Bump sentry from 0.35.0 to 0.47.0

[dependabot]

Bumps sentry from 0.35.0 to 0.47.0.

Release notes

Sourced from sentry's releases.

0.47.0

Breaking Changes

• Update reqwest from 0.12.25 to 0.13.1 (#998). This change is breaking for users who use the RequestHttpTransport::with_client method.
• sentry_core::HubSwitchGuard is now !Send, preventing it from being moved across threads (#957).

New Features

• Added a Envelope::into_items method, which returns an iterator over owned EnvelopeItems in the Envelope (#983).
• Expose transport utilities (#949)

Fixes

• Fixed thread corruption bug where HubSwitchGuard could be dropped on wrong thread (#957).
• We now fork the Hub every time a span is entered. This prevents data from leaking across spans (#957).

0.46.2

New Features

• Log HTTP 413 responses as oversized envelope discards in HTTP transports (#966)

0.46.1

Improvements

• Make it possible to == Transaction/Span/TransactionOrSpan (#942)

Dependencies

• Update reqwest from 0.12.15 to 0.12.25 (#951)

0.46.0

Breaking changes

• Removed the ClientOptions struct's trim_backtraces and extra_border_frames fields (#925).
  • These fields configured backtrace trimming, which is being removed in this release.

Improvements

• Removed backtrace trimming to align the Rust SDK with the general principle that Sentry SDKs should only truncate telemetry data when needed to comply with documented size limits (#925). This change ensures that as much data as possible remains available for debugging.
  • If you notice any new issues being created for existing errors after this change, please open an issue on GitHub.

Fixes

• fix: adjust sentry.origin for log integration (#919) by @​lcian

0.45.0

Breaking changes

• Add custom variant to AttachmentType that holds an arbitrary String. (#916)

... (truncated)

Changelog

Sourced from sentry's changelog.

0.47.0

Breaking Changes

• Update reqwest from 0.12.25 to 0.13.1 (#998). This change is breaking for users who use the RequestHttpTransport::with_client method.
• sentry_core::HubSwitchGuard is now !Send, preventing it from being moved across threads (#957).

New Features

• Added a Envelope::into_items method, which returns an iterator over owned EnvelopeItems in the Envelope (#983).
• Expose transport utilities (#949)

Fixes

• Fixed thread corruption bug where HubSwitchGuard could be dropped on wrong thread (#957).
• We now fork the Hub every time a span is entered. This prevents data from leaking across spans (#957).

0.46.2

New Features

• Log HTTP 413 responses as oversized envelope discards in HTTP transports (#966)

Minimum Supported Rust Version

• Bump minimum supported Rust version to 1.88 (#970).

0.46.1

Improvements

• Make it possible to == Transaction/Span/TransactionOrSpan (#942)

Dependencies

• Update reqwest from 0.12.15 to 0.12.25 (#951)

0.46.0

Breaking changes

• Removed the ClientOptions struct's trim_backtraces and extra_border_frames fields (#925).
  • These fields configured backtrace trimming, which is being removed in this release.

Improvements

• Removed backtrace trimming to align the Rust SDK with the general principle that Sentry SDKs should only truncate telemetry data when needed to comply with documented size limits (#925). This change ensures that as much data as possible remains available for debugging.
  • If you notice any new issues being created for existing errors after this change, please open an issue on GitHub.

Fixes

... (truncated)

Commits

• f638ca0 release: 0.47.0
• 79ada42 build(cargo): Run cargo update (#1030)
• e66f897 meta(changelog): Prepare for release (#1029)
• d7a6da9 ref(protocol): Generic items serializer (#1021)
• 1795e4a meta(zed): Add project settings for Zed editor (#1019)
• fe351f6 ref(sentry-core): Refactor logs batching into generic Batcher (#1018)
• 0600229 meta(ai): Remove trailing comma in .claude/settings.json (#1015)
• b913085 fix!(core): Make HubSwitchGuard !Send to prevent thread corruption (#957)
• a819520 build!: Update reqwest to v0.13.1 (#998)
• 108c51d chore(repo): Add Claude Code settings with basic permissions (#959)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

Dependabot bumps sentry from 0.35.0 to 0.47.0, a major upgrade spanning 12 minor versions with multiple breaking changes (removal of trim_backtraces/extra_border_frames, reqwest 0.12→0.13, HubSwitchGuard becoming !Send). The Sentry API surface used in startup.rs (sentry::init, ClientOptions, tracing integration) appears compatible with 0.47.

• Critical: sentry-tower was not bumped alongside sentry, leaving it at 0.35. This creates two separate sentry-core versions in the dependency tree (0.35 and 0.47), which silently breaks the SentryHttpLayer tower middleware — it will no longer share the Hub with the initialized Sentry client. sentry-tower should be bumped to 0.47 to match.
• Minor: The upgrade pulls in reqwest 0.13.x for Sentry's transport, while the project's direct dependency remains on reqwest 0.12.x, resulting in two copies of reqwest in the binary.

Confidence Score: 1/5

• This PR will silently break Sentry's tower middleware integration due to a sentry-core version split.
• The sentry-tower dependency was not bumped to match sentry, resulting in two incompatible sentry-core versions. The SentryHttpLayer in router.rs will silently stop capturing transactions and attaching request context to Sentry events. While the app will compile and run, observability is degraded.
• applications/data_manager/Cargo.toml — sentry-tower version must be bumped to 0.47 to match sentry.

