dd-trace-js icon indicating copy to clipboard operation
dd-trace-js copied to clipboard
verified publisher icon DataDog

add maximum node version in guardrails

Open rochdev opened this issue 5 months ago • 4 comments

What does this PR do?

Add maximum Node version in guardrails.

Motivation

We shouldn't support major versions of Node that don't exist yet in SSI since we automatically inject the library everywhere and if there is any major problem it could crash.

Additional notes

Since Node 25 is already out at this point, I put the upper range at 26.

rochdev avatar Oct 29 '25 22:10 rochdev

Overall package size

Self size: 3.59 MB Deduped: 4.47 MB No deduping: 4.47 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 1.15.0 | 127.66 kB | 856.24 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

github-actions[bot] avatar Oct 29 '25 22:10 github-actions[bot]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 84.77%. Comparing base (b479dad) to head (6bf9ec4). :warning: Report is 4 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6788   +/-   ##
=======================================
  Coverage   84.77%   84.77%           
=======================================
  Files         521      521           
  Lines       22149    22149           
=======================================
  Hits        18776    18776           
  Misses       3373     3373

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Oct 29 '25 22:10 codecov[bot]

⚠️ Tests

Fix all issues with Cursor

⚠️ Warnings

❄️ 6 New flaky tests detected

IAST - code_injection - integration eval should report Code injection vulnerability from eval (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/code_injection.integration.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/code_injection.integration.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
IAST - code_injection - integration SourceTextModule should report Code injection vulnerability from SourceTextModule (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/code_injection.integration.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/code_injection.integration.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
IAST - overhead-controller - integration vulnerability sampling algorithm should differentiate different methods in the same route from vulnerability sampling algorithm (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
View all

🧪 5 Tests failed

weak-cipher-analyzer full feature "before all" hook for "should have WEAK_CIPHER vulnerability" from full feature (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-cipher-analyzers.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-cipher-analyzers.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
weak-randomness-analyzer Math.random instrumentation full feature "before all" hook in "full feature" from full feature (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-randomness-analyzer.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-randomness-analyzer.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
weak-hash-analyzer full feature inside request "before all" hook for "should have WEAK_HASH vulnerability" from inside request (Datadog) (Fix with Cursor) 
Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-hash-analyzer.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/appsec/iast/analyzers/weak-hash-analyzer.spec.js)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)
View all
This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 6bf9ec4 | Docs | Datadog PR Page | Was this helpful? Give us feedback!

datadog-datadog-prod-us1[bot] avatar Oct 29 '25 22:10 datadog-datadog-prod-us1[bot]

Benchmarks

Benchmark execution time: 2025-12-16 06:11:58

Comparing candidate commit 6bf9ec497942d2ca8b077118fa223764ad865022 in PR branch guardrails-max-node-version with baseline commit b479dad1eee1276f62946e52911e56c0fb361557 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 290 metrics, 30 unstable metrics.

pr-commenter[bot] avatar Oct 30 '25 19:10 pr-commenter[bot]

@BridgeAR Given how difficult that test file is to work with, and since we don't have access to nice helpers like semifies and the current use case has been only working with majors for years, I decided to keep it simple and reverted to only a major version check. This also keeps the test much simpler with only 2 scenarios for getting out of range.

rochdev avatar Dec 16 '25 06:12 rochdev