chore(deps): update submissions #7100
Open
+12
−12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==0.8.0
->==0.10.8
==2.1.4
->==2.9.2
==0.59.1
->==0.60.0
==1.26.4
->==2.0.0
==1.4.4
->==2.2.2
3.8
->3.12
3.9
->3.12
==2.2.2
->==2.2.3
==0.4.2
->==2024.6.0
==1.9.8
->==1.10.2
==0.25.0
->==0.30.1
Release Notes
scverse/anndata (anndata)
v0.10.8
Compare Source
v0.10.7
Compare Source
v0.10.6
Compare Source
v0.10.5.post1
Compare Source
v0.10.5
Compare Source
v0.10.4
Compare Source
v0.10.3
Compare Source
v0.10.2
Compare Source
v0.10.1
Compare Source
v0.10.0
Compare Source
v0.9.2
Compare Source
v0.9.1
Compare Source
v0.9.0
Compare Source
DataDog/dd-trace-py (ddtrace)
v2.9.2
: 2.9.2Compare Source
Bug Fixes
concurrent.futures.ThreadPoolExecutor
context propagation by passing the current trace context instead of the currently active span to tasks. This prevents edge cases of disconnected spans when the task executes after the parent span has finished.Other Changes
v2.9.1
: 2.9.1Compare Source
Deprecation Notes
v2.9.0
: 2.9.0Compare Source
New Features
LLM Observability: This introduces the LLM Observability SDK, which enhances the observability of Python-based LLM applications. See the LLM Observability Overview or the SDK documentation for more information about this feature.
ASM: Application Security Management (ASM) introduces its new "Exploit Prevention" feature in public beta, a new type of in-app security monitoring that detects and blocks vulnerability exploits. This introduces full support for exploit prevention in the python tracer.
with monitoring and blocking features, telemetry, and span metrics reports.
opentelemetry: Adds support for span events.
tracing: Ensures the following OpenTelemetry environment variables are mapped to an equivalent Datadog configuration (datadog environment variables taking precedence in cases where both are configured):
otel: Adds support for generating Datadog trace metrics using OpenTelemetry instrumentations
aiomysql, asyncpg, mysql, mysqldb, pymysql: Adds Database Monitoring (DBM) for remaining mysql and postgres integrations lacking support.
(aiomysql, aiopg): Implements span service naming determination to be consistent with other database integrations.
ASM: This introduces the capability to enable or disable SCA using the environment variable DD_APPSEC_SCA_ENABLED. By default this env var is unset and in that case it doesn't affect the product.
Code Security: Taints strings from gRPC messages.
botocore: This introduces tracing support for bedrock-runtime embedding operations.
Vulnerability Management for Code-level (IAST): Enables IAST in the application. Needed to start application with
ddtrace-run [your-application-run-command]
prior to this release. Now, you can also activate IAST with thepatch_all
function.langchain: This adds tracing support for LCEL (LangChain Expression Language) chaining syntax. This change specifically adds synchronous and asynchronous tracing support for the
invoke
andbatch
methods.Known Issues
builtins.open
function is experimental and may not be stable. This aspect is not replaced by default.grpc.aio
clients and servers is experimental and may not be stable. This integration is now disabled by default.Upgrade Notes
Deprecation Notes
DD_LLMOBS_APP_NAME
is deprecated and will be removed in the next major version of ddtrace. As an alternative toDD_LLMOBS_APP_NAME
, you can useDD_LLMOBS_ML_APP
instead. See the SDK setup documentation for more details on how to configure the LLM Observability SDK.Bug Fixes
asyncio
after a trace has already been started will reset the currently active span.grpc.aio
integration specific to streaming responses.n=None
for streamed chat completions resulted in aTypeError
.DD_TRACE_SPAN_TRACEBACK_MAX_SIZE
was not applied to exception tracebacks.terminate
on theextend
andjoin
aspect when an exception is raised.pytest
+gevent
where the telemetry writer was eager initialized bypytest
entry points loading of our plugin causing a potential dead lock.ImportError
exceptions were being caught, interfering with the proper application cycle if anImportError
was expected."taint_structure
.FileNotFoundError
.libraries, even if they were not available.
Chain.invoke()
instead ofChain.__call__()
resulted in the anArgumentError
due to an argument name change for inputs between the two methods.langchain_community
package does not allow automatic submodule importing.lib_config
entrygrpc.aio
interceptors are registeredheaders.items()
) does not duplicate them.tracer.get_log_correlation_context()
incorrectly returned a 128-bit trace_id even withDD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED
set toFalse
(the default), breaking log correlation. It now returns a 64-bit trace_id.protobuf
to load in injected environments,causing crashes in configurations which relied on older
protobuf
versions. The profiler will now detect when injection is used and try loading with the native exporter. If that fails, it will self-disable rather than loading protobuf.pymongo.pool.validate_session
flask
anduwsgi
.v2.8.5
Compare Source
Known Issues
builtins.open
function is experimental and may not be stable. This aspect is not replaced by default.grpc.aio
clients and servers is experimental and may not be stable. This integration is now disabled by default.Bug Fixes
v2.8.4
: 2.8.4Compare Source
Bug Fixes
pytest
+gevent
where the telemetry writer was eagerly initialized bypytest
entrypoints loading of our plugin causing a potential dead lock.v2.8.3
Compare Source
Bug Fixes
tracer.get_log_correlation_context()
incorrectly returned a 128-bit trace_id even withDD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED
set toFalse
(the default), breaking log correlation. It now returns a 64-bit trace_id.v2.8.2
Compare Source
Bug Fixes
tracing: This fix resolves an issue where sampling rules were not matching correctly on float values that had a 0 decimal value. Sampling rules now evaluate such values as integers.
langchain: This fix resolves an issue where the LangChain integration always attempted to patch LangChain partner
libraries, even if they were not available.
langchain: This fix resolves an issue where tracing
Chain.invoke()
instead ofChain.__call__()
resulted in the anArgumentError
due to an argument name change for inputs between the two methods.langchain: This fix adds error handling for checking if a traced LLM or chat model is an OpenAI instance, as the langchain_community package does not allow automatic submodule importing.
internal: This fix resolves an error regarding the remote config module with payloads missing a
lib_config
entryprofiling: fix a bug that caused the HTTP exporter to crash when attempting to serialize tags.
grpc: Resolves segfaults raised when grpc.aio interceptors are registered
Code Security: Ensure that when tainting the headers of a Flask application, iterating over the headers (i.e., with headers.items()) does not duplicate them.
v2.8.1
Compare Source
New Features
ddtrace-run [your-application-run-command]
so far. Now, you can also activate IAST with thepatch_all
function.Bug Fixes
FileNotFoundError
.v2.8.0
Compare Source
Prelude
tracing: This release adds support for lazy sampling, essentially moving when we make a sampling decision for a trace to the latest possible moment. These include the following: 1. Before encoding a trace chunk to be sent to the agent 2. Before making an outgoing request via HTTP, gRPC, or a DB call for any automatically instrumented integration 3. Before running
os.fork()
For most users this change shouldn't have any impact on their traces, but it does allow for more flexibility in sampling (seefeatures
release note). It should be noted that if a user has application egress points that are not automatically instrumented, to other Datadog components (downstream instrumented services, databases, or execution context changes), and rely on the Python tracer to make the sampling decision (don't have an upstream service doing this), they will need to manually run the sampler for those traces, or useHttpPropagator.inject()
. For more information please see the following: https://ddtrace.readthedocs.io/en/stable/advanced_usage.html#distributed-tracing https://ddtrace.readthedocs.io/en/stable/advanced_usage.html#tracing-context-managementNew Features
langchain==0.1.0
. Note that this does not have tracing support for deprecated langchain operations. Please follow the langchain upgrade guide or the langchain integration :ref: docs<langchain> to enable full tracing support.dramatiq
library.DD_TRACE_SAMPLING_RULES
based on any span attribute (service, resource, tags, name)regardless of when the value for the attribute is set. This change is particularly beneficial for sampling on tags, since the vast majority of tags are set after the span is created. Since sampling was previously done at span creation time, this meant that those tags could not be used for sampling decisions.DD_PROFILING_STACK_V2_ENABLED=true
. This new sampler should resolve segfault issues on Python 3.11 and later, while also decreasing the latency contribution of the profiler in many situations, and also improving the accuracy of stack-sampling data. This feature is currently only available on Linux using CPython 3.8 or greater. RequiresDD_PROFILING_EXPORT_LIBDD_ENABLED=true
to be set.confluent_kafka.Consumer.consume()
. Previously only confluent_kafka.Consumer.poll was instrumented.Deprecation Notes
ddtrace.contrib.asyncio.AsyncioContextProvider
. ddtrace fully support tracing across asyncio tasks. Asyncio no longer requires additional configurations.tracer.sampler
is deprecated and will be removed in the next major version release. To manually sample please calltracer.sample
instead.ddtrace.contrib.gevent.provider.GeventContextProvider
. Drops support for gevent<20.12.0 and greenlet<1.0.Bug Fixes
Vulnerability Management for Code-level (IAST): Some native exceptions were not being caught correctly by the python tracer. This fix remove those exceptions to avoid fatal error executions.
otel: Ensures that the last datadog parent_id is added to w3c distributed tracing headers generated by the OpenTelemetry API.
ASM: This fix resolves an issue where a valid user may trigger a failed login event.
ASM: always clear the DDWaf context at the end of the span to avoid gc-induced latency spikes at the end of some requests.
ASM: This fix resolves an issue where django login failure events may send wrong information of user existence.
CI Visibility: fixes an issue where git author or committer names containing commas (eg: "Lastname, Firstname") would not work (and log an error) due to the use of comma as a separator.
propagation: This fix resolves an issue where the sampling decision-maker tag in tracestate propagation headers was clobbered by a default value.
datastreams: Changed DSM processor error logs to debug logs for a statement which is retried. If all retries fail, the stack trace is included
internal telemetry: Ensures heartbeat events are sent at regular intervals even when no other events are being sent.
Fix an incompatibility between the handling of namespace module imports and parts of the functionalities of the standard library importlib module.
internal: This fix resolves an issue where importing the
ddtrace.appsec._iast._patches
module would fail raising an ImportErrorinternal: This fix resolves an issue where importing the
ddtrace.internal.peer_service
module would fail raising an ImportErrorlangchain: Ensures langchain vision APIs are correctly instrumented
Fix for the declaration of dependencies for the package.
internal: This fix resolves an issue where importing the
ddtrace.contrib.botocore.services
module would fail raising an ImportErrorprofiling: handle unexpected stack data to prevent the profiler from stopping.
starlette: Fix a bug that crashed background tasks started from functions without a __name__ attribute
ASM: This fix resolves an issue where the asgi middleware could crash with a RuntimeError "Unexpected message received".
ASM: This fix resolves an issue with Flask instrumentation causing CPU leak with ASM, API Security and Telemetry enabled.
Vulnerability Management for Code-level (IAST): Addresses an issue where the IAST native module was imported even though IAST was not enabled.
Vulnerability Management for Code-level (IAST): This fix addresses an issue where tainting objects may fail due to context not being created in the current span.
Vulnerability Management for Code-level (IAST): This fix addresses an issue where AST patching would generate code that fails to compile, thereby preventing the application from starting correctly.
Vulnerability Management for Code-level (IAST): This fix addresses AST patching issues where other subscript operations than
Load
were being unintentionally patched, leading to compilation errors for the patched module.Vulnerability Management for Code-level (IAST): Fixes an issue where an atexit handler could lead to a segmentation fault.
Vulnerability Management for Code-level (IAST): This fix addresses an issue where a vulnerability would be reported at line 0 if we couldn't extract the proper line number, whereas the default line number should be -1.
kafka: This fix resolves an issue where
None
messages from confluent-kafka could cause crashes in the Kafka integration.appsec: This fix resolves an issue in which the library attempted to finalize twice a context object used by the Application Security Management product.
tracing: Removes
allow_false
argument from ddtrace samplers.allow_false
allows datadog samplers to return a value that differs from the sampling decision, this behavior is not supported.profiling: This fixes a
free(): invalid pointer
error which would arise as a result of incorrectly linking the C++ runtime.starlette: Ensures correct URL tag is set for starlette v0.34.0 and above.
structlog: Fixes error where multiple loggers would duplicate processors. Also adds processors injection when resetting to defaults.
v2.7.10
Compare Source
Bug Fixes
tracer.get_log_correlation_context()
incorrectly returned a 128-bit trace_id even withDD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED
set toFalse
(the default), breaking log correlation. It now returns a 64-bit trace_id.v2.7.9
Compare Source
Bug Fixes
lib_config
entrypymongo.pool.validate_session
v2.7.8
Compare Source
Bug Fixes
FileNotFoundError
.v2.7.7
Compare Source
Bug Fixes
ddtrace.internal.peer_service
module would fail raising an ImportError__name__
attributeThis fix remove those exceptions to avoid fatal error executions.
Empty lists from consume can occur when the call times out.
v2.7.6
Compare Source
Bug Fixes
causing crashes in configurations which relied on older protobuf versions. The profiler will now detect when injection is used and try loading with the native exporter. If that fails, it will self-disable rather than loading protobuf.
v2.7.5
Compare Source
New Features
confluent_kafka.Consumer.consume()
. Previously only confluent_kafka.Consumer.poll was instrumented.Bug Fixes
ddtrace.contrib.botocore.services
module would fail raising an ImportErrorv2.7.4
: 2.7.4Compare Source
Bug Fixes
None
messages from confluent-kafka could cause crashes in the Kafka integration.v2.7.3
: 2.7.3Compare Source
Bug Fixes
free(): invalid pointer
error which would arise as a result of incorrectly linking the C++ runtime.v2.7.2
: 2.7.2Compare Source
Bug Fixes
DD_PROFILING_STACK_V2_ENABLED=true
. This new sampler should resolve segfault issues on Python 3.11 and later, while also decreasing the latency contribution of the profiler in many situations, and also improving the accuracy of stack-sampling data. This feature is currently only available on Linux using CPython 3.8 or greater. RequiresDD_PROFILING_EXPORT_LIBDD_ENABLED=true
to be set.v2.7.1
Compare Source
Bug Fixes
tracer.get_log_correlation_context()
incorrectly returned a 128-bit trace_id even withDD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED
set toFalse
(the default), breaking log correlation. It now returns a 64-bit trace_id.v2.7.0
: 2.7.0Compare Source
New Features
DD_ASGI_TRACE_WEBSOCKET=true
to enable.span._metrics
in addition tospan._meta
, which was previously the only supported field.:
to differentiate between the base module and the method name (mymod.mysubmod:myclass.myfunc,myclass.otherfunc;...
)Datadog-Entity-ID
header to payloads sent to the Datadog Agent. This header can be set to the container ID or the container's cgroup node inode, and serves as a unique identifier for containers running under Linuxcgroupv2
.service
,name
, andresource
passed in with envarDD_TRACE_SAMPLE_RULES
. Previously, the service, name, and resource were matched using exact string matching.Deprecation Notes
[]
for DD_TRACE_METHODS (mymod.mysubmod.myclass[myfunc,otherfunc];...
