Update dependency @sentry/cli to v3.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sentry/cli (source)	3.4.2 → 3.5.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

getsentry/sentry-cli (@​sentry/cli)

v3.5.0

Compare Source

Features

• (snapshots) Add snapshots diff command for locally comparing directories of PNG snapshot images using odiff (#​3306)
• (snapshots) Add snapshots download command for downloading baseline snapshot images from Sentry (#​3310)
• (snapshots) Add --all-image-file-names and --all-image-file-names-file flags to snapshots upload for detecting image removals and renames in selective builds (#​3312)
• Add PE DWARF companion support (#​3240)
• Add Windows ARM64 PE unwind support (#​3240)

Fixes

• Improve error message when organization slug is missing from config (#​3311)
• Respect CURL_CA_BUNDLE and SSL_CERT_FILE when configuring TLS certificate authorities (#​3301).

Internal changes

• Bump symbolic to 13.1.1 (#​3240)

v3.4.3

Compare Source

Security Fixes

• Behavior-breaking: Disable Xcode Info.plist preprocessing by default to avoid passing project-controlled compiler settings to cc during release auto-discovery. This affects sentry-cli releases propose-version, sentry-cli send-event and sentry-cli bash-hook --send-event release inference, and sentry-cli react-native xcode auto-release detection. Use --allow-xcode-infoplist-preprocessing only for trusted projects that require preprocessing.
• Ensure restrictive file permissions maintained when sentry-cli login updates existing config files.
• Disable TLS verification only when http.verify_ssl is set to false, case-insensitively.
• Shell-escape generated bash-hook arguments, including paths, tags, release names, and the CLI path.
• Stop sending environment variables in sentry-cli bash-hook events.
• Verify the downloaded binary checksum before replacing the current executable in sentry-cli update.

Performance

• (snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (#​3305)

Fixes

• (snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (#​3300)

---

Configuration

📅 Schedule: (in timezone CET)

• Branch creation
  • "after 7am every weekday,before 7pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: bun.lock

Command failed: bun install --ignore-scripts
Resolving dependencies
Resolved, downloaded and extracted [1]
error: GET https://repox.jfrog.io/artifactory/api/npm/npm/@sentry%2fcli - 401
error: @sentry/cli@3.5.0 failed to resolve

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: CLI-528