dd-trace 4.23.0 → 4.25.0

package/MIGRATING.md

@@ -4,6 +4,21 @@ This guide describes the steps to upgrade dd-trace from a major version to the
 next. If you are having any issues related to migrating, please feel free to
 open an issue or contact our [support](https://www.datadoghq.com/support/) team.
 
+## 4.0 to 5.0
+
+### Node 16 is no longer supported
+
+Node.js 16 has reached EOL in September 2023 and is no longer supported. Generally
+speaking, we highly recommend always keeping Node.js up to date regardless of
+our support policy.
+
+### Update `trace<T>` TypeScript declaration
+
+The TypeScript declaration for `trace<T>` has been updated to enforce 
+that calls to `tracer.trace(name, fn)` must receive a function which takes at least 
+the span object. Previously the span was technically optional when it should not have 
+been as the span must be handled.
+
 ## 3.0 to 4.0
 
 ### Node 14 is no longer supported

package/README.md

@@ -1,7 +1,8 @@
 # `dd-trace`: Node.js APM Tracer Library
 
-[![npm v4](https://img.shields.io/npm/v/dd-trace/latest?color=blue&label=dd-trace%40v4&logo=npm)](https://www.npmjs.com/package/dd-trace)
-[![npm v3](https://img.shields.io/npm/v/dd-trace/latest-node14?color=blue&label=dd-trace%40v3&logo=npm)](https://www.npmjs.com/package/dd-trace/v/latest-node12)
+[![npm v5](https://img.shields.io/npm/v/dd-trace/latest?color=blue&label=dd-trace%40v5&logo=npm)](https://www.npmjs.com/package/dd-trace)
+[![npm v4](https://img.shields.io/npm/v/dd-trace/latest-node16?color=blue&label=dd-trace%40v4&logo=npm)](https://www.npmjs.com/package/dd-trace/v/latest-node16)
+[![npm v3](https://img.shields.io/npm/v/dd-trace/latest-node14?color=blue&label=dd-trace%40v3&logo=npm)](https://www.npmjs.com/package/dd-trace/v/latest-node14)
 [![codecov](https://codecov.io/gh/DataDog/dd-trace-js/branch/master/graph/badge.svg)](https://codecov.io/gh/DataDog/dd-trace-js)
 
 <img align="right" src="https://user-images.githubusercontent.com/551402/208212084-1d0c07e2-4135-4c61-b2da-8f2fddbc66ed.png" alt="Bits the dog  JavaScript" width="200px"/>
@@ -28,24 +29,25 @@ Most of the documentation for `dd-trace` is available on these webpages:
 | [`v1`](https://github.com/DataDog/dd-trace-js/tree/v1.x) | ![npm v1](https://img.shields.io/npm/v/dd-trace/legacy-v1?color=white&label=%20&style=flat-square)     | `>= v12` | **End of Life** | 2021-07-13     | 2022-02-25  |
 | [`v2`](https://github.com/DataDog/dd-trace-js/tree/v2.x) | ![npm v2](https://img.shields.io/npm/v/dd-trace/latest-node12?color=white&label=%20&style=flat-square) | `>= v12` | **End of Life** | 2022-01-28     | 2023-08-15  |
 | [`v3`](https://github.com/DataDog/dd-trace-js/tree/v3.x) | ![npm v3](https://img.shields.io/npm/v/dd-trace/latest-node14?color=white&label=%20&style=flat-square) | `>= v14` | **Maintenance** | 2022-08-15     | 2024-05-15  |
-| [`v4`](https://github.com/DataDog/dd-trace-js/tree/v4.x) | ![npm v4](https://img.shields.io/npm/v/dd-trace/latest?color=white&label=%20&style=flat-square)        | `>= v16` | **Current**     | 2023-05-12     | Unknown     |
+| [`v4`](https://github.com/DataDog/dd-trace-js/tree/v4.x) | ![npm v4](https://img.shields.io/npm/v/dd-trace/latest-node16?color=white&label=%20&style=flat-square)        | `>= v16` | **Maintenance**     | 2023-05-12     | 2025-01-11     |
+| [`v5`](https://github.com/DataDog/dd-trace-js/tree/v5.x) | ![npm v5](https://img.shields.io/npm/v/dd-trace/latest?color=white&label=%20&style=flat-square)        | `>= v18` | **Current**     | 2024-01-11     | Unknown     |
 
