Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ddtrace from 1.13.4 to 2.9.0 in /requirements #34749

Closed
wants to merge 1 commit into from
Closed

Bump ddtrace from 1.13.4 to 2.9.0 in /requirements #34749

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 11, 2024
edited
Loading

Bumps ddtrace from 1.13.4 to 2.9.0.

Release notes

Sourced from ddtrace's releases.

2.9.0

New Features

  • LLM Observability: This introduces the LLM Observability SDK, which enhances the observability of Python-based LLM applications. See the LLM Observability Overview or the SDK documentation for more information about this feature.

  • ASM: Application Security Management (ASM) introduces its new "Exploit Prevention" feature in public beta, a new type of in-app security monitoring that detects and blocks vulnerability exploits. This introduces full support for exploit prevention in the python tracer.

    • LFI (via standard API open)
    • SSRF (via standard API urllib or third party requests)

    with monitoring and blocking features, telemetry, and span metrics reports.

  • opentelemetry: Adds support for span events.

  • tracing: Ensures the following OpenTelemetry environment variables are mapped to an equivalent Datadog configuration (datadog environment variables taking precedence in cases where both are configured):

    OTEL_SERVICE_NAME -> DD_SERVICE
OTEL_LOG_LEVEL -> DD_TRACE_DEBUG
OTEL_PROPAGATORS -> DD_TRACE_PROPAGATION_STYLE
OTEL_TRACES_SAMPLER -> DD_TRACE_SAMPLE_RATE
OTEL_TRACES_EXPORTER -> DD_TRACE_ENABLED
OTEL_METRICS_EXPORTER -> DD_RUNTIME_METRICS_ENABLED
OTEL_RESOURCE_ATTRIBUTES -> DD_TAGS
OTEL_SDK_DISABLED -> DD_TRACE_OTEL_ENABLED

  • otel: Adds support for generating Datadog trace metrics using OpenTelemetry instrumentations

  • aiomysql, asyncpg, mysql, mysqldb, pymysql: Adds Database Monitoring (DBM) for remaining mysql and postgres integrations lacking support.

  • (aiomysql, aiopg): Implements span service naming determination to be consistent with other database integrations.

  • ASM: This introduces the capability to enable or disable SCA using the environment variable DD_APPSEC_SCA_ENABLED. By default this env var is unset and in that case it doesn't affect the product.

  • Code Security: Taints strings from gRPC messages.

  • botocore: This introduces tracing support for bedrock-runtime embedding operations.

  • Vulnerability Management for Code-level (IAST): Enables IAST in the application. Needed to start application with ddtrace-run [your-application-run-command] prior to this release. Now, you can also activate IAST with the patch_all function.

  • langchain: This adds tracing support for LCEL (LangChain Expression Language) chaining syntax. This change specifically adds synchronous and asynchronous tracing support for the invoke and batch methods.

Known Issues

  • Code Security: Security tracing for the builtins.open function is experimental and may not be stable. This aspect is not replaced by default.
  • grpc: Tracing for the grpc.aio clients and servers is experimental and may not be stable. This integration is now disabled by default.

Upgrade Notes

  • aiopg: Upgrades supported versions to >=1.2. Drops support for 0.x versions.

Deprecation Notes

  • LLM Observability: DD_LLMOBS_APP_NAME is deprecated and will be removed in the next major version of ddtrace. As an alternative to DD_LLMOBS_APP_NAME, you can use DD_LLMOBS_ML_APP instead. See the SDK setup documentation for more details on how to configure the LLM Observability SDK.

Bug Fixes

  • opentelemetry: Records exceptions on spans in a manner that is consistent with the otel specification
  • ASM: Resolves an issue where an org could not customize actions through remote config.
  • Resolves an issue where importing asyncio after a trace has already been started will reset the currently active span.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

2.8.5

Known Issues

  • Code Security: Security tracing for the builtins.open function is experimental and may not be stable. This aspect is not replaced by default.
  • grpc: Tracing for the grpc.aio clients and servers is experimental and may not be stable. This integration is now disabled by default.

Bug Fixes

  • fix(grpc): This fix a bug in the grpc.aio support specific to streaming responses.
  • RemoteConfig: This fix resolves an issue where remote config did not work for the tracer when using an agent that would add a flare item to the remote config payload. With this fix, the tracer will now correctly pull out the lib_config we need from the payload in order to implement remote config changes properly.

2.8.4

Bug Fixes

  • telemetry: This fix resolves an issue when using pytest + gevent where the telemetry writer was eager initialized by pytest entrypoints loading of our plugin causing a potential dead lock.

2.7.10

Bug Fixes

  • Code Security: This fix solves an issue with fstrings where formatting was not applied to int parameters
  • logging: This fix resolves an issue where tracer.get_log_correlation_context() incorrectly returned a 128-bit trace_id even with DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED set to False (the default), breaking log correlation. It now returns a 64-bit trace_id.
  • profiling: Fixes a defect where the deprecated path to the Datadog span type was used by the profiler.

2.8.3

Bug Fixes

  • Code Security: This fix solves an issue with fstrings where formatting was not applied to int parameters
  • logging: This fix resolves an issue where tracer.get_log_correlation_context() incorrectly returned a 128-bit trace_id even with DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED set to False (the default), breaking log correlation. It now returns a 64-bit trace_id.
  • profiling: Fixes a defect where the deprecated path to the Datadog span type was used by the profiler.

... (truncated)

Commits
  • 1e4ecf9 chore(llmobs): deprecate name of ML app env var [backport 2.9] (#9466)
  • 1ef3be1 chore(tracer): simplify llmobs injection assertion on tracer propagation test...
  • 97b336d chore(ci): fix incorrect importlib_metadata name (#9467)
  • 9bbcb62 chore(ci): ensure we run tracer tests on llmobs changes [backport 2.9] (#9463)
  • 543a6d9 fix(opentelemetry): record errors in span events [backport 2.9] (#9448)
  • 01b9b10 feat(llmobs): add manual propagation helpers [backport 2.9] (#9452)
  • 74e0454 feat(llmobs): add official release note for LLM Obs [backport 2.9] (#9442)
  • 3c943fc chore(llmobs): increase default write timeout [backport 2.9] (#9439)
  • 8fbbfd4 feat(llmobs): submit tags for custom evaluation metrics [backport 2.9] (#9435)
  • 63c8173 fix(llmobs): fix langchain nested llm spans [backport 2.9] (#9433)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump ddtrace from 1.13.4 to 2.9.0 in /requirements
2b2496a 
Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 1.13.4 to 2.9.0.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v1.13.4...v2.9.0)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner June 11, 2024 11:13
@dependabot dependabot bot added the product/invisible Change has no end-user visible impact label Jun 11, 2024
@dependabot dependabot bot mentioned this pull request Jun 11, 2024
Closed
@dimagimon dimagimon added the dependencies Pull requests that update a dependency file label Jun 11, 2024
@millerdev
Copy link
Contributor

Superseded by #34908

@millerdev millerdev closed this Aug 6, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 6, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@millerdev millerdev deleted the dependabot/pip/requirements/ddtrace-2.9.0 branch August 6, 2024 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file product/invisible Change has no end-user visible impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@millerdev @dimagimon