Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update submissions #7100

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update submissions #7100

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 24, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
anndata ==0.10.8 -> ==0.11.3 age adoption passing confidence minor
ddtrace (changelog) ==2.1.4 -> ==2.19.0 age adoption passing confidence minor
numba ==0.59.1 -> ==0.60.0 age adoption passing confidence minor
numpy (changelog) <2 -> <3 age adoption passing confidence major
public.ecr.aws/lambda/python 3.8 -> 3.13 age adoption passing confidence final minor
public.ecr.aws/lambda/python 3.9 -> 3.13 age adoption passing confidence final minor
python-json-logger ==2.0.7 -> ==3.2.1 age adoption passing confidence major
pyvips ==2.2.2 -> ==2.2.3 age adoption passing confidence patch
rpy2 ==3.5.16 -> ==3.5.17 age adoption passing confidence patch
s3fs ==0.4.2 -> ==2024.12.0 age adoption passing confidence major
scanpy ==1.9.8 -> ==1.10.4 age adoption passing confidence minor
tiledb ==0.25.0 -> ==0.33.2 age adoption passing confidence minor

Release Notes

scverse/anndata (anndata)

v0.11.3

Compare Source

v0.11.2

Compare Source

v0.11.1

Compare Source

v0.11.0

Compare Source

v0.10.9

Compare Source

DataDog/dd-trace-py (ddtrace)

v2.19.0: 2.19.0

Compare Source

New Features

  • ASM

    • Introduces "Standalone SCA billing", opting out for APM billing and applying to only SCA. Enable this by setting these two environment variables: DD_APPSEC_SCA_ENABLED and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED

  • Code Security

    • Introduces stack trace reports for Code Security.

  • Profiling

    • Adds an experimental integration with the PyTorch profiler which can be enabled by setting DD_PROFILING_PYTORCH_ENABLED=true. This feature instruments the PyTorch profiler API (https://pytorch.org/docs/stable/_modules/torch/profiler/profiler.html) so that GPU profiling data can be sent to Datadog for visualization. This feature supports torch version >= 1.8.1.

  • Tracing

    • azure_functions: Introduces support for Azure Functions.
Upgrade Notes
  • Makes the library compatible with Python 3.13
Bug Fixes

  • ASM

    • Resolves an issue where AppSec was using a patched request and builtins functions, creating telemetry errors.

  • Code Security

    • Adds more modules to the IAST patching denylist to improve startup time

  • Lib-Injection

    • Fixes missing lib-injection telemetry for common abort scenarios.

  • LLM Observability

    • Resolves an issue where LLMObs.enable() ignored global patch configurations, specifically
      the DD_TRACE_<INTEGRATION>_ENABLED and DD_PATCH_MODULES environment variables.

  • Telemetry

    • library: Resolves deadlocks that could occur when sending instrumentation telemetry data after an unhandled exception is raised.

  • Tracing

    • ASGI: This fix resolves an issue parsing response cookies in FastAPI and awsgi
    • asyncio: Resolves an issue where asyncio event loops fail to register when ddtrace-run/import ddtrace.auto is used and gevent is installed.
    • datastreams: Logs at warning level for Kinesis errors that break the Data Streams Monitoring map.

v2.18.2: 2.18.2

Compare Source

Bug Fixes

  • Code Security

    • Adds more modules to the IAST patching denylist to improve startup time

  • Profiling

    • Removes a system call from the memory allocation profiler, used to detect forks, which ran on every allocation and resulted in a significant slowdown.

  • Tracing

    • ASGI: Resolves an issue parsing response cookies in FastAPI and awsgi
    • Integrations: Improves error handling for exceptions raised during the startup of ddtrace integrations. This reduces the likelihood of the ddtrace library raising unhandled exceptions.

v2.18.1

Compare Source

Bug Fixes

Profiling:

  • Fixes an issue where the memory allocation profiler can cause a segmentation fault due to data races when accessing its own global data structures from multiple threads.
  • Fixes a bug where profiling mutexes were not cleared on fork in the child process. This could cause deadlocks in certain configurations.

Tracing:

  • celery: Fixes an issue where celery.apply spans from Celery prerun got closed too soon leading to span tags being missing.

v2.18.0

Compare Source

Upgrade Notes
  • ASM

    • With this upgrade, you can now control how the stack trace report are cropped when reported for exploit prevention or IAST.

      • DD_APPSEC_MAX_STACK_TRACE_DEPTH allowed to control the maximum stack trace size reported (default 32)
      • DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT allows now to specify how the stack trace is cropped as a percentage.

      For example, a value of 100 will report the top DD_APPSEC_MAX_STACK_TRACE_DEPTH frames from the stack, while a value of 0 will report the bottom DD_APPSEC_MAX_STACK_TRACE_DEPTH frames of the trace. A value of 50 will report half of DD_APPSEC_MAX_STACK_TRACE_DEPTH (rounded down) frames from the top of the stack and the rest from bottom. Default value is 75.

