Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump ddtrace from 2.2.0 to 2.3.0 #14946

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 21, 2023

Bumps ddtrace from 2.2.0 to 2.3.0.

Release notes

Sourced from ddtrace's releases.

2.3.0

New Features

  • propagation: 128-bit trace ids are now used by default for propagation. Previously the default was 64-bit. This change is backwards compatible with tracers that still use 64-bit trace ids and should not cause any breaking behavior.
  • dsm: Adds DSM pathway.hash tag to spans when DSM is enabled. This allows traces from the instrumented service to show up in the DSM traces tab.
  • propagation: When the tracer is configured to extract and inject tracecontext, the tracer will propagate the tracestate values from other vendors so long as the traceparent trace-id matches the first found trace context, regardless of propagator configuration order. To disable this behavior DD_TRACE_PROPAGATION_EXTRACT_FIRST=true can be set.
  • opentelemetry: Map reserved OpenTelemetry attributes to Datadog span model.
  • opentelemetry: datadog operation name from semantic conventions
  • propagation: If a valid context is extracted from headers, and the following extracted trace context's trace_ids do not match the valid context's, then add a span link to the root span to represent the broken propagation.
  • tracing: This change treats spans that terminated with sys.exit(0) as successful non-error spans.
  • tracing: This introduces the DD_TRACE_SPAN_TRACEBACK_MAX_SIZE environment variable, allowing the maximum size of tracebacks included on spans to be configured.

Bug Fixes

  • CI Visibility: fixes the fact that the GITHUB_SERVER_URL environment variable was not being sanitized for credentials
  • dynamic instrumentation: Needs to update the pubsub instance when the application forks because the probe mechanism should run in the child process. For that, DI needs the callback as the method of an instance of Debugger, which lives in the child process.
  • CI Visibility: Fixes an issue where a ValueError was raised when using different path drives on Windows
  • build: Fixes an issue where ddtrace could not be installed from source when using setuptools>=69 due to a change in the license field.
  • tracing: Fixes an issue where the thread responsible for sending traces is killed due to concurrent dictionary modification.
  • Vulnerability Management for Code-level (IAST): Generates cookies vulnerabilities report if IAST is enabled. Before this fix, Cookies vulnerabilities were only generated if both IAST and Appsec were enabled.
  • Vulnerability Management for Code-level (IAST): This fix resolves an issue where, at AST patching to replace code with IAST aspects, passing the original function/method as an extra parameter for accurate patching unintentionally triggers side effects in methods obtained from an expression (like decode in file.read(n).decode()), resulting in unexpected multiple calls to the expression (file.read(n) in the example).
  • Vulnerability Management for Code-level (IAST): This fix eliminates some reference leaks and C-API usage when IAST reports a vulnerability and calls get_info_frame.
  • kafka: This fix resolves an issue where calls to confluent_kafka's produce method with key=None would cause an exception to be raised.
  • tracing: This fix resolves an issue where ddtrace's signal handlers could cause Flask apps not to respond correctly to SIGINT.
  • logging: A log handler is automatically added to the ddtrace logger upon ddtrace import, when not using ddtrace-run. This can lead to duplicate logging if users add additional loggers and do not explicitly modify the ddtrace logger. This fix adds a feature flag that can be used to toggle this behavior off DD_TRACE_LOG_STREAM_HANDLER which defaults to true.
  • structlog: Fixes TypeError raised when ddtrace log processor is configured with a tuple

2.3.0rc1

New Features

  • dsm: Adds DSM pathway.hash tag to spans when DSM is enabled. This allows traces from the instrumented service to show up in the DSM traces tab.
  • opentelemetry: Map reserved OpenTelemetry attributes to Datadog span model.
  • opentelemetry: datadog operation name from semantic conventions
  • propagation: 128-bit trace ids are now used by default for propagation. Previously the default was 64-bit. This change is backwards compatible with tracers that still use 64-bit trace ids and should not cause any breaking behavior.
  • propagation: When the tracer is configured to extract and inject tracecontext, the tracer will propagate the tracestate values from other vendors so long as the traceparent trace-id matches the first found trace context, regardless of propagator configuration order. To disable this behavior DD_TRACE_PROPAGATION_EXTRACT_FIRST=true can be set.
  • propagation: If a valid context is extracted from headers, and the following extracted trace context's trace_ids do not match the valid context's, then add a span link to the root span to represent the broken propagation.
  • tracing: This change treats spans that terminated with sys.exit(0) as successful non-error spans.
  • tracing: This introduces the DD_TRACE_SPAN_TRACEBACK_MAX_SIZE environment variable, allowing the maximum size of tracebacks included on spans to be configured.

Bug Fixes

  • build: Fixes an issue where ddtrace could not be installed from source when using setuptools>=69 due to a change in the license field.
  • CI Visibility: fixes the fact that the GITHUB_SERVER_URL environment variable was not being sanitized for credentials
  • dynamic instrumentation: Needs to update the pubsub instance when the application forks because the probe mechanism should run in the child process. For that, DI needs the callback as the method of an instance of Debugger, which lives in the child process.
  • CI Visibility: Fixes an issue where a ValueError was raised when using different path drives on Windows
  • kafka: This fix resolves an issue where calls to confluent_kafka's produce method with key=None would cause an exception to be raised.
  • logging: A log handler is automatically added to the ddtrace logger upon ddtrace import, when not using ddtrace-run. This can lead to duplicate logging if users add additional loggers and do not explicitly modify the ddtrace logger. This fix adds a feature flag that can be used to toggle this behavior off DD_TRACE_LOG_STREAM_HANDLER which defaults to true.
  • tracing: Fixes an issue where the thread responsible for sending traces is killed due to concurrent dictionary modification.
  • tracing: This fix resolves an issue where ddtrace's signal handlers could cause Flask apps not to respond correctly to SIGINT.

... (truncated)

Commits
  • 80f3264 chore(rcm): payload logging (#7603)
  • 1656e7d fix(tracer): fix multiprocessing queue on aws lambda (#7612)
  • 0cfc263 fix(structlog): appends to default_processors via list to avoid TypeError (...
  • ac29fa3 ci(opentelemetry): pin cattrs and otel-flask-instrumentation (#7682)
  • f86bfd2 fix(setuptools): update deprecated license format (#7684)
  • 2bd99af chore: deduplicate and abstract some bits of the release script (#7592)
  • 80bf6a9 fix(asm): fix config in api_manager (#7678)
  • 1c9765f fix(pytest+unittest): add safety check for Windows paths (#7627)
  • 3aad540 ci(iast): fix flaky test (#7677)
  • d0e50ca chore(ci_visibility): override API answer if _DD_CIVISIBILITY_ITR_FORCE_ENABL...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/2.x/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner November 21, 2023 09:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 21, 2023
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 23, 2023

Superseded by #14964.

@dependabot dependabot bot closed this Nov 23, 2023
@dependabot dependabot bot deleted the dependabot/pip/ddtrace-2.3.0 branch November 23, 2023 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants