Skip to content

v4.3.0 proposal #3267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 40 commits into from
Jun 23, 2023
Merged

v4.3.0 proposal #3267

merged 40 commits into from
Jun 23, 2023

Conversation

@nsavoire
Copy link
Collaborator

@nsavoire nsavoire commented Jun 21, 2023
edited
Loading

Features

Improvements

Bug Fixes

iunanua and others added 26 commits June 20, 2023 14:02
@iunanua @nsavoire
Unvalidated redirect analyzer (#3204)
cc76408 
* Unvalidated redirect analyzer

* Ignore tainteds from Referer header
@tlhunter @nsavoire
make tracer config available to plugins (#3235)
a183535
@uurien @nsavoire
Add _dd.iast.enabled=1 metric out of request vulnerabilities tags (#3231
f81d532 
)

* Add _dd.iast.enabled=1 in out of request vulnerabilities tags

* Rename constants.js to tags.js
@juan-fernandez @nsavoire
[ci-visibility] Better git commands (#3236)
d5814db
@juan-fernandez @nsavoire
[ci-visibility] Fix agentless exporter test (#3241)
a4de63e
@jbertran @nsavoire
Tedious - service naming (#3061)
530af20 
* add v0 naming to tedious (mssql)
* add v1 naming to tedious (mssql)
* switch to a mostly working test sqlserver

  The standard mssql server image does not work on ARM [1].

  Instead, we use `azure-sql-edge` [2], which provides a sufficient subset
  of mssql server API to test most of our integration. 

  Unfortunately, this image does not support stored procedures [3], so
  tests related to these will still fail locally.

  [1] microsoft/mssql-docker#668
  [2] https://hub.docker.com/_/microsoft-azure-sql-edge
  [3] https://learn.microsoft.com/en-us/azure/azure-sql-edge/features#unsupported-features
@simon-id @nsavoire
Add test in shimmer wrap to preserve function name (#3237)
b96bb76
@jbertran @tlhunter @nsavoire
MySQL databases - service naming (#3057)
68a3d27 
* add v0 naming to mysql integrations
* add v1 to mysql integrations
* add tests on v1 for mysql databases

---------

Co-authored-by: Thomas Hunter II <[email protected]>
@juan-fernandez @nsavoire
[ci-visibility] Fix windows tracing test (#3243)
a011d57
@rochdev @nsavoire
fix grpc custom errors not being reported (#3230)
8d0fe3c
@CarlesDD @nsavoire
Taint cookies and headers (#3232)
0f6cc21 
* Taint cookies and headers

* Bump minimum node version for v4 on cookie plugin test

* Add test with latest node version for cookie plugin test

* Provide iastContext from index when tainting headers

* Add test for cookie tainting in taint tracking plugin

* Remove iast transaction after taint tracking plugin tests to avoid hiting setMaxTransactions in tests

* Add test for taintObject with taintingKeys flag

* Address header tainting test for keys shorter than 10 chars

* Upgrade native-iast-taint-tracking to v1.5.0

* Rewrite expect in taint tracking plugin test

* Fix tag requiring in IAST index
@uurien @nsavoire
No HttpOnly vulnerability detection (#3228)
ce42aac
@uurien @nsavoire
No SameSite cookie vulnerability detection (#3246)
1a100de
@crysmags @tlhunter @nsavoire
add external log writer (#3201)
967e95b 

---------

Co-authored-by: Thomas Hunter II <[email protected]>
@uurien @nsavoire
Fix unvalidated redirects (#3252)
a4bcdc9
@rochdev @nsavoire
add environment variable to disable instrumentations completely (#3234)
2b0d6de
@juan-fernandez @nsavoire
Disable metrics.spec.js tests (part of tracing tests) for windows (#3250
191e308 
)
@uurien @nsavoire
Add sources tests (#3249)
60b6d13 
* Add sources tests

* styles
@juan-fernandez @nsavoire
[ci-visibility] Use correct repository URL for git metadata upload (#…
aca63bd 
…3253)
@uurien @simon-id @nsavoire
Add IAST benchmark tests (#3193)
f8327f8 
* appsec-iast benchmark tests

* writing fixes

Co-authored-by: simon-id <[email protected]>

* small fixes

---------

Co-authored-by: simon-id <[email protected]>
@juan-fernandez @nsavoire
[ci-visibility] Fix random cypress integration tests timeouts (#3255)
2b288e6
@uurien @nsavoire
Reduce request per iteration in IAST benchmarks (#3260)
6112056 
* Reduce request per iteration in IAST benchmarks

* Reduce a bit more

* 30 iterations 200 requests
@uurien @nsavoire
Check store has value before use it (#3257)
93397d3
@juan-fernandez @nsavoire
Fix setup in integration tests (#3254)
db6a0c6
@nsavoire
Auto-instrument @opentelemetry/sdk-trace-node (#3248)
cfbf53b
@nsavoire
[profiling] Add debug log listing found source maps (#3242)
9410e91 
* Add debug log listing found source maps

* Bump pprof required version

Use pprof version with source map debug info.
Lock pprof version in package.json to be make sure that customers use
a dd-trace-js/pprof-nodejs combination that is well tested.
@nsavoire nsavoire changed the title V4.3.0 proposal v4.3.0 proposal Jun 21, 2023
@github-actions
Copy link

github-actions bot commented Jun 21, 2023
edited
Loading

Overall package size

Self size: 4.39 MB
Deduped: 60.85 MB
No deduping: 60.9 MB

Dependency sizes

name version self size total size
@datadog/pprof 2.2.3 14.25 MB 15.13 MB
@datadog/native-iast-taint-tracking 1.5.0 14.86 MB 14.86 MB
@datadog/native-appsec 3.2.0 13.38 MB 13.39 MB
protobufjs 7.1.2 2.76 MB 6.55 MB
@datadog/native-iast-rewriter 2.0.1 2.09 MB 2.1 MB
@opentelemetry/core 1.14.0 872.87 kB 1.47 MB
@datadog/native-metrics 2.0.0 898.77 kB 1.3 MB
@opentelemetry/api 1.4.1 780.32 kB 780.32 kB
opentracing 0.14.7 194.81 kB 194.81 kB
semver 7.5.3 93.39 kB 123.79 kB
@datadog/sketches-js 2.1.0 109.9 kB 109.9 kB
lodash.sortby 4.7.0 75.76 kB 75.76 kB
lru-cache 7.14.0 74.95 kB 74.95 kB
ipaddr.js 2.0.1 59.52 kB 59.52 kB
ignore 5.2.0 48.87 kB 48.87 kB
import-in-the-middle 1.3.5 34.34 kB 38.81 kB
istanbul-lib-coverage 3.2.0 29.34 kB 29.34 kB
retry 0.10.1 27.44 kB 27.44 kB
lodash.uniq 4.5.0 25.01 kB 25.01 kB
limiter 1.1.5 23.17 kB 23.17 kB
lodash.kebabcase 4.1.1 17.75 kB 17.75 kB
lodash.pick 4.4.0 16.33 kB 16.33 kB
node-abort-controller 3.0.1 14.33 kB 14.33 kB
crypto-randomuuid 1.0.0 11.18 kB 11.18 kB
diagnostics_channel 1.1.0 7.07 kB 7.07 kB
path-to-regexp 0.1.7 6.78 kB 6.78 kB
koalas 1.0.2 6.47 kB 6.47 kB
methods 1.1.2 5.29 kB 5.29 kB
module-details-from-path 1.0.3 4.47 kB 4.47 kB

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov
Copy link

codecov bot commented Jun 21, 2023
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (v4.x@d02ecba). Click here to learn what that means.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             v4.x    #3267   +/-   ##
=======================================
  Coverage        ?   86.07%           
=======================================
  Files           ?      194           
  Lines           ?     7524           
  Branches        ?       33           
=======================================
  Hits            ?     6476           
  Misses          ?     1048           
  Partials        ?        0

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

nsavoire and others added 2 commits June 22, 2023 00:06
@nsavoire
Publish "dev" injection image (#3276)
816024a 
For each new push on master, publish a new injection image with tag
"dev".
We need to tag master branch with `dev` tag to trigger the
`deploy_to_docker_registries` job in gitlab CI.
@nsavoire
Skip OTel auto-instrumentation test as sdk-node does not support Node…
47e75cf 
….js 12 (#3277)
@nsavoire nsavoire marked this pull request as ready for review June 22, 2023 09:34
@nsavoire nsavoire requested review from a team as code owners June 22, 2023 09:34
juan-fernandez
juan-fernandez previously approved these changes Jun 22, 2023
View reviewed changes
Copy link
Collaborator

@juan-fernandez juan-fernandez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good from ci visibility's perspective

uurien
uurien previously approved these changes Jun 22, 2023
View reviewed changes
@nsavoire nsavoire dismissed stale reviews from uurien and juan-fernandez via 65af306 June 22, 2023 23:29
uurien
uurien previously approved these changes Jun 23, 2023
View reviewed changes
nsavoire added 2 commits June 23, 2023 14:46
@nsavoire
Bump profiler version to 2.2.3 (#3286)
31624c2 
* Add DD_PROFILING_DEBUG_SOURCE_MAPS option

DD_PROFILING_DEBUG_SOURCE_MAPS env variable enables printing of
detailed diagnostics concerning source maps.
Pass logger to profiler module to enable logging.

* Bump profiler version to 2.2.3
@nsavoire
v4.3.0
2b8b1b7
rochdev
rochdev previously approved these changes Jun 23, 2023
View reviewed changes
@nsavoire nsavoire dismissed stale reviews from rochdev and uurien via 2b8b1b7 June 23, 2023 12:46
@tlhunter
Copy link
Member

tlhunter commented Jun 23, 2023

We're going to ignore the perf regressions for this release. One of them is for the upgraded version of the semver package in yarn.lock as customers installing via yarn install dd-trace already get the newer, slower version of semver. The other perf hit is with the fetch PR and the affected benchmarks are very sensitive to newly added modules.

@tlhunter tlhunter merged commit 0e8af68 into v4.x Jun 23, 2023
@nsavoire nsavoire deleted the v4.3.0-proposal branch July 17, 2023 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@uurien uurien uurien approved these changes

@rochdev rochdev rochdev left review comments

@juan-fernandez juan-fernandez juan-fernandez left review comments

Assignees

No one assigned

Labels

semver-minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.