    • Upgrades libddwaf to 1.22.0

    • Upgrades libddwaf to 1.21.0 and security rule file to 1.13.3

Deprecation Notes
  • Python 3.7 support is deprecated and will be removed in 3.0
New Features

  • CI Visibility

    • Beta release of the new version of the pytest plugin, introducing the following features:

      Set the DD_PYTEST_USE_NEW_PLUGIN_BETA environment variable to true to use this new version.

      NOTE: this new version of the plugin introduces breaking changes:

      • module, suite, and test names are now parsed from the item.nodeid attribute
      • test names now include the class for class-based tests
      • Test skipping by Test Impact Analysis (formerly Intelligent Test Runner) is now done at the suite level, instead of at the test level

  • Adds support for Selenium and RUM integration

  • Code Security

    • Introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.

  • LLM Observability

    • Adds support to automatically submit Vertex AI Python calls to LLM Observability.
    • vertexai: Introduces tracing support for Google's Vertex AI SDK for Python's generate_content and send_message calls. See the docs for more information.

  • Profiling

    • Profiler uses agent url configured via tracer.configure()
Bug Fixes

  • ASM

    • Ensures that common patches for exploit prevention and sca are only loaded if required, and only loaded once.
    • Resolves an issue where AppSec was using a patched JSON loads, creating telemetry errors.
    • Resolves an issue where some root span where not appropriately tagged for ASM standalone.
    • ASM: Resolves an issue where AppSec was using a patched request and builtins functions,
      creating telemetry errors.

  • CI Visibility

    • Fixes an issue where the CIVisbility service would incorrectly default the tracer env to None in EVP proxy mode if DD_ENV was not specified but the agent had a default environment set to a value other than none (eg: using DD_APM_ENV in the agent's environment).
    • Updates the inferred base service name algorithm to ensure that arguments following --ddtrace are no longer skipped when executing tests with pytest. Previously, the algorithm misinterpreted these arguments as standard flags, overlooking possible test paths that may contribute to the inferred service name.

  • Code Security

    • Patches the module dir function so original pre-patch results are not changed.
    • Resolves a patching issue with psycopg3.
    • This fix resolves an issue where the modulo (%) operator would not be replaced correctly for bytes and bytesarray if IAST is enabled.
    • Ensures IAST SSRF vulnerability redacts the url query parameters correctly.
    • Adds umap, numba and pynndescent to the Code Security denylist.

  • Crashtracking

    • Resolves issue where the crashtracker receiver may leave a zombie process behind after a crash.

  • Lib-Injection

    • Ensures any user defined sitecustomize.py are preserved when auto-injecting.
    • Supports Python 2.7+ for injection compatibility check.
    • Resolves an issue where the default versions of click and jinja2 installed on 3.8 were outside of the allowed minimum versions for autoinstrumentation.

  • LLM Observability

    • Ensures bedrock spans are finished even when streamed responses are not fully consumed.
    • langchain: Resolves a JSON decoding issue resulting from tagging streamed outputs from chains ending with a PydanticOutputParser.
    • Fixes an issue where decorators were not tracing generator functions properly.

  • Profiling

    • Updates setup.py to ignore int-ptr conversion warnings for the profiler stack.pyx file. This is important because gcc 14 makes these conversions an error, alpine 3.21.0 ships with gcc 14, and any patch version of a Python alpine image cut after December 5th, 2024, will have this issue.
    • Fixes unbounded memory usage growth caused by keeping arbitrary user-generated strings (e.g. asyncio Task names) in an internal table and never removing them.
    • Fixes an issue where asyncio task names are not properly propagated when using stack v2, i.e. when DD_PROFILING_STACK_V2_ENABLED is set. Fixes an issue where asyncio tasks are not associated with spans when using stack v2, i.e. when DD_PROFILING_STACK_V2_ENABLED is set.

  • Telemetry

    • Ensures that Telemetry heartbeats are not skipped for forked processes, as doing so could result in the dependency list being lost over time.

  • Tracing

    • botocore: This fix resolves an issue in the Bedrock integration where not consuming the full response stream would prevent spans from finishing.
    • botocore: This fix resolves the issue where the span pointer for deserialized DynamoDB requests (through the resource-based API) were not being generated.
    • botocore: This fix resolves an issue where our span pointer calculation code added recently logged unactionable messages.
    • celery: This fix resolves two issues with context propagation in celery
      1. Invalid span parentage when task A calls task B async and task A errors out, causing A's queuing of B, and B itself to not be parented under A.
      2. Invalid context propagation from client to workers, and across retries, causing multiple traces instead of a single trace
    • celery: Changes celery out.host span tag to point towards broker host url instead of local celery process hostname. Fixes inferred service representation issues when using celery.
    • grpcaio: Resolves a concurrency bug where distributed tracing headers were overwritten resulting in spans being assigned to the wrong trace.
    • kafka: Fixes an issue with Kafka consumer spans not using the active trace context when distributed tracing was enabled and no valid distributed context found was found within a consumed message.
Other Changes
  • Tracing
    • Removed x-forwarded from headers used for client IP resolution (but not from collected headers). We lack evidence of actual usage, and whether this should follow RFC 7239 or regular XFF list format.

v2.17.5: 2.17.5

Compare Source

Bug Fixes
  • Tracing
    • celery: Fixes an issue where celery.apply spans from Celery pre-run got closed too soon leading to span tags being missing.

v2.17.4: 2.17.4

Compare Source

Bug Fixes

  • Code Security

    • Adds more modules to the IAST patching denylist to improve startup time

  • ASM

    • Resolves an issue where AppSec was using a patched JSON loads, creating telemetry errors.
    • Resolves an issue where AppSec was using a patched request and builtins functions, creating telemetry errors.

  • LLM Observability

    • Resolves an issue where LLMObs.enable() ignored global patch configurations, specifically the DD_TRACE_<INTEGRATION>_ENABLED and DD_PATCH_MODULES environment variables.
    • langchain: Resolves a JSON decoding issue resulting from tagging streamed outputs from chains ending with a PydanticOutputParser.

  • Profiling

    • Updates setup.py to ignore int-ptr conversion warnings for the profiler stack.pyx file. This is important because gcc 14 makes these conversions an error, alpine 3.21.0 ships with gcc 14, and any patch version of a Python alpine image cut after December 5th, 2024, will have this issue.

  • Tracing

    • ASGI: Resolves an issue parsing response cookies in FastAPI and awsgi

v2.17.3

Compare Source

Bug Fixes

  • SCA:

    • Ensure that Telemetry heartbeats are not skipped for forked processes, as doing so could result in the dependency list being lost over time.

  • Celery:

    • This fix resolves two issues with context propagation in celery
        1. Invalid span parentage when task A calls task B async and task A errors out, causing A's queuing of B, and B itself to not be parented under A.
        1. Invalid context propagation from client to workers, and across retries, causing multiple traces instead of a single trace

  • Code Security:

    • This fix resolves a patching issue with psycopg3.
    • This fix resolves an issue where the modulo (%) operator would not be replaced correctly for bytes and bytesarray if IAST is enabled.
    • Ensure IAST SSRF vulnerability redacts the url query parameters correctly.

  • Profiling:

    • Updates setup.py to ignore int-ptr conversion warnings for the profiler stack.pyx file. This is important because gcc 14 makes these conversions an error, alpine 3.21.0 ships with gcc 14, and any patch version of a Python alpine image cut after December 5th, 2024, will have this issue.

v2.17.2

Compare Source

Bug Fixes

  • ASM

    • Ensures that common patches for exploit prevention and SCA are only loaded if required, and only loaded once.

  • LLM Observability

    • Ensures bedrock spans are finished even when streamed responses are not fully consumed.
    • Fixes an issue where decorators were not tracing generator functions properly.

  • Tracing

    • botocore: Resolves an issue in the Bedrock integration where not consuming the full response stream would prevent spans from finishing.
    • celery: Changes celery out.host span tag to point towards broker host url instead of local celery process hostname. Fixes inferred service representation issues when using celery.
    • grpcaio: Resolves a concurrency bug where distributed tracing headers were overwritten resulting in spans being assigned to the wrong trace.

v2.17.1

Compare Source

Bug Fixes
  • ASM
    • Resolves an issue where some root spans were not appropriately tagged for ASM standalone.
  • Code Security
    • Patches the module dir function so original pre-patch results are not changed.
  • Tracing
    • Resolves an issue where the default versions of click and jinja2 installed on 3.8 were outside of the allowed minimum versions for autoinstrumentation.

v2.17.0

Compare Source

New Features

  • ASM

    • Support added for session fingerprints.

  • LLM Observability

    • When not using a provider integration (OpenAI, Anthropic, or Bedrock) with the LangChain integration, token metrics will be appended to the LLM Observability llm span.
    • LLM Observability: When langchain's chat_model.with_structured_output(..., method="json_mode") is used, or response_format={"type": "json_object"} is passed into a langchain chat model invocation, the LLM Observability span will be an llm span instead of a workflow span.

  • SSI

    • Adds requirements.json to SSI artifact for bailing out on unsupported systems.

  • Tracing

    • Adds support for expanding AWS request/response Payloads into flattened span tags.
    • Updates the service naming algorithm to infer the base service name when DD_SERVICE is not set, replacing instances of 'unnamed-python-service'. Ensures that a more meaningful service name is used whenever possible, enhancing clarity in service identification.
Bug Fixes

  • ASM

    • The new user events policy is preventing users PII to be added by default as span tags. To allow customers using the Django auto instrumentation to still have those information, new environment variables have been added. In particular DD_DJANGO_INCLUDE_EMAIL (false by default), will tag user events with user email as before.

  • Code Security/IAST

    • Adds umap, numba and pynndescent to the Code Security denylist.
    • Adds googlecloudsdk and google auth to the Code Security deny list.
    • Resolves an issue where importing the google.cloud.storage.batch module would fail raising an ImportError

  • Crashtracking

    • Fixes an issue where the use of the Crashtracking component could result in zombie processes.

  • Lib-Injection

    • Supports Python 2.7+ for injection compatibility check.
    • Adds more commands to the auto-injection denylist.
    • Ensures we do not import the user installed ddtrace if it is present.
    • Fixes injection guardrail check when sys.argv is not available.

  • LLM Observability

    • Resolves an issue where annotating spans with non-ASCII language input/output values resulted in encoded unicode being submitted.

  • Profiling

    • Fixes a data race where span information associated with a thread was read and updated concurrently, leading to segfaults
    • Fixes an issue where cpu-time was not profiled for services using gunicorn, when DD_PROFILING_STACK_V2_ENABLED was set.
    • Fixes an issue where enabling native exporter via DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_TIMELINE_ENABLED or DD_PROFILING_STACK_V2_ENABLED turned off live heap profiling.
    • The lock profiler would log a warning if it couldn't determine a name for a lock, and it would try determining a name multiple times for the same lock. This lead to excessive log spam. Downgrade this to a debug log and only try to determine the name once.
    • Fixes an issue where the profiler was allocating too much memory from ensure_binary_or_empty() function, on Python versions before 3.12, with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.
    • Fixes an issue where the sample pool could deadlock after fork() by clearing it in the child process.
    • When a Python thread finishes, this change frees memory used for mapping its thread id to Span. The mapping is populated and used when DD_PROFILING_ENDPOINT_COLLECTION_ENABLED and DD_PROFILING_STACK_V2_ENABLED were set to enable grouping of profiles for endpoints.

  • Tracing

    • Updates the inferred base service name algorithm to ensure that arguments following --ddtrace are no longer skipped when executing tests with pytest. Previously, the algorithm misinterpreted these arguments as standard flags, overlooking possible test paths that may contribute to the inferred service name.
    • botocore: Resolves the issue where the span pointer for deserialized DynamoDB requests (through the resource-based API) were not being generated.
    • botocore: Resolves an issue where our span pointer calculation code added recently logged unactionable messages.
    • pymongo: add type checking to solve an issue where NoneType instead of expected Pin object would throw an error in TracedTopology method.

v2.16.6

Compare Source

Bug Fixes

  • SCA:

    • Ensure that Telemetry heartbeats are not skipped for forked processes, as doing so could result in the dependency list being lost over time.

  • Code Security:

    • Resolve a patching issue with psycopg3.
    • Resolve an issue where the modulo (%) operator would not be replaced correctly for bytes and bytesarray if IAST is enabled.
    • Ensure IAST SSRF vulnerability redacts the url query parameters correctly.

  • Lib-Injection:

    • Fix injection guardrail check when sys.argv is not available.

  • Profiling

    • Updates setup.py to ignore int-ptr conversion warnings for the profiler stack.pyx file. This is important because gcc 14 makes these conversions an error, alpine 3.21.0 ships with gcc 14, and any patch version of a Python alpine image cut after December 5th, 2024, will have this issue.

v2.16.5

Compare Source

Bug Fixes

  • ASM

    • Ensures that common patches for exploit prevention and sca are only loaded if required, and only loaded once.
    • Resolves an issue where some root span where not appropriately tagged for ASM standalone.

  • Auto-Instrumentation

    • Resolves an issue where the default versions of click and jinja2 installed on python3.8 were outside of the allowed minimum versions for auto-instrumentation.

  • Code Security

    • Patches the module dir function so original pre-patch results are not changed.

  • LLM Observability

    • Ensures bedrock spans are finished even when streamed responses are not fully consumed.

  • Tracing

    • botocore: Resolves an issue in the Bedrock integration where not consuming the full response stream would prevent spans from finishing.

v2.16.4

Compare Source

Bug Fixes
  • Tracing
    • botocore: Resolves the issue where the span pointer for deserialized DynamoDB requests (through the resource-based API) were not being generated.
    • botocore: Resolves an issue where our span pointer calculation code added recently logged unactionable messages.

v2.16.3

Compare Source

Bug Fixes
  • Code Security: add umap, numba and pynndescent to the Code Security denylist.

v2.16.2

Compare Source

Bug Fixes

  • Profiling

    • The lock profiler would log a warning if it couldn't determine a name for a lock, and it would try determining a name multiple times for the same lock. This lead to excessive log spam. Downgrade this to a debug log and only try to determine the name once.

  • Tracing

    • pymongo: Adds type checking to solve an issue where NoneType instead of expected Pin object would throw an error in TracedTopology method.

v2.16.1: 2.16.1

Compare Source

Bug Fixes

  • Threats

    • The new user events policy is preventing users PII to be added by default as span tags. To allow customers using the Django auto instrumentation to still have those information, new environment variables have been added. In particular DD_DJANGO_INCLUDE_EMAIL (false by default), will tag user events with user email as before.

  • Code Security

    • Add googlecloudsdk and google auth to the Code Security deny list.

  • Crashtracking

    • Fixes an issue where the use of the crashtracking component could result in zombie processes.

  • Lib-Injection

    • This fix adds more commands to the auto-injection denylist.
    • This fix ensures we do not import the user installed ddtrace if it is present.

  • LLM Observability

    • Resolves an issue where annotating spans with non-ASCII language input/output values resulted in encoded unicode being submitted.