Important Files Changed

Filename	Overview
applications/data_manager/Cargo.toml	Bumps sentry to 0.47 but leaves sentry-tower at 0.35, causing a sentry-core version split that silently breaks the tower middleware integration. Also introduces duplicate reqwest versions (0.12 + 0.13).
Cargo.lock	Auto-generated lockfile reflecting the sentry 0.47 upgrade. Contains dual sentry-core (0.35 + 0.47) and dual reqwest (0.12 + 0.13) resolutions due to the sentry-tower version mismatch.

Comments Outside Diff (1)

1. applications/data_manager/Cargo.toml, line 25 (link)

   Dual reqwest versions pulled into binary

   sentry 0.47 depends on reqwest 0.13.x (confirmed in Cargo.lock as reqwest 0.13.2), while this project pins reqwest = "0.12.23" for its own HTTP calls. Cargo resolves these as two separate crates, increasing binary size and duplicating TLS/connection-pool overhead. This won't cause a compilation error, but it's wasteful and could be confusing when debugging networking issues.

   Consider bumping the project's direct reqwest dependency to 0.13 to unify the dependency tree, or verify that 0.12 is intentionally kept for compatibility with other crates (e.g., the dev-dependency on line 48).

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: applications/data_manager/Cargo.toml
   Line: 25
   
   Comment:
   **Dual `reqwest` versions pulled into binary**
   
   `sentry` 0.47 depends on `reqwest` 0.13.x (confirmed in Cargo.lock as `reqwest 0.13.2`), while this project pins `reqwest = "0.12.23"` for its own HTTP calls. Cargo resolves these as two separate crates, increasing binary size and duplicating TLS/connection-pool overhead. This won't cause a compilation error, but it's wasteful and could be confusing when debugging networking issues.
   
   Consider bumping the project's direct `reqwest` dependency to 0.13 to unify the dependency tree, or verify that 0.12 is intentionally kept for compatibility with other crates (e.g., the dev-dependency on line 48).
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: applications/data_manager/Cargo.toml
Line: 40-41

Comment:
**`sentry-tower` must be bumped to match `sentry`**

`sentry` is bumped to 0.47 but `sentry-tower` remains at 0.35. These two crates depend on different, incompatible versions of `sentry-core` — the Cargo.lock confirms both `sentry-core` 0.35.0 and `sentry-core` 0.47.0 are resolved as separate crates. This means the `SentryHttpLayer::with_transaction()` used in `router.rs:32` operates on the 0.35 Hub, while `sentry::init()` in `startup.rs:8` initializes the 0.47 Hub. The tower middleware will silently become a no-op: it won't capture transactions or attach request data to Sentry events.

`sentry-tower` 0.47.0 is available on crates.io and depends on `sentry-core ^0.47.0`. Bump it to match:

```suggestion
sentry = { version = "0.47", features = ["tracing", "reqwest", "rustls"] }
sentry-tower = { version = "0.47", features = ["http"] }
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: applications/data_manager/Cargo.toml
Line: 25

Comment:
**Dual `reqwest` versions pulled into binary**

`sentry` 0.47 depends on `reqwest` 0.13.x (confirmed in Cargo.lock as `reqwest 0.13.2`), while this project pins `reqwest = "0.12.23"` for its own HTTP calls. Cargo resolves these as two separate crates, increasing binary size and duplicating TLS/connection-pool overhead. This won't cause a compilation error, but it's wasteful and could be confusing when debugging networking issues.

Consider bumping the project's direct `reqwest` dependency to 0.13 to unify the dependency tree, or verify that 0.12 is intentionally kept for compatibility with other crates (e.g., the dev-dependency on line 48).

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: 0a390ad}

[greptile-apps]

sentry-tower must be bumped to match sentry

sentry is bumped to 0.47 but sentry-tower remains at 0.35. These two crates depend on different, incompatible versions of sentry-core — the Cargo.lock confirms both sentry-core 0.35.0 and sentry-core 0.47.0 are resolved as separate crates. This means the SentryHttpLayer::with_transaction() used in router.rs:32 operates on the 0.35 Hub, while sentry::init() in startup.rs:8 initializes the 0.47 Hub. The tower middleware will silently become a no-op: it won't capture transactions or attach request data to Sentry events.

sentry-tower 0.47.0 is available on crates.io and depends on sentry-core ^0.47.0. Bump it to match:

Suggested change

	sentry = { version = "0.47", features = ["tracing", "reqwest", "rustls"] }
	sentry-tower = { version = "0.35", features = ["http"] }
	sentry = { version = "0.47", features = ["tracing", "reqwest", "rustls"] }
	sentry-tower = { version = "0.47", features = ["http"] }

Prompt To Fix With AI

This is a comment left during a code review.
Path: applications/data_manager/Cargo.toml
Line: 40-41

Comment:
**`sentry-tower` must be bumped to match `sentry`**

`sentry` is bumped to 0.47 but `sentry-tower` remains at 0.35. These two crates depend on different, incompatible versions of `sentry-core` — the Cargo.lock confirms both `sentry-core` 0.35.0 and `sentry-core` 0.47.0 are resolved as separate crates. This means the `SentryHttpLayer::with_transaction()` used in `router.rs:32` operates on the 0.35 Hub, while `sentry::init()` in `startup.rs:8` initializes the 0.47 Hub. The tower middleware will silently become a no-op: it won't capture transactions or attach request data to Sentry events.

`sentry-tower` 0.47.0 is available on crates.io and depends on `sentry-core ^0.47.0`. Bump it to match:

```suggestion
sentry = { version = "0.47", features = ["tracing", "reqwest", "rustls"] }
sentry-tower = { version = "0.47", features = ["http"] }
```

How can I resolve this? If you propose a fix, please make it concise.

[forstmeier]

Addressed in pull request #799.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.