v4.53.0 proposal #5030
Merged
v4.53.0 proposal #5030
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* WIP * Disable vuln deduplication in OCE test * Test vuln deduplication on the fly * Skip vuln dedup in multiple sends test * Fix lint issues * Remove multiple send test * Move on the fly span creation for vulns out of req to addVulnerability method * Move finish out-of-request span * Update packages/dd-trace/src/appsec/iast/vulnerability-reporter.js Co-authored-by: Igor Unanua <[email protected]> --------- Co-authored-by: Igor Unanua <[email protected]>
* fix(config): test for completeness of config telemetry * fully case sensitive checks * handle blocked key prefixes * handle aggregation and nodejs specific rules * Update to latest config rules * Run eslint * Apply new config mappings * revert .gitignore * Update config_norm_rules.json
* remove try catch from iast plugin * fix linter
* remove query from http end translator * add nextjs comment * fix typo
* fix next esm tests installing wrong version of react * ignore prereleases when installing test peer dependencies
* modernize eslint config
* Switch from the old eslintrc format to the newer format via:
`npx @eslint/migrate-config .eslintrc.json`
* ECMAScript version is now set at 2022, in line with code supported in
Node.js 16. This is needed for a bunch of ESM syntax like top-level
await.
* Fixes:
* ESM files are now covered.
* Test globals and other test-specific config are now isolated to
tests.
* text_map.js has an invalid switch case. Fixed that in what I
thought was the most reasonable way.
* replace max-len with @stylistic/js/max-len
* switch to stylistic for other rules
* update LICENSE-3rdparty.csv
* review feedback applied
The folder `benchmark/profiler` contained benchmark code for the Profiler. However, it hasn't been used in a while and is currently broken. Deleting to avoid confusion.
Co-authored-by: William Conti <[email protected]> Co-authored-by: simon-id <[email protected]>
* Upgrade iast rewriter version to 2.6.1 * fix nanoid version
* Add some checks to avoid runtime errors * check span * linter
* enable crashtracking by default outside of ssi * update libdatadog
BenchmarksBenchmark execution time: 2024-12-18 21:57:12 Comparing candidate commit c82a7f2 in PR branch Found 2 performance improvements and 0 performance regressions! Performance is the same for 1046 metrics, 16 unstable metrics. scenario:appsec-iast-with-vulnerability-iast-enabled-always-active-22
scenario:encoders-0.4-18
|
Overall package sizeSelf size: 8.38 MB Dependency sizes| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.3.0 | 29.43 MB | 29.43 MB | | @datadog/native-appsec | 8.3.0 | 19.37 MB | 19.38 MB | | @datadog/native-iast-taint-tracking | 3.2.0 | 13.9 MB | 13.91 MB | | @datadog/pprof | 5.4.1 | 9.76 MB | 10.13 MB | | protobufjs | 7.2.5 | 2.77 MB | 7.01 MB | | @datadog/native-iast-rewriter | 2.6.1 | 2.59 MB | 2.73 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 3.1.0 | 1.06 MB | 1.46 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.11.2 | 112.74 kB | 826.22 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |🤖 This report was automatically generated by heaviest-objects-in-the-universe |
rochdev
force-pushed
the
v4.53.0-proposal
branch
from
ddb1e6e to
a4ccf2c
Compare
Add test that checks if everything works as expected even if tracing is disabled.
* Add span pointer support for updateItem and deleteItem * putItem support * transactWriteItem support * batchWriteItem support * Add unit+integration tests (very large commit) * Move `DD_AWS_SDK_DYNAMODB_TABLE_PRIMARY_KEYS` parsing logic to config.js * Code refactoring * Move util functions to packages/datadog-plugin-aws-sdk/ * lint * log when encountering errors in `encodeValue`; fix test * Send config env var as string to telemetry; handle parsing logic in dynamodb.js * Update config_norm_rules.json * fix test * Add unit tests for DynamoDB generatePointerHash * better logging + checks
rochdev
force-pushed
the
v4.53.0-proposal
branch
from
a4ccf2c to
97ca5a1
Compare
rochdev
force-pushed
the
v4.53.0-proposal
branch
from
c52111c to
ded1bd2
Compare
tlhunter
approved these changes
Dec 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
b7ccd40dc7] - (SEMVER-PATCH) update type tests to typescript 4.9.4 (Roch Devost) #5041c5dc10c9a3] - (SEMVER-PATCH) repo: ask for config details on bug creation (Thomas Hunter II) #50279bff311dc2] - (SEMVER-PATCH) fix runtime metrics test not waiting for gc observer to run (Roch Devost) #5039bfe48c9d89] - (SEMVER-PATCH) update package size job to node 20 (Roch Devost) #5040216bf5d13b] - (SEMVER-MINOR) [serverless] Add DynamoDB Span Pointers (Nicholas Hulston) #4912391ab8b6d3] - (SEMVER-PATCH) set node types minimum version to oldest (Roch Devost) #50296cda847920] - (SEMVER-PATCH) K8s tests: Run on parallel matrix (Roberto Montero) #5038275bb7ef9d] - (SEMVER-MINOR) Support tainted strings coming from database for SQLi, SSTi and Code injection (Ugaitz Urien) #490428bca839ec] - (SEMVER-PATCH) [DI] Improve trace/span-id probe results tests (Thomas Watson) #503650619f7408] - (SEMVER-MINOR) [DI] Associate probe results with active span (Thomas Watson) #50357d53c26746] - (SEMVER-PATCH) [test optimization] [SDTEST-1332] Fetchdi_enabledflag (Juan Antonio Fernández de Alba) #5006a38aaddd8b] - (SEMVER-MINOR) enable crashtracking by default outside of ssi (Roch Devost) #5026fb9ccca583] - (SEMVER-PATCH) update native-metrics to 3.1.0 (Roch Devost) #5022a17c93f64f] - (SEMVER-PATCH) repo: mandatory issue templates (Thomas Hunter II) #5023e4d4cc3456] - (SEMVER-PATCH) consolidate instances ofloadInst, so code isn't repeated (Bryan English) #5020048868e2f7] - (SEMVER-MINOR) New automatic user event collection (simon-id) #467402fba54df8] - (SEMVER-PATCH) Add some checks to avoid runtime errors (Igor Unanua) #494523720bb6ef] - (SEMVER-PATCH) Upgrade iast rewriter version to 2.6.1 (Igor Unanua) #501075865b4685] - (SEMVER-PATCH) Test aerospike node 16 with ubuntu-22.04 (Ugaitz Urien) #5017baf22d9f4f] - (SEMVER-PATCH) Verify yaml (Bryan English) #463969b27b3c3d] - (SEMVER-PATCH) telemetry: make count logic faster (Thomas Hunter II) #5013749b9a8949] - (SEMVER-PATCH) use gc observer for gc runtime metrics when available (Roch Devost) #4961880f15ae97] - (SEMVER-PATCH) run benchmarks also on node 20 and 22 (Roch Devost) #49757b5ccb2ab4] - (SEMVER-PATCH) [DI] Improve sampling tests (Thomas Watson) #499983c69285e1] - (SEMVER-PATCH) Fix flaky dns and net timeline event tests (Attila Szegedi) #501125d46fc785] - (SEMVER-PATCH) [DI] Clean up all logs emitted by the debugger (Thomas Watson) #500843046841de] - (SEMVER-PATCH) copy prototypes in shimmer where necessary (Bryan English) #5009d0ba71d4a6] - (SEMVER-PATCH) telemetry: increment .count when deduping telemetry logs (Thomas Hunter II) #5001e6ad5b3b6f] - (SEMVER-PATCH) speed up shimmer by about 50x (Bryan English) #4633329bdf9bcf] - (SEMVER-PATCH) remove dependency on msgpack-lite (Roch Devost) #4969594ca4c4f3] - (SEMVER-PATCH) clarify startup benchmark (Bryan English) #3019de0b516846] - (SEMVER-PATCH) [DI] Add support for sampling (Thomas Watson) #4998c6defbc8b5] - (SEMVER-MINOR) enable log collection & log calls review (Igor Unanua) #493295b6f956ea] - (SEMVER-PATCH) update pyenv (Fayssal DEFAA) #5005f2a3601b09] - (SEMVER-MINOR) Add Support for DD_DOGSTATSD_HOST (mhlidd) #498904f3610708] - (SEMVER-PATCH) [DI] Improve test setup by allowing breakpoint URL to be dynamic (Thomas Watson) #4996111c61ba7a] - (SEMVER-PATCH) Add summary.json to the benchmark .gitignore file (Thomas Watson) #5003ab449ca629] - (SEMVER-PATCH) Fix numbers stated in benchmark README.md (Thomas Watson) #5002e8ff00a127] - (SEMVER-PATCH) [DI] Improve separation between RC and breakpoint logic (Thomas Watson) #499241e8a55e2f] - (SEMVER-PATCH) [DI] Ensure the tracer doesn't block instrumented app from exiting (Thomas Watson) #4993a50d854dbd] - (SEMVER-PATCH) Ensure the fake agent in integration tests doesn't swallow exceptions (Thomas Watson) #49951a95b0b0c5] - (SEMVER-PATCH) [DI] Handle async errors in mocha tests (Thomas Watson) #499150bb0dd2d4] - (SEMVER-MINOR) Add support for endpoint_counts (Attila Szegedi) #498001c3ba1eb5] - (SEMVER-PATCH) install node22 (Fayssal DEFAA) #4985ea3ab7d23c] - (SEMVER-MINOR) Update @datadog/native-iast-rewriter to 2.6.0 to support optional chainings (Ugaitz Urien) #4990b04ced437a] - (SEMVER-MINOR) Express 5 Instrumentation (ishabi) #49134e9b1ffa7d] - (SEMVER-PATCH) Force update of nanoid to 3.3.8 (Ugaitz Urien) #49868384ba437d] - (SEMVER-PATCH) [test optimization] Fix test name extraction in playwright (Juan Antonio Fernández de Alba) #4981af176d1ead] - (SEMVER-PATCH) make sampling rule matching case insensitive (Ida Liu) #49729eb1180409] - (SEMVER-PATCH) fix guardrail on node version outside of ssi (Roch Devost) #4974c131b4cb38] - (SEMVER-PATCH) Delete unused benchmark for profiler (Thomas Watson) #4978e8e074e0dc] - (SEMVER-PATCH) Bump path-to-regexp from v0.1.10 to v0.1.12 (Thomas Watson) #4979528c013716] - (SEMVER-PATCH) fix next test using an incompatible version of react (Roch Devost) #4977de5b2c8112] - (SEMVER-PATCH) modernize eslint config (Bryan English) #4759823cfd44e0] - (SEMVER-PATCH) fix next esm tests installing wrong version of react (Roch Devost) #497366ac25add8] - (SEMVER-PATCH) Explain why keeping query in http end translator (ishabi) #4967d6fd88c107] - (SEMVER-PATCH) remove try catch from iast plugin (ishabi) #4804048736ef14] - (SEMVER-MINOR) Use sampling on timeline events (Attila Szegedi) #4861b1cbf8f822] - (SEMVER-PATCH) [DI] Adhere to diagnostics JSON schema (version -> probeVersion) (Thomas Watson) #4964b771888058] - (SEMVER-MINOR) [test optimization] Add Dynamic Instrumentation support for Vitest (Juan Antonio Fernández de Alba) #49593296eb8e18] - (SEMVER-MINOR) [test optimization] Add dynamic instrumentation support for cucumber (Juan Antonio Fernández de Alba) #4956844d62377f] - (SEMVER-PATCH) fix mysql2 3.11.5 support (Roch Devost) #4962c9be2d49ab] - (SEMVER-PATCH) fix(config): test for completeness of config telemetry (Brian Marks) #4941865654c9cd] - (SEMVER-PATCH) Protect req.socket.remoteAddress in appsec reporter (Ugaitz Urien) #4954ccc13e260b] - (SEMVER-MINOR) [test optimization] Add Dynamic Instrumentation to mocha retries (Juan Antonio Fernández de Alba) #4944b6c11a6c72] - (SEMVER-PATCH) use weakmap to avoid references from node to datadog stores (Roch Devost) #4953ec3f21089a] - (SEMVER-PATCH) Fix original url instanceOf url.URL (Ugaitz Urien) #49552ad4cd0414] - (SEMVER-MINOR) [test optimization] Do not init on package managers (Juan Antonio Fernández de Alba) #494663b6cf8465] - (SEMVER-PATCH) [test optimization] Fix logic to bypass jest's require cache (Juan Antonio Fernández de Alba) #4950ac19207555] - (SEMVER-PATCH) update guardrails to report telemetry in old node versions (Roch Devost) #494982c489b548] - (SEMVER-PATCH) add runtime version to crash report metadata (Roch Devost) #49485c6d12624b] - (SEMVER-MINOR) [test optimization] Add Dynamic Instrumentation to jest retries (Juan Antonio Fernández de Alba) #4876d19f3b03ad] - (SEMVER-PATCH) Fix IAST standalone sampling priority propagation (Carles Capell) #4927b456550ce0] - (SEMVER-PATCH) fix baggage extraction (Ida Liu) #4935