  • Profiling

    • Fixes an issue where cpu-time was not profiled for services using gunicorn, when DD_PROFILING_STACK_V2_ENABLED was set.
    • Fixes an issue where the profiler was allocating too much memory from ensure_binary_or_empty() function, on Python versions before 3.12, with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.
    • Fixes an issue where the sample pool could deadlock after fork() by clearing it in the child process.

v2.16.0

Compare Source

New Features

  • LLM Observability

    • When starting LLM and embedding spans, the model_name argument is now optional and will default to custom. This applies to both inline methods (e.g. LLMObs.llm()) and function decorators (e.g. @llm).
    • Introduces the ability to add metadata for evaluation metrics via the submit_evaluation method. For more information, see submitting evaluations with the SDK.

  • Tracing

    • Introduces support for Baggage as defined by the OpenTelemetry specification.
    • botocore: Adds span pointers for successful DynamoDB BatchWriteItem spans. Table Primary Keys will need to be provided with the ddtrace.config.botocore.dynamodb_primary_key_names_for_tables option or the DD_BOTOCORE_DYNAMODB_TABLE_PRIMARY_KEYS environment variable to correctly handle the PutRequest items.
    • botocore: Adds span pointers for successful DynamoDB TransactWriteItems spans. Table Primary Keys will need to be provided with the ddtrace.config.botocore.dynamodb_primary_key_names_for_tables option or the DD_BOTOCORE_DYNAMODB_TABLE_PRIMARY_KEYS environment variable to correctly handle the Put items.
    • botocore: Adds ddtrace.config.botocore.add_span_pointers option or the DD_BOTOCORE_ADD_SPAN_POINTERS environment variable to control adding span pointers to some successful AWS API requests. This option is enabled by default.
Bug Fixes

  • CI Visibility

    • Fixes a bug where CODEOWNERS would incorrectly fail to discard line-level trailing comments (eg: @code/owner # my comment would result in codeowners being parsed as @code/owner, #, my, and comment)
    • Fixes unnecessary logging of an exception that would appear when trying to upload git metadata in an environment without functioning git (eg: missing git binary or .git directory)

  • Code Security

    • Resolves an issue where importing the google.cloud.storage.batch module would fail raising an ImportError

  • Dynamic Instrumentation

    • Fixes an issue that prevented dynamic span tags probes from adding the requested tags to the requested span.

  • LLM Observability

    • Resolves two issues with annotation contexts:
      • annotations registered via annotation contexts were being applied globally. Annotations are now only applied to the current trace context and do not pollute to other threads & processes.
      • annotations from nested annotation contexts were applied in a non-deterministic order. Annotations are now applied in the order they were registered.
    • Resolves an issue where input and output values equal to zero were not being annotated on workflow, task, agent and tool spans when using LLMObs.annotate.
    • Resolves errors where the disabled setting was being ignored when forking.

  • Profiling

    • Fixes a data race where span information associated with a thread was read and updated concurrently, leading to segfaults.
    • Fixes an issue where enabling native exporter via DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_TIMELINE_ENABLED or DD_PROFILING_STACK_V2_ENABLED turned off live heap profiling.
    • When a Python thread finishes, this change frees memory used for mapping its thread id to Span. The mapping is populated and used when DD_PROFILING_ENDPOINT_COLLECTION_ENABLED and DD_PROFILING_STACK_V2_ENABLED were set to enable grouping of profiles for endpoints.
    • Resolves an issue where asyncio task names are not captured by stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.
    • Resolves an issue where endpoint profiling for stack v2 throws TypeError exception when it is given a Span with None span_type.

  • Tracing

    • Resolves the issue where tracer flares would not be generated if unexpected types were received in the AGENT_CONFIG remote configuration product.
    • elasticsearch: Resolves an issue where span tags were not fully populated on "sampled" spans, causing metric dimensions to be incorrect when spans were prematurely marked as sampled, including resource_name.
Other Changes
  • LLM Observability
    • Updates the merging behavior for tags when LLMObs.annotate is called multiple times on the same span so that the latest value for a tag key overrides the previous value.

v2.15.4

Compare Source

Bug Fixes

  • ASM

    • Ensures that common patches for exploit prevention and sca are only loaded if required, and only loaded once.
    • Resolves an issue where some root span where not appropriately tagged for ASM standalone.

  • Auto-Instrumentation

    • Resolves an issue where the default versions of click and jinja2 installed on python3.8 were outside of the allowed minimum versions for auto-instrumentation.

  • Code Security

    • Patches the module dir function so original pre-patch results are not changed.

  • LLM Observability

    • Ensures bedrock spans are finished even when streamed responses are not fully consumed.

  • Tracing

    • botocore: Resolves an issue in the Bedrock integration where not consuming the full response stream would prevent spans from finishing.

v2.15.3: 2.15.3

Compare Source

Bug Fixes

  • ASM:

    • The new user events policy is preventing users PII to be added by default as span tags. To allow customers using the Django auto instrumentation to still have those information, new environment variables have been added. In particular DD_DJANGO_INCLUDE_EMAIL (false by default), will tag user events with user email as before.

