[Snyk] Security upgrade dd-trace from 0.33.2 to 3.0.0

[DerGut]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • loadrunner/package.json
  • loadrunner/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dd-trace

The new version differs by 250 commits.

• c69b612 v3.0.0
• f45c684 reenable k8s test (#2289)
• a9b88f5 add guide for migrating from 2.x to 3.0 (#2280)
• a6009dd fix moleculer test timing out in latest version (#2288)
• e6bf928 remove promise binding from scope manager (#2287)
• c7cb279 disable couchbase test (#2286)
• 595f190 disable k8s library injection test (#2285)
• a66f4bd drop support for node 12 and move `@ types/node` to dev dependencies (#2260)
• 2bb2063 remove documentation about event emitter scope binding as it was removed (#2259)
• 42ad3e3 load plugins only when the corresponding instrumentation is loaded (#2234)
• 2fadfce fix w3c trace context inject/extract not propagating IDs properly (#2275)
• f8371bc fix profiler agent test timeouts (#2279)
• 83c07a2 remove jest env (#2281)
• 3522595 update release workflow to support 3.x and 2.x releases (#2233)
• c88c058 Move form-data to common folder (#2278)
• 3131443 [ci-visibility] Upload git metadata (#2245)
• 908d05d update sketches-js to 2.0.0 (#2265)
• 5c9f07a [ci-visibility] Update extraction of CI metadata (#2263)
• c22902f Fix querystring obfuscation benchmark (#2262)
• d05fc8f load instrumentation hooks only when the corresponding module is imported (#2242)
• 820bbbb [ci-visibility] Remove fs configuration in ci visibility (#2261)
• 05ee5d7 update native-metrics to 1.4.2 and pprof to 1.0.2 (#2256)
• 6583379 fix excessive requests queueing when the agent is overloaded (#2254)
• ced4ca2 fix restify disconnected trace when middleware breaks async context (#2249)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution