feat(capablities)!: sleep & spawn capabilities by Aaalibaba42 · Pull Request #1873 · DataDog/libdatadog

Aaalibaba42 · 2026-04-13T17:22:43Z

What does this PR do?

Create the capabilities for Sleep and Spawn.
Change the terminology of Http Capability stuff to be more in line with current work.
Change some things about shared runtime.

Motivation

Before if we were to spawn tasks on wasm, we would have required a current thread tokio runtime blocking JS event loop until the end of the tokio runtime itself. Now in wasm we delegate tasks to the eventloop itself, making the whole thing non blocking, and enabling stuff like sleeping in a JS compatible way.

Additional Notes

/

How to test the change?

DataDog/libdatadog-nodejs#70

github-actions · 2026-04-13T17:23:58Z

📚 Documentation Check Results

⚠️ 4955 documentation warning(s) found

📦 `datadog-sidecar` - 2450 warning(s)

📦 `libdd-capabilities-impl` - 182 warning(s)

📦 `libdd-capabilities` - 14 warning(s)

📦 `libdd-data-pipeline` - 944 warning(s)

📦 `libdd-shared-runtime` - 187 warning(s)

📦 `libdd-trace-stats` - 609 warning(s)

📦 `libdd-trace-utils` - 569 warning(s)

Updated: 2026-04-29 10:14:08 UTC | Commit: 84b996c | missing-docs job results

github-actions · 2026-04-13T17:25:42Z

🔒 Cargo Deny Results

⚠️ 27 issue(s) found, showing only errors (advisories, bans, sources)

📦 `datadog-sidecar` - 6 error(s)

Show output

error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:37:1
   │
37 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     ├── datadog-ipc v0.1.0
     │   └── datadog-sidecar v0.0.1
     └── datadog-sidecar v0.0.1 (*)

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:283:1
    │
283 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── datadog-sidecar v0.0.1
      ├── libdd-common v4.0.0
      │   ├── datadog-ipc v0.1.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-live-debugger v0.0.1
      │   │   ├── datadog-remote-config v0.0.1
      │   │   │   ├── (dev) datadog-remote-config v0.0.1 (*)
      │   │   │   └── (dev) datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-remote-config v0.0.1 (*)
      │   ├── datadog-sidecar v0.0.1 (*)
      │   ├── libdd-capabilities-impl v1.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── (dev) libdd-data-pipeline v3.0.1
      │   │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   │   └── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-shared-runtime v0.1.0
      │   │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
      │   │   │   ├── libdd-telemetry v4.0.0
      │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── libdd-crashtracker v1.0.0
      │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │   └── libdd-crashtracker-ffi v32.0.0
      │   │   │   │   │       └── datadog-sidecar v0.0.1 (*)
      │   │   │   │   └── libdd-data-pipeline v3.0.1 (*)
      │   │   │   └── libdd-trace-stats v2.0.0
      │   │   │       ├── datadog-ipc v0.1.0 (*)
      │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │       └── libdd-data-pipeline v3.0.1 (*)
      │   │   ├── libdd-trace-stats v2.0.0 (*)
      │   │   └── libdd-trace-utils v3.0.1
      │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │       ├── libdd-data-pipeline v3.0.1 (*)
      │   │       ├── libdd-trace-stats v2.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v3.0.1 (*)
      │   ├── libdd-common-ffi v32.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── libdd-crashtracker-ffi v32.0.0 (*)
      │   ├── (build) libdd-crashtracker v1.0.0 (*)
      │   ├── libdd-crashtracker-ffi v32.0.0 (*)
      │   ├── libdd-data-pipeline v3.0.1 (*)
      │   ├── libdd-dogstatsd-client v2.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── libdd-data-pipeline v3.0.1 (*)
      │   ├── libdd-shared-runtime v0.1.0 (*)
      │   ├── libdd-telemetry v4.0.0 (*)
      │   ├── libdd-trace-stats v2.0.0 (*)
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── libdd-crashtracker v1.0.0 (*)
      ├── (dev) libdd-data-pipeline v3.0.1 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-stats v2.0.0 (*)
      ├── libdd-trace-utils v3.0.1 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.0
              ├── datadog-ipc v0.1.0 (*)
              ├── datadog-sidecar v0.0.1 (*)
              ├── libdd-data-pipeline v3.0.1 (*)
              ├── (dev) libdd-tinybytes v1.1.0 (*)
              └── libdd-trace-utils v3.0.1 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:309:1
    │
309 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-remote-config v0.0.1
          │       │   │   ├── (dev) datadog-remote-config v0.0.1 (*)
          │       │   │   └── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-remote-config v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v32.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-common-ffi v32.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:309:1
    │
309 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-remote-config v0.0.1
          │       │   │   ├── (dev) datadog-remote-config v0.0.1 (*)
          │       │   │   └── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-remote-config v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v32.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-common-ffi v32.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:309:1
    │
309 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-remote-config v0.0.1
          │       │   │   ├── (dev) datadog-remote-config v0.0.1 (*)
          │       │   │   └── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-remote-config v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v32.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-common-ffi v32.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v32.0.0 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:364:1
    │
364 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      ├── datadog-remote-config v0.0.1
      │   ├── (dev) datadog-remote-config v0.0.1 (*)
      │   └── (dev) datadog-sidecar v0.0.1
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v3.0.1
                  ├── datadog-live-debugger v0.0.1
                  │   ├── datadog-remote-config v0.0.1 (*)
                  │   └── datadog-sidecar v0.0.1 (*)
                  └── datadog-sidecar v0.0.1 (*)

advisories FAILED, bans ok, sources ok

📦 `libdd-capabilities-impl` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:64:1
   │
64 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
   │
   ├ ID: RUSTSEC-2026-0097
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
   ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
     
     - The `log` and `thread_rng` features are enabled
     - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
     - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
     - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
     - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
     
     `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
   ├ Announcement: https://github.com/rust-random/rand/pull/1763
   ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
   ├ rand v0.8.5
     └── (dev) libdd-common v4.0.0
         └── libdd-capabilities-impl v1.0.0

error[vulnerability]: Name constraints for URI names were incorrectly accepted
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:75:1
   │
75 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0098
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
   ├ Name constraints for URI names were ignored and therefore accepted.
     
     Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       └── libdd-capabilities-impl v1.0.0
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:75:1
   │
75 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0099
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
   ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
     
     This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
     This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       └── libdd-capabilities-impl v1.0.0
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:75:1
   │
75 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0104
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
   ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
     or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
     `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
     
     This panic is reachable prior to a CRL's signature being verified.
     
     Applications that do not use CRLs are not affected.
     
     Thank you to @tynus3 for the report.
   ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       └── libdd-capabilities-impl v1.0.0
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

advisories FAILED, bans ok, sources ok

📦 `libdd-capabilities` - ✅ No issues

📦 `libdd-data-pipeline` - 5 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:208:1
    │
208 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── libdd-common v4.0.0
      │   ├── libdd-capabilities-impl v1.0.0
      │   │   ├── (dev) libdd-data-pipeline v3.0.1
      │   │   ├── libdd-shared-runtime v0.1.0
      │   │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
      │   │   │   ├── libdd-telemetry v4.0.0
      │   │   │   │   └── libdd-data-pipeline v3.0.1 (*)
      │   │   │   └── libdd-trace-stats v2.0.0
      │   │   │       └── libdd-data-pipeline v3.0.1 (*)
      │   │   ├── libdd-trace-stats v2.0.0 (*)
      │   │   └── libdd-trace-utils v3.0.1
      │   │       ├── libdd-data-pipeline v3.0.1 (*)
      │   │       ├── libdd-trace-stats v2.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v3.0.1 (*)
      │   ├── libdd-data-pipeline v3.0.1 (*)
      │   ├── libdd-dogstatsd-client v2.0.0
      │   │   └── libdd-data-pipeline v3.0.1 (*)
      │   ├── libdd-shared-runtime v0.1.0 (*)
      │   ├── libdd-telemetry v4.0.0 (*)
      │   ├── libdd-trace-stats v2.0.0 (*)
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-data-pipeline v3.0.1 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-stats v2.0.0 (*)
      ├── libdd-trace-utils v3.0.1 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.0
              ├── libdd-data-pipeline v3.0.1 (*)
              ├── (dev) libdd-tinybytes v1.1.0 (*)
              └── libdd-trace-utils v3.0.1 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:230:1
    │
230 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:230:1
    │
230 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:230:1
    │
230 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── (dev) libdd-data-pipeline v3.0.1
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   ├── (dev) libdd-data-pipeline v3.0.1 (*)
          │       │   │   ├── libdd-telemetry v4.0.0
          │       │   │   │   └── libdd-data-pipeline v3.0.1 (*)
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   │       └── libdd-data-pipeline v3.0.1 (*)
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-data-pipeline v3.0.1 (*)
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-dogstatsd-client v2.0.0
          │       │   └── libdd-data-pipeline v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-telemetry v4.0.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:270:1
    │
270 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v3.0.1

advisories FAILED, bans ok, sources ok

📦 `libdd-shared-runtime` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:66:1
   │
66 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
   │
   ├ ID: RUSTSEC-2026-0097
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
   ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
     
     - The `log` and `thread_rng` features are enabled
     - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
     - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
     - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
     - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
     
     `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
   ├ Announcement: https://github.com/rust-random/rand/pull/1763
   ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
   ├ rand v0.8.5
     └── (dev) libdd-common v4.0.0
         ├── libdd-capabilities-impl v1.0.0
         │   └── libdd-shared-runtime v0.1.0
         └── libdd-shared-runtime v0.1.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:77:1
   │
77 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0098
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
   ├ Name constraints for URI names were ignored and therefore accepted.
     
     Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       ├── libdd-capabilities-impl v1.0.0
         │       │   └── libdd-shared-runtime v0.1.0
         │       └── libdd-shared-runtime v0.1.0 (*)
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:77:1
   │
77 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0099
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
   ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
     
     This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
     This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       ├── libdd-capabilities-impl v1.0.0
         │       │   └── libdd-shared-runtime v0.1.0
         │       └── libdd-shared-runtime v0.1.0 (*)
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:77:1
   │
77 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0104
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
   ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
     or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
     `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
     
     This panic is reachable prior to a CRL's signature being verified.
     
     Applications that do not use CRLs are not affected.
     
     Thank you to @tynus3 for the report.
   ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.0.0
         │       ├── libdd-capabilities-impl v1.0.0
         │       │   └── libdd-shared-runtime v0.1.0
         │       └── libdd-shared-runtime v0.1.0 (*)
         ├── libdd-common v4.0.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.0.0 (*)

advisories FAILED, bans ok, sources ok

📦 `libdd-trace-stats` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:183:1
    │
183 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.0.0
      │   ├── libdd-capabilities-impl v1.0.0
      │   │   ├── libdd-shared-runtime v0.1.0
      │   │   │   └── libdd-trace-stats v2.0.0
      │   │   ├── libdd-trace-stats v2.0.0 (*)
      │   │   └── libdd-trace-utils v3.0.1
      │   │       ├── libdd-trace-stats v2.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v3.0.1 (*)
      │   ├── libdd-shared-runtime v0.1.0 (*)
      │   ├── libdd-trace-stats v2.0.0 (*)
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-stats v2.0.0 (*)
      ├── libdd-trace-utils v3.0.1 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.0
              ├── (dev) libdd-tinybytes v1.1.0 (*)
              └── libdd-trace-utils v3.0.1 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:205:1
    │
205 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:205:1
    │
205 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:205:1
    │
205 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   ├── libdd-shared-runtime v0.1.0
          │       │   │   └── libdd-trace-stats v2.0.0
          │       │   ├── libdd-trace-stats v2.0.0 (*)
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-stats v2.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-shared-runtime v0.1.0 (*)
          │       ├── libdd-trace-stats v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

advisories FAILED, bans ok, sources ok

📦 `libdd-trace-utils` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:177:1
    │
177 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.0.0
      │   ├── libdd-capabilities-impl v1.0.0
      │   │   └── libdd-trace-utils v3.0.1
      │   │       └── (dev) libdd-trace-utils v3.0.1 (*)
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── libdd-trace-utils v3.0.1 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.0
              ├── (dev) libdd-tinybytes v1.1.0 (*)
              └── libdd-trace-utils v3.0.1 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-04-29 10:14:56 UTC | Commit: 84b996c | dependency-check job results

github-actions · 2026-04-13T17:25:43Z

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

Base Branch: origin/main
PR Branch: origin/jwiriath/runtime-capability

Summary by Rule

Rule	Base Branch	PR Branch	Change
unwrap_used	16	16	No change (0%)
Total	16	16	No change (0%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
`datadog-sidecar/src/service/agent_info.rs`	4	4	No change (0%)
`datadog-sidecar/src/service/stats_flusher.rs`	1	1	No change (0%)
`datadog-sidecar/src/service/tracing/trace_flusher.rs`	1	1	No change (0%)
`libdd-data-pipeline/src/telemetry/mod.rs`	1	1	No change (0%)
`libdd-data-pipeline/src/trace_buffer/mod.rs`	1	1	No change (0%)
`libdd-data-pipeline/src/trace_exporter/mod.rs`	2	2	No change (0%)
`libdd-trace-stats/src/stats_exporter.rs`	1	1	No change (0%)
`libdd-trace-utils/src/send_data/mod.rs`	5	5	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
`clippy-annotation-reporter`	5	5	No change (0%)
`datadog-ffe-ffi`	1	1	No change (0%)
`datadog-ipc`	21	21	No change (0%)
`datadog-live-debugger`	6	6	No change (0%)
`datadog-live-debugger-ffi`	10	10	No change (0%)
`datadog-profiling-replayer`	4	4	No change (0%)
`datadog-remote-config`	3	3	No change (0%)
`datadog-sidecar`	56	56	No change (0%)
`libdd-common`	10	10	No change (0%)
`libdd-common-ffi`	12	12	No change (0%)
`libdd-data-pipeline`	5	5	No change (0%)
`libdd-ddsketch`	2	2	No change (0%)
`libdd-dogstatsd-client`	1	1	No change (0%)
`libdd-profiling`	13	13	No change (0%)
`libdd-telemetry`	19	19	No change (0%)
`libdd-tinybytes`	4	4	No change (0%)
`libdd-trace-normalization`	2	2	No change (0%)
`libdd-trace-obfuscation`	8	8	No change (0%)
`libdd-trace-stats`	1	1	No change (0%)
`libdd-trace-utils`	15	15	No change (0%)
Total	198	198	No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

codecov-commenter · 2026-04-13T17:35:46Z

Codecov Report

❌ Patch coverage is 89.69466% with 54 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.82%. Comparing base (6b610e9) to head (a2db1c7).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1873      +/-   ##
==========================================
+ Coverage   71.78%   71.82%   +0.04%     
==========================================
  Files         434      437       +3     
  Lines       69951    70156     +205     
==========================================
+ Hits        50211    50391     +180     
- Misses      19740    19765      +25

Components	Coverage Δ
libdd-crashtracker	`66.19% <ø> (+0.19%)`	⬆️
libdd-crashtracker-ffi	`36.13% <ø> (+1.65%)`	⬆️
libdd-alloc	`98.77% <ø> (ø)`
libdd-data-pipeline	`85.97% <90.05%> (+0.10%)`	⬆️
libdd-data-pipeline-ffi	`71.94% <ø> (ø)`
libdd-common	`79.41% <ø> (ø)`
libdd-common-ffi	`73.87% <ø> (ø)`
libdd-telemetry	`68.06% <ø> (ø)`
libdd-telemetry-ffi	`19.37% <ø> (ø)`
libdd-dogstatsd-client	`82.64% <ø> (ø)`
datadog-ipc	`74.84% <ø> (-1.48%)`	⬇️
libdd-profiling	`81.62% <ø> (+0.01%)`	⬆️
libdd-profiling-ffi	`64.36% <ø> (ø)`
datadog-sidecar	`29.51% <100.00%> (+0.11%)`	⬆️
datdog-sidecar-ffi	`9.23% <ø> (+0.76%)`	⬆️
spawn-worker	`54.69% <ø> (ø)`
libdd-tinybytes	`93.16% <ø> (ø)`
libdd-trace-normalization	`81.71% <ø> (ø)`
libdd-trace-obfuscation	`87.26% <ø> (ø)`
libdd-trace-protobuf	`68.25% <ø> (ø)`
libdd-trace-utils	`89.31% <91.04%> (+0.04%)`	⬆️
datadog-tracer-flare	`∅ <ø> (∅)`
libdd-log	`74.69% <ø> (ø)`

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

dd-octo-sts · 2026-04-13T17:56:08Z

Artifact Size Benchmark Report

aarch64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so	7.63 MB	7.63 MB	0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a	83.31 MB	83.41 MB	+.12% (+103.46 KB) 🔍

aarch64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a	99.42 MB	99.53 MB	+.11% (+116.28 KB) 🔍
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.10 MB	10.17 MB	+.66% (+68.87 KB) 🔍

libdatadog-x64-windows

Artifact	Baseline	Commit	Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll	25.19 MB	25.24 MB	+.17% (+46.00 KB) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib	79.90 KB	79.90 KB	0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb	184.48 MB	184.93 MB	+.24% (+464.00 KB) 🔍
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib	918.37 MB	922.43 MB	+.44% (+4.06 MB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll	7.89 MB	7.90 MB	+.10% (+8.50 KB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib	79.90 KB	79.90 KB	0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb	23.67 MB	23.70 MB	+.13% (+32.00 KB) 🔍
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib	46.19 MB	46.25 MB	+.13% (+63.61 KB) 🔍

libdatadog-x86-windows

Artifact	Baseline	Commit	Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll	21.67 MB	21.71 MB	+.17% (+39.50 KB) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib	81.14 KB	81.14 KB	0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb	188.58 MB	189.09 MB	+.27% (+528.00 KB) 🔍
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib	904.02 MB	908.07 MB	+.44% (+4.05 MB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll	6.13 MB	6.14 MB	+.12% (+8.00 KB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib	81.14 KB	81.14 KB	0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb	25.35 MB	25.40 MB	+.18% (+48.00 KB) 🔍
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib	43.67 MB	43.74 MB	+.14% (+64.94 KB) 🔍

x86_64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a	74.27 MB	74.36 MB	+.12% (+91.36 KB) 🔍
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so	8.55 MB	8.55 MB	+.09% (+8.00 KB) 🔍

x86_64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a	91.78 MB	91.88 MB	+.10% (+100.95 KB) 🔍
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.20 MB	10.21 MB	+.11% (+11.75 KB) 🔍

bantonsson · 2026-04-16T12:49:34Z

+            stats = StatsComputationStatus::DisabledByAgent { bucket_size };
+        }
+
+        #[cfg(all(not(target_arch = "wasm32"), feature = "telemetry"))]


Can't this #[cfg...] mess be separated out in some way? This is barely readable.

I'm not sure how without making spaghetti, do you have something in mind ?

One possibility would be to accept that the two implementations are too different and make two separate versions of build. If there's really code duplication maybe some part can be moved into separate helpers?

(or dually move the platform-dependents bit into bespoke functions?)

VianneyRuhlmann · 2026-04-20T16:13:05Z

+    {
+        RuntimeJoinHandle(ctx.spawn(future))
+    }
+}


Should this be replaced by NativeSpawnCapability

I don't think it should:

NativeSpawnCapability lives in libdd-capabilities-impl, which is a leaf crate, libdd-shared-runtime (a core crate) can't depend on it without inverting the layering

libdd-capabilities-impl doesn't compile on wasm32, and this module needs to (the non-fork parts are wasm-compatible)

We could make the fork methods generic and have the FFI caller pass a spawner in, but it adds API surface for no real benefit, the internal RuntimeSpawner is a 5-line ZST that avoids the dependency while keeping the fork hooks simple

I might be missing something, but when you say:

NativeSpawnCapability lives in libdd-capabilities-impl, which is a leaf crate, libdd-shared-runtime (a core crate) can't depend on it without inverting the layering

Why should shared_runtime depend on it once we move everything to libdd-capabilities-impl? I think (but I'm not sure) @VianneyRuhlmann's question is, or at least the one I have as well, is why this code has to be in shared_runtime at all. It naively looks like it's entirely capability and native-specific, so should live in libdd-capabilities-impl. Do you need some private symbols from here?

The fork methods are impl SharedRuntime and access private fields. They can't move to libdd-capabilities-impl without making those fields public. RuntimeSpawner is only consumed by these methods, so it's co-located with them. Moving just the spawner out wouldn't buy anything since the methods that use it must stay here regardless

I see, thanks! Now I wonder if we shouldn't just move all of the shared runtime crate into libdd-capabilities 😛 but that's another debate for another day I guess. Current situation sounds reasonable for this PR.

Though, the new refactoring also removed shutdown and block_on from WASM interface. Is that ok?

I think it is, we don't really want to do these since it would amount to blocking the EventLoop (and we can't shut it down). The point is mainly to have a "proxy" for shared runtime when throwing futures on the JS side.

Maybe moving more of the shared_runtime as a capability would make sens, but I don't think we can escape the fact that we would not have the same API on both platforms because they can't do the same things. So except having sub-capabilities for SharedRuntimeCapabilityCapabilities, which is a mouthful (amongst other problems), I don't know how we'd bridge that gap.

That makes sense. I could see something like having a capability (AsyncCapability ? But JS does have async 🤔 ) that would only be implemented by native, but as you say, it doesn't change the state of affairs; it merely pushes the detail into the capability crate (which maybe is still nice to have, but not a fundamental improvement either)

yannham

I have mixed feelings about the complexity and boilerplate added. Part of it is inherent to the capability approach. So the elephant in the room: is it acted and 100% decided that we want to go the WASM route and that we should support that? It has an impact of the whole of libdatadog, and it seems for now that the route for dd-trace-js is not entirely decided yet. It's obviously not one person's decision, but I wonder if we should move forward and merge things if this is not fully committed yet; since it's far-reaching, it might be harder to revert than just a git revert, as people will quickly build on it.

Another point is the shared runtime. My understanding was that the whole promise of capabilities (vs a more classical platform-specific swappable module implementation as we do for linux vs windows for example) was to push all of the WASM and node-specific concerns out of libdatadog. However the impression when looking at the shared runtime's changes is that it's full of WASM-specific concerns, which feels like we got the drawbacks of both approaches (complexity + wasm-specific code in libdatadogand cfg gates). Some functions are available on WASM, some others are not. I'm not sure yet what's the conclusion, but I think the interface of the shared runtime should be reworked if we want it to work with capabilities. Maybe the conclusion is that the whole shared runtime should be a capability, since it's offering an API that has fundamentally different implementation on WASM and native (and it seems impossible to delegate that to existing capabilities). Or maybe the answer is that we need to move some of the shared runtime into new capability.ies for async, but can still keep some code in libdd-shared-runtime. In any case, the current situation feels a bit wrong.

yannham · 2026-04-22T08:48:52Z

+/// `T` instead of `Result<T, JoinError>`.
+///
+/// A `JoinError` means the spawned task panicked or was aborted. Workers use
+/// `CancellationToken` for graceful shutdown, so `JoinError` indicates a bug.


It's really a detail, but I think they don't use cancellation tokens any more with the new shared runtime?

yannham · 2026-04-22T09:26:09Z

+    {
+        RuntimeJoinHandle(ctx.spawn(future))
+    }
+}


I might be missing something, but when you say:

NativeSpawnCapability lives in libdd-capabilities-impl, which is a leaf crate, libdd-shared-runtime (a core crate) can't depend on it without inverting the layering

Why should shared_runtime depend on it once we move everything to libdd-capabilities-impl? I think (but I'm not sure) @VianneyRuhlmann's question is, or at least the one I have as well, is why this code has to be in shared_runtime at all. It naively looks like it's entirely capability and native-specific, so should live in libdd-capabilities-impl. Do you need some private symbols from here?

VianneyRuhlmann · 2026-04-22T11:21:27Z

        assert!(agent_info::get_agent_info().is_none());
        let shared_runtime = SharedRuntime::new().unwrap();
-        shared_runtime.spawn_worker(fetcher, true).unwrap();
+        let spawner = NativeCapabilities::new();


Can we remove the spawner and pass capabilities at shared_runtime init?

Storing the spawner in SharedRuntime would make it generic (SharedRuntime<S>) or require type erasing a non object-safe trait. It's also not straightforward because the fork recovery paths use their own internal RuntimeSpawner, not the caller-provided one. In practice, production callers already have capabilities in scope so passing it to spawn_worker isn't a burden imho

VianneyRuhlmann · 2026-04-22T13:39:38Z

    meta: StatsMetadata,
    sequence_id: AtomicU64,
-    client: H,
+    capabilities: Cap,


ultra nit: Since we're going to pass the capabilities in a lot of functions it would be nice to have a "standardized" way of passing it e.g. "always the first param" to make it easier to recognize.

Mmh I think this would be hard to enforce, and it can be conflicting with stuff etc. Generally I agree but I'm not sure it's realistic on a common codebase like this one. But clearly it's far from a hill I wish to die on.

fix: ZST spawner fix: docs and fixes fix(shared_runtime): implicit debug impl chore: format feat: change the Output to Result feat: mod native cfg gated for better readability chore: revert to main's version of thing

…r to a ZST

yannham

There might be some minor comments to be addressed still, but overall it's now in a good state to move forward.

…awnCapability

github-actions Bot added mini-agent sidecar common data-pipeline labels Apr 13, 2026

This comment has been minimized.

Sign in to view

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from 0f2d27f to 628bd2c Compare April 14, 2026 11:25

Aaalibaba42 changed the title ~~feat(capablities): sleep & spawn capabilities~~ feat(capablities)!: sleep & spawn capabilities Apr 14, 2026

Aaalibaba42 marked this pull request as ready for review April 14, 2026 13:22

Aaalibaba42 requested review from a team as code owners April 14, 2026 13:22

Aaalibaba42 requested review from mhlidd and removed request for a team April 14, 2026 13:22

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from 628bd2c to 4145e42 Compare April 15, 2026 08:47

bantonsson reviewed Apr 16, 2026

View reviewed changes

Comment thread libdd-trace-stats/src/stats_exporter.rs Outdated

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch 2 times, most recently from 166e5c7 to f4b19a7 Compare April 16, 2026 15:53

Aaalibaba42 requested a review from a team as a code owner April 20, 2026 09:49

Aaalibaba42 requested review from vpellan and removed request for a team April 20, 2026 09:49

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from 59f8c03 to f4b19a7 Compare April 20, 2026 09:50

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from f4b19a7 to be149e6 Compare April 20, 2026 09:50

Aaalibaba42 requested a review from bantonsson April 20, 2026 13:35

VianneyRuhlmann reviewed Apr 20, 2026

View reviewed changes

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from be149e6 to 2bc0664 Compare April 21, 2026 13:38

github-actions Bot removed the common label Apr 21, 2026

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch 2 times, most recently from ce7a92b to 29583cd Compare April 21, 2026 14:24

yannham reviewed Apr 22, 2026

View reviewed changes

VianneyRuhlmann reviewed Apr 22, 2026

View reviewed changes

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from c6789b6 to e8146c9 Compare April 27, 2026 12:13

feat(capablities): sleep & spawn capabilities

1e64b86

fix: ZST spawner fix: docs and fixes fix(shared_runtime): implicit debug impl chore: format feat: change the Output to Result feat: mod native cfg gated for better readability chore: revert to main's version of thing

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from e8146c9 to 1e64b86 Compare April 27, 2026 13:11

chore: rename sleeper to capabilites

6f3d539

yannham reviewed Apr 28, 2026

View reviewed changes

Comment thread libdd-shared-runtime/src/shared_runtime/pausable_worker.rs

feat: laziely instantiate the httpclient in native so that it's close…

01c2324

…r to a ZST

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from 68919da to a2db1c7 Compare April 29, 2026 10:11

feat: use type of the SpawnCapability directly on Native

6171c90

yannham approved these changes Apr 29, 2026

View reviewed changes

Aaalibaba42 requested a review from VianneyRuhlmann April 29, 2026 12:48

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from a2db1c7 to 6171c90 Compare April 30, 2026 10:05

Aaalibaba42 added 2 commits April 30, 2026 13:27

fix: remove RuntimeSpawner which was effectively a duplicate NativeSp…

b049afe

…awnCapability

fix: remove spawner

1b99b14

Aaalibaba42 force-pushed the jwiriath/runtime-capability branch from 8b92663 to 1b99b14 Compare April 30, 2026 15:00

Conversation

Aaalibaba42 commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Motivation

Additional Notes

How to test the change?

Uh oh!

github-actions Bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

📚 Documentation Check Results

📦 datadog-sidecar - 2450 warning(s)

📦 libdd-capabilities-impl - 182 warning(s)

📦 libdd-capabilities - 14 warning(s)

📦 libdd-data-pipeline - 944 warning(s)

📦 libdd-shared-runtime - 187 warning(s)

📦 libdd-trace-stats - 609 warning(s)

📦 libdd-trace-utils - 569 warning(s)

Uh oh!

github-actions Bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔒 Cargo Deny Results

📦 datadog-sidecar - 6 error(s)

📦 libdd-capabilities-impl - 4 error(s)

📦 libdd-capabilities - ✅ No issues

📦 libdd-data-pipeline - 5 error(s)

📦 libdd-shared-runtime - 4 error(s)

📦 libdd-trace-stats - 4 error(s)

📦 libdd-trace-utils - 4 error(s)

Uh oh!

github-actions Bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Clippy Allow Annotation Report

Summary by Rule

Annotation Counts by File

Annotation Stats by Crate

About This Report

Uh oh!

codecov-commenter commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

This comment has been minimized.

dd-octo-sts Bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Artifact Size Benchmark Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

yannham left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Aaalibaba42 commented Apr 13, 2026 •

edited

Loading

github-actions Bot commented Apr 13, 2026 •

edited

Loading

📦 `datadog-sidecar` - 2450 warning(s)

📦 `libdd-capabilities-impl` - 182 warning(s)

📦 `libdd-capabilities` - 14 warning(s)

📦 `libdd-data-pipeline` - 944 warning(s)

📦 `libdd-shared-runtime` - 187 warning(s)

📦 `libdd-trace-stats` - 609 warning(s)

📦 `libdd-trace-utils` - 569 warning(s)

github-actions Bot commented Apr 13, 2026 •

edited

Loading

📦 `datadog-sidecar` - 6 error(s)

📦 `libdd-capabilities-impl` - 4 error(s)

📦 `libdd-capabilities` - ✅ No issues

📦 `libdd-data-pipeline` - 5 error(s)

📦 `libdd-shared-runtime` - 4 error(s)

📦 `libdd-trace-stats` - 4 error(s)

📦 `libdd-trace-utils` - 4 error(s)

github-actions Bot commented Apr 13, 2026 •

edited

Loading

codecov-commenter commented Apr 13, 2026 •

edited

Loading

dd-octo-sts Bot commented Apr 13, 2026 •

edited

Loading

yannham left a comment •

edited

Loading

Aaalibaba42 Apr 27, 2026 •

edited

Loading

yannham left a comment •

edited

Loading