chore(deps): bump ddtrace from 3.14.4 to 3.15.0

[dependabot]

Bumps ddtrace from 3.14.4 to 3.15.0.

Release notes

Sourced from ddtrace's releases.

3.15.0

Estimated end-of-life date, accurate to within three months: 08-2026 See the support level definitions for more information.

New Features

• google-adk: Adds APM tracing and LLM Observability support for the Google ADK library (google-adk). Support includes APM tracing and LLM Observability for agent runs, tool calls, and code execution.
• django: This introduces the DD_DJANGO_TRACING_MINIMAL environment variable for performance-sensitive applications. When enabled, this disables Django ORM, cache, and template instrumentation while keeping middleware instrumentation enabled. This significantly reduces overhead by removing Django-specific spans while preserving visibility into the underlying database drivers, cache clients, and other integrations. For example, with this enabled, Django ORM query spans are disabled but database driver spans (e.g., psycopg, MySQLdb) will still be created. To enable minimal tracing, set DD_DJANGO_TRACING_MINIMAL=true.
• AWS: adds aws.partition tag onto AWS traces based on the region for the boto, botocore, and aiobotocore integrations.
• AAP: This extends downstream request analysis (API10) to the requests package. Previously, downstream request analysis was only supported in the standard cpython api (urllib).
• dynamic instrumentation/exception replay/code origin for spans: added support for the latest Datadog agent intake for snapshots. This requires a minimum agent version of 7.49.0.
• CI Visibility: This introduces the env var DD_CIVISIBILITY_ENABLED (with default value True) so it can be disabled to avoid sending traces to the Test Visibility product from the test runners.
• azure_servicebus: Add distributed tracing support for sending batches with Azure Service Bus producers.
• azure_functions: Use span links to connect Service Bus trigger consumers to the producers that send the messages.
• tracing: Added support for resource renaming, an experimental feature that lets the Datadog platform adjust the resource field on web request spans when the endpoint cannot be correctly deduced. Enable the feature by setting DD_TRACE_RESOURCE_RENAMING_ENABLED="true"
• Code Security (IAST)
  • Untrusted Serialization detection, which will be displayed on your DataDog Vulnerability Explorer dashboard. See the Application Vulnerability Management documentation for more information about this feature.
  • Reduce false positives if md5 or sha1 functions have the parameter usedforsecurity=False.
• LLM Observability: Extends the prompt structure to add tags and chat_template, and a new Prompt TypedDict class that would be used in annotation and annotation_context.

Bug Fixes

• CI Visibility: This fix solves an issue where the ITR skip count metric was aggregating skipped tests even when skipping level was set to suite. It will now count appropriately (skipped suites or skipped tests) depending on ITR skip level.
• sampling: This change prevents the DatadogSampler from getting recreated whenever the SpanAggregator is reset, and instead updates the rate limiter that the sampler uses.
• dynamic instrumentation: fix an issue that prevented multiple probes on the same location from being instrumented.
• exception replay
  • prevent Celery from crashing when a task raises a custom exception with mandatory arguments.
  • ensure that value capture starts from the leaf frame of the innermost exception.
• tracing: Fixes encoding bytes objects as span attributes by truncating byte string, rather than throwing PyErr_Format.
• AAP
  • This fix resolves an issue where the endpoint discovery feature could generate a crash for flask at startup.
  • This fix disables grpc threat monitoring, as it could generate false positives.
• libinjection: allow python module executed with -m entries in the denylist.
• profiling
  • Upgrades echion to resolve segmentation faults that can happen on services with a lot of asyncio.Tasks.
  • Fix crash in memory profiling when garbage collection is triggered while sampling a PyObject_Realloc call, which can lead to accessing freed memory.
  • Profiling won't load if --skip-atexit is not set when --lazy or --lazy-apps is set on uWSGI<2.0.30. This is to prevent crashes from profiling native extension modules. See unbit/uwsgi#2726 for details.
• RemoteConfig: Fixes an issue introduced in Python 3.13 where creating a shared array with the c_char type raised a TypeError, this now uses the 'c' typecode for better compatibility across versions.
• source code integration: check that DD_GIT_COMMIT_SHA and DD_GIT_REPOSITORY_URL are defined before using the git command.

3.15.0rc1

Estimated end-of-life date, accurate to within three months: 08-2026 See the support level definitions for more information.

New Features

• google-adk: Adds APM tracing and LLM Observability support for the Google ADK library (google-adk). Support includes APM tracing and LLM Observability for agent runs, tool calls, and code execution.
• django: This introduces the DD_DJANGO_TRACING_MINIMAL environment variable for performance-sensitive applications. When enabled, this disables Django ORM, cache, and template instrumentation while keeping middleware instrumentation enabled. This significantly reduces overhead by removing Django-specific spans while preserving visibility into the underlying database drivers, cache clients, and other integrations. For example, with this enabled, Django ORM query spans are disabled but database driver spans (e.g., psycopg, MySQLdb) will still be created. To enable minimal tracing, set DD_DJANGO_TRACING_MINIMAL=true.
• AWS: adds aws.partition tag onto AWS traces based on the region for the boto, botocore, and aiobotocore integrations.
• AAP: This extends downstream request analysis (API10) to the requests package. Previously, downstream request analysis was only supported in the standard cpython api (urllib).

... (truncated)

Commits

• b7d99dc feat(aws): add partition tag (#14577)
• 1e45596 feat(tracing): add support for google agentic development kit (adk) (#14588)
• e239ca4 fix(ci_visibility): itr skipped counts suites or tests (#14681)
• 10e2057 ci: fix valgrind profiling native test (#14695)
• 6d6cc54 fix(aap): fix flask patch for none methods (#14691)
• f6c014a chore(telemetry): telemetry log messages must be constant (#14642)
• 12f39b7 chore(ci): removes APPSEC_BLOCKING from system-tests (#14690)
• 8cf5c97 tests(debugger): add more expression test cases (#14686)
• 1815d40 ci: update testagent version and use vcr ci mode (#14651)
• f8096cb chore(crashtracking): improve crashtracking tests (#14678)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)