deps: npm dev dependencies (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
datadog-lambda-js	6.89.0 -> 7.96.0
dd-trace	3.28.0 -> 4.11.1

---

Release Notes

DataDog/dd-trace-js (dd-trace)

v4.11.1

Compare Source

Bug Fixes

• update import-in-the-middle to 1.4.2 (#​3511)

v4.11.0

Compare Source

Bug Fixes

• core: fix flush interval in serverless environments other than aws lambda (#​3462)
• http2: fix error in http2 plugin when instrumented mid-request (#​3488), fixes #​3451

Improvements

• pg: add option to truncate query (#​3487)

Features

• core: add support for configuring tracing client using remote configuration (#​3395)

v4.10.0

Compare Source

Features

• Use naming schema for http, http2, next, fetch, couchbase

v4.9.0: 4.9.0

Compare Source

Bug Fixes

• appsec: fix blank usr.id field being reported (#​3442)
• appsec: fix DD_TRACE_CLIENT_IP_ENABLED option having no effect (#​3442)
• core: fix broken distributed tracing when uninstrumented services use w3c propagation (#​3463)
• esbuild: fix instrumentation of internal modules in supported packages (#​3448)
• fetch: fix disable option not having any effect (#​3460)
• fetch: fix distributed tracing when existing headers are set (#​3449), fixes #​3443
• jest: fix broken shard option when skipping tests (#​3452)
• mongodb: fix support for queries containing objects that can be stringified (#​3417), thanks @​ghost91-!

Improvements

• iast: add exclusions for weak hash vulnerabilities (#​3424)
• serverless: add support for azure environments using the consumption plan (#​3200)

v4.8.1

Compare Source

Features

None, this is a patch release

Enhancements

None, this is a patch release

Bug fixes

• serverless: feat: add the lib/core file which each client lib imports directly, s… (#​3434)
• apm: fix fetch integration leaking its async context (#​3438)
• ci-visibility: Fix cache issues with jest and CI Visibility (#​3445)
• tracing: fix incorrect value for fetch method tag (#​3447)

v4.8.0

Compare Source

Features

• profiling: Associate tracing span IDs with samples in the wall profiler (#​3371)
• iast: Taint request URI (#​3302)
• iast: Detect missing header vulnerabilities (#​3269)
• graphql: implement naming schema for graphql plugin (#​3279)

Enhancements

• openai: be defensive about response object shape (#​3408)
• tracing: Ensure OTel span name is copied to resource.name (#​3412)
• config: Fix service representation config (#​3419)
• couchbase: Re-enable Couchbase testing (#​3265)
• ci: Add BITBUCKET_GIT_HTTP_ORIGIN env variable (#​3401)

Bug fixes

• serverless: Handle case where Lambda handler is using callbacks instead of promises (#​3404)
• ci-visibility: Do not modify how jest reports timeouts (#​3399)
• profiling: Allow https datadog agent url in continuous profiling (#​3190)
• tracing: Fix distributed tracing issue caused by single span ingestion changes (#​3413)
• tracing: Make datadog distributed tracing header take priority over tracecontext (#​3414)
• tracing: Exclude empty telemetry metrics (#​3421)
• openai: make services entirely optional when initializing (#​3420)

v4.7.0

Compare Source

Features

• profiling: Adapt to new pprof-nodejs API (#​3368)
• iast: Report IAST metrics via telemetry (#​2805)
• ci-visibility: Change test.type in browser tests (#​3358)

Bug Fixes

• ci-visibility: Intelligent test runner: only report skipped flag if tests were actually skipped (#​3369)
• tracer: add dc store binding polyfill and migrate http2 (#​3284)
• tracer: grpc: Convert grpc to use tracing channel (#​3366)
• ci-visibility: validate CI tags before sending them (#​3310)
• tracer: express: recognize regex with flags (#​3301)

v4.6.0

Compare Source

Improvements

• core/redis: peer service extract host and port (#​3345)
• core/kafka: extract bootstrap servers from producers and use for peer.service (#​3344)
• build: update CI parametric tests (#​3342)

Bug Fixes

• core/openai: do not crash when dogstatsd not configured (#​3361)
• build: increase log benchmark iterations 10x

v4.5.0

Compare Source

Features

• core/kafka: add support for data stream monitoring for kafkajs (#​3092)

Improvements

• build: update docker compose mssql (#​3324)
• core/mongodb: expose peer.service (#​3303)
• core/rdbms: add precursors and test for peer.service calculation (#​3299)
• core/grpc: add peer.service precursor for gprc client (#​3297)
• core/elasticsearch+opensearch: extract connection host for peer.service (#​3309)
• core/cassandra: extract contact points and use for peer.service (#​3326)
• core: use env var to provide consistent service names in naming schema v0 (#​3305)
• core: extract peer service from aws sdk (#​3338)
• core/grpc: service representation naming (#​3327)
• profiling: add support for standard profiling env variables (#​3291)
• ci-visibility: dogfood CI Visibility with integration tests (#​3321)
• ci-visibility: add validation for git metadata env vars (#​3325)
• ci-visibility: improve git unshallow process (#​3335)
• core: add distributions to instrumentation telemetry (#​3341)

