chore(deps): bump ddtrace from 3.5.1 to 3.7.1

[dependabot]

Bumps ddtrace from 3.5.1 to 3.7.1.

Release notes

Sourced from ddtrace's releases.

3.7.1

Bug Fixes

• CI Visibility: This fix resolves an issue where pytest-xdist would not exit with the proper status code if ATR was enabled.
• CI Visibility: This fix resolves an issue where ddtrace pytest plugin used with xdist would report test suites as failing even when all tests pass.

3.7.0

New Features

• AAP (ASM is now AAP)

  • Introduces a new user event sdk available through ddtrace.appsec.track_user_sdk for manual instrumentation.

• CI Visibility

  • Introduces the ability to gzip the payload when using the agentless setup, incurring in less network bandwidth consumption.

• LLM Observability

  • Adds support to automatically submit LiteLLM SDK requests to LLM Observability.

• Tracing

  • baggage: Adds support for automatically adding baggage key-value pairs to span tags. Baggage items from incoming HTTP headers are attached to spans as tags with a baggage. prefix The DD_TRACE_BAGGAGE_TAG_KEYS configuration allows users to specify a comma-separated list of baggage keys for span tagging, by default the value is set to user.id,account.id,session.id. When set to \*, all baggage keys will be converted into span tags. Setting it to an empty value disables baggage tagging.

Bug Fixes

• Code Security

  • The field representing the class name in IAST vulnerability location reporting was previously incorrectly named as class_name. This fix standardizes the naming and ensures that the correct field name is used (class).

• Dynamic Instrumentation

  • Fixes incompatibility between code origin and dynamic instrumentation probe on exit span functions.

• LLM Observability

  • openai: This fix resolves an issue where using client.beta.chat.completions.stream with openai patching caused an attribute error.
  • Resolves an issue where using client.beta.chat.completions.stream with LLM Observability enabled caused an attribute error
  • Resolves an issue where tool call names were not being captured for bedrock converse_stream calls.
  • Resolves an issue where bedrock converse_stream calls contained an extra empty output message.

• Profiling

  • Fixes an issue where inconsistent state in the native profiler code was causing excessive log messages to be emitted at an unprecedented rate, significantly increasing the size of end-user log files.

• Tracing

  • azure_functions: Resolves an issue where async functions throw an error when instrumented.
  • datastreams: Resolves an issue where failure to decode the data streams context caused infinite loops in data streams checkpoints.
  • futures: Resolves an edge case where trace context was not propagated to spans generated by the ThreadPoolExecutor.
  • kafka: Fixes an issue where a producer or consumer initialized with an unpacked config resulted in TypeError, causing a failed connection. confluent-kafka supports both unpacked and packed config; this change allows initialization with either.
  • telemetry: Improves periodic telemetry writer performance by removing unnecessary calls to importlib.metadata for reporting imported dependencies.
  • Fixes an issue where empty sampling rules list in remote configuration events caused an AttributeError when reinitializing the DatadogSampler. This prevented sampling rules from being reset. Note: This only affected cases where sampling rules were an empty list. It did not impact cases with at least one rule or when rules were set to null.
  • Fixes a bug in the sampling rule matcher where the pattern ?* was not being matched correctly for DD_TRACE_SAMPLING_RULES tags, due to it matching on spans with no tag matching the specified key.
  • Fixes an issue where span attributes were not truncated before encoding, leading to runtime error and causing spans to be dropped. Spans with resource name, tag key or value larger than 25000 characters will be truncated to 2500 characters.
  • Fixes RuntimeWarning from an unwaited coroutine during tab completion in IPython REPL when asyncio integration is active. Tracer now wraps an asyncio coroutine only when there is an active trace context.

3.7.0rc2

New Features

... (truncated)

Changelog

Sourced from ddtrace's changelog.

3.7.1

Bug Fixes

• CI Visibility
  • Resolves an issue where pytest-xdist would not exit with the proper status code if ATR was enabled.
  • Resolves an issue where ddtrace pytest plugin used with xdist would report test suites as failing even when all tests pass.

---

2.21.8

Bug Fixes

• Code Security:
  • Avoid excessive filtering of stacktrace locations when finding vulnerabilities. After this change, vulnerabilities that were previously discarded will now be reported. In particular, if they were found within code in site-packages or outside of the working directory.
  • Fixes a bug where invalid f-strings didn’t raise the expected "Unknown format code" error when IAST was enabled.
• Profiling:
  • Improve performance of the memory profiler for large heaps. The memory profiler previously did a linear search of tracked allocations for every free, which scaled very poorly with large heaps. Switch to a fast hash map.
• Other:
  • Fix a potential circular import with the psycopg2 contrib.
  • Code origin for spans: fixes a performance issue with exit spans.

---

2.21.6

Bug Fixes

• Code Security
  • Fixes an issue with PosixPath handling in path operations that could cause errors during taint tracking. This fix improves stability and slightly reduces import times.

---

3.2.3

Bug Fixes

• Code Security

  • Fixes an issue with PosixPath handling in path operations that could cause errors during taint tracking. This fix improves stability and slightly reduces import times.

• Lib-injection

  • Avoids zombie process from telemetry sender on startup.

• LLM Observability

  • Fixes an issue where LLMObs could not be enabled in a forked process when setting agentless_enabled=True or DD_LLMOBS_AGENTLESS_ENABLED=true.

... (truncated)

Commits

• 8e3ea51 fix(ci-visibility): proper test suite status with xdist [backport 3.7] (#13427)
• aa2c619 fix(ci-visibility): pytest-xdist atr compatibility [backport 3.7] (#13428)
• b257ad4 ci: pin system-tests version [3.7] (#13436)
• c1b7d44 ci(build): fix windows build errors from ddup [backport 3.7] (#13431)
• ea27de2 chore(tracer): handle None in activate_distributed_headers (#13329)
• aa52c00 fix(tracer): wrap asyncio only when active trace context (#13326)
• 2d662ac feat(ci-visibility): gzip agentless request payload (#13301)
• 601c0bd chore(llmobs): fix flush telemetry metric name (#13292)
• 8a87d83 chore(iast): improve iast report performance (#13300)
• c6833f9 fix(iast): incorrectly named as class_name (#13299)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)