fix(ci_visibility): handle `skipif` with non-positional arguments [ba…

…ckport 3.11] (#14162)

Backport 13fcc38 from #14150 to 3.11.

The ddtrace pytest plugin currently assumes that the `skipif` marker
will be provided the condition as a positional argument. It breaks if no
condition is provided, or if the condition is passed as a keyword
argument.

This leads to the `_pytest_runtest_protocol_pre_yield()` call raising an
exception, which leaves `coverage_collector` unset, which leads to the
call to `_pytest_runtest_protocol_post_yield()` to fail. If the test was
not finished during `pytest_runtest_protocol` (for example, because the
`pytest-rerunfailures` or `flaky` plugins are in use, which causes
ddtrace to skip its own `pytest_runtest_protocol`), the test span will
be left unfinished and with a `fail` test status.

This PR adds handling for keyword and absent `skipif` conditions, and
also makes sure `coverage_collector` is set even if
`_pytest_runtest_protocol_pre_yield()` fails.

- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance

policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

fix(ddtrace_api): avoid clobbering ddtrace_api's stored tracer instan…

…ce [backport 3.11] (#14160)

Fixes a bug in the ddtrace_api integration in which `patch()` with no
arguments, and thus `patch_all()`, breaks the integration.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance

policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------


(cherry picked from commit f5626c7)

Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com>

feat(aap): endpoint discovery for Django (#14113)

This PR introduces a new feature for API Protection:
- Discovery of Django endpoints at startup of the tracer
- Report through a new telemetry payload
- Add max_length and time checks to ensure collection of endpoints is
memory and time bounded
- Add telemetry test with minimalist django application to test the
feature.

APPSEC-58374

Note: This new feature is completely independent from security features.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

feat(aap): endpoint discovery for Django (#14113)

This PR introduces a new feature for API Protection:
- Discovery of Django endpoints at startup of the tracer
- Report through a new telemetry payload
- Add max_length and time checks to ensure collection of endpoints is
memory and time bounded
- Add telemetry test with minimalist django application to test the
feature.

APPSEC-58374

Note: This new feature is completely independent from security features.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

ci: pin Microsoft.Azure.Functions.ExtensionBundle to latest stable ve…

…rsion [backport 3.10] (#14141)

Backport c2dd2c5 from #14059 to 3.10.

The most recent [Azure Extension
Bundle](https://learn.microsoft.com/en-us/azure/azure-functions/extension-bundles)
release,
[4.23.1](https://github.com/Azure/azure-functions-extension-bundles/releases/tag/4.23.1),
introduced a breaking change (see below). Currently, the Azure Functions
tests use the latest available version of this bundle between version 4
and 5 so this new version was picked up automatically. This PR pins the
Azure Extension Bundle to the most recent stable version, `4.22.0` in
addition to removing some other unnecessary configuration in
`host.json`.

```
Looking for extension bundle Microsoft.Azure.Functions.ExtensionBundle at /root/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle
[2025-07-18T03:23:01.168Z] Found a matching extension bundle at /root/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/4.23.1
[2025-07-18T03:23:01.169Z] Fetching information on versions of extension bundle Microsoft.Azure.Functions.ExtensionBundle available on https://functionscdn.azureedge.net/public/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/index.json
[2025-07-18T03:23:01.289Z] Skipping bundle download since it already exists at path /root/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/4.23.1
[2025-07-18T03:23:01.294Z] Loading extension bundle from /root/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/4.23.1/bin
[2025-07-18T03:23:01.295Z] Script Startup resetting load context with base path: '/root/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/4.23.1/bin'.
[2025-07-18T03:23:01.303Z] Loading startup extension 'ServiceBus'
[2025-07-18T03:23:01.371Z] Loaded extension 'ServiceBus' (5.16.5.0)
[2025-07-18T03:23:01.400Z] Reading host configuration file '/root/project/tests/contrib/azure_functions/azure_function_app/host.json'
[2025-07-18T03:23:01.400Z] Host configuration file read:
[2025-07-18T03:23:01.400Z] {
[2025-07-18T03:23:01.400Z]   "version": "2.0",
[2025-07-18T03:23:01.401Z]   "extensionBundle": {
[2025-07-18T03:23:01.401Z]     "id": "Microsoft.Azure.Functions.ExtensionBundle",
[2025-07-18T03:23:01.401Z]     "version": "[4.*, 5.0.0)"
[2025-07-18T03:23:01.401Z]   }
[2025-07-18T03:23:01.401Z] }
[2025-07-18T03:23:01.432Z] Error configuring services in an external startup class.
[2025-07-18T03:23:01.433Z] Error configuring services in an external startup class. Microsoft.Azure.WebJobs.Extensions.ServiceBus: Could not load file or assembly 'Microsoft.Extensions.Configuration.Abstractions, Version=8.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. The system cannot find the file specified.
[2025-07-18T03:23:01.433Z] .
[2025-07-18T03:23:01.507Z] A host error has occurred during startup operation 'af05ca43-cfb8-4191-8373-9f67a5242695'.
[2025-07-18T03:23:01.508Z] Microsoft.Azure.WebJobs.Script: Error configuring services in an external startup class. Microsoft.Azure.WebJobs.Extensions.ServiceBus: Could not load file or assembly 'Microsoft.Extensions.Configuration.Abstractions, Version=8.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. The system cannot find the file specified.
[2025-07-18T03:23:01.508Z] .
Value cannot be null. (Parameter 'provider')
[2025-07-18T03:23:01.588Z] Host startup operation has been canceled
[2025-07-18T03:23:01.588Z] Initialization cancellation requested by runtime.
[2025-07-18T03:23:01.592Z] Stopping host...
[2025-07-18T03:23:01.594Z] Host shutdown completed.
[2025-07-18T03:23:01.597Z] Shutting down language worker channels for runtime:python
```

Alternatively we can upgrade to the latest version of [Azure Functions
Core Tools](https://github.com/Azure/azure-functions-core-tools) since I
believe that version is compatible with the most recent release of the
Azure Extension Bundle. But it is a more involved change to update the
test runner image.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Duncan Harvey <35278470+duncanpharvey@users.noreply.github.com>

chore(llmobs): dataframe and csv support (#14041)

adds support to create dataset from csv files and pandas dataframe
support for datasets
<img width="1084" height="406" alt="image"
src="https://github.com/user-attachments/assets/9d0509e7-ee11-4245-8b23-d5c2f9a021b9"
/>


Also reverts a change from #14110 where config was removed as a task
function arg. We are going back to previous behavior where users can
configure their task function execution


## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Kyle Verhoog <kyle@verhoog.ca>
Co-authored-by: Yun Kim <35776586+Yun-Kim@users.noreply.github.com>
Co-authored-by: Yun Kim <yun.kim@datadoghq.com>

fix: iteration block hook injection [backport 2.21] (#13801)

Backport d7b62d5 from #13772 to 2.21.

We fix an issue with the instrumentation of the beginning of iteration
blocks (e.g. for loops) whereby instrumenting the end might cause
unexpected behaviour when the modified function is invoked. This is due
to the bytecode VM not liking any bytecode interposed before the
instruction that ends the iteration block (e.g. `END_FOR`). This also
solves the problem of double-calls of the instrumented hook when hitting
the beginning of such blocks.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Gabriele N. Tornetta <P403n1x87@users.noreply.github.com>
Co-authored-by: Tyler Finethy <tylfin@gmail.com>

chore: update span exit typing (#13932)

[chore: update span exit
typing](#13928)
opened a new PR for above because CI was struggling

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Ryan Morshead <ryan.morshead@gmail.com>

fix(tracing): handle unicode when truncating long span attributes [ba…

…ckport #13475 to 2.21] (#14081)

PR #13270 introduced
truncation of long span attributes. However, the truncation code works
at the character level (e.g., uses `len(text)` to count the string
length), but `msgpack_pack_unicode()` expects a size in bytes as an
argument. For a string with non-ASCII characters, the character length
can be less than the byte length, and so in some cases the string would
not be truncated (because the number of characters would be below the
limit), but `msgpack_pack_unicode()` would fail (because the number of
bytes would be above the limit).

This PR changes the call to `msgpack_pack_unicode()` to use the old
limit of `ITEM_LIMIT` (2**32 - 1).

- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance

policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

(cherry picked from commit c0fe465)

---------

Co-authored-by: Vítor De Araújo <vitor.dearaujo@datadoghq.com>

fix(logging): fix issue with dd.* properties not getting injected ont…

…o logging records [backport 3.10] (#13929)

Backport 265f660 from #13924 to 3.10.

Resolves: #13892

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: brettlangdon <brett.langdon@datadoghq.com>