-We currently maintain two release lines, namely `v3` and `v4`.
-Features and bug fixes that are merged are released to the `v4` line and, if appropriate, also the `v3` line.
+We currently maintain three release lines, namely `v5`, `v4` and `v3`.
+Features and bug fixes that are merged are released to the `v5` line and, if appropriate, also the `v4` & `v3` line.
 
-For any new projects it is recommended to use the `v4` release line:
+For any new projects it is recommended to use the `v5` release line:
 
 ```sh
 $ npm install dd-trace
 $ yarn add dd-trace
 ```
 
-However, existing projects that already use the `v3` release line, or projects that need to support EOL versions of Node.js, may continue to use these release lines.
+However, existing projects that already use the `v4` & `v3` release line, or projects that need to support EOL versions of Node.js, may continue to use these release lines.
 This is done by specifying the version when installing the package.
 
 ```sh
-$ npm install dd-trace@3
-$ yarn add dd-trace@3
+$ npm install dd-trace@4
+$ yarn add dd-trace@4
 ```
 
 Any backwards-breaking functionality that is introduced into the library will result in an increase of the major version of the library and therefore a new release line.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "4.23.0",
+  "version": "4.25.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -36,6 +36,7 @@
     "test:integration:cucumber": "mocha --colors --timeout 30000 \"integration-tests/cucumber/*.spec.js\"",
     "test:integration:cypress": "mocha --colors --timeout 30000 \"integration-tests/cypress/*.spec.js\"",
     "test:integration:playwright": "mocha --colors --timeout 30000 \"integration-tests/playwright/*.spec.js\"",
+    "test:integration:profiler": "mocha --colors --timeout 90000 \"integration-tests/profiler/*.spec.js\"",
     "test:integration:serverless": "mocha --colors --timeout 30000 \"integration-tests/serverless/*.spec.js\"",
     "test:integration:plugins": "mocha --colors --exit -r \"packages/dd-trace/test/setup/mocha.js\" \"packages/datadog-plugin-@($(echo $PLUGINS))/test/integration-test/**/*.spec.js\"",
     "test:unit:plugins": "mocha --colors --exit -r \"packages/dd-trace/test/setup/mocha.js\" \"packages/datadog-instrumentations/test/@($(echo $PLUGINS)).spec.js\" \"packages/datadog-plugin-@($(echo $PLUGINS))/test/**/*.spec.js\" --exclude \"packages/datadog-plugin-@($(echo $PLUGINS))/test/integration-test/**/*.spec.js\"",
@@ -68,24 +69,24 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@datadog/native-appsec": "6.0.0",
+    "@datadog/native-appsec": "7.0.0",
     "@datadog/native-iast-rewriter": "2.2.2",
     "@datadog/native-iast-taint-tracking": "1.6.4",
     "@datadog/native-metrics": "^2.0.0",
-    "@datadog/pprof": "4.1.0",
+    "@datadog/pprof": "5.0.0",
     "@datadog/sketches-js": "^2.1.0",
     "@opentelemetry/api": "^1.0.0",
     "@opentelemetry/core": "^1.14.0",
     "crypto-randomuuid": "^1.0.0",
     "dc-polyfill": "^0.1.2",
     "ignore": "^5.2.4",
-    "import-in-the-middle": "^1.7.1",
+    "import-in-the-middle": "^1.7.3",
     "int64-buffer": "^0.1.9",
     "ipaddr.js": "^2.1.0",
     "istanbul-lib-coverage": "3.2.0",
     "jest-docblock": "^29.7.0",
     "koalas": "^1.0.2",
-    "limiter": "^1.1.4",
+    "limiter": "1.1.5",
     "lodash.kebabcase": "^4.1.1",
     "lodash.pick": "^4.4.0",
     "lodash.sortby": "^4.7.0",

package/packages/datadog-instrumentations/src/cucumber.js

@@ -44,6 +44,7 @@ const patched = new WeakSet()
 let pickleByFile = {}
 const pickleResultByFile = {}
 let skippableSuites = []
+let itrCorrelationId = ''
 let isForcedToRun = false
 let isUnskippable = false
 
@@ -102,7 +103,7 @@ function wrapRun (pl, isLatestVersion) {
         const testSuitePath = getTestSuitePath(testSuiteFullPath, process.cwd())
         isForcedToRun = isUnskippable && skippableSuites.includes(testSuitePath)
 
-        testSuiteStartCh.publish({ testSuitePath, isUnskippable, isForcedToRun })
+        testSuiteStartCh.publish({ testSuitePath, isUnskippable, isForcedToRun, itrCorrelationId })
       }
 
       const testSourceLine = this.gherkinDocument &&
@@ -304,6 +305,7 @@ addHook({
       this.pickleIds = picklesToRun
 
       skippedSuites = Array.from(filteredPickles.skippedSuites)
+      itrCorrelationId = skippableResponse.itrCorrelationId
     }
 
     pickleByFile = getPickleByFile(this)

package/packages/datadog-instrumentations/src/jest.js

@@ -495,6 +495,9 @@ addHook({
       _ddTestModuleId,
       _ddTestSessionId,
       _ddTestCommand,
+      _ddForcedToRun,
+      _ddUnskippable,
+      _ddItrCorrelationId,
       ...restOfTestEnvironmentOptions
     } = testEnvironmentOptions
 

package/packages/datadog-instrumentations/src/mocha.js

@@ -53,6 +53,7 @@ let isSuitesSkipped = false
 let skippedSuites = []
 const unskippableSuites = []
 let isForcedToRun = false
+let itrCorrelationId = ''
 
 function getSuitesByTestFile (root) {
   const suitesByTestFile = {}
@@ -191,7 +192,12 @@ function mochaHook (Runner) {
         const isUnskippable = unskippableSuites.includes(suite.file)
         isForcedToRun = isUnskippable && suitesToSkip.includes(getTestSuitePath(suite.file, process.cwd()))
         asyncResource.runInAsyncScope(() => {
-          testSuiteStartCh.publish({ testSuite: suite.file, isUnskippable, isForcedToRun })
+          testSuiteStartCh.publish({
+            testSuite: suite.file,
+            isUnskippable,
+            isForcedToRun,
+            itrCorrelationId
+          })
         })
       }
     })
@@ -395,11 +401,12 @@ addHook({
       }
     })
 
-    const onReceivedSkippableSuites = ({ err, skippableSuites }) => {
+    const onReceivedSkippableSuites = ({ err, skippableSuites, itrCorrelationId: responseItrCorrelationId }) => {
       if (err) {
         suitesToSkip = []
       } else {
         suitesToSkip = skippableSuites
+        itrCorrelationId = responseItrCorrelationId
       }
       // We remove the suites that we skip through ITR
       const filteredSuites = getFilteredSuites(runner.suite.suites)

package/packages/datadog-plugin-cucumber/src/index.js

@@ -13,7 +13,8 @@ const {
   addIntelligentTestRunnerSpanTags,
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
-  TEST_CODE_OWNERS
+  TEST_CODE_OWNERS,
+  ITR_CORRELATION_ID
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT, ERROR_MESSAGE } = require('../../dd-trace/src/constants')
@@ -74,7 +75,7 @@ class CucumberPlugin extends CiPlugin {
       this.tracer._exporter.flush()
     })
 
-    this.addSub('ci:cucumber:test-suite:start', ({ testSuitePath, isUnskippable, isForcedToRun }) => {
+    this.addSub('ci:cucumber:test-suite:start', ({ testSuitePath, isUnskippable, isForcedToRun, itrCorrelationId }) => {
       const testSuiteMetadata = getTestSuiteCommonTags(
         this.command,
         this.frameworkVersion,
@@ -89,6 +90,9 @@ class CucumberPlugin extends CiPlugin {
         this.telemetry.count(TELEMETRY_ITR_FORCED_TO_RUN, { testLevel: 'suite' })
         testSuiteMetadata[TEST_ITR_FORCED_RUN] = 'true'
       }
+      if (itrCorrelationId) {
+        testSuiteMetadata[ITR_CORRELATION_ID] = itrCorrelationId
+      }
       this.testSuiteSpan = this.tracer.startSpan('cucumber.test_suite', {
         childOf: this.testModuleSpan,
         tags: {
@@ -169,12 +173,12 @@ class CucumberPlugin extends CiPlugin {
       }
 
       span.finish()
-      this.telemetry.ciVisEvent(
-        TELEMETRY_EVENT_FINISHED,
-        'test',
-        { hasCodeOwners: !!span.context()._tags[TEST_CODE_OWNERS] }
-      )
       if (!isStep) {
+        this.telemetry.ciVisEvent(
+          TELEMETRY_EVENT_FINISHED,
+          'test',
+          { hasCodeOwners: !!span.context()._tags[TEST_CODE_OWNERS] }
+        )
         finishAllTraceSpans(span)
       }
     })

package/packages/datadog-plugin-cypress/src/plugin.js

@@ -23,7 +23,8 @@ const {
   addIntelligentTestRunnerSpanTags,
   TEST_SKIPPED_BY_ITR,
   TEST_ITR_UNSKIPPABLE,
-  TEST_ITR_FORCED_RUN
+  TEST_ITR_FORCED_RUN,
+  ITR_CORRELATION_ID
 } = require('../../dd-trace/src/plugins/util/test')
 const { ORIGIN_KEY, COMPONENT } = require('../../dd-trace/src/constants')
 const log = require('../../dd-trace/src/log')
@@ -39,6 +40,7 @@ const {
   incrementCountMetric,
   distributionMetric
 } = require('../../dd-trace/src/ci-visibility/telemetry')
+const { appClosing: appClosingTelemetry } = require('../../dd-trace/src/telemetry')
 const {
   GIT_REPOSITORY_URL,
   GIT_COMMIT_SHA,
@@ -137,10 +139,11 @@ function getSkippableTests (isSuitesSkippingEnabled, tracer, testConfiguration)
     if (!tracer._tracer._exporter || !tracer._tracer._exporter.getItrConfiguration) {
       return resolve({ err: new Error('CI Visibility was not initialized correctly') })
     }
-    tracer._tracer._exporter.getSkippableSuites(testConfiguration, (err, skippableTests) => {
+    tracer._tracer._exporter.getSkippableSuites(testConfiguration, (err, skippableTests, correlationId) => {
       resolve({
         err,
-        skippableTests
+        skippableTests,
+        correlationId
       })
     })
   })
@@ -214,6 +217,7 @@ module.exports = (on, config) => {
   let isSuitesSkippingEnabled = false
   let isCodeCoverageEnabled = false
   let testsToSkip = []
+  let itrCorrelationId = ''
   const unskippableSuites = []
   let hasForcedToRunSuites = false
   let hasUnskippableSuites = false
@@ -288,52 +292,54 @@ module.exports = (on, config) => {
         isCodeCoverageEnabled = itrConfig.isCodeCoverageEnabled
       }
 
-      return getSkippableTests(isSuitesSkippingEnabled, tracer, testConfiguration).then(({ err, skippableTests }) => {
-        if (err) {
-          log.error(err)
-        } else {
-          testsToSkip = skippableTests || []
-        }
-
-        // `details.specs` are test files
-        details.specs.forEach(({ absolute, relative }) => {
-          const isUnskippableSuite = isMarkedAsUnskippable({ path: absolute })
-          if (isUnskippableSuite) {
-            unskippableSuites.push(relative)
+      return getSkippableTests(isSuitesSkippingEnabled, tracer, testConfiguration)
+        .then(({ err, skippableTests, correlationId }) => {
+          if (err) {
+            log.error(err)
+          } else {
+            testsToSkip = skippableTests || []
+            itrCorrelationId = correlationId
           }
-        })
-
-        const childOf = getTestParentSpan(tracer)
-        rootDir = getRootDir(details)
-
-        command = getCypressCommand(details)
-        frameworkVersion = getCypressVersion(details)
-
-        const testSessionSpanMetadata = getTestSessionCommonTags(command, frameworkVersion, TEST_FRAMEWORK_NAME)
-        const testModuleSpanMetadata = getTestModuleCommonTags(command, frameworkVersion, TEST_FRAMEWORK_NAME)
 
-        testSessionSpan = tracer.startSpan(`${TEST_FRAMEWORK_NAME}.test_session`, {
-          childOf,
-          tags: {
-            [COMPONENT]: TEST_FRAMEWORK_NAME,
-            ...testEnvironmentMetadata,
-            ...testSessionSpanMetadata
-          }
-        })
-        ciVisEvent(TELEMETRY_EVENT_CREATED, 'session')
-
-        testModuleSpan = tracer.startSpan(`${TEST_FRAMEWORK_NAME}.test_module`, {
-          childOf: testSessionSpan,
-          tags: {
-            [COMPONENT]: TEST_FRAMEWORK_NAME,
-            ...testEnvironmentMetadata,
-            ...testModuleSpanMetadata
-          }
+          // `details.specs` are test files
+          details.specs.forEach(({ absolute, relative }) => {
+            const isUnskippableSuite = isMarkedAsUnskippable({ path: absolute })
+            if (isUnskippableSuite) {
+              unskippableSuites.push(relative)
+            }
+          })
+
+          const childOf = getTestParentSpan(tracer)
+          rootDir = getRootDir(details)
+
+          command = getCypressCommand(details)
+          frameworkVersion = getCypressVersion(details)
+
+          const testSessionSpanMetadata = getTestSessionCommonTags(command, frameworkVersion, TEST_FRAMEWORK_NAME)
+          const testModuleSpanMetadata = getTestModuleCommonTags(command, frameworkVersion, TEST_FRAMEWORK_NAME)
+
+          testSessionSpan = tracer.startSpan(`${TEST_FRAMEWORK_NAME}.test_session`, {
+            childOf,
+            tags: {
+              [COMPONENT]: TEST_FRAMEWORK_NAME,
+              ...testEnvironmentMetadata,
+              ...testSessionSpanMetadata
+            }
+          })
+          ciVisEvent(TELEMETRY_EVENT_CREATED, 'session')
+
+          testModuleSpan = tracer.startSpan(`${TEST_FRAMEWORK_NAME}.test_module`, {
+            childOf: testSessionSpan,
+            tags: {
+              [COMPONENT]: TEST_FRAMEWORK_NAME,
+              ...testEnvironmentMetadata,
+              ...testModuleSpanMetadata
+            }
+          })
+          ciVisEvent(TELEMETRY_EVENT_CREATED, 'module')
+
+          return details
         })
-        ciVisEvent(TELEMETRY_EVENT_CREATED, 'module')
-
-        return details
-      })
     })
   })
   on('after:spec', (spec, { tests, stats }) => {
@@ -357,6 +363,9 @@ module.exports = (on, config) => {
       if (isSkippedByItr) {
         skippedTestSpan.setTag(TEST_SKIPPED_BY_ITR, 'true')
       }
+      if (itrCorrelationId) {
+        skippedTestSpan.setTag(ITR_CORRELATION_ID, itrCorrelationId)
+      }
       skippedTestSpan.finish()
     })
 
@@ -378,6 +387,9 @@ module.exports = (on, config) => {
         finishedTest.testSpan.setTag(TEST_STATUS, cypressTestStatus)
         finishedTest.testSpan.setTag('error', latestError)
       }
+      if (itrCorrelationId) {
+        finishedTest.testSpan.setTag(ITR_CORRELATION_ID, itrCorrelationId)
+      }
       finishedTest.testSpan.finish(finishedTest.finishTime)
     })
 
