Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependency dd-trace to v4.26.0 (#1346)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [dd-trace](https://togithub.com/DataDog/dd-trace-js) | [`5.2.0` -> `4.26.0`](https://renovatebot.com/diffs/npm/dd-trace/4.17.0/4.26.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dd-trace/4.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dd-trace/4.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dd-trace/4.17.0/4.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dd-trace/4.17.0/4.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>DataDog/dd-trace-js (dd-trace)</summary> ### [`v4.26.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.26.0): 4.26.0 [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.25.0...v4.26.0) ##### Security Fixes **lodash:** Remove reliance on vulnerable `lodash.pick` dependency ([#​3999](https://togithub.com/DataDog/dd-trace-js/issues/3999)), thanks [@​Nico385412](https://togithub.com/Nico385412) for the original PR and for notifying us ##### Bug Fixes **asm:** fix mquery vulnerability location ([#​3797](https://togithub.com/DataDog/dd-trace-js/issues/3797)) ##### Features **dsm:** add support for sqs/sns/kinesis in aws-sdk ([#​3864](https://togithub.com/DataDog/dd-trace-js/issues/3864)) ### [`v4.25.0`](https://togithub.com/DataDog/dd-trace-js/compare/v4.24.0...v4.25.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.24.0...v4.25.0) ### [`v4.24.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.24.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.23.0...v4.24.0) ##### Features - **profiling:** Add experimental CPU profiler ([#​3895](https://togithub.com/DataDog/dd-trace-js/issues/3895)) ##### Improvements - **profiling:** GA Code hotspots and endpoint collection ([#​3940](https://togithub.com/DataDog/dd-trace-js/issues/3940)) ##### Bug Fixes - **core:** Handle google-cloud-pubsub subscription closing ([#​2716](https://togithub.com/DataDog/dd-trace-js/issues/2716)) ### [`v4.23.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.23.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.22.0...v4.23.0) ##### Features - **core:** Add remote config support for custom tags ([#​3875](https://togithub.com/DataDog/dd-trace-js/issues/3875)) - **profiling:** Add a process_id that contains process pid to profiles ([#​3911](https://togithub.com/DataDog/dd-trace-js/issues/3911)) - **core:** Implement extended sampling ([#​3904](https://togithub.com/DataDog/dd-trace-js/issues/3904)) ##### Improvements - **core:** Add instrumentation support for node:\* specifiers ([#​3893](https://togithub.com/DataDog/dd-trace-js/issues/3893)) - **core:** Fix instrumentation support for Fastify versions >= 4.23.0 ([#​3893](https://togithub.com/DataDog/dd-trace-js/issues/3893)) ##### Bug Fixes - **profiling:** Fix compatibility with node < 14.18 ([#​3908](https://togithub.com/DataDog/dd-trace-js/issues/3908)) ### [`v4.22.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.22.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.21.0...v4.22.0) ##### Bug Fixes - **pino:** ignore pino error tests when node version is 21 ([#​3878](https://togithub.com/DataDog/dd-trace-js/issues/3878)) - **rhea:** fix rhea memory leak concerning inFlightDeliveries ([#​3833](https://togithub.com/DataDog/dd-trace-js/issues/3833)) - **profiling:** Fix recording times ([#​3891](https://togithub.com/DataDog/dd-trace-js/issues/3891)) - **core:** fix memory leak of req and res objects due to setTimeout wrapping repeatedly ([#​3896](https://togithub.com/DataDog/dd-trace-js/issues/3896)) ##### Improvements - **appsec:** Upgrade iast rewriter version to 2.2.2 ([#​3883](https://togithub.com/DataDog/dd-trace-js/issues/3883)) - **civisibility:** Update repository url validation ([#​3876](https://togithub.com/DataDog/dd-trace-js/issues/3876)) - **core:** flush custom metrics before process exit ([#​3842](https://togithub.com/DataDog/dd-trace-js/issues/3842)) - **nextjs:** Default Error Tagging for Pages in Next.js ([#​3892](https://togithub.com/DataDog/dd-trace-js/issues/3892)) - **profiling:** Add thread id labels to heap and wall profiles ([#​3888](https://togithub.com/DataDog/dd-trace-js/issues/3888)) ##### Features - **appsec:** GraphQL Blocking (3819) - **appsec:** API security sample rate via RC ([#​3868](https://togithub.com/DataDog/dd-trace-js/issues/3868)) - **appsec:** Pass resolver address as ephemeral type ([#​3897](https://togithub.com/DataDog/dd-trace-js/issues/3897)) - **core:** add support for configuring tracing client using remote configuration ([#​3395](https://togithub.com/DataDog/dd-trace-js/issues/3395)) ### [`v4.21.