chore(deps): update Native SDK to v0.15.0

[github-actions]

Bumps modules/sentry-native from 0.14.2 to 0.15.0.

Auto-generated by a dependency updater.

Changelog

0.15.0

Breaking:

• sentry_value_incref now returns sentry_value_t and sentry_value_decref returns int (0 if freed). (#1763)

Features:

• Native: add opt-in async crash upload mode so crashed apps can exit early after crash data is captured, while the crash daemon finishes potentially large uploads in the background. (#1739)
• Native/Linux: symbolicate stack frames in the crash daemon. (#1747, #1764)
• Add a transfer_timeout option for SDK-managed HTTP transports. (#1741)
• Apple: use os_sync_wait_on_address for the level-triggered waitable flag in the batcher on modern macOS(14.4+) and iOS(17.4+). (#1765)
• Native/macOS: add thread names. (#1766)
• Add Upload-Metadata header to TUS requests. (#1795)

Fixes:

• Native/macOS: crash reports now include full stack traces for all threads. Previously, non-crashing threads showed only a single frame. (#1768)
• Native/Linux: resolve function names for the crashed thread's stacktrace from on-disk ELF symbol tables in the crash daemon, so the most important thread gets symbolicated without ptrace. (#1764)
• Finish active trace on crash. (#1667)
• Native/macOS: fix module image_size computation, which could have caused the symbolicator to misattribute every frame to the lowest-addressed image (typically dyld or libsystem). (#1740)
• Native: raise SENTRY_CRASH_MAX_MODULES from 512 to 2048 so processes that load many shared libraries no longer have their minidump module list truncated, which left frames in unrecorded modules without a debug_id and unsymbolicatable.
  (#1738)
• Reject overly deep JSON and msgpack payloads during deserialization. (#1727, #1748)
• Read lengths for variadic fingerprints. (#1730)
• Guard against JSON token allocation overflow on 32-bit platforms. (#1733)
• Windows: fix HTTP rate limit response header parsing. (#1732)
• POSIX: prevent condition-variable timeout overflow from busy-spinning flush and shutdown waits. (#1731)
• Native/macOS: fix thread stack descriptor. (#1726)
• Native/macOS: honor the system_crash_reporter_enabled option. (#1743)
• Cap rate-limit retry-after values at 24 hours to prevent a MITM-provided response from disabling event delivery for the process lifetime. (#1744)
• Fix a shutdown-time use-after-free window in sentry_close(). (#1750)
• curl: free duplicate HTTP response headers to avoid potential leaks. (#1791)
• Native: validate ELF header entry sizes. (#1746)
• Native: clamp module_count from the shared crash context. (#1770)
• Prevent database cleanup from following symlinks in run and cache directories. (#1751)
• Structured logs: respect printf argument widths when extracting log parameters to avoid stack-data disclosure and corrupted attributes on 32-bit platforms. (#1752)
• Fix TOCTOU races in transaction/span refcounting by switching to the atomic decref return value. (#1763)
• Fix signed-to-unsigned cast in rate-limit parsing to prevent permanent event suppression. (#1790)
• Fix a potential out-of-bounds read when parsing non-NUL-terminated sentry-trace headers. (#1749)
• Harden ELF note parsing against overflow and OOB reads. (#1773)
• Fix memory leak in session deserialization on malformed cached files. (#1789)
• Fix division by zero when breadcrumbs are disabled. (#1767)
• Native: escape JSON attachments. (#1771)
• Reject NaN sample rates. (#1788)
• Handle memory allocation failures during JSON serialization to prevent truncated output. (#1772)
• Guard against overflow in string cloning in internal string utilities. (#1787)
• Fix a file descriptor leak in old-run processing. (#1792)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.12%. Comparing base (2f2842f) to head (4624a8a).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5282      +/-   ##
==========================================
- Coverage   74.13%   74.12%   -0.02%     
==========================================
  Files         508      508              
  Lines       18320    18320              
  Branches     3584     3584              
==========================================
- Hits        13581    13579       -2     
- Misses       3864     3865       +1     
- Partials      875      876       +1     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.