Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump ddtrace from 1.0.0 to 1.13.0 in /src/supermarket #3140

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 31, 2023

Bumps ddtrace from 1.0.0 to 1.13.0.

Release notes

Sourced from ddtrace's releases.

1.13.0

Starting from ddtrace version 1.13.0, Automated User Login Events are enabled by default and currently only available for Devise.

What to expect from Automated User Login Events?

When enabled, any login or signup events will be automatically monitored. We will fill in the span with information extracted from the event.

Modes

The Automated User Login Events are configured to run in "safe" mode by default.

Safe mode focuses on preventing personally identifiable information (PII) from being reported. During safe mode, we only extract the ID from the user object. We report only IDs in the GUID format to avoid disclosing private information. In cases where IDs are not GUID, events will be reported without metadata.

Here is an example of a login event in safe mode:

{
  "appsec.events.users.login.success.track" => true,
  "usr.id" => "5ff35d04-445a-4d00-b6f1-31960153eaf6"
}

Automated User Login Events also provide an "extended" mode.

The extended mode aims to extract the maximum amount of information from the user. In extended mode, we report the ID regardless of its format and try to extract the user's email and username. Depending on the user application, we may be able to extract the user's email and username.

Here is an example of a login event in extended mode:

{
  "appsec.events.users.login.success.track" => true,
  "appsec.events.users.login.success.email" => "[email protected]",
  "appsec.events.users.login.success.username" => "John Doe",
  "usr.id" => "5ff35d04-445a-4d00-b6f1-31960153eaf6"
}

In cases where safe or extended mode is unable to extract information, we encourage users to manually monitor user login events using our public API.

How to configure Automated User Login Events:

  • Use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING to disable or change the mode.
    • To disable, use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=disable.
    • To change the mode, use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=safe|extended.
  • Add to your Datadog.configure block to configure via code:
Datadog.configure do |c|
</tr></table> 

... (truncated)

Changelog

Sourced from ddtrace's changelog.

[1.13.0] - 2023-07-31

Added

  • Core: Add support for Option precedence (#2915[])
  • Core: Add support for unsetting options (#2972[])
  • Core: Gauge primitive RubyVM::YJIT.runtime_stats, if YJIT is enabled (#2711[], #2959[])([@​HeyNonster][])
  • Core: Add Telemetry app-client-configuration-change event (#2977[])
  • Core: Improve our SafeDup module (#2960[])
  • Tracing: Add OpenSearch Integration (#2940[])
  • Tracing: Implement peer.service tag to integrations (#2982[])
  • Tracing: Add mandatory rpc and grpc tags for grpc integration (#2620[], #2962[])
  • Tracing: Include _dd.profiling.enabled tag (#2913[])
  • Tracing: Support host injection (#2941[], #3007[])
  • Tracing: Implement Dynamic Configuration for tracing (#2848[], #2973[])
  • Tracing: Add for dynamic log injection configuration (#2992[])
  • Tracing: Add sampling configuration with DD_TRACE_SAMPLING_RULES (#2968[])
  • Tracing: Add HTTP header tagging with DD_TRACE_HEADER_TAGS for clients and servers (#2946[], #2935[])
  • Profiling: Add fallback name/invoke location for unnamed threads started in native code (#2993[])
  • Profiling: Use invoke location as a fallback for nameless threads in the profiler (#2950[])
  • Profiling: Add fallback name for main thread in profiling data (#2939[])
  • Ci-app: Add Minitest CI integration (#2932[]) ([@​bravehager][])
  • Appsec: Devise integration and automatic user events (#2877[])
  • Appsec: Handle disabled tracing and appsec events (#2572[])
  • Appsec: Automate user events check for UUID in safe mode (#2952[])
  • Docs: Add Ruby 3.2 support to compatibility matrix (#2971[])

Changed

  • Core: Set maximum supported Ruby version (#2497[])
  • Core: Prevent telemetry requests from being traced (#2961[])
  • Core: Add env and type to Core configuration option (#2983[], #2988[], #2994[])
  • Core: Remove lazy from Core configuration option (#2931[], #2999[])
  • Profiling: Bump libdatadog dependency to version 3 (#2948[])
  • Profiling: Improve error message when ddtrace_profiling_loader fails to load (#2957[])
  • Tracing: Improve log injection runtime conditionals (#2926[], #2882[])

Fixed

  • Core: Fix polynomial-time regular expressions (#2814[])
  • Core: Fix environment variable for dynamic configuration polling interval (#2967[])
  • Core: Reduce remote configuration error logging noise (#3011[])
  • Tracing: Fix manual log injection for 128 bit trace_id (#2974[])
  • Tracing: Ensure the GRPC client interceptor return the response (#2928[]) ([@​KJTsanaktsidis][])
  • Tracing: Remove dynamic input used in regular expression (#2867[])
  • Tracing: Fix distributed tracing header formats (#3005[] )
  • Profiling: Fix profiler libmysqlclient version detection with mysql2-aurora gem (#2956[])
  • Profiling: Automatically enable profiler "no signals" workaround for passenger web server (#2978[])

[1.12.1] - 2023-06-14

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ddtrace](https://github.com/DataDog/dd-trace-rb) from 1.0.0 to 1.13.0.
- [Release notes](https://github.com/DataDog/dd-trace-rb/releases)
- [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md)
- [Commits](DataDog/dd-trace-rb@v1.0.0...v1.13.0)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from a team as code owners July 31, 2023 14:01
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jul 31, 2023
@dependabot dependabot bot force-pushed the dependabot/bundler/src/supermarket/ddtrace-1.13.0 branch from d3e597a to 4a910b0 Compare July 31, 2023 14:01
@netlify
Copy link

netlify bot commented Jul 31, 2023

👷 Deploy Preview for chef-supermarket processing.

Name Link
🔨 Latest commit d3e597a
🔍 Latest deploy log https://app.netlify.com/sites/chef-supermarket/deploys/64c7beda695a6b0008bbea69

@netlify
Copy link

netlify bot commented Jul 31, 2023

👷 Deploy Preview for chef-supermarket processing.

Name Link
🔨 Latest commit 4a910b0
🔍 Latest deploy log https://app.netlify.com/sites/chef-supermarket/deploys/64c7bedc3251380008b4c929

@sonarcloud
Copy link

sonarcloud bot commented Jul 31, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

@sonarcloud
Copy link

sonarcloud bot commented Jul 31, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 11, 2023

Superseded by #3152.

@dependabot dependabot bot closed this Sep 11, 2023
@dependabot dependabot bot deleted the dependabot/bundler/src/supermarket/ddtrace-1.13.0 branch September 11, 2023 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants