Conversation
* set network and http client ip on ai guard
* dont run serverless ci on release branch pushes too * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add comment to clarify the purpose of the compiler file * remove old and no longer relevant comment
…with 2 updates (#8049) Bumps the gh-actions-packages group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache). Bumps the gh-actions-packages group with 1 update in the /.github/actions/install directory: [actions/cache](https://github.com/actions/cache). Bumps the gh-actions-packages group with 1 update in the /.github/actions/node directory: [actions/cache](https://github.com/actions/cache). Bumps the gh-actions-packages group with 1 update in the /.github/actions/install/branch-diff directory: [actions/cache](https://github.com/actions/cache). Bumps the gh-actions-packages group with 2 updates in the /.github/workflows directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache). Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...95e58e9) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...95e58e9) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…inor-and-patch-dependencies group across 1 directory (#8047) Bumps the runtime-minor-and-patch-dependencies group with 1 update in the / directory: [oxc-parser](https://github.com/oxc-project/oxc/tree/HEAD/napi/parser). Updates `oxc-parser` from 0.121.0 to 0.126.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/napi/parser/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/crates_v0.126.0/napi/parser) --- updated-dependencies: - dependency-name: oxc-parser dependency-version: 0.126.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: runtime-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com>
`flushStartupLogs` is called both with the main `./log` module (which natively supports deferred/lazy message formatting via function arguments) and with the simpler `./log/writer` pass-through (which does not). Callers that push a closure onto the warnings queue — as recommended by the log module's docs for expensive formatting — ended up being stringified to `[object Function]` when the writer was used. Invoke the closure at the call site so both log surfaces behave consistently. This is a minimal, self-contained fix with no change to the public API: callers that pass a string still work exactly as before.
`IncomingMessage.connection` is a deprecated alias for `.socket` (DEP0163 in Node.js since v13). Every access emits a deprecation warning, including from light-my-request's request mock, which makes the deprecation pipe through to downstream consumers of dd-trace. On real `http` / `http2` request objects `req.socket` and `req.connection` point to the exact same object reference, so dropping the second check is observationally equivalent — there is no combination of real request plumbing where `socket.encrypted` is falsy while `connection.encrypted` is truthy. A unit test that was previously asserting the legacy alias is updated to document the new behavior and act as a regression guard so nobody reintroduces the deprecated read. Refs: https://nodejs.org/docs/latest-v18.x/api/http.html#messageconnection
The debugger's `getDebuggerConfig` helper now forwards the tracer's `inputPath` alongside the existing fields. The test that pins the exact set of keys was still enumerating the old list and would start failing as soon as anyone touched the config snapshot, despite the new key being fully intentional. Add `inputPath` to the asserted set so this test tracks reality. Pure catch-up — no behavior change.
Playwright's `page.evaluate(fn)` stringifies the callback with `fn.toString()` and ships the source into the chromium worker, where it runs with no access to the Node.js module graph. That is normally fine, but it breaks the moment the calling file is instrumented by NYC: the serialized body references NYC's counter globals (`cov_xxxx.f[0]++`, etc.) which do not exist in the browser, so the evaluate fails at runtime with `ReferenceError: cov_xxxx is not defined`. The symptom is silent because Playwright surfaces the browser error asynchronously — tests just start flapping. Three coordinated pieces close the foot-gun for the whole codebase: 1. `packages/datadog-instrumentations/src/playwright-browser-scripts.js` is a new file that holds the two inline callbacks (`detectRum` and `stopRumSession`) that used to live in `playwright.js`. The file is required by the instrumentation and the two function values are passed through to `page.evaluate(...)` instead of anonymous arrows. 2. `nyc.config.js` adds `**/*-browser-scripts.js` to the exclusion list, so NYC never instruments these files. Renaming the file pattern requires updating both this glob and the eslint rule below — the in-source comment calls that out. 3. `eslint.config.mjs` adds a targeted `no-restricted-syntax` rule that errors when any `.evaluate(<inline function>)` call appears anywhere in the repo, pointing the author at the `*-browser-scripts.js` convention. Without the lint rule this class of bug would creep right back in the next time someone inlines a callback for convenience. Behavioral parity with the old code is intentional — both helpers return the exact same shapes they did when they were inline. Only the call sites change.
`RegExp.escape` is a very recent TC39 addition (stage-4 in 2024) and is not available on Node.js 18, which this repo still supports. The existing `assert.match(..., new RegExp(RegExp.escape(warning)))` would crash with a `TypeError: RegExp.escape is not a function` on the oldest supported runtime. Since the assertion only needed to confirm the joined warnings include a literal substring, swap it for `assert.ok(joined.includes(warning))` with a descriptive failure message. No pattern matching required, no polyfill added, and the test now works on every supported Node.js version.
The `Dynamic Instrumentation` suite listens for remote-config ack updates and asserts that the observed state is `ERROR`. The probe's worker can transiently emit `UNACKNOWLEDGED` before it transitions to `ERROR`, which caused the first ack to fail the strict-equality check and flake the suite on slower runners. Skip the transitional `UNACKNOWLEDGED` event so the assertion only runs on the terminal state we actually care about. The test still fails if the terminal state is anything other than `ERROR` — we are only loosening the timing of when it is allowed to arrive.
`assertOnBreakpoint` accepts either a callback (in which case it
applies `DEFAULT_CAPTURE_LIMITS`) or a `{ snapshotConfig, callback }`
pair. The second shape was replacing the full capture-limits object with
whatever the caller passed in, so tests that only wanted to override a
single field (e.g. `maxReferenceDepth`) silently dropped every other
default and behaved unpredictably.
Spread the defaults underneath the caller's override so partial configs
refine the defaults instead of replacing them — matching the callback-
only path's semantics and what every existing caller expects.
* feat(llmobs): add MCP client support with tracing and LLMObs integrations Adds instrumentation for @modelcontextprotocol/sdk with APM tracing and LLMObs traces.
The `FlaggingProvider` implementation was migrated to printf-style
`log.debug('%s created with timeout: %dms', ...)` calls (cheaper in
hot paths because the format string is only expanded when the log
level is active). Two spec assertions still expected the pre-formatted
interpolated strings and would fail once the production change lands.
Update the two `sinon.assert.calledWith` calls to match the new
format-string + positional-args shape. Pure test catch-up.
…ss 2 directories with 7 updates (#8066) Bumps the dev-minor-and-patch-dependencies group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `9.0.0` | `9.1.0` | | [bun](https://github.com/oven-sh/bun) | `1.3.11` | `1.3.12` | | [eslint-plugin-cypress](https://github.com/cypress-io/eslint-plugin-cypress) | `6.2.2` | `6.3.1` | | [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` | | [workerpool](https://github.com/josdejong/workerpool) | `10.0.1` | `10.0.2` | Bumps the dev-minor-and-patch-dependencies group with 1 update in the /docs directory: [typedoc](https://github.com/TypeStrong/TypeDoc). Updates `@actions/github` from 9.0.0 to 9.1.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `bun` from 1.3.11 to 1.3.12 - [Release notes](https://github.com/oven-sh/bun/releases) - [Commits](oven-sh/bun@bun-v1.3.11...bun-v1.3.12) Updates `eslint-plugin-cypress` from 6.2.2 to 6.3.1 - [Release notes](https://github.com/cypress-io/eslint-plugin-cypress/releases) - [Commits](cypress-io/eslint-plugin-cypress@v6.2.2...v6.3.1) Updates `globals` from 17.4.0 to 17.5.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.4.0...v17.5.0) Updates `typescript` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v6.0.2...v6.0.3) Updates `workerpool` from 10.0.1 to 10.0.2 - [Changelog](https://github.com/josdejong/workerpool/blob/master/HISTORY.md) - [Commits](josdejong/workerpool@v10.0.1...v10.0.2) Updates `typescript` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v6.0.2...v6.0.3) Updates `typedoc` from 0.28.18 to 0.28.19 - [Release notes](https://github.com/TypeStrong/TypeDoc/releases) - [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md) - [Commits](TypeStrong/typedoc@v0.28.18...v0.28.19) --- updated-dependencies: - dependency-name: "@actions/github" dependency-version: 9.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-and-patch-dependencies - dependency-name: bun dependency-version: 1.3.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-minor-and-patch-dependencies - dependency-name: eslint-plugin-cypress dependency-version: 6.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-and-patch-dependencies - dependency-name: globals dependency-version: 17.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-and-patch-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-minor-and-patch-dependencies - dependency-name: workerpool dependency-version: 10.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-minor-and-patch-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-minor-and-patch-dependencies - dependency-name: typedoc dependency-version: 0.28.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The existing spec hard-required the root-installed copy of
\`light-my-request\` and \`fastify\`, so it only ever exercised one
version on CI and silently ignored the rest of the supported range.
Every other instrumentation suite uses \`withVersions\` to sweep the
version matrix maintained by \`install_plugin_modules\`.
Three coordinated changes restore that behavior:
1. The spec is wrapped in \`withVersions('light-my-request', ...)\`
and the module \`require\`s now resolve through
\`versions/light-my-request@<version>\` / \`versions/fastify\`, so
each supported version actually runs.
2. \`packages/dd-trace/test/plugins/externals.js\` registers \`fastify\`
(>=3) as an external dependency of the \`light-my-request\` suite so
the matrix installer stages a working fastify alongside each
\`light-my-request\` version.
3. \`.github/workflows/platform.yml\` adds the
\`instrumentation-light-my-request\` job, mirroring the pattern used
by the other \`instrumentation-*\` jobs, so CI actually invokes the
newly-parameterized suite.
No production code changes, so the blast radius is test-only.
tracer.setUrl(url) is a documented public API that crashes with "TypeError: this._exporter.setUrl is not a function" whenever OTLP traces export is enabled (OTEL_TRACES_EXPORTER=otlp), because the OTLP exporter introduced in #7531 never implemented the method that the DatadogTracer expects. Persist defaultPath on the exporter instance and add a setUrl(url) method that re-parses the URL and updates hostname, port, and path in place, so customer calls to tracer.setUrl actually retarget OTLP traffic rather than throwing.
* upgrade docs typescript * fix additional test error
#8031) Three related bugs in the OTel-to-Datadog context bridge are fixed: 1. `SpanContext` is a composition wrapper that exposes `traceFlags` via `this._ddContext._sampling.priority`. The extractor was writing `_sampling` and `_trace` directly on the wrapper, so the values never reached `_ddContext` and `traceFlags` always returned 0 regardless of the `s:` field in the incoming tracestate. 2. `Number.parseInt(samplingPriorityTs, 10)` produced `NaN` when the `dd` tracestate member had no `s:` field. The `NaN` was then passed to `_getSamplingPriority`, where it slipped through both conditional branches and was returned as-is. `_getSamplingPriority` now uses the existing `AUTO_REJECT`/`AUTO_KEEP` constants and defaults to `AUTO_KEEP` when the tracestate priority is missing or not a number. The caller in `_convertOtelContextToDatadog` guards `parseInt` to avoid producing `NaN` in the first place. 3. The `origin` pulled from the `dd` tracestate (`o:` field) was being assigned to an inner block-scoped `const origin`, which shadowed the outer `origin` variable used when writing `_trace`. As a result the origin was silently dropped from every extracted OTel context.
Bumps the test-versions group with 1 update in the /integration-tests/esbuild directory: [axios](https://github.com/axios/axios). Updates `axios` from 1.15.0 to 1.15.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.0...v1.15.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test-versions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closed
Contributor
Overall package sizeSelf size: 5.67 MB Dependency sizes| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.1 | 82.56 kB | 817.39 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |🤖 This report was automatically generated by heaviest-objects-in-the-universe |
BridgeAR
requested review from
BridgeAR,
greghuels,
leoromanovsky and
litianningdatadog
and removed request for
a team
BridgeAR
previously approved these changes
Apr 29, 2026
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b0f7b97a3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
BridgeAR
previously approved these changes
Apr 29, 2026
Member
BridgeAR
left a comment
BridgeAR
left a comment
There was a problem hiding this comment.
Still LGTM after looking into the AI comment that turned out to be wrong
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b0f7b97a3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
This stops `MaxListenersExceededWarning` from crashing the test process on Node v24.15.0, which leaks an internal `socketErrorListener` on every keep-alive agent socket reuse. Tests that issue several requests through the same socket — `instrumentation-http` and the RASP fastify blocking suite are the current victims — pile up enough listeners to trip our strict `defaultMaxListeners=6` and crash via the warning rethrow. Detect the leak by its stable signature: two or more listeners named `socketErrorListener` on the same emitter for event `error`. The upstream fix is merged on Node `main` but not yet released in v24.x; once it ships the duplicates disappear and the detector returns false again, so real listener leaks resume throwing. Refs: nodejs/node#61770 Refs: nodejs/node#62872
dd-octo-sts
Bot
force-pushed
the
v5.99.0-proposal
branch
from
8b0f7b9 to
687023a
Compare
* Fix Stripe instrumentation + test * Pin latest stripe on plugin test versions
This fixes a stale-patch loop where the Node setup action's 20-minute key rotation was a no-op. 24.15.0 and 22.22.1 took ~2 weeks to land in CI after release. Two bugs interact. The cache step's restore-keys omits the time block, so every cross-window run partial-matches the previous cache and restores the prior resolved patch. The setup-node step then keys check-latest off file existence rather than cache-hit, so it passes the cached patch with check-latest=true. Because semver matches an exact spec only against itself, check-latest never upgrades 24.14.0 to 24.15.0; the save step re-pins the stale value under the new key. New patches only land when the cache is fully evicted. Pass the major (not the cached patch) whenever the cache misses exactly, and gate that on cache-hit. Exact hits within a 20-minute window still install the cached patch and skip the manifest lookup; cross-window runs go through the manifest, and the save step captures the upgraded patch under the new key.
dd-octo-sts
Bot
force-pushed
the
v5.99.0-proposal
branch
from
687023a to
bc38b02
Compare
BridgeAR
approved these changes
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fe44ddbe67] - (SEMVER-PATCH) ci: refresh Node patch versions on cross-window cache restores (Ruben Bridgewater) #81795f582369a6] - (SEMVER-PATCH) refactor: use the same symbol to instrument pino across versions (Roch Devost) #81812fa6f67207] - (SEMVER-PATCH) test: fix race condition in sandbox pack lock (Roch Devost) #8183b815a11c33] - (SEMVER-PATCH) fix(appsec): Fix regression on Stripe instrumentation (Carles Capell) #818696c92d966e] - (SEMVER-PATCH) test: ignore Node http socketErrorListener leak (Ruben Bridgewater) #8177a9013ae0e9] - (SEMVER-PATCH) add dependabot ignore rule for rspack (Roch Devost) #8171927ac5e849] - (SEMVER-PATCH) test: do not hide mocha errors for nested suites (Ilyas Shabi) #816401e27459f9] - (SEMVER-PATCH) fix(engines): set engines upper limit back to node 26 (Pablo Erhard) #81744749d90ab6] - (SEMVER-PATCH) chore(ci) update one-pipeline (gh-worker-campaigns-3e9aa4[bot]) #81232ffb5f95e1] - (SEMVER-PATCH) test(debugger): detect bracketedbyteLengthat runtime (Ruben Bridgewater) #8172abf7139eef] - (SEMVER-PATCH) fix: make DD_TRACING_ENABLED an alias of DD_APM_TRACING_ENABLED (Ruben Bridgewater) #814074a0c98c05] - (SEMVER-PATCH) chore(deps): bump actions/setup-node (dependabot[bot]) #8168ef3fc9dd4f] - (SEMVER-PATCH) remove junit upload action (Roch Devost) #814885e6201985] - (SEMVER-PATCH) chore(ci): run all system-tests scenario even if empty when running on master/sc… (Nicolas Catoni) #80676089c4455d] - (SEMVER-PATCH) test: do not hide mocha errors (Ruben Bridgewater) #81472d2ed5be7f] - (SEMVER-PATCH) test: make sure unknown config entries cause an error (Ruben Bridgewater) #81529c8fd58d13] - (SEMVER-PATCH) fix: use references for special configurations (Ruben Bridgewater) #8149dee9732051] - (SEMVER-PATCH) [test optimization] support TypeScript 6 in browser integration tests (Juan Antonio Fernández de Alba) #8137bb5fa497ac] - (SEMVER-PATCH) fix: telemetry for test optimization auto instrument provider (Ruben Bridgewater) #81350ad631d6eb] - (SEMVER-PATCH) chore(deps): bump oxc-parser from 0.126.0 to 0.127.0 in the runtime-minor-and-patch-dependencies group across 1 directory (dependabot[bot]) #815604cfa94ad4] - (SEMVER-PATCH) ci: reduce all green initial delay to 5 minutes (Roch Devost) #8107960cf202b8] - (SEMVER-PATCH) test: exclude versions folder from nyc coverage (Roch Devost) #81604daebfa9f8] - (SEMVER-MINOR) feat(profiling): observe async zlib and crypto events in timeline profiler (Attila Szegedi) #80428fbe16e2b0] - (SEMVER-PATCH) chore(deps): bump the gh-actions-packages group across 3 directories with 3 updates (dependabot[bot]) #8158581ce95744] - (SEMVER-PATCH) chore(deps-dev): bump the dev-minor-and-patch-dependencies group across 1 directory with 6 updates (dependabot[bot]) #81550e63640d6c] - (SEMVER-PATCH) test,ci: remove test agent to reduce test runtime and flakiness (Ruben Bridgewater) #809095010b2b4a] - (SEMVER-PATCH) ci,test: switch back to hoisted linker for bun (Roch Devost) #8142efaae8b89e] - (SEMVER-PATCH) ci: remove setup-bun workaround for unnecessary github api requests (Roch Devost) #8145a1d8a7f9d4] - (SEMVER-PATCH) chore(node): allow node 26 (Pablo Erhard) #814359177dfdc7] - (SEMVER-PATCH) test: fix max listener warning in test optimization tests (Ruben Bridgewater) #814460440710a3] - (SEMVER-MINOR) feat(openfeature): implement flag evaluation metrics (Oleksii Shmalko) #7993e68ef5869c] - (SEMVER-PATCH) fix(llmobs, anthropic): do not mutate anthropic create parameters (Sam Brenner) #81199cc799de52] - (SEMVER-PATCH) test(profiler): fix Profiler telemetry flake (Attila Szegedi) #8114260299e4c1] - (SEMVER-PATCH) chore(scripts): flag unquoted**globs in npm scripts (Ruben Bridgewater) #806187a8e3a6de] - (SEMVER-MINOR) Update AppSec rules to 1.18.0 (simon-id) #8121f40600d3a5] - (SEMVER-PATCH) remove empty after blocks in cypress tests (Roch Devost) #81178fc99d0283] - (SEMVER-PATCH) ci,test: warmup the nyc cache before running the tests (Roch Devost) #81304cefbaff79] - (SEMVER-PATCH) test: reduce CI flakiness via span-race filters (Ruben Bridgewater) #808727c35f7d22] - fix(llmobs): render BaseMessage in langgraph workflow I/O (Crystal Luc-Magloire) #8096df1f326b26] - (SEMVER-PATCH) Update junit upload action to v3.1.0 (Juan Antonio Fernández de Alba) #811811f5fccc28] - (SEMVER-PATCH) fix: fix AppSec http memory retention (Ruben Bridgewater) #802908322b5908] - (SEMVER-PATCH) split playwright and cypress tests in ci (Roch Devost) #809824339c29f9] - (SEMVER-PATCH) [test optimization] Fix CODEOWNERS extraction logic and playwright reported CI metadata (Juan Antonio Fernández de Alba) #811331624d78e1] - (SEMVER-PATCH) chore(deps): bump axios (dependabot[bot]) #810855f04b6d03] - (SEMVER-PATCH) fix(debugger): skip malformed ddtags (Thomas Watson) #8094e1b4ea50a1] - (SEMVER-PATCH) chore: ignore .omc/ directory (Alberto Vara) #8092be7d03c5ec] - (SEMVER-PATCH) ci: split tracing-ubuntu job in ci (Roch Devost) #8104603307bc7f] - (SEMVER-PATCH) test,ci: fix langchain being tested against Node.js 18 (Ruben Bridgewater) #8103c0ae7192f5] - (SEMVER-PATCH) chore: replace getValueFromEnvSources calls with config usage (Ruben Bridgewater) #808477c7719c2b] - (SEMVER-PATCH) chore: generate more narrow config types (Ruben Bridgewater) #8081a156a785b4] - (SEMVER-PATCH) fix: handle esm and cjs in rewriter (Ruben Bridgewater) #80005435c2b9a6] - (SEMVER-PATCH) refactor(opentelemetry): simplify