build(deps): bump io.sentry:sentry-logback from 8.37.1 to 8.38.0

[dependabot]

Bumps io.sentry:sentry-logback from 8.37.1 to 8.38.0.

Release notes

Sourced from io.sentry:sentry-logback's releases.

8.38.0

Features

• Prevent cross-organization trace continuation (#5136)
  • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
  • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
  • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
• Android: Attachments on the scope will now be synced to native (#5211)
• Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

• Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

Changelog

Sourced from io.sentry:sentry-logback's changelog.

8.38.0

Features

• Prevent cross-organization trace continuation (#5136)
  • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
  • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
  • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
• Android: Attachments on the scope will now be synced to native (#5211)
• Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#5186)

Improvements

• Do not retrieve ActivityManager if API < 35 on SDK init (#5275)

Commits

• b572de2 release: 8.38.0
• 327ca51 perf(init): Do not retrieve ActivityManager if API < 35 (#5275)
• 2195398 chore: Update validate-pr workflow (#5252)
• 62c14b0 chore(tooling): Add dotagents configuration (#5230)
• a1eadfa build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#5246)
• 05d6f76 chore: bump action-app-sdk-overhead-metrics SHA (#5238)
• a0e1341 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
• 34e1ee3 build(deps): bump getsentry/craft from 2.24.1 to 2.25.2 (#5242)
• d12a33c build(deps): bump requests from 2.32.4 to 2.33.0 in the uv group across 1 dir...
• 5889259 build(deps): bump github/codeql-action from 4.32.6 to 4.35.1 (#5243)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #22.