From 65d305a07c65e8df487a51a7061ae1ed2e1a2449 Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Mon, 14 Oct 2024 04:05:48 +0200
Subject: [PATCH 01/12] Send git tags via remote config (#2890)

* Send git tags via remote config

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>

* Submit root span data when service/env/version ini is changed

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>

* AppSec: improve behavior with empty DD_SERVICE/DD_ENV (#2888)

---------

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
Co-authored-by: Gustavo Lopes <gustavo.lopes@datadoghq.com>
---
 Cargo.lock                                    | 618 ++++++++----------
 README.md                                     |   2 +-
 appsec/src/extension/commands/client_init.c   |   4 +-
 appsec/src/extension/commands/config_sync.c   |   5 +
 appsec/src/extension/ddappsec.c               |  16 -
 appsec/src/extension/request_lifecycle.c      |  34 +-
 appsec/src/helper/client.cpp                  |  13 +-
 .../listeners/asm_features_listener.hpp       |   1 +
 appsec/src/helper/service_config.hpp          |  36 +-
 appsec/src/helper/subscriber/waf.cpp          |   6 +-
 .../php/mock_agent/TracesV04Handler.groovy    |   3 +-
 .../php/integration/RemoteConfigTests.groovy  |  23 +-
 .../src/test/www/base/public/change_env.php   |   7 +-
 components-rs/Cargo.toml                      |   4 +-
 components-rs/common.h                        |  10 +-
 components-rs/ddtrace.h                       |   3 +-
 components-rs/remote_config.rs                |   3 +
 components-rs/sidecar.h                       |   1 +
 ext/ddtrace.c                                 |  31 +-
 ext/git.c                                     |   1 +
 ext/sidecar.c                                 |  47 +-
 ext/sidecar.h                                 |   2 +
 libdatadog                                    |   2 +-
 ...t_metadata_injection_from_valid_files.phpt |   2 +-
 ...metadata_injection_from_invalid_files.phpt |   2 +-
 25 files changed, 457 insertions(+), 419 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 432f48c53b..e36762670e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4,11 +4,11 @@ version = 3
 
 [[package]]
 name = "addr2line"
-version = "0.21.0"
+version = "0.24.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
+checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1"
 dependencies = [
- "gimli 0.28.1",
+ "gimli 0.31.1",
 ]
 
 [[package]]
@@ -18,15 +18,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
 [[package]]
-name = "ahash"
-version = "0.7.8"
+name = "adler2"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9"
-dependencies = [
- "getrandom",
- "once_cell",
- "version_check 0.9.4",
-]
+checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
 
 [[package]]
 name = "ahash"
@@ -68,7 +63,7 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -77,12 +72,55 @@ version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
 
+[[package]]
+name = "anstream"
+version = "0.6.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "64e15c1ab1f89faffbf04a634d5e1962e9074f2741eef6d97f3c4e322426d526"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is_terminal_polyfill",
+ "utf8parse",
+]
+
 [[package]]
 name = "anstyle"
 version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc"
 
+[[package]]
+name = "anstyle-parse"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eb47de1e80c2b463c735db5b217a0ddc39d612e7ac9e2e96a5aed1f57616c1cb"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "3.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8"
+dependencies = [
+ "anstyle",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "anyhow"
 version = "1.0.83"
@@ -341,17 +379,6 @@ version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi 0.1.19",
- "libc 0.2.154",
- "winapi 0.3.9",
-]
-
 [[package]]
 name = "autocfg"
 version = "1.1.0"
@@ -381,7 +408,7 @@ dependencies = [
  "cmake",
  "dunce",
  "fs_extra",
- "libc 0.2.154",
+ "libc 0.2.159",
  "paste",
 ]
 
@@ -432,17 +459,17 @@ dependencies = [
 
 [[package]]
 name = "backtrace"
-version = "0.3.69"
+version = "0.3.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837"
+checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
 dependencies = [
  "addr2line",
- "cc",
  "cfg-if",
- "libc 0.2.154",
- "miniz_oxide",
- "object 0.32.2",
+ "libc 0.2.159",
+ "miniz_oxide 0.8.0",
+ "object 0.36.5",
  "rustc-demangle",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -562,8 +589,8 @@ checksum = "519a0f9df086d6c4f44576558523a777c984454daeb124bee79bde69227360c4"
 dependencies = [
  "cpp_demangle",
  "gimli 0.30.0",
- "libc 0.2.154",
- "miniz_oxide",
+ "libc 0.2.159",
+ "miniz_oxide 0.7.2",
  "rustc-demangle",
 ]
 
@@ -713,7 +740,7 @@ dependencies = [
  "serde_urlencoded",
  "thiserror",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tower-service",
  "url",
  "winapi 0.3.9",
@@ -809,31 +836,32 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 
 [[package]]
 name = "cbindgen"
-version = "0.26.0"
+version = "0.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da6bc11b07529f16944307272d5bd9b22530bc7d05751717c9d416586cedab49"
+checksum = "3fce8dd7fcfcbf3a0a87d8f515194b49d6135acab73e18bd380d1d93bb1a15eb"
 dependencies = [
- "clap 3.2.25",
+ "clap",
  "heck",
- "indexmap 1.9.3",
+ "indexmap 2.2.6",
  "log",
  "proc-macro2",
  "quote",
  "serde",
  "serde_json",
- "syn 1.0.109",
+ "syn 2.0.71",
  "tempfile",
  "toml",
 ]
 
 [[package]]
 name = "cc"
-version = "1.0.83"
+version = "1.1.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
+checksum = "2e80e3b6a3ab07840e1cae9b0666a63970dc28e8ed5ffbcdacbfc760c281bfc1"
 dependencies = [
  "jobserver",
- "libc 0.2.154",
+ "libc 0.2.159",
+ "shlex",
 ]
 
 [[package]]
@@ -871,7 +899,7 @@ dependencies = [
  "num-traits",
  "serde",
  "wasm-bindgen",
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -908,25 +936,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1"
 dependencies = [
  "glob",
- "libc 0.2.154",
+ "libc 0.2.159",
  "libloading",
 ]
 
-[[package]]
-name = "clap"
-version = "3.2.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123"
-dependencies = [
- "atty",
- "bitflags 1.3.2",
- "clap_lex 0.2.4",
- "indexmap 1.9.3",
- "strsim",
- "termcolor",
- "textwrap",
-]
-
 [[package]]
 name = "clap"
 version = "4.4.18"
@@ -942,17 +955,10 @@ version = "4.4.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7"
 dependencies = [
+ "anstream",
  "anstyle",
- "clap_lex 0.6.0",
-]
-
-[[package]]
-name = "clap_lex"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5"
-dependencies = [
- "os_str_bytes",
+ "clap_lex",
+ "strsim",
 ]
 
 [[package]]
@@ -970,6 +976,12 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "colorchoice"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
+
 [[package]]
 name = "common-multipart-rfc7578"
 version = "0.5.0"
@@ -1050,7 +1062,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
 dependencies = [
  "core-foundation-sys",
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -1074,7 +1086,7 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e9e393a7668fe1fad3075085b86c781883000b4ede868f43627b34a87c8b7ded"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "winapi 0.3.9",
 ]
 
@@ -1084,7 +1096,7 @@ version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -1105,7 +1117,7 @@ dependencies = [
  "anes",
  "cast",
  "ciborium",
- "clap 4.4.18",
+ "clap",
  "criterion-plot",
  "is-terminal",
  "itertools 0.10.5",
@@ -1278,7 +1290,7 @@ version = "10.0.0"
 source = "git+https://github.com/DataDog/libdatadog?tag=v10.0.0#b62562978bb8788ad2c84ca9390bfc28370d7d40"
 dependencies = [
  "allocator-api2",
- "libc 0.2.154",
+ "libc 0.2.159",
  "windows-sys 0.52.0",
 ]
 
@@ -1294,8 +1306,8 @@ dependencies = [
  "ddtelemetry",
  "http 0.2.11",
  "hyper 0.14.28",
- "libc 0.2.154",
- "nix 0.27.1",
+ "libc 0.2.159",
+ "nix",
  "os_info",
  "page_size",
  "portable-atomic",
@@ -1350,9 +1362,9 @@ dependencies = [
  "futures",
  "glibc_version",
  "io-lifetimes",
- "libc 0.2.154",
+ "libc 0.2.159",
  "memfd",
- "nix 0.26.4",
+ "nix",
  "page_size",
  "pin-project",
  "pretty_assertions",
@@ -1364,7 +1376,7 @@ dependencies = [
  "tinybytes",
  "tokio",
  "tokio-serde",
- "tokio-util 0.6.10",
+ "tokio-util",
  "tracing",
  "tracing-subscriber",
  "winapi 0.3.9",
@@ -1412,7 +1424,7 @@ dependencies = [
  "percent-encoding",
  "serde_json",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "uuid",
 ]
 
@@ -1420,7 +1432,7 @@ dependencies = [
 name = "datadog-php-profiling"
 version = "0.0.0"
 dependencies = [
- "ahash 0.8.11",
+ "ahash",
  "anyhow",
  "bindgen",
  "cc",
@@ -1436,7 +1448,7 @@ dependencies = [
  "env_logger 0.11.3",
  "indexmap 2.2.6",
  "lazy_static",
- "libc 0.2.154",
+ "libc 0.2.159",
  "log",
  "once_cell",
  "perfcnt",
@@ -1469,7 +1481,7 @@ dependencies = [
  "hyper 0.14.28",
  "hyper-multipart-rfc7578",
  "indexmap 2.2.6",
- "libc 0.2.154",
+ "libc 0.2.159",
  "lz4_flex",
  "mime",
  "mime_guess",
@@ -1479,7 +1491,7 @@ dependencies = [
  "serde",
  "serde_json",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
 ]
 
 [[package]]
@@ -1487,7 +1499,7 @@ name = "datadog-remote-config"
 version = "0.0.1"
 dependencies = [
  "anyhow",
- "base64 0.21.7",
+ "base64 0.22.1",
  "datadog-dynamic-configuration",
  "datadog-live-debugger",
  "datadog-trace-protobuf",
@@ -1503,7 +1515,7 @@ dependencies = [
  "sha2",
  "time",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tracing",
  "uuid",
 ]
@@ -1514,7 +1526,7 @@ version = "0.0.1"
 dependencies = [
  "anyhow",
  "arrayref",
- "base64 0.21.7",
+ "base64 0.22.1",
  "bincode",
  "bytes",
  "cadence",
@@ -1534,17 +1546,17 @@ dependencies = [
  "ddtelemetry",
  "dogstatsd-client",
  "futures",
- "hashbrown 0.12.3",
+ "hashbrown 0.14.3",
  "http 0.2.11",
  "httpmock",
  "hyper 0.14.28",
  "io-lifetimes",
  "lazy_static",
- "libc 0.2.154",
+ "libc 0.2.159",
  "manual_future",
  "memory-stats",
  "microseh",
- "nix 0.26.4",
+ "nix",
  "pin-project",
  "prctl",
  "priority-queue",
@@ -1562,13 +1574,13 @@ dependencies = [
  "tempfile",
  "tinybytes",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tracing",
  "tracing-log",
  "tracing-subscriber",
  "uuid",
  "winapi 0.3.9",
- "windows 0.51.1",
+ "windows",
  "windows-sys 0.52.0",
  "zwohash",
 ]
@@ -1588,7 +1600,7 @@ dependencies = [
  "ddtelemetry-ffi",
  "dogstatsd-client",
  "hyper 0.14.28",
- "libc 0.2.154",
+ "libc 0.2.159",
  "paste",
  "tempfile",
 ]
@@ -1674,13 +1686,13 @@ dependencies = [
  "hyper-util",
  "indexmap 2.2.6",
  "lazy_static",
- "libc 0.2.154",
+ "libc 0.2.159",
  "log",
  "maplit",
  "pin-project",
  "regex",
  "rustls 0.23.11",
- "rustls-native-certs 0.6.3",
+ "rustls-native-certs 0.7.1",
  "serde",
  "static_assertions",
  "tokio",
@@ -1736,7 +1748,7 @@ dependencies = [
  "datadog-ddsketch",
  "ddcommon 0.0.1",
  "futures",
- "hashbrown 0.12.3",
+ "hashbrown 0.14.3",
  "http 0.2.11",
  "hyper 0.14.28",
  "io-lifetimes",
@@ -1747,7 +1759,7 @@ dependencies = [
  "serde_json",
  "sys-info",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tracing",
  "tracing-subscriber",
  "uuid",
@@ -1761,7 +1773,7 @@ dependencies = [
  "ddcommon 0.0.1",
  "ddcommon-ffi",
  "ddtelemetry",
- "libc 0.2.154",
+ "libc 0.2.159",
  "paste",
  "tempfile",
 ]
@@ -1875,7 +1887,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "option-ext",
  "redox_users",
  "windows-sys 0.48.0",
@@ -1887,7 +1899,7 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "redox_users",
  "winapi 0.3.9",
 ]
@@ -2019,7 +2031,7 @@ version = "0.3.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "windows-sys 0.52.0",
 ]
 
@@ -2116,7 +2128,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
 dependencies = [
  "crc32fast",
- "miniz_oxide",
+ "miniz_oxide 0.7.2",
 ]
 
 [[package]]
@@ -2307,17 +2319,11 @@ checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
 dependencies = [
  "cfg-if",
  "js-sys",
- "libc 0.2.154",
+ "libc 0.2.159",
  "wasi",
  "wasm-bindgen",
 ]
 
-[[package]]
-name = "gimli"
-version = "0.28.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
-
 [[package]]
 name = "gimli"
 version = "0.30.0"
@@ -2329,6 +2335,12 @@ dependencies = [
  "stable_deref_trait",
 ]
 
+[[package]]
+name = "gimli"
+version = "0.31.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
+
 [[package]]
 name = "glibc_version"
 version = "0.1.2"
@@ -2371,7 +2383,7 @@ dependencies = [
  "indexmap 2.2.6",
  "slab",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tracing",
 ]
 
@@ -2400,9 +2412,6 @@ name = "hashbrown"
 version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
-dependencies = [
- "ahash 0.7.8",
-]
 
 [[package]]
 name = "hashbrown"
@@ -2410,7 +2419,7 @@ version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e"
 dependencies = [
- "ahash 0.8.11",
+ "ahash",
 ]
 
 [[package]]
@@ -2419,7 +2428,7 @@ version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"
 dependencies = [
- "ahash 0.8.11",
+ "ahash",
  "allocator-api2",
 ]
 
@@ -2466,15 +2475,6 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
 
-[[package]]
-name = "hermit-abi"
-version = "0.1.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc 0.2.154",
-]
-
 [[package]]
 name = "hermit-abi"
 version = "0.3.6"
@@ -2886,8 +2886,8 @@ version = "1.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
 dependencies = [
- "hermit-abi 0.3.6",
- "libc 0.2.154",
+ "hermit-abi",
+ "libc 0.2.159",
  "windows-sys 0.48.0",
 ]
 
@@ -2897,11 +2897,17 @@ version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b"
 dependencies = [
- "hermit-abi 0.3.6",
- "libc 0.2.154",
+ "hermit-abi",
+ "libc 0.2.159",
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "is_terminal_polyfill"
+version = "1.70.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
+
 [[package]]
 name = "itertools"
 version = "0.10.5"
@@ -2932,7 +2938,7 @@ version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -3018,70 +3024,6 @@ version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "db13adb97ab515a3691f56e4dbab09283d0b86cb45abd991d8634a9d6f501760"
 
-[[package]]
-name = "lexical-core"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cde5de06e8d4c2faabc400238f9ae1c74d5412d03a7bd067645ccbc47070e46"
-dependencies = [
- "lexical-parse-float",
- "lexical-parse-integer",
- "lexical-util",
- "lexical-write-float",
- "lexical-write-integer",
-]
-
-[[package]]
-name = "lexical-parse-float"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "683b3a5ebd0130b8fb52ba0bdc718cc56815b6a097e28ae5a6997d0ad17dc05f"
-dependencies = [
- "lexical-parse-integer",
- "lexical-util",
- "static_assertions",
-]
-
-[[package]]
-name = "lexical-parse-integer"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d0994485ed0c312f6d965766754ea177d07f9c00c9b82a5ee62ed5b47945ee9"
-dependencies = [
- "lexical-util",
- "static_assertions",
-]
-
-[[package]]
-name = "lexical-util"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5255b9ff16ff898710eb9eb63cb39248ea8a5bb036bea8085b1a767ff6c4e3fc"
-dependencies = [
- "static_assertions",
-]
-
-[[package]]
-name = "lexical-write-float"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accabaa1c4581f05a3923d1b4cfd124c329352288b7b9da09e766b0668116862"
-dependencies = [
- "lexical-util",
- "lexical-write-integer",
- "static_assertions",
-]
-
-[[package]]
-name = "lexical-write-integer"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1b6f3d1f4422866b68192d62f77bc5c700bee84f3069f2469d7bc8c77852446"
-dependencies = [
- "lexical-util",
- "static_assertions",
-]
-
 [[package]]
 name = "libc"
 version = "0.1.12"
@@ -3090,9 +3032,9 @@ checksum = "e32a70cf75e5846d53a673923498228bbec6a8624708a9ea5645f075d6276122"
 
 [[package]]
 name = "libc"
-version = "0.2.154"
+version = "0.2.159"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346"
+checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
 
 [[package]]
 name = "libloading"
@@ -3117,7 +3059,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
  "bitflags 2.4.2",
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -3211,23 +3153,14 @@ version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe751422e4a8caa417e13c3ea66452215d7d63e19e604f4980461212f3ae1322"
 dependencies = [
- "libc 0.2.154",
-]
-
-[[package]]
-name = "memoffset"
-version = "0.6.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
-dependencies = [
- "autocfg",
+ "libc 0.2.159",
 ]
 
 [[package]]
 name = "memoffset"
-version = "0.7.1"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
+checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a"
 dependencies = [
  "autocfg",
 ]
@@ -3238,7 +3171,7 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34f79cf9964c5c9545493acda1263f1912f8d2c56c8a2ffee2606cb960acaacc"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "winapi 0.3.9",
 ]
 
@@ -3249,7 +3182,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26b2a7c5ccfb370edd57fda423f3a551516ee127e10bc22a6215e8c63b20a38"
 dependencies = [
  "cc",
- "libc 0.2.154",
+ "libc 0.2.159",
  "windows-sys 0.42.0",
 ]
 
@@ -3285,13 +3218,22 @@ dependencies = [
  "simd-adler32",
 ]
 
+[[package]]
+name = "miniz_oxide"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
+dependencies = [
+ "adler2",
+]
+
 [[package]]
 name = "mio"
 version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "wasi",
  "windows-sys 0.48.0",
 ]
@@ -3333,31 +3275,6 @@ version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "650eef8c711430f1a879fdd01d4745a7deea475becfb90269c06775983bbf086"
 
-[[package]]
-name = "nix"
-version = "0.24.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa52e972a9a719cecb6864fb88568781eb706bac2cd1d4f04a648542dbf78069"
-dependencies = [
- "bitflags 1.3.2",
- "cfg-if",
- "libc 0.2.154",
- "memoffset 0.6.5",
-]
-
-[[package]]
-name = "nix"
-version = "0.26.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "598beaf3cc6fdd9a5dfb1630c2800c7acd31df7aaf0f565796fba2b53ca1af1b"
-dependencies = [
- "bitflags 1.3.2",
- "cfg-if",
- "libc 0.2.154",
- "memoffset 0.7.1",
- "pin-utils",
-]
-
 [[package]]
 name = "nix"
 version = "0.27.1"
@@ -3366,7 +3283,8 @@ checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
 dependencies = [
  "bitflags 2.4.2",
  "cfg-if",
- "libc 0.2.154",
+ "libc 0.2.159",
+ "memoffset",
 ]
 
 [[package]]
@@ -3441,8 +3359,8 @@ version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
 dependencies = [
- "hermit-abi 0.3.6",
- "libc 0.2.154",
+ "hermit-abi",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -3458,9 +3376,9 @@ dependencies = [
 
 [[package]]
 name = "object"
-version = "0.32.2"
+version = "0.36.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
+checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e"
 dependencies = [
  "memchr",
 ]
@@ -3554,12 +3472,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "os_str_bytes"
-version = "6.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1"
-
 [[package]]
 name = "overload"
 version = "0.1.1"
@@ -3572,7 +3484,7 @@ version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "30d5b2194ed13191c1999ae0704b7839fb18384fa22e49b57eeaa97d79ce40da"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "winapi 0.3.9",
 ]
 
@@ -3599,7 +3511,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
 dependencies = [
  "cfg-if",
- "libc 0.2.154",
+ "libc 0.2.159",
  "redox_syscall",
  "smallvec",
  "windows-targets 0.48.5",
@@ -3649,7 +3561,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ba1fd955270ca6f8bd8624ec0c4ee1a251dd3cc0cc18e1e2665ca8f5acb1501"
 dependencies = [
  "bitflags 1.3.2",
- "libc 0.2.154",
+ "libc 0.2.159",
  "mmap",
  "nom 4.2.3",
  "x86",
@@ -3808,7 +3720,7 @@ dependencies = [
  "bitflags 1.3.2",
  "cfg-if",
  "concurrent-queue",
- "libc 0.2.154",
+ "libc 0.2.159",
  "log",
  "pin-project-lite",
  "windows-sys 0.48.0",
@@ -3855,8 +3767,8 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52"
 dependencies = [
- "libc 0.2.154",
- "nix 0.27.1",
+ "libc 0.2.159",
+ "nix",
 ]
 
 [[package]]
@@ -3903,12 +3815,13 @@ dependencies = [
 
 [[package]]
 name = "priority-queue"
-version = "1.4.0"
+version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0bda9164fe05bc9225752d54aae413343c36f684380005398a6a8fde95fe785"
+checksum = "714c75db297bc88a63783ffc6ab9f830698a6705aa0201416931759ef4c8183d"
 dependencies = [
  "autocfg",
- "indexmap 1.9.3",
+ "equivalent",
+ "indexmap 2.2.6",
 ]
 
 [[package]]
@@ -3918,7 +3831,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919"
 dependencies = [
  "once_cell",
- "toml_edit",
+ "toml_edit 0.19.15",
 ]
 
 [[package]]
@@ -4113,7 +4026,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
 dependencies = [
  "fuchsia-cprng",
- "libc 0.2.154",
+ "libc 0.2.159",
  "rand_core 0.3.1",
  "rdrand",
  "winapi 0.3.9",
@@ -4125,7 +4038,7 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "rand_chacha",
  "rand_core 0.6.4",
 ]
@@ -4321,7 +4234,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
 dependencies = [
  "cc",
- "libc 0.2.154",
+ "libc 0.2.159",
  "once_cell",
  "spin 0.5.2",
  "untrusted 0.7.1",
@@ -4337,7 +4250,7 @@ checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
 dependencies = [
  "cc",
  "getrandom",
- "libc 0.2.154",
+ "libc 0.2.159",
  "spin 0.9.8",
  "untrusted 0.9.0",
  "windows-sys 0.48.0",
@@ -4349,7 +4262,7 @@ version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8a29d87a652dc4d43c586328706bb5cdff211f3f39a530f240b53f7221dab8e"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -4386,9 +4299,9 @@ dependencies = [
 
 [[package]]
 name = "rustc-demangle"
-version = "0.1.23"
+version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
 
 [[package]]
 name = "rustc-hash"
@@ -4405,7 +4318,7 @@ dependencies = [
  "bitflags 1.3.2",
  "errno",
  "io-lifetimes",
- "libc 0.2.154",
+ "libc 0.2.159",
  "linux-raw-sys 0.3.8",
  "windows-sys 0.48.0",
 ]
@@ -4418,7 +4331,7 @@ checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949"
 dependencies = [
  "bitflags 2.4.2",
  "errno",
- "libc 0.2.154",
+ "libc 0.2.159",
  "linux-raw-sys 0.4.13",
  "windows-sys 0.52.0",
 ]
@@ -4627,7 +4540,7 @@ dependencies = [
  "bitflags 1.3.2",
  "core-foundation",
  "core-foundation-sys",
- "libc 0.2.154",
+ "libc 0.2.159",
  "security-framework-sys",
 ]
 
@@ -4638,7 +4551,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a"
 dependencies = [
  "core-foundation-sys",
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -4656,7 +4569,7 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "604b71b8fc267e13bb3023a2c901126c8f349393666a6d98ac1ae5729b701798"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "tokio",
 ]
 
@@ -4722,6 +4635,15 @@ dependencies = [
  "syn 2.0.71",
 ]
 
+[[package]]
+name = "serde_spanned"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "serde_urlencoded"
 version = "0.7.1"
@@ -4814,7 +4736,7 @@ version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -4825,13 +4747,12 @@ checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
 
 [[package]]
 name = "simd-json"
-version = "0.13.8"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2faf8f101b9bc484337a6a6b0409cf76c139f2fb70a9e3aee6b6774be7bfbf76"
+checksum = "bfa5500f67df6466a45c6f83d1aada89fe0f7e9b17afec424ea06feee0906549"
 dependencies = [
  "getrandom",
  "halfbrown",
- "lexical-core",
  "ref-cast",
  "serde",
  "serde_json",
@@ -4878,7 +4799,7 @@ version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "winapi 0.3.9",
 ]
 
@@ -4888,7 +4809,7 @@ version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9"
 dependencies = [
- "libc 0.2.154",
+ "libc 0.2.159",
  "windows-sys 0.48.0",
 ]
 
@@ -4902,11 +4823,11 @@ dependencies = [
  "io-lifetimes",
  "kernel32-sys",
  "memfd",
- "nix 0.24.3",
+ "nix",
  "rlimit",
  "tempfile",
  "winapi 0.2.8",
- "windows 0.48.0",
+ "windows",
 ]
 
 [[package]]
@@ -5040,7 +4961,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b3a0d0aba8bf96a0e1ddfdc352fc53b3df7f39318c71854910c3c4b024ae52c"
 dependencies = [
  "cc",
- "libc 0.2.154",
+ "libc 0.2.159",
 ]
 
 [[package]]
@@ -5068,7 +4989,7 @@ dependencies = [
  "thiserror",
  "tokio",
  "tokio-serde",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tracing",
  "tracing-opentelemetry",
  "tracing-subscriber",
@@ -5174,16 +5095,10 @@ dependencies = [
  "thiserror",
  "tokio",
  "tokio-stream",
- "tokio-util 0.7.10",
+ "tokio-util",
  "url",
 ]
 
-[[package]]
-name = "textwrap"
-version = "0.16.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9"
-
 [[package]]
 name = "thiserror"
 version = "1.0.63"
@@ -5322,7 +5237,7 @@ checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
 dependencies = [
  "backtrace",
  "bytes",
- "libc 0.2.154",
+ "libc 0.2.159",
  "mio",
  "num_cpus",
  "parking_lot",
@@ -5428,23 +5343,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-util"
-version = "0.6.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36943ee01a6d67977dd3f84a5a1d2efeb4ada3a1ae771cadfaa535d9d9fc6507"
-dependencies = [
- "bytes",
- "futures-core",
- "futures-sink",
- "log",
- "pin-project-lite",
- "tokio",
-]
-
-[[package]]
-name = "tokio-util"
-version = "0.7.10"
+version = "0.7.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15"
+checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a"
 dependencies = [
  "bytes",
  "futures-core",
@@ -5454,16 +5355,18 @@ dependencies = [
  "pin-project-lite",
  "slab",
  "tokio",
- "tracing",
 ]
 
 [[package]]
 name = "toml"
-version = "0.5.11"
+version = "0.8.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
+checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
 dependencies = [
  "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_edit 0.22.20",
 ]
 
 [[package]]
@@ -5471,6 +5374,9 @@ name = "toml_datetime"
 version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
+dependencies = [
+ "serde",
+]
 
 [[package]]
 name = "toml_edit"
@@ -5480,7 +5386,20 @@ checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421"
 dependencies = [
  "indexmap 2.2.6",
  "toml_datetime",
- "winnow",
+ "winnow 0.5.40",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.22.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "583c44c02ad26b0c3f3066fe629275e50627026c51ac2e595cca4c230ce1ce1d"
+dependencies = [
+ "indexmap 2.2.6",
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "winnow 0.6.20",
 ]
 
 [[package]]
@@ -5525,7 +5444,7 @@ dependencies = [
  "rand 0.8.5",
  "slab",
  "tokio",
- "tokio-util 0.7.10",
+ "tokio-util",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -5721,6 +5640,12 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
 [[package]]
 name = "uuid"
 version = "1.7.0"
@@ -5745,9 +5670,9 @@ checksum = "5a84c137d37ab0142f0f2ddfe332651fdbf252e7b7dbb4e67b6c1f1b2e925101"
 
 [[package]]
 name = "value-trait"
-version = "0.8.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dad8db98c1e677797df21ba03fca7d3bf9bec3ca38db930954e4fe6e1ea27eb4"
+checksum = "bcaa56177466248ba59d693a048c0959ddb67f1151b963f904306312548cf392"
 dependencies = [
  "float-cmp",
  "halfbrown",
@@ -5958,15 +5883,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
-[[package]]
-name = "windows"
-version = "0.48.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f"
-dependencies = [
- "windows-targets 0.48.5",
-]
-
 [[package]]
 name = "windows"
 version = "0.51.1"
@@ -5992,7 +5908,7 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
 dependencies = [
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -6025,7 +5941,7 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
 dependencies = [
- "windows-targets 0.52.0",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -6045,17 +5961,18 @@ dependencies = [
 
 [[package]]
 name = "windows-targets"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
 dependencies = [
- "windows_aarch64_gnullvm 0.52.0",
- "windows_aarch64_msvc 0.52.0",
- "windows_i686_gnu 0.52.0",
- "windows_i686_msvc 0.52.0",
- "windows_x86_64_gnu 0.52.0",
- "windows_x86_64_gnullvm 0.52.0",
- "windows_x86_64_msvc 0.52.0",
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
 ]
 
 [[package]]
@@ -6072,9 +5989,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
 
 [[package]]
 name = "windows_aarch64_gnullvm"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
 
 [[package]]
 name = "windows_aarch64_msvc"
@@ -6090,9 +6007,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
 
 [[package]]
 name = "windows_aarch64_msvc"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
 
 [[package]]
 name = "windows_i686_gnu"
@@ -6108,9 +6025,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
 
 [[package]]
 name = "windows_i686_gnu"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
 
 [[package]]
 name = "windows_i686_msvc"
@@ -6126,9 +6049,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
 
 [[package]]
 name = "windows_i686_msvc"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
 
 [[package]]
 name = "windows_x86_64_gnu"
@@ -6144,9 +6067,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
 
 [[package]]
 name = "windows_x86_64_gnu"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
 
 [[package]]
 name = "windows_x86_64_gnullvm"
@@ -6162,9 +6085,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
 
 [[package]]
 name = "windows_x86_64_gnullvm"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
 
 [[package]]
 name = "windows_x86_64_msvc"
@@ -6180,9 +6103,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
 
 [[package]]
 name = "windows_x86_64_msvc"
-version = "0.52.0"
+version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
 name = "winnow"
@@ -6193,6 +6116,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "winnow"
+version = "0.6.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "x86"
 version = "0.47.0"
diff --git a/README.md b/README.md
index 8cf63e41fe..2ef4e62224 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Visit the [PHP tracer documentation](https://docs.datadoghq.com/tracing/language
 
 #### Installation from PECL (datadog_trace) or from source
 
-Compilation of the tracer and the profiler requires cargo to be installed. Ensure that cargo is minimum version 1.71.0, otherwise follow the [official instructions for installing cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html).
+Compilation of the tracer and the profiler requires cargo to be installed. Ensure that cargo is minimum version 1.76.0, otherwise follow the [official instructions for installing cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html).
 
 ### Advanced configuration
 
diff --git a/appsec/src/extension/commands/client_init.c b/appsec/src/extension/commands/client_init.c
index a20513129d..20cbef6502 100644
--- a/appsec/src/extension/commands/client_init.c
+++ b/appsec/src/extension/commands/client_init.c
@@ -58,9 +58,9 @@ static dd_result _pack_command(
         bool has_rules_file = rules_file && *rules_file;
 
         if (!has_rules_file) {
-            mlog(dd_log_info,
+            mlog(dd_log_debug,
                 "datadog.appsec.rules was not provided. The helper "
-                "will atttempt to use the default file");
+                "will atttempt to use the default file/remote config");
         }
         dd_mpack_write_nullable_cstr(w, rules_file);
     }
diff --git a/appsec/src/extension/commands/config_sync.c b/appsec/src/extension/commands/config_sync.c
index c7fcbddd58..40e1a9d235 100644
--- a/appsec/src/extension/commands/config_sync.c
+++ b/appsec/src/extension/commands/config_sync.c
@@ -9,6 +9,7 @@
 
 #include "../commands_helpers.h"
 #include "../ddtrace.h"
+#include "../logging.h"
 #include "../msgpack_helpers.h"
 #include "config_sync.h"
 #include <mpack.h>
@@ -29,6 +30,10 @@ static const dd_command_spec _spec = {
 dd_result dd_config_sync(
     dd_conn *nonnull conn, const struct config_sync_data *nonnull data)
 {
+    mlog_g(dd_log_debug,
+        "Sending config sync request to the helper with path %s",
+        data->rem_cfg_path);
+
     return dd_command_exec(conn, &_spec, (void *)data);
 }
 
diff --git a/appsec/src/extension/ddappsec.c b/appsec/src/extension/ddappsec.c
index eb840d940a..f886165ff8 100644
--- a/appsec/src/extension/ddappsec.c
+++ b/appsec/src/extension/ddappsec.c
@@ -254,21 +254,6 @@ void dd_appsec_rinit_once()
     pthread_once(&_rinit_once_control, _rinit_once);
 }
 
-static void _warn_on_empty_service_or_env()
-{
-    if (!get_global_DD_APPSEC_TESTING() && get_DD_REMOTE_CONFIG_ENABLED() &&
-        DDAPPSEC_G(enabled) != APPSEC_FULLY_DISABLED &&
-        (zend_string_equals_literal(get_DD_ENV(), "") ||
-            zend_string_equals_literal(get_DD_SERVICE(), ""))) {
-        mlog(dd_log_warning,
-            "AppSec is not disabled and Datadog service or env is empty. "
-            "Please set DD_SERVICE and DD_ENV rather than setting the "
-            "corresponding properties on the root span. Otherwise, remote "
-            "configuration for AppSec will use service=unnamed-php-service and "
-            "env=none");
-    }
-}
-
 // NOLINTNEXTLINE
 static PHP_RINIT_FUNCTION(ddappsec)
 {
@@ -281,7 +266,6 @@ static PHP_RINIT_FUNCTION(ddappsec)
     dd_appsec_rinit_once();
     zai_config_rinit();
     _check_enabled();
-    _warn_on_empty_service_or_env();
 
     if (DDAPPSEC_G(enabled) == APPSEC_FULLY_DISABLED) {
         return SUCCESS;
diff --git a/appsec/src/extension/request_lifecycle.c b/appsec/src/extension/request_lifecycle.c
index 3aa826d903..69a6be898d 100644
--- a/appsec/src/extension/request_lifecycle.c
+++ b/appsec/src/extension/request_lifecycle.c
@@ -47,6 +47,7 @@ static THREAD_LOCAL_ON_ZTS zend_array *nullable _superglob_equiv;
 static THREAD_LOCAL_ON_ZTS zend_string *nullable _client_ip;
 static THREAD_LOCAL_ON_ZTS zval _blocking_function;
 static THREAD_LOCAL_ON_ZTS bool _shutdown_done_on_commit;
+static THREAD_LOCAL_ON_ZTS bool _empty_service_or_env;
 #define MAX_LENGTH_OF_REM_CFG_PATH 31
 static THREAD_LOCAL_ON_ZTS char
     _last_rem_cfg_path[MAX_LENGTH_OF_REM_CFG_PATH + 1];
@@ -104,6 +105,9 @@ void dd_req_lifecycle_rinit(bool force)
         return;
     }
 
+    _empty_service_or_env = zend_string_equals_literal(get_DD_ENV(), "") ||
+                            zend_string_equals_literal(get_DD_SERVICE(), "");
+
     _set_cur_span(dd_trace_get_active_root_span());
     if (!_cur_req_span) {
         mlog(dd_log_debug, "No root span available on request init");
@@ -128,8 +132,13 @@ static zend_array *nullable _do_request_begin_user_req(zval *nullable rbe_zv)
     return _do_request_begin(rbe_zv, true);
 }
 
-static bool _rem_cfg_path_changed()
+static bool _rem_cfg_path_changed(bool ignore_empty /* called from rinit */)
 {
+    if (ignore_empty && _empty_service_or_env &&
+        _last_rem_cfg_path[0] != '\0') {
+        return false;
+    }
+
     const char *cur_path = dd_trace_remote_config_get_path();
     if (!cur_path) {
         cur_path = "";
@@ -184,7 +193,7 @@ static zend_array *nullable _do_request_begin(
     }
 
     int res = dd_success;
-    if (_rem_cfg_path_changed() ||
+    if (_rem_cfg_path_changed(true) ||
         (!DDAPPSEC_G(active) &&
             DDAPPSEC_G(enabled) == APPSEC_ENABLED_VIA_REMCFG)) {
         res = dd_config_sync(conn,
@@ -253,6 +262,27 @@ void dd_req_lifecycle_rshutdown(bool ignore_verdict, bool force)
         _do_request_finish_php(ignore_verdict);
         // _rest_globals already called
     }
+
+    // if we don't have service/env, our only chance to update the remote config
+    // path is rshutdown because ddtrace's rinit is called before ours and it
+    // resets the path
+    if (_empty_service_or_env && _rem_cfg_path_changed(false)) {
+        mlog_g(dd_log_debug, "No DD_SERVICE/DD_ENV; trying to sync remote "
+                             "config path on rshutdown");
+        dd_conn *conn = dd_helper_mgr_cur_conn();
+        if (conn == NULL) {
+            mlog_g(dd_log_debug,
+                "No connection to the helper for rshutdown config sync");
+        } else {
+            dd_result res = dd_config_sync(conn,
+                &(struct config_sync_data){.rem_cfg_path = _last_rem_cfg_path});
+            if (res) {
+                mlog_g(dd_log_info,
+                    "Failed to sync remote config path on rshutdown: %s",
+                    dd_result_to_string(res));
+            }
+        }
+    }
 }
 
 static void _do_request_finish_php(bool ignore_verdict)
diff --git a/appsec/src/helper/client.cpp b/appsec/src/helper/client.cpp
index 17b9470176..545c6005bb 100644
--- a/appsec/src/helper/client.cpp
+++ b/appsec/src/helper/client.cpp
@@ -448,10 +448,17 @@ void client::update_remote_config_path(std::string_view path,
         return;
     }
 
-    SPDLOG_INFO("Remote config path changed to {}, recreating service", path);
     remote_config::settings rc_settings;
-    rc_settings.enabled = true;
-    rc_settings.shmem_path = path;
+    if (path.empty()) {
+        SPDLOG_INFO("Remote config path is empty, recreating service with "
+                    "disabled remote config");
+        rc_settings.enabled = false;
+    } else {
+        SPDLOG_INFO(
+            "Remote config path changed to {}, recreating service", path);
+        rc_settings.enabled = true;
+        rc_settings.shmem_path = path;
+    }
 
     service_ = service_manager_->create_service(
         *engine_settings_, rc_settings, meta, metrics, true);
diff --git a/appsec/src/helper/remote_config/listeners/asm_features_listener.hpp b/appsec/src/helper/remote_config/listeners/asm_features_listener.hpp
index 9ca500549c..d18aed760a 100644
--- a/appsec/src/helper/remote_config/listeners/asm_features_listener.hpp
+++ b/appsec/src/helper/remote_config/listeners/asm_features_listener.hpp
@@ -20,6 +20,7 @@ class asm_features_listener : public listener_base {
     void on_update(const config &config) override;
     void on_unapply(const config & /*config*/) override
     {
+        SPDLOG_DEBUG("reset ASM activation status");
         service_config_->unset_asm();
     }
 
diff --git a/appsec/src/helper/service_config.hpp b/appsec/src/helper/service_config.hpp
index 475ddf8a37..50f277fb45 100644
--- a/appsec/src/helper/service_config.hpp
+++ b/appsec/src/helper/service_config.hpp
@@ -8,16 +8,46 @@
 #include <atomic>
 #include <map>
 #include <optional>
+#include <spdlog/spdlog.h>
 #include <unordered_map>
 
 namespace dds {
 
 enum class enable_asm_status : unsigned { NOT_SET = 0, ENABLED, DISABLED };
 
+inline std::string_view to_string_view(enable_asm_status status)
+{
+    if (status == enable_asm_status::NOT_SET) {
+        return "NOT_SET";
+    }
+    if (status == enable_asm_status::ENABLED) {
+        return "ENABLED";
+    }
+    if (status == enable_asm_status::DISABLED) {
+        return "DISABLED";
+    }
+    return "UNKNOWN";
+}
+
 struct service_config {
-    void enable_asm() { asm_enabled = enable_asm_status::ENABLED; }
-    void disable_asm() { asm_enabled = enable_asm_status::DISABLED; }
-    void unset_asm() { asm_enabled = enable_asm_status::NOT_SET; }
+    void enable_asm()
+    {
+        SPDLOG_DEBUG("Enabling ASM, previous state: {}", asm_enabled);
+        asm_enabled = enable_asm_status::ENABLED;
+    }
+
+    void disable_asm()
+    {
+        SPDLOG_DEBUG("Disabling ASM, previous state: {}", asm_enabled);
+        asm_enabled = enable_asm_status::DISABLED;
+    }
+
+    void unset_asm()
+    {
+        SPDLOG_DEBUG("Unsetting ASM status, previous state: {}", asm_enabled);
+        asm_enabled = enable_asm_status::NOT_SET;
+    }
+
     enable_asm_status get_asm_enabled_status() { return asm_enabled; }
 
 protected:
diff --git a/appsec/src/helper/subscriber/waf.cpp b/appsec/src/helper/subscriber/waf.cpp
index 4a5062c006..0b843f63a7 100644
--- a/appsec/src/helper/subscriber/waf.cpp
+++ b/appsec/src/helper/subscriber/waf.cpp
@@ -78,7 +78,7 @@ DDWAF_LOG_LEVEL spdlog_level_to_ddwaf(spdlog::level::level_enum level)
     case spdlog::level::trace:
         return DDWAF_LOG_TRACE;
     case spdlog::level::debug:
-        return DDWAF_LOG_DEBUG;
+    // libddwaf is too verbose at debug level
     case spdlog::level::info:
         return DDWAF_LOG_INFO;
     case spdlog::level::warn:
@@ -101,10 +101,8 @@ void log_cb(DDWAF_LOG_LEVEL level, const char *function, const char *file,
     auto new_level = spdlog::level::off;
     switch (level) {
     case DDWAF_LOG_TRACE:
-        new_level = spdlog::level::trace;
-        break;
     case DDWAF_LOG_DEBUG:
-        new_level = spdlog::level::debug;
+        new_level = spdlog::level::trace;
         break;
     case DDWAF_LOG_INFO:
         new_level = spdlog::level::info;
diff --git a/appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/mock_agent/TracesV04Handler.groovy b/appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/mock_agent/TracesV04Handler.groovy
index b6882c8dc3..8168387842 100644
--- a/appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/mock_agent/TracesV04Handler.groovy
+++ b/appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/mock_agent/TracesV04Handler.groovy
@@ -69,6 +69,7 @@ class TracesV04Handler implements Handler {
             }
             if (capturedTraces.size() == 0) {
                 log.info("Waiting up to $timeoutInMs ms for a trace")
+                long before = System.currentTimeMillis()
                 capturedTraces.wait(timeoutInMs)
                 if (savedError) {
                     throw new AssertionError('Error in mock agent http thread', savedError)
@@ -76,7 +77,7 @@ class TracesV04Handler implements Handler {
                 if (capturedTraces.size() == 0) {
                     throw new AssertionError("No trace gotten within $timeoutInMs ms" as Object)
                 } else {
-                    log.info('Wait finished. Last gotten: {}', capturedTraces.last())
+                    log.info('Wait finished after {} ms', System.currentTimeMillis() - before)
                     if (capturedTraces.size() > 1) {
                         log.info("There are a total of ${capturedTraces.size()} traces stored")
                     }
diff --git a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/RemoteConfigTests.groovy b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/RemoteConfigTests.groovy
index b06027dca1..0ca7be22f3 100644
--- a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/RemoteConfigTests.groovy
+++ b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/RemoteConfigTests.groovy
@@ -327,25 +327,26 @@ class RemoteConfigTests {
 
         doReq.call(200, '/hello.php', ['User-agent': 'dd-test-scanner-log-block'])
 
-        // changes env at the end of the request. The new rem cfg path is not transmitted
-        // to helper because appsec transmit rc path on req init
-        doReq.call(200, '/change_env.php?env=another-env')
-
-        // new rem cfg path is transmitted to the helper on config_sync
+        // changes env during the the request. The new rem cfg path is transmitted on a
+        // config_sync on rshutdown
         doReq.call(200, '/change_env.php?env=another-env')
 
+        // enable appsec for another-env
         applyRemoteConfig(newTarget, [
-                'datadog/2/ASM_FEATURES/asm_features_activation/config': [asm: [enabled: true]]])
+                'datadog/2/ASM_FEATURES/asm_features_activation2/config': [asm: [enabled: true]]])
 
         def status = doReq.call(null, '/hello.php', ['User-agent': 'dd-test-scanner-log-block'])
-        if (status == 200) {
-            assumeTrue(false, "Test fails because env of rc client is reset on ddtrace_sidecar_rinit(), " +
-                    "which runs before appsec rinit")
-        }
+        assert status == 403
+
+        // last request reset the target to INITIAL_TARGET, where appsec is disabled
+        // after this request, the target is reset to newTarget
+        status = doReq.call(null, '/change_env.php?env=another-env&ini', ['User-agent': 'dd-test-scanner-log-block'])
+        assert status == 200
+
+        status = doReq.call(null, '/hello.php', ['User-agent': 'dd-test-scanner-log-block'])
         assert status == 403
 
         dropRemoteConfig(INITIAL_TARGET)
-        dropRemoteConfig(newTarget)
     }
 
     private RemoteConfigRequest applyRemoteConfig(Target target, Map<String, Map> files) {
diff --git a/appsec/tests/integration/src/test/www/base/public/change_env.php b/appsec/tests/integration/src/test/www/base/public/change_env.php
index 129a83b2fd..d40f4b1818 100644
--- a/appsec/tests/integration/src/test/www/base/public/change_env.php
+++ b/appsec/tests/integration/src/test/www/base/public/change_env.php
@@ -1,7 +1,10 @@
 <?php
 
 $root_span = \DDTrace\root_span();
-sleep(1);
-$root_span->env = $_GET['env'];
+if (key_exists('ini', $_GET)) {
+    ini_set('datadog.env', $_GET['env']);
+} else {
+    $root_span->env = $_GET['env'];
+}
 
 var_dump($root_span);
diff --git a/components-rs/Cargo.toml b/components-rs/Cargo.toml
index 824e09eeb5..22d247cd9e 100644
--- a/components-rs/Cargo.toml
+++ b/components-rs/Cargo.toml
@@ -25,7 +25,7 @@ anyhow = { version = "1.0" }
 const-str = "0.5.6"
 itertools = "0.11.0"
 serde = "1.0.196"
-simd-json = "0.13.8"
+simd-json = "0.14.1"
 serde_with = "3.6.0"
 lazy_static = "1.4"
 log = "0.4.20"
@@ -45,4 +45,4 @@ regex = "1.10.5"
 regex-automata = "0.4.5"
 
 [build-dependencies]
-cbindgen = "0.26"
+cbindgen = "0.27"
diff --git a/components-rs/common.h b/components-rs/common.h
index 4d0bfaf234..99d9c66a7c 100644
--- a/components-rs/common.h
+++ b/components-rs/common.h
@@ -411,6 +411,11 @@ typedef struct ddog_Vec_CChar {
   uintptr_t capacity;
 } ddog_Vec_CChar;
 
+typedef struct ddog_Tag {
+  ddog_CharSlice name;
+  const struct ddog_DslString *value;
+} ddog_Tag;
+
 typedef enum ddog_IntermediateValue_Tag {
   DDOG_INTERMEDIATE_VALUE_STRING,
   DDOG_INTERMEDIATE_VALUE_NUMBER,
@@ -508,11 +513,6 @@ typedef struct ddog_LogProbe {
   uint32_t sampling_snapshots_per_second;
 } ddog_LogProbe;
 