  • LLM Observability:

    • Resolves an issue where annotating spans with non-ASCII language input/output values resulted in encoded unicode being submitted.

  • Code Security:

    • Add googlecloudsdk,google auth, umap, numba and pynndescent to the Code Security deny list.

  • Profiling:

    • Fixes an issue where cpu-time was not profiled for services using gunicorn, when `DD_PROFILING_STACK_V2_ENABLED was set.

    • The lock profiler would log a warning if it couldn't determine a
      name for a lock, and it would try determining a name multiple times for the same lock. This lead to excessive log spam. Downgrade this to a debug log and only try to determine the name once.

    • Fixes an issue where the sample pool could deadlock after fork()
      by clearing it in the child process.

v2.15.2

Compare Source

Bug Fixes
  • Profiling:
    • Fixes an issue where enabling native exporter via DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_TIMELINE_ENABLED or DD_PROFILING_STACK_V2_ENABLED turned off live heap profiling.
    • Fixes an issue where the profiler was allocating too much memory from ensure_binary_or_empty() function, on Python versions before 3.12, with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.
    • When a Python thread finishes, this change frees memory used for mapping its thread id to Span. The mapping is populated and used when DD_PROFILING_ENDPOINT_COLLECTION_ENABLED and DD_PROFILING_STACK_V2_ENABLED were set to enable grouping of profiles for endpoints.
    • Resolves an issue where asyncio task names are not captured by stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.
  • Tracing:
    • pymongo: Adds type checking to solve an issue where NoneType instead of expected Pin object would throw an error in TracedTopology method.

v2.15.1

Compare Source

Bug Fixes
  • CI Visibility:
    • Fixes a bug where CODEOWNERS would incorrectly fail to discard line-level trailing comments (eg: @code/owner # my comment would result in codeowners being parsed as @code/owner, #, my, and comment)
    • Fixes unnecessary logging of an exception that would appear when trying to upload git metadata in an environment without functioning git (eg: missing git binary or .git directory)
  • Code Security:
    • Resolves an issue where importing the google.cloud.storage.batch module would fail raising an ImportError.
  • Dynamic Instrumentation:
    • Fixes an issue that prevented dynamic span tags probes from adding the requested tags to the requested span.
  • LLM Observability:
    • This fix resolves two issues with annotation contexts:
      • annotations registered via annotation contexts were being applied globally. Annotations are now only applied to the current trace context and do not pollute to other threads & processes.
      • annotations from nested annotation contexts were applied in a non-deterministic order. Annotations are now applied in the order they were registered.
  • Profiling:
    • fix a data race where span information associated with a thread was read and updated concurrently, leading to segfaults
    • resolves an issue where endpoint profiling for stack v2 throws TypeError exception when it is given a Span with None span_type.
Other Changes
  • LLM Observability:
    • Updates the merging behavior for tags when LLMObs.annotate is called multiple times on the same span so that the latest value for a tag key overrides the previous value.

v2.15.0

Compare Source

New Features

  • LLM Observability

    • Introduces prompt and name arguments to LLMObs.annotation_context to support setting an integration generated span's name and prompt field. For more information on annotation contexts, see the docs here.
    • langchain: Adds support for tracing stream calls on LCEL chains, chat completion models, or completion models. Note that due to an upstream issue with the langchain library itself, streamed responses will not be tagged correctly based on the choice index when the underlying model is configured to return n>1 choices. Please refer to this GitHub issue for more details.
    • LangChain streamed calls (llm.stream, chat_model.stream, and chain.stream) submit to LLM Observability.

  • CI Visibility

    • Adds the test_session.name tag to test events. The test session name can be set via the DD_TEST_SESSION_NAME environment variable. If DD_TEST_SESSION_NAME is not specified, the test session name is set from the CI job id and the test command.

