dd-trace 5.107.0 → 5.108.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.107.0",
+  "version": "5.108.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -169,7 +169,7 @@
     "@datadog/native-iast-taint-tracking": "4.2.0",
     "@datadog/native-metrics": "3.1.2",
     "@datadog/openfeature-node-server": "2.0.0",
-    "@datadog/pprof": "5.14.4",
+    "@datadog/pprof": "5.15.0",
     "@datadog/wasm-js-rewriter": "5.0.1",
     "@opentelemetry/api": ">=1.0.0 <1.10.0",
     "@opentelemetry/api-logs": "<1.0.0",
@@ -188,7 +188,7 @@
     "@types/mocha": "^10.0.10",
     "@types/node": "^18.19.106",
     "@types/sinon": "^21.0.1",
-    "axios": "^1.16.1",
+    "axios": "^1.17.0",
     "benchmark": "^2.1.4",
     "body-parser": "^2.2.2",
     "bun": "1.3.14",
@@ -196,7 +196,7 @@
     "eslint": "^9.39.2",
     "eslint-plugin-cypress": "^6.4.1",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jsdoc": "^63.0.0",
+    "eslint-plugin-jsdoc": "^63.0.1",
     "eslint-plugin-mocha": "^11.3.0",
     "eslint-plugin-n": "^18.0.1",
     "eslint-plugin-promise": "^7.3.0",
@@ -222,7 +222,7 @@
     "proxyquire": "^2.1.3",
     "retry": "^0.13.1",
     "semifies": "^1.0.0",
-    "semver": "^7.8.1",
+    "semver": "^7.8.2",
     "sinon": "^22.0.0",
     "tiktoken": "^1.0.21",
     "typescript": "^6.0.3",

package/packages/dd-trace/src/appsec/downstream_requests.js

@@ -2,6 +2,7 @@
 
 const web = require('../plugins/util/web')
 const log = require('../log')
+const { isEmpty } = require('../util')
 const {
   HTTP_OUTGOING_METHOD,
   HTTP_OUTGOING_HEADERS,
@@ -137,7 +138,7 @@ function extractRequestData (ctx) {
   addresses[HTTP_OUTGOING_METHOD] = getMethod(options.method)
 
   const headers = options?.headers
-  if (headers && Object.keys(headers).length > 0) {
+  if (headers && !isEmpty(headers)) {
     addresses[HTTP_OUTGOING_HEADERS] = lowercaseHeaderKeys(headers)
   }
 
@@ -177,7 +178,7 @@ function extractResponseData (res, responseBody) {
   }
 
   const headers = res.headers
-  if (headers && Object.keys(headers).length > 0) {
+  if (headers && !isEmpty(headers)) {
     addresses[HTTP_OUTGOING_RESPONSE_HEADERS] = headers
   }
 

package/packages/dd-trace/src/appsec/iast/index.js

@@ -3,6 +3,7 @@
 const dc = require('dc-polyfill')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
+const { isEmpty } = require('../../util')
 const { enable: enableFsPlugin, disable: disableFsPlugin, IAST_MODULE } = require('../rasp/fs-plugin')
 const { incomingHttpRequestStart, incomingHttpRequestEnd, responseWriteHead } = require('../channels')
 const vulnerabilityReporter = require('./vulnerability-reporter')
@@ -96,7 +97,7 @@ function onIncomingHttpRequestEnd (data) {
 
       iastResponseEnd.publish({ ...data, storedHeaders })
 
-      if (Object.keys(storedHeaders).length) {
+      if (!isEmpty(storedHeaders)) {
         collectedResponseHeaders.delete(data.res)
       }
 
@@ -118,7 +119,7 @@ function onIncomingHttpRequestEnd (data) {
 function onResponseWriteHeadCollect ({ res, responseHeaders = {} }) {
   if (!res) return
 
-  if (Object.keys(responseHeaders).length) {
+  if (!isEmpty(responseHeaders)) {
     collectedResponseHeaders.set(res, responseHeaders)
   }
 }

package/packages/dd-trace/src/appsec/rasp/ssrf.js

@@ -9,6 +9,7 @@ const addresses = require('../addresses')
 const web = require('../../plugins/util/web')
 const { getActiveRequest } = require('../store')
 const waf = require('../waf')
+const { isEmpty } = require('../../util')
 const downstream = require('../downstream_requests')
 const { updateRaspRuleMatchMetricTags } = require('../telemetry')
 const { RULE_TYPES, handleResult } = require('./utils')
@@ -85,7 +86,7 @@ function handleResponseFinish ({ ctx, res, body }) {
 function runResponseEvaluation (res, req, responseBody) {
   const responseAddresses = downstream.extractResponseData(res, responseBody)
 
-  if (!Object.keys(responseAddresses).length) return
+  if (isEmpty(responseAddresses)) return
 
   const raspRule = { type: RULE_TYPES.SSRF, variant: 'response' }
   const result = waf.run({ ephemeral: responseAddresses }, req, raspRule)

package/packages/dd-trace/src/appsec/reporter.js

@@ -461,7 +461,7 @@ function truncateRequestBody (target, depth = 0) {
 }
 
 function reportRequestBody (rootSpan, requestBody, comesFromRaspAction = false) {
-  if (!requestBody || Object.keys(requestBody).length === 0) return
+  if (!requestBody || isEmpty(requestBody)) return
 
   if (!rootSpan.meta_struct) {
     rootSpan.meta_struct = {}

package/packages/dd-trace/src/config/generated-config-types.d.ts

@@ -130,6 +130,7 @@ export interface GeneratedConfig {
   DD_MINI_AGENT_PATH: string | undefined;
   DD_PIPELINE_EXECUTION_ID: string | undefined;
   DD_PLAYWRIGHT_WORKER: string | undefined;
+  DD_PROFILING_ALLOCATION_ENABLED: boolean;
   DD_PROFILING_ASYNC_CONTEXT_FRAME_ENABLED: boolean;
   DD_PROFILING_CODEHOTSPOTS_ENABLED: boolean;
   DD_PROFILING_CPU_ENABLED: boolean;

package/packages/dd-trace/src/config/supported-configurations.json

@@ -1308,6 +1308,13 @@
         "default": null
       }
     ],
+    "DD_PROFILING_ALLOCATION_ENABLED": [
+      {
+        "implementation": "A",
+        "type": "boolean",
+        "default": "false"
+      }
+    ],
     "DD_PROFILING_ASYNC_CONTEXT_FRAME_ENABLED": [
       {
         "implementation": "A",

package/packages/dd-trace/src/profiling/config.js

@@ -86,6 +86,7 @@ class Config {
 
     this.timelineEnabled = options.DD_PROFILING_TIMELINE_ENABLED
     this.timelineSamplingEnabled = options.DD_INTERNAL_PROFILING_TIMELINE_SAMPLING_ENABLED
+    this.allocationProfilingEnabled = options.DD_PROFILING_ALLOCATION_ENABLED
     this.codeHotspotsEnabled = options.DD_PROFILING_CODEHOTSPOTS_ENABLED
     this.cpuProfilingEnabled = options.DD_PROFILING_CPU_ENABLED
     this.heapSamplingInterval = options.DD_PROFILING_HEAP_SAMPLING_INTERVAL
@@ -139,6 +140,7 @@ class Config {
 
   get systemInfoReport () {
     const report = {
+      allocationProfilingEnabled: this.allocationProfilingEnabled,
       asyncContextFrameEnabled: this.asyncContextFrameEnabled,
       codeHotspotsEnabled: this.codeHotspotsEnabled,
       cpuProfilingEnabled: this.cpuProfilingEnabled,

package/packages/dd-trace/src/profiling/profilers/events.js

@@ -66,12 +66,11 @@ class GCDecorator {
   constructor (stringTable) {
     this.stringTable = stringTable
     this.reasonLabelKey = stringTable.dedup('gc reason')
+    this.kindLabelKey = stringTable.dedup('gc type')
     this.kindLabels = []
     this.reasonLabels = []
     this.flagObj = {}
 
-    const kindLabelKey = stringTable.dedup('gc type')
-
     // Create labels for all GC performance flags and kinds of GC
     for (const [key, value] of Object.entries(constants)) {
       if (key.startsWith('NODE_PERFORMANCE_GC_FLAGS_')) {
@@ -79,20 +78,43 @@ class GCDecorator {
       } else if (key.startsWith('NODE_PERFORMANCE_GC_')) {
         // It's a constant for a kind of GC
         const kind = key.slice(20).toLowerCase()
-        this.kindLabels[value] = labelFromStr(stringTable, kindLabelKey, kind)
+        this.kindLabels[value] = labelFromStr(stringTable, this.kindLabelKey, kind)
       }
     }
+
+    // V8's young-generation collector emits GC events with kind 2, but Node.js
+    // doesn't expose a matching NODE_PERFORMANCE_GC_* constant for it, so we map it
+    // explicitly. The collector was renamed from Minor Mark-Compact to Minor
+    // Mark-Sweep in the V8 version that shipped with Node 22. See equivalent
+    // mapping in runtime_metrics.js.
+    const minorMarkGCKind = 2
+    if (this.kindLabels[minorMarkGCKind] === undefined) {
+      const { NODE_MAJOR } = require('../../../../../version')
+      const minorGCLabel = NODE_MAJOR >= 22 ? 'minor_mark_sweep' : 'minor_mark_compact'
+      this.kindLabels[minorMarkGCKind] = labelFromStr(stringTable, this.kindLabelKey, minorGCLabel)
+    }
   }
 
   decorateSample (sampleInput, item) {
     const { kind, flags } = item.detail
-    sampleInput.label.push(this.kindLabels[kind])
+    sampleInput.label.push(this.getKindLabel(kind))
     const reasonLabel = this.getReasonLabel(flags)
     if (reasonLabel) {
       sampleInput.label.push(reasonLabel)
     }
   }
 
+  getKindLabel (kind) {
+    let kindLabel = this.kindLabels[kind]
+    if (kindLabel === undefined) {
+      // Gracefully handle GC kinds we don't have a label for (e.g. a value
+      // introduced by a future Node.js/V8 version).
+      kindLabel = labelFromStr(this.stringTable, this.kindLabelKey, `unknown_${kind}`)
+      this.kindLabels[kind] = kindLabel
+    }
+    return kindLabel
+  }
+
   getReasonLabel (flags) {
     if (flags === 0) {
       return null

package/packages/dd-trace/src/profiling/profilers/space.js

@@ -13,12 +13,14 @@ class NativeSpaceProfiler {
   #mapper
   #oomMonitoring
   #pprof
+  #allocationProfilingEnabled = false
   #samplingInterval = 512 * 1024
   #started = false
 
   constructor (options = {}) {
     // TODO: Remove default value. It is only used in testing.
     this.#samplingInterval = options.heapSamplingInterval || 512 * 1024
+    this.#allocationProfilingEnabled = options.allocationProfilingEnabled
     this.#oomMonitoring = options.oomMonitoring || {}
   }
 
@@ -31,7 +33,7 @@ class NativeSpaceProfiler {
 
     this.#mapper = mapper
     this.#pprof = require('@datadog/pprof')
-    this.#pprof.heap.start(this.#samplingInterval, STACK_DEPTH)
+    this.#pprof.heap.start(this.#samplingInterval, STACK_DEPTH, this.#allocationProfilingEnabled)
     if (this.#oomMonitoring.enabled) {
       const strategies = this.#oomMonitoring.exportStrategies
       this.#pprof.heap.monitorOutOfMemory(