feat(sidecar): export session traces over OTLP via TraceExporter by bm1549 · Pull Request #2101 · DataDog/libdatadog

bm1549 · 2026-06-10T01:14:51Z

What does this PR do?

Adds a sidecar OTLP traces export path. Today the sidecar flushes traces as MessagePack v0.4 to the Datadog agent; libdatadog's OTLP TraceExporter existed but wasn't reachable from the sidecar. This PR (purely additive):

adds otlp_traces_endpoint (+ headers/timeout) to the sidecar's per-session trace Config;
adds an additive FFI ddog_sidecar_session_set_otlp_traces_endpoint(...) (the existing ddog_sidecar_session_set_config is unchanged);
routes send_trace_v04_bytes/_shm to a per-session cached OTLP TraceExporter when an OTLP endpoint is set (it drop_chunks() unsampled spans and encodes via the existing otlp_encoder), otherwise keeps the agent msgpack path byte-for-byte unchanged;
makes the otlp_encoder fill empty exporter-level env/app_version resource attributes (deployment.environment.name / service.version) from the trace's span meta (chunk-root preferred), so the sidecar — which has no single session-level service — emits them correctly. This only triggers when exporter-level values are empty, so direct embedders (dd-trace-py / dd-trace-rs) are unaffected.

Motivation

Enables OTLP trace export for sidecar-based SDKs (dd-trace-php) as part of the cross-language OTLP Traces Export effort (RFC "OTLP Traces Export 2026Q1", Phase 1). The OTLP TraceExporter already exists; this wires the sidecar's trace flush to use it.

Additional Notes

Additive and gated: the default (no OTLP endpoint) path is unchanged. New unit tests cover the tracer config setter, the FFI header parser, and the encoder env/version fallback (precedence, root-span preference, omit-when-absent). cargo check/cargo fmt clean on the changed crates; full workspace build/FFI tests run in CI.

How to test the change?

Unit tests in datadog-sidecar / datadog-sidecar-ffi / libdd-trace-utils. Integration is exercised by dd-trace-php (which bumps its submodule to this branch) and the system-tests Test_Otel_Tracing_OTLP PHP run.

Related PRs (cross-language OTLP traces export — this PR is the merge-order gate for dd-trace-php):

dd-trace-rs (Rust): feat(traces): add OTLP http/json trace export dd-trace-rs#251
dd-trace-rb (Ruby): Add OTLP http/json trace export (OTEL_TRACES_EXPORTER=otlp) dd-trace-rb#5888
dd-trace-php (PHP): Add OTLP trace export via the sidecar (OTEL_TRACES_EXPORTER=otlp) dd-trace-php#3971
libdatadog (sidecar OTLP path — merge-order gate for dd-trace-php): feat(sidecar): export session traces over OTLP via TraceExporter #2101
system-tests (e2e tests + Rust weblog): Add OTLP trace export tests + Rust weblog [rust@brian.marks/otlp-trace-export][ruby@brian.marks/otlp-trace-export][php@brian.marks/otlp-trace-export] system-tests#7121

Merge order: libdatadog #2101 → dd-trace-php #3971 (re-bump the submodule to the released libdatadog commit). system-tests #7121 validates rust/ruby/php once the tracer branches are available.

🤖 Generated with Claude Code

Wire the sidecar trace path to libdatadog's OTLP HTTP/JSON TraceExporter so a session's traces can be exported to an OTLP endpoint instead of the agent msgpack /v0.4/traces path. Purely additive: sessions without an OTLP traces endpoint keep the existing agent path unchanged. - tracer::Config: add otlp_traces_endpoint/headers/timeout_ms and a set_otlp_traces_endpoint setter that stores the endpoint URL as-is (unlike set_endpoint, which rewrites the path for the agent). - SidecarInterface: new additive set_otlp_traces_config IPC method (session_id, Option<Endpoint>, headers, timeout). A None endpoint clears the config and restores the agent path. - sidecar_server: in send_trace_v04_bytes/_shm, route to OTLP when the session has an OTLP traces endpoint; otherwise keep the agent path. The OTLP TraceExporter is built lazily and cached per session (keyed by a config fingerprint) so the background /info worker is spawned once and reused, and rebuilt when the config changes. send() decodes v0.4, drops unsampled (p0) chunks, maps to OTLP using the session resource metadata, and POSTs. - SidecarSender/blocking: plumb the new IPC method. - New additive FFI ddog_sidecar_session_set_otlp_traces_endpoint(transport, session_id, *const Endpoint, headers, timeout_ms); does not change ddog_sidecar_session_set_config. Tests: tracer config setter and FFI header parser unit tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

The sidecar OTLP traces path (`send_trace_otlp`) built the TraceExporter without env/app_version because the sidecar has no reliable session-level source for them — env/version arrive per-runtime via `set_universal_service_tags` and are dynamic per-trace. As a result the OTLP resource omitted `deployment.environment.name` and `service.version`. Derive these in the OTLP encoder as a fallback: when the exporter-level env/app_version are empty, recover them from the `env`/`version` meta tags carried on the exported trace's spans, preferring the chunk-root span. This is per-trace correct for the multi-service sidecar and purely additive — callers that set env/app_version at the exporter level (dd-trace-rs, dd-trace-py) are unaffected. Adds unit tests asserting the resource attributes appear from span meta, that exporter-level values take precedence, that the chunk root is preferred, and that the attributes stay omitted when neither source has a value. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

github-actions · 2026-06-10T01:17:42Z

📚 Documentation Check Results

⚠️ 6206 documentation warning(s) found

📦 `datadog-sidecar-ffi` - 2936 warning(s)

📦 `datadog-sidecar` - 2668 warning(s)

📦 `libdd-trace-utils` - 602 warning(s)

Updated: 2026-06-10 01:17:55 UTC | Commit: e36a4cf | missing-docs job results

github-actions · 2026-06-10T01:18:39Z

🔒 Cargo Deny Results

⚠️ 17 issue(s) found, showing only errors (advisories, bans, sources)

📦 `datadog-sidecar-ffi` - 7 error(s)

Show output

error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:37:1
   │
37 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     ├── datadog-ipc v0.1.0
     │   ├── datadog-sidecar v0.0.1
     │   │   └── datadog-sidecar-ffi v0.0.1
     │   └── datadog-sidecar-ffi v0.0.1 (*)
     └── datadog-sidecar v0.0.1 (*)

error[unmaintained]: paste - no longer maintained
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:270:1
    │
270 │ paste 1.0.15 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2024-0436
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436
    ├ The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md) 
      that this project is not longer maintained as well as archived the repository
      
      ## Possible Alternative(s)
      
      - [`pastey`]: a fork of paste and is aimed to be a drop-in replacement with additional features for paste crate
      - [`with_builtin_macros`]: crate providing a [superset of `paste`'s functionality including general `macro_rules!` eager expansions](https://docs.rs/with_builtin_macros/0.1.0/with_builtin_macros/macro.with_eager_expansions.html)  and `concat!`/`concat_idents!` macros
      
      [`pastey`]: https://crates.io/crates/pastey
      [`with_builtin_macros`]: https://crates.io/crates/with_builtin_macros
    ├ Announcement: https://github.com/dtolnay/paste
    ├ Solution: No safe upgrade is available!
    ├ paste v1.0.15
      ├── datadog-sidecar-ffi v0.0.1
      ├── libdd-libunwind-sys v1.0.2
      │   └── libdd-crashtracker v1.0.0
      │       ├── datadog-sidecar v0.0.1
      │       │   └── datadog-sidecar-ffi v0.0.1 (*)
      │       └── libdd-crashtracker-ffi v35.0.0
      │           ├── datadog-sidecar v0.0.1 (*)
      │           └── datadog-sidecar-ffi v0.0.1 (*)
      ├── libdd-telemetry-ffi v35.0.0
      │   └── datadog-sidecar-ffi v0.0.1 (*)
      └── rmp v0.8.14
          ├── libdd-trace-utils v8.0.0
          │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │   ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
          │   ├── libdd-data-pipeline v6.0.0
          │   │   ├── datadog-live-debugger v0.0.1
          │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │   │   │   └── datadog-sidecar-ffi v0.0.1 (*)
          │   │   └── datadog-sidecar v0.0.1 (*)
          │   ├── libdd-trace-obfuscation v4.0.0
          │   │   └── libdd-trace-stats v5.0.0
          │   │       ├── datadog-ipc v0.1.0
          │   │       │   ├── datadog-sidecar v0.0.1 (*)
          │   │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │   │       ├── datadog-sidecar v0.0.1 (*)
          │   │       └── libdd-data-pipeline v6.0.0 (*)
          │   ├── libdd-trace-stats v5.0.0 (*)
          │   └── (dev) libdd-trace-utils v8.0.0 (*)
          ├── rmp-serde v1.3.0
          │   ├── datadog-sidecar v0.0.1 (*)
          │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │   ├── libdd-data-pipeline v6.0.0 (*)
          │   ├── (dev) libdd-tinybytes v1.1.1
          │   │   ├── datadog-ipc v0.1.0 (*)
          │   │   ├── datadog-sidecar v0.0.1 (*)
          │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │   │   ├── (dev) libdd-tinybytes v1.1.1 (*)
          │   │   └── libdd-trace-utils v8.0.0 (*)
          │   ├── libdd-trace-stats v5.0.0 (*)
          │   └── libdd-trace-utils v8.0.0 (*)
          └── rmpv v1.3.0
              └── libdd-trace-utils v8.0.0 (*)

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:300:1
    │
300 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── datadog-sidecar v0.0.1
      │   └── datadog-sidecar-ffi v0.0.1
      ├── libdd-common v4.2.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-ipc v0.1.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── datadog-live-debugger v0.0.1
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v6.0.0
      │   │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   │   └── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.1
      │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   ├── libdd-crashtracker v1.0.0
      │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
      │   │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
      │   │   │   │   └── libdd-telemetry-ffi v35.0.0
      │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   └── libdd-trace-stats v5.0.0
      │   │   │       ├── datadog-ipc v0.1.0 (*)
      │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │       └── libdd-data-pipeline v6.0.0 (*)
      │   │   ├── libdd-trace-stats v5.0.0 (*)
      │   │   └── libdd-trace-utils v8.0.0
      │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
      │   │       ├── libdd-data-pipeline v6.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v4.0.0
      │   │       │   └── libdd-trace-stats v5.0.0 (*)
      │   │       ├── libdd-trace-stats v5.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   ├── libdd-common-ffi v35.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   ├── libdd-crashtracker-ffi v35.0.0 (*)
      │   │   └── libdd-telemetry-ffi v35.0.0 (*)
      │   ├── (build) libdd-crashtracker v1.0.0 (*)
      │   ├── libdd-crashtracker-ffi v35.0.0 (*)
      │   ├── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-remote-config v0.1.0
      │   │   ├── datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   └── (dev) libdd-remote-config v0.1.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.1 (*)
      │   ├── libdd-telemetry-ffi v35.0.0 (*)
      │   ├── libdd-trace-obfuscation v4.0.0 (*)
      │   ├── libdd-trace-stats v5.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── libdd-crashtracker v1.0.0 (*)
      ├── (dev) libdd-data-pipeline v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-stats v5.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── datadog-ipc v0.1.0 (*)
              ├── datadog-sidecar v0.0.1 (*)
              ├── datadog-sidecar-ffi v0.0.1 (*)
              ├── libdd-data-pipeline v6.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:327:1
    │
327 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       │       └── datadog-sidecar-ffi v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   │   └── libdd-telemetry-ffi v35.0.0
          │       │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       │   └── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:327:1
    │
327 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       │       └── datadog-sidecar-ffi v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   │   └── libdd-telemetry-ffi v35.0.0
          │       │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       │   └── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:327:1
    │
327 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       │       └── datadog-sidecar-ffi v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar-ffi v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   │   └── libdd-telemetry-ffi v35.0.0
          │       │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       │   └── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-telemetry-ffi v35.0.0 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:386:1
    │
386 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      ├── libdd-remote-config v0.1.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1
      │   │       └── datadog-sidecar-ffi v0.0.1
      │   ├── datadog-live-debugger v0.0.1
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   └── (dev) libdd-remote-config v0.1.0 (*)
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v6.0.0
                  ├── datadog-live-debugger v0.0.1 (*)
                  └── datadog-sidecar v0.0.1 (*)

advisories FAILED, bans ok, sources ok

📦 `datadog-sidecar` - 6 error(s)

Show output

error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:37:1
   │
37 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     ├── datadog-ipc v0.1.0
     │   └── datadog-sidecar v0.0.1
     └── datadog-sidecar v0.0.1 (*)

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:298:1
    │
298 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── datadog-sidecar v0.0.1
      ├── libdd-common v4.2.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-ipc v0.1.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-live-debugger v0.0.1
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar v0.0.1 (*)
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v6.0.0
      │   │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   │   └── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.1
      │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── libdd-crashtracker v1.0.0
      │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
      │   │   │   │   │       └── datadog-sidecar v0.0.1 (*)
      │   │   │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   │   │   └── libdd-trace-stats v5.0.0
      │   │   │       ├── datadog-ipc v0.1.0 (*)
      │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │       └── libdd-data-pipeline v6.0.0 (*)
      │   │   ├── libdd-trace-stats v5.0.0 (*)
      │   │   └── libdd-trace-utils v8.0.0
      │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │       ├── libdd-data-pipeline v6.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v4.0.0
      │   │       │   └── libdd-trace-stats v5.0.0 (*)
      │   │       ├── libdd-trace-stats v5.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   ├── libdd-common-ffi v35.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── libdd-crashtracker-ffi v35.0.0 (*)
      │   ├── (build) libdd-crashtracker v1.0.0 (*)
      │   ├── libdd-crashtracker-ffi v35.0.0 (*)
      │   ├── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-remote-config v0.1.0
      │   │   ├── datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │   └── (dev) libdd-remote-config v0.1.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.1 (*)
      │   ├── libdd-trace-obfuscation v4.0.0 (*)
      │   ├── libdd-trace-stats v5.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── libdd-crashtracker v1.0.0 (*)
      ├── (dev) libdd-data-pipeline v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-stats v5.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── datadog-ipc v0.1.0 (*)
              ├── datadog-sidecar v0.0.1 (*)
              ├── libdd-data-pipeline v6.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:325:1
    │
325 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:325:1
    │
325 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:325:1
    │
325 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── datadog-ffe v1.0.0
          │       │   └── datadog-sidecar v0.0.1
          │       ├── datadog-ipc v0.1.0
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-live-debugger v0.0.1
          │       │   └── datadog-sidecar v0.0.1 (*)
          │       ├── datadog-sidecar v0.0.1 (*)
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   │   └── datadog-sidecar v0.0.1 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   ├── libdd-crashtracker v1.0.0
          │       │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │       │   │   │   │   └── libdd-crashtracker-ffi v35.0.0
          │       │   │   │   │       └── datadog-sidecar v0.0.1 (*)
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       ├── datadog-ipc v0.1.0 (*)
          │       │   │       ├── datadog-sidecar v0.0.1 (*)
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── (build) libdd-crashtracker v1.0.0 (*)
          │       ├── libdd-crashtracker-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   ├── datadog-sidecar v0.0.1 (*)
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-remote-config v0.1.0
          │       │   ├── datadog-ffe v1.0.0 (*)
          │       │   ├── datadog-live-debugger v0.0.1 (*)
          │       │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │       │   └── (dev) libdd-remote-config v0.1.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:384:1
    │
384 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      ├── libdd-remote-config v0.1.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1
      │   ├── datadog-live-debugger v0.0.1
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   └── (dev) libdd-remote-config v0.1.0 (*)
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v6.0.0
                  ├── datadog-live-debugger v0.0.1 (*)
                  └── datadog-sidecar v0.0.1 (*)

advisories FAILED, bans ok, sources ok

📦 `libdd-trace-utils` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:177:1
    │
177 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.2.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   └── libdd-trace-utils v8.0.0
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-06-10 01:18:57 UTC | Commit: e36a4cf | dependency-check job results

github-actions · 2026-06-10T01:18:57Z

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

Base Branch: origin/main
PR Branch: origin/brian.marks/otlp-trace-export

Summary by Rule

Rule	Base Branch	PR Branch	Change
expect_used	2	2	No change (0%)
unwrap_used	8	8	No change (0%)
Total	10	10	No change (0%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
`datadog-sidecar/src/service/blocking.rs`	1	1	No change (0%)
`datadog-sidecar/src/service/session_info.rs`	1	1	No change (0%)
`datadog-sidecar/src/service/sidecar_server.rs`	6	6	No change (0%)
`datadog-sidecar/src/tracer.rs`	2	2	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
`clippy-annotation-reporter`	5	5	No change (0%)
`datadog-ffe-ffi`	1	1	No change (0%)
`datadog-ipc`	21	21	No change (0%)
`datadog-live-debugger`	4	6	⚠️ +2 (+50.0%)
`datadog-live-debugger-ffi`	10	10	No change (0%)
`datadog-profiling-replayer`	4	4	No change (0%)
`datadog-sidecar`	46	58	⚠️ +12 (+26.1%)
`libdd-common`	13	13	No change (0%)
`libdd-common-ffi`	12	12	No change (0%)
`libdd-data-pipeline`	5	5	No change (0%)
`libdd-ddsketch`	2	2	No change (0%)
`libdd-dogstatsd-client`	1	1	No change (0%)
`libdd-profiling`	13	13	No change (0%)
`libdd-remote-config`	4	0	✅ -4 (-100.0%)
`libdd-telemetry`	20	20	No change (0%)
`libdd-tinybytes`	4	4	No change (0%)
`libdd-trace-normalization`	2	2	No change (0%)
`libdd-trace-obfuscation`	3	3	No change (0%)
`libdd-trace-stats`	1	1	No change (0%)
`libdd-trace-utils`	11	13	⚠️ +2 (+18.2%)
Total	182	194	⚠️ +12 (+6.6%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

datadog-datadog-prod-us1-2 · 2026-06-10T01:30:15Z

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 56.92%
• Overall Coverage: 73.48% (-0.05%)

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: 53ed2e4 | Docs | Datadog PR Page | Give us feedback!}

dd-octo-sts · 2026-06-10T01:52:19Z

Artifact Size Benchmark Report

aarch64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so	7.70 MB	7.70 MB	0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a	83.49 MB	83.51 MB	+.03% (+28.85 KB) 🔍

aarch64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a	94.58 MB	94.61 MB	+.02% (+25.90 KB) 🔍
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.34 MB	10.34 MB	+0% (+704 B) 👌

libdatadog-x64-windows

Artifact	Baseline	Commit	Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll	24.73 MB	24.73 MB	+.01% (+5.00 KB) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib	86.89 KB	86.89 KB	0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb	179.90 MB	179.91 MB	+0% (+8.00 KB) 👌
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib	923.19 MB	923.23 MB	+0% (+39.68 KB) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll	8.09 MB	8.09 MB	+.03% (+3.00 KB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib	86.89 KB	86.89 KB	0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb	23.91 MB	23.92 MB	+.06% (+16.00 KB) 🔍
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib	47.72 MB	47.74 MB	+.03% (+14.77 KB) 🔍

libdatadog-x86-windows

Artifact	Baseline	Commit	Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll	21.43 MB	21.43 MB	+.02% (+4.50 KB) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib	88.26 KB	88.26 KB	0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb	183.87 MB	183.87 MB	+0% (+8.00 KB) 👌
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib	915.95 MB	915.99 MB	+0% (+42.65 KB) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll	6.25 MB	6.25 MB	+.03% (+2.00 KB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib	88.26 KB	88.26 KB	0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb	25.62 MB	25.64 MB	+.06% (+16.00 KB) 🔍
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib	45.35 MB	45.37 MB	+.03% (+15.09 KB) 🔍

x86_64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a	74.45 MB	74.47 MB	+.02% (+20.67 KB) 🔍
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so	8.58 MB	8.58 MB	0% (0 B) 👌

x86_64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a	89.86 MB	89.88 MB	+.02% (+20.02 KB) 🔍
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.43 MB	10.43 MB	+0% (+728 B) 👌

bm1549 and others added 2 commits June 9, 2026 20:05

bm1549 added the AI Generated PR largely written by AI tools label Jun 10, 2026

github-actions Bot added mini-agent sidecar labels Jun 10, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(sidecar): export session traces over OTLP via TraceExporter#2101

feat(sidecar): export session traces over OTLP via TraceExporter#2101
bm1549 wants to merge 2 commits into
mainfrom
brian.marks/otlp-trace-export

bm1549 commented Jun 10, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 10, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 10, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 10, 2026

Uh oh!

datadog-datadog-prod-us1-2 Bot commented Jun 10, 2026

Uh oh!

dd-octo-sts Bot commented Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

bm1549 commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Motivation

Additional Notes

How to test the change?

Uh oh!

github-actions Bot commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

📚 Documentation Check Results

📦 datadog-sidecar-ffi - 2936 warning(s)

📦 datadog-sidecar - 2668 warning(s)

📦 libdd-trace-utils - 602 warning(s)

Uh oh!

github-actions Bot commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔒 Cargo Deny Results

📦 datadog-sidecar-ffi - 7 error(s)

📦 datadog-sidecar - 6 error(s)

📦 libdd-trace-utils - 4 error(s)

Uh oh!

github-actions Bot commented Jun 10, 2026

Clippy Allow Annotation Report

Summary by Rule

Annotation Counts by File

Annotation Stats by Crate

About This Report

Uh oh!

datadog-datadog-prod-us1-2 Bot commented Jun 10, 2026

Uh oh!

dd-octo-sts Bot commented Jun 10, 2026

Artifact Size Benchmark Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

bm1549 commented Jun 10, 2026 •

edited

Loading

github-actions Bot commented Jun 10, 2026 •

edited

Loading

📦 `datadog-sidecar-ffi` - 2936 warning(s)

📦 `datadog-sidecar` - 2668 warning(s)

📦 `libdd-trace-utils` - 602 warning(s)

github-actions Bot commented Jun 10, 2026 •

edited

Loading

📦 `datadog-sidecar-ffi` - 7 error(s)

📦 `datadog-sidecar` - 6 error(s)

📦 `libdd-trace-utils` - 4 error(s)