@@ -429,10 +441,12 @@ module.exports = (on, config) => {
       }
       if (exporter.flush) {
         exporter.flush(() => {
+          appClosingTelemetry()
           resolve(null)
         })
       } else if (exporter._writer) {
         exporter._writer.flush(() => {
+          appClosingTelemetry()
           resolve(null)
         })
       }

package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js

@@ -28,6 +28,8 @@ class GoogleCloudPubsubConsumerPlugin extends ConsumerPlugin {
   finish (message) {
     const span = this.activeSpan
 
+    if (!span) return
+
     if (message.message._handled) {
       span.setTag('pubsub.ack', 1)
     }

package/packages/datadog-plugin-jest/src/index.js

@@ -13,7 +13,8 @@ const {
   TEST_SOURCE_START,
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
-  TEST_CODE_OWNERS
+  TEST_CODE_OWNERS,
+  ITR_CORRELATION_ID
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const id = require('../../dd-trace/src/id')
@@ -38,6 +39,20 @@ class JestPlugin extends CiPlugin {
     return 'jest'
   }
 
+  // The lists are the same for every test suite, so we can cache them
+  getUnskippableSuites (unskippableSuitesList) {
+    if (!this.unskippableSuites) {
+      this.unskippableSuites = JSON.parse(unskippableSuitesList)
+    }
+    return this.unskippableSuites
+  }
+  getForcedToRunSuites (forcedToRunSuitesList) {
+    if (!this.forcedToRunSuites) {
+      this.forcedToRunSuites = JSON.parse(forcedToRunSuitesList)
+    }
+    return this.forcedToRunSuites
+  }
+
   constructor (...args) {
     super(...args)
 
@@ -107,6 +122,7 @@ class JestPlugin extends CiPlugin {
         config._ddTestSessionId = this.testSessionSpan.context().toTraceId()
         config._ddTestModuleId = this.testModuleSpan.context().toSpanId()
         config._ddTestCommand = this.testSessionSpan.context()._tags[TEST_COMMAND]
+        config._ddItrCorrelationId = this.itrCorrelationId
       })
     })
 
@@ -115,6 +131,7 @@ class JestPlugin extends CiPlugin {
         _ddTestSessionId: testSessionId,
         _ddTestCommand: testCommand,
         _ddTestModuleId: testModuleId,
+        _ddItrCorrelationId: itrCorrelationId,
         _ddForcedToRun,
         _ddUnskippable,
         _ddTestCodeCoverageEnabled
@@ -128,13 +145,22 @@ class JestPlugin extends CiPlugin {
       const testSuiteMetadata = getTestSuiteCommonTags(testCommand, frameworkVersion, testSuite, 'jest')
 
       if (_ddUnskippable) {
-        this.telemetry.count(TELEMETRY_ITR_UNSKIPPABLE, { testLevel: 'suite' })
-        testSuiteMetadata[TEST_ITR_UNSKIPPABLE] = 'true'
+        const unskippableSuites = this.getUnskippableSuites(_ddUnskippable)
+        if (unskippableSuites[testSuite]) {
+          this.telemetry.count(TELEMETRY_ITR_UNSKIPPABLE, { testLevel: 'suite' })
+          testSuiteMetadata[TEST_ITR_UNSKIPPABLE] = 'true'
+        }
         if (_ddForcedToRun) {
-          this.telemetry.count(TELEMETRY_ITR_FORCED_TO_RUN, { testLevel: 'suite' })
-          testSuiteMetadata[TEST_ITR_FORCED_RUN] = 'true'
+          const forcedToRunSuites = this.getForcedToRunSuites(_ddForcedToRun)
+          if (forcedToRunSuites[testSuite]) {
+            this.telemetry.count(TELEMETRY_ITR_FORCED_TO_RUN, { testLevel: 'suite' })
+            testSuiteMetadata[TEST_ITR_FORCED_RUN] = 'true'
+          }
         }
       }
+      if (itrCorrelationId) {
+        testSuiteMetadata[ITR_CORRELATION_ID] = itrCorrelationId
+      }
 
       this.testSuiteSpan = this.tracer.startSpan('jest.test_suite', {
         childOf: testSessionSpanContext,

package/packages/datadog-plugin-jest/src/util.js

@@ -77,30 +77,52 @@ function isMarkedAsUnskippable (test) {
 }
 
 function getJestSuitesToRun (skippableSuites, originalTests, rootDir) {
-  return originalTests.reduce((acc, test) => {
+  const unskippableSuites = {}
+  const forcedToRunSuites = {}
+
+  const skippedSuites = []
+  const suitesToRun = []
+
+  for (const test of originalTests) {
     const relativePath = getTestSuitePath(test.path, rootDir)
     const shouldBeSkipped = skippableSuites.includes(relativePath)
-
     if (isMarkedAsUnskippable(test)) {
-      acc.suitesToRun.push(test)
-      if (test?.context?.config?.testEnvironmentOptions) {
-        test.context.config.testEnvironmentOptions['_ddUnskippable'] = true
-        acc.hasUnskippableSuites = true
-        if (shouldBeSkipped) {
-          test.context.config.testEnvironmentOptions['_ddForcedToRun'] = true
-          acc.hasForcedToRunSuites = true
-        }
+      suitesToRun.push(test)
+      unskippableSuites[relativePath] = true
+      if (shouldBeSkipped) {
+        forcedToRunSuites[relativePath] = true
       }
-      return acc
+      continue
     }
-
     if (shouldBeSkipped) {
-      acc.skippedSuites.push(relativePath)
+      skippedSuites.push(relativePath)
     } else {
-      acc.suitesToRun.push(test)
+      suitesToRun.push(test)
     }
-    return acc
-  }, { skippedSuites: [], suitesToRun: [], hasUnskippableSuites: false, hasForcedToRunSuites: false })
+  }
+
+  const hasUnskippableSuites = Object.keys(unskippableSuites).length > 0
+  const hasForcedToRunSuites = Object.keys(forcedToRunSuites).length > 0
+
+  if (originalTests.length) {
+    // The config object is shared by all tests, so we can just take the first one
+    const [test] = originalTests
+    if (test?.context?.config?.testEnvironmentOptions) {
+      if (hasUnskippableSuites) {
+        test.context.config.testEnvironmentOptions._ddUnskippable = JSON.stringify(unskippableSuites)
+      }
+      if (hasForcedToRunSuites) {
+        test.context.config.testEnvironmentOptions._ddForcedToRun = JSON.stringify(forcedToRunSuites)
+      }
+    }
+  }
+
+  return {
+    skippedSuites,
+    suitesToRun,
+    hasUnskippableSuites,
+    hasForcedToRunSuites
+  }
 }
 
 module.exports = { getFormattedJestTestParameters, getJestTestName, getJestSuitesToRun, isMarkedAsUnskippable }

package/packages/datadog-plugin-mocha/src/index.js

@@ -14,7 +14,8 @@ const {
   TEST_SOURCE_START,
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
-  TEST_CODE_OWNERS
+  TEST_CODE_OWNERS,
+  ITR_CORRELATION_ID
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -66,7 +67,12 @@ class MochaPlugin extends CiPlugin {
       this.telemetry.distribution(TELEMETRY_CODE_COVERAGE_NUM_FILES, {}, relativeCoverageFiles.length)
     })
 
-    this.addSub('ci:mocha:test-suite:start', ({ testSuite, isUnskippable, isForcedToRun }) => {
+    this.addSub('ci:mocha:test-suite:start', ({
+      testSuite,
+      isUnskippable,
+      isForcedToRun,
+      itrCorrelationId
+    }) => {
       const store = storage.getStore()
       const testSuiteMetadata = getTestSuiteCommonTags(
         this.command,
@@ -95,6 +101,9 @@ class MochaPlugin extends CiPlugin {
       if (this.itrConfig?.isCodeCoverageEnabled) {
         this.telemetry.ciVisEvent(TELEMETRY_CODE_COVERAGE_STARTED, 'suite', { library: 'istanbul' })
       }
+      if (itrCorrelationId) {
+        testSuiteSpan.setTag(ITR_CORRELATION_ID, itrCorrelationId)
+      }
       this.enter(testSuiteSpan, store)
       this._testSuites.set(testSuite, testSuiteSpan)
     })

package/packages/datadog-plugin-playwright/src/index.js

@@ -17,6 +17,7 @@ const {
   TELEMETRY_EVENT_CREATED,
   TELEMETRY_EVENT_FINISHED
 } = require('../../dd-trace/src/ci-visibility/telemetry')
+const { appClosing: appClosingTelemetry } = require('../../dd-trace/src/telemetry')
 
 class PlaywrightPlugin extends CiPlugin {
   static get id () {
@@ -37,6 +38,7 @@ class PlaywrightPlugin extends CiPlugin {
       this.testSessionSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'session')
       finishAllTraceSpans(this.testSessionSpan)
+      appClosingTelemetry()
       this.tracer._exporter.flush(onDone)
     })
 

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js

@@ -16,5 +16,6 @@ module.exports = {
   'UNVALIDATED_REDIRECT_ANALYZER': require('./unvalidated-redirect-analyzer'),
   'WEAK_CIPHER_ANALYZER': require('./weak-cipher-analyzer'),
   'WEAK_HASH_ANALYZER': require('./weak-hash-analyzer'),
+  'WEAK_RANDOMNESS_ANALYZER': require('./weak-randomness-analyzer'),
   'XCONTENTTYPE_HEADER_MISSING_ANALYZER': require('./xcontenttype-header-missing-analyzer')
 }

package/packages/dd-trace/src/appsec/iast/analyzers/header-injection-analyzer.js

@@ -48,7 +48,7 @@ class HeaderInjectionAnalyzer extends InjectionAnalyzer {
     if (ranges?.length > 0) {
       return !(this.isCookieExclusion(lowerCasedHeaderName, ranges) ||
         this.isSameHeaderExclusion(lowerCasedHeaderName, ranges) ||
-        this.isAccessControlAllowOriginExclusion(lowerCasedHeaderName, ranges))
+        this.isAccessControlAllowExclusion(lowerCasedHeaderName, ranges))
     }
 
     return false
@@ -84,8 +84,8 @@ class HeaderInjectionAnalyzer extends InjectionAnalyzer {
     return false
   }
 
-  isAccessControlAllowOriginExclusion (name, ranges) {
-    if (name === 'access-control-allow-origin') {
+  isAccessControlAllowExclusion (name, ranges) {
+    if (name?.startsWith('access-control-allow-')) {
       return ranges
         .every(range => range.iinfo.type === HTTP_REQUEST_HEADER_VALUE)
     }

package/packages/dd-trace/src/appsec/iast/analyzers/weak-randomness-analyzer.js

@@ -0,0 +1,19 @@
+'use strict'
+const Analyzer = require('./vulnerability-analyzer')
+const { WEAK_RANDOMNESS } = require('../vulnerabilities')
+
+class WeakRandomnessAnalyzer extends Analyzer {
+  constructor () {
+    super(WEAK_RANDOMNESS)
+  }
+
+  onConfigure () {
+    this.addSub('datadog:random:call', ({ fn }) => this.analyze(fn))
+  }
+
+  _isVulnerable (fn) {
+    return fn === Math.random
+  }
+}
+
+module.exports = new WeakRandomnessAnalyzer()

package/packages/dd-trace/src/appsec/iast/taint-tracking/csi-methods.js

@@ -3,6 +3,7 @@
 const csiMethods = [
   { src: 'concat' },
   { src: 'plusOperator', operator: true },
+  { src: 'random' },
   { src: 'replace' },
   { src: 'slice' },
   { src: 'substr' },