Bump ddtrace from 2.1.7 to 2.7.0

[dependabot]

Bumps ddtrace from 2.1.7 to 2.7.0.

Release notes

Sourced from ddtrace's releases.

2.7.0

New Features

• asgi: Trace websockets in asgi middleware behind feature flag. Set DD_ASGI_TRACE_WEBSOCKET=true to enable.
• tracing: Span and trace sampling rules are case insensitive.
• tracing: Tags provided in span and trace sampling rules now attempt to match against span._metrics in addition to span._meta, which was previously the only supported field.
• dbm: adds new ddh and dddb SQL comment attributes to enable connection with APM when using peer.service.
• tracing: Updates DD_TRACE_METHODS to use a new notation with : to differentiate between the base module and the method name (mymod.mysubmod:myclass.myfunc,myclass.otherfunc;...)
• tracing: This adds the Datadog-Entity-ID header to payloads sent to the Datadog Agent. This header can be set to the container ID or the container's cgroup node inode, and serves as a unique identifier for containers running under Linux cgroupv2.
• tracing: This introduces Glob matching support for service, name, and resource passed in with envar DD_TRACE_SAMPLE_RULES. Previously, the service, name, and resource were matched using exact string matching.
• lib-injection: Adds supports for installing ddtrace via single step instrumentation on python3.12

Deprecation Notes

• tracing: Using [] for DD_TRACE_METHODS (mymod.mysubmod.myclass[myfunc,otherfunc];...) is deprecated and will be removed in 3.0.0.
• This deprecates the passing in of methods or regex patterns for service, name, and resource for sampling rules. Please use the new Glob matching support instead.

Bug Fixes

• Vulnerability Management for Code-level (IAST): This fix addresses an issue where AST patching would generate code that fails to compile, thereby preventing the application from starting correctly.
• Vulnerability Management for Code-level (IAST): This fix addresses AST patching issues where other subscript operations than Load were being unintentionally patched, leading to compilation errors for the patched module.
• Vulnerability Management for Code-level (IAST): This fix addresses an issue where a vulnerability would be reported at line 0 if we couldn't extract the proper line number, whereas the default line number should be -1.
• tracing: This fix resolves an issue where previously some traces that were not sampled were not sent to the trace-agent, possibly affecting metrics. With this fix, all traces are sent to the agent.
• IAST: fix potentially empty ranges after executing the decode aspect.
• CI Visibility: fixes issues with pytest~=8.0 that would case crashes in certain scenarios, and returned different module names
• CI Visibility: fix a potential crash for Python<3.10 when a socket.timeout error was raised instead of the expected TimeoutError during CI Visibility API requests
• CI Visibility: This fix makes the CI Visibility system resilient to RuntimeErrors that can occur between pytest tests with coverage enabled.
• IAST: don't patch BytesIO since we don't have any aspects for it.
• tracing: This fix resolves an issue where the tracer could throw an uncaught error during process shutdown.
• botocore: Fixes bug where SQS and Kinesis results and errors were not recorded when DD_BOTOCORE_EMPTY_POLL_ENABLED=false. config.botocore.empty_poll_enabled=false and no records were found.
• profiling: fixes an issue that could have caused the profiler to stop if unable to determine the class name of a profiled function with CPython 3.11 and newer.
• tracing: Resolves telemetry import error raised when DD_INSTRUMENTATION_TELEMETRY_ENABLED is set to False.
• ASM: This fix resolves an issue where rules updated through remote config were not properly updating required waf addresses. This could lead to custom rules being ignored.
• ASM: This fix resolves an issue where remote config update in WAF policy from block attack tools policy to monitoring only policy could be ignored by tracer.
• Vulnerability Management for Code-level (IAST): Fixes an issue where requests stopped being analyzed after some time due.
• Vulnerability Management for Code-level (IAST): Fixes issues derived from AST patching code with type annotations.
• kafka: This fix resolves an issue where the use of a Kafka DeserializingConsumer could result in a crash when the deserializer in use returns a type without a __len__ attribute.

2.7.0rc1

Deprecation Notes

• tracing: Using [] for DD_TRACE_METHODS (mymod.mysubmod.myclass[myfunc,otherfunc];...) is deprecated and will be removed in 3.0.0.
• This deprecates the passing in of methods or regex patterns for service, name, and resource for sampling rules. Please use the new Glob matching support instead.

New Features

• asgi: Trace websockets in asgi middleware behind feature flag. Set DD_ASGI_TRACE_WEBSOCKET=true to enable.
• tracing: Span and trace sampling rules are case insensitive.
• tracing: Tags provided in span and trace sampling rules now attempt to match against span._metrics in addition to span._meta, which was previously the only supported field.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

---

v2.6.0

Upgrade Notes

• CI Visibility: DD_CIVISIBILITY_ITR_ENABLED now defaults to true, and the Datadog API (configured via the Datadog dashboard) now determines whether code coverage and test skipping are enabled.
• CI Visibility: the CI Visibility service is no longer enabled when the initial query to the Datadog test service settings API fails due to a 403 status code.

New Features

• botocore: Adds optional feature to propagate context between producers and consumers for AWS SQS, AWS SNS, and AWS Kinesis via DD_BOTOCORE_PROPAGATION_ENABLED environment variable. Adds optional feature to disable tracing of AWS SQS poll() operation and AWS Kinesis 'get_records()' operation when no data is consumed via DD_BOTOCORE_EMPTY_POLL_ENABLED environment variable.

• tracing: Adds new tag python_main_package containing the name of the main package of the application. profiling: Adds new tag python_main_package containing the name of the main package of the application.

• ASM: API Security schema collection is now officially supported for Django, Flask and FastAPI. It can be enabled in the tracer using environment variable DD_API_SECURITY_ENABLED=true It will only be active when ASM is also enabled.

• elasticsearch: This allows custom tags to be set on Elasticsearch spans via the Pin interface.

• botocore: This introduces tracing support for bedrock-runtime operations. See the docs for more information.

• datastreams: this change adds kombu auto-instrumentation for datastreams monitoring. tracing: this change adds the DD_KOMBU_DISTRIBUTED_TRACING flag (default True)

• Vulnerability Management for Code-level (IAST): Add support for CMDi in langchain.

• botocore: Add the ability to inject trace context into the input field of botocore stepfunction start_execution and start_sync_execution calls.

• Removes another place where we always load instrumentation telemetry, even if it is disabled

• tracing: This introduces the ability to disable tracing at runtime based on configuration values sent from the Datadog frontend. Disabling tracing in this way also disables instrumentation telemetry.

• tracing: Adds support for remote configuration of DD_TRACE_HEADER_TAGS

• tracing: Add support for remote configuration of trace-logs correlation.

• grpc/grpc_aio: reports the available target host in client spans as network.destination.ip if only an IP is available, peer.hostname otherwise.

• span: Adds a public api for setting span links

• starlette,fastapi: Trace background tasks using span links

Bug Fixes

• ASM: This fix resolves an issue where an exception would be logged while parsing an empty body JSON request.

... (truncated)

Commits

• 3fae08b fix(iast): avoid patching errors from stopping module load [backport 2.7] (#8...
• 9f0a348 fix(iast): avoid reporting line number 0 [backport 2.7] (#8555)
• d1e434a fix(iast): avoid ast patch subscript if in store context [backport 2.7] (#8540)
• 826c602 ci: pin commitlint versions to <1.19.0 to fix error (#8528)
• b0fddaf test(di): add custom object redaction test case (#8472)
• 48609c9 fix(asm): ensure remote config keys deleted are updated as expected (#8503)
• 17f0d5a ci(botocore): upgrade tests to support latest version of botocore (#8500)
• dd35706 chore(trace): handle import of ddtrace.tracer (#8477)
• b809e38 ci: use sha256 method for specifying testrunner in docker-compose.yml (#8451)
• a5bb150 ci: ignore meta._dd.parent_id at snapshot tests (#8512)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #79.