) is deprecated and will be removed in 3.0.0.service
,name
, andresource
for sampling rules. Please use the new Glob matching support instead.Bug Fixes
Load
were being unintentionally patched, leading to compilation errors for the patched module.DD_BOTOCORE_EMPTY_POLL_ENABLED=false
.config.botocore.empty_poll_enabled=false
and no records were found.DD_INSTRUMENTATION_TELEMETRY_ENABLED
is set toFalse
.DeserializingConsumer
could result in a crash when the deserializer in use returns a type without a__len__
attribute.v2.6.12
Compare Source
Bug Fixes
v2.6.11
Compare Source
Bug Fixes
lib_config
entrypymongo.pool.validate_session
v2.6.10
Compare Source
Bug Fixes
FileNotFoundError
.ddtrace.contrib.botocore.services
module would fail raising an ImportErrorv2.6.9
Compare Source
Bug Fixes
None
messages from confluent-kafka could cause crashes in the Kafka integration.v2.6.8
: 2.6.8Compare Source
Bug Fixes
v2.6.7
: 2.6.7Compare Source
Bug Fixes
v2.6.6
: 2.6.6Compare Source
Bug Fixes
Load
were being unintentionally patched, leading to compilation errors for the patched module.DeserializingConsumer
could result in a crash when the deserializer in use returns a type without a__len__
attribute.v2.6.5
: 2.6.5Compare Source
Bug Fixes
v2.6.4
: 2.6.4Compare Source
Bug Fixes
pytest~=8.0
that would case crashes in certain scenarios, and returned different module namesCPython<3.10
when asocket.timeout
error was raised instead of the expectedTimeoutError
during CI Visibility API requestsv2.6.3
: 2.6.3Compare Source
Bug Fixes
v2.6.2
: 2.6.2Compare Source
Bug Fixes
DD_INSTRUMENTATION_TELEMETRY_ENABLED
is set toFalse
.v2.6.1
Compare Source
Bug Fixes
v2.6.0
Compare Source
Upgrade Notes
DD_CIVISIBILITY_ITR_ENABLED
now defaults to true, and the Datadog API (configured via the Datadog dashboard) now determines whether code coverage and test skipping are enabled.New Features
botocore: Adds optional feature to propagate context between producers and consumers for AWS SQS, AWS SNS, and AWS Kinesis via DD_BOTOCORE_PROPAGATION_ENABLED environment variable. Adds optional feature to disable tracing of AWS SQS poll() operation and AWS Kinesis 'get_records()' operation when no data is consumed via DD_BOTOCORE_EMPTY_POLL_ENABLED environment variable.
tracing: Adds new tag python_main_package containing the name of the main package of the application. profiling: Adds new tag python_main_package containing the name of the main package of the application.
ASM: API Security schema collection is now officially supported for Django, Flask and FastAPI. It can be enabled in the tracer using environment variable DD_API_SECURITY_ENABLED=true It will only be active when ASM is also enabled.
elasticsearch: This allows custom tags to be set on Elasticsearch spans via the Pin interface.
botocore: This introduces tracing support for bedrock-runtime operations.
See the docs for more information.
datastreams: this change adds kombu auto-instrumentation for datastreams monitoring. tracing: this change adds the
DD_KOMBU_DISTRIBUTED_TRACING
flag (defaultTrue
)Vulnerability Management for Code-level (IAST): Add support for CMDi in langchain.
botocore: Add the ability to inject trace context into the input field of botocore stepfunction start_execution and start_sync_execution calls.
Removes another place where we always load instrumentation telemetry, even if it is disabled
tracing: This introduces the ability to disable tracing at runtime based on configuration values sent from the Datadog frontend. Disabling tracing in this way also disables instrumentation telemetry.
tracing: Adds support for remote configuration of
DD_TRACE_HEADER_TAGS
tracing: Add support for remote configuration of trace-logs correlation.
grpc/grpc_aio: reports the available target host in client spans as
network.destination.ip
if only an IP is available,peer.hostname
otherwise.span: Adds a public api for setting span links
starlette,fastapi: Trace background tasks using span links
Bug Fixes
ASM: This fix resolves an issue where an exception would be logged while parsing an empty body JSON request.
CI Visibility: fixes an issue where coverage data for suites could be lost for long-running test sessions, reducing the possibility of skipping tests when using the Intelligent Test Runner.
IAST: Don't split AST Assign nodes since it's not needed for propagation to work.
ASM: This fix resolves an issue where suspicious request blocking on request data was preventing API Security to collect schemas in FastAPI, due to route not being computed.
ASM: This fix resolves an issue where ASM custom blocking actions with a redirect action could cause the server to drop the response.
Fixed an incompatible version requirements for one of the internal dependencies that could have caused an exception to be raised at runtime with Python 3.12.
data_streams: Thi
Configuration
📅 Schedule: Branch creation - "every weekend" in timezone UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.