutCoordinates.localBoundingBoxOf$default on Compose touch dispatch with AGP 8.13 and minSdk < 24 (#5302)
  • Fix reporting OkHttp's synthetic 504 "Unsatisfiable Request" responses as errors for CacheControl.FORCE_CACHE cache misses (#5299)
  • Make SentryGestureDetector thread-safe and recycle VelocityTracker per gesture (#5301)
  • Fix duplicate ui.click breadcrumbs when another Window.Callback wraps SentryWindowCallback (#5300)

Dependencies

8.39.1

Fixes

  • Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#5293)
    • Failed collection values are now skipped so parsing can continue
    • Skipped collection values emit WARNING logs
    • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

8.39.0

Fixes

  • Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#5138)

Internal

  • Bump AGP version from v8.6.0 to v8.13.1 (#5063)

Dependencies

8.38.0

Features

  • Prevent cross-organization trace continuation (#5136)
    • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
    • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).

... (truncated)

Commits
  • 2f670da release: 8.40.0
  • 2fcda64 fix(gestures): Thread-safe SentryGestureDetector with per-gesture VelocityTra...
  • 952b180 fix(gestures): Prevent duplicate ui.click breadcrumbs from buried window call...
  • 40234a9 fix(sentry-okhttp): Skip synthetic 504 for FORCE_CACHE cache misses (#5299)
  • 0220a5c fix(security): Add integrity verification before chmod +x in btrace-perfetto ...
  • 16a07c4 fix(compose): NoSuchMethodError for `LayoutCoordinates.localBoundingBoxOf$d...
  • 35c8ffa build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • e442d80 build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#5310)
  • 2dffe01 build(deps): bump getsentry/craft from 2.25.2 to 2.25.4 (#5309)
  • 6a9020c build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#5308)
  • Additional commits viewable in compare view

Updates org.jetbrains.kotlin.jvm from 2.3.20 to 2.3.21

Release notes

Sourced from org.jetbrains.kotlin.jvm's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

  • KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

  • KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
  • KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
  • KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
  • KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
  • KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
  • KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

  • KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
  • KT-84475 K/JS: false-positive exportability warnings in multi-module project
  • KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
  • KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
  • KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

  • KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

  • KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
  • KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

  • KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

  • KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

  • KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
  • KT-85103 Exception while generating code when explain destructuring decls
  • KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
  • KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin.jvm's changelog.

2.3.21

Backend. Wasm

  • KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

  • KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
  • KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
  • KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
  • KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
  • KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
  • KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

  • KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
  • KT-84475 K/JS: false-positive exportability warnings in multi-module project
  • KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
  • KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
  • KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

  • KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

  • KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
  • KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

  • KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

  • KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

  • KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
  • KT-85103 Exception while generating code when explain destructuring decls
  • KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
  • KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

  • KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'
Commits
  • fea1ad8 Add ChangeLog for 2.3.21-RC2
  • 09c341e disable swift export execution tests in order to update macos
  • 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
  • f89e5db [K/N] Disable TSAN in runtime tests
  • 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
  • 9261a6f [K/N][tests] Add a reproducer for KT-85508
  • c9ab9db [K/N][tests] Add a reproducer for KT-85399
  • 502e844 Explain: fix for destructuring declarations
  • 0c26485 Explain: fix for object literals
  • 68a9e3f [minor] fix testdata name in explain test
  • Additional commits viewable in compare view

Updates org.jetbrains.intellij.platform from 2.13.1 to 2.15.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-dependencies group across 1 directory with 3 updates
5beb44c 
Bumps the github-dependencies group with 3 updates in the / directory: [io.sentry:sentry](https://github.com/getsentry/sentry-java), [org.jetbrains.kotlin.jvm](https://github.com/JetBrains/kotlin) and org.jetbrains.intellij.platform.


Updates `io.sentry:sentry` from 8.36.0 to 8.40.0
- [Release notes](https://github.com/getsentry/sentry-java/releases)
- [Changelog](https://github.com/getsentry/sentry-java/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-java@8.36.0...8.40.0)

Updates `org.jetbrains.kotlin.jvm` from 2.3.20 to 2.3.21
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](JetBrains/kotlin@v2.3.20...v2.3.21)

Updates `org.jetbrains.intellij.platform` from 2.13.1 to 2.15.0

---
updated-dependencies:
- dependency-name: io.sentry:sentry
  dependency-version: 8.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: org.jetbrains.kotlin.jvm
  dependency-version: 2.3.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: org.jetbrains.intellij.platform
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner April 26, 2026 01:53
@dependabot dependabot Bot requested review from hatzlj, hjohn and smcvb and removed request for a team April 26, 2026 01:53
@smcvb smcvb added this to the Release 0.10.1 milestone Apr 28, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 3, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 3, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/github-dependencies-f0053041a0 branch May 3, 2026 01:53
@smcvb smcvb removed this from the Release 0.10.1 milestone May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hjohn hjohn Awaiting requested review from hjohn hjohn is a code owner automatically assigned from AxonFramework/framework-developers

@smcvb smcvb Awaiting requested review from smcvb smcvb is a code owner automatically assigned from AxonFramework/framework-developers

@hatzlj hatzlj Awaiting requested review from hatzlj hatzlj is a code owner automatically assigned from AxonFramework/framework-developers

Assignees

No one assigned

Labels

Priority 1: Must Status: Obsolete Type: Dependency Upgrade

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smcvb