⬆️ Bump ddtrace from 2.17.3 to 2.18.1 in /app

[dependabot]

Bumps ddtrace from 2.17.3 to 2.18.1.

Release notes

Sourced from ddtrace's releases.

2.18.1

Bug Fixes

Profiling:

• Fixes an issue where the memory allocation profiler can cause a segmentation fault due to data races when accessing its own global data structures from multiple threads.
• Fixes a bug where profiling mutexes were not cleared on fork in the child process. This could cause deadlocks in certain configurations.

Tracing:

• celery: Fixes an issue where celery.apply spans from Celery prerun got closed too soon leading to span tags being missing.

2.18.0

Upgrade Notes

• ASM

  • With this upgrade, you can now control how the stack trace report are cropped when reported for exploit prevention or IAST.

    • DD_APPSEC_MAX_STACK_TRACE_DEPTH allowed to control the maximum stack trace size reported (default 32)
    • DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT allows now to specify how the stack trace is cropped as a percentage.

    For example, a value of 100 will report the top DD_APPSEC_MAX_STACK_TRACE_DEPTH frames from the stack, while a value of 0 will report the bottom DD_APPSEC_MAX_STACK_TRACE_DEPTH frames of the trace. A value of 50 will report half of DD_APPSEC_MAX_STACK_TRACE_DEPTH (rounded down) frames from the top of the stack and the rest from bottom. Default value is 75.

  • Upgrades libddwaf to 1.22.0

  • Upgrades libddwaf to 1.21.0 and security rule file to 1.13.3

Deprecation Notes

• Python 3.7 support is deprecated and will be removed in 3.0

New Features

• CI Visibility

  • Beta release of the new version of the pytest plugin, introducing the following features:

    • Auto Test Retries
    • Early Flake Detection
    • Improved coverage collection for Test Impact Analysis (formerly Intelligent Test Runner) now uses an internal collection method instead of coverage.py, with improved dependency discovery.

    Set the DD_PYTEST_USE_NEW_PLUGIN_BETA environment variable to true to use this new version.

    NOTE: this new version of the plugin introduces breaking changes:

    • module, suite, and test names are now parsed from the item.nodeid attribute
    • test names now include the class for class-based tests
    • Test skipping by Test Impact Analysis (formerly Intelligent Test Runner) is now done at the suite level, instead of at the test level

• Adds support for Selenium and RUM integration

• Code Security

  • Introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.

• LLM Observability

  • Adds support to automatically submit Vertex AI Python calls to LLM Observability.
  • vertexai: Introduces tracing support for Google's Vertex AI SDK for Python's generate_content and send_message calls. See the docs for more information.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

2.18.1

Bug Fixes

Profiling:

• Fixes an issue where the memory allocation profiler can cause a segmentation fault due to data races when accessing its own global data structures from multiple threads.
• Fixes a bug where profiling mutexes were not cleared on fork in the child process. This could cause deadlocks in certain configurations.

Tracing:

• celery: Fixes an issue where celery.apply spans from Celery prerun got closed too soon leading to span tags being missing.

---

2.18.0

Upgrade Notes

• ASM

  • With this upgrade, you can now control how the stack trace report are cropped when reported for exploit prevention or IAST.

    • DD_APPSEC_MAX_STACK_TRACE_DEPTH allowed to control the maximum stack trace size reported (default 32)
    • DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT allows now to specify how the stack trace is cropped as a percentage.

    For example, a value of 100 will report the top DD_APPSEC_MAX_STACK_TRACE_DEPTH frames from the stack, while a value of 0 will report the bottom DD_APPSEC_MAX_STACK_TRACE_DEPTH frames of the trace. A value of 50 will report half of DD_APPSEC_MAX_STACK_TRACE_DEPTH (rounded down) frames from the top of the stack and the rest from bottom. Default value is 75.

  • Upgrades libddwaf to 1.22.0

  • Upgrades libddwaf to 1.21.0 and security rule file to 1.13.3

Deprecation Notes

• Python 3.7 support is deprecated and will be removed in 3.0

New Features

• CI Visibility

  • Beta release of the new version of the pytest plugin, introducing the following features:

    • Auto Test Retries
    • Early Flake Detection
    • Improved coverage collection for Test Impact Analysis (formerly Intelligent Test Runner) now uses an internal collection method instead of coverage.py, with improved dependency discovery.

    Set the DD_PYTEST_USE_NEW_PLUGIN_BETA environment variable to true to use this new version.

    NOTE: this new version of the plugin introduces breaking changes:

    • module, suite, and test names are now parsed from the item.nodeid attribute
    • test names now include the class for class-based tests
    • Test skipping by Test Impact Analysis (formerly Intelligent Test Runner) is now done at the suite level, instead of at the test level

• Adds support for Selenium and RUM integration

• Code Security

  • Introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.

• LLM Observability

... (truncated)

Commits

• 0d6c79b fix(celery): stop closing prerun_span too soon to account for Celery chains s...
• 45c64c6 fix(profiling): reset all profiling c++ mutexes on fork [backport 2.18] (#117...
• 9a44122 fix(profiler): update memalloc guard [backport 2.18] (#11802)
• 9924f37 chore(ci): upgrade python for build action [backport 2.18] (#11782)
• 6bb2036 fix(iast): check context is enable in request and builtins patched funcions [...
• 75e962b chore: use guess-next-dev instead of release-branch-semver [2.18] (#11723)
• ac24ade chore(docs): add vertexai docs (#11713)
• 68bff3a chore(ci): enable quality gates (#11710)
• d364f1b ci: fix flaky aiohttp test failure (#11698)
• b87c4dd ci: store fake DD_API_KEY as a secret (#11690)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud