Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump gopkg.in/DataDog/dd-trace-go.v1 from 1.27.1 to 1.37.0 in /exporter/datadogexporter #1721

Closed
wants to merge 1 commit into from
Closed

Bump gopkg.in/DataDog/dd-trace-go.v1 from 1.27.1 to 1.37.0 in /exporter/datadogexporter #1721

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 21, 2022

Bumps gopkg.in/DataDog/dd-trace-go.v1 from 1.27.1 to 1.37.0.

Release notes

Sourced from gopkg.in/DataDog/dd-trace-go.v1's releases.

1.37.0

This release comes with the new AppSec capability to monitor the parsed HTTP body thanks to a new public appsec package. This package provides a function - appsec.MonitorParsedHTTPBody() - that should be called from within your http request handlers with the parsed http body payload, such as returned by json.Unmarshal(), proto.Unmarshal() or any other parser. It also introduces support for the web framework gin, as well as the latest AppSec security rules which include the new OGNL & Cassandra injection detections.

Additionally, this update provides a new user monitoring tracing function - tracer.SetUser() - allowing to associate user attributes to a trace. This allows to add user context to traces which can then be leveraged by Datadog's monitoring, for example by identifying the user of an AppSec attack.

The profiler's code hotspots and endpoints is now enabled by default in order to connect APM traces and profiles.

Note that dd-trace-go's go.mod file has been updated to now include every dependency required by dd-trace-go and its integrations. It now lists the minimum secure versions required, according to the Go module registry of vulnerabilities.

Features

  • all: commit full go.mod and go.sum files (#1188)

APM

  • contrib/database/sql: fix support for drivers using deprecated interfaces (#1167)
  • contrib/database/sql: trace connection time (#1154)
  • contrib/gorilla/mux: provide a new function wrapper for gorilla router (#1175)
  • contrib/segmentio/kafka-go: add tracing for kafka writer and reader (#1152)
  • ddtrace/tracer: overall CPU & memory performance improvements (#1184, #1160, #1186, #1134, #1183)
  • ddtrace/tracer: Add B3 flag to PropagatorConfig (#1148)
  • ddtrace/tracer: provide a new user monitoring tracing function to associate a user to a trace (#1196)
  • ddtrace/tracer: disable Datadog internal tag propagation (#1182)
  • ddtrace/tracer: fix a bug with the x-datadog-tags header parser (#1155)
  • ddtrace/tracer: fix top_level computation with DD_SERVICE_MAPPING (#1150)

AppSec

  • contrib/gin-gonic: add AppSec monitoring of http requests and responses (#1165)
  • contrib/google.golang.org/grpc: monitor grpc metadata headers (#1190)
  • contrib/labstack/echo.v4: fix http response monitoring (#1177)
  • appsec: provide a new function to monitor the parsed http body (#1178)
  • internal/appsec/waf: fix the parsing of AppSec security rules (#1189)
  • internal/appsec: update the security rules to v1.2.6, including new OGNL & Cassandra injections and various improvements (#1191)

Profiler

  • profiler, ddtrace/tracer: enable code hotspots & endpoints by default with 100% CPU profiling (#1169)
  • profiler: don't upload full profiles if delta profiling is enabled (#1187)
  • profiler: Inc DefaultBlockRate from 10µs to 100ms (#1192)

v1.36.2

This release contains a small patch that disables service propagation in the Tracer.

ddtrace/tracer: disable Datadog internal tag propagation (#1182)

To view the changes check out the list of commits

v1.36.0

This version comes with the Application Security (AppSec) public beta which includes a broader security coverage of HTTP servers, now also extended to gRPC servers. It is powered by new security rules that allow monitoring the OWASP Top 10 attack attempts, such as SQL injections, Log4Shell and Server-Side Request Forgeries.

It also includes many APM tracing improvements, along with a fix for a regression introduced in v1.35.0.

... (truncated)

Commits
  • 2f579f3 appsec: use std context package (#1214)
  • 58fe681 FAQ.md: add link to PR about measuring spans (#1113)
  • 0c1b381 go.mod: downgrade to sqlx v1.2.0 (#1208)
  • 133f3d9 contrib/google.golang.org/grpc: monitor grpc metadata headers (#1190)
  • 9d4a5d1 go.mod: update github.com/gin-gonic/gin to v1.7.0 (#1204)
  • 5b43087 ddtrace/tracer: don't use UTC() when getting time (#1134)
  • c47da55 ddtrace/tracer.StartSpan: Use setMeta instead of SetTag (#1160)
  • 5b114be ddtrace/tracer: Remove log.Debug from hot path (-2 allocs; -5% CPU) (#1186)
  • 7c11ba8 contrib/google.golang.org/grpc: Reduce allocs in interceptor (#1183)
  • 7d066c1 ddtrace/tracer.Measured(): Cache a global instance (save 1 alloc/call) (#1184)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump gopkg.in/DataDog/dd-trace-go.v1 in /exporter/datadogexporter
a2b239c 
Bumps [gopkg.in/DataDog/dd-trace-go.v1](https://github.com/DataDog/dd-trace-go) from 1.27.1 to 1.37.0.
- [Release notes](https://github.com/DataDog/dd-trace-go/releases)
- [Commits](DataDog/dd-trace-go@v1.27.1...v1.37.0)

---
updated-dependencies:
- dependency-name: gopkg.in/DataDog/dd-trace-go.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2022
@dependabot dependabot bot mentioned this pull request Mar 21, 2022
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 4, 2022

Superseded by #1770.

@dependabot dependabot bot closed this Apr 4, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/exporter/datadogexporter/gopkg.in/DataDog/dd-trace-go.v1-1.37.0 branch April 4, 2022 04:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants