chore(deps): bump ddtrace from 3.16.2 to 3.17.0

[dependabot]

Bumps ddtrace from 3.16.2 to 3.17.0.

Release notes

Sourced from ddtrace's releases.

3.17.0

Estimated end-of-life date, accurate to within three months: 08-2026 See the support level definitions for more information.

Upgrade Notes

• LLM Observability: Experiments can now be created to be stored under a different project from the project defined in LLMObs.enable

Deprecation Notes

• LLM Observability: LLMObs.submit_evaluation_for() has been deprecated and will be removed in a future version. It will be replaced with LLMObs.submit_evaluation() which will take the signature of the original LLMObs.submit_evaluation_for() method in ddtrace version 4.0. Please use LLMObs.submit_evaluation() for submitting evaluations moving forward. To migrate:
  • LLMObs.submit_evaluation_for(...) users: rename to LLMObs.submit_evaluation(...)
  • LLMObs.submit_evaluation_for(...) users: rename the span_context argument to span, i.e. LLMObs.submit_evaluation(span_context={"span_id": ..., "trace_id": ...}, ...) to LLMObs.submit_evaluation(span={"span_id": ..., "trace_id": ...}, ...)
• tracing: Tracer.on_start_span and Tracer.deregister_on_start_span are deprecated and will be removed in v4.0.0 with no planned replacement.
• Support for ddtrace with Python 3.8 is deprecated and will be removed in version 4.0.0.

New Features

• CI Visibility: This introduces Test Impact Analysis code coverage support for Python 3.13.
• azure_eventhubs: Add support for Azure Event Hubs producers.
• azure_functions: Add support for Event Hubs triggers.
• LLM Observability
  • Introduces automatic tracing context propagation for LLM Observability traces involving asynchronous tasks created via asyncio.create_task().
  • The asyncio and futures integrations are now enabled by default on LLMObs.enable(), which enables asynchronous context propagation for those libraries.
  • The LLMObs.submit_evaluation() and LLMObs.submit_evaluation_for() methods now accept a reasoning argument to denote an explanation of the evaluation results.
  • The OpenAI integration now submits LLM spans to LLM Observability for parse() methods used for structured outputs.
  • The LLMObs.submit_evaluation_for() method now accepts a assessment argument to denote whether or not the evaluation is valid or correct. Accepted values are either "pass" or "fail".
• openai: Adds support for tracing the parse() methods for structured outputs on chat.completions and responses endpoints (available in OpenAI SDK >= 1.92.0).
• AAP
  • This introduces track_user_id in the ATO SDK, which is equivalent to track_user but does not require the login, only the user id.
  • This introduces supports for custom scanners for data classification.

Bug Fixes

• AAP
  • This fix resolves an issue where downstream request analysis would not match headers in rules when using requests with urllib3\<2.
  • This PR is a tentative fix for rare memory problems with libddwaf that we were unable to reproduce for now.
• Pin to wrapt<2 until we can ensure full compatibility with the breaking changes.
• CI Visibility
  • This fix resolves an issue where tests would be incorrectly detected as third-party code if a third-party package containing a folder with the same name as the tests folder was installed. For instance, the sumy package installs files under tests/* in site-packages, and this would cause any modules under tests.* to be considered third-party.
  • This fix resolves an issue with our coverage implementation for Python versions 3.12+ that affects generated bytecode that isn't mapped to a line in the code
• LLM Observability: Resolves an issue with the Google GenAI integration where processing token metrics would sometimes be skipped if the LLM message had no text part.
• grpc: This fix resolves an issue where the internal span was left active in the caller when using the future interface.
• Profiling: prevent potential deadlocks with thread pools.
• ray
  • This fix resolves an issue where submitting Ray jobs caused an AttributeError crash in certain configurations.
  • This fix resolves an issue where long-running job spans could remain unfinished when an exception occurred during job submission.
  • This fix resolves an issue where long-running spans did not preserve the correct resource name when being recreated.

... (truncated)

Commits

• 7451e84 ci: increase otel-span RSS SLOs (#14976)
• 0b0f0d3 ci: pin wrapt<2 in typing checker (#14971)
• e1b6efa ci: fix alpine sdist test (#14963)
• cb89c56 ci: recreate some snapshot tests (#14962)
• 492135a fix(wrapt): do not use wrapt 2.x yet (#14955)
• d5c82a0 chore(azure): add typing, call _finish_span, and use ddtrace.auto (#14922)
• 8c118b8 chore(core): deprecate core.dispatch_with_results (#14915)
• 6b54ca3 chore: refactor tracer partial flushing logic (#14860)
• 24f0351 chore(telemetry): clean up payload generation and typing in the writer (#14615)
• d36d913 feat(llmobs): allow project override when creating experiment (#14923)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #18951.