fix(deps): update all non-major application-server dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
gradle	stage	patch	8.14.0-jdk21-alpine -> 8.14.2-jdk21-alpine
org.springframework:spring-instrument	dependencies	patch	6.2.7 -> 6.2.8
io.sentry:sentry-spring-boot-starter-jakarta	dependencies	minor	8.9.0 -> 8.13.3
org.flywaydb:flyway-database-postgresql (source)	dependencies	minor	11.8.2 -> 11.9.1
org.flywaydb:flyway-core (source)	dependencies	minor	11.8.2 -> 11.9.1
io.nats:jnats	dependencies	patch	2.21.1 -> 2.21.2
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	dependencies	patch	2.8.8 -> 2.8.9
org.flywaydb.flyway	plugin	minor	11.8.2 -> 11.9.1
org.postgresql:postgresql (source)	dependencies	patch	42.7.5 -> 42.7.7

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-instrument)

v6.2.8

getsentry/sentry-java (io.sentry:sentry-spring-boot-starter-jakarta)

v8.13.3

Compare Source

Fixes

• Send UI Profiling app start chunk when it finishes (#​4423)
• Republish Javadoc #​4457
• Finalize OkHttpEvent even if no active span in SentryOkHttpInterceptor #​4469
• Session Replay: Do not capture current replay for cached events from the past (#​4474)
• Session Replay: Correctly capture Dialogs and non full-sized windows (#​4354)
• Session Replay: Fix inconsistent segment_id (#​4471)
• Session Replay: Fix crash on devices with the Unisoc/Spreadtrum T606 chipset (#​4477)

v8.13.2

Compare Source

Fixes

• Don't apply Spring Boot plugin in sentry-spring-boot-jakarta (#​4456)
  • The jar for io.sentry:sentry-spring-boot-jakarta is now correctly being built and published to Maven Central.

v8.13.1

Compare Source

Fixes

• Fix SentryAndroid.init crash if SDK is initialized from a background thread while an Activity is in resumed state (#​4449)

Dependencies

• Bump Gradle from v8.14 to v8.14.1 (#​4437)
  • changelog
  • diff

v8.13.0

Compare Source

Features

• Add debug mode for Session Replay masking (#​4357)
  • Use Sentry.replay().enableDebugMaskingOverlay() to overlay the screen with the Session Replay masks.
  • The masks will be invalidated at most once per frameRate (default 1 fps).
• Extend Logs API to allow passing in attributes (#​4402)
  • Sentry.logger.log now takes a SentryLogParameters
  • Use SentryLogParameters.create(SentryAttributes.of(...)) to pass attributes
    • Attribute values may be of type string, boolean, integer or double.
    • Other types will be converted to string. Currently we simply call toString() but we might offer more in the future.
    • You may manually flatten complex types into multiple separate attributes of simple types.
      • e.g. intead of SentryAttribute.named("point", Point(10, 20)) you may store it as SentryAttribute.integerAttribute("point.x", point.x) and SentryAttribute.integerAttribute("point.y", point.y)
    • SentryAttribute.named() will automatically infer the type or fall back to string.
    • SentryAttribute.booleanAttribute() takes a Boolean value
    • SentryAttribute.integerAttribute() takes a Integer value
    • SentryAttribute.doubleAttribute() takes a Double value
    • SentryAttribute.stringAttribute() takes a String value
  • We opted for handling parameters via SentryLogParameters to avoid creating tons of overloads that are ambiguous.

Fixes

• Isolation scope is now forked in OtelSentrySpanProcessor instead of OtelSentryPropagator (#​4434)
  • Since propagator may never be invoked we moved the location where isolation scope is forked.
  • Not invoking OtelSentryPropagator.extract or having a sentry-trace header that failed to parse would cause isolation scope not to be forked.
  • This in turn caused data to bleed between scopes, e.g. from one request into another

Dependencies

• Bump Spring Boot to 3.5.0 (#​4111)

v8.12.0

Compare Source

Features

• Add new User Feedback API (#​4286)
  • We now introduced Sentry.captureFeedback, which supersedes Sentry.captureUserFeedback
• Add Sentry Log Feature (#​4372)
  • The feature is disabled by default and needs to be enabled by:
    • options.getLogs().setEnabled(true) in Sentry.init / SentryAndroid.init
    • <meta-data android:name="io.sentry.logs.enabled" android:value="true" /> in AndroidManifest.xml
    • logs.enabled=true in sentry.properties
    • sentry.logs.enabled=true in application.properties
    • sentry.logs.enabled: true in application.yml
  • Logs can be captured using Sentry.logger().info() and similar methods.
  • Logs also take a format string and arguments which we then send through String.format.
  • Please use options.getLogs().setBeforeSend() to filter outgoing logs

Fixes

• Hook User Interaction integration into running Activity in case of deferred SDK init (#​4337)

Dependencies

• Bump Gradle from v8.13 to v8.14.0 (#​4360)
  • changelog
  • diff

v8.11.1

Compare Source

Fixes

• Fix Android profile chunk envelope type for UI Profiling (#​4366)

v8.11.0

Compare Source

Features

• Make RequestDetailsResolver public (#​4326)
  • RequestDetailsResolver is now public and has an additional constructor, making it easier to use a custom TransportFactory

Fixes

• Session Replay: Fix masking of non-styled Text Composables (#​4361)
• Session Replay: Fix masking read-only TextField Composables (#​4362)

v8.10.0

Compare Source

Features

• Wrap configured OpenTelemetry ContextStorageProvider if available (#​4359)
  • This is only relevant if you see java.lang.IllegalStateException: Found multiple ContextStorageProvider. Set the io.opentelemetry.context.ContextStorageProvider property to the fully qualified class name of the provider to use. Falling back to default ContextStorage. Found providers: ...
  • Set -Dio.opentelemetry.context.contextStorageProvider=io.sentry.opentelemetry.SentryContextStorageProvider on your java command
  • Sentry will then wrap the other ContextStorageProvider that has been configured by loading it through SPI
  • If no other ContextStorageProvider is available or there are problems loading it, we fall back to using SentryOtelThreadLocalStorage

Fixes

• Update profile chunk rate limit and client report (#​4353)

Dependencies

• Bump Native SDK from v0.8.3 to v0.8.4 (#​4343)
  • changelog
  • diff

nats-io/nats.java (io.nats:jnats)

v2.21.2

Compare Source

Core

• Changed header value validation to accept any ascii except CR & LF #​1316 @​francoisprunier

JetStream

• Update account ApiStats with level and inflight #​1304 @​scottf
• Update account AccountTier with reserved memory and reserved storage #​1305 @​scottf
• Add StreamAlternate structure to StreamInfo response #​1306 @​scottf
• Better workflow for leadership change while pull consuming. #​1313 @​scottf
• Ability to supply a prefix for watches. Fixed ordered consumer naming bug. #​1314 @​scottf
• Use full NUID for generated consumer names #​1317 @​scottf

Key Value

• Update KV consumeKeys() to return the BlockingQueue immediately. #​1308 @​scottf
• KV Limit Marker #​1310 @​scottf
• KV LimitMarker add missing getter, additional docs and tests #​1311 @​scottf

General

• Update repository info and cleanup readme. #​1318 @​scottf

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-ui)

v2.8.9

Compare Source

Added

• #​2944 - Support for @​Positive
• #​3011 - type-use for method parameters

Changed

• Upgrade spring-boot to version 3.5.0

Fixed

• #​2982 - application/problem+json content type is not set for ProblemDetails
• #​2990 - Issues with POST Request, application/x-www-form-urlencoded and only one parameter
• #​2998 - io.swagger.v3.oas.annotations.Webhook does not work when defined on the method level
• #​3012 - Order of examples is (sometimes) not preserved

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.7

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.
  Fix channel binding required handling to reject non-SASL authentication
  Previously, when channel binding was set to "require", the driver would silently ignore this
  requirement for non-SASL authentication methods. This could lead to a false sense of security
  when channel binding was explicitly requested but not actually enforced. The fix ensures that when
  channel binding is set to "require", the driver will reject connections that use
  non-SASL authentication methods or when SASL authentication has not completed properly.
  See the Security Advisory for more detail. Reported by George MacKerron
  The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

v42.7.6

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property PR #​3513

Performance Improvements

• performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) PR #​3510
• feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed PR #​3613

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -0.16% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (7bb3029)	7869	2078	26.41%
Head commit (ed178da)	7921 (+52)	2079 (+1)	26.25% (-0.16%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#724)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[github-actions]

There hasn't been any activity on this pull request recently. Therefore, this pull request has been automatically marked as stale and will be closed if no further activity occurs within seven days. Thank you for your contributions.