Bump ddtrace from 2.1.7 to 2.3.0

[dependabot]

Bumps ddtrace from 2.1.7 to 2.3.0.

Release notes

Sourced from ddtrace's releases.

2.3.0

New Features

• propagation: 128-bit trace ids are now used by default for propagation. Previously the default was 64-bit. This change is backwards compatible with tracers that still use 64-bit trace ids and should not cause any breaking behavior.
• dsm: Adds DSM pathway.hash tag to spans when DSM is enabled. This allows traces from the instrumented service to show up in the DSM traces tab.
• propagation: When the tracer is configured to extract and inject tracecontext, the tracer will propagate the tracestate values from other vendors so long as the traceparent trace-id matches the first found trace context, regardless of propagator configuration order. To disable this behavior DD_TRACE_PROPAGATION_EXTRACT_FIRST=true can be set.
• opentelemetry: Map reserved OpenTelemetry attributes to Datadog span model.
• opentelemetry: datadog operation name from semantic conventions
• propagation: If a valid context is extracted from headers, and the following extracted trace context's trace_ids do not match the valid context's, then add a span link to the root span to represent the broken propagation.
• tracing: This change treats spans that terminated with sys.exit(0) as successful non-error spans.
• tracing: This introduces the DD_TRACE_SPAN_TRACEBACK_MAX_SIZE environment variable, allowing the maximum size of tracebacks included on spans to be configured.

Bug Fixes

• CI Visibility: fixes the fact that the GITHUB_SERVER_URL environment variable was not being sanitized for credentials
• dynamic instrumentation: Needs to update the pubsub instance when the application forks because the probe mechanism should run in the child process. For that, DI needs the callback as the method of an instance of Debugger, which lives in the child process.
• CI Visibility: Fixes an issue where a ValueError was raised when using different path drives on Windows
• build: Fixes an issue where ddtrace could not be installed from source when using setuptools>=69 due to a change in the license field.
• tracing: Fixes an issue where the thread responsible for sending traces is killed due to concurrent dictionary modification.
• Vulnerability Management for Code-level (IAST): Generates cookies vulnerabilities report if IAST is enabled. Before this fix, Cookies vulnerabilities were only generated if both IAST and Appsec were enabled.
• Vulnerability Management for Code-level (IAST): This fix resolves an issue where, at AST patching to replace code with IAST aspects, passing the original function/method as an extra parameter for accurate patching unintentionally triggers side effects in methods obtained from an expression (like decode in file.read(n).decode()), resulting in unexpected multiple calls to the expression (file.read(n) in the example).
• Vulnerability Management for Code-level (IAST): This fix eliminates some reference leaks and C-API usage when IAST reports a vulnerability and calls get_info_frame.
• kafka: This fix resolves an issue where calls to confluent_kafka's produce method with key=None would cause an exception to be raised.
• tracing: This fix resolves an issue where ddtrace's signal handlers could cause Flask apps not to respond correctly to SIGINT.
• logging: A log handler is automatically added to the ddtrace logger upon ddtrace import, when not using ddtrace-run. This can lead to duplicate logging if users add additional loggers and do not explicitly modify the ddtrace logger. This fix adds a feature flag that can be used to toggle this behavior off DD_TRACE_LOG_STREAM_HANDLER which defaults to true.
• structlog: Fixes TypeError raised when ddtrace log processor is configured with a tuple

2.3.0rc1

New Features

• dsm: Adds DSM pathway.hash tag to spans when DSM is enabled. This allows traces from the instrumented service to show up in the DSM traces tab.
• opentelemetry: Map reserved OpenTelemetry attributes to Datadog span model.
• opentelemetry: datadog operation name from semantic conventions
• propagation: 128-bit trace ids are now used by default for propagation. Previously the default was 64-bit. This change is backwards compatible with tracers that still use 64-bit trace ids and should not cause any breaking behavior.
• propagation: When the tracer is configured to extract and inject tracecontext, the tracer will propagate the tracestate values from other vendors so long as the traceparent trace-id matches the first found trace context, regardless of propagator configuration order. To disable this behavior DD_TRACE_PROPAGATION_EXTRACT_FIRST=true can be set.
• propagation: If a valid context is extracted from headers, and the following extracted trace context's trace_ids do not match the valid context's, then add a span link to the root span to represent the broken propagation.
• tracing: This change treats spans that terminated with sys.exit(0) as successful non-error spans.
• tracing: This introduces the DD_TRACE_SPAN_TRACEBACK_MAX_SIZE environment variable, allowing the maximum size of tracebacks included on spans to be configured.

Bug Fixes

• build: Fixes an issue where ddtrace could not be installed from source when using setuptools>=69 due to a change in the license field.
• CI Visibility: fixes the fact that the GITHUB_SERVER_URL environment variable was not being sanitized for credentials
• dynamic instrumentation: Needs to update the pubsub instance when the application forks because the probe mechanism should run in the child process. For that, DI needs the callback as the method of an instance of Debugger, which lives in the child process.
• CI Visibility: Fixes an issue where a ValueError was raised when using different path drives on Windows
• kafka: This fix resolves an issue where calls to confluent_kafka's produce method with key=None would cause an exception to be raised.
• logging: A log handler is automatically added to the ddtrace logger upon ddtrace import, when not using ddtrace-run. This can lead to duplicate logging if users add additional loggers and do not explicitly modify the ddtrace logger. This fix adds a feature flag that can be used to toggle this behavior off DD_TRACE_LOG_STREAM_HANDLER which defaults to true.
• tracing: Fixes an issue where the thread responsible for sending traces is killed due to concurrent dictionary modification.
• tracing: This fix resolves an issue where ddtrace's signal handlers could cause Flask apps not to respond correctly to SIGINT.

... (truncated)

Commits

• 80f3264 chore(rcm): payload logging (#7603)
• 1656e7d fix(tracer): fix multiprocessing queue on aws lambda (#7612)
• 0cfc263 fix(structlog): appends to default_processors via list to avoid TypeError (...
• ac29fa3 ci(opentelemetry): pin cattrs and otel-flask-instrumentation (#7682)
• f86bfd2 fix(setuptools): update deprecated license format (#7684)
• 2bd99af chore: deduplicate and abstract some bits of the release script (#7592)
• 80bf6a9 fix(asm): fix config in api_manager (#7678)
• 1c9765f fix(pytest+unittest): add safety check for Windows paths (#7627)
• 3aad540 ci(iast): fix flaky test (#7677)
• d0e50ca chore(ci_visibility): override API answer if _DD_CIVISIBILITY_ITR_FORCE_ENABL...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (9bb970e) 86.61% compared to head (87f1d0d) 86.61%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #9132   +/-   ##
=======================================
  Coverage   86.61%   86.61%           
=======================================
  Files         179      179           
  Lines       26569    26569           
=======================================
  Hits        23013    23013           
  Misses       3556     3556           

Flag	Coverage Δ
integration	83.48% <ø> (ø)
unit	64.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

A newer version of ddtrace exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.