Bump ddtrace from 2.3.0 to 2.9.3

[dependabot]

Bumps ddtrace from 2.3.0 to 2.9.3.

Release notes

Sourced from ddtrace's releases.

2.9.3

Bug Fixes

• Code Security: Adds encodings.idna to the IAST patching denylist to avoid problems with gevent.
• Code Security: Adds the boto package to the IAST patching denylist.
• celery: Changes error.message span tag to no longer include the traceback that is already included in the error.stack span tag.
• CI Visibility: Fixes source file information that would be incorrect in certain decorated / wrapped scenarios, and forces paths to be relative to the repository root if present.
• LLM Observability: Resolves a typing hint error in the ddtrace.llmobs.utils.Documents helper class constructor where type hints did not accept input dictionaries with integer or float values.
• LLM Observability: Resolves an issue where the OpenAI and AWS Bedrock integrations were always setting temperature and max_tokens parameters to LLM invocations. The OpenAI integration in particular was setting the wrong temperature default values. These parameters are now only set if provided in the request.
• profiling: Fixes an issue where task information coming from echion was encoded improperly, which could segfault the application.
• tracing: Fixes a potential crash where using partial flushes and tracer.configure() could result in an IndexError.
• internal: fixes an issue where some pathlib functions return OSError on Windows.
• flask: Fix scenarios when using flask-like frameworks would cause a crash because of patching issues on startup.
• wsgi: Ensures the status of wsgi Spans are not set to error when a StopIteration exception is raised. With this change, StopIteration exceptions in this context will be ignored.
• langchain: Tags non-dict inputs to LCEL chains appropriately. Non-dict inputs are stringified, and dict inputs are tagged by key-value pairs.

Other Changes

• LLM Observability: The SDK allowed users to submit an unsupported numerical evaluation metric type. All evaluation metric types submitted with numerical type will now be automatically converted to a score type. As an alternative to using the numerical type, use score instead.

2.9.2

Bug Fixes

• futures: Fixes inconsistent behavior with concurrent.futures.ThreadPoolExecutor context propagation by passing the current trace context instead of the currently active span to tasks. This prevents edge cases of disconnected spans when the task executes after the parent span has finished.

Other Changes

• lib-injection: Updates base Alpine image to 3.20.

2.9.1

Deprecation Notes

• Removes the deprecated sqlparse dependency.

2.9.0

New Features

• LLM Observability: This introduces the LLM Observability SDK, which enhances the observability of Python-based LLM applications. See the LLM Observability Overview or the SDK documentation for more information about this feature.

• ASM: Application Security Management (ASM) introduces its new "Exploit Prevention" feature in public beta, a new type of in-app security monitoring that detects and blocks vulnerability exploits. This introduces full support for exploit prevention in the python tracer.

  • LFI (via standard API open)
  • SSRF (via standard API urllib or third party requests)

  with monitoring and blocking features, telemetry, and span metrics reports.

• opentelemetry: Adds support for span events.

• tracing: Ensures the following OpenTelemetry environment variables are mapped to an equivalent Datadog configuration (datadog environment variables taking precedence in cases where both are configured):

  OTEL_SERVICE_NAME -> DD_SERVICE
  

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

---

2.9.1

Deprecation Notes

• Removes the deprecated sqlparse dependency.

---

2.9.0

New Features

• LLM Observability: This introduces the LLM Observability SDK, which enhances the observability of Python-based LLM applications. See the LLM Observability Overview or the SDK documentation for more information about this feature.

• ASM: Application Security Management (ASM) introduces its new "Exploit Prevention" feature in public beta, a new type of in-app security monitoring that detects and blocks vulnerability exploits. This introduces full support for exploit prevention in the python tracer.

  • LFI (via standard API open)
  • SSRF (via standard API urllib or third party requests)

  with monitoring and blocking features, telemetry, and span metrics reports.

• opentelemetry: Adds support for span events.

• tracing: Ensures the following OpenTelemetry environment variables are mapped to an equivalent Datadog configuration (datadog environment variables taking precedence in cases where both are configured):

  OTEL_SERVICE_NAME -> DD_SERVICE
  OTEL_LOG_LEVEL -> DD_TRACE_DEBUG
  OTEL_PROPAGATORS -> DD_TRACE_PROPAGATION_STYLE
  OTEL_TRACES_SAMPLER -> DD_TRACE_SAMPLE_RATE
  OTEL_TRACES_EXPORTER -> DD_TRACE_ENABLED
  OTEL_METRICS_EXPORTER -> DD_RUNTIME_METRICS_ENABLED
  OTEL_RESOURCE_ATTRIBUTES -> DD_TAGS
  OTEL_SDK_DISABLED -> DD_TRACE_OTEL_ENABLED
  

• otel: Adds support for generating Datadog trace metrics using OpenTelemetry instrumentations

• aiomysql, asyncpg, mysql, mysqldb, pymysql: Adds Database Monitoring (DBM) for remaining mysql and postgres integrations lacking support.

• (aiomysql, aiopg): Implements span service naming determination to be consistent with other database integrations.

• ASM: This introduces the capability to enable or disable SCA using the environment variable DD_APPSEC_SCA_ENABLED. By default this env var is unset and in that case it doesn't affect the product.

• Code Security: Taints strings from gRPC messages.

• botocore: This introduces tracing support for bedrock-runtime embedding operations.

• Vulnerability Management for Code-level (IAST): Enables IAST in the application. Needed to start application with ddtrace-run [your-application-run-command] prior to this release. Now, you can also activate IAST with the patch_all function.

• langchain: This adds tracing support for LCEL (LangChain Expression Language) chaining syntax. This change specifically adds synchronous and asynchronous tracing support for the invoke and batch methods.

Known Issues

... (truncated)

Commits

• 94fe5ff fix: add encodings.idna to the denylist [backport 2.9] (#9886)
• ccc9a4f chore(llmobs): extract and refactor langchain llmobs tests [backport 2.9] (#9...
• f4324bd fix(celery): ensure error.message tag does not include stacktrace [backport 2...
• 0dbf2d5 fix(ci): add workaround for importlib-resources name discrepancies [backpor...
• ffa42c6 fix(wsgi): don't report stopiteration errors [backport 2.9] (#9828)
• 01291fc fix(llmobs): only set temperature/max_tokens if provided [backport #9756 to 2...
• 975e1e7 fix(internal): catch pathlib OSError in packages.py [backport 2.9] (#9722)
• f51b196 chore(llmobs): backport token metric key name changes to 2.9 (#9807)
• c14159e fix(flask): fix crashes with flask-like frameworks [backport 2.9] (#9749)
• 970f66a chore(ci): add OCI packaging [backport 2.9] (#9802)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the dbt-redshift contributing guide.

[dependabot]

A newer version of ddtrace exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.