Bug Fixes

• core: support latest aws-sdk (#​3336)
• core/openai: make request body parsing more defensive (#​3339)
• core/database: no longer use _tracerConfig (#​3340)

v4.4.0

Compare Source

Features

• core: add instrumentation for the openai package (#​3155)
• waf: automated user events (#​3205)
• ci-visibility: support CI Visibility's manual API (#​3202)
• core: telemetry metrics for OTel (#​3259)

Improvements

• core/service naming: peer service computation (#​3177)
• core/service naming: apply service naming workflow to databases (#​3256)
• core/service naming: make http server plugins ServerPlugins (#​3261)
• core/service naming: moleculer - service naming (#​3281)
• core/service naming: move next plugin to ServerPlugin (#​3287)
• iast: taint express route parameters (#​3187)
• profiling: enable by default export of a last heap profile when Node.js runs out of heap memory (#​3292)
• ci-visibility: more verbose logging for git upload (#​3251)

Bug Fixes

• pg: retain prototype when injecting DBM comment (#​3307)
• build: fix s3 package upload (#​3218)
• pg: update error string comparison in test (#​3295)

v4.3.0

Compare Source

Features

• iast: Unvalidated redirect analyzer (#​3204)
• tracer: Tedious - service naming (#​3061)
• tracer: MySQL databases - service naming (#​3057)
• iast: Taint cookies and headers (#​3232)
• iast: No HttpOnly vulnerability detection (#​3228)
• iast: No SameSite cookie vulnerability detection (#​3246)
• tracer: add external log writer (#​3201)
• tracer: Auto-instrument @​opentelemetry/sdk-trace-node (#​3248)
• tracer: add support for global fetch (#​3258)

Improvements

• tracer: make tracer config available to plugins (#​3235)
• iast: Add _dd.iast.enabled=1 metric out of request vulnerabilities tags (#​3231)
• ci-visibility: Better git commands (#​3236)
• tracer: Add test in shimmer wrap to preserve function name (#​3237)
• tracer: add environment variable to disable instrumentations completely (#​3234)
• profiling: Add debug log listing found source maps (#​3242)

Bug Fixes

• ci-visibility: Fix agentless exporter test (#​3241)
• ci-visibility: Fix windows tracing test (#​3243)
• tracer: fix grpc custom errors not being reported (#​3230)
• tracer: Disable metrics.spec.js tests for windows (#​3250)
• ci-visibility: Use correct repository URL for git metadata upload (#​3253)
• ci-visibility: Fix random cypress integration tests timeouts (#​3255)
• iast: Check store has value before use it (#​3257)
• tracer: Fix setup in integration tests (#​3254)

v4.2.0

Compare Source

Features

• tracer: OTel SDK (#​2498) (#​3233)
• iast: Add exclusions for weak hash vulnerabilities (#​3223)

Fixes

• ci-visibility: [ci-visibility] Fix after and afterEach hooks in Cypress (#​3214)

v4.1.1

Compare Source

Bug Fixes

• pg: do not throw when query contains getter (#​3212)
• esbuild: graceful continue when bundling dead code (#​3215)

Improvements

• express: improve express regex middleware path parsing (#​3203)
• core: include send-data missing headers and organize telemetry config variables (#​3055)
• ci: add ability to create and publish .deb and .rpm packages (#​3189)

v4.1.0: 4.1.0

Compare Source

Features

• waf: Support RC custom rules (#​3126)
• waf: Update blocking page and status from RC (#​3195)
• iast: Detect SSRF vulnerabilities (#​3115)
• iast: Detect Insecure cookie vulnerabilities (#​3184)

Improvements

• profiling: Use process as default strategy for oom export (#​3136)
• tracer: Service Naming API (#​3161, #​2941, #​2961)
• tracer: Cache integrations - Service Naming (#​3056)
• tracer: More beautiful debug logs (#​3171)
• tracer: postgres: DBM full service fallback w/ prepared statements (#​3186)
• tracer: Make HTTP clients fit in the plugin hierarchy (#​3178)
• ci-visibility: Extract code coverage from cypress (#​3159)
• ci-visibility: Change gitlab's pipeline URL extraction (#​3183)
• ci-visibility: Test skipping logic for cypress (#​3167)
• waf: Update AppSec blocking templates (#​3181)
• waf: Update AppSec rules to 1.7.1 (#​3185)
• iast: Detect SQL injection with sequelize (#​3154)

Bug Fixes

• iast: Fix evidence redaction (#​3160)
• iast: Fix path traversal vulnerability detection on close file (#​3172)
• ci-visibility: Fix cucumber parallel mode (#​3156)
• ci-visibility: Remove git.properties error log (#​3179)
• ci-visibility: Fix playwright@1.30.0 (#​3180)
• waf: Fix ASM_DD batch update (#​3165)

v4.0.0: 4.0.0

Compare Source

Breaking Changes

More information about the breaking changes from this release can be found in
the migration guide.

• ci-visibility: drop support for jest-jasmine2 (#​3046)
• core: drop support for Node 14 (#​3140)
• core: remove orphanable options (#​3077, #​3133)
• next: drop support for next <10.2 (#​3107)

Features

• ci-visibility: add support for CodeFresh (#​3120)
• source-code-integration: add support for embedding commit hash and repository url (#​3118, #​3135)

Improvements

• ci-visibility: add additional labels to some CI providers (#​3120)
• http/http2: update integration to report outgoing host information (#​3031)
• iast: redact potentially sensitive data from vulnerability evidence (#​3117)
• profiling: remove experimental interrupt callback strategy from OOM heap profiler (#​3004)

Bug Fixes

• ci-visibility: fix test skipping logic for intelligent test runner (#​3130)
• iast: fix reporting whether the feature is enabled or disabled (#​3138)
• iast: fix whitespaces redaction being reported by command sensitive analyzer (#​3134)
• iast: fix internal fs calls reporting path traversal vulnerabilities (#​3127)
• profiling: fix segmentation fault when using worker threads (#​3124)

v3.32.1

Compare Source

Bug Fixes

• update import-in-the-middle to 1.4.2 (#​3511)

v3.32.0

Compare Source

Bug Fixes

• core: fix flush interval in serverless environments other than aws lambda (#​3462)
• http2: fix error in http2 plugin when instrumented mid-request (#​3488), fixes #​3451

Improvements

• pg: add option to truncate query (#​3487)

Features

• core: add support for configuring tracing client using remote configuration (#​3395)

v3.31.0

Compare Source

Features

• Use naming schema for http, http2, next, fetch, couchbase

v3.30.0: 3.30.0

Compare Source

Bug Fixes

• appsec: fix blank usr.id field being reported (#​3442)
• appsec: fix DD_TRACE_CLIENT_IP_ENABLED option having no effect (#​3442)
• core: fix broken distributed tracing when uninstrumented services use w3c propagation (#​3463)
• esbuild: fix instrumentation of internal modules in supported packages (#​3448)
• fetch: fix disable option not having any effect (#​3460)
• fetch: fix distributed tracing when existing headers are set (#​3449), fixes #​3443
• jest: fix broken shard option when skipping tests (#​3452)
• mongodb: fix support for queries containing objects that can be stringified (#​3417), thanks @​ghost91-!

Improvements

• iast: add exclusions for weak hash vulnerabilities (#​3424)
• serverless: add support for azure environments using the consumption plan (#​3200)

v3.29.1

Compare Source

Features

None, this is a patch release

Enhancements

None, this is a patch release

Bug fixes

• serverless: feat: add the lib/core file which each client lib imports directly, s… (#​3434)
• apm: fix fetch integration leaking its async context (#​3438)
• ci-visibility: Fix cache issues with jest and CI Visibility (#​3445)
• tracing: fix incorrect value for fetch method tag (#​3447)

v3.29.0

Compare Source

Features

• profiling: Associate tracing span IDs with samples in the wall profiler (#​3371)
• iast: Taint request URI (#​3302)
• iast: Detect missing header vulnerabilities (#​3269)
• graphql: implement naming schema for graphql plugin (#​3279)

Enhancements

• openai: be defensive about response object shape (#​3408)
• tracing: Ensure OTel span name is copied to resource.name (#​3412)
• config: Fix service representation config (#​3419)
• couchbase: Re-enable Couchbase testing (#​3265)
• ci: Add BITBUCKET_GIT_HTTP_ORIGIN env variable (#​3401)

Bug fixes

• serverless: Handle case where Lambda handler is using callbacks instead of promises (#​3404)
• ci-visibility: Do not modify how jest reports timeouts (#​3399)
• profiling: Allow https datadog agent url in continuous profiling (#​3190)
• tracing: Fix distributed tracing issue caused by single span ingestion changes (#​3413)
• tracing: Make datadog distributed tracing header take priority over tracecontext (#​3414)
• tracing: Exclude empty telemetry metrics (#​3421)
• openai: make services entirely optional when initializing (#​3420)

---

Configuration

📅 Schedule: Branch creation - "after 3:00 am and before 6:00 am every 2 weeks on Tuesday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.