deps(deps): bump ddtrace from 4.8.7 to 4.10.4

[dependabot]

Bumps ddtrace from 4.8.7 to 4.10.4.

Release notes

Sourced from ddtrace's releases.

4.10.4

Bug Fixes

• LLM Observability: Fixes agentless export dropping data on the us3, us5, ap1, and ap2 Datadog sites. This affected customers on these sites when no Datadog Agent was running or agentless export was explicitly enabled (DD_LLMOBS_AGENTLESS_ENABLED=1).

• runtime metrics: Fixes an issue where runtime metrics were missing container and orchestrator tags (such as pod_name) on hosts using cgroup v2.

• IAST: A crash that could happen at interpreter teardown has been fixed.

• profiling: A rare crash that could happen after fork in fork-based applications has been fixed.

• tracing: Fixes a bug where running ddtrace-run caused a traceback on keyboard interrupt.

4.10.3

Bug Fixes

• CI Visibility: fix the default HTTP timeout for backend requests from 15 seconds to 30 seconds, and add the DD_CIVISIBILITY_BACKEND_API_TIMEOUT_MILLIS environment variable (previously missing) to override it. The value is expressed in milliseconds (e.g. 60000 for 60 seconds), consistent with the Java tracer. The same timeout now applies uniformly to all backend requests, including skippable test fetches.

• pydantic_ai: Fixes APM span naming so the operation name is the generic category (pydantic_ai.tool / pydantic_ai.agent) and the resource name is the specific tool or agent name, matching Datadog APM convention. This restores per-tool and per-agent grouping on APM service and resource pages. LLM Observability views are unaffected.

• sqlalchemy: Fixes duplicate SQLAlchemy event listeners when trace_engine() is called repeatedly for the same engine.

• LLM Observability: Fixes an issue where spans with very large JSON depth nested fields were being submitted but dropped by Datadog. The LLM Observability integration now detects nested fields that exceed the allowed depth and stringifies them, ensuring spans will not be dropped due to JSON depth limits in Datadog.

4.10.2

Bug Fixes

• LLM Observability: This fix resolves an issue in the Claude Agent SDK integration where a span's error message showed an uncategorized unknown error category from the upstream Claude Agent SDK instead of a descriptive API error. The integration now surfaces the detailed error message from the assistant message content.

• tracing: Fixes a race condition where extra service names could be silently dropped from Remote Configuration /v0.7/config payloads in multi-threaded applications (e.g. uWSGI).

• code origin: fixed an issue that could have caused pytest to crash internally when inspecting the call stack from an exception thrown by a view function when Code Origin is enabled.

• LLM Observability: Resolves an issue where non-string tag values passed to LLMObs.annotate(tags=...) could cause spans to be dropped during ingestion.

• LLM Observability: Fixes provider mis-attribution on openai spans when an OpenAI (or AsyncOpenAI) client and an AzureOpenAI (or AsyncAzureOpenAI) client are instantiated at the same time. Provider is now determined per-call rather than from the most recently constructed client.

... (truncated)

Commits

• 3ea8fe9 chore: bump version to 4.10.4 (#18554)
• eea0497 fix(writer): update agentless intake to browser-intake/api/v2/spans endpoint ...
• 611c1a6 fix(profiling): re-initialise string tables post-fork [backport 4.10] (#18545)
• b3015a4 fix(iast): fix crashes at teardown [backport 4.10] (#18539)
• 933329c fix(runtime-metrics): resolve DogStatsD origin on cgroup v2 hosts [backport 4...
• 4debf9b fix(tracing): ddtrace-run caused a traceback on keyboard interrupt [backport ...
• 40b7c0c chore: bump version to 4.10.3 (#18486)
• bf59488 fix(llmobs): sanitize deeply nested spans [MLOB-7594] [backport 4.10] (#18471)
• 819c13b fix(sqlalchemy): avoid duplicate engine listeners [backport 4.10] (#18475)
• 2a11028 fix(pydantic_ai): swap operation/resource names to match APM convention [1815...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)