Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ddtrace from 2.13.0 to 2.14.4 #224

Closed
wants to merge 1 commit into from
Closed

Bump ddtrace from 2.13.0 to 2.14.4 #224

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 21, 2024
edited
Loading

Bumps ddtrace from 2.13.0 to 2.14.4.

Release notes

Sourced from ddtrace's releases.

2.14.4

Bug Fixes

  • Code Security
    • Ensures IAST propagation does not raise side effects related to re.finditer.
  • LLM Observability
    • botocore: Fixes bedrock model and model provider interpretation from modelId when using cross-region inference.
  • Profiling
    • Fixes an issue where stack v2 couldn't be enabled as pthread was not properly linked on some debian based images for aarch64 architecture.
  • Tracing
    • Resolves the issue where tracer flares would not be generated if unexpected types were received in the AGENT_CONFIG remote configuration product.

2.14.3

Bug Fixes

  • Code Security (IAST)
    • Ensures that only the IAST propagation context is cleared instead of all contexts, which could otherwise cause propagation loss in multithreaded applications. Additionally, it improves validations in both the Processor and Vulnerability Reporter, depending on whether IAST is active or not.
  • Profiling
    • Fixes endpoint profiling for stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.
  • Tracing
    • Ensures DD_TRACE_RATE_LIMIT environment variable is only applied to spans for which tracer sampling is configured. For spans not matching sampling rules default rate limits should be applied by the Datadog Agent.

2.14.2

Bug Fixes

  • Tracing

    • celery: Fixes an issue where celery.apply spans didn't close if the after_task_publish or task_postrun signals didn't get sent when using apply_async, which can happen if there is an internal exception during the handling of the task. This update also marks the span as an error if an exception occurs.
    • celery: Fixes an issue where celery.apply spans using task_protocol 1 didn't close by improving the check for the task id in the body.

  • Profiling

    • All files with platform-dependent code have had their filenames updated to reflect the platform they are for. This fixes issues where the wrong file would be used on a given platform.
    • Enables code provenance when using libdatadog exporter, DD_PROFILING_EXPORT_LIBDD_ENABLED, DD_PROFILING_STACK_V2_ENABLED, or DD_PROFILING_TIMELINE_ENABLED.
    • Fixes an issue where flamegraph was upside down for stack v2, DD_PROFILING_STACK_V2_ENABLED.

2.14.1

New Features

  • Code Security (IAST): Always report a telemetry log error when an IAST propagation error raises, regardless of whether the _DD_IAST_DEBUG environment variable is enabled or not.

Bug Fixes

  • tracing: Removes a reference cycle that caused unnecessary garbage collection for top-level spans.
  • Code Security: fix potential memory leak on IAST exception handling.
  • profiling: Fixes endpoint profiling when using libdatadog exporter, either with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.

2.14.0

Deprecation Notes

  • Tracing
    • Deprecates the DD_TRACE_SPAN_AGGREGATOR_RLOCK environment variable. It will be removed in v3.0.0.
    • Deprecates support for APM Legacy App Analytics. This feature and its associated configuration options are deprecated and will be removed in v3.0.0.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

2.11.7

Bug Fixes

  • LLM Observability
    • Fixes an issue where the OpenAI and LangChain integrations would still submit integration metrics even in agentless mode. Integration metrics are now disabled if using agentless mode via LLMObs.enable(agentless_enabled=True) or setting DD_LLMOBS_AGENTLESS_ENABLED=1.
  • Code Security
    • Resolves an issue where exploit prevention was not properly blocking requests with custom redirection actions.
    • Resolves an issue where partial matches on function names we aimed to patch were being patched instead of full matches on them.
    • Ensures the Initializer object is always reset and freed before the Python runtime.
  • Profiling
    • Improves the error message when the native exporter fails to load and stops profiling from starting if ddtrace is also being injected.
    • Fixes endpoint profiling when using libdatadog exporter, either with DD_PROFILING_EXPORT_LIBDD_ENABLED or DD_PROFILING_TIMELINE_ENABLED.

2.14.3

Bug Fixes

  • Code Security (IAST)
    • Ensures that only the IAST propagation context is cleared instead of all contexts, which could otherwise cause propagation loss in multithreaded applications. Additionally, it improves validations in both the Processor and Vulnerability Reporter, depending on whether IAST is active or not.
  • Profiling
    • Fixes endpoint profiling for stack v2, when DD_PROFILING_STACK_V2_ENABLED is set.
  • Tracing
    • Ensures DD_TRACE_RATE_LIMIT environment variable is only applied to spans for which tracer sampling is configured. For spans not matching sampling rules default rate limits should be applied by the Datadog Agent.

2.12.3

Bug Fixes

  • Code Security

    • This fix resolves an issue where exploit prevention was not properly blocking requests with custom redirection actions.
    • Ensure the Initializer object is always reset and freed before the Python runtime.

  • LLM Observability

    • Fixes an issue where the OpenAI and LangChain integrations would still submit integration metrics even in agentless mode. Integration metrics are now disabled if using agentless mode via LLMObs.enable(agentless_enabled=True) or setting DD_LLMOBS_AGENTLESS_ENABLED=1.
    • Resolves an issue in the LLMObs.annotate() method where non-JSON serializable arguments were discarded entirely. Now, the LLMObs.annotate() method safely handles non-JSON-serializable arguments by defaulting to a placeholder text.
    • Resolves an issue where attempting to tag non-JSON serializable request/response parameters resulted in a TypeError in the OpenAI, LangChain, Bedrock, and Anthropic integrations.
    • Resolves an issue where attempting to tag non-JSON serializable request arguments caused a TypeError. The Anthropic integration now safely tags non-JSON serializable arguments with a default placeholder text.
    • Resolves an issue where attempting to tag non-JSON serializable tool config arguments resulted in a TypeError. The LangChain integration now safely tags non-JSON serializable arguments with a default placeholder text.

... (truncated)

Commits
  • b5ffe01 chore(ci): bump riot version for 3.7 compatibility issues [backport 2.14] (#1...
  • 09bf799 fix(flare): handle non-dict AGENT_CONFIG products from RC [backport 2.14] (#1...
  • c549038 fix(iast): re.finditer aspect error [backport 2.14] (#11029)
  • 3425a46 fix(botocore): bedrock cross-region inference model name does not throw [back...
  • e0fc27d fix(profiling): explicitly link with thread library [backport-2.14] (#11002)
  • e583f98 chore(profiling): update relnote for endpoint stack v2 [backport 2.14] (#10981)
  • 3cada65 chore(ci): fix alpine test [backport 2.14] (#10989)
  • d00ae72 chore(iast): fix all known memleaks in the native module + safety fixes [back...
  • 70a2ee1 fix(tracing): only apply rate limits when trace sample rules are set [except ...
  • 7fcc3a0 docs: use $HOME/.asdf/bin instead of /usr/local/bin for installing hatch ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 21, 2024
@dependabot dependabot bot mentioned this pull request Oct 21, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/pip/ddtrace-2.14.4 branch from 31e1275 to 8ff4730 Compare October 26, 2024 06:17
@dependabot
Bump ddtrace from 2.13.0 to 2.14.4
d05bb0a 
Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.13.0 to 2.14.4.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v2.13.0...v2.14.4)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/ddtrace-2.14.4 branch from 8ff4730 to d05bb0a Compare October 26, 2024 06:42
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 4, 2024

Superseded by #231.

@dependabot dependabot bot closed this Nov 4, 2024
@dependabot dependabot bot deleted the dependabot/pip/ddtrace-2.14.4 branch November 4, 2024 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants