search

lexicalunit / spellbot

The Discord bot for SpellTable.
https://spellbot.io
MIT License
26 stars 6 forks source link

Bump ddtrace from 2.10.6 to 2.11.0 #1674

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps ddtrace from 2.10.6 to 2.11.0.

Release notes

Sourced from ddtrace's releases.

2.11.0

New Features

  • ASM: This update introduces new Auto User Events support.

    ASM’s Account TakeOver (ATO) detection is now automatically monitoring all compatible user authentication frameworks to detect attempted or leaked user credentials during an ATO campaign.

    To do so, the monitoring of the user activity is extended to now collect all forms of user IDs, including non-numerical forms such as usernames or emails. This is configurable with 3 different working modes: identification to send the user IDs in clear text; anonymization to send anonymized user IDs; or disabled to completely turn off any type of user ID collection (which leads to the disablement of the ATO detection).

    The default collection mode being used is identification and this is configurable in your remote service configuration settings in the service catalog (clicking on a service), or with the service environment variable DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE.

    You can read more here.

    New local configuration environment variables include:

    • DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED: Can be set to "true"/"1" (default if missing) or "false"/"0" (default if set to any other value). If set to false, the feature is completely disabled. If enabled, the feature is active.
    • DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE: Can be set to "identification" (default if missing), "anonymization", or "disabled" (default if the environment variable is set to any other value). The values can be modified via remote configuration if the feature is active. If set to "disabled", user events are not collected. Otherwise, user events are collected, using either plain text user_id (in identification mode) or hashed user_id (in anonymization mode).

    Additionally, an optional argument for the public API track_user_login_success_event and track_user_login_failure_event: login_events_mode="auto". This allows manual instrumentation to follow remote configuration settings, enabling or disabling manual instrumentation with a single remote action on the Datadog UI.

    Also prevents non numerical user ids to be reported by default without user instrumentation in Django.

  • Anthropic: Adds support for tracing message calls using tools.

  • LLM Observability: Adds support for tracing Anthropic messages using tool calls.

  • botocore: Adds support for overriding the default service name in botocore by either setting the environment variable DD_BOTOCORE_SERVICE or configuring it via ddtrace.config.botocore["service"].

  • azure: Removes the restrictions on the tracer to only run the mini-agent on the consumption plan. The mini-agent now runs regardless of the hosting plan

  • ASM: Adds Threat Monitoring support for gRPC.

  • Code Security: add propagation for GRPC server sources.

  • LLM Observability: This introduces improved support for capturing tool call responses from the OpenAI and Anthropic integrations.

  • LLM Observability: This introduces the agentless mode configuration for LLM Observability. To enable agentless mode, set the environment variable DD_LLMOBS_AGENTLESS_ENABLED=1, or use the enable option LLMObs.enable(agentless_enabled=True).

  • LLM Observability: Function decorators now support tracing asynchronous functions.

  • LLM Observability: This introduces automatic input/output annotation for task/tool/workflow/agent/retrieval spans traced by function decorators. Note that manual annotations for input/output values will override automatic annotations.

  • LLM Observability: The OpenAI integration now submits embedding spans to LLM Observability.

  • LLM Observability: All OpenAI model parameters specified in a completion/chat completion request are now captured.

  • LLM Observability: This changes OpenAI-generated LLM Observability span names from openai.request to openai.createCompletion, openai.createChatCompletion, and openai.createEmbedding for completions, chat completions, and embeddings spans, respectively.

  • LLM Observability: This introduces the agent proxy mode for LLM Observability. By default, LLM Observability spans will be sent to the Datadog agent and then forwarded to LLM Observability. To continue submitting data directly to LLM Observability without the Datadog agent, set DD_LLMOBS_AGENTLESS_ENABLED=1 or set programmatically using LLMObs.enable(agentless_enabled=True).

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

Commits
  • a0d240c fix(tornado): fix set_tag_str type error when http.route is none [backport 2....
  • cb97e7e chore(asm): fix for threats test [backport 2.11] (#10160)
  • b4f5023 ci: fix iast_memcheck flakyness [backport 2.11] (#10156)
  • 2c7e551 fix: add nullptr checks for new_pyobject_id [backport 2.11] (#10134)
  • fea19c5 chore(ci): run build_deploy on release branches and build_deploy* branches [b...
  • 91a1f6e fix(llmobs): do not emit integration metrics in agentless mode [backport 2.11...
  • 9c353ce chore(asm): improve patching mechanism (#10098) [backport 2.11] (#10099)
  • a23da22 feat(asm): add command injection support for exploit prevention (#10073)
  • ba51ae0 chore(internal): improve generate OCI package size (#10067)
  • 8bd7c8f chore(iast): debug propagation tool (#9952)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 months ago

Looks like ddtrace is up-to-date now, so this is no longer needed.