chore(deps): bump ddtrace from 2.19.1 to 2.20.0

[dependabot]

Bumps ddtrace from 2.19.1 to 2.20.0.

Release notes

Sourced from ddtrace's releases.

2.20.0

Upgrade Notes

• Tracing
  • Validates Python 3.13 support for the ddtrace-run entrypoint.
  • Validates Python 3.13 support for the following integrations:
    • aiomysql
    • aiopg
    • asyncpg
    • avro
    • botocore
    • confluent-kafka
    • django
    • falcon
    • fastapi
    • grpcio
    • mysqldb
    • protobuf
    • pyodbc
    • sqlalchemy

Deprecation Notes

• CI Visibility

  • Moves the implementational details of the pytest, pytest_benchmark, pytest_bdd, and unittest integrations from ddtrace.contrib.<integration> to ddtrace.contrib.internal.<integration>.

• Tracing

  • Deprecates ddtrace.filters.FilterRequestsOnUrl. Spans should be filtered/sampled using DD_TRACE_SAMPLING_RULES configuration.
  • Deprecates the use of multiple tracer instances in the same process. The global tracer (ddtrace.tracer) `should be used instead.
  • Deprecates support for configuring samplers via a programmatic API. In v3.0.0 samplers will only be configurable via environment variables or remote configuration.
  • Ensures most tracing configurations are only set on application start up. This is done by deprecating the following parameters in ddtrace.configure(...) function. These parameters will be removed in ddtrace>=3.0.0: - enabled - hostname - port - uds_path - https - sampler - settings - priority_sampling - settings - dogstatsd_url - writer - partial_flush_enabled - partial_flush_min_spans - api_version - compute_stats_enabled - wrap_executor
  • Deprecates ddtrace.pin module and moves the Pin class to ddtrace.trace package. In v3.0.0 the ddtrace/pin.py will be removed.
  • Deprecates ddtrace.filters module and moves the TraceFilter and FilterRequestsOnUrl classes to ddtrace.trace package. In v3.0.0 the ddtrace/filters.py will be removed.
  • Deprecates all attributes in ddtrace.contrib.trace_utils_async and ddtrace.contrib.redis_utils. Replaces ddtrace.contrib.trace_utils_async.with_traced_module(...) with ddtrace.contrib.trace_utils.with_traced_module_async(...). Moves public attributes defined in ddtrace.contrib.redis_utils.* to ddtrace.contrib.trace_utils.
  • Deprecates the ability to use multiple tracer instances with ddtrace.Pin. In v3.0.0 pin objects will only use the global tracer.
  • Ensures the implementation details of ddtrace integrations are internal to ddtrace library. In ddtrace>=3.0.0 integrations should only be enabled and configured via ddtrace.patch(..), import ddtrace.auto or the ddtrace-run command. Unpatching integrations or getting the version of an integration is no longer supported.
  • rq: Ensures the implementation details of the rq integration are internal to ddtrace library. In ddtrace>=3.0.0 this integration should only be enabled and configured via ddtrace.patch(..), import ddtrace.auto or the ddtrace-run command

New Features

• ASM

  • Introduces full support for Automated user lifecycle tracking for login events (success and failure)
  • Introduces the support for command injection for Exploit Prevention. With previous support of shell injection with os.system, this provides automatic instrumentation for subprocess module functions and os.spawn* functions, ensuring monitoring and blocking for Exploit Prevention on those endpoints.

• Code Security

  • Adds support for Header Injection vulnerability sink point.
  • Code Injection vulnerability detection, which will be displayed on your DataDog Vulnerability Explorer dashboard. See the Application Vulnerability Management documentation for more information about this feature.

• LLM Observability

  • openai: Introduces automatic extraction of token usage from streamed chat completions. Unless stream_options: {"include_usage": False} is explicitly set on your streamed chat completion request, the OpenAI integration will add stream_options: {"include_usage": True} to your request and automatically extract the token usage chunk from the streamed response.

• Profiling

  • Stack V2 is enabled by default. It is the new stack sampler implementation for CPython 3.8+. It enhances the performance, accuracy, and reliability of Python CPU profiling. This feature activates our new stack sampling, collection and export system.

... (truncated)

Changelog

Sourced from ddtrace's changelog.

Changelog

Changelogs for versions not listed here can be found at https://github.com/DataDog/dd-trace-py/releases

---

Commits

• a5bf963 chore(integrations): internalize get_version, patch, and unpatch for all inte...
• a1b7b9d chore(llmobs): remove public notice of submit_evaluation_for (#11997)
• 3ee42be ci: add missing permissions to publish musl i686 image (#12012)
• f198341 chore(cos): include module and function on exit (#11882)
• 4611816 Revert "fix(tracing): only extract distributed headers if a trace is not alre...
• 731be65 chore(di): don't redact env tokens from probe snapshots (#11951)
• da758e9 chore(asm): improve dependency for api security (#11987)
• 0111544 chore: update changelog for version 2.19.1, 2.19.0, 2.18.2, 2.17.5, 2.17.4 (#...
• 7520c7a chore(tracing): internalize most of tracer.configure(...) [3.0] (#11973)
• b614655 feat(langgraph): submit spans from langgraph to APM and LLMObs (#11730)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)