Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⬆️ Bump ddtrace from 2.17.3 to 2.18.1 in /waypoint #1238

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 21, 2024

Bumps ddtrace from 2.17.3 to 2.18.1.

Release notes

Sourced from ddtrace's releases.

2.18.1

Bug Fixes

Profiling:

  • Fixes an issue where the memory allocation profiler can cause a segmentation fault due to data races when accessing its own global data structures from multiple threads.
  • Fixes a bug where profiling mutexes were not cleared on fork in the child process. This could cause deadlocks in certain configurations.

Tracing:

  • celery: Fixes an issue where celery.apply spans from Celery prerun got closed too soon leading to span tags being missing.

2.18.0

Upgrade Notes

  • ASM
    • With this upgrade, you can now control how the stack trace report are cropped when reported for exploit prevention or IAST.

      • DD_APPSEC_MAX_STACK_TRACE_DEPTH allowed to control the maximum stack trace size reported (default 32)
      • DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT allows now to specify how the stack trace is cropped as a percentage.

      For example, a value of 100 will report the top DD_APPSEC_MAX_STACK_TRACE_DEPTH frames from the stack, while a value of 0 will report the bottom DD_APPSEC_MAX_STACK_TRACE_DEPTH frames of the trace. A value of 50 will report half of DD_APPSEC_MAX_STACK_TRACE_DEPTH (rounded down) frames from the top of the stack and the rest from bottom. Default value is 75.

    • Upgrades libddwaf to 1.22.0

    • Upgrades libddwaf to 1.21.0 and security rule file to 1.13.3

Deprecation Notes

  • Python 3.7 support is deprecated and will be removed in 3.0

New Features

  • CI Visibility

    • Beta release of the new version of the pytest plugin, introducing the following features:

      Set the DD_PYTEST_USE_NEW_PLUGIN_BETA environment variable to true to use this new version.

      NOTE: this new version of the plugin introduces breaking changes:

      • module, suite, and test names are now parsed from the item.nodeid attribute
      • test names now include the class for class-based tests
      • Test skipping by Test Impact Analysis (formerly Intelligent Test Runner) is now done at the suite level, instead of at the test level
  • Adds support for Selenium and RUM integration

  • Code Security

    • Introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.
  • LLM Observability

    • Adds support to automatically submit Vertex AI Python calls to LLM Observability.
    • vertexai: Introduces tracing support for Google's Vertex AI SDK for Python's generate_content and send_message calls. See the docs for more information.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

2.18.1

Bug Fixes

Profiling:

  • Fixes an issue where the memory allocation profiler can cause a segmentation fault due to data races when accessing its own global data structures from multiple threads.
  • Fixes a bug where profiling mutexes were not cleared on fork in the child process. This could cause deadlocks in certain configurations.

Tracing:

  • celery: Fixes an issue where celery.apply spans from Celery prerun got closed too soon leading to span tags being missing.

2.18.0

Upgrade Notes

  • ASM
    • With this upgrade, you can now control how the stack trace report are cropped when reported for exploit prevention or IAST.

      • DD_APPSEC_MAX_STACK_TRACE_DEPTH allowed to control the maximum stack trace size reported (default 32)
      • DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT allows now to specify how the stack trace is cropped as a percentage.

      For example, a value of 100 will report the top DD_APPSEC_MAX_STACK_TRACE_DEPTH frames from the stack, while a value of 0 will report the bottom DD_APPSEC_MAX_STACK_TRACE_DEPTH frames of the trace. A value of 50 will report half of DD_APPSEC_MAX_STACK_TRACE_DEPTH (rounded down) frames from the top of the stack and the rest from bottom. Default value is 75.

    • Upgrades libddwaf to 1.22.0

    • Upgrades libddwaf to 1.21.0 and security rule file to 1.13.3

Deprecation Notes

  • Python 3.7 support is deprecated and will be removed in 3.0

New Features

  • CI Visibility

    • Beta release of the new version of the pytest plugin, introducing the following features:

      Set the DD_PYTEST_USE_NEW_PLUGIN_BETA environment variable to true to use this new version.

      NOTE: this new version of the plugin introduces breaking changes:

      • module, suite, and test names are now parsed from the item.nodeid attribute
      • test names now include the class for class-based tests
      • Test skipping by Test Impact Analysis (formerly Intelligent Test Runner) is now done at the suite level, instead of at the test level
  • Adds support for Selenium and RUM integration

  • Code Security

    • Introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.
  • LLM Observability

... (truncated)

Commits
  • 0d6c79b fix(celery): stop closing prerun_span too soon to account for Celery chains s...
  • 45c64c6 fix(profiling): reset all profiling c++ mutexes on fork [backport 2.18] (#117...
  • 9a44122 fix(profiler): update memalloc guard [backport 2.18] (#11802)
  • 9924f37 chore(ci): upgrade python for build action [backport 2.18] (#11782)
  • 6bb2036 fix(iast): check context is enable in request and builtins patched funcions [...
  • 75e962b chore: use guess-next-dev instead of release-branch-semver [2.18] (#11723)
  • ac24ade chore(docs): add vertexai docs (#11713)
  • 68bff3a chore(ci): enable quality gates (#11710)
  • d364f1b ci: fix flaky aiohttp test failure (#11698)
  • b87c4dd ci: store fake DD_API_KEY as a secret (#11690)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.17.3 to 2.18.1.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v2.17.3...v2.18.1)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants