v5.53.0 proposal #5750
Merged
v5.53.0 proposal #5750
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It's best practice to not call `it` dynamically in a for-loop, but instead have a function that returns a test function so that the `it` statements can be hard coded even when you need to re-use a test function.
This fixes a bug where if two probes were attached to the same line and both had a condition, if only one of the conditions match, we would wrongly assume both had matched and send both probe results to the backend. This changes that behavior to always re-evaluate the conditions no matter what.
…5731) If for whatever reason the probe state snapshot cannot be captured or included in the payload, an error message should be included instead. The backend doesn’t support a root `notCapturedReason`, so instead a new `debugger.snapshot.captureError` should be introduced to hold a string error message.
…nstrumentations with Node 24 (#5711) * Add node24 * Make it work for Jest but custom tags * Fix Jest * Fix Mocha * Update subscription channel Mocha * Fix propagation error in Mocha * Fix active span in Mocha * Fix Cucumber * Partial fix Vitest * Add OPTION_OVERRIDE * Update CLI Vitest * Fix Playwright
This changes what happens if an error occurs while gathering the local state for the snapshot. Before this change, an `ERROR` event would be emitted to the diagnostics endpoint, while still sending a probe result without any snapshot to the intake, followed by an `EMITTING` event. However, not being able to collect the snapshot does not warrant emitting an `ERROR` event. This commit changes that behaviour to instead report the snapshot with a `notCapturedReason` without emitting an `ERROR` event.
…#5715) If two probes are on the same line, and both have a condition, but one condition throws and the other evaluates to true, the one that evaluated to true should still trigger the breakpoint and get collected.
…n it fails before running the test (#5733)
A race condition exists where the tracer receives a probe via RC, before Node.js has had a chance to load all the JS files from disk. If this race condition is triggered, it results in the tracer either not being able to find any script to attach the probe to, or, if the probe filename is a bit generic, it finds an incorrect match. Therefore, once new scripts has been loaded, all probes are re-evaluated. If the matched `scriptId` has changed, we simply remove the old probe (if it was added to the wrong script) and apply it again. This is only really an issue if Node.js is using the ESM loader, as this is really slow. If the application is purely a CommonJS application, this race condtion would probably never be triggered.
This is important to guarantee user code behaves as it did without the instrumentation. So user crashes should happen as before.
ghost
mentioned this pull request
Closed
Overall package sizeSelf size: 9.42 MB Dependency sizes| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.5.1 | 29.73 MB | 29.73 MB | | @datadog/native-appsec | 8.5.2 | 19.33 MB | 19.34 MB | | @datadog/pprof | 5.8.0 | 12.55 MB | 12.92 MB | | @datadog/native-iast-taint-tracking | 4.0.0 | 11.72 MB | 11.73 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.4.0 | 2.77 MB | 5.42 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.13.1 | 117.64 kB | 839.26 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.2 | 53.63 kB | 53.63 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | dc-polyfill | 0.1.8 | 25.08 kB | 25.08 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.2 | 23.54 kB | 23.54 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |🤖 This report was automatically generated by heaviest-objects-in-the-universe |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## v5.x #5750 +/- ##
=======================================
Coverage ? 79.12%
=======================================
Files ? 521
Lines ? 23708
Branches ? 0
=======================================
Hits ? 18759
Misses ? 4949
Partials ? 0 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
BenchmarksBenchmark execution time: 2025-05-23 05:23:22 Comparing candidate commit fadfb65 in PR branch Found 0 performance improvements and 4 performance regressions! Performance is the same for 1265 metrics, 54 unstable metrics. scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-18
scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-18
scenario:plugin-bluebird-control-22
|
Datadog ReportBranch report: ✅ 0 Failed, 987 Passed, 0 Skipped, 20m 37.33s Total Time |
* Safer shimmer implementation This improves the shimmer by replacing getters safely from now on. The getters were always replaced before. Now, they are hooked into by default and only replaced, if a developer opts into it. This also simplifies the usage due to not needed workarounds to instrument getters regularly otherwise. * Minor code cleanup This is mainly cleaning up some code and adding comments about potential improvements. * Simpler test cases These cases may use Promise.all instead of using .then and .catch * Improve shimmer safety In case an module export is frozen or if it's a method, instrument it properly. Before, only plain objects were mimiked. That is now safe to do for objects with multiple properties that are not configurable and not writable due to reusing the already created object proxy in that case. It is now also possible to instrument methods. Both cases now copy all properties as needed. * Use simpler shimmer arguments and add JSDoc A boolean is difficult to follow. Writing it out makes the intend clear. This also adds JSDoc to follow the implementation in the IDE. * fixup! * fixup! * fixup! address comment * fixup!
ghost
When the last probe is removed (or disabled), the debugger session is stopped. However, some of the internal state keeping track of the loaded files in the process isn't cleared. If a new probe is then later added, or an existing probe enabled, a new debugger session is started, and the internal state is re-generated. But instead of starting from an empty state, it's essentially duplicated. The more times this happens, the more memory is used, causing a memory leak. To fix this, the internal state is now cleared when the debugger session is stopped.
* feat: monitor io-valkey * rename redis.command to valkey.command * Apply suggestions from code review Co-authored-by: Ruben Bridgewater <ruben@bridgewater.de> * Update packages/datadog-instrumentations/src/iovalkey.js Co-authored-by: Ruben Bridgewater <ruben@bridgewater.de> * Update packages/datadog-instrumentations/src/helpers/hooks.js * Apply suggestions from code review BridgeAR Co-authored-by: Ruben Bridgewater <ruben@bridgewater.de> * add span type to class / subclass * seems that our agent.use stuff is broken * break apart redis, ioredis, valkey jobs * refactor tests * try using redis server 6.2 * promise to async --------- Co-authored-by: Nicolas Hansse <nicolas.hansse@royalcanin.com> Co-authored-by: Ruben Bridgewater <ruben@bridgewater.de>
BridgeAR
approved these changes
May 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
86f1f53648] - (SEMVER-PATCH) chore: fix confluentinc flaky tests (William Conti) #5732bd378cd6ca] - (SEMVER-PATCH) remove duplicate line in config.spec.js (simon-id) #57610db1d65cba] - (SEMVER-MINOR) deprecate serverless mini agent (Duncan Harvey) #57511c17b9560e] - (SEMVER-PATCH) [test-optimization] [SDTEST-2039] Remove unnecessary channels in Playwright (Mario Vidal Domínguez) #57537fc9f261d0] - (SEMVER-PATCH) test: rename agent.use() to .assertSomeTraces() (Thomas Hunter II) #57541faa159781] - (SEMVER-MINOR) tracing: fix kafka header injection error for older kafka brokers (William Conti) #5704f980b335fe] - (SEMVER-MINOR) instrument the iovalkey package (Thomas Hunter II) #55550c27678650] - (SEMVER-PATCH) [DI] Clear state when last probe is removed (Thomas Watson) #57003aa9147212] - (SEMVER-PATCH) Safer shimmer implementation (Ruben Bridgewater) #5632232f6f79c0] - (SEMVER-MINOR) Ignore appsec startup error in serverless (Ugaitz Urien) #57459fd61730f0] - (SEMVER-MINOR) Add support for passing tags as arrays for custom metrics (Roch Devost) #574822d38aaf5d] - (SEMVER-PATCH) Use errorMonitor symbol instead of listening to the error event (Ruben Bridgewater) #5682f1f9a06c56] - (SEMVER-PATCH) [DI] Fix race condition when applying probe at app boot (Thomas Watson) #56983f13dee4d6] - (SEMVER-PATCH) Pin with versioned url (TonyCTHsu) #5741f92f2a01c9] - (SEMVER-PATCH) Update default value for appsec.obfuscatorValueRegex config entry (simon-id) #5739295edf4888] - (SEMVER-PATCH) Test sample context propagation through promises too (Attila Szegedi) #57400672b4d7fc] - (SEMVER-PATCH) fix tag merging logic to update (Sam Brenner) #57056080e49b98] - (SEMVER-PATCH) [test-optimization] [SDTEST-2024] Fix Playwright exit code status when it fails before running the test (Mario Vidal Domínguez) #57335ab86f7438] - (SEMVER-PATCH) Add an env var for executing integration tests without a sandbox (Attila Szegedi) #5737d1f47c65a7] - (SEMVER-PATCH) report waf results (Ilyas Shabi) #56553a2ed100eb] - (SEMVER-PATCH) [DI] Don't fail to trigger if one of multiple probe conditions throws (Thomas Watson) #5715b676e84b13] - (SEMVER-PATCH) [DI] Improve error handling during snapshot collection (Thomas Watson) #571963db106a0b] - (SEMVER-PATCH) [test-optimization] [SDTEST-1990] Make compatible Test Optimization instrumentations with Node 24 (Mario Vidal Domínguez) #571134f2e55cd7] - (SEMVER-PATCH) [DI] Use custom error property for errors reporting state snapshot (Thomas Watson) #5731d6382c119f] - (SEMVER-PATCH) [DI] Only send probes whos condition is actually met (Thomas Watson) #5714aa76e2a794] - (SEMVER-PATCH) [DI] Clean up code in integration test (Thomas Watson) #572957da289b7a] - (SEMVER-PATCH) docs: add node v24 warning to README (Thomas Hunter II) #5724