Bump the maven-dependencies group with 3 updates

[dependabot[bot]]

Bumps the maven-dependencies group with 3 updates: io.sentry:sentry-spring-boot-starter-jakarta, org.springframework.boot and io.sentry.jvm.gradle.

Updates io.sentry:sentry-spring-boot-starter-jakarta from 7.1.0 to 7.3.0

Release notes

Sourced from io.sentry:sentry-spring-boot-starter-jakarta's releases.

7.3.0

Features

• Added App Start profiling
  • This depends on the new option io.sentry.profiling.enable-app-start, other than the already existing io.sentry.traces.profiling.sample-rate.
  • Sampler functions can check the new isForNextAppStart flag, to adjust startup profiling sampling programmatically. Relevant PRs:
  • Decouple Profiler from Transaction (#3101)
  • Add options and sampling logic (#3121)
  • Add ContentProvider and start profile (#3128)
• Extend internal performance collector APIs (#3102)
• Collect slow and frozen frames for spans using OnFrameMetricsAvailableListener (#3111)
• Interpolate total frame count to match span duration (#3158)

Fixes

• Avoid multiple breadcrumbs from OkHttpEventListener (#3175)
• Apply OkHttp listener auto finish timestamp to all running spans (#3167)
• Fix not eligible for auto proxying warnings (#3154)
• Set default fingerprint for ANRv2 events to correctly group background and foreground ANRs (#3164)
  • This will improve grouping of ANRs that have similar stacktraces but differ in background vs foreground state. Only affects newly-ingested ANR events with mechanism:AppExitInfo
• Fix UserFeedback disk cache name conflicts with linked events (#3116)

Breaking changes

• Remove HostnameVerifier option as it's flagged by security tools of some app stores (#3150)
  • If you were using this option, you have 3 possible paths going forward:
    • Provide a custom ITransportFactory through SentryOptions.setTransportFactory(), where you can copy over most of the parts like HttpConnection and AsyncHttpTransport from the SDK with necessary modifications
    • Get a certificate for your server through e.g. Let's Encrypt
    • Fork the SDK and add the hostname verifier back

Dependencies

• Bump Native SDK from v0.6.7 to v0.7.0 (#3133)
  • changelog
  • diff

7.2.0

Features

• Handle monitor/check_in in client reports and rate limiter (#3096)
• Add support for graphql-java version 21 (#3090)

Fixes

• Avoid concurrency in AndroidProfiler performance data collection (#3130)
• Improve thresholds for network changes breadcrumbs (#3083)
• SchedulerFactoryBeanCustomizer now runs first so user customization is not overridden (#3095)
  • If you are setting global job listeners please also add SentryJobListener
• Ensure serialVersionUID of Exception classes are unique (#3115)

... (truncated)

Changelog

Sourced from io.sentry:sentry-spring-boot-starter-jakarta's changelog.

7.3.0

Features

• Added App Start profiling
  • This depends on the new option io.sentry.profiling.enable-app-start, other than the already existing io.sentry.traces.profiling.sample-rate.
  • Sampler functions can check the new isForNextAppStart flag, to adjust startup profiling sampling programmatically. Relevant PRs:
  • Decouple Profiler from Transaction (#3101)
  • Add options and sampling logic (#3121)
  • Add ContentProvider and start profile (#3128)
• Extend internal performance collector APIs (#3102)
• Collect slow and frozen frames for spans using OnFrameMetricsAvailableListener (#3111)
• Interpolate total frame count to match span duration (#3158)

Fixes

• Avoid multiple breadcrumbs from OkHttpEventListener (#3175)
• Apply OkHttp listener auto finish timestamp to all running spans (#3167)
• Fix not eligible for auto proxying warnings (#3154)
• Set default fingerprint for ANRv2 events to correctly group background and foreground ANRs (#3164)
  • This will improve grouping of ANRs that have similar stacktraces but differ in background vs foreground state. Only affects newly-ingested ANR events with mechanism:AppExitInfo
• Fix UserFeedback disk cache name conflicts with linked events (#3116)