-typedef struct ddog_Tag {
-  ddog_CharSlice name;
-  const struct ddog_DslString *value;
-} ddog_Tag;
-
 typedef struct ddog_SpanProbeTag {
   struct ddog_Tag tag;
   bool next_condition;
diff --git a/components-rs/ddtrace.h b/components-rs/ddtrace.h
index 8bef6a8387..d1cb950c81 100644
--- a/components-rs/ddtrace.h
+++ b/components-rs/ddtrace.h
@@ -183,7 +183,8 @@ struct ddog_Vec_CChar *ddog_CharSlice_to_owned(ddog_CharSlice str);
 bool ddog_remote_configs_service_env_change(struct ddog_RemoteConfigState *remote_config,
                                             ddog_CharSlice service,
                                             ddog_CharSlice env,
-                                            ddog_CharSlice version);
+                                            ddog_CharSlice version,
+                                            const struct ddog_Vec_Tag *tags);
 
 bool ddog_remote_config_alter_dynamic_config(struct ddog_RemoteConfigState *remote_config,
                                              ddog_CharSlice config,
diff --git a/components-rs/remote_config.rs b/components-rs/remote_config.rs
index 7952c37353..b0fce241bc 100644
--- a/components-rs/remote_config.rs
+++ b/components-rs/remote_config.rs
@@ -28,6 +28,7 @@ use std::ffi::c_char;
 use std::mem;
 use std::sync::Arc;
 use tracing::debug;
+use ddcommon::tag::Tag;
 
 type DynamicConfigUpdate = for<'a> extern "C" fn(
     config: CharSlice,
@@ -415,11 +416,13 @@ pub extern "C" fn ddog_remote_configs_service_env_change(
     service: CharSlice,
     env: CharSlice,
     version: CharSlice,
+    tags: &ddcommon_ffi::Vec<Tag>,
 ) -> bool {
     let new_target = Target {
         service: service.to_utf8_lossy().to_string(),
         env: env.to_utf8_lossy().to_string(),
         app_version: version.to_utf8_lossy().to_string(),
+        tags: tags.as_slice().to_vec(),
     };
 
     if let Some(target) = remote_config.manager.get_target() {
diff --git a/components-rs/sidecar.h b/components-rs/sidecar.h
index 955cfeb8fe..d68d2d4901 100644
--- a/components-rs/sidecar.h
+++ b/components-rs/sidecar.h
@@ -66,6 +66,7 @@ struct ddog_RemoteConfigReader *ddog_remote_config_reader_for_endpoint(const ddo
                                                                        ddog_CharSlice service_name,
                                                                        ddog_CharSlice env_name,
                                                                        ddog_CharSlice app_version,
+                                                                       const struct ddog_Vec_Tag *tags,
                                                                        const enum ddog_RemoteConfigProduct *remote_config_products,
                                                                        uintptr_t remote_config_products_count,
                                                                        const enum ddog_RemoteConfigCapabilities *remote_config_capabilities,
diff --git a/ext/ddtrace.c b/ext/ddtrace.c
index 9578861dbb..68572086d4 100644
--- a/ext/ddtrace.c
+++ b/ext/ddtrace.c
@@ -371,28 +371,38 @@ bool ddtrace_alter_sampling_rules_file_config(zval *old_value, zval *new_value,
     return dd_save_sampling_rules_file_config(Z_STR_P(new_value), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 }
 
-static inline bool dd_alter_prop(size_t prop_offset, zval *old_value, zval *new_value, zend_string *new_str) {
+static inline void dd_alter_prop(size_t prop_offset, zval *old_value, zval *new_value, zend_string *new_str) {
     UNUSED(old_value, new_str);
 
     ddtrace_span_properties *pspan = ddtrace_active_span_props();
     while (pspan) {
-        zval *property = (zval*)(prop_offset + (char*)pspan), garbage = *property;
+        zval *property = (zval *) (prop_offset + (char *) pspan), garbage = *property;
         ZVAL_COPY(property, new_value);
         zval_ptr_dtor(&garbage);
         pspan = pspan->parent;
     }
-
-    return true;
 }
 
 bool ddtrace_alter_dd_service(zval *old_value, zval *new_value, zend_string *new_str) {
-    return dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_service), old_value, new_value, new_str);
+    dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_service), old_value, new_value, new_str);
+    if (DDTRACE_G(request_initialized)) {
+        ddtrace_sidecar_submit_root_span_data_direct(NULL, new_str, get_DD_ENV(), get_DD_VERSION());
+    }
+    return true;
 }
 bool ddtrace_alter_dd_env(zval *old_value, zval *new_value, zend_string *new_str) {
-    return dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_env), old_value, new_value, new_str);
+    dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_env), old_value, new_value, new_str);
+    if (DDTRACE_G(request_initialized)) {
+        ddtrace_sidecar_submit_root_span_data_direct(NULL, get_DD_SERVICE(), new_str, get_DD_VERSION());
+    }
+    return true;
 }
 bool ddtrace_alter_dd_version(zval *old_value, zval *new_value, zend_string *new_str) {
-    return dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_version), old_value, new_value, new_str);
+    dd_alter_prop(XtOffsetOf(ddtrace_span_properties, property_version), old_value, new_value, new_str);
+    if (DDTRACE_G(request_initialized)) {
+        ddtrace_sidecar_submit_root_span_data_direct(NULL, get_DD_SERVICE(), get_DD_ENV(), new_str);
+    }
+    return true;
 }
 
 static zend_module_entry *dd_appsec_module() { return zend_hash_str_find_ptr(&module_registry, "ddappsec", sizeof("ddappsec") - 1); }
@@ -484,7 +494,7 @@ static void ddtrace_activate(void) {
         ddtrace_sidecar_ensure_active();
     }
 
-    ddtrace_sidecar_rinit();
+    ddtrace_sidecar_activate();
 
     zend_string *sampling_rules_file = get_DD_SPAN_SAMPLING_RULES_FILE();
     if (ZSTR_LEN(sampling_rules_file) > 0 && !zend_string_equals(get_global_DD_SPAN_SAMPLING_RULES_FILE(), sampling_rules_file)) {
@@ -1497,6 +1507,8 @@ static void dd_initialize_request(void) {
     zend_hash_init(&DDTRACE_G(propagated_root_span_tags), 8, unused, ZVAL_PTR_DTOR, 0);
     zend_hash_init(&DDTRACE_G(tracestate_unknown_dd_keys), 8, unused, ZVAL_PTR_DTOR, 0);
 
+    ddtrace_sidecar_rinit();
+
     // Things that should only run on the first RINIT after each minit.
     pthread_once(&dd_rinit_once_control, dd_rinit_once);
 
@@ -1692,6 +1704,8 @@ static PHP_RSHUTDOWN_FUNCTION(ddtrace) {
     }
 
     dd_finalize_sidecar_lifecycle();
+    DDTRACE_G(request_initialized) = false;
+
     ddtrace_telemetry_rshutdown();
     ddtrace_sidecar_rshutdown();
 
@@ -1723,7 +1737,6 @@ zend_result ddtrace_post_deactivate(void) {
     // zai config may be accessed indirectly via other modules RSHUTDOWN, so delay this until the last possible time
     zai_config_rshutdown();
 
-    DDTRACE_G(request_initialized) = false;
     return SUCCESS;
 }
 
diff --git a/ext/git.c b/ext/git.c
index cd90158116..343f1752e3 100644
--- a/ext/git.c
+++ b/ext/git.c
@@ -225,6 +225,7 @@ zend_string* get_current_working_directory() {
         return get_directory_from_path_translated();
     }
 
+    zend_is_auto_global_str(ZEND_STRL("_SERVER"));
     zval *_server_zv = &PG(http_globals)[TRACK_VARS_SERVER];
     zval *script_filename = zend_hash_str_find(Z_ARRVAL_P(_server_zv), ZEND_STRL("SCRIPT_FILENAME"));
 
diff --git a/ext/sidecar.c b/ext/sidecar.c
index f3d5d6037e..443a5c18ce 100644
--- a/ext/sidecar.c
+++ b/ext/sidecar.c
@@ -317,7 +317,11 @@ void ddtrace_sidecar_dogstatsd_set(zend_string *metric, zend_long value, zval *t
     ddog_Vec_Tag_drop(vec);
 }
 
-void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root) {
+void ddtrace_sidecar_submit_root_span_data_direct_defaults(ddtrace_root_span_data *root) {
+    ddtrace_sidecar_submit_root_span_data_direct(root, get_DD_SERVICE(), get_DD_ENV(), get_DD_VERSION());
+}
+
+void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root, zend_string *cfg_service, zend_string *cfg_env, zend_string *cfg_version) {
     if (!ddtrace_sidecar || !get_global_DD_REMOTE_CONFIG_ENABLED()) {
         return;
     }
@@ -329,8 +333,8 @@ void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root)
         if (Z_TYPE_P(service) == IS_STRING && Z_STRLEN_P(service) > 0) {
             service_slice = dd_zend_string_to_CharSlice(Z_STR_P(service));
         }
-    } else if (ZSTR_LEN(get_DD_SERVICE())) {
-        service_slice = dd_zend_string_to_CharSlice(get_DD_SERVICE());
+    } else if (ZSTR_LEN(cfg_service)) {
+        service_slice = dd_zend_string_to_CharSlice(cfg_service);
     } else {
         free_string = ddtrace_default_service_name();
         service_slice = dd_zend_string_to_CharSlice(free_string);
@@ -345,8 +349,8 @@ void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root)
         if (Z_TYPE_P(env) == IS_STRING && Z_STRLEN_P(env) > 0) {
             env_slice = dd_zend_string_to_CharSlice(Z_STR_P(env));
         }
-    } else if (ZSTR_LEN(get_DD_ENV())) {
-        env_slice = dd_zend_string_to_CharSlice(get_DD_ENV());
+    } else if (ZSTR_LEN(cfg_env)) {
+        env_slice = dd_zend_string_to_CharSlice(cfg_env);
     }
 
     ddog_CharSlice version_slice = DDOG_CHARSLICE_C("");
@@ -358,13 +362,13 @@ void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root)
         if (version && Z_TYPE_P(version) == IS_STRING && Z_STRLEN_P(version) > 0) {
             version_slice = dd_zend_string_to_CharSlice(Z_STR_P(version));
         }
-    } else if (ZSTR_LEN(get_DD_VERSION())) {
-        version_slice = dd_zend_string_to_CharSlice(get_DD_VERSION());
+    } else if (ZSTR_LEN(cfg_version)) {
+        version_slice = dd_zend_string_to_CharSlice(cfg_version);
     }
 
     bool changed = true;
     if (DDTRACE_G(remote_config_state)) {
-        changed = ddog_remote_configs_service_env_change(DDTRACE_G(remote_config_state), service_slice, env_slice, version_slice);
+        changed = ddog_remote_configs_service_env_change(DDTRACE_G(remote_config_state), service_slice, env_slice, version_slice, &DDTRACE_G(active_global_tags));
     }
     if (changed || !root) {
         ddog_sidecar_set_remote_config_data(&ddtrace_sidecar, ddtrace_sidecar_instance_id, &DDTRACE_G(sidecar_queue_id), service_slice, env_slice, version_slice, &DDTRACE_G(active_global_tags));
@@ -379,7 +383,7 @@ void ddtrace_sidecar_submit_root_span_data(void) {
     if (DDTRACE_G(active_stack)) {
         ddtrace_root_span_data *root = DDTRACE_G(active_stack)->root_span;
         if (root) {
-            ddtrace_sidecar_submit_root_span_data_direct(root);
+            ddtrace_sidecar_submit_root_span_data_direct_defaults(root);
         }
     }
 }
@@ -394,7 +398,7 @@ void ddtrace_sidecar_send_debugger_datum(ddog_DebuggerPayload *payload) {
     ddog_sidecar_send_debugger_datum(&ddtrace_sidecar, ddtrace_sidecar_instance_id, DDTRACE_G(sidecar_queue_id), payload);
 }
 
-void ddtrace_sidecar_rinit(void) {
+void ddtrace_sidecar_activate(void) {
     DDTRACE_G(sidecar_queue_id) = ddog_sidecar_queueId_generate();
 
     DDTRACE_G(active_global_tags) = ddog_Vec_Tag_new();
@@ -403,7 +407,28 @@ void ddtrace_sidecar_rinit(void) {
     ZEND_HASH_FOREACH_STR_KEY_VAL(get_DD_TAGS(), tag, value) {
         UNUSED(ddog_Vec_Tag_push(&DDTRACE_G(active_global_tags), dd_zend_string_to_CharSlice(tag), dd_zend_string_to_CharSlice(Z_STR_P(value))));
     } ZEND_HASH_FOREACH_END();
-    ddtrace_sidecar_submit_root_span_data_direct(NULL);
+}
+
+void ddtrace_sidecar_rinit(void) {
+    if (get_DD_TRACE_GIT_METADATA_ENABLED()) {
+        zval git_object;
+        ZVAL_UNDEF(&git_object);
+        ddtrace_inject_git_metadata(&git_object);
+        if (Z_TYPE(git_object) == IS_OBJECT) {
+            ddtrace_git_metadata *git_metadata = (ddtrace_git_metadata *) Z_OBJ(git_object);
+            if (Z_TYPE(git_metadata->property_commit) == IS_STRING) {
+                UNUSED(ddog_Vec_Tag_push(&DDTRACE_G(active_global_tags), DDOG_CHARSLICE_C("DD_GIT_COMMIT_SHA"),
+                                         dd_zend_string_to_CharSlice(Z_STR(git_metadata->property_commit))));
+            }
+            if (Z_TYPE(git_metadata->property_repository) == IS_STRING) {
+                UNUSED(ddog_Vec_Tag_push(&DDTRACE_G(active_global_tags), DDOG_CHARSLICE_C("DD_GIT_REPOSITORY_URL"),
+                                         dd_zend_string_to_CharSlice(Z_STR(git_metadata->property_repository))));
+            }
+            OBJ_RELEASE(&git_metadata->std);
+        }
+    }
+
+    ddtrace_sidecar_submit_root_span_data_direct_defaults(NULL);
 }
 
 void ddtrace_sidecar_rshutdown(void) {
diff --git a/ext/sidecar.h b/ext/sidecar.h
index 57a22629aa..d860945f9f 100644
--- a/ext/sidecar.h
+++ b/ext/sidecar.h
@@ -16,10 +16,12 @@ void ddtrace_sidecar_submit_root_span_data(void);
 void ddtrace_sidecar_push_tag(ddog_Vec_Tag *vec, ddog_CharSlice key, ddog_CharSlice value);
 void ddtrace_sidecar_push_tags(ddog_Vec_Tag *vec, zval *tags);
 ddog_Endpoint *ddtrace_sidecar_agent_endpoint(void);
+void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root, zend_string *cfg_service, zend_string *cfg_env, zend_string *cfg_version);
 
 void ddtrace_sidecar_send_debugger_data(ddog_Vec_DebuggerPayload payloads);
 void ddtrace_sidecar_send_debugger_datum(ddog_DebuggerPayload *payload);
 
+void ddtrace_sidecar_activate(void);
 void ddtrace_sidecar_rinit(void);
 void ddtrace_sidecar_rshutdown(void);
 
diff --git a/libdatadog b/libdatadog
index f363618c74..356f76a818 160000
--- a/libdatadog
+++ b/libdatadog
@@ -1 +1 @@
-Subproject commit f363618c74f039e77fece732e68b9f9faddd9113
+Subproject commit 356f76a818d164c954d2a09e54e2e8c41537a053
diff --git a/tests/ext/integrations/source_code/001/git_metadata_injection_from_valid_files.phpt b/tests/ext/integrations/source_code/001/git_metadata_injection_from_valid_files.phpt
index 064eec1f73..7bfdb7b9f2 100644
--- a/tests/ext/integrations/source_code/001/git_metadata_injection_from_valid_files.phpt
+++ b/tests/ext/integrations/source_code/001/git_metadata_injection_from_valid_files.phpt
@@ -3,7 +3,7 @@ Basic Git Metadata Injection from valid .git files (Repository URL & Commit Sha)
 --ENV--
 DD_TRACE_AUTO_FLUSH_ENABLED=0
 DD_TRACE_GENERATE_ROOT_SPAN=0
-DD_TRACE_GIT_METADATA_ENABLED=1
+DD_TRACE_GIT_METADATA_ENABLED=0
 --SKIPIF--
 <?php
 if (getenv('PHP_PEAR_RUNTESTS') === '1') die("skip: The pecl run-tests path is not in a git repository");
diff --git a/tests/ext/integrations/source_code/002/git_metadata_injection_from_invalid_files.phpt b/tests/ext/integrations/source_code/002/git_metadata_injection_from_invalid_files.phpt
index 1c292234cf..70cb01bc6c 100644
--- a/tests/ext/integrations/source_code/002/git_metadata_injection_from_invalid_files.phpt
+++ b/tests/ext/integrations/source_code/002/git_metadata_injection_from_invalid_files.phpt
@@ -3,7 +3,7 @@ Basic Git Metadata Injection from invalid .git files (Repository URL & Commit Sh
 --ENV--
 DD_TRACE_AUTO_FLUSH_ENABLED=0
 DD_TRACE_GENERATE_ROOT_SPAN=0
-DD_TRACE_GIT_METADATA_ENABLED=1
+DD_TRACE_GIT_METADATA_ENABLED=0
 --SKIPIF--
 <?php
 if (getenv('PHP_PEAR_RUNTESTS') === '1') die("skip: The pecl run-tests path is not in a git repository");

From f44e0931517c4059c9fcc0dcec97ef9149a7b707 Mon Sep 17 00:00:00 2001
From: Levi Morrison <levi.morrison@datadoghq.com>
Date: Sun, 13 Oct 2024 20:13:08 -0600
Subject: [PATCH 02/12] build(profiling): bump to Rust 1.76 (#2876)

The CI images were previously bumped to Rust 1.76.
---
 profiling/Cargo.toml                | 2 +-
 profiling/rust-toolchain.toml       | 2 +-
 profiling/src/profiling/uploader.rs | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/profiling/Cargo.toml b/profiling/Cargo.toml
index 6d3ea5a8c1..2f0794e186 100644
--- a/profiling/Cargo.toml
+++ b/profiling/Cargo.toml
@@ -3,7 +3,7 @@ name = "datadog-php-profiling"
 version = "0.0.0"
 edition = "2021"
 license = "Apache-2.0"
-rust-version = "1.71"
+rust-version = "1.76"
 
 [lib]
 crate-type = ["cdylib"]
diff --git a/profiling/rust-toolchain.toml b/profiling/rust-toolchain.toml
index b7105a83e1..83a52c3838 100644
--- a/profiling/rust-toolchain.toml
+++ b/profiling/rust-toolchain.toml
@@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.71"
+channel = "1.76"
diff --git a/profiling/src/profiling/uploader.rs b/profiling/src/profiling/uploader.rs
index aac911d21e..287ac08d58 100644
--- a/profiling/src/profiling/uploader.rs
+++ b/profiling/src/profiling/uploader.rs
@@ -69,8 +69,7 @@ impl Uploader {
         let agent_endpoint = &self.endpoint;
         let endpoint = Endpoint::try_from(agent_endpoint)?;
 
-        // This is the currently unstable Arc::unwrap_or_clone.
-        let tags = Some(Arc::try_unwrap(index.tags).unwrap_or_else(|arc| (*arc).clone()));
+        let tags = Some(Arc::unwrap_or_clone(index.tags));
         let exporter = datadog_profiling::exporter::ProfileExporter::new(
             profiling_library_name,
             profiling_library_version,

From 6751be972eb9092261cae1470344867d527114e9 Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Mon, 14 Oct 2024 04:23:19 +0200
Subject: [PATCH 03/12] Fix memory leak with sidecar trace sender (#2875)

And set LSAN_OPTIONS=fast_unwind_on_malloc=0 for more complete traces
---
 Makefile      | 5 +++--
 ext/ddtrace.c | 4 ++--
 ext/sidecar.c | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 2defe8b86f..a14c38532c 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,5 @@
 Q := @
+, := ,
 PROJECT_ROOT := ${PWD}
 TRACER_SOURCE_DIR := $(PROJECT_ROOT)/src/
 ASAN ?= $(shell ldd $(shell which php) 2>/dev/null | grep -q libasan && echo 1)
@@ -156,7 +157,7 @@ run_tests: $(TEST_FILES) $(TEST_STUB_FILES) $(BUILD_DIR)/run-tests.php
 	DD_TRACE_GIT_METADATA_ENABLED=0 $(RUN_TESTS_CMD) $(TESTS)
 
 test_c: $(SO_FILE) $(TEST_FILES) $(TEST_STUB_FILES) $(BUILD_DIR)/run-tests.php
-	$(if $(ASAN), USE_ZEND_ALLOC=0 USE_TRACKED_ALLOC=1) DD_TRACE_GIT_METADATA_ENABLED=0 $(RUN_TESTS_CMD) -d extension=$(SO_FILE) $(BUILD_DIR)/$(subst $(BUILD_DIR_NAME)/,,$(TESTS))
+	$(if $(ASAN), USE_ZEND_ALLOC=0 USE_TRACKED_ALLOC=1 LSAN_OPTIONS=fast_unwind_on_malloc=0$${LSAN_OPTIONS:+$(,)$${LSAN_OPTIONS}}) DD_TRACE_GIT_METADATA_ENABLED=0 $(RUN_TESTS_CMD) -d extension=$(SO_FILE) $(BUILD_DIR)/$(subst $(BUILD_DIR_NAME)/,,$(TESTS))
 
 test_c_coverage: dist_clean
 	DD_TRACE_DOCKER_DEBUG=1 EXTRA_CFLAGS="-fprofile-arcs -ftest-coverage" $(MAKE) test_c || exit 0
@@ -1405,7 +1406,7 @@ test_api_unit: composer.lock global_test_run_dependencies
 
 # Just test it does not crash, i.e. the exit code
 test_internal_api_randomized: $(SO_FILE)
-	$(if $(ASAN), USE_ZEND_ALLOC=0 USE_TRACKED_ALLOC=1) php -n -ddatadog.trace.cli_enabled=1 -d extension=$(SO_FILE) tests/internal-api-stress-test.php 2> >(grep -A 1000 ==============)
+	$(if $(ASAN), DD_TRACE_DEBUG=1 USE_ZEND_ALLOC=0 USE_TRACKED_ALLOC=1 LSAN_OPTIONS=fast_unwind_on_malloc=0$${LSAN_OPTIONS:+$(,)$${LSAN_OPTIONS}}) php -n -ddatadog.trace.cli_enabled=1 -d extension=$(SO_FILE) tests/internal-api-stress-test.php 2> >(grep -A 1000 ==============)
 
 composer.lock: composer.json
 	$(call run_composer_with_retry,,)
diff --git a/ext/ddtrace.c b/ext/ddtrace.c
index 68572086d4..0c9bd0771f 100644
--- a/ext/ddtrace.c
+++ b/ext/ddtrace.c
@@ -2475,7 +2475,7 @@ PHP_FUNCTION(dd_trace_internal_fn) {
             } else
 #endif
             if (ddtrace_sidecar) {
-                ddog_sidecar_flush_traces(&ddtrace_sidecar);
+                ddtrace_ffi_try("Failed synchronously flushing traces", ddog_sidecar_flush_traces(&ddtrace_sidecar));
             }
             RETVAL_TRUE;
 #ifndef _WIN32
@@ -2592,7 +2592,7 @@ PHP_FUNCTION(dd_trace_synchronous_flush) {
     } else
 #endif
     if (ddtrace_sidecar) {
-        ddog_sidecar_flush_traces(&ddtrace_sidecar);
+        ddtrace_ffi_try("Failed synchronously flushing traces", ddog_sidecar_flush_traces(&ddtrace_sidecar));
     }
     RETURN_NULL();
 }
diff --git a/ext/sidecar.c b/ext/sidecar.c
index 443a5c18ce..0157f6088b 100644
--- a/ext/sidecar.c
+++ b/ext/sidecar.c
@@ -371,7 +371,7 @@ void ddtrace_sidecar_submit_root_span_data_direct(ddtrace_root_span_data *root,
         changed = ddog_remote_configs_service_env_change(DDTRACE_G(remote_config_state), service_slice, env_slice, version_slice, &DDTRACE_G(active_global_tags));
     }
     if (changed || !root) {
-        ddog_sidecar_set_remote_config_data(&ddtrace_sidecar, ddtrace_sidecar_instance_id, &DDTRACE_G(sidecar_queue_id), service_slice, env_slice, version_slice, &DDTRACE_G(active_global_tags));
+        ddtrace_ffi_try("Failed sending remote config data", ddog_sidecar_set_remote_config_data(&ddtrace_sidecar, ddtrace_sidecar_instance_id, &DDTRACE_G(sidecar_queue_id), service_slice, env_slice, version_slice, &DDTRACE_G(active_global_tags)));
     }
 
     if (free_string) {

From 34bf51105ba2facb44b3cbf3e2a198d98f8a1f95 Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Mon, 14 Oct 2024 04:52:58 +0200
Subject: [PATCH 04/12] Support build with disabled zend signals (#2886)

I seem to have taken care about the globals, but missed zend_signal_handler_unblock.

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
---
 dockerfiles/verify_packages/Makefile          |  5 +++++
 .../test_alpine_zts_no_zend_signals.sh        | 19 +++++++++++++++++++
 ext/threads.c                                 |  4 ++++
 3 files changed, 28 insertions(+)
 create mode 100644 dockerfiles/verify_packages/installer/test_alpine_zts_no_zend_signals.sh

diff --git a/dockerfiles/verify_packages/Makefile b/dockerfiles/verify_packages/Makefile
index 1b68c99c0a..62dc483143 100644
--- a/dockerfiles/verify_packages/Makefile
+++ b/dockerfiles/verify_packages/Makefile
@@ -128,6 +128,11 @@ test_alpine_install_no_ext_curl_yes_curl_cli.sh \
 	@echo "################### $(@) ###################"
 	docker run --rm -ti -v $(shell pwd)/../../:/app --env-file $(shell pwd)/.env -e CIRCLECI --workdir=/app alpine:3.13 sh dockerfiles/verify_packages/installer/$(@)
 
+test_alpine_zts_no_zend_signals.sh \
+	: global_test_dependencies
+	@echo "################### $(@) ###################"
+	docker run --rm -ti -v $(shell pwd)/../../:/app --env-file $(shell pwd)/.env -e CIRCLECI --workdir=/app dunglas/frankenphp:php8.3.12-alpine sh dockerfiles/verify_packages/installer/$(@)
+
 test_alpine_no_libexecinfo.sh: global_test_dependencies
 	@echo "################### $(@) ###################"
 	docker run --rm -ti -v $(shell pwd)/../../:/app --env-file $(shell pwd)/.env -e CIRCLECI --workdir=/app php:7.4-cli-alpine sh dockerfiles/verify_packages/installer/$(@)
diff --git a/dockerfiles/verify_packages/installer/test_alpine_zts_no_zend_signals.sh b/dockerfiles/verify_packages/installer/test_alpine_zts_no_zend_signals.sh
new file mode 100644
index 0000000000..89ad78149e
--- /dev/null
+++ b/dockerfiles/verify_packages/installer/test_alpine_zts_no_zend_signals.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+set -e
+
+. "$(dirname ${0})/utils.sh"
+
+apk add libgcc
+
+# Initially no ddtrace
+assert_no_ddtrace
+
+# Install using the php installer
+version=$(cat VERSION)
+php ./build/packages/datadog-setup.php --enable-profiling --php-bin php
+assert_ddtrace_version "${version}"
+assert_profiler_version "${version}"
+assert_appsec_version "${version}"
+
+assert_sources_path_exists
diff --git a/ext/threads.c b/ext/threads.c
index d77e48b3da..a5cedbcec8 100644
--- a/ext/threads.c
+++ b/ext/threads.c
@@ -1,9 +1,11 @@
 #include "threads.h"
 #define zend_signal_globals_id zend_signal_globals_id_dummy
 #define zend_signal_globals_offset zend_signal_globals_offset_dummy
+#define zend_signal_handler_unblock zend_signal_handler_unblock_dummy
 #include <Zend/zend.h>
 #undef zend_signal_globals_id
 #undef zend_signal_globals_offset
+#undef zend_signal_handler_unblock
 #include "ddtrace.h"
 
 #if ZTS
@@ -18,6 +20,8 @@ extern __attribute__((weak, weak_import)) size_t zend_signal_globals_offset;
 __attribute__((weak)) int zend_signal_globals_id;
 __attribute__((weak)) size_t zend_signal_globals_offset;
 #endif
+
+__attribute__((weak)) void zend_signal_handler_unblock(void);
 #endif
 
 HashTable ddtrace_tls_bases; // map thread id to TSRMLS_CACHE

From f5c5729bdef259ed801bee949ac38b0217b8451b Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Mon, 14 Oct 2024 17:44:02 +0200
Subject: [PATCH 05/12] Fix crash with missing name in span in debug mode
 (#2893)

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
---
 ext/serializer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/serializer.c b/ext/serializer.c
index aa82bd9d62..805a377735 100644
--- a/ext/serializer.c
+++ b/ext/serializer.c
@@ -1752,7 +1752,7 @@ void ddtrace_serialize_span_to_array(ddtrace_span_data *span, zval *array) {
         prop_name = zend_hash_str_find(Z_ARR_P(el), ZEND_STRL("name")); // refetch, array may have been rehashed
         log("Encoding span %" PRIu64 ": trace_id=%s, name='%s', service='%s', resource: '%s', type '%s' with tags: %s; and metrics: %s",
             span->span_id,
-            Z_STRVAL(span->root->property_trace_id), Z_TYPE_P(prop_name) == IS_STRING ? Z_STRVAL_P(prop_name) : "",
+            Z_STRVAL(span->root->property_trace_id), prop_name && Z_TYPE_P(prop_name) == IS_STRING ? Z_STRVAL_P(prop_name) : "",
             Z_TYPE(prop_service_as_string) == IS_STRING ? Z_STRVAL(prop_service_as_string) : "",
             Z_TYPE(prop_resource_as_string) == IS_STRING ? Z_STRVAL(prop_resource_as_string) : "",
             Z_TYPE(prop_type_as_string) == IS_STRING ? Z_STRVAL(prop_type_as_string) : "",

From 3f3547dc7d60b86a6f7dcccc46f5173b6edc8cd7 Mon Sep 17 00:00:00 2001
From: Anil Mahtani <929854+Anilm3@users.noreply.github.com>
Date: Wed, 16 Oct 2024 12:27:33 +0100
Subject: [PATCH 06/12] [ASM] Update event obfuscation regex (#2897)

---
 appsec/src/extension/configuration.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h
index d4b4838419..57bb633253 100644
--- a/appsec/src/extension/configuration.h
+++ b/appsec/src/extension/configuration.h
@@ -21,11 +21,10 @@ extern bool runtime_config_first_init;
 
 // clang-format off
 #define DEFAULT_OBFUSCATOR_KEY_REGEX                                           \
-    "(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization"
+    "(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\\.net[_-]sessionid|sid|jwt"
 
 #define DEFAULT_OBFUSCATOR_VALUE_REGEX                                         \
-    "(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\\s*=[^;]|\"\\s*:\\s*\"[^\"]+\")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}"
-// clang-format on
+    "(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=[^;]|\"\\s*:\\s*\"[^\"]+\")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}"
 
 #define DD_BASE(path) "/opt/datadog-php/"
 

From ed256f3fc2ee784b98995a593d172862b10f3eca Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Thu, 17 Oct 2024 18:35:24 +0200
Subject: [PATCH 07/12] Fix exception property offset computation for PHP 8.1+
 (#2901)

They're shared across all inheritors on PHP 8.1+ and thus only need to be incremented on the specific ce.

This issue arises when a property from an inherited internal class extending Exception is itself inherited by another class.

Also fix an accidentally discovered use-after-free with peer.service.

Fixes #2898.

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
---
 ext/handlers_exception.c | 11 +++++++++--
 ext/serializer.c         |  4 ++--
 libdatadog               |  2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/ext/handlers_exception.c b/ext/handlers_exception.c
index 17a4e0ec5e..fd5827bfdf 100644
--- a/ext/handlers_exception.c
+++ b/ext/handlers_exception.c
@@ -546,8 +546,15 @@ void ddtrace_exception_handlers_startup(void) {
 
                     zend_property_info *property_info;
                     ZEND_HASH_MAP_FOREACH_PTR(&ce->properties_info, property_info) {
-                        if (property_info->offset >= parent_info->offset && property_info->ce != base_ce && (property_info->flags & ZEND_ACC_STATIC) == 0) {
-                            property_info->offset += sizeof(zval);
+                        if (property_info->offset >= parent_info->offset && (property_info->flags & ZEND_ACC_STATIC) == 0) {
+#if PHP_VERSION_ID >= 80100
+                            if (property_info->ce == ce)
+#else
+                            if (property_info->ce != base_ce)
+#endif
+                            {
+                                property_info->offset += sizeof(zval);
+                            }
                         }
                     } ZEND_HASH_FOREACH_END();
 
diff --git a/ext/serializer.c b/ext/serializer.c
index 805a377735..173a87dd3b 100644
--- a/ext/serializer.c
+++ b/ext/serializer.c
@@ -1236,9 +1236,9 @@ static void _serialize_meta(zval *el, ddtrace_span_data *span, zend_string *serv
                 if (Z_TYPE_P(tag) == IS_STRING) { // Use the first tag that is found in the span, if any
                     zval *peer_service = zend_hash_find(Z_ARRVAL_P(meta), Z_STR_P(tag));
                     if (peer_service && Z_TYPE_P(peer_service) == IS_STRING) {
-                        add_assoc_str(meta, "_dd.peer.service.source", zend_string_copy(Z_STR_P(tag)));
-
                         zend_string *peer = zval_get_string(peer_service);
+
+                        add_assoc_str(meta, "_dd.peer.service.source", zend_string_copy(Z_STR_P(tag)));
                         if (!dd_set_mapped_peer_service(meta, peer)) {
                             add_assoc_str(meta, "peer.service", peer);
                         }
diff --git a/libdatadog b/libdatadog
index 356f76a818..2820fd0761 160000
--- a/libdatadog
+++ b/libdatadog
@@ -1 +1 @@
-Subproject commit 356f76a818d164c954d2a09e54e2e8c41537a053
+Subproject commit 2820fd07617fed238d21da99ba7da3d3712a95f5

From 8f7175ec2d38e81c610f852ca30e6c00c6abf129 Mon Sep 17 00:00:00 2001
From: Alexandre Choura <42672104+PROFeNoM@users.noreply.github.com>
Date: Fri, 18 Oct 2024 11:05:26 +0200
Subject: [PATCH 08/12] fix: Prevent Laravel Queue hooks from stacking up
 (#2899)

---
 .../LaravelQueue/LaravelQueueIntegration.php    | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/DDTrace/Integrations/LaravelQueue/LaravelQueueIntegration.php b/src/DDTrace/Integrations/LaravelQueue/LaravelQueueIntegration.php
index a762432bfe..503458baf8 100644
--- a/src/DDTrace/Integrations/LaravelQueue/LaravelQueueIntegration.php
+++ b/src/DDTrace/Integrations/LaravelQueue/LaravelQueueIntegration.php
@@ -150,11 +150,11 @@ function ($worker, $scope, $args, $retval) use ($integration) {
             ]
         );
 
-        hook_method(
-            'Illuminate\Queue\Jobs\Job',
-            'fire',
-            function ($job, $scope, $args) use ($integration) {
-                $payload = $job->payload();
+        install_hook(
+            'Illuminate\Queue\Jobs\Job::fire',
+            function (HookData $fireHook) use ($integration) {
+                /** @var \Illuminate\Queue\Jobs\Job $this */
+                $payload = $this->payload();
                 list($class, $method) = JobName::parse($payload['job']);
 
                 if ($class == 'Illuminate\\Queue\\CallQueuedHandler') {
@@ -162,9 +162,9 @@ function ($job, $scope, $args) use ($integration) {
                     $method = 'handle';
                 }
 
-                install_hook(
+                $fireHook->data['id'] = install_hook(
                     "$class::$method",
-                    function (HookData $hook) use ($integration, $class, $method) {
+                    function (HookData $hook) use ($integration, $class, $method, $fireHook) {
                         $span = $hook->span();
                         $span->name = 'laravel.queue.action';
                         $span->type = 'queue';
@@ -191,6 +191,9 @@ function (HookData $hook) use ($integration, $class, $method) {
                         remove_hook($hook->id);
                     }
                 );
+            },
+            function (HookData $fireHook) {
+                remove_hook($fireHook->data['id']);
             }
         );
 

From aec4aed93f71f2ba757ecc7f69caff90ab4d54c9 Mon Sep 17 00:00:00 2001
From: Gustavo Lopes <mail@geleia.net>
Date: Thu, 17 Oct 2024 11:38:54 +0100
Subject: [PATCH 09/12] Fix abort() call on appsec helper unload

runner was living too long (until shared library unload) due to a static
shared pointer used for RC notifications. Plus, the destructor would
have a call to shared_for_this(), which would try to revive the shared
pointer being destroyed, which raise an exception due to there being no
shared pointer anymore. We would catch this and abort().

Instead, destroy the runner earlier (when its own thread finishes).
Reset the static shared pointer just before that.
---
 appsec/src/helper/main.cpp   |  2 ++
 appsec/src/helper/runner.cpp | 12 ++++++++----
 appsec/src/helper/runner.hpp |  4 +++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/appsec/src/helper/main.cpp b/appsec/src/helper/main.cpp
index 68a8f69166..36f74360c1 100644
--- a/appsec/src/helper/main.cpp
+++ b/appsec/src/helper/main.cpp
@@ -125,6 +125,8 @@ int appsec_helper_main_impl()
 
         runner->run();
 
+        runner->unregister_for_rc_notifications();
+
         finished.store(true, std::memory_order_release);
     }};
     thread_id = thr.native_handle();
diff --git a/appsec/src/helper/runner.cpp b/appsec/src/helper/runner.cpp
index dee62304fd..8567db2a11 100644
--- a/appsec/src/helper/runner.cpp
+++ b/appsec/src/helper/runner.cpp
@@ -123,7 +123,7 @@ void runner::register_for_rc_notifications()
                 std::atomic_load(&RUNNER_FOR_NOTIFICATIONS);
             if (!runner) {
                 // NOLINTNEXTLINE(bugprone-lambda-function-name)
-                SPDLOG_ERROR("No runner to notify of remote config updates");
+                SPDLOG_WARN("No runner to notify of remote config updates");
                 ddog_remote_config_path_free(path);
                 return;
             }
@@ -136,15 +136,19 @@ void runner::register_for_rc_notifications()
         });
 }
 
-runner::~runner() noexcept
+void runner::unregister_for_rc_notifications()
 {
+    SPDLOG_INFO("Unregister runner for RC update callback");
     try {
         std::shared_ptr<runner> expected = shared_from_this();
         std::atomic_compare_exchange_strong(&RUNNER_FOR_NOTIFICATIONS,
             &expected, std::shared_ptr<runner>(nullptr));
     } catch (...) {
-        // can only happened if there is no shared_ptr for the runner
-        // in this case a std::bad_weak_ptr is thrown
+        // can only happen if there is no shared_ptr for the runner
+        // in this case a std::bad_weak_ptr is thrown.
+        // But we only expose runner through a shared pointer, so this would
+        // require extraordinary actions to destroy the shared pointer but not
+        // the object.
         std::abort();
     }
 }
diff --git a/appsec/src/helper/runner.hpp b/appsec/src/helper/runner.hpp
index 2c495b3910..b11b217a9f 100644
--- a/appsec/src/helper/runner.hpp
+++ b/appsec/src/helper/runner.hpp
@@ -26,7 +26,7 @@ class runner : public std::enable_shared_from_this<runner> {
     runner &operator=(const runner &) = delete;
     runner(runner &&) = delete;
     runner &operator=(runner &&) = delete;
-    ~runner() noexcept;
+    ~runner() = default;
 
     static void resolve_symbols();
 
@@ -34,6 +34,8 @@ class runner : public std::enable_shared_from_this<runner> {
 
     void register_for_rc_notifications();
 
+    void unregister_for_rc_notifications();
+
     [[nodiscard]] bool interrupted() const
     {
         return interrupted_.load(std::memory_order_acquire);

From 5b44290de1c48c7145d373f9d4da8bd02c9dc06d Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Fri, 18 Oct 2024 23:53:29 +0200
Subject: [PATCH 10/12] Disable sidecar sending on lambda (#2904)

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
---
 ext/configuration.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ext/configuration.c b/ext/configuration.c
index ab51b810e6..ef65e52877 100644
--- a/ext/configuration.c
+++ b/ext/configuration.c
@@ -180,6 +180,13 @@ bool ddtrace_config_minit(int module_number) {
         config_entries[DDTRACE_CONFIG_DD_TRACE_AUTO_FLUSH_ENABLED].default_encoded_value = (zai_str) ZAI_STR_FROM_CSTR("true");
     }
 
+#ifndef _WIN32
+    // Sidecar is currently broken - no traces sent. Investigation pending, background sender just works though.
+    if (getenv("AWS_LAMBDA_FUNCTION_NAME")) {
+        config_entries[DDTRACE_CONFIG_DD_TRACE_SIDECAR_TRACE_SENDER].default_encoded_value = (zai_str) ZAI_STR_FROM_CSTR("false");
+    }
+#endif
+
     if (!zai_config_minit(config_entries, (sizeof config_entries / sizeof *config_entries), dd_ini_env_to_ini_name,
                           module_number)) {
         ddtrace_log_ginit();

From 46173ca1cd644671708818eda2131e110687e7ff Mon Sep 17 00:00:00 2001
From: Florian Engelhardt <florian.engelhardt@datadoghq.com>
Date: Mon, 21 Oct 2024 10:02:46 +0200
Subject: [PATCH 11/12] ci(profiling) fix actions cache (#2894)

* fix actions cache

* bump versions

* bump versions
---
 .github/workflows/prof_asan.yml        |  9 ++++-----
 .github/workflows/prof_correctness.yml | 12 ++++++------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/prof_asan.yml b/.github/workflows/prof_asan.yml
index 6fb4cb4a81..77e9ea4c7d 100644
--- a/.github/workflows/prof_asan.yml
+++ b/.github/workflows/prof_asan.yml
@@ -13,13 +13,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 1
           submodules: true
 
       - name: Restore build cache
-        uses: actions/cache/restore@v3
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -45,7 +45,7 @@ jobs:
           cp -v "$CARGO_TARGET_DIR/$triplet/release/libdatadog_php_profiling.so" "$(php-config --extension-dir)/datadog-profiling.so"
 
       - name: Cache build dependencies
-        uses: actions/cache/save@v3
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -69,4 +69,3 @@ jobs:
           cd profiling/tests
           cp -v $(php-config --prefix)/lib/php/build/run-tests.php .
           php run-tests.php --show-diff --asan -d extension=datadog-profiling.so phpt
-
diff --git a/.github/workflows/prof_correctness.yml b/.github/workflows/prof_correctness.yml
index 43c31e941b..2cc777a570 100644
--- a/.github/workflows/prof_correctness.yml
+++ b/.github/workflows/prof_correctness.yml
@@ -18,9 +18,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 1
           submodules: true
 
       - name: Setup PHP
@@ -32,7 +32,7 @@ jobs:
           phpts: ${{ matrix.phpts }}
 
       - name: Restore build cache
-        uses: actions/cache/restore@v3
+        uses: actions/cache/restore@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -40,7 +40,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-versions }}-${{ matrix.phpts }}
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-version }}-${{ matrix.phpts }}
 
       - name: Build profiler
         run: |
@@ -57,7 +57,7 @@ jobs:
           cargo rustc --features="trigger_time_sample" --release --crate-type=cdylib
 
       - name: Cache build dependencies
-        uses: actions/cache/save@v3
+        uses: actions/cache/save@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -65,7 +65,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-versions }}-${{ matrix.phpts }}
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-version }}-${{ matrix.phpts }}
 
       - name: Run no profile test
         run: |

From b7a0f6ff7ad3b68c9cff0967791ec4d3ed837e90 Mon Sep 17 00:00:00 2001
From: Bob Weinand <bob.weinand@datadoghq.com>
Date: Mon, 21 Oct 2024 20:23:56 +0200
Subject: [PATCH 12/12] Fix a possible crash in zai config (#2906)

We might leave a dangling pointer when we update orig_value, but not an identical value.

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>
---
 Makefile                                    |  2 +-
 zend_abstract_interface/config/config_ini.c | 33 +++++++++++----------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index a14c38532c..158f01ed60 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ RUN_TESTS_CMD := REPORT_EXIT_STATUS=1 TEST_PHP_SRCDIR=$(PROJECT_ROOT) USE_TRACKE
 
 C_FILES = $(shell find components components-rs ext src/dogstatsd zend_abstract_interface -name '*.c' -o -name '*.h' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
 TEST_FILES = $(shell find tests/ext -name '*.php*' -o -name '*.inc' -o -name '*.json' -o -name 'CONFLICTS' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
-RUST_FILES = $(BUILD_DIR)/Cargo.toml $(shell find components-rs -name '*.c' -o -name '*.rs' -o -name 'Cargo.toml' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' ) $(shell find libdatadog/{alloc,build-common,crashtracker,crashtracker-ffi,ddcommon,ddcommon-ffi,ddsketch,ddtelemetry,ddtelemetry-ffi,dogstatsd-client,dynamic-configuration,ipc,live-debugger,live-debugger-ffi,remote-config,sidecar,sidecar-ffi,spawn_worker,tinybytes,tools/{cc_utils,sidecar_mockgen},trace-*,Cargo.toml} -type f \( -path "*/src*" -o -path "*/examples*" -o -path "*Cargo.toml" -o -path "*/build.rs" -o -path "*/tests/dataservice.rs" -o -path "*/tests/service_functional.rs" \) -not -path "*/ipc/build.rs" -not -path "*/sidecar-ffi/build.rs")
+RUST_FILES = $(BUILD_DIR)/Cargo.toml $(BUILD_DIR)/Cargo.lock $(shell find components-rs -name '*.c' -o -name '*.rs' -o -name 'Cargo.toml' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' ) $(shell find libdatadog/{alloc,build-common,crashtracker,crashtracker-ffi,ddcommon,ddcommon-ffi,ddsketch,ddtelemetry,ddtelemetry-ffi,dogstatsd-client,dynamic-configuration,ipc,live-debugger,live-debugger-ffi,remote-config,sidecar,sidecar-ffi,spawn_worker,tinybytes,tools/{cc_utils,sidecar_mockgen},trace-*,Cargo.toml} -type f \( -path "*/src*" -o -path "*/examples*" -o -path "*Cargo.toml" -o -path "*/build.rs" -o -path "*/tests/dataservice.rs" -o -path "*/tests/service_functional.rs" \) -not -path "*/ipc/build.rs" -not -path "*/sidecar-ffi/build.rs")
 ALL_OBJECT_FILES = $(C_FILES) $(RUST_FILES) $(BUILD_DIR)/Makefile
 TEST_OPCACHE_FILES = $(shell find tests/opcache -name '*.php*' -o -name '.gitkeep' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
 TEST_STUB_FILES = $(shell find tests/ext -type d -name 'stubs' -exec find '{}' -type f \; | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
diff --git a/zend_abstract_interface/config/config_ini.c b/zend_abstract_interface/config/config_ini.c
index 7b2f48d750..7de98dc5fc 100644
--- a/zend_abstract_interface/config/config_ini.c
+++ b/zend_abstract_interface/config/config_ini.c
@@ -81,7 +81,7 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
                 }
                 zai_json_dtor_pzval(&new_zv);
 
-                parsed_ini_value = zend_string_copy(ini_str);
+                parsed_ini_value = ini_str;
                 name_index = i;
                 break;
             }
@@ -93,7 +93,7 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
 
     for (int16_t i = 0; i < ini_count; ++i) {
         if (entries[i]->modified && !runtime_value && (is_minit || entries[i]->modifiable == PHP_INI_SYSTEM)) {
-            runtime_value = zend_string_copy(entries[i]->value);
+            runtime_value = entries[i]->value;
         }
         zval *inizv = cfg_get_entry(ZSTR_VAL(entries[i]->name), ZSTR_LEN(entries[i]->name));
         if (inizv != NULL && !parsed_ini_value) {
@@ -105,7 +105,7 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
             }
             zai_json_dtor_pzval(&new_zv);
 
-            parsed_ini_value = zend_string_copy(Z_STR_P(inizv));
+            parsed_ini_value = Z_STR_P(inizv);
             name_index = i;
             break;
         }
@@ -123,19 +123,27 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
                 continue;
             }
 
-            zend_string **target = entries[i]->modified ? &entries[i]->orig_value : &entries[i]->value;
+            zend_string *new_value = NULL;
             if (i > 0) {
-                zend_string_release(*target);
-                *target = zend_string_copy(entries[0]->modified ? entries[0]->orig_value : entries[0]->value);
+                new_value = zend_string_copy(entries[0]->modified ? entries[0]->orig_value : entries[0]->value);
             } else if (zai_option_str_is_some(*buf)) {
-                zend_string_release(*target);
-                *target = zend_string_init(buf->ptr, buf->len, 1);
+                new_value = zend_string_init(buf->ptr, buf->len, 1);
             } else if (parsed_ini_value != NULL) {
+                new_value = zend_string_copy(parsed_ini_value);
+            }
+            if (new_value) {
+                zend_string **target = entries[i]->modified ? &entries[i]->orig_value : &entries[i]->value;
                 zend_string_release(*target);
-                *target = zend_string_copy(parsed_ini_value);
+                if (entries[i]->modified && entries[i]->orig_value == entries[i]->value) {
+                    // Handle edge case where a value was previously attempted to be modified, but on_modify failed.
+                    // In that case orig_value == value, but without a refcount increase. Update it to avoid running into a use after free.
+                    entries[i]->value = new_value;
+                }
+                *target = new_value;
             }
 
             if (runtime_value) {
+                new_value = zend_string_copy(runtime_value);
                 if (entries[i]->modified) {
                     if (entries[i]->value != entries[i]->orig_value) {
                         zend_string_release(entries[i]->value);
@@ -146,7 +154,7 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
                     entries[i]->orig_modifiable = entries[i]->modifiable;
                     zend_hash_add_ptr(EG(modified_ini_directives), entries[i]->name, entries[i]);
                 }
-                entries[i]->value = zend_string_copy(runtime_value);
+                entries[i]->value = new_value;
             }
         }
     }
@@ -154,16 +162,11 @@ int16_t zai_config_initialize_ini_value(zend_ini_entry **entries,
     if (runtime_value) {
         buf->ptr = ZSTR_VAL(runtime_value);
         buf->len = ZSTR_LEN(runtime_value);
-        zend_string_release(runtime_value);
     } else if (parsed_ini_value && zai_option_str_is_none(*buf)) {
         buf->ptr = ZSTR_VAL(parsed_ini_value);
         buf->len = ZSTR_LEN(parsed_ini_value);
     }
 
-    if (parsed_ini_value) {
-        zend_string_release(parsed_ini_value);
-    }
-
 #if ZTS
 #ifndef _WIN32
     pthread_rwlock_unlock(&lock_ini_init_rw);