Bump the production-dependencies group with 5 updates

[dependabot]

Bumps the production-dependencies group with 5 updates:

Package	From	To
uk.gov.justice.service.hmpps:hmpps-sqs-spring-boot-starter	6.0.1	7.0.1
io.sentry:sentry-spring-boot-4-starter	8.33.0	8.34.1
io.opentelemetry:opentelemetry-sdk-testing	1.59.0	1.60.1
uk.gov.justice.hmpps.gradle-spring-boot	10.0.4	10.0.5
gradle-wrapper	9.3.1	9.4.0

Updates uk.gov.justice.service.hmpps:hmpps-sqs-spring-boot-starter from 6.0.1 to 7.0.1

Commits

• See full diff in compare view

Updates io.sentry:sentry-spring-boot-4-starter from 8.33.0 to 8.34.1

Release notes

Sourced from io.sentry:sentry-spring-boot-4-starter's releases.

8.34.1

Fixes

• Common: Finalize previous session even when auto session tracking is disabled (#5154)
• Android: Add filterTouchesWhenObscured to prevent Tapjacking on user feedback dialog (#5155)
• Android: Add proguard rules to prevent error about missing Replay classes (#5153)

8.34.0

Features

• Add scope-level attributes API (#5118) via (#5148)
  • Automatically include scope attributes in logs and metrics (#5120)
  • New APIs are Sentry.setAttribute, Sentry.setAttributes, Sentry.removeAttribute
• Support collections and arrays in attribute type inference (#5124)
• Add support for SENTRY_SAMPLE_RATE environment variable / sample-rate property (#5112)
• Create sentry-opentelemetry-otlp and sentry-opentelemetry-otlp-spring modules for combining OpenTelemetry SDK OTLP export with Sentry SDK (#5100)
  • OpenTelemetry is configured to send spans to Sentry directly using an OTLP endpoint.
  • Sentry only uses trace and span ID from OpenTelemetry (via OpenTelemetryOtlpEventProcessor) but will not send spans through OpenTelemetry nor use OpenTelemetry Context for Scopes propagation.
  • See the OTLP setup docs for Java and Spring Boot for installation and configuration instructions.
• Add screenshot masking support using view hierarchy (#5077)
  • Masks sensitive content (text, images) in error screenshots using the same view hierarchy approach as Session Replay
  • Requires the sentry-android-replay module to be present at runtime for masking to work
  • Enable via code:

    SentryAndroid.init(context) { options ->
        options.isAttachScreenshot = true
        options.screenshot.setMaskAllText(true)
        options.screenshot.setMaskAllImages(true)
        // Or mask specific view classes
        options.screenshot.addMaskViewClass("com.example.MyCustomView")
    }

  • Or via AndroidManifest.xml:

    <meta-data android:name="io.sentry.attach-screenshot" android:value="true" />
    <meta-data android:name="io.sentry.screenshot.mask-all-text" android:value="true" />
    <meta-data android:name="io.sentry.screenshot.mask-all-images" android:value="true" />

• The ManifestMetaDataReader now read the DIST (#5107)

Fixes

• Fix attribute type detection for Long, Short, Byte, BigInteger, AtomicInteger, and AtomicLong being incorrectly inferred as double instead of integer (#5122)
• Remove AndroidRuntimeManager StrictMode relaxation to prevent ANRs during SDK init (#5127)
  • IMPORTANT: StrictMode violations may appear again in debug builds. This is intentional to prevent ANRs in production releases.
• Fix crash when unregistering SystemEventsBroadcastReceiver with try-catch block. (#5106)
• Use peekDecorView instead of getDecorView in SentryGestureListener to avoid forcing view hierarchy construction (#5134)
• Log an actionable error message when Relay returns HTTP 413 (Content Too Large) (#5115)
  • Also switch the client report discard reason for all HTTP 4xx/5xx errors (except 429) from network_error to send_error
• Trim DSN string before parsing to avoid URISyntaxException caused by trailing whitespace (#5113)

... (truncated)

Changelog

Sourced from io.sentry:sentry-spring-boot-4-starter's changelog.