Breaking changes

• Remove HostnameVerifier option as it's flagged by security tools of some app stores (#3150)
  • If you were using this option, you have 3 possible paths going forward:
    • Provide a custom ITransportFactory through SentryOptions.setTransportFactory(), where you can copy over most of the parts like HttpConnection and AsyncHttpTransport from the SDK with necessary modifications
    • Get a certificate for your server through e.g. Let's Encrypt
    • Fork the SDK and add the hostname verifier back

Dependencies

• Bump Native SDK from v0.6.7 to v0.7.0 (#3133)
  • changelog
  • diff

7.2.0

Features

• Handle monitor/check_in in client reports and rate limiter (#3096)
• Add support for graphql-java version 21 (#3090)

Fixes

• Avoid concurrency in AndroidProfiler performance data collection (#3130)
• Improve thresholds for network changes breadcrumbs (#3083)
• SchedulerFactoryBeanCustomizer now runs first so user customization is not overridden (#3095)

... (truncated)

Commits

• f5871f9 release: 7.3.0
• 6ce1197 Avoid multiple breadcrumbs from OkHttpEventListener (#3175)
• 37dd784 Bump actions/setup-python from 4 to 5 (#3169)
• 1ae2ec6 Check if SAUCE_USERNAME is available for verifying test results (#3173)
• 9f743be Bump reactivecircus/android-emulator-runner from 2.29.0 to 2.30.1 (#3170)
• 49eb944 Bump codecov/codecov-action from 3.1.4 to 3.1.5 (#3172)
• 7ab32b6 Fix UserFeedback disk cache name conflicts with linked events (#3116)
• 0816a48 Apply OkHttp listener auto finish timestamp to all running spans (#3167)
• 99d7de8 Extend performance collector APIs (#3102)
• 4010c59 Set default fingerprint for ANR v2 events to correctly group background and f...
• Additional commits viewable in compare view

Updates org.springframework.boot from 3.2.2-SNAPSHOT to 3.3.0-SNAPSHOT

Release notes

Sourced from org.springframework.boot's releases.

v3.3.0-M1

:star: New Features

• Auto-configure TypeDefinitionConfigurer beans for GraphQL apps #39118
• Create multiple registrations for beans that implement multiple Servlet API contracts #39056
• Remove APIs that were deprecated for removal in 3.3 #39039
• Remove dependency management for Dropwizard Metrics #39034
• Add configuration property "spring.task.execution.pool.shutdown.accept-tasks-after-context-close" #38968
• Autoconfigure Undertow/XNIO for virtual thread support #38819
• Add client-id and subscription-durable properties for JMS connections #38817
• Add property for maximum number of reactive sessions #38703
• Add support for the @SpanTag annotation #38662
• Add configuration option for path inclusion in DefaultErrorAttributes #38619
• Add configuration properties for cluster-level failover with Apache Pulsar #38559
• Change Health.down(Exception) factory method to Health.down(Throwable), aligning with Health.Builder.down(Throwable) #38550
• Make spring.config.activate.on-cloud-platform=none match when the current cloud platform is null #38510
• Add ProcessInfoContributor #38371
• Add possibility to configure a custom ExecutionContextSerializer in BatchAutoConfiguration #38328
• Remove deprecated support for FailureAnalyzer setter injection #38322
• Use unknown_service as default application name for OpenTelemetry #38219
• Auto-configure a JwtAuthenticationConverter #38105
• Fail configuration property metadata processing when additional metadata has unexpected content #37597
• Add local and tag correlation fields #37435
• Use request.requestPath().value() to populate path error attribute with WebFlux #37269
• Improve log messages to use the singular or plural forms instead of "noun(s)" #37017
• Add 'observation-enabled' properties for RabbitMQ #36451
• Make WebServers' started log messages more consistent #36149
• Add property to configure the queue size for Tomcat #36087

:lady_beetle: Bug Fixes

• Even when spring.security.user.name or spring.security.user.password has been configured, user details auto-configuration still backs off when resource server is on the classpath #39239
• JarEntry.getComment() returns incorrect result from NestedJarFile instances #39226
• Oracle OJDBC BOM version is flagged not for production use #39225
• MockRestServiceServerAutoConfiguration with RestTemplate and RestClient together throws incorrect exception #39198
• SslBundle implementations do not provide useful toString() results #39168
• Mixing PEM and JKS certificate material in server.ssl properties does not work #39159
• Containers are not started when using @ImportTestcontainers #39151
• Having AspectJ and Micrometer on the classpath is not a strong enough signal to enable support for Micrometer observation annotations #39132
• Actuator endpoints with no operations that use selectors are not accessible when mapped to / #39123
• spring-boot-maven-plugin repackage uber jar execution fails when jar is put on WSL network drive #39121
• Spring Boot 3.2 app that uses WebFlux, Security, and Actuator may fail to start due to a missing authentication manager #39117
• @ConfigurationPropertiesBinding converters that rely on initial CharSequence to String conversion no longer work #39115
• management.observations.http.server.requests.name no longer has any effect #39106
• Configuring server.jetty.max-connections has no effect #39080
• spring.rabbitmq.listener.stream.auto-startup property has no effect #39079
• Connection leak when using jOOQ and spring.jooq.sql-dialect has not been set #39077
• Error mark in the log message for PatternParseException is in the wrong place #39076
• Manifest attributes cannot be resolved with the new loader implementation #39071

... (truncated)

Commits

• See full diff in compare view

Updates io.sentry.jvm.gradle from 4.1.1 to 4.2.0

Release notes

Sourced from io.sentry.jvm.gradle's releases.

4.2.0

Features

• Consider sentry-bom version when auto-installing integrations and the SDK (#625)

Fixes

• Support Room kotlin codegen (#630)
• Make sentry-cli path calculation configuration-cache compatible (#631)
  • This will prevent build from failing when e.g. switching branches with stale configuration cache
• Fix FacebookInitProvider instrumentation (#633)

Dependencies

• Bump CLI from v2.23.1 to v2.25.0 (#622, #624, #629)
  • changelog
  • diff
• Bump Android SDK from v7.1.0 to v7.2.0 (#632)
  • changelog
  • diff

Changelog

Sourced from io.sentry.jvm.gradle's changelog.

4.2.0

Features

• Consider sentry-bom version when auto-installing integrations and the SDK (#625)

Fixes

• Support Room kotlin codegen (#630)
• Make sentry-cli path calculation configuration-cache compatible (#631)
  • This will prevent build from failing when e.g. switching branches with stale configuration cache
• Fix FacebookInitProvider instrumentation (#633)

Dependencies

• Bump CLI from v2.23.1 to v2.25.0 (#622, #624, #629)
  • changelog
  • diff
• Bump Android SDK from v7.1.0 to v7.2.0 (#632)
  • changelog
  • diff

Commits

• 52c57ae release: 4.2.0
• 1af7131 Fix FacebookInitProvider instrumentation (#633)
• 15e9917 Support Room kotlin gencode (#630)
• fd1e531 Make sentry-cli path calculation configuration-cache compatible (#631)
• 53741e4 chore(deps): update Android SDK to v7.2.0 (#632)
• 0d2d050 chore(deps): update CLI to v2.25.0 (#629)
• 5861c59 Consider sentry-bom version for auto-install (#625)
• e562030 chore(deps): update CLI to v2.24.1 (#624)
• 706857b chore(deps): update CLI to v2.23.2 (#622)
• bf0e24a Add VisitorTest fixture for MlKitContentProvider bug (#620)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (ca30208) 1.98% compared to head (2ac5828) 1.98%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #41 +/- ## ===================================== Coverage 1.98% 1.98% ===================================== Files 4 4 Lines 151 151 Branches 34 34 ===================================== Hits 3 3 Misses 148 148 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[dependabot[bot]]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.