[Snyk] Upgrade newrelic from 5.2.1 to 5.13.1

[snyk-bot]

Snyk has created this PR to upgrade newrelic from 5.2.1 to 5.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2019-10-10.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept

Release notes

Package name: newrelic

• 5.13.1 - 2019-10-10
  
  • utilization/common.request() function now listens for an agent
    restart/disconnected event
    • multiple agent restarts caused the number of 'stopped' listeners to exceed
      listener limit

  • Added back generation of entity stats logging and uninstrumented support metric
    generation on metric harvests.

  • Fixed inconsistent async return from collector API. This could result in an
    infinite loop due to attempting to merge before clearing. This bug should not
    have impacted normal agent runs but was uncovered for certain test cases.

  • Removed legacy harvest code from main agent.

  • Updated to v3.

  Shoutouts to @asturur for the contribution.

  • Added diagnostic code injector.

    The agent may now be configured to make transaction state checks via code
    injection. This may be turned on by setting
    to . While this option is enabled, code around async boundaries will be added
    to track transactions, and log a message when they are not properly reinstated.

  • Fixed bug where would not properly harvest when configured to.

  • now defaults to 'Unknown' in serverless mode to allow
    Distributed Tracing to function correctly when is not defined.

  • Upgrades to latest version

  • Bumps to latest version.

  • Fixes tests that leave work scheduled on the event loop.

  • Adds flag to mocha test runs to prevent infinite runs on CI.

  • Fixed issue that could result in vendor utilization detection failure.
    As a part of this fix, the request that hits the timeout will immediately abort
    instead of hanging around for the default timeout.

• 5.13.0 - 2019-10-01
  
  • Use correct harvest logic for query aggregator
  • Bumps tap version to move beyond handlebars audit warning.
  • migrated sql query trace harvest to FEH
  • removed unused old harvest tests

  • Bumps dev dependency past audit warning.

  • Decouples metric harvest into own standalone scheduled aggregator.

  • HTTPS connections to New Relic now use a keep alive HTTP-Agent

  • Drops old odd-numbered node versions that are no longer supported by node from
    travis testing.

  • Updated the transaction trace aggregator to handle sending its data autonomously.

  • Decoupled span event harvest into own standalone scheduled aggregator.

  • Decouples Transaction event harvest into own standalone scheduled aggregator.

  • versioned test skips nest SDK version as it has a crashing bug. Resumes
    with the next version assuming there will be a fix.

  • Decouples custom event harvest into own standalone scheduled aggregator.

  • Changed, added, and removed tests to instrument Restify 7.

  • Decouples error trace and error event harvests into own standalone scheduled
    aggregators.

  • Distributed Tracing is now enabled by default in serverless mode.

  • Made the segment reference on the outbound request non-enumerable.

  • Remove serialized mergeServerConfig object from Config object before posting
  • Moves transaction_events.max_samples_* config items out of being valid from
    server. These are not valid to receive. Fixed tests and added cleanup to
    better isolate some test failures.
  • Updated Mocha and