Skip to content

Bump ddtrace from 2.6.5 to 4.8.2 in /backend/requirements#53

Open
dependabot[bot] wants to merge 1 commit into
feature/darwinfrom
dependabot/pip/backend/requirements/ddtrace-4.8.2
Open

Bump ddtrace from 2.6.5 to 4.8.2 in /backend/requirements#53
dependabot[bot] wants to merge 1 commit into
feature/darwinfrom
dependabot/pip/backend/requirements/ddtrace-4.8.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown

Bumps ddtrace from 2.6.5 to 4.8.2.

Release notes

Sourced from ddtrace's releases.

4.8.2

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

Bug Fixes

  • ai_guard
    • This fix resolves a conflict between ddtrace.auto and strands when imported in the same file, which left Strands hooks silently disabled. The Strands integration now loads lazily on first attribute access so its event class identities match those the agent dispatches.
  • tracing
    • Limits parsing of the W3C tracestate header during tracecontext extraction to 32 list-members and 512 UTF-8 bytes, consistent with the W3C Trace Context specification (https://www.w3.org/TR/trace-context/). Extra list-members and trailing whole entries that would exceed the byte budget are ignored, so unusually large headers no longer expand unbounded work during extraction. The Datadog dd= list-member is preferred: it is kept when present (including when it appears late in the header or alone exceeds the byte cap), and other vendors are dropped first. List-members longer than DD_TRACE_TRACESTATE_ITEM_MAX_CHARS (128) characters are removed first when trimming by list-member count or byte budget, so shorter vendor entries are kept when possible.
    • tracing: Parsing incoming baggage HTTP headers now respects DD_TRACE_BAGGAGE_MAX_ITEMS [default 64] and DD_TRACE_BAGGAGE_MAX_BYTES [default 8192], consistent with baggage injection. Previously, extraction could retain every comma-separated entry regardless of those limits. The tracer drops excess pairs and records truncation telemetry when limits apply.

4.8.1

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

Bug Fixes

  • django: Stop tagging async view and middleware spans as errored on routine ASGI cancellations (e.g. client disconnects on streaming responses), a regression introduced in 4.8.0rc4. Cancellation still propagates; the span just finishes without error.type='asyncio.exceptions.CancelledError'.
  • tracing: This fix resolves a memory leak where reference cycles through a span's properties were invisible to Python's cyclic garbage collector and accumulated proportionally to traced call volume.

4.8.0

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

Upgrade Notes

  • claude_agent_sdk: Tool span resource names have changed from the tool name (e.g. Read, Bash) to claude_agent_sdk.tool. The specific tool name is still available in the span name (e.g. claude_agent_sdk.tool.Read). Users relying on tool resource names should update them accordingly.

  • ray: Adds DD_TRACE_RAY_SUBMISSION_SPANS_ENABLED (default: False) configuration to control Ray submission tracing. Set DD_TRACE_RAY_SUBMISSION_SPANS_ENABLED=true to trace task.submit and actor_method.submit spans. Leave it unset to trace only execution spans. See Ray integration documentation for more details.

  • ray: ray.job.submit spans are removed. Ray job submission outcome is now reported on the existing ray.job span through ray.job.submit_status.

Deprecation Notes

  • Tracing: DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED is deprecated and will be removed in 5.0.0. Use DD_TRACE_INFERRED_SPANS_ENABLED instead. The old environment variable continues to work but emits a DDTraceDeprecationWarning when set.

  • tracing: The pin parameter in ddtrace.contrib.dbapi.TracedConnection, ddtrace.contrib.dbapi.TracedCursor, and ddtrace.contrib.dbapi_async.TracedAsyncConnection is deprecated and will be removed in version 5.0.0. To manage configuration of DB tracing please use integration configuration and environment variables.

  • LLM Observability: Removes support for the RAGAS integration. As an alternative, if you have RAGAS evaluations, you can manually submit these evaluation results. See LLM Observability external evaluation documentation for more information.

New Features

  • AI Guard: Add DD_AI_GUARD_BLOCK environment variable. Defaults to True, which means the blocking behavior configured in the Datadog AI Guard UI (in-app) will be honored. Set to False to force monitor-only mode locally: evaluations are still performed but AIGuardAbortError is never raised, regardless of the in-app blocking setting.

  • AI Guard response objects now include a dict field tag_probs with the probabilities for each tag.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases


3.8.0

New Features

  • LLM Observability: add processor capability to process span inputs and outputs. See usage documentation [here](https://docs.datadoghq.com/llm_observability/setup/sdk/python/#span-processing).
  • CI Visibility: This introduces the ability to gzip the payload when using the evp proxy setup, incurring in less network bandwith consumption.
  • Error Tracking: Introduces automatic reporting of handled exceptions. Enabling the feature will report handled exceptions to Error Tracking from the user code, the third party packages code, some specified modules or everything based on configuration. This feature can be controlled using two environment variables: - DD_ERROR_TRACKING_HANDLED_ERRORS=`allthird_party` - DD_ERROR_TRACKING_HANDLED_ERRORS_INCLUDE=`module1, module2, module3.submodule`
  • Code Security: IAST support for langchain v0.1.0 and above.
  • openai: This introduces tracing support for the OpenAI Responses endpoint.

Bug Fixes

  • tracing: Fixes an issue where truncation of span attributes longer than 25000 characters would not consistently count the size of UTF-8 multibyte characters, leading to a unicode string is too large error.

  • CI Visibility: This fix resolves an issue where the DD_CIVISIBILITY_ITR_ENABLED was not honored properly.

  • tracing: Fixes a bug in distributed tracing where pickling ddtrace.trace.Context fails in coroutines. This regression was introduced in v3.7.0.

  • CI Visibility: This fix resolves an issue where pytest-xdist would not exit with the proper status code if ATR was enabled.

  • CI Visibility: This fix resolves an issue where ddtrace pytest plugin used with xdist would report test suites as failing even when all tests pass.

  • profiling: fixed an issue in the SynchronizedSamplePool where pool could be null when calling into ddog_ArrayQueue_ functions, leading to segfaults in the uWSGI shutdown

  • Code Security: IAST: Avoid excessive filtering of stacktrace locations when finding vulnerabilities. After this change, vulnerabilities that were previously discarded will now be reported. In particular, if they were found within code in site-packages or outside of the working directory.

  • LLM Observability: Resolves an issue where spans and evaluation metrics were not being sent via Unix sockets.

  • dynamic instrumentation: prevent an exception when trying to remove a probe that did not resolve to a valid source code location.

  • kafka: This fix resolves an issue where message headers were sent to Kafka brokers that do not support them. Message headers are turned off when the Kafka server responds with UNKNOWN_SERVER_ERROR (-1).

  • code origin for spans: fixes a performance issue with exit spans.

  • profiling: improve performance of the memory profiler for large heaps. The memory profiler previously did a linear search of tracked allocations for every free, which scaled very poorly with large heaps. Switch to a fast hash map.


3.7.2

Bug Fixes

  • CI Visibility: This fix resolves an issue where the DD_CIVISIBILITY_ITR_ENABLED was not honored properly.
  • tracing: Fixes an issue where truncation of span attributes longer than 25000 characters would not consistently count the size of UTF-8 multibyte characters, leading to a unicode string is too large error.

3.7.1

Bug Fixes

... (truncated)

Commits
  • 58d0fd2 set version to 4.8.2
  • ecf6631 fix: limit tracestate header extraction [backport 4.8] (#17925)
  • 9c80faa fix: limit baggage header extraction [backport 4.8] (#17926)
  • 3eda3dd fix(ai_guard): lazy-load strands integration to avoid stale class identity [b...
  • f9c9dbe chore: bump 4.8.1 (#17910)
  • 2655736 fix(tracing): add cyclic GC support to native Span classes [backport 4.8] (#1...
  • 58ea34e test(debugger): remove 3.9 exploration runs [backport 4.8] (#17779)
  • 50c9af0 fix(django): don't tag spans errored on async CancelledError [backport 4.8] (...
  • 2cf323d set version to 4.8.0
  • 7350e20 refactor(telemetry): memoize get_host_info via @​callonce (#17669)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 15, 2026
Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.6.5 to 4.8.2.
- [Release notes](https://github.com/DataDog/dd-trace-py/releases)
- [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md)
- [Commits](DataDog/dd-trace-py@v2.6.5...v4.8.2)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-version: 4.8.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot changed the base branch from main to feature/darwin July 18, 2026 08:11
@dependabot
dependabot Bot force-pushed the dependabot/pip/backend/requirements/ddtrace-4.8.2 branch from fc2a27d to 2ed96f0 Compare July 18, 2026 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants