Update dependency dd-trace to v4.26.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dd-trace	5.2.0 -> 4.26.0

---

Release Notes

DataDog/dd-trace-js (dd-trace)

v4.26.0: 4.26.0

Compare Source

Security Fixes

lodash: Remove reliance on vulnerable lodash.pick dependency (#​3999), thanks @​Nico385412 for the original PR and for notifying us

Bug Fixes

asm: fix mquery vulnerability location (#​3797)

Features

dsm: add support for sqs/sns/kinesis in aws-sdk (#​3864)

v4.25.0

Compare Source

v4.24.0

Compare Source

Features

• profiling: Add experimental CPU profiler (#​3895)

Improvements

• profiling: GA Code hotspots and endpoint collection (#​3940)

Bug Fixes

• core: Handle google-cloud-pubsub subscription closing (#​2716)

v4.23.0

Compare Source

Features

• core: Add remote config support for custom tags (#​3875)
• profiling: Add a process_id that contains process pid to profiles (#​3911)
• core: Implement extended sampling (#​3904)

Improvements

• core: Add instrumentation support for node:* specifiers (#​3893)
• core: Fix instrumentation support for Fastify versions >= 4.23.0 (#​3893)

Bug Fixes

• profiling: Fix compatibility with node < 14.18 (#​3908)

v4.22.0

Compare Source

Bug Fixes

• pino: ignore pino error tests when node version is 21 (#​3878)
• rhea: fix rhea memory leak concerning inFlightDeliveries (#​3833)
• profiling: Fix recording times (#​3891)
• core: fix memory leak of req and res objects due to setTimeout wrapping repeatedly (#​3896)

Improvements

• appsec: Upgrade iast rewriter version to 2.2.2 (#​3883)
• civisibility: Update repository url validation (#​3876)
• core: flush custom metrics before process exit (#​3842)
• nextjs: Default Error Tagging for Pages in Next.js (#​3892)
• profiling: Add thread id labels to heap and wall profiles (#​3888)

Features

• appsec: GraphQL Blocking (3819)
• appsec: API security sample rate via RC (#​3868)
• appsec: Pass resolver address as ephemeral type (#​3897)
• core: add support for configuring tracing client using remote configuration (#​3395)

v4.21.0

Compare Source

Bug Fixes

• profiling: add source code integration tags to profiles (#​3821)
• core: do not report HTTP requests over 5 seconds as errors on Node 20 (#​3853)
• core: update protobuf for security reasons (#​3851)
• core: resolve the 0th argument of the restify controller promise (#​3818)

Improvements

• core: collapse Next.js static resources to reduce cardinality (#​3809)
• civisibility: waits for git to upload and re-request settings when require_git field is true (#​3790)
• civisibiity: do not report total code. coverage if itr is enabled (#​3828)
• profiling: Add DNS events to timeline (#​3822)
• core: add a new http service configuration option enablePropagationWithAmazonHeaders (#​3836)
• appsec: use existing response header instrumentation to detect Header Injection vulnerability when a unsafe string is written in a header (#​3813)
• profiling: Add Net events to timeline (#​3832)
• core: Partially upgrade instrumentation telemetry from v1 to v2 (#​3827)
• civisibility: Speed up git unshallow (#​3839)
• core: add a new environment variable to enable span leak detection at either logging or logging + manual gc modes (#​3849)
• core: add a GitHub security policy via SECURITY.md (#​3863)
• appsec: Apply new rules for header injection detection to prevent false positives (#​3867)
• dsm: Add Kafka offset lag to metrics sent by datastreams monitoring (#​3761)
• profiling: reduce overhead by removing lane logic from profiler library (#​3880)

Features

• appsec: add support for schema extraction when calling the waf (#​3685)
• core: add automatic instrumentation support for Aerospike v3.16.2 - v3.16.7, v4, v5 (#​3830, #​3804)

v4.20.0

Compare Source

Bug Fixes

• core: always propagate tracestate when tracecontext is configured (#​3810)
• profiling: fix enabling of timeline profiler: (#​3807)

Improvements

• profiling: emit wall sample timestamps even when code hotspots aren't used (#​3808)
• profiling: memoize web tags in all ancestors (#​3792)
• appsec: load appsec rules in appsec/rule_manager.js (#​3805)

v4.19.0

Compare Source

Bug Fixes

• core: modified telemetry.enabled to comply with instrumentation telemetry specs (#​3765)
• appsec: use exact version for @datadog/native-appsec (#​3778)
• ci-visibility: update git metadata extraction (#​3771)
• profiling: only consider the active span and its ancestors when looking for web tags (#​3780)
• core: restify: emit on DC channels w/ async handlers, fixes bug where path names repeat (#​3782)

Improvements

• core: use dc-polyfill instead of diagnostics_channel directly (#​3722)
• appsec: update AppSec rules to 1.9.0 (#​3772)
• ci-visibility: add flags to force code coverage reporting and test skipping (#​3767)
• profiling: restore eager release of tags, adapt endpoint profiling code (#​3759)
• profiling: cache web span lookup, so we only perform it once per span, release eagerly (#​3779 / #​3781)
• core: enable arm builds for single-step (#​3791)
• appsec: obfuscate secret tokens (#​3786)
• appsec: update collected request headers (#​3795)
• profiling: gc events profiler (#​3770)
• core: add DSM pathway hash to kafka spans, payload size for kafka stats (#​3763 / #​3734)
• appsec: update native-iast-taint-tracking to v1.6.4 (#​3787)

Features

• core: enable 128-bit ids by default (#​3656 / #​3800)
• core: otel span name translator (#​3766)

v4.18.0

Compare Source

Bug Fixes

• core: fix next.js build errors by refactoring config (#​3748)
• core: fix error in http plugin when it was enabled after request start (#​3740)
• appsec: Check only query and body parameters in nosql injections (#​3725)
• appsec: Fix knex nested queries (#​3730)
• appsec: Handle headers with array values (#​3751)
• profiling: Call the right method to unsubscribe from a channel (#​3756)

Improvements

• core: report tested integrations and their tested versions (#​3669)
• core: Support for node 21 (#​3729)
• core: Next.js: Don't Trace Middleware (#​3702)
• core: Make telemetry metrics true by default (#​3747)
• core: NextJS error handling (#​3715)
• profiling: Emit thread names in wall profiles (#​3726)
• ci-visibility: Add custom tags capability to playwright tests (#​3741)
• ci-visibility: Instrument suite parsing errors as failed suites (#​3735)
• ci-visibility: Better logs for intelligent test runner (#​3742)
• ci-visibility: Remove user credentials from DD_GIT_REPOSITORY_URL (#​3744)
• ci-visibility: Improve test status in test sessions for jest and mocha (#​3736)
• appsec: Add configurable IAST redaction pattern (#​3720)
• appsec: Generic telemetry logs (#​3647)

Features

• appsec: Hardcoded secret detection (#​3687)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 21 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 20, reused 0, downloaded 10, added 0
.                                        |  WARN  deprecated @babel/plugin-proposal-object-rest-spread@7.20.7
Progress: resolved 58, reused 0, downloaded 46, added 0
Progress: resolved 69, reused 0, downloaded 56, added 0
Progress: resolved 88, reused 0, downloaded 75, added 0
Progress: resolved 124, reused 0, downloaded 111, added 0
/tmp/renovate/repos/github/X-oss-byte/Nextjs/packages/third-parties:
 ERR_PNPM_FETCH_404  GET https://registry.npmjs.org/next/-/next-13.5.0.tgz: Not Found - 404

This error happened while installing a direct dependency of /tmp/renovate/repos/github/X-oss-byte/Nextjs/packages/third-parties

No authorization header was set for the request.
Progress: resolved 139, reused 0, downloaded 126, added 0

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 86b2e87

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR