Bump ddtrace from 4.2.2 to 4.3.2

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps ddtrace from 4.2.2 to 4.3.2.

Release notes

Sourced from ddtrace's releases.

4.3.2

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

Bug Fixes

• celery: This fix resolves panics in the NativeWriter caused by celery closing file descriptors when starting beat.
• Data Streams Monitoring: Fixes a regression introduced in v4.3.0 that prevented DSM from being automatically enabled for Kaf ka, AioKafka, Kombu, and Botocore integrations.
• profiling: Fixed an issue that causes greenlets to misbehave when gevent.joinall is called.

4.3.1

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

Bug Fixes

• profiling
  • This fix resolves a crash occurring when forking while using the memory profiler.

4.3.0

Estimated end-of-life date, accurate to within three months: 05-2027 See the support level definitions for more information.

⚠️ An issue was detected with Memory Profiling in this release. ⚠️ An issue was detected with Datastreams Monitoring in this release.

Upgrade Notes

• httpx
  • This upgrades the minimum supported version of the httpx library from 0.17.1 to 0.25.0. If you are using httpx versions prior to 0.25.0, upgrade to httpx>=0.25.0 to ensure compatibility with ddtrace.

Deprecation Notes

• tracing
  • Tracer.data_streams_processor is deprecated and will be removed in v5.0.0. Use ddtrace.data_streams.data_streams_processor() instead.

New Features

• profiling
  • Add support for threading.Condition locking type profiling in Python. The Lock profiler now provides visibility into threading.Condition usage, helping identify contention in multi-threaded applications using condition variables.
  • The profiler now supports tracking parent-child relationships between asyncio tasks. This will result in better stacks in flame graphs.
• AAP
  • Add SSRF exploit prevention and OWASP API top 10 security risks analysis for the httpx client.
• asgi
  • WebSocket instrumentation is now enabled by default, automatically capturing traces for WebSocket connections without requiring additional configuration.
• LLM Observability
  • Adds EvaluatorResult class that evaluator functions can return to provide additional fields beyond just the evaluation value. This enables evaluators to include reasoning, assessment, metadata, and tags alongside the evaluation result.
• lib-injection
  • Enable lib-injection on Python 3.14.

... (truncated)

Commits

• aab9417 chore: bump version to 4.3.2 (#16307)
• ad81f3b fix(dsm): ensure trace handlers are always registered (backports #16268 to 4....
• a2ddd98 fix(celery): stop native runtime before celery daemonization [backport 4.3] (...
• 294058b fix(profiling): patched gevent.joinall return (#16242) [backport 4.3] (#16252)
• e29b6f0 chore: set version to 4.3.1 (#16259)
• dbc756a fix(profiling): revert intern strings/functions into libdatadog (#16243) [bac...
• 2e6caac ci: disable vllm jobs temporarily (#16220) [backport 4.3] (#16247)
• d0d71e1 chore: latest system-tests (#16205) (#16227)
• 4b5f656 update version string to 4.3.0
• 6796453 test(llmobs): make agentless writer tests resilient to backend error message ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)