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.21.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.20.0...v4.21.0) ##### Bug Fixes - **profiling**: add source code integration tags to profiles ([#​3821](https://togithub.com/DataDog/dd-trace-js/issues/3821)) - **core**: do not report HTTP requests over 5 seconds as errors on Node 20 ([#​3853](https://togithub.com/DataDog/dd-trace-js/issues/3853)) - **core**: update protobuf for security reasons ([#​3851](https://togithub.com/DataDog/dd-trace-js/issues/3851)) - **core**: resolve the 0th argument of the restify controller promise ([#​3818](https://togithub.com/DataDog/dd-trace-js/issues/3818)) ##### Improvements - **core**: collapse Next.js static resources to reduce cardinality ([#​3809](https://togithub.com/DataDog/dd-trace-js/issues/3809)) - **civisibility**: waits for git to upload and re-request settings when `require_git` field is `true` ([#​3790](https://togithub.com/DataDog/dd-trace-js/issues/3790)) - **civisibiity**: do not report total code. coverage if itr is enabled ([#​3828](https://togithub.com/DataDog/dd-trace-js/issues/3828)) - **profiling**: Add DNS events to timeline ([#​3822](https://togithub.com/DataDog/dd-trace-js/issues/3822)) - **core**: add a new `http` service configuration option `enablePropagationWithAmazonHeaders` ([#​3836](https://togithub.com/DataDog/dd-trace-js/issues/3836)) - **appsec**: use existing response header instrumentation to detect Header Injection vulnerability when a unsafe string is written in a header ([#​3813](https://togithub.com/DataDog/dd-trace-js/issues/3813)) - **profiling**: Add Net events to timeline ([#​3832](https://togithub.com/DataDog/dd-trace-js/issues/3832)) - **core**: Partially upgrade instrumentation telemetry from v1 to v2 ([#​3827](https://togithub.com/DataDog/dd-trace-js/issues/3827)) - **civisibility**: Speed up git unshallow ([#​3839](https://togithub.com/DataDog/dd-trace-js/issues/3839)) - **core**: add a new environment variable to enable span leak detection at either logging or logging + manual gc modes ([#​3849](https://togithub.com/DataDog/dd-trace-js/issues/3849)) - **core**: add a GitHub security policy via SECURITY.md ([#​3863](https://togithub.com/DataDog/dd-trace-js/issues/3863)) - **appsec**: Apply new rules for header injection detection to prevent false positives ([#​3867](https://togithub.com/DataDog/dd-trace-js/issues/3867)) - **dsm**: Add Kafka offset lag to metrics sent by datastreams monitoring ([#​3761](https://togithub.com/DataDog/dd-trace-js/issues/3761)) - **profiling**: reduce overhead by removing lane logic from profiler library ([#​3880](https://togithub.com/DataDog/dd-trace-js/issues/3880)) ##### Features - **appsec**: add support for schema extraction when calling the waf ([#​3685](https://togithub.com/DataDog/dd-trace-js/issues/3685)) - **core**: add automatic instrumentation support for Aerospike v3.16.2 - v3.16.7, v4, v5 ([#​3830](https://togithub.com/DataDog/dd-trace-js/issues/3830), [#​3804](https://togithub.com/DataDog/dd-trace-js/issues/3804)) ### [`v4.20.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.20.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.19.0...v4.20.0) ##### Bug Fixes - **core**: always propagate tracestate when tracecontext is configured ([#​3810](https://togithub.com/DataDog/dd-trace-js/issues/3810)) - **profiling**: fix enabling of timeline profiler: ([#​3807](https://togithub.com/DataDog/dd-trace-js/issues/3807)) ##### Improvements - **profiling**: emit wall sample timestamps even when code hotspots aren't used ([#​3808](https://togithub.com/DataDog/dd-trace-js/issues/3808)) - **profiling**: memoize web tags in all ancestors ([#​3792](https://togithub.com/DataDog/dd-trace-js/issues/3792)) - **appsec**: load appsec rules in appsec/rule_manager.js ([#​3805](https://togithub.com/DataDog/dd-trace-js/issues/3805)) ### [`v4.19.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.19.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.18.0...v4.19.0) ##### Bug Fixes - **core**: modified telemetry.enabled to comply with instrumentation telemetry specs ([#​3765](https://togithub.com/DataDog/dd-trace-js/issues/3765)) - **appsec**: use exact version for `@datadog/native-appsec` ([#​3778](https://togithub.com/DataDog/dd-trace-js/issues/3778)) - **ci-visibility**: update git metadata extraction ([#​3771](https://togithub.com/DataDog/dd-trace-js/issues/3771)) - **profiling**: only consider the active span and its ancestors when looking for web tags ([#​3780](https://togithub.com/DataDog/dd-trace-js/issues/3780)) - **core**: restify: emit on DC channels w/ async handlers, fixes bug where path names repeat ([#​3782](https://togithub.com/DataDog/dd-trace-js/issues/3782)) ##### Improvements - **core**: use `dc-polyfill` instead of `diagnostics_channel` directly ([#​3722](https://togithub.com/DataDog/dd-trace-js/issues/3722)) - **appsec**: update AppSec rules to 1.9.0 ([#​3772](https://togithub.com/DataDog/dd-trace-js/issues/3772)) - **ci-visibility**: add flags to force code coverage reporting and test skipping ([#​3767](https://togithub.com/DataDog/dd-trace-js/issues/3767)) - **profiling**: restore eager release of tags, adapt endpoint profiling code ([#​3759](https://togithub.com/DataDog/dd-trace-js/issues/3759)) - **profiling**: cache web span lookup, so we only perform it once per span, release eagerly ([#​3779](https://togithub.com/DataDog/dd-trace-js/issues/3779) / [#​3781](https://togithub.com/DataDog/dd-trace-js/issues/3781)) - **core**: enable arm builds for single-step ([#​3791](https://togithub.com/DataDog/dd-trace-js/issues/3791)) - **appsec**: obfuscate secret tokens ([#​3786](https://togithub.com/DataDog/dd-trace-js/issues/3786)) - **appsec**: update collected request headers ([#​3795](https://togithub.com/DataDog/dd-trace-js/issues/3795)) - **profiling**: gc events profiler ([#​3770](https://togithub.com/DataDog/dd-trace-js/issues/3770)) - **core**: add DSM pathway hash to kafka spans, payload size for kafka stats ([#​3763](https://togithub.com/DataDog/dd-trace-js/issues/3763) / [#​3734](https://togithub.com/DataDog/dd-trace-js/issues/3734)) - **appsec**: update native-iast-taint-tracking to v1.6.4 ([#​3787](https://togithub.com/DataDog/dd-trace-js/issues/3787)) ##### Features - **core**: enable 128-bit ids by default ([#​3656](https://togithub.com/DataDog/dd-trace-js/issues/3656) / [#​3800](https://togithub.com/DataDog/dd-trace-js/issues/3800)) - **core**: otel span name translator ([#​3766](https://togithub.com/DataDog/dd-trace-js/issues/3766)) ### [`v4.18.0`](https://togithub.com/DataDog/dd-trace-js/releases/tag/v4.18.0) [Compare Source](https://togithub.com/DataDog/dd-trace-js/compare/v4.17.0...v4.18.0) ##### Bug Fixes - **core**: fix next.js build errors by refactoring config ([#​3748](https://togithub.com/DataDog/dd-trace-js/issues/3748)) - **core**: fix error in http plugin when it was enabled after request start ([#​3740](https://togithub.com/DataDog/dd-trace-js/issues/3740)) - **appsec**: Check only query and body parameters in nosql injections ([#​3725](https://togithub.com/DataDog/dd-trace-js/issues/3725)) - **appsec**: Fix knex nested queries ([#​3730](https://togithub.com/DataDog/dd-trace-js/issues/3730)) - **appsec**: Handle headers with array values ([#​3751](https://togithub.com/DataDog/dd-trace-js/issues/3751)) - **profiling**: Call the right method to unsubscribe from a channel ([#​3756](https://togithub.com/DataDog/dd-trace-js/issues/3756)) ##### Improvements - **core**: report tested integrations and their tested versions ([#​3669](https://togithub.com/DataDog/dd-trace-js/issues/3669)) - **core**: Support for node 21 ([#​3729](https://togithub.com/DataDog/dd-trace-js/issues/3729)) - **core**: Next.js: Don't Trace Middleware ([#​3702](https://togithub.com/DataDog/dd-trace-js/issues/3702)) - **core**: Make telemetry metrics true by default ([#​3747](https://togithub.com/DataDog/dd-trace-js/issues/3747)) - **core**: NextJS error handling ([#​3715](https://togithub.com/DataDog/dd-trace-js/issues/3715)) - **profiling**: Emit thread names in wall profiles ([#​3726](https://togithub.com/DataDog/dd-trace-js/issues/3726)) - **ci-visibility**: Add custom tags capability to playwright tests ([#​3741](https://togithub.com/DataDog/dd-trace-js/issues/3741)) - **ci-visibility**: Instrument suite parsing errors as failed suites ([#​3735](https://togithub.com/DataDog/dd-trace-js/issues/3735)) - **ci-visibility**: Better logs for intelligent test runner ([#​3742](https://togithub.com/DataDog/dd-trace-js/issues/3742)) - **ci-visibility**: Remove user credentials from `DD_GIT_REPOSITORY_URL` ([#​3744](https://togithub.com/DataDog/dd-trace-js/issues/3744)) - **ci-visibility**: Improve test status in test sessions for jest and mocha ([#​3736](https://togithub.com/DataDog/dd-trace-js/issues/3736)) - **appsec**: Add configurable IAST redaction pattern ([#​3720](https://togithub.com/DataDog/dd-trace-js/issues/3720)) - **appsec**: Generic telemetry logs ([#​3647](https://togithub.com/DataDog/dd-trace-js/issues/3647)) ##### Features - **appsec**: Hardcoded secret detection ([#​3687](https://togithub.com/DataDog/dd-trace-js/issues/3687)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Nextjs).
- Loading branch information