[Snyk] Upgrade newrelic from 8.1.0 to 8.7.1

[snyk-bot]

Snyk has created this PR to upgrade newrelic from 8.1.0 to 8.7.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2022-01-18.

Release notes

Package name: newrelic

• 8.7.1 - 2022-01-18
  

  v8.7.1 (2022-01-18)

  • Bumped @ newrelic/aws-sdk to ^4.1.1.

  • Upgraded @ newrelic/test-utilities to ^6.3.0.

    Includes helpers.getShim so sub packages properly execute.

  • Resolved dependabot and certain npm audit warnings.

  • Automation and CI improvements:

    • Added a script to be used by agent developers to add a PR to docs-website after the release of agent.
    • Changed the trigger for post release jobs.
    • Updated the create-release-tag script to pass in workflows to check before creating tag.
      • Fixed create-release-tag to properly filter out all async workflow run checks
      • Updated agent release to pass in a different list of workflows vs the default
    • Fixed release creation reusable workflow by passing in repo to bin/create-release-tag.js and bin/create-github-release.js.
    • Added workflow_dispatch to Agent Post Release workflow for manual testing.
    • Added a reusable workflow to create a release tag, publish to NPM and publish a GitHub release.
      • Updated agent release workflow to reference reusable workflow.
      • Added a new workflow to update RPM and publish API docs on a published release event type.
• 8.7.0 - 2022-01-04
  

  • Updated onResolved instrumentation hook to only be called the first time we see a specific module filepath resolved.

  • Removed tracer.segment in place of direct usage of context manager.

  • Fixed an issue where multiple calls to instrumentLoadedModule resulted in re-instrumenting the same module.

  • Fixed issue where instrumentLoadedModule would return true even if the instrumentation handler indicated it did not apply instrumentation.

  • Added support metrics for tracking when instrumentation was applied per module.

    • Supportability/Features/Instrumentation/OnResolved/<module-name>
    • Supportability/Features/Instrumentation/OnResolved/<module-name>/Version/<major version>
    • Supportability/Features/Instrumentation/OnRequire/<module-name>
    • Supportability/Features/Instrumentation/OnRequire/<module-name>/Version/<major version>

  • Fixed issue where expected status code ranges would not be parsed until ignored status codes were also defined.

  • Added an input changelog_file to pass in name of changelog. This defaults to NEWS.md but some repos use CHANGELOG.md

  • Abstracted bin/prepare-release.js to work against other repositories.

  • Added reusable prepare-release workflow that can be referenced in all other newrelic Node.js repositories.

  • Updated pending PRs workflow to check all repos the team owns.

  • Changed the event type from pull_request to pull_request_target to allow for auto assign of PRs to the Node.js Engineering Board

  • Fixed add to board workflow to properly pass repository secrets into reusable board workflow.

  • Changes token used to post issues to org level project board

  • Runs versioned tests for external modules against tests defined in the external repository instead of tests published in npm modules.

  • Added a reusable workflow to automatically add issues to the Node.js Engineering Board when created.

  • Added CI job to update system configurations with new agent version on release.

  • Moved methods.js under bluebird versioned test folder.

• 8.6.0 - 2021-11-17
  

  • Added onResolved instrumentation hook to apply instrumentation prior to module load.

    This hook fires after the module filepath has been resolved just prior to the module being loaded by the CommonJS module loader.

  • Fixed issue where recordConsume was not binding consumer if it was a promise

  • Pinned mongo versioned tests to <4.2.0 until we can address #982

  • Introduced a context management API to be used in place of manually calling tracer.segment get/set.

• 8.5.2 - 2021-11-09
  
  • Fixed issue where unhandled promise rejections were not getting logged as errors in a lambda execution
• 8.5.1 - 2021-11-03
  

  v8.5.1 (2021-11-03)

  • Fixed bug where failure to retrieve CPU/Memory details for certain Linux distros could result in a crash.

    parseProcCPUInfo and parseProcMeminfo now check for null input prior to processing.

  • Updated README to favor using -r to load the agent vs require('newrelic').

  • Updated @ newrelic/test-utilities to 6.1.1 and applied a global sampling value of 10 for versioned tests.

  • Migrated utilization unit tests from mocha to tap.

  • Migrated logger unit tests from mocha to tap.

  • Cleaned up or added future removal comments for several deprecation warnings.

  • Added a script and corresponding CI job that will check for PRs that have been merged and not release and notify the team in a private slack channel.

  • Updated the versioned test runner to always run against minor versions.

  • Fixed a high severity npm audit failure.

• 8.5.0 - 2021-10-12
  

  v8.5.0 (2021-10-12)

  • Added full support for Fastify v2 and v3. Fastify instrumentation is now GA.

    • Removed fastify feature flag.
    • Instrumented Fastify routes by wrapping addHook.
    • Added middleware mounting for fastify v3.
    • Fixed capturing of mount point for middleware naming.
    • Fixed the WebFramework spec definitions for Fastify middleware and route handlers to properly retrieve the IncomingMessage from a request object.
    • Added proper definition to middleware handlers so that the relationship to consecutive middleware and route handler are siblings and not direct children.

  • Added experimental instrumentation for the undici http client behind a feature flag.

    To enable undici support, add the following into your config: { feature_flag: { undici_instrumentation: true } }. The support for undici client is Node.js 16.x as it takes advantage of the diagnostics_channel. Lastly, you must be using v4.7.0+ of the undici client for any of the instrumentation to work.

    Note: There are currently some state issues if requests to an app are made with keep alive and you have multiple undici requests being made in parallel. In this case, set feature_flag: { undici_async_tracking: false } which avoids these state issues at the cost of some broken segment nesting.

• 8.4.0 - 2021-09-28
  

  • Deprecation Warning: Cross Application Tracing (CAT) has been deprecated and will be removed in a future major release. For applications that explicitly disable Distributed Tracing (DT) to leverage CAT, we recommend migrating to DT to avoid loss of cross-service visibility.

    • Disables CAT by default. You must explicitly enable CAT along with turning off DT.
    • Adds a deprecation warning when CAT is enabled and active (DT disabled).

  • Fixed issue with clearTimeout that could result in dropping parent segments or spans.

    This bug resulted in some MongoDB calls being dropped from Transaction Traces and Distributed Traces (spans): #922.

  • Removed warnings from agent tests for no-var eslint rule.

  • Added support for Cassandra driver v4.0.0 and above.

  • Fixed issue where DT headers would not be processed by transaction-shim.handleCATHeaders() when CAT was explicitly disabled. This primarily impacts amqplib instrumentation.

  • Transitioned aws-lambda.test.js to use Tap over Mocha.

  • Removed warnings from agent for no-var eslint rule.

  • Refactored transaction-shim, http and http-outbound to use centralized CAT methods in util/cat

  • Replaced http-outbound test call to use example.com to avoid unpredictable connection resets.

  • Migrated sql query parser tests to tap

  • Added more API usage examples.

  • Added a README to the examples/ folder discussing how to use the examples.

  • Fixed message-shim test assertion to avoid flakiness based on precision differences(ms vs ns)

  • Applied new lint rules barring the use of var and preferring the use of const wherever possible.

• 8.3.0 - 2021-09-09
  

  v8.3.0 (2021-09-09)

  • Enabled Distributed Tracing (DT) by default.

    • Added ability to configure the maximum number of spans that can be collected per minute via span_events.max_samples_stored and environment variable, NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED.
    • Added supportability metric SpanEvent/Limit.

  • Added support for properly setting the host and port for mongodb requests that are to cluster.

  • Fixes issue where .fastify and .default properties would be missing from the fastify export when instrumented.

    Instrumentation now sets .fastify and .default properties to the wrapped fastify export function for fastify v3.

  • Added the following environment variables for the corresponding configuration items:

    • config item: transaction_events.max_samples_stored
      env var: NEW_RELIC_TRANSACTION_EVENTS_MAX_SAMPLES_STORED

    • config item: custom_insights_events.max_samples_stored
      env var: NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED

    • config item: error_collector.max_event_samples_stored
      env var: NEW_RELIC_ERROR_COLLECTOR_MAX_EVENT_SAMPLES_STORED

  • Converted several unit tests to use the tap API.

  • Changed assertions for 2 http error msg tests to work with all versions of Node.js.

• 8.2.0 - 2021-08-25
  

  • Added a new feature flag unresolved_promise_cleanup that defaults to true only when new_promise_tracking feature flag is set to true. If disabled, this will help with performance of agent when an application has a lot of promises. To disable set in your config feature_flag.unresolved_promise_cleanup to false or pass in the env var of NEW_RELIC_FEATURE_FLAG_UNRESOLVED_PROMISE_CLEANUP=false when starting application with agent.

    WARNING: If you set unresolved_promise_cleanup to false, failure to resolve all promises in your application will result in memory leaks even if those promises are garbage collected

  • Supported using connect to route middleware calls.

  • Removed stubbed out tests in memcached unit tests

  • Refactored dropTestCollections in mongo versioned tests to await for all dropCollection operations to be finished before closing connection and returning.

  • Ported remaining mocha tests in test/unit/instrumentation to exclusively use tap.

  • Added @ newrelic/eslint-config to rely on a centralized eslint ruleset.

  • Removed integration tests for oracle.

  • Converted config unit tests to fully use tap API and extracted related tests into more-specific test files.

  • Added a pre-commit hook to check if package.json changes and run oss third-party manifest and oss third-party notices. This will ensure the third_party_manifest.json and THIRD_PARTY_NOTICES.md up to date

  • Replaced JSV with ajv for JSON schema validation in tests

  • Removed through in lieu of core Node.js implementation of Transform stream in tests.

• 8.1.0 - 2021-08-05
  

  • Added necessary instrumentation to support v4 of mongodb.

    • Explicitly enabled APM for mongodb instrumentation(client.monitorCommands = true)

  • Fixed issue where Promise based pg.Client.query timings were always in sub-millisecond range.

  • Fixed bug where API.shutdown would not harvest or keep process active effectively after an agent restart.

    The agent will now correctly update its state to 'started' after a reconnect has completed.

  • Added an eslint rule to verify every file includes the copyright statement.

  • Fixed the homepage field in package.json to use https in the link to the github repo. Thank you @ pzrq for the contribution.

from newrelic GitHub release notes

Commit messages

Package name: newrelic

• b9a01f0 Merge pull request #1069 from newrelic/release/v8.7.1
• b618013 Release note revisions.
• 5ab70dd Adds auto-generated release notes.
• bc8b880 Setting version to v8.7.1.
• 6d53aa1 Merge pull request #1066 from michaelgoin/bump-minimum-aws-sdk
• 7592b9e Bumps @ newrelic/aws-sdk to ^4.1.1. 4.1.0 had a critical bug.
• c153cb5 Merge pull request #1058 from bizob2828/automate-docs-pr
• 5105911 addressed feedback from PR review
• e900ed4 Merge pull request #1059 from bizob2828/swap-gh-token
• 7dc7018 Merge pull request #1062 from bizob2828/update-pending-prs-token
• ffe8b93 updated github token to use personal access token at org level to get private repos included in pending prs report
• 5eb66f8 changed secret for gh token to use org level secret
• 6bbadca Merge pull request #1060 from bizob2828/upgrade-test-utils
• b3c0eeb upgraded test utils so sub packages properly run versioned tests
• 6cca181 added a addFiles command to git and updated script
• b2b9038 Added ability to specify repo-path for docs-website
• cc7d889 added a script to create a pr in docs fork
• 458614d Merge pull request #1057 from bizob2828/change-post-release-trigger
• e2ac018 conditionally run job based on success of triggered workflow
• a3b3d29 Merge pull request #1056 from michaelgoin/cleanup-warnings
• 83185d1 change how we invoke post release activities to work around not using PAT
• 22da641 Cleans up resolvable npm audit / dependabot warnings.
• 76881a4 Merge pull request #1055 from bizob2828/fix-workflow-run-check
• f6462f8 changed var name to filterAsync to be more specific

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[michaelgoin]

Closing out for now. This repository is being replaced by the logging extensions repository and will eventually be archived. I'll turn off auto-dep updates for this repo.