Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump ddtrace from 1.9.3 to 2.1.4 #204

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 31, 2023

Bumps ddtrace from 1.9.3 to 2.1.4.

Release notes

Sourced from ddtrace's releases.

2.1.4

Bug Fixes

  • Application Security Management (ASM): fix a body read error when Transfer-Encoding: chunked header is sent

2.1.3

Bug Fixes

  • IAST: This fix resolves an issue where JSON encoder would throw an exception while encoding a tainted dict or list.

2.1.2

Bug Fixes

  • ASM: fix a body read problem on some corner case where passing empty content length makes wsgi.input.read() blocks.
  • CI Visibility: fixes an issue where class-based test methods with the same name across classes would be considered duplicates, and cause one (or more) tests to be dropped from results, by adding --ddtrace-include-class-name as an optional flag (defaulting to false) to prepend the class name to the test name.
  • dynamic instrumentation: fix an issue that caused the probe instrumentation error details from being reported for visualization in the UI.
  • dynamic instrumentation: fix an issue that caused function probes on the same module to fail to instrument and be reported in the ERROR status in the UI if the module was not yet imported.
  • sampling: This fix reverts a refactor which affected how the tracer handled the trace-agent's recommended trace sampling rates, leading to an unintended increase in traces sampled.
  • remote config: Add git metadata to configuration requests to ensure Source Code Integration (SCI) works as expected with services that require it.
  • CI Visibility: fixes an issue where just importing unittest enabled CIVisibility and potentially caused unexpected logs and API requests
  • Vulnerability Management for Code-level (IAST): Fix potential string id collisions that could cause false positives with non tainted objects being marked as tainted.

2.1.1

Bug Fixes

  • CI Visibility: fixes distributed tracing when using the CI Visibility integration
  • ASM: This fix resolves an issue where an f-string expression would not be formatted properly causing a segfault if IAST is enabled.
  • langchain: This fix resolves an import error with patching langchain versions newer than 0.0.300 due to langchain dropping support for wrapping or importing directly from root.
  • lib-injection: Update package files to not be world-writable.
  • data_streams: This fix resolves an issue where including exit signal handling for message queues caused imports of ddtrace in a thread to fail.

2.1.0

Upgrade Notes

  • pymemcache: The memcached.query span tag will no longer be set by the integration. This command includes keys that can potentially contain sensitive information. If you require this span tag, you can retain the existing functionality by setting DD_TRACE_MEMCACHED_COMMAND_ENABLED=true. This span tag can be redacted using DD_APM_REPLACE_TAGS in your Agent configuration.

New Features

  • CI Visibility: adds full test suite level visibility for unittest
  • ASM: Add support for automatic user login events in Flask when using flask_login.
  • tracer: This introduces collection of inferred service names. The agent version v7.46.0 contains a new field "extra_services" in the remote config client, that allows clients to list any additional services that are used within tracer spans. Knowing all service names used by a tracer instance help the UI give better feedback to the user.
  • tracer: Adds support for DD_TRACE_METHODS. This feature enables the
    specification of custom methods to be instrumented by the tracer when using ddtrace-run. See the configuration documentation for more information: https://ddtrace.readthedocs.io/en/v2.1.0/configuration.html.

... (truncated)

Commits
  • 3a6edf7 ci: run framework tests if frameworks.yml modified [backport #7379 to 1.20] [...
  • 4b92fa3 fix(appsec): transfer-encoding chunked requests are dropped [backport 2.1] (#...
  • 2aa0c06 ci: run build job on more paths [backport 2.1] (#7352)
  • 579fcdc fix(iast): patch json.encoder to encode LazyTaintDict as dict [backport 2.1] ...
  • 2508d28 fix(sampling): revert "refactor(writer): handle agent responses in the tracer...
  • 4d53299 fix(iast): potential string id collisions [backport 2.1] (#7324)
  • 70cfbf2 fix(debugging): function probes on same lazy module [backport 2.1] (#7312)
  • 88a3562 fix(ci_visibility): fix adding test.skipped_by_itr tag [backport 2.1] (#7305)
  • 8ba4ac5 fix(ci_visibility): fixes unittest enabling the CI VIsibility plugin [backpor...
  • fddae71 fix(appsec): flask hangs on empty body requests [backport 2.1] (#7288)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 1.9.3 to 2.1.4.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/2.x/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v1.9.3...v2.1.4)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 31, 2023
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 6, 2023

Superseded by #205.

@dependabot dependabot bot closed this Nov 6, 2023
@dependabot dependabot bot deleted the dependabot/pip/ddtrace-2.1.4 branch November 6, 2023 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants