feat(data-pipeline): OTLP HTTP/protobuf trace export by bm1549 · Pull Request #2115 · DataDog/libdatadog

bm1549 · 2026-06-12T19:33:10Z

What does this PR do?

Adds OTLP HTTP/protobuf as a second trace-export encoding alongside the existing HTTP/JSON path. The export protocol is selectable via the OTel-standard values http/json (default) and http/protobuf, through the Rust builder method TraceExporterBuilder::set_otlp_protocol and a new C FFI setter ddog_trace_exporter_config_set_otlp_protocol.

Motivation

libdatadog's OTLP trace export only spoke HTTP/JSON. SDKs that honor OTEL_EXPORTER_OTLP_TRACES_PROTOCOL need http/protobuf to match the OTel default and to talk to collectors that expect protobuf.

Additional Notes

Vendors the OTLP trace and collector/trace protos (from the same opentelemetry-proto commit as the already-vendored common/resource protos) and generates prost types in libdd-trace-protobuf. No new runtime dependency is added.
The tested hand-rolled serde JSON model is left untouched. A mechanical From<&serde> for prost converter produces the binary payload, and a parity test asserts both encodings carry the same span.
The protobuf encoder mirrors the existing serde JSON model exactly, including its current omission of span-link flags. Carrying span-link trace-flags through both encoders is a separate follow-up (it adds a field to the public OtlpSpanLink, a breaking change).
grpc parses but is rejected at export time (not supported yet).
Doctests are disabled for the generated protobuf crate because the vendored OTel comments contain indented example blocks that rustdoc treats as Rust doctests.
Design spec and implementation plan (internal, AppGate): design · implementation plan.

How to test the change?

cargo test -p libdd-trace-utils -p libdd-data-pipeline -p libdd-data-pipeline-ffi covers the unit and integration tests, including a protobuf round-trip test that decodes the emitted body with ExportTraceServiceRequest::decode and checks the application/x-protobuf content-type.
cargo +stable clippy --workspace --all-targets --all-features -- -D warnings, cargo +nightly-2026-02-08 fmt --all -- --check, cargo test --doc, and cargo ffi-test all pass.

End-to-end validation through dd-trace-py

Validated the full chain — dd-trace-py builds the OTLP protobuf body via this change, ships it to a local Datadog Agent's OTLP intake, and the Agent forwards to the Datadog backend.

dd-trace-py consumer PR: DataDog/dd-trace-py#18609 · system-tests coverage: DataDog/system-tests#7131

Wire format (tcpdump on the OTLP intake):

http/protobuf → Content-Type: application/x-protobuf, zero JSON bodies, all requests answered HTTP/1.1 200.
http/json regression → Content-Type: application/json, HTTP/1.1 200. Protocol selection works both directions.

Backend ingestion (fresh protobuf-only service so the spans can only have arrived via the protobuf encoder), counts by resource_name:

resource_name	spans
`GET /protobuf-a`	40
`GET /protobuf-b`	42
`SELECT 1`	82

Span fidelity — a sampled span carried the correct service/resource, the OTLP→Datadog mapping (custom.otel.*, deployment.environment.name), and a preserved 128-bit trace id (6a2c7287000000006ce19688cf3536b6 — 32 hex chars, upper 64 bits carrying _dd.p.tid).

Records the approved design: vendor OTLP trace + collector protos and generate prost types (zero new runtime deps), keep the hand-rolled serde JSON path, share one mapper with a serde->prost converter, and select the protocol via builder + C FFI. Includes the dd-trace-py companion wiring and the layered E2E plan (local receiver, system-tests, sdk-backend-verify). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Bite-sized, TDD-structured plan across 9 phases: vendor+generate prost types, serde->prost converter, encoder dispatch, protocol config through builder + C FFI, full validation gauntlet + libdatadog PR, then dd-trace-py PyO3/writer wiring and three E2E tiers (local receiver, system-tests, sdk-backend-verify) + dd-trace-py PR. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Vendors opentelemetry/proto/trace/v1/trace.proto and opentelemetry/proto/collector/trace/v1/trace_service.proto from open-telemetry/opentelemetry-proto commit 1e725b853bc8f6b46ee62e8232e4c83017b9536f (matching the already-vendored common.proto and resource.proto). Adds both protos to the prost_build compile list in build.rs, generates the committed Rust types (opentelemetry.proto.trace.v1.rs and opentelemetry.proto.collector.trace.v1.rs), and updates _includes.rs. Also qualifies "Span" → "pb.Span" / "pb.idx.Span" in build.rs type_attribute calls to prevent serde derives from leaking into the new opentelemetry::proto::trace::v1::Span type.

…ests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

…-type match Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…ocol

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…o avoid doctest failures

… Grpc content-type arm

datadog-datadog-prod-us1 · 2026-06-12T19:35:04Z

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 84.58%
• Overall Coverage: 73.18% (+0.14%)

_{This comment will be updated automatically if new data arrives.

🔗 Commit SHA: a8a305f | Docs | Datadog PR Page | Give us feedback!}

github-actions · 2026-06-12T19:35:25Z

📚 Documentation Check Results

⚠️ 3245 documentation warning(s) found

📦 `libdd-data-pipeline-ffi` - 1250 warning(s)

📦 `libdd-data-pipeline` - 1139 warning(s)

📦 `libdd-trace-protobuf` - 182 warning(s)

📦 `libdd-trace-utils` - 674 warning(s)

Updated: 2026-06-12 21:39:36 UTC | Commit: c33c159 | missing-docs job results

github-actions · 2026-06-12T19:36:29Z

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

Base Branch: origin/main
PR Branch: origin/brian.marks/otlp-http-protobuf-export

Summary by Rule

Rule	Base Branch	PR Branch	Change
unwrap_used	2	2	No change (0%)
Total	2	2	No change (0%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
`libdd-data-pipeline/src/trace_exporter/mod.rs`	2	2	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
`clippy-annotation-reporter`	5	5	No change (0%)
`datadog-ffe-ffi`	1	1	No change (0%)
`datadog-ipc`	21	21	No change (0%)
`datadog-live-debugger`	4	4	No change (0%)
`datadog-live-debugger-ffi`	10	10	No change (0%)
`datadog-profiling-replayer`	4	4	No change (0%)
`datadog-sidecar`	46	46	No change (0%)
`libdd-common`	13	13	No change (0%)
`libdd-common-ffi`	12	12	No change (0%)
`libdd-data-pipeline`	5	5	No change (0%)
`libdd-ddsketch`	2	2	No change (0%)
`libdd-dogstatsd-client`	1	1	No change (0%)
`libdd-profiling`	13	13	No change (0%)
`libdd-remote-config`	3	3	No change (0%)
`libdd-telemetry`	20	20	No change (0%)
`libdd-tinybytes`	4	4	No change (0%)
`libdd-trace-normalization`	2	2	No change (0%)
`libdd-trace-obfuscation`	3	3	No change (0%)
`libdd-trace-stats`	1	1	No change (0%)
`libdd-trace-utils`	12	12	No change (0%)
Total	182	182	No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

github-actions · 2026-06-12T19:36:46Z

🔒 Cargo Deny Results

⚠️ 14 issue(s) found, showing only errors (advisories, bans, sources)

📦 `libdd-data-pipeline-ffi` - 5 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:222:1
    │
222 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── libdd-common v4.2.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── libdd-data-pipeline v6.0.0
      │   │   │   └── libdd-data-pipeline-ffi v35.0.0
      │   │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
      │   │   │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.1
      │   │   │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   │   │   └── libdd-trace-stats v5.0.0
      │   │   │       └── libdd-data-pipeline v6.0.0 (*)
      │   │   ├── libdd-trace-stats v5.0.0 (*)
      │   │   └── libdd-trace-utils v8.0.0
      │   │       ├── libdd-data-pipeline v6.0.0 (*)
      │   │       ├── (dev) libdd-data-pipeline-ffi v35.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v4.0.0
      │   │       │   └── libdd-trace-stats v5.0.0 (*)
      │   │       ├── libdd-trace-stats v5.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   ├── libdd-common-ffi v35.0.0
      │   │   └── libdd-data-pipeline-ffi v35.0.0 (*)
      │   ├── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.1 (*)
      │   ├── libdd-trace-obfuscation v4.0.0 (*)
      │   ├── libdd-trace-stats v5.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-data-pipeline v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-stats v5.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── libdd-data-pipeline v6.0.0 (*)
              ├── libdd-data-pipeline-ffi v35.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:246:1
    │
246 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   └── libdd-data-pipeline-ffi v35.0.0
          │       │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── (dev) libdd-data-pipeline-ffi v35.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   └── libdd-data-pipeline-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:246:1
    │
246 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   └── libdd-data-pipeline-ffi v35.0.0
          │       │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── (dev) libdd-data-pipeline-ffi v35.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   └── libdd-data-pipeline-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:246:1
    │
246 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   │   └── libdd-data-pipeline-ffi v35.0.0
          │       │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-data-pipeline-ffi v35.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── (dev) libdd-data-pipeline-ffi v35.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-common-ffi v35.0.0
          │       │   └── libdd-data-pipeline-ffi v35.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:287:1
    │
287 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v6.0.0
                  └── libdd-data-pipeline-ffi v35.0.0

advisories FAILED, bans ok, sources ok

📦 `libdd-data-pipeline` - 5 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:214:1
    │
214 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── libdd-common v4.2.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── libdd-data-pipeline v6.0.0
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v6.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.1
      │   │   │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   │   │   └── libdd-trace-stats v5.0.0
      │   │   │       └── libdd-data-pipeline v6.0.0 (*)
      │   │   ├── libdd-trace-stats v5.0.0 (*)
      │   │   └── libdd-trace-utils v8.0.0
      │   │       ├── libdd-data-pipeline v6.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v4.0.0
      │   │       │   └── libdd-trace-stats v5.0.0 (*)
      │   │       ├── libdd-trace-stats v5.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   ├── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   └── libdd-data-pipeline v6.0.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.1 (*)
      │   ├── libdd-trace-obfuscation v4.0.0 (*)
      │   ├── libdd-trace-stats v5.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-data-pipeline v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-stats v5.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── libdd-data-pipeline v6.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v6.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v6.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.1
          │       │   │   │   └── libdd-data-pipeline v6.0.0 (*)
          │       │   │   └── libdd-trace-stats v5.0.0
          │       │   │       └── libdd-data-pipeline v6.0.0 (*)
          │       │   ├── libdd-trace-stats v5.0.0 (*)
          │       │   └── libdd-trace-utils v8.0.0
          │       │       ├── libdd-data-pipeline v6.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v4.0.0
          │       │       │   └── libdd-trace-stats v5.0.0 (*)
          │       │       ├── libdd-trace-stats v5.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       ├── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v6.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.1 (*)
          │       ├── libdd-trace-obfuscation v4.0.0 (*)
          │       ├── libdd-trace-stats v5.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:278:1
    │
278 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v6.0.0

advisories FAILED, bans ok, sources ok

📦 `libdd-trace-protobuf` - ✅ No issues

📦 `libdd-trace-utils` - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:177:1
    │
177 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.2.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   └── libdd-trace-utils v8.0.0
      │   │       └── (dev) libdd-trace-utils v8.0.0 (*)
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v8.0.0 (*)
      ├── libdd-trace-utils v8.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v8.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:199:1
    │
199 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.2.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   └── libdd-trace-utils v8.0.0
          │       │       └── (dev) libdd-trace-utils v8.0.0 (*)
          │       └── libdd-trace-utils v8.0.0 (*)
          ├── libdd-common v4.2.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.2.0 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-06-12 21:39:31 UTC | Commit: c33c159 | dependency-check job results

dd-octo-sts · 2026-06-12T20:31:32Z

Artifact Size Benchmark Report

aarch64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so	7.70 MB	7.70 MB	0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a	83.68 MB	84.01 MB	+.39% (+334.49 KB) 🔍

aarch64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a	94.78 MB	95.11 MB	+.34% (+334.81 KB) 🔍
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.34 MB	10.35 MB	+.09% (+9.65 KB) 🔍

libdatadog-x64-windows

Artifact	Baseline	Commit	Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll	24.83 MB	24.92 MB	+.35% (+89.50 KB) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib	87.33 KB	87.68 KB	+.40% (+360 B) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb	180.85 MB	181.87 MB	+.56% (+1.02 MB) 🔍
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib	925.13 MB	928.37 MB	+.35% (+3.24 MB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll	8.09 MB	8.11 MB	+.31% (+26.00 KB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib	87.33 KB	87.68 KB	+.40% (+360 B) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb	23.94 MB	24.04 MB	+.42% (+104.00 KB) 🔍
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib	47.78 MB	47.96 MB	+.38% (+188.95 KB) 🔍

libdatadog-x86-windows

Artifact	Baseline	Commit	Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll	21.52 MB	21.60 MB	+.37% (+82.50 KB) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib	88.71 KB	89.06 KB	+.40% (+364 B) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb	184.87 MB	185.94 MB	+.57% (+1.07 MB) 🔍
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib	918.09 MB	921.38 MB	+.35% (+3.29 MB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll	6.24 MB	6.26 MB	+.33% (+21.50 KB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib	88.71 KB	89.06 KB	+.40% (+364 B) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb	25.66 MB	25.77 MB	+.45% (+120.00 KB) 🔍
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib	45.41 MB	45.59 MB	+.39% (+182.47 KB) 🔍

x86_64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a	74.60 MB	74.90 MB	+.41% (+314.43 KB) 🔍
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so	8.58 MB	8.60 MB	+.22% (+20.00 KB) 🔍

x86_64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a	90.02 MB	90.33 MB	+.33% (+312.67 KB) 🔍
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.44 MB	10.47 MB	+.25% (+27.56 KB) 🔍

The OTLP design spec and implementation plan are linked from the PR description (internal chonk) rather than committed to the repo. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Selecting OtlpProtocol::Grpc on the Rust builder previously built a working-looking exporter that then failed on every send with a mis-typed Internal(InvalidWorkerState) error. Reject it in build_async (covering sync build + wasm) with BuilderErrorKind::InvalidConfiguration (FFI: InvalidArgument), matching the C FFI set_otlp_protocol setter so both entry points fail fast and identically. The send-time arm stays as a defensive guard. Also replace the "skip as instructed" placeholder comment in the OTLP serde->prost converter with a real test exercising link()/event() conversion (link trace/span ID byte assembly, tracestate, and link/event attributes). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

bm1549 and others added 15 commits June 12, 2026 14:09

feat(trace-utils): add serde->prost OTLP converter

6f385ba

refactor(trace-utils): clarify OTLP converter + add fallback/status t…

a52e30b

…ests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(trace-utils): add encode_otlp_json/encode_otlp_protobuf

4a4846a

feat(data-pipeline): make OtlpProtocol public with FromStr

54d8856

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

feat(data-pipeline): set OTLP content-type from protocol

772be3e

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

feat(data-pipeline): add TraceExporterBuilder::set_otlp_protocol

46d72a7

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

feat(data-pipeline): dispatch OTLP encoder by protocol + protobuf test

8f3c38e

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

refactor(data-pipeline): narrow otlp pub surface + exhaustive content…

2633427

…-type match Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(data-pipeline-ffi): add ddog_trace_exporter_config_set_otlp_prot…

e493d8d

…ocol

test(data-pipeline-ffi): cover set_otlp_protocol + clarify contract

4a81412

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(trace-protobuf): disable comments on vendored OTLP trace protos t…

3091b57

…o avoid doctest failures

docs(data-pipeline): clarify parse_u64/kind fallbacks and unreachable…

664f16f

… Grpc content-type arm

bm1549 added the AI Generated PR largely written by AI tools label Jun 12, 2026

github-actions Bot added mini-agent data-pipeline labels Jun 12, 2026

bm1549 force-pushed the brian.marks/otlp-http-protobuf-export branch from ee71538 to 664f16f Compare June 12, 2026 19:51

bm1549 mentioned this pull request Jun 12, 2026

feat(otlp): support http/protobuf OTLP trace export DataDog/dd-trace-py#18609

Draft

chore: drop in-repo planning docs (moved to chonk)

9bc5cf2

The OTLP design spec and implementation plan are linked from the PR description (internal chonk) rather than committed to the repo. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

bm1549 marked this pull request as ready for review June 12, 2026 21:37

bm1549 requested review from a team as code owners June 12, 2026 21:37

bm1549 requested a review from a team as a code owner June 12, 2026 21:37

bm1549 requested review from mabdinur and removed request for a team June 12, 2026 21:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(data-pipeline): OTLP HTTP/protobuf trace export#2115

feat(data-pipeline): OTLP HTTP/protobuf trace export#2115
bm1549 wants to merge 17 commits into
mainfrom
brian.marks/otlp-http-protobuf-export

bm1549 commented Jun 12, 2026 •

edited

Loading

Uh oh!

datadog-datadog-prod-us1 Bot commented Jun 12, 2026 •

edited by datadog-official Bot

Loading

Uh oh!

github-actions Bot commented Jun 12, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 12, 2026

Uh oh!

github-actions Bot commented Jun 12, 2026 •

edited

Loading

Uh oh!

dd-octo-sts Bot commented Jun 12, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

bm1549 commented Jun 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Motivation

Additional Notes

How to test the change?

End-to-end validation through dd-trace-py

Uh oh!

datadog-datadog-prod-us1 Bot commented Jun 12, 2026 • edited by datadog-official Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented Jun 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

📚 Documentation Check Results

📦 libdd-data-pipeline-ffi - 1250 warning(s)

📦 libdd-data-pipeline - 1139 warning(s)

📦 libdd-trace-protobuf - 182 warning(s)

📦 libdd-trace-utils - 674 warning(s)

Uh oh!

github-actions Bot commented Jun 12, 2026

Clippy Allow Annotation Report

Summary by Rule

Annotation Counts by File

Annotation Stats by Crate

About This Report

Uh oh!

github-actions Bot commented Jun 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔒 Cargo Deny Results

📦 libdd-data-pipeline-ffi - 5 error(s)

📦 libdd-data-pipeline - 5 error(s)

📦 libdd-trace-protobuf - ✅ No issues

📦 libdd-trace-utils - 4 error(s)

Uh oh!

dd-octo-sts Bot commented Jun 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Artifact Size Benchmark Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

bm1549 commented Jun 12, 2026 •

edited

Loading

datadog-datadog-prod-us1 Bot commented Jun 12, 2026 •

edited by datadog-official Bot

Loading

github-actions Bot commented Jun 12, 2026 •

edited

Loading

📦 `libdd-data-pipeline-ffi` - 1250 warning(s)

📦 `libdd-data-pipeline` - 1139 warning(s)

📦 `libdd-trace-protobuf` - 182 warning(s)

📦 `libdd-trace-utils` - 674 warning(s)

github-actions Bot commented Jun 12, 2026 •

edited

Loading

📦 `libdd-data-pipeline-ffi` - 5 error(s)

📦 `libdd-data-pipeline` - 5 error(s)

📦 `libdd-trace-protobuf` - ✅ No issues

📦 `libdd-trace-utils` - 4 error(s)

dd-octo-sts Bot commented Jun 12, 2026 •

edited

Loading