v5.63.1 proposal

.github/workflows/apm-integrations.yml

@@ -307,7 +307,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/testagent/start
-      - uses: ./.github/actions/node/active-lts # TODO: change this to latest once we figure out the `fresh` bug
+      - uses: ./.github/actions/node/latest
       - uses: ./.github/actions/install
       - run: yarn test:plugins:ci
 

.github/workflows/appsec.yml

@@ -127,7 +127,7 @@ jobs:
       - uses: ./.github/actions/node/oldest-maintenance-lts
       - uses: ./.github/actions/install
       - run: yarn test:appsec:plugins:ci
-      - uses: ./.github/actions/node/active-lts # TODO: change this to latest once we figure out the `fresh` bug
+      - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
       - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
 

.github/workflows/project.yml

@@ -73,7 +73,7 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Check code meets quality and security standards
       id: datadog-static-analysis
-      uses: DataDog/datadog-static-analyzer-github-action@v1
+      uses: DataDog/datadog-static-analyzer-github-action@2707598b1182dce1d1792186477b5b4132338e1c # v1.2.3
       with:
         dd_api_key: ${{ secrets.DD_API_KEY }}
         dd_app_key: ${{ secrets.DD_APP_KEY }}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.63.0",
+  "version": "5.63.1",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",

packages/datadog-instrumentations/src/moleculer/client.js

@@ -21,19 +21,18 @@ function wrapCall (call) {
       ctx.promiseCtx = promise.ctx
       ctx.broker = broker
 
-      return promise
+      promise
         .then(
           result => {
             finishChannel.publish(ctx)
-            return result
           },
           error => {
             ctx.error = error
             errorChannel.publish(ctx)
             finishChannel.publish(ctx)
-            throw error
           }
         )
+      return promise
     })
   }
 }

packages/datadog-plugin-express/test/index.spec.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { NODE_MAJOR } = require('../../../version')
 const { AsyncLocalStorage } = require('async_hooks')
 const axios = require('axios')
 const semver = require('semver')
@@ -17,6 +18,12 @@ describe('Plugin', () => {
 
   describe('express', () => {
     withVersions('express', 'express', version => {
+    // Express.js 4.10.5 and below have a Node.js incompatibility in the `fresh` package RE res._headers missing
+      if (semver.intersects(version, '<=4.10.5') && NODE_MAJOR >= 24) {
+        describe.skip(`refusing to run tests as express@${version} is incompatible with Node.js ${NODE_MAJOR}`)
+        return
+      }
+
       beforeEach(() => {
         tracer = require('../../dd-trace')
       })

packages/datadog-plugin-moleculer/test/index.spec.js

@@ -1,11 +1,13 @@
 'use strict'
 
 const { expect } = require('chai')
+const assert = require('node:assert')
 const getPort = require('get-port')
 const os = require('node:os')
 const { withNamingSchema, withPeerService, withVersions } = require('../../dd-trace/test/setup/mocha')
 const agent = require('../../dd-trace/test/plugins/agent')
 const { expectedSchema, rawExpectedSchema } = require('./naming')
+const { assertObjectContains } = require('../../../integration-tests/helpers')
 
 const sort = trace => trace.sort((a, b) => Number(a.start - b.start))
 
@@ -30,10 +32,10 @@ describe('Plugin', () => {
         broker.createService({
           name: 'math',
           actions: {
-            add (ctx) {
+            async add (ctx) {
               const numerify = this.actions.numerify
 
-              return numerify(ctx.params.a) + numerify(ctx.params.b)
+              return await numerify(ctx.params.a) + await numerify(ctx.params.b)
             },
 
             numerify (ctx) {
@@ -42,6 +44,15 @@ describe('Plugin', () => {
           }
         })
 
+        broker.createService({
+          name: 'error',
+          actions: {
+            async error (ctx) {
+              throw new Error('Invalid number')
+            }
+          }
+        })
+
         return broker.start()
       }
 
@@ -159,25 +170,61 @@ describe('Plugin', () => {
             'out.host'
           )
 
-          it('should do automatic instrumentation', done => {
+          it('should do automatic instrumentation', async () => {
+            const result = await broker.call('math.add', { a: 5, b: 3 })
+            assert.strictEqual(result, 8)
+
             agent.assertSomeTraces(traces => {
-              const spans = sort(traces[0])
+              const span = traces[0][0]
+
+              assertObjectContains(span, {
+                name: expectedSchema.client.opName,
+                service: expectedSchema.client.serviceName,
+                resource: 'math.add',
+                meta: {
+                  'span.kind': 'client',
+                  'out.host': hostname,
+                  'moleculer.context.action': 'math.add',
+                  'moleculer.context.node_id': `server-${process.pid}`,
+                  'moleculer.context.service': 'math',
+                  'moleculer.namespace': 'multi',
+                  'moleculer.node_id': `server-${process.pid}`,
+                },
+                metrics: {
+                  'network.destination.port': port
+                }
+              })
+
+              assert.strictEqual(typeof span.meta['moleculer.context.request_id'], 'string')
+            })
+          })
 
