Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ddtrace requirement from ~=2.1.4 to ~=2.7.0 #584

Merged
merged 1 commit into from
Mar 31, 2024
Merged

Update ddtrace requirement from ~=2.1.4 to ~=2.7.0 #584

merged 1 commit into from
Mar 31, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2024

Updates the requirements on ddtrace to permit the latest version.

Release notes

Sourced from ddtrace's releases.

2.7.0

New Features

  • asgi: Trace websockets in asgi middleware behind feature flag. Set DD_ASGI_TRACE_WEBSOCKET=true to enable.
  • tracing: Span and trace sampling rules are case insensitive.
  • tracing: Tags provided in span and trace sampling rules now attempt to match against span._metrics in addition to span._meta, which was previously the only supported field.
  • dbm: adds new ddh and dddb SQL comment attributes to enable connection with APM when using peer.service.
  • tracing: Updates DD_TRACE_METHODS to use a new notation with : to differentiate between the base module and the method name (mymod.mysubmod:myclass.myfunc,myclass.otherfunc;...)
  • tracing: This adds the Datadog-Entity-ID header to payloads sent to the Datadog Agent. This header can be set to the container ID or the container's cgroup node inode, and serves as a unique identifier for containers running under Linux cgroupv2.
  • tracing: This introduces Glob matching support for service, name, and resource passed in with envar DD_TRACE_SAMPLE_RULES. Previously, the service, name, and resource were matched using exact string matching.
  • lib-injection: Adds supports for installing ddtrace via single step instrumentation on python3.12

Deprecation Notes

  • tracing: Using [] for DD_TRACE_METHODS (mymod.mysubmod.myclass[myfunc,otherfunc];...) is deprecated and will be removed in 3.0.0.
  • This deprecates the passing in of methods or regex patterns for service, name, and resource for sampling rules. Please use the new Glob matching support instead.

Bug Fixes

  • Vulnerability Management for Code-level (IAST): This fix addresses an issue where AST patching would generate code that fails to compile, thereby preventing the application from starting correctly.
  • Vulnerability Management for Code-level (IAST): This fix addresses AST patching issues where other subscript operations than Load were being unintentionally patched, leading to compilation errors for the patched module.
  • Vulnerability Management for Code-level (IAST): This fix addresses an issue where a vulnerability would be reported at line 0 if we couldn't extract the proper line number, whereas the default line number should be -1.
  • tracing: This fix resolves an issue where previously some traces that were not sampled were not sent to the trace-agent, possibly affecting metrics. With this fix, all traces are sent to the agent.
  • IAST: fix potentially empty ranges after executing the decode aspect.
  • CI Visibility: fixes issues with pytest~=8.0 that would case crashes in certain scenarios, and returned different module names
  • CI Visibility: fix a potential crash for Python<3.10 when a socket.timeout error was raised instead of the expected TimeoutError during CI Visibility API requests
  • CI Visibility: This fix makes the CI Visibility system resilient to RuntimeErrors that can occur between pytest tests with coverage enabled.
  • IAST: don't patch BytesIO since we don't have any aspects for it.
  • tracing: This fix resolves an issue where the tracer could throw an uncaught error during process shutdown.
  • botocore: Fixes bug where SQS and Kinesis results and errors were not recorded when DD_BOTOCORE_EMPTY_POLL_ENABLED=false. config.botocore.empty_poll_enabled=false and no records were found.
  • profiling: fixes an issue that could have caused the profiler to stop if unable to determine the class name of a profiled function with CPython 3.11 and newer.
  • tracing: Resolves telemetry import error raised when DD_INSTRUMENTATION_TELEMETRY_ENABLED is set to False.
  • ASM: This fix resolves an issue where rules updated through remote config were not properly updating required waf addresses. This could lead to custom rules being ignored.
  • ASM: This fix resolves an issue where remote config update in WAF policy from block attack tools policy to monitoring only policy could be ignored by tracer.
  • Vulnerability Management for Code-level (IAST): Fixes an issue where requests stopped being analyzed after some time due.
  • Vulnerability Management for Code-level (IAST): Fixes issues derived from AST patching code with type annotations.
  • kafka: This fix resolves an issue where the use of a Kafka DeserializingConsumer could result in a crash when the deserializer in use returns a type without a __len__ attribute.
Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

v2.6.0

Upgrade Notes

  • CI Visibility: DD_CIVISIBILITY_ITR_ENABLED now defaults to true, and the Datadog API (configured via the Datadog dashboard) now determines whether code coverage and test skipping are enabled.
  • CI Visibility: the CI Visibility service is no longer enabled when the initial query to the Datadog test service settings API fails due to a 403 status code.

New Features

  • botocore: Adds optional feature to propagate context between producers and consumers for AWS SQS, AWS SNS, and AWS Kinesis via DD_BOTOCORE_PROPAGATION_ENABLED environment variable. Adds optional feature to disable tracing of AWS SQS poll() operation and AWS Kinesis 'get_records()' operation when no data is consumed via DD_BOTOCORE_EMPTY_POLL_ENABLED environment variable.

  • tracing: Adds new tag python_main_package containing the name of the main package of the application. profiling: Adds new tag python_main_package containing the name of the main package of the application.

  • ASM: API Security schema collection is now officially supported for Django, Flask and FastAPI. It can be enabled in the tracer using environment variable DD_API_SECURITY_ENABLED=true It will only be active when ASM is also enabled.

  • elasticsearch: This allows custom tags to be set on Elasticsearch spans via the Pin interface.

  • botocore: This introduces tracing support for bedrock-runtime operations. See the docs for more information.

  • datastreams: this change adds kombu auto-instrumentation for datastreams monitoring. tracing: this change adds the DD_KOMBU_DISTRIBUTED_TRACING flag (default True)

  • Vulnerability Management for Code-level (IAST): Add support for CMDi in langchain.

  • botocore: Add the ability to inject trace context into the input field of botocore stepfunction start_execution and start_sync_execution calls.

  • Removes another place where we always load instrumentation telemetry, even if it is disabled

  • tracing: This introduces the ability to disable tracing at runtime based on configuration values sent from the Datadog frontend. Disabling tracing in this way also disables instrumentation telemetry.

  • tracing: Adds support for remote configuration of DD_TRACE_HEADER_TAGS

  • tracing: Add support for remote configuration of trace-logs correlation.

  • grpc/grpc_aio: reports the available target host in client spans as network.destination.ip if only an IP is available, peer.hostname otherwise.

  • span: Adds a public api for setting span links

  • starlette,fastapi: Trace background tasks using span links

Bug Fixes

  • ASM: This fix resolves an issue where an exception would be logged while parsing an empty body JSON request.

... (truncated)

Commits
  • 3fae08b fix(iast): avoid patching errors from stopping module load [backport 2.7] (#8...
  • 9f0a348 fix(iast): avoid reporting line number 0 [backport 2.7] (#8555)
  • d1e434a fix(iast): avoid ast patch subscript if in store context [backport 2.7] (#8540)
  • 826c602 ci: pin commitlint versions to <1.19.0 to fix error (#8528)
  • b0fddaf test(di): add custom object redaction test case (#8472)
  • 48609c9 fix(asm): ensure remote config keys deleted are updated as expected (#8503)
  • 17f0d5a ci(botocore): upgrade tests to support latest version of botocore (#8500)
  • dd35706 chore(trace): handle import of ddtrace.tracer (#8477)
  • b809e38 ci: use sha256 method for specifying testrunner in docker-compose.yml (#8451)
  • a5bb150 ci: ignore meta._dd.parent_id at snapshot tests (#8512)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update ddtrace requirement from ~=2.1.4 to ~=2.7.0
0bff1df 
Updates the requirements on [ddtrace](https://github.com/DataDog/dd-trace-py) to permit the latest version.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v2.1.4...v2.7.0)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024
@dependabot dependabot bot mentioned this pull request Mar 1, 2024
Closed
@HelloYeew HelloYeew merged commit 4ac14b7 into new-website Mar 31, 2024
2 checks passed
@HelloYeew HelloYeew deleted the dependabot/pip/ddtrace-approx-eq-2.7.0 branch March 31, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@HelloYeew