Bump ddtrace from 1.12.1 to 1.13.0

[dependabot]

Bumps ddtrace from 1.12.1 to 1.13.0.

Release notes

Sourced from ddtrace's releases.

1.13.0

Starting from ddtrace version 1.13.0, Automated User Login Events are enabled by default and currently only available for Devise.

What to expect from Automated User Login Events?

When enabled, any login or signup events will be automatically monitored. We will fill in the span with information extracted from the event.

Modes

The Automated User Login Events are configured to run in "safe" mode by default.

Safe mode focuses on preventing personally identifiable information (PII) from being reported. During safe mode, we only extract the ID from the user object. We report only IDs in the GUID format to avoid disclosing private information. In cases where IDs are not GUID, events will be reported without metadata.

Here is an example of a login event in safe mode:

{
  "appsec.events.users.login.success.track" => true,
  "usr.id" => "5ff35d04-445a-4d00-b6f1-31960153eaf6"
}

Automated User Login Events also provide an "extended" mode.

The extended mode aims to extract the maximum amount of information from the user. In extended mode, we report the ID regardless of its format and try to extract the user's email and username. Depending on the user application, we may be able to extract the user's email and username.

Here is an example of a login event in extended mode:

{
  "appsec.events.users.login.success.track" => true,
  "appsec.events.users.login.success.email" => "[email protected]",
  "appsec.events.users.login.success.username" => "John Doe",
  "usr.id" => "5ff35d04-445a-4d00-b6f1-31960153eaf6"
}

In cases where safe or extended mode is unable to extract information, we encourage users to manually monitor user login events using our public API.

How to configure Automated User Login Events:

• Use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING to disable or change the mode.
  • To disable, use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=disable.
  • To change the mode, use DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=safe|extended.
• Add to your Datadog.configure block to configure via code:

Datadog.configure do |c|
</tr></table> 

... (truncated)

Changelog

Sourced from ddtrace's changelog.

[1.13.0] - 2023-07-31

Added

• Core: Add support for Option precedence (#2915[])
• Core: Add support for unsetting options (#2972[])
• Core: Gauge primitive RubyVM::YJIT.runtime_stats, if YJIT is enabled (#2711[], #2959[])([@​HeyNonster][])
• Core: Add Telemetry app-client-configuration-change event (#2977[])
• Core: Improve our SafeDup module (#2960[])
• Tracing: Add OpenSearch Integration (#2940[])
• Tracing: Implement peer.service tag to integrations (#2982[])
• Tracing: Add mandatory rpc and grpc tags for grpc integration (#2620[], #2962[])
• Tracing: Include _dd.profiling.enabled tag (#2913[])
• Tracing: Support host injection (#2941[], #3007[])
• Tracing: Implement Dynamic Configuration for tracing (#2848[], #2973[])
• Tracing: Add for dynamic log injection configuration (#2992[])
• Tracing: Add sampling configuration with DD_TRACE_SAMPLING_RULES (#2968[])
• Tracing: Add HTTP header tagging with DD_TRACE_HEADER_TAGS for clients and servers (#2946[], #2935[])
• Profiling: Add fallback name/invoke location for unnamed threads started in native code (#2993[])
• Profiling: Use invoke location as a fallback for nameless threads in the profiler (#2950[])
• Profiling: Add fallback name for main thread in profiling data (#2939[])
• Ci-app: Add Minitest CI integration (#2932[]) ([@​bravehager][])
• Appsec: Devise integration and automatic user events (#2877[])
• Appsec: Handle disabled tracing and appsec events (#2572[])
• Appsec: Automate user events check for UUID in safe mode (#2952[])
• Docs: Add Ruby 3.2 support to compatibility matrix (#2971[])

Changed

• Core: Set maximum supported Ruby version (#2497[])
• Core: Prevent telemetry requests from being traced (#2961[])
• Core: Add env and type to Core configuration option (#2983[], #2988[], #2994[])
• Core: Remove lazy from Core configuration option (#2931[], #2999[])
• Profiling: Bump libdatadog dependency to version 3 (#2948[])
• Profiling: Improve error message when ddtrace_profiling_loader fails to load (#2957[])
• Tracing: Improve log injection runtime conditionals (#2926[], #2882[])

Fixed

• Core: Fix polynomial-time regular expressions (#2814[])
• Core: Fix environment variable for dynamic configuration polling interval (#2967[])
• Core: Reduce remote configuration error logging noise (#3011[])
• Tracing: Fix manual log injection for 128 bit trace_id (#2974[])
• Tracing: Ensure the GRPC client interceptor return the response (#2928[]) ([@​KJTsanaktsidis][])
• Tracing: Remove dynamic input used in regular expression (#2867[])
• Tracing: Fix distributed tracing header formats (#3005[] )
• Profiling: Fix profiler libmysqlclient version detection with mysql2-aurora gem (#2956[])
• Profiling: Automatically enable profiler "no signals" workaround for passenger web server (#2978[])

Commits

• b3f3a0a Merge pull request #3009 from DataDog/bump_to_version_1.13.0
• 61b9840 Tweak Changelog
• 0e0ed41 Add 1.13.0 to CHANGELOG.md
• 89f3d2f Merge branch 'master' into bump_to_version_1.13.0
• eed3de7 Merge pull request #3011 from DataDog/reduce-rc-logging
• a197a82 Merge pull request #3012 from DataDog/testing-rc
• 88ce4d1 Lint
• 0537817 Merge branch 'master' into reduce-rc-logging
• e58d2fa Add testing
• 6430b54 Replace with close
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)