OTLP traces setup per PR feat: support for OTLP trace export (http/json) #7531 review (Ruben Bridgewater) #8074fb34ecca9b] - (SEMVER-PATCH) test(otel): make tests robust against event emitter leak warnings (Ruben Bridgewater) #807545e61496c9] - (SEMVER-PATCH) move instrumentation to their own workflow (Roch Devost) #80390b022f346c] - (SEMVER-MINOR) feat(test-optimization): create final_status tag on test event for vitest (Sebastián Kay) #8064ab1f2a81ec] - (SEMVER-PATCH) chore(ci) : fix concurrency clause on master (Charles de Beauchesne) #80809ef3cb5605] - (SEMVER-PATCH) ci: pin datadog-ci for junit upload (Juan Antonio Fernández de Alba) #80785452091522] - (SEMVER-PATCH) [test optimization] fix cypress TS config auto-instrumentation and OTLP override (Juan Antonio Fernández de Alba) #8073ab1659c909] - (SEMVER-PATCH) ci: remove release status job (Roch Devost) #80708cd7c2672e] - (SEMVER-PATCH) chore(deps): bump axios (dependabot[bot]) #8076073fbd98fd] - (SEMVER-PATCH) fix(ws): add missing ctx.span guard in bindAsyncStart and asyncStart (nikhil tallapureddy) #8002c9fcca945b] - (SEMVER-PATCH) test: use parallel steps while in sandbox creation for performance (Ruben Bridgewater) #8028f408684039] - (SEMVER-PATCH) fix(otel): correct sampling priority and origin propagation from trac… (Ruben Bridgewater) #80319f10b0e7ff] - (SEMVER-PATCH) chore(project): upgrade typescript for docs (Sam Brenner) #8065237b091004] - (SEMVER-PATCH) fix(opentelemetry): implement setUrl on OTLP HTTP exporter base (Crystal Luc-Magloire) #80634882a30f74] - (SEMVER-MINOR) feat(ai-guard): add ai_guard.event tag to the root span (Manuel Álvarez Álvarez) #7998f020db65c9] - (SEMVER-PATCH) test(light-my-request): run suite under withVersions (Ruben Bridgewater) #80521efc8186ff] - (SEMVER-PATCH) chore(deps-dev): bump the dev-minor-and-patch-dependencies group across 2 directories with 7 updates (dependabot[bot]) #8066612d25e209] - (SEMVER-PATCH) chore(project): update sinon (Sam Brenner) #8062404f17549c] - (SEMVER-PATCH) test(openfeature): match printf-style log.debug args (Ruben Bridgewater) #80592958b11023] - (SEMVER-MINOR) feat(llmobs): add support for Model Context Protocol SDK (Crystal Luc-Magloire) #78451241a6187e] - (SEMVER-PATCH) ci: update flakiness report with a shorter summary (Roch Devost) #8038220434b97e] - (SEMVER-PATCH) test(debugger): merge caller snapshotConfig with defaults (Ruben Bridgewater) #805671719a0ce1] - (SEMVER-PATCH) test(debugger): ignore transitional UNACKNOWLEDGED state (Ruben Bridgewater) #8057237e32cf86] - (SEMVER-PATCH) test(profiling): replace RegExp.escape with includes check (Ruben Bridgewater) #8058182cbdb974] - (SEMVER-PATCH) refactor(playwright): extract browser-side evaluate callbacks (Ruben Bridgewater) #8060734ceffeb1] - (SEMVER-PATCH) test(debugger): assert newly-exposed inputPath key (Ruben Bridgewater) #8055ee37f93b3a] - (SEMVER-PATCH) fix: stop reading deprecated req.connection.encrypted (Ruben Bridgewater) #80513c6b53a878] - (SEMVER-PATCH) fix: support lazy startup log messages (Ruben Bridgewater) #80540b7ef4161e] - (SEMVER-PATCH) chore(ci) update one-pipeline (gh-worker-campaigns-3e9aa4[bot]) #8043b2e23abbc3] - (SEMVER-PATCH) chore(deps): bump oxc-parser from 0.121.0 to 0.126.0 in the runtime-minor-and-patch-dependencies group across 1 directory (dependabot[bot]) #804797ef341395] - (SEMVER-PATCH) chore(deps): bump the gh-actions-packages group across 5 directories with 2 updates (dependabot[bot]) #8049aff047fecd] - (SEMVER-PATCH) Rewriter compiler comment (Roch Devost) #803389cd561765] - (SEMVER-PATCH) dont run serverless ci on release branch pushes too (Olivier Nzia) #80351c136d23eb] - (SEMVER-PATCH) set network and http client ip on ai guard (Ilyas Shabi) #80348539f8800f] - (SEMVER-PATCH) Skip mquery plugin flaky test (Carles Capell) #8040