Bump ddtrace from 2.1.7 to 2.8.2

[dependabot]

Bumps ddtrace from 2.1.7 to 2.8.2.

Release notes

Sourced from ddtrace's releases.

2.8.2

Bug Fixes

• tracing: This fix resolves an issue where sampling rules were not matching correctly on float values that had a 0 decimal value. Sampling rules now evaluate such values as integers.

• langchain: This fix resolves an issue where the LangChain integration always attempted to patch LangChain partner
  libraries, even if they were not available.

• langchain: This fix resolves an issue where tracing Chain.invoke() instead of Chain.__call__() resulted in the an ArgumentError due to an argument name change for inputs between the two methods.

• langchain: This fix adds error handling for checking if a traced LLM or chat model is an OpenAI instance, as the langchain_community package does not allow automatic submodule importing.

• internal: This fix resolves an error regarding the remote config module with payloads missing a lib_config entry

• profiling: fix a bug that caused the HTTP exporter to crash when attempting to serialize tags.

• grpc: Resolves segfaults raised when grpc.aio interceptors are registered

• Code Security: Ensure that when tainting the headers of a Flask application, iterating over the headers (i.e., with headers.items()) does not duplicate them.

• pymongo: this resolves an issue where the library raised an error in pymongo.pool.validate_session

2.8.1

New Features

• Code Security: to enable IAST in the application, you had to start it with the command ddtrace-run [your-application-run-command] so far. Now, you can also activate IAST with the patch_all function.

Bug Fixes

• Code Security: fix setting the wrong source on map elements tainted from taint_structure.
• Code Security: Fixes an issue where the AST patching process fails when the origin of a module is reported as None, raising a FileNotFoundError.
• CI Visibility: fixes an issue where tests were less likely to be skipped due to ITR skippable tests requests timing out earlier than they should
• Code Security: Fixed an issue with AES functions from the pycryptodome package that caused the application to crash and stop.
• kafka: This fix resolves an issue where an empty message list returned from consume calls could cause crashes in the Kafka integration. Empty lists from consume can occur when the call times out.
• ASM: This fix removes unrequired API security metrics.
• instrumentation: fixes crashes that could occur in certain integrations with packages that use non-integer components in their version specifiers

2.8.0

Prelude

tracing: This release adds support for lazy sampling, essentially moving when we make a sampling decision for a trace to the latest possible moment. These include the following:

1. Before encoding a trace chunk to be sent to the agent
2. Before making an outgoing request via HTTP, gRPC, or a DB call for any automatically instrumented integration
3. Before running os.fork()

For most users this change shouldn't have any impact on their traces, but it does allow for more flexibility in sampling (see features release note). It should be noted that if a user has application egress points that are not automatically instrumented, to other Datadog components (downstream instrumented services, databases, or execution context changes), and rely on the Python tracer to make the sampling decision (don't have an upstream service doing this), they will need to manually run the sampler for those traces, or use HttpPropagator.inject(). For more information please see the following: https://ddtrace.readthedocs.io/en/stable/advanced_usage.html#distributed-tracing https://ddtrace.readthedocs.io/en/stable/advanced_usage.html#tracing-context-management

... (truncated)

Changelog

Sourced from ddtrace's changelog.

2.8.2

Bug Fixes

• tracing: This fix resolves an issue where sampling rules were not matching correctly on float values that had a 0 decimal value. Sampling rules now evaluate such values as integers.

• langchain: This fix resolves an issue where the LangChain integration always attempted to patch LangChain partner
  libraries, even if they were not available.

• langchain: This fix resolves an issue where tracing Chain.invoke() instead of Chain.__call__() resulted in the an ArgumentError due to an argument name change for inputs between the two methods.

• langchain: This fix adds error handling for checking if a traced LLM or chat model is an OpenAI instance, as the langchain_community package does not allow automatic submodule importing.

• internal: This fix resolves an error regarding the remote config module with payloads missing a lib_config entry

• profiling: fix a bug that caused the HTTP exporter to crash when attempting to serialize tags.

• grpc: Resolves segfaults raised when grpc.aio interceptors are registered

• Code Security: Ensure that when tainting the headers of a Flask application, iterating over the headers (i.e., with headers.items()) does not duplicate them.

---

2.6.11

Bug Fixes

• internal: This fix resolves an error regarding the remote config module with payloads missing a lib_config entry
• Code Security: Ensure that when tainting the headers of a Flask application, iterating over the headers (i.e., with headers.items()) does not duplicate them.
• pymongo: this resolves an issue where the library raised an error in pymongo.pool.validate_session

---

2.8.1

New Features

• Code Security: to enable IAST in the application, you had to start it with the command ddtrace-run [your-application-run-command] so far. Now, you can also activate IAST with the patch_all function.

Bug Fixes

• Code Security: fix setting the wrong source on map elements tainted from taint_structure.
• Code Security: Fixes an issue where the AST patching process fails when the origin of a module is reported as None, raising a FileNotFoundError.
• CI Visibility: fixes an issue where tests were less likely to be skipped due to ITR skippable tests requests timing out earlier than they should
• Code Security: Fixed an issue with AES functions from the pycryptodome package that caused the application to crash and stop.
• kafka: This fix resolves an issue where an empty message list returned from consume calls could cause crashes in the Kafka integration. Empty lists from consume can occur when the call times out.

... (truncated)

Commits

• 7de9217 fix(sampling): sample floats with zero decimal [backport 2.8] (#9038)
• 7405b83 fix(profiling): tag serialisation in HTTP exporter [backport 2.8] (#9042)
• 274535c fix(grpc): ensure interceptor args are correctly parsed [backport 2.8] (#9006)
• 3ef5436 fix(internal): handle missing lib_config entry [backport 2.8] (#9026)
• 26f8759 fix(iast): duplicated Flask headers [backport 2.8] (#9021)
• b4a5e64 fix(langchain): avoid patching libraries if not available [backport #8339 to ...
• 7e49c10 fix(langchain): check chain.invoke() argument name [backport #8835 to 2.8] (#...
• f74a0fd fix(langchain): safely check if instance is openai llm/chat [backport #8896 t...
• 38b7496 fix(pymongo): fix client validation issue [backport 2.8] (#8972)
• 3d4927f docs: update sampling rule configuration [backport 2.8] (#8964)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[dependabot]

Superseded by #34.