tools(deps): bump @sentry/cli from 2.20.5 to 3.4.2 in /tools

[dependabot]

Bumps @sentry/cli from 2.20.5 to 3.4.2.

Release notes

Sourced from @​sentry/cli's releases.

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

3.4.2-snapshot.20260511.9081115

Snapshot build from master at 9081115.

3.4.2-snapshot.20260511.4052e78

Snapshot build from master at 4052e78.

3.4.2-snapshot.20260511.04c061a

Snapshot build from master at 04c061a.

3.4.2-snapshot.20260511.f5db2f6

Snapshot build from master at f5db2f6.

3.4.2-snapshot.20260508.660e98b

Snapshot build from master at 660e98b.

3.4.2-snapshot.20260505.848b63a

Snapshot build from master at 848b63a.

3.4.2-snapshot.20260505.54eefbd

Snapshot build from master at 54eefbd.

3.4.2-snapshot.20260505.5b673e5

Snapshot build from master at 5b673e5.

3.4.2-snapshot.20260505.4e81e6a

Snapshot build from master at 4e81e6a.

3.4.2-snapshot.20260505.d23f02b

Snapshot build from master at d23f02b.

3.4.2-snapshot.20260505.c937179

Snapshot build from master at c937179.

3.4.2-snapshot.20260505.c3e59a9

Snapshot build from master at c3e59a9.

3.4.2-snapshot.20260430.b383d38

Snapshot build from master at b383d38.

3.4.2-snapshot.20260428.3a7d03f

Snapshot build from master at 3a7d03f.

3.4.2-snapshot.20260428.b797278

Snapshot build from master at b797278.

... (truncated)

Changelog

Sourced from @​sentry/cli's changelog.

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

3.4.1

Improvements

• (bundle-jvm) Warn and skip subsequent duplicates when multiple files strip to the same URL (e.g. Android build variants contributing the same FQCN). The warning points users at --exclude to scope the bundle to a single variant (#3275).

Fixes

• (bundle-jvm) Strip the [<module>/]src/<sourceset>/<lang>/ prefix from bundle URLs so Symbolicator can resolve them from package-based stack traces (e.g. sentry-android-core/src/main/java/io/sentry/android/core/ANRWatchDog.java → ~/io/sentry/android/core/ANRWatchDog.jvm) (#3275).

3.4.0

Features

• (snapshots) Add --selective flag to build snapshots to indicate the upload contains only a subset of images (#3268)
• (bundle-jvm) Allow running directly on a project root (including multi-module repos) by automatically collecting only JVM source files (.java, .kt, .scala, .groovy), respecting .gitignore, and excluding common build output directories (#3260)
• (bundle-jvm) Add --exclude option for custom glob patterns to exclude files/directories from source collection (#3260)

Performance

• (snapshots) Parallelize image hashing with rayon (#3250)

Fixes

• (snapshots) Chunk image uploads to avoid file descriptor exhaustion and 413 errors when uploading hundreds of images (#3249)
• (snapshots) Preserve subdirectory structure in snapshot manifest keys instead of flattening to bare filenames (#3269)
• Replace eprintln! with log::info! for progress bar completion messages when the progress bar is disabled (e.g. in CI). This avoids spurious stderr output that some CI systems treat as errors (#3223).

3.3.5

Performance

• (snapshots) Parallelize image hashing with rayon (#3250)

Fixes

• (sourcemaps) Skip non-base64 embedded sourcemaps during injection (#3243)

3.3.4

New Features ✨

• (snapshots) Add --diff-threshold option to build snapshots to set a minimum pixel difference percentage for reporting image changes (#3259)

... (truncated)

Commits

• e3f5f55 release: 3.4.2
• f5db2f6 build(deps): Update openssl dependency (#3294)
• 4052e78 build(deps): Bump rand (#3296)
• 04c061a build(js): Update fast-uri (#3295)
• 9081115 fix(js): Prevent argument injection via type coercion in serializeOptions (#3...
• 660e98b ref(upload): Remove redundant function parameter (#3280)
• 54eefbd build(rust): Update Rust toolchain to 1.95 (#3271)
• cbaec55 build(deps): bump actions/create-github-app-token from 2.2.1 to 3.1.1 (#3267)
• c937179 meta: Prevent script injection in rust-toolchain-update workflow (#3284)
• d23f02b meta: Prevent potential shell injection in GitHub Actions workflow (#3283)
• Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tact	Error		May 18, 2026 6:31am