-              expect(spans[0]).to.have.property('name', expectedSchema.client.opName)
-              expect(spans[0]).to.have.property('service', expectedSchema.client.serviceName)
-              expect(spans[0]).to.have.property('resource', 'math.add')
-              expect(spans[0].meta).to.have.property('span.kind', 'client')
-              expect(spans[0].meta).to.have.property('out.host', hostname)
-              expect(spans[0].meta).to.have.property('moleculer.context.action', 'math.add')
-              expect(spans[0].meta).to.have.property('moleculer.context.node_id', `server-${process.pid}`)
-              expect(spans[0].meta).to.have.property('moleculer.context.request_id')
-              expect(spans[0].meta).to.have.property('moleculer.context.service', 'math')
-              expect(spans[0].meta).to.have.property('moleculer.namespace', 'multi')
-              expect(spans[0].meta).to.have.property('moleculer.node_id', `server-${process.pid}`)
-              expect(spans[0].metrics).to.have.property('network.destination.port', port)
-            }).then(done, done)
+          it('should handle error cases', async () => {
+            await assert.rejects(broker.call('error.error'), { message: 'Invalid number' })
 
-            broker.call('math.add', { a: 5, b: 3 }).catch(done)
+            agent.assertSomeTraces(traces => {
+              const span = traces[0][0]
+
+              assertObjectContains(span, {
+                name: expectedSchema.client.opName,
+                service: expectedSchema.client.serviceName,
+                resource: 'error.error',
+                meta: {
+                  'span.kind': 'client',
+                  'out.host': hostname,
+                  'moleculer.context.action': 'error.error',
+                  'moleculer.context.node_id': `server-${process.pid}`,
+                  'moleculer.context.service': 'error',
+                  'moleculer.namespace': 'multi',
+                  'moleculer.node_id': `server-${process.pid}`,
+                },
+                metrics: {
+                  'network.destination.port': port
+                }
+              })
+
+              assert.strictEqual(typeof span.meta['moleculer.context.request_id'], 'string')
+            })
           })
 
           withNamingSchema(
@@ -331,6 +378,47 @@ describe('Plugin', () => {
           expect(spanId.toString()).to.equal(parentId.toString())
         })
       })
+      describe('meta propagation', () => {
+        before(() => agent.load('moleculer', {
+          meta: true
+        }))
+
+        before(async () => {
+          const { ServiceBroker } = require(`../../../versions/moleculer@${version}`).get()
+          broker = new ServiceBroker({
+            nodeID: `server-${process.pid}`,
+            logger: false
+          })
+
+          broker.createService({
+            name: 'test',
+            actions: {
+              async first (ctx) {
+                await ctx.call('test.second', null, {
+                  meta: {
+                    a: 'John'
+                  }
+                })
+                return ctx.meta.a
+              },
+              second (ctx) {
+                ctx.meta.a = 'Doe'
+              }
+            }
+          })
+
+          return broker.start()
+        })
+
+        after(() => broker.stop())
+
+        after(() => agent.close({ ritmReset: false }))
+
+        it('should propagate meta from child to parent', async () => {
+          const result = await broker.call('test.first')
+          assert.strictEqual(result, 'Doe')
+        })
+      })
     })
   })
 })

packages/dd-trace/src/llmobs/writers/base.js

@@ -120,7 +120,11 @@ class BaseLLMObsWriter {
     }
 
     const { hostname, port } = this._config
-    const base = this._config.url || new URL(format({
+
+    const overrideOriginEnv = getEnvironmentVariable('_DD_LLMOBS_OVERRIDE_ORIGIN')
+    const overrideOriginUrl = overrideOriginEnv && new URL(overrideOriginEnv)
+
+    const base = overrideOriginUrl ?? this._config.url ?? new URL(format({
       protocol: 'http:',
       hostname,
       port

packages/dd-trace/src/opentracing/propagation/text_map.js

@@ -148,13 +148,13 @@ class TextMapPropagator {
 
         // Check for item count limit exceeded
         if (itemCounter > this._config.baggageMaxItems) {
-          tracerMetrics.count('context_header_style.truncated', ['truncation_reason:baggage_item_count_exceeded']).inc()
+          tracerMetrics.count('context_header.truncated', ['truncation_reason:baggage_item_count_exceeded']).inc()
           break
         }
 
         // Check for byte count limit exceeded
         if (byteCounter > this._config.baggageMaxBytes) {
-          tracerMetrics.count('context_header_style.truncated', ['truncation_reason:baggage_byte_count_exceeded']).inc()
+          tracerMetrics.count('context_header.truncated', ['truncation_reason:baggage_byte_count_exceeded']).inc()
           break
         }
 

packages/dd-trace/src/supported-configurations.json

@@ -118,6 +118,7 @@
     "DD_PLAYWRIGHT_WORKER": ["A"],
     "DD_PROFILING_CODEHOTSPOTS_ENABLED": ["A"],
     "DD_PROFILING_CPU_ENABLED": ["A"],
+    "DD_PROFILING_DEBUG_SOURCE_MAPS": ["A"],
     "DD_PROFILING_DEBUG_UPLOAD_COMPRESSION": ["A"],
     "DD_PROFILING_ENABLED": ["A"],
     "DD_PROFILING_ENDPOINT_COLLECTION_ENABLED": ["A"],
@@ -127,10 +128,13 @@
     "DD_PROFILING_EXPERIMENTAL_OOM_MONITORING_ENABLED": ["A"],
     "DD_PROFILING_EXPORTERS": ["A"],
     "DD_PROFILING_HEAP_ENABLED": ["A"],
+    "DD_PROFILING_HEAP_SAMPLING_INTERVAL": ["A"],
+    "DD_PROFILING_PPROF_PREFIX": ["A"],
     "DD_PROFILING_PROFILERS": ["A"],
     "DD_PROFILING_SOURCE_MAP": ["A"],
     "DD_PROFILING_TIMELINE_ENABLED": ["A"],
     "DD_PROFILING_UPLOAD_PERIOD": ["A"],
+    "DD_PROFILING_UPLOAD_TIMEOUT": ["A"],
     "DD_PROFILING_V8_PROFILER_BUG_WORKAROUND": ["A"],
     "DD_PROFILING_WALLTIME_ENABLED": ["A"],
     "DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS": ["A"],

packages/dd-trace/test/appsec/iast/analyzers/code-injection-analyzer.express.plugin.spec.js

@@ -1,5 +1,7 @@
 'use strict'
 
+const { NODE_MAJOR } = require('../../../../../../version')
+const semver = require('semver')
 const { prepareTestServerForIastInExpress } = require('../utils')
 const axios = require('axios')
 const path = require('path')
@@ -14,6 +16,11 @@ const { withVersions } = require('../../../setup/mocha')
 
 describe('Code injection vulnerability', () => {
   withVersions('express', 'express', version => {
+    if (semver.intersects(version, '<=4.10.5') && NODE_MAJOR >= 24) {
+      describe.skip(`refusing to run tests as express@${version} is incompatible with Node.js ${NODE_MAJOR}`)
+      return
+    }
+
     describe('Eval', () => {
       let i = 0
       let evalFunctionsPath

packages/dd-trace/test/appsec/iast/taint-tracking/sources/taint-tracking.express.plugin.spec.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { NODE_MAJOR } = require('../../../../../../../version')
 const axios = require('axios')
 const semver = require('semver')
 const agent = require('../../../../plugins/agent')
@@ -19,6 +20,11 @@ describe('URI sourcing with express', () => {
   let appListener
 
   withVersions('express', 'express', version => {
+    if (semver.intersects(version, '<=4.10.5') && NODE_MAJOR >= 24) {
+      describe.skip(`refusing to run tests as express@${version} is incompatible with Node.js ${NODE_MAJOR}`)
+      return
+    }
+
     before(() => {
       return agent.load(['http', 'express'], { client: false })
     })
@@ -78,6 +84,11 @@ describe('Path params sourcing with express', () => {
   let appListener
 
   withVersions('express', 'express', version => {
+    if (semver.intersects(version, '<=4.10.5') && NODE_MAJOR >= 24) {
+      describe.skip(`refusing to run tests as express@${version} is incompatible with Node.js ${NODE_MAJOR}`)
+      return
+    }
+
     const checkParamIsTaintedAndNext = (req, res, next, param, name) => {
       const store = storage('legacy').getStore()
       const iastContext = iastContextFunctions.getIastContext(store)

packages/dd-trace/test/appsec/index.express.plugin.spec.js

@@ -1,5 +1,7 @@
 'use strict'
 
+const { NODE_MAJOR } = require('../../../../version')
+const semver = require('semver')
 const Axios = require('axios')
 const { assert } = require('chai')
 const path = require('path')
@@ -11,6 +13,11 @@ const { json } = require('../../src/appsec/blocked_templates')
 const { withVersions } = require('../setup/mocha')
 
 withVersions('express', 'express', version => {
+  if (semver.intersects(version, '<=4.10.5') && NODE_MAJOR >= 24) {
+    describe.skip(`refusing to run tests as express@${version} is incompatible with Node.js ${NODE_MAJOR}`)
+    return
+  }
+
   describe('Suspicious request blocking - path parameters', () => {
     let server, paramCallbackSpy, axios
 

packages/dd-trace/test/appsec/rasp/lfi.express.plugin.spec.js

@@ -1,5 +1,7 @@
 'use strict'
 
+const { NODE_MAJOR } = require('../../../../../version')
+const semver = require('semver')
 const Axios = require('axios')
 const os = require('os')
 const fs = require('fs')
@@ -31,6 +33,11 @@ describe('RASP - lfi', () => {
   }
 
   withVersions('express', 'express', expressVersion => {
+    if (semver.intersects(expressVersion, '<=4.10.5') && NODE_MAJOR >= 24) {
+      describe.skip(`refusing to run tests as express@${expressVersion} is incompatible with Node.js ${NODE_MAJOR}`)
+      return
+    }
+
     withVersions('express', 'ejs', ejsVersion => {
       let app, server