  • Tracing

    • Introduces Code Origin for Span, a new feature that allows collecting information about where entry and exit spans have been created in the user code . This feature is disabled by default and can be enabled by setting the DD_CODE_ORIGIN_FOR_SPANS_ENABLED environment variable to true.
    • botocore: Adds span pointers for successful DynamoDB DeleteItem spans.
    • botocore: Adds span pointers for successful DynamoDB PutItem spans. Table Primary Keys need to be provided with the ddtrace.config.botocore.dynamodb_primary_key_names_for_tables option or the DD_BOTOCORE_DYNAMODB_TABLE_PRIMARY_KEYS environment variable.
    • botocore: Adds span pointers for successful DynamoDB UpdateItem spans.
    • botocore: Adds span pointers for successful S3 CompleteMultipartUpload spans.
    • botocore: Adds span pointers for successful S3 CopyObject spans.
    • Adds DD_TRACE_HTTP_CLIENT_ERROR_STATUSES environment variable to configure the list of HTTP status codes that should be considered errors when instrumenting HTTP servers.
Deprecation Notes
  • Tracing
    • The following attributes are now private and should not be accessed directly. The corresponding environment variables should be used instead.
      • Use DD_TRACE_HTTP_CLIENT_TAG_QUERY_STRING instead of ddtrace.config.http_tag_query_string
      • Use DD_TRACE_HEADER_TAGS instead of ddtrace.config.trace_http_header_tags
      • Use DD_TRACE_REPORT_HOSTNAME instead of ddtrace.config.report_hostname
      • Use DD_TRACE_HEALTH_METRICS_ENABLED instead of ddtrace.config.health_metrics_enabled
      • Use DD_TRACE_ANALYTICS_ENABLED instead of ddtrace.config.analytics_enabled
      • Use DD_TRACE_CLIENT_IP_HEADER instead of ddtrace.config.client_ip_header
      • Use DD_TRACE_CLIENT_IP_ENABLED instead of ddtrace.config.retrieve_client_ip
      • Use DD_TRACE_PROPAGATION_HTTP_BAGGAGE_ENABLED instead of ddtrace.config.propagation_http_baggage_enabled
      • Set DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP to an empty string instead of setting ddtrace.config.global_query_string_obfuscation_disabled to True (default value is False)
      • Use DD_TRACE_METHODS instead of ddtrace.config.trace_methods
      • Use DD_CIVISIBILITY_LOG_LEVEL instead of ddtrace.config.ci_visibility_log_level
    • Deprecates the DD_TRACE_SAMPLE_RATE environment variable. It will be removed in 3.0.0. Use DD_TRACE_SAMPLING_RULES to configure sampling rates instead.
    • DD_TRACE_API_VERSION=v0.3 is deprecated. Use v0.4 or v0.5 instead.
Bug Fixes

  • Code security

    • Resolves an issue where partial matches on function names we aimed to patch were being patched instead of full matches on them.
    • Always report a telemetry log error when an IAST propagation error raises, regardless of whether the _DD_IAST_DEBUG environment variable is enabled or not.
    • Ensures that only the IAST propagation context is cleared instead of all contexts, which could otherwise cause propagation loss in multithreaded applications. Additionally, it improves validations in both the Processor and Vulnerability Reporter, depending on whether IAST is active or not.
    • Ensures IAST propagation does not raise side effects related to re.finditer.

  • LLM Observability

    • Resolves an issue where LLMObs.enable() did not patch google_generativeai library.
    • botocore: Fixes the bedrock model and model provider interpretation from modelId when using cross-region inference.
    • Resolves an issue where LLM Observability evaluation metrics were not being submitted in forked processes. The evaluation metric writer thread now automatically restarts when a forked process is detected.
    • The OpenAI, LangChain, Anthropic, Bedrock, and Gemini integrations now will handle and log errors during LLM Observability span processing to avoid disrupting user applications.

  • Profiling

    • Improves the error message when the native exporter fails to load and stops profiling from starting if ddtrace is also being injected.
    • All files with platform-dependent code have had their filenames updated to reflect the platform they are for. This fixes issues where the wrong file would be used on a given platform.
    • Fixes endpoint profiling for stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.
    • Fixes endpoint profiling when using libdatadog exporter, either with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.
    • Enables code provenance when using libdatadog exporter with DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_STACK_V2_ENABLED, or DD_PROFILING_TIMELINE_ENABLED.
    • Fixes an issue where stack v2 couldn't be enabled as pthread was not properly linked on some debian based images for aarch64 architecture.
    • Fixes an issue where the flame graph was upside down for stack v2 with DD_PROFILING_STACK_V2_ENABLED.

  • Tracing

    • elasticsearch: Resolves an issue where span tags were not fully populated on "sampled" spans, causing metric dimensions to be incorrect when spans were prematurely marked as sampled, including resource_name.
    • Resolves the issue where tracer flares would not be generated if unexpected types were received in the AGENT_CONFIG remote configuration product.
    • celery: Fixes an issue where celery.apply spans didn't close if the after_task_publish or task_postrun signals didn't get sent when using apply_async, which can happen if there is an internal exception during the handling of the task. This update also marks the span as an error if an exception occurs.
    • celery: Fixes an issue where celery.apply spans using task_protocol 1 didn't close by improving the check for the task id in the body.
    • Removes a reference cycle that caused unnecessary garbage collection for top-level spans.
    • Ensures that http.url span tag contains the full query string when DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP is set to an empty string.
    • Ensures DD_TRACE_RATE_LIMIT environment variable is only applied to spans for which tracer sampling is configured. For spans not matching sampling rules default rate limits should be applied by the Datadog Agent.

  • Other

    • Updates import path in FastAPI module to use the new ASGI module location.
Other Changes
  • Code Security
    • Update default security rules to 1.13.1. This enable Exploit Prevention powered by RASP for LFI and Command Injection by default when ASM is enabled.

v2.14.7: 2.14.7

Compare Source

Bug Fixes

  • Code Security:

    • Add googlecloudsdk and google auth to the Code Security deny list.

  • Profiling:

    • Fixes an issue where cpu-time was not profiled for services using gunicorn, when DD_PROFILING_STACK_V2_ENABLED was set.

    • Fixes an issue where the sample pool could deadlock after fork() by clearing it in the child process.

v2.14.6

Compare Source

Bug Fixes

  • Profiling

    • Fixes an issue where enabling native exporter via DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_TIMELINE_ENABLED or DD_PROFILING_STACK_V2_ENABLED turned off live heap profiling.
    • Fixes an issue where the profiler was allocating too much memory from ensure_binary_or_empty() function, on Python versions before 3.12, with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.
    • When a Python thread finishes, this change frees memory used for mapping its thread id to Span. The mapping is populated and used when DD_PROFILING_ENDPOINT_COLLECTION_ENABLED and DD_PROFILING_STACK_V2_ENABLED were set to enable grouping of profiles for endpoints.
    • Resolves an issue where asyncio task names are not captured by stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.

  • Tracing

    • pymongo: Adds type checking to solve an issue where NoneType instead of expected Pin object would throw an error in TracedTopology method.

v2.14.5: 2.14.5

Compare Source

Bug Fixes
  • LLM Observability: This fix resolves an issue where LLMObs.enable() did not patch google_generativeai library.
  • CI Visibility: fixes a bug where CODEOWNERS would incorrectly fail to discard line-level trailing comments (eg: @code/owner # my comment would result in codeowners being parsed as @code/owner, #, my, and comment)
  • CI Visibility: fixes unnecessary logging of an exception that would appear when trying to upload git metadata in an environment without functioning git (eg: missing git binary or .git directory)
  • elasticsearch: this fix resolves an issue where span tags were not fully populated on "sampled" spans, causing metric dimensions to be incorrect when spans were prematurely marked as sampled, including resource_name.
  • Code security: This fix resolves an issue where partial matches on function names we aimed to patch were being patched instead of full matches on them.
  • Code Security: This fix resolves an issue where importing the google.cloud.storage.batch module would fail raising an ImportError
  • profiling: Improves the error message when the native exporter fails to load and stops profiling from starting if ddtrace is also being injected.
  • profiling: fix a data race where span information associated with a thread was read and updated concurrently, leading to segfaults
  • profiling: resolves an issue where endpoint profiling for stack v2 throws TypeError exception when it is given a Span with None span_type.

v2.14.4

Compare Source

Bug Fixes
  • Code Security
    • Ensures IAST propagation does not raise side effects related to re.finditer.
  • LLM Observability
    • botocore: Fixes bedrock model and model provider interpretation from modelId when using cross-region inference.
  • Profiling
    • Fixes an issue where stack v2 couldn't be enabled as pthread was not properly linked on some debian based images for aarch64 architecture.
  • Tracing
    • Resolves the issue where tracer flares would not be generated if unexpected types were received in the AGENT_CONFIG remote configuration product.

v2.14.2

Compare Source

Bug Fixes

  • Tracing

    • celery: Fixes an issue where celery.apply spans didn't close if the after_task_publish or task_postrun signals didn't get sent when using apply_async, which can happen if there is an internal exception during the handling of the task. This update also marks the span as an error if an exception occurs.
    • celery: Fixes an issue where celery.apply spans using task_protocol 1 didn't close by improving the check for the task id in the body.

  • Profiling

    • All files with platform-dependent code have had their filenames updated to reflect the platform they are for. This fixes issues where the wrong file would be used on a given platform.
    • Enables code provenance when using libdatadog exporter, DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_STACK_V2_ENABLED, or `DD_PRO

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label May 24, 2024
@github-actions GitHub Actions
Copy link
Contributor

Deployment Summary

@renovate renovate bot force-pushed the renovate/submissions branch 16 times, most recently from b3d59b8 to c882864 Compare May 31, 2024 17:03
@renovate renovate bot force-pushed the renovate/submissions branch 9 times, most recently from 367e8d4 to 725eb0c Compare June 7, 2024 16:41
@renovate renovate bot force-pushed the renovate/submissions branch 6 times, most recently from 1dd33f8 to 9ef2999 Compare November 7, 2024 19:06
@renovate renovate bot force-pushed the renovate/submissions branch 6 times, most recently from 4a124e7 to 5a8ab20 Compare November 18, 2024 16:03
@renovate renovate bot force-pushed the renovate/submissions branch 4 times, most recently from 5f449ed to aa2220a Compare November 28, 2024 02:47
@renovate renovate bot force-pushed the renovate/submissions branch from aa2220a to 02901c0 Compare November 29, 2024 11:48
@renovate renovate bot force-pushed the renovate/submissions branch 3 times, most recently from 175f2a4 to 7aa0a73 Compare December 16, 2024 17:35
@renovate renovate bot force-pushed the renovate/submissions branch 3 times, most recently from d49eb15 to 3f3d708 Compare December 20, 2024 21:40
@renovate renovate bot force-pushed the renovate/submissions branch 3 times, most recently from d431120 to 999912e Compare January 7, 2025 18:46
@renovate renovate bot force-pushed the renovate/submissions branch 2 times, most recently from e7c11e7 to a8b9636 Compare January 13, 2025 21:35
@renovate renovate bot force-pushed the renovate/submissions branch from a8b9636 to ec7fbf0 Compare January 17, 2025 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Bento007 Bento007

@ebezzi ebezzi

@nayib-jose-gloria nayib-jose-gloria

Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Bento007 @ebezzi @nayib-jose-gloria