Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.47.0 #20

Closed
wants to merge 1 commit into from
Closed

fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.47.0 #20

wants to merge 1 commit into from

Conversation

self-hosted-renovatebot[bot]
Copy link
Contributor

@self-hosted-renovatebot self-hosted-renovatebot bot commented Jan 13, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
gopkg.in/DataDog/dd-trace-go.v1 require minor v1.29.0 -> v1.47.0

Release Notes

DataDog/dd-trace-go

v1.47.0

Compare Source

Summary

In this release, Application Performance Monitoring (APM) adds W3C trace context propagation support. The new default propagation list is tracecontext,Datadog for injection and extraction. See the docs for more configuration details.
APM also re-introduces the collection of client ip address as an opt-in feature, even when ASM isn't configured. This can be enabled by setting DD_TRACE_CLIENT_IP_ENABLED.

Application Security Management (ASM) introduces IP blocking to Gin and Echo, along with a new public API to log security-related events.

The profiler now uses the faster delta profile implementation by default, first introduced in version 1.44.0. This significantly reduces the memory allocations from profile manipulation.

Changes

Application Performance Monitoring (APM)

Application Security Management (ASM)

Profiler

Fixes

Application Performance Monitoring (APM)

Full Changelog: DataDog/dd-trace-go@v1.46.1...v1.47.0

v1.46.1

Compare Source

Summary

This is a patch release containing a minor fix that ensures userinfo strings are not present in URLs sent in the http.url tag.

What's Changed

Application Performance Monitoring (APM)

Full Changelog: DataDog/dd-trace-go@v1.46.0...v1.46.1

v1.46.0

Compare Source

Summary

  • This release changes how header extraction and injection are configured. The DD_PROPAGATION_STYLE_INJECT and DD_PROPAGATION_STYLE_EXTRACT environment variables are now deprecated. Prefer the new environment variables DD_TRACE_PROPAGATION_STYLE_INJECT, DD_TRACE_PROPAGATION_STYLE_EXTRACT, and DD_TRACE_PROPAGATION_STYLE (which generally applies to both inject and extract).
    For example, the environment variables would take the following precedence:
    • DD_TRACE_PROPAGATION_STYLE_INJECT
    • DD_PROPAGATION_STYLE_INJECT (deprecated)
    • DD_TRACE_PROPAGATION_STYLE (applies to both inject and extract)
    • If none of the above, use default values

What's Changed

Full Changelog: DataDog/dd-trace-go@v1.45.1...v1.46.0

v1.45.1

Compare Source

Fix the version number reported by dd-trace-go to avoid the release candidate label.

v1.45.0

Compare Source

Summary

Application Security Monitoring now becomes Application Security Management (ASM) with the release of IP blocking for HTTP and gRPC servers, which allows you to block attackers based on their IP addresses, managed from your denylist. You can request a private beta access to this feature here.

Changes

Application Performance Monitoring (APM)

Application Security Monitoring Management (ASM)

Others

Fixes

Profiler

Full Changelog: DataDog/dd-trace-go@v1.44.1...v1.45.0

v1.44.1

Compare Source

This patch release fixes an issue with Go modules version selection when dd-trace-go is updated using go get -u all, where an unstable indirect dependency was unexpectedly upgrading to an incompatible version and therefore leading to a compilation error.

Full Changelog: DataDog/dd-trace-go@v1.44.0...v1.44.1

v1.44.0

Compare Source

Summary

This version notably brings:

  • gofiber trace propagation: Users of the gofiber package will now have fully connected traces.
  • The profiler adds a new, efficient profile delta computation algorithm, which eliminates almost all of the memory allocation caused by the profiler when delta profiles are enabled. This algorithm can be enabled with the DD_PROFILING_DELTA_METHOD=fastdelta environment variable. It will become the default in a future release.
  • The profiler no longer adds an env tag to profiles unless one is explicitly configured, either through the DD_ENV environment variable or through the WithEnv option. This allows profiles to be tagged with the env value configured by the agent, if one is available, rather than getting the previous env:none default tag.
  • Remotely enable Application Security Monitoring through Datadog's remote configuration (private beta access required).

A list of minor improvements and fixes can be found in the list below:

Changes

General

Application Performance Monitoring (APM)

Application Security Monitoring (ASM)

Profiler

Other

Fixes

Application Performance Monitoring (APM)

Application Security Monitoring (ASM)

Full Changelog: DataDog/dd-trace-go@v1.43.1...v1.44.0

v1.43.1

Compare Source

Summary

The http.client_ip tag of HTTP request spans is no longer collected by Application Performance Monitoring (APM) and is now only reported by Application Security Monitoring (ASM), as part of its security monitoring metadata. If you are still interested in this feature without ASM, please file a feature request.

Fixes

  • appsec: report http.client_ip only when appsec is enabled (#​1523)

Full Changelog: DataDog/dd-trace-go@v1.43.0...v1.43.1

v1.43.0

Compare Source

Summary

This version notably brings:

  • Application Security Monitoring on linux/arm64 and darwin/arm64
  • The profiler now captures its own CPU overhead. Previously, CPU profiling could be stopped before follow-on work processing the other profile types completed. There is now proper synchronization so this work is captured. Note that there may be a small (<1%) increase in CPU time on profiles. This is not new overhead, or a regression. It is just work that was already being done, now more accurately reflected.
  • The new ddtrace.UseLogger function can be used to configure logging for both the tracer and profiler.

A couple of improvements and fixes can also be found in the list of changes below.

Changes

General

Application Performance Monitoring (APM)

Database Monitoring

Application Security Monitoring (ASM)

Profiler

  • Cap the CPU profile duration so it doesn't exceed the profiling period (#​1486)
  • Ensure that CPU profile records profiler work (#​1485)

Full Changelog: DataDog/dd-trace-go@v1.42.1...v1.43.0

v1.42.1

Compare Source

Summary

This release fixes a compilation issue when building with appsec on some macOS versions.

Fixes

Application Security Monitoring (ASM)

Full Changelog: DataDog/dd-trace-go@v1.42.0...v1.42.1

v1.42.0

Compare Source

Summary

This release has several exciting features:

Changes

General

APM

Database Management

ASM

Profiler

Full Changelog: DataDog/dd-trace-go@v1.41.1...v1.42.0

v1.41.1

Compare Source

Summary

This release fixes a bug in the tracer library which incorrectly calculated client-side stats for dropped P0 traces.

Changes

Tracer

Full Changelog: DataDog/dd-trace-go@v1.41.0...v1.41.1

v1.41.0

Compare Source

Summary

This release introduces rule based span sampling for the tracer which can be configured through the env var DD_SPAN_SAMPLING_RULES. For configuration details, see the docs.
Additionally it is now possible to propagate an HTTP request's user id across services when using the SetUser() tracer function, thanks to the WithPropagation() option.
Also, the tracer now flushes trace stats when stopping, and some changes to contribs were also made:

  • For net/http the RoundTripper has a new option to ignore outgoing requests
  • For segmentio/kafka.go.v0 the message's topic name is used when the writer's topic name is unavailable
  • For 99designs/gqlgen, basic support was added for tracing GraphQL functions

The profiler fixed a bug which caused the first minute of activity to be missing from profiles. The profiler now respects the DD_TRACE_STARTUP_LOGS environment variable, which can be set to false to turn off start-up logging. Profiles are now tagged with the seq_id tag, which counts how many profiles have been uploaded so far.

Some more improvements and fixes can also be found in the list of changes below.

Changes

Tracer
Profiler

Full Changelog: DataDog/dd-trace-go@v1.40.1...v1.41.0

v1.40.1

Compare Source

Summary

This release updates the version.go file so that the version is not a release candidate anymore, but a full release one.
This will be reflected in the tracer's startup logs. There is no changelog since this release is just a version bump to correct the content of version.go.

v1.40.0

Compare Source

Summary

This release adds the http.url tag to the list of collected security tags (documentation). This tag will now hold the full http request's URL for server requests instead of the http request's path, so be sure to check that it doesn't break anything on your side when switching over to this version.

Additionally, some more changes were made to a few contribs:

  • echo.v4: it is now possible to skip tracing for some endpoints using the WithIgnoreRequest option.
  • gocql: errors can now be selectively ignored using the WithErrorCheck option.
  • kafka-go: tracing of the FetchMessage() reader method is now possible.

A couple of improvements and fixes can also be found in the list of changes below.

Changes

General
Tracer
ASM

Full Changelog: DataDog/dd-trace-go@v1.39.1...v1.40.0

v1.39.1

Compare Source

Summary

This release fixes a bug in the profiler library which caused the service tag to sometimes be missing from uploaded profiles. This resulted in profiles appearing on Datadog with the service name unnamed-service.

Changes

Profiler

Full Changelog: DataDog/dd-trace-go@v1.39.0...v1.39.1

v1.39.0

Compare Source

Summary

With this release, the Go tracer now starts reporting a set of security monitoring tags for each server request without the need to enable ASM. Currently, the collected tags are http.client_ip, http.useragent, http.status_code and http.method, and more will come with future releases. More information about this can be found in the Datadog documentation.
Other additions include a new integration for the logrus logging package, and overriding the sampling decision of a trace
in downstream services is now possible. Additionally, a new tag aws.request_id was added to spans for the aws-sdk-go
integration. On top of this the tracer has a new option, WithUniversalVersion, which removes the limitation of having the service name
match the name defined when starting the tracer for version tracking.
Some more fixes and improvements were made which you can find in the changelog below.

Changes

Repo

APM

ASM

Profiler

Full Changelog: DataDog/dd-trace-go@v1.38.1...v1.39.0

v1.38.1

Compare Source

This release contains a set of small fixes for Application Security Monitoring (ASM) and Profiler.

  • ASM: fix compilation errors when CGO is disabled or when using MacOS 12.3.1 (#​1261)
  • Profiler: get the correct profile for the experimental goroutine wait profile (#​1262)

Full Changelog: DataDog/dd-trace-go@v1.38.0...v1.38.1

v1.38.0

Compare Source

This release comes with new Application Security Monitoring capabilities including sensitive data obfuscation for security events, a new set of metrics to monitor the WAF execution and security rules processing, as well as the latest version of the security rules which includes NoSQL-injection monitoring.
On a side note, AppSec has been renamed to ASM (Application Security Monitoring) and will be referred to as such in the future.

On the Tracer side, the service.name tag was removed from the spans for kubernetes and the resource.name tag is now set using the context's route for gofiber/fiber.

The Profiler introduces a new CPUProfileRate option to allow users to use a specific CPU profiling rate.

Features

Tracer
Application Security Monitoring
  • internal/appsec: security events obfuscation (#​1237)
  • internal/appsec/waf: add WAF and security rules monitoring metrics (#​1225)
  • internal/appsec: update security rules to v1.3.1 including NoSQL-injection monitoring (#​1244)
Profiler
  • profiler: add CPUProfileRate option (#​1243)

Fixes

Tracer
  • contrib/go-chi: remove the chi.v4 package in favor of chi.v5 (#​1233)
  • contrib/net/http: fix status reporting for empty replies (#​1140)
  • contrib/gin-gonic/gin: fix incomplete examples (#​1212) (thanks @​ajones)
Profiler
  • ddtrace/tracer: update profile endpoint label when SetTag updates resource name for a span (#​1203)

Full Changelog: DataDog/dd-trace-go@v1.37.1...v1.38.0

v1.37.1

Compare Source

This release contains fixes to the AppSec security rules where a Local-File Injection rule has been improved in order to avoid some false positives, and the monitoring of HTTP request cookies has been temporarily disabled until the AppSec obfuscator is added in the near future to the library.

Full Changelog: DataDog/dd-trace-go@v1.37.0...v1.37.1

v1.37.0: 1.37.0

Compare Source

This release comes with the new AppSec capability to monitor the parsed HTTP body thanks to a new public appsec package. This package provides a function - appsec.MonitorParsedHTTPBody() - that should be called from within your http request handlers with the parsed http body payload, such as returned by json.Unmarshal(), proto.Unmarshal() or any other parser.
It also introduces support for the web framework gin, as well as the latest AppSec security rules which include the new OGNL & Cassandra injection detections.

Additionally, this update provides a new user monitoring tracing function - tracer.SetUser() - allowing to associate user attributes to a trace. This allows to add user context to traces which can then be leveraged by Datadog's monitoring, for example by identifying the user of an AppSec attack.

The profiler's code hotspots and endpoints is now enabled by default in order to connect APM traces and profiles.

Note that dd-trace-go's go.mod file has been updated to now include every dependency required by dd-trace-go and its integrations. It now lists the minimum secure versions required, according to the Go module registry of vulnerabilities.

Features

  • all: commit full go.mod and go.sum files (#​1188)
APM
  • contrib/database/sql: fix support for drivers using deprecated interfaces (#​1167)
  • contrib/database/sql: trace connection time (#​1154)
  • contrib/gorilla/mux: provide a new function wrapper for gorilla router (#​1175)
  • contrib/segmentio/kafka-go: add tracing for kafka writer and reader (#​1152)
  • ddtrace/tracer: overall CPU & memory performance improvements (#​1184, #​1160, #​1186, #​1134, #​1183)
  • ddtrace/tracer: Add B3 flag to PropagatorConfig (#​1148)
  • ddtrace/tracer: provide a new user monitoring tracing function to associate a user to a trace (#​1196)
  • ddtrace/tracer: disable Datadog internal tag propagation (#​1182)
  • ddtrace/tracer: fix a bug with the x-datadog-tags header parser (#​1155)
  • ddtrace/tracer: fix top_level computation with DD_SERVICE_MAPPING (#​1150)
AppSec
  • contrib/gin-gonic: add AppSec monitoring of http requests and responses (#​1165)
  • contrib/google.golang.org/grpc: monitor grpc metadata headers (#​1190)
  • contrib/labstack/echo.v4: fix http response monitoring (#​1177)
  • appsec: provide a new function to monitor the parsed http body (#​1178)
  • internal/appsec/waf: fix the parsing of AppSec security rules (#​1189)
  • internal/appsec: update the security rules to v1.2.6, including new OGNL & Cassandra injections and various improvements (#​1191)
Profiler
  • profiler, ddtrace/tracer: enable code hotspots & endpoints by default with 100% CPU profiling (#​1169)
  • profiler: don't upload full profiles if delta profiling is enabled (#​1187)
  • profiler: Inc DefaultBlockRate from 10µs to 100ms (#​1192)

v1.36.2

Compare Source

This release contains a small patch that disables service propagation in the Tracer.

ddtrace/tracer: disable Datadog internal tag propagation (#​1182)

To view the changes check out the list of commits

v1.36.1

Compare Source

v1.36.0

Compare Source

This version comes with the Application Security (AppSec) public beta which includes a broader security coverage of HTTP servers, now also extended to gRPC servers. It is powered by new security rules that allow monitoring the OWASP Top 10 attack attempts, such as SQL injections, Log4Shell and Server-Side Request Forgeries.

It also includes many APM tracing improvements, along with a fix for a regression introduced in v1.35.0.

Features

AppSec
  • contrib/go-chi: integrate AppSec monitoring of http requests and responses (#​1130)
  • contrib/google.golang.org/grpc: monitor received RPC messages (#​1105)
  • internal/appsec: monitor HTTP response status codes (#​1096)
  • internal/appsec: enhanced monitoring of HTTP cookies (#​1108)
  • internal/appsec: monitor URL parameters of HTTP requests (#​1106)
  • internal/appsec: log http response headers into request spans on security events (#​1107)
  • internal/appsec: rate-limit AppSec traces to 100 per second (#​1131)
APM Tracer
  • contrib/gocql/gocql: support Scanner and Batch (#​1117) (Thanks @​jack-at-circle)
  • contrib/go-chi option to ignore requests. (#​1124) (Thanks @​Anvay-Rajhansa)
  • contrib/net/http: use ignoreRequest in WrapHandler (#​1049)
  • contrib/labstack/{echo, echo.v4}: add support for noDebugStack (#​1097)
  • contrib/google.golang.org/grpc: Fallback to GlobalConfig serviceName if missing (#​1027) (Thanks @​vasyharan)
  • contrib/net/http: Add TraceAndServe and TraceConfig from contrib/internal/httputil (#​1063) (Thanks @​soh335)
  • ddtrace/tracer: Use DD_AGENT_HOST to set trace agent hostname before querying the trace-agent for its features (#​1126) (Thanks @​carflo)
  • ddtrace/tracer: fix tracer.StartSpanFromContext race condition on opts arg (#​1127)
  • ddtrace/tracer: propagate _dd.p.upstream_services tags (#​1082)
Profiler
  • profiler: log configuration at profiling start (#​1114)

Fixes

  • ddtrace/tracer: only drop P0s when client-side stats are enabled (#​1139)

To view all changes check out the list of commits and the 1.36.0 milestone.

v1.35.0

Compare Source

Features
  • profiler: Code Hotspots and Endpoint Filtering (#​966)
  • profiler: Add WithDeltaProfiles() option (#​1038)
  • ddtrace/tracer: add support for DD_SERVICE_MAPPING (#​1077)
  • ddtrace/tracer: obfuscate stats (#​1069)
  • ddtrace/tracer: use UDS connection when relevant socket paths are available (#​1048)
  • ddtrace/tracer: support for DD_TRACE_ENABLED environment variable (#​991)
  • contrib/go-redis/redis.v8: add WithSkipRawCommand option and fix resource (#​1091)
  • contrib/labstack/echo.v4: add appsec integration (#​1042)
  • contrib/gin-gonic: add option to ignore request (#​1061)
  • contrib/elastic/go-elasticsearch: Add support for github.com/elastic/go-elasticsearch (#​1017)
  • contrib/database/sql: add Option to prevent starting new traces (#​1013)
  • contrib/net/http: add method RTWithSpanOptions (#​1005)
Fixes
  • internal/appsec: update the recommended security rules to v1.2.4 (#​1098)
  • contrib/internal/httputil: return correct wrapped response writer (#​1078)
  • internal/appsec/waf: strip libddwaf.a (#​1056)

To view all changes check out new commits and the 1.35.0 milestone.

v1.34.0: 1.34.0

Compare Source

This version comes with a first release of Application Security (AppSec), which includes a Web-App Firewall (WAF). You can apply to the AppSec private beta by visiting https://app.datadoghq.com/security/appsec and following the instructions detailed here.

We've also included support for github.com/urfave/negroni, along with other enhancements and bug fixes.

Features
Fixes
  • profiler: stop erroring on 2xx status codes (#​1024)
  • ddtrace/tracer: add normalization of span duration (#​973)
  • contrib/gorm.io/gorm.v1: add WithErrorCheck option (#​940) (/thanks @​vmlellis)
  • contrib/olivere/elastic: fix ineffectual error assignment (#​1010)
  • contrib/twitchtv/twirp: service name should be read from global config (#​1008) (/thanks @​prasad-marne)
  • contrib/go.mongodb.org/mongo-driver/mongo: query tag should be mongodb.query (#​996)
  • contrib/gofiber/fiber.v2: capture error from fiber handler (#​988)
  • contrib/gofiber/fiber.v2: add reference to initial middleware span/context (#​992)

To view all changes check out new commits and the 1.34.0 milestone.

v1.33.0: 1.33.0

Compare Source

This change delivers support for Delta Profiles along with a performance improvement in situations when the application generates very large traces.

Features
  • profiler: Convert the Allocations, Allocated Memory, Mutex and Block profiles to delta profiles over the profiling period rather than over the lifetime of the process (#​842). Please refer to this google doc for more information.
Fixes
  • ddtrace/tracer: remove the waitClose mechanism which fixes a memory leak with very large traces (#​976)

To view all changes check out new commits and the 1.33.0 milestone.

v1.32.0: 1.32.0

Compare Source

This version includes a new contrib integration for github.com/aws/aws-sdk-go-v2 along with some integration improvements and various fixes for the tracer and profiler. Thanks to the community for helping push this project forward! 🥇

Features
  • contrib/go-pg/pg.v10: add analytics and service name options (#​953) (Thanks, [@​pzvalenta](https://togi

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@self-hosted-renovatebot self-hosted-renovatebot bot requested a review from a team as a code owner January 13, 2023 17:23
@self-hosted-renovatebot self-hosted-renovatebot bot force-pushed the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch 3 times, most recently from c77e7e7 to d42a1c9 Compare January 19, 2023 20:34
@self-hosted-renovatebot self-hosted-renovatebot bot changed the title fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.46.0 fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.46.1 Jan 20, 2023
@self-hosted-renovatebot self-hosted-renovatebot bot force-pushed the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch 3 times, most recently from bea22a3 to 9577a2c Compare January 26, 2023 00:30
@self-hosted-renovatebot self-hosted-renovatebot bot force-pushed the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch from 9577a2c to d90b9a0 Compare January 30, 2023 20:30
@self-hosted-renovatebot self-hosted-renovatebot bot changed the title fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.46.1 fix(deps): update module gopkg.in/datadog/dd-trace-go.v1 to v1.47.0 Jan 31, 2023
@self-hosted-renovatebot self-hosted-renovatebot bot force-pushed the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch 2 times, most recently from b86f426 to eff4387 Compare February 1, 2023 00:30
@self-hosted-renovatebot self-hosted-renovatebot bot force-pushed the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch from eff4387 to 6c7a399 Compare February 8, 2023 00:35
@cep21 cep21 closed this Feb 9, 2023
@cep21 cep21 deleted the renovate/gopkg.in-datadog-dd-trace-go.v1-1.x branch February 9, 2023 17:10
@self-hosted-renovatebot
Copy link
Contributor Author

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (v1.47.0). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cep21