8.34.1

Fixes

• Common: Finalize previous session even when auto session tracking is disabled (#5154)
• Android: Add filterTouchesWhenObscured to prevent Tapjacking on user feedback dialog (#5155)
• Android: Add proguard rules to prevent error about missing Replay classes (#5153)

8.34.0

Features

• Allow configuring shutdown and session flush timeouts externally (#4641)
  • sentry.properties: shutdown-timeout-millis, session-flush-timeout-millis
  • Environment variables: SENTRY_SHUTDOWN_TIMEOUT_MILLIS, SENTRY_SESSION_FLUSH_TIMEOUT_MILLIS
  • Spring Boot application.properties: sentry.shutdownTimeoutMillis, sentry.sessionFlushTimeoutMillis
• Add scope-level attributes API (#5118) via (#5148)
  • Automatically include scope attributes in logs and metrics (#5120)
  • New APIs are Sentry.setAttribute, Sentry.setAttributes, Sentry.removeAttribute
• Support collections and arrays in attribute type inference (#5124)
• Add support for SENTRY_SAMPLE_RATE environment variable / sample-rate property (#5112)
• Create sentry-opentelemetry-otlp and sentry-opentelemetry-otlp-spring modules for combining OpenTelemetry SDK OTLP export with Sentry SDK (#5100)
  • OpenTelemetry is configured to send spans to Sentry directly using an OTLP endpoint.
  • Sentry only uses trace and span ID from OpenTelemetry (via OpenTelemetryOtlpEventProcessor) but will not send spans through OpenTelemetry nor use OpenTelemetry Context for Scopes propagation.
  • See the OTLP setup docs for Java and Spring Boot for installation and configuration instructions.
• Add screenshot masking support using view hierarchy (#5077)
  • Masks sensitive content (text, images) in error screenshots using the same view hierarchy approach as Session Replay
  • Requires the sentry-android-replay module to be present at runtime for masking to work
  • Enable via code:

    SentryAndroid.init(context) { options ->
        options.isAttachScreenshot = true
        options.screenshot.setMaskAllText(true)
        options.screenshot.setMaskAllImages(true)
        // Or mask specific view classes
        options.screenshot.addMaskViewClass("com.example.MyCustomView")
    }

  • Or via AndroidManifest.xml:

    <meta-data android:name="io.sentry.attach-screenshot" android:value="true" />
    <meta-data android:name="io.sentry.screenshot.mask-all-text" android:value="true" />
    <meta-data android:name="io.sentry.screenshot.mask-all-images" android:value="true" />

• The ManifestMetaDataReader now read the DIST (#5107)

Fixes

• Fix attribute type detection for Long, Short, Byte, BigInteger, AtomicInteger, and AtomicLong being incorrectly inferred as double instead of integer (#5122)
• Remove AndroidRuntimeManager StrictMode relaxation to prevent ANRs during SDK init (#5127)

... (truncated)

Commits

• f063350 release: 8.34.1
• 20ec62a fix(android): Add filterTouchesWhenObscured to prevent Tapjacking (#5155)
• 7272747 chore: Add stacked PR support to create-java-pr skill and PR rules (#5151)
• 872b084 fix(sessions): Finalize previous session even when auto session tracking is d...
• 37a4609 chore(ci): Kill BinarySizeTest in favour of Size Analysis status check (#5159)
• b8bd8c4 fix(logging): Use ImmediateExecutorService in logging tests and fix Log4j2 sc...
• a415905 fix(screenshot): Add dontwarn replay rules to sentry-android-core (#5153)
• 83884a0 Allow configuring shutdown and session flush timeouts externally and speed up...
• 8ec9ca8 Merge branch 'release/8.34.0'
• 46044dc release: 8.34.0
• Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-sdk-testing from 1.59.0 to 1.60.1

Release notes

Sourced from io.opentelemetry:opentelemetry-sdk-testing's releases.

Version 1.60.1

This is a patch release on the previous 1.60.0 release, fixing the issue(s) below.

