Skip to content

chore(deps): bump ddtrace from 3.12.4 to 3.14.0 #18680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump ddtrace from 3.12.4 to 3.14.0 #18680

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 12, 2025

Bumps ddtrace from 3.12.4 to 3.14.0.

Release notes

Sourced from ddtrace's releases.

3.14.0

Estimated end-of-life date, accurate to within three months: 08-2026 See the support level definitions for more information.

New Features

  • ai_guard
    • add AI Guard evaluations support to LangChain instrumentation
    • add evaluation support to streaming LangChain APIs
  • LLM Observability
    • ml_app is now optional, defaulting to service. while it is still recommended to set ml_app, enabling LLM Observability will no longer throw if one is not provided or propagated from an upstream service.
    • This introduces a tool_definitions parameter to the LLMObs.annotate() method for tool calling scenarios. Users can now pass a list of tool definition dictionaries directly to annotate LLM spans with available tools. Each tool definition must include a name (string) field, with optional description (string) and schema (JSON-serializable dictionary) fields.
    • Experiments (beta) dataset methods (create_dataset, create_dataset_from_csv and pull_dataset) argument name is changed to dataset_name.

Bug Fixes

  • AAP
    • make sure the status code for downstream requests is properly sent to libddwaf.
    • Resolves an incompatibility with gevent>=25.8.1 that would cause a deadlock when starting the waf via remote config.
  • django: Fixes issue causing ValueError: coroutine already executing on Python 3.13+ with django.utils.decorators.async_only_middleware.
  • asyncpg: Fix the error "Error: expected pool connect callback to return an instance of 'asyncpg.connection.Connection', got 'ddtrace.contrib.internal.asyncpg.patch._TracedConnection'" due to using the custom connect option. With this fix, postgres.connect spans will be created when this option is used.
  • exception replay: fixed an issue that prevented snapshots from retrieving local variables from traceback frames from exception thrown by Celery tasks.
  • LLM Observability
    • This fix resolves an issue where decorated functions returning responses with an ambiguous truth value (e.g. pandas dataframes) would raise an error due to the inability to coerce the value into a boolean.
    • Fixes an issue where certain Google GenAI LLM requests were not being traced due to importing from google.genai.types on startup.
  • Fixed an issue that could have caused some products to fail to start properly in applications that use pkg_resources, either directly or indirectly.
  • profiling: Upgrades echion to pick up critical bug fixes and performance improvements.
  • CI Visibility: This fix resolves an issue where coverage from sessions with pytest-xdist were not submitted with the proper session id, preventing Test Impact Analysis feature from working properly.

3.14.0rc2

Estimated end-of-life date, accurate to within three months: 08-2026 See the support level definitions for more information.

New Features

  • ai_guard
    • add AI Guard evaluations support to LangChain instrumentation
    • add evaluation support to streaming LangChain APIs
  • LLM Observability
    • ml_app is now optional, defaulting to service. while it is still recommended to set ml_app, enabling LLM Observability will no longer throw if one is not provided or propagated from an upstream service.
    • This introduces a tool_definitions parameter to the LLMObs.annotate() method for tool calling scenarios. Users can now pass a list of tool definition dictionaries directly to annotate LLM spans with available tools. Each tool definition must include a name (string) field, with optional description (string) and schema (JSON-serializable dictionary) fields.
    • Experiments (beta) dataset methods (create_dataset, create_dataset_from_csv and pull_dataset) argument name is changed to dataset_name.

Bug Fixes

  • AAP
    • make sure the status code for downstream requests is properly sent to libddwaf.
    • Resolves an incompatibility with gevent>=25.8.1 that would cause a deadlock when starting the waf via remote config.
  • django: Fixes issue causing ValueError: coroutine already executing on Python 3.13+ with django.utils.decorators.async_only_middleware.
  • asyncpg: Fix the error "Error: expected pool connect callback to return an instance of 'asyncpg.connection.Connection', got 'ddtrace.contrib.internal.asyncpg.patch._TracedConnection'" due to using the custom connect option. With this fix, postgres.connect spans will be created when this option is used.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

3.8.0

New Features

  • LLM Observability: add processor capability to process span inputs and outputs. See usage documentation [here](https://docs.datadoghq.com/llm_observability/setup/sdk/python/#span-processing).
  • CI Visibility: This introduces the ability to gzip the payload when using the evp proxy setup, incurring in less network bandwith consumption.
  • Error Tracking: Introduces automatic reporting of handled exceptions. Enabling the feature will report handled exceptions to Error Tracking from the user code, the third party packages code, some specified modules or everything based on configuration. This feature can be controlled using two environment variables: - DD_ERROR_TRACKING_HANDLED_ERRORS=`allthird_party` - DD_ERROR_TRACKING_HANDLED_ERRORS_INCLUDE=`module1, module2, module3.submodule`
  • Code Security: IAST support for langchain v0.1.0 and above.
  • openai: This introduces tracing support for the OpenAI Responses endpoint.

Bug Fixes

  • tracing: Fixes an issue where truncation of span attributes longer than 25000 characters would not consistently count the size of UTF-8 multibyte characters, leading to a unicode string is too large error.

  • CI Visibility: This fix resolves an issue where the DD_CIVISIBILITY_ITR_ENABLED was not honored properly.

  • tracing: Fixes a bug in distributed tracing where pickling ddtrace.trace.Context fails in coroutines. This regression was introduced in v3.7.0.

  • CI Visibility: This fix resolves an issue where pytest-xdist would not exit with the proper status code if ATR was enabled.

  • CI Visibility: This fix resolves an issue where ddtrace pytest plugin used with xdist would report test suites as failing even when all tests pass.

  • profiling: fixed an issue in the SynchronizedSamplePool where pool could be null when calling into ddog_ArrayQueue_ functions, leading to segfaults in the uWSGI shutdown

  • Code Security: IAST: Avoid excessive filtering of stacktrace locations when finding vulnerabilities. After this change, vulnerabilities that were previously discarded will now be reported. In particular, if they were found within code in site-packages or outside of the working directory.

  • LLM Observability: Resolves an issue where spans and evaluation metrics were not being sent via Unix sockets.

  • dynamic instrumentation: prevent an exception when trying to remove a probe that did not resolve to a valid source code location.

  • kafka: This fix resolves an issue where message headers were sent to Kafka brokers that do not support them. Message headers are turned off when the Kafka server responds with UNKNOWN_SERVER_ERROR (-1).

  • code origin for spans: fixes a performance issue with exit spans.

  • profiling: improve performance of the memory profiler for large heaps. The memory profiler previously did a linear search of tracked allocations for every free, which scaled very poorly with large heaps. Switch to a fast hash map.

3.7.2

Bug Fixes

  • CI Visibility: This fix resolves an issue where the DD_CIVISIBILITY_ITR_ENABLED was not honored properly.
  • tracing: Fixes an issue where truncation of span attributes longer than 25000 characters would not consistently count the size of UTF-8 multibyte characters, leading to a unicode string is too large error.

3.7.1

Bug Fixes

... (truncated)

Commits
  • 8e61161 fix(llmobs): [MLOB-3863] openai agents support reasoning messages (#14522)
  • 2b8bd63 fix(tracing): span pointer repr (#14539)
  • 08ae31e feat(ai_guard): add evaluation support to streaming LangChain APIs (#14495)
  • efcf058 docs: add note about updating system tests pin to prerequisites for release (...
  • 0611712 fix(llmobs): [MLOB-3857] avoid importing from genai on startup (#14542)
  • ea8e783 fix(aap): status code for downstream requests (#14534)
  • 60bf567 chore(llmobs): projects support for dne (#14517)
  • abfd0cb perf: use lru_cache for caching (#14459)
  • 941cf9c fix(django): support async_only_middleware (#14512)
  • ac495a2 ci: update system-tests commit (#14525)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump ddtrace from 3.12.4 to 3.14.0
ea3cd05 
Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 3.12.4 to 3.14.0.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v3.12.4...v3.14.0)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-version: 3.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 12, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 12, 2025 09:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 12, 2025
@dependabot dependabot bot mentioned this pull request Sep 12, 2025
Closed
@pypi-combine-prs pypi-combine-prs bot mentioned this pull request Sep 12, 2025
Merged
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 12, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/ddtrace-3.14.0 branch September 12, 2025 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants