Bump ddtrace from 1.1.4 to 2.12.2

[dependabot]

Bumps ddtrace from 1.1.4 to 2.12.2.

Release notes

Sourced from ddtrace's releases.

2.12.2

Bug Fixes

• library injection: Resolves an issue where the version of attrs installed by default on some Ubuntu installations was treated as incompatible with library injection
• Code Security: This fixes a bug in the IAST patching process where AttributeError exceptions were being caught, interfering with the proper application cycle.

2.12.1

Bug Fixes

• SSI: This fix ensures injection denylist is included in published OCI package.

2.12.0

New Features

• openai: Introduces the model tag for openai integration metrics for consistency with the OpenAI SaaS Integration. It has the same value as openai.request.model.
• database_clients: Adds server.address tag to all <database>.query spans (ex: postgres.query). This tag stores the name of the database host.
• LLM Observability: Flushes the buffer of spans to be sent when the payload size would otherwise exceed the payload size limit for the event platform.
• LLM Observability: Span events that exceed the event platform event size limit (1 MB) will now have their inputs and outputs dropped.
• tracing: Adds ddtrace.trace.Context to the public api. This class can now be used to propagate context across execution boundaries (ex: threads).

Deprecation Notes

• config: DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED is deprecated. Trace id logging format is now configured automatically.
• tracing: Deprecates all modules in the ddtrace.contrib.[integration_name] package. Use attributes exposed in ddtrace.contrib.[integration_name].__all__ instead. The following are impacted:
  • aioredis, algoliasearch. anthropic, aredis, asgi, asyncpg, aws_lambda, boto, botocore, bottle, cassandra, celery, cherrypy, consul, coverage, django, dogpile_cache, dramatiq, elasticsearch, falcon, fastapi, flask, flask_cache, futures, gevent, graphql, grpc, httplib, httpx, jinja2, kafka, kombu, langchain, logbook, logging, loguru, mako, mariadb, molten, mongoengine, mysql, mysqldb, openai, psycopg, pylibmc, pymemcache, pymongo, pymysql, pynamodb, pyodbc, pyramid, redis, rediscluster, requests, sanic, snowflake, sqlalchemy, sqlite3, starlette, structlog, subprocess, tornado, urllib, urllib3, vertica, webbrowser, wsgi, yaaredis

Bug Fixes

• CI Visibility: Resolves an issue where exceptions other than timeouts and connection errors raised while fetching the list of skippable tests for ITR were not being handled correctly and caused the tracer to crash.

• CI Visibility: Fixes a bug where .git was incorrectly being stripped from repository URLs when extracting service names, resulting in g, i, or t being removed (eg: test-environment.git incorrectly becoming test-environmen)

• LLM Observability: Resolves an issue where custom trace filters were being overwritten in forked processes.

• tracing: Fixes a side-effect issue with module import callbacks that could cause a runtime exception.

• LLM Observability: Resolves an issue where session_id was being defaulted to trace_id, which was causing unexpected UI behavior.

• LLM Observability: Resolves an issue where LLM Observability spans were not being submitted in forked processes, such as when using celery or gunicorn workers. The LLM Observability writer thread now automatically restarts when a forked process is detected.

• tracing: Fixes an issue with some module imports with native specs that don't support attribute assignments, resulting in a TypeError exception at runtime.

• tracing: Resolves an issue where ddtrace package files were published with incorrect file attributes.

• tracing: Resolves an issue where django db instrumentation could fail.

• openai: Fixes a bug where asyncio.TimeoutErrors were not being propagated correctly from canceled OpenAI API requests.

• aiobotocore: Fixes an issue where the _make_api_call arguments were not captured correctly when using keyword arguments.

• tracing(django): Resolves a bug where ddtrace was exhausting a Django stream response before returning it to user.

• LLM Observability: Fixes an issue in the OpenAI integration where integration metrics would still be submitted even if LLMObs.enable(agentless_enabled=True) was set.

• internal: Fixes the Already mutably borrowed error when rate limiter is accessed across threads.

• internal: Fixes the Already mutably borrowed error by reverting back to pure-python rate limiter.

• Code Security: Adds null pointer checks when creating new objects ids.

• profiling: Fixes an issue where the profiler could erroneously try to load protobuf in autoinjected environments, where it is not available.

• crashtracking: Fixes an issue where crashtracking environment variables for Python were inconsistent with those used by other runtimes.

• profiling: Fixes endpoint profiling for stack v2 when DD_PROFILING_STACK_V2_ENABLED is set.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

---

2.11.6

Bug Fixes

• library injection: Resolves an issue where the version of attrs installed by default on some Ubuntu installations was treated as incompatible with library injection
• Code Security: This fixes a bug in the IAST patching process where AttributeError exceptions were being caught, interfering with the proper application cycle.

---

2.11.5

Bug Fixes

• SSI: This fix ensures injection denylist is included in published OCI package.

---

2.10.7

Bug Fixes

• CI Visibility: Resolves an issue where exceptions other than timeouts and connection errors raised while fetching the list of skippable tests for ITR were not being handled correctly and caused the tracer to crash.
• CI Visibility: Fixes a bug where .git was incorrectly being stripped from repository URLs when extracting service names, resulting in g, i, or t being removed (eg: test-environment.git incorrectly becoming test-environmen)
• openai: Fixes a bug where asyncio.TimeoutErrors were not being propagated correctly from canceled OpenAI API requests.
• profiling: Fixes endpoing profiling for stack v2 when DD_PROFILING_STACK_V2_ENABLED is set.

---

2.9.6

Bug Fixes

• CI Visibility: Resolves an issue where exceptions other than timeouts and connection errors raised while fetching the list of skippable tests for ITR were not being handled correctly and caused the tracer to crash.
• CI Visibility: Fixes a bug where .git was incorrectly being stripped from repository URLs when extracting service names, resulting in g, i, or t being removed (eg: test-environment.git incorrectly becoming test-environmen)
• SSI: Fixes incorrect file permissions on lib-injection images.
• Code Security: Adds null pointer checks when creating new objects ids.
• profiling: Fixes endpoing profiling for stack v2 when DD_PROFILING_STACK_V2_ENABLED is set.

---

2.11.4

... (truncated)

Commits

• 81ce39e fix(lib-injection): ignore attrs in min versions [backport 2.12] (#10633)
• c2c3a3b ci: fix release publish step missing aws command [backport 2.12] (#10623)
• d129810 chore(asm): use parameternamelength for libddwaf interface [backport 2.12] (#...
• 9861275 fix(iast): avoid potencial attribute error raise errors [backport 2.12] (#10589)
• ff992f5 fix(oci): include deny_executables.txt source into oci package (#10588) (#10605)
• 92a9704 ci: system-tests not stopping on failure [backport 2.12] (#10599)
• 08a35a0 chore(lib-injection): add early injection exits based on list of denied execu...
• 410b319 fix(llmobs): don't default session id to trace id for llm obs span events [ba...
• 68c36cf chore(ci): use unified Gitlab pipeline for APM libraries [backport 2.12] (#10...
• fa5db95 fix(ci_visibility): properly strip .git from repo URL when getting repo name ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #215.