SDK

Extensions

• Autoconfigure: fix warning always emitted (#8157)

Version 1.60.0

API

• Support W3C trace context random flag (#8012)
• Clarify that SpanBuilder.setAttribute allows null values (#8072)

Incubating

• Implement environment variable context propagation carriers (#8074)
• Deprecate ExtendedAttributes, ExtendedAttributeKey, ExtendedAttributeType, ExtendedAttributesBuilder (#8060)
• Deprecate peerServiceMapping accessor from InstrumentationConfigUtil (#8088)

SDK

Traces

• Disable warning when using TraceIdRatioBasedSampler as root sampler (#8065)
• User-supplied attributes take precedence over exception-derived attributes (#7993)
• Exclude META-INF/maven from traces SDK shaded dependencies (#8096)
• Fix inverted condition in LegacySpanProcessorInstrumentation#finishSpans (#8145)

Metrics

• Split out cumulative vs. delta storage (#8015)
• Add metrics for PeriodicMetricReader (#8038)
• Allow configuring min/max in histograms (#8095)
• Remove deprecated otel.experimental.metrics.cardinality.limit property (#8124)
• BREAKING bug fix: GlobUtil and IncludePatternMatching, used in views and declarative config matching, previously were inconsistent in case sensitivity. If a glob char (* or ?) was present, it was evaluated with case sensitivity. If no glob chars were present, it was evaluated with case insensitivity. Now, all are consistently evaluated with case sensitivity. (#8152)

Logs

• Stabilize LogRecordBuilder.setException (#8089)
• Clarify setTimestamp javadoc for event timestamp behavior (#8104)

Exporters

• OTLP: Fix marshaling for empty string attributes (#8014)
• Prometheus: Update Prometheus client to 1.5.0 (#8080)
• OTLP: Serialize exponential histogram sum as optional double (#8107)
• OTLP: Use KeyManagerFactory.getDefaultAlgorithm() in TlsUtil.keyManager() (#8122)
• OTLP: Ensure proto serializer idCache is cleared when exception is thrown (#8147)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-sdk-testing's changelog.

Version 1.60.1 (2026-03-08)

SDK

Extensions

• Autoconfigure: fix warning always emitted (#8157)

Version 1.60.0 (2026-03-06)

API

• Support W3C trace context random flag (#8012)
• Clarify that SpanBuilder.setAttribute allows null values (#8072)

Incubating

• Implement environment variable context propagation carriers (#8074)
• Deprecate ExtendedAttributes, ExtendedAttributeKey, ExtendedAttributeType, ExtendedAttributesBuilder (#8060)
• Deprecate peerServiceMapping accessor from InstrumentationConfigUtil (#8088)

SDK

Traces

• Disable warning when using TraceIdRatioBasedSampler as root sampler (#8065)
• User-supplied attributes take precedence over exception-derived attributes (#7993)
• Exclude META-INF/maven from traces SDK shaded dependencies (#8096)
• Fix inverted condition in LegacySpanProcessorInstrumentation#finishSpans (#8145)

Metrics

• Split out cumulative vs. delta storage (#8015)
• Add metrics for PeriodicMetricReader (#8038)
• Allow configuring min/max in histograms (#8095)
• Remove deprecated otel.experimental.metrics.cardinality.limit property

... (truncated)

Commits

• b1273b5 [release/v1.60.x] Prepare release 1.60.1 (#8161)
• 76e74af Prepare changelog for 1.60.1 (#8160)
• e4235e2 [release/v1.60.x] Fix warning always emitted (#8158)
• 58a5590 [release/v1.60.x] Change GlobUtil, IncludeExcludePredicate to use case sensit...
• 299d893 Add changelog entry for #8152 to 1.60.x release branch (#8154)
• 5d329ae [release/v1.60.x] Prepare release 1.60.0 (#8151)
• 99857c6 Prepare for 1.60.0 release (#8146)
• 50f5607 Fix proto serializer (#8147)
• e8920e7 Fix inverted condition in LegacySpanProcessorInstrumentation#finishSpans (#8145)
• f08b49c fix(deps): update dependency com.squareup.wire:wire-bom to v5.5.1 (#8144)
• Additional commits viewable in compare view

Updates uk.gov.justice.hmpps.gradle-spring-boot from 10.0.4 to 10.0.5

Updates gradle-wrapper from 9.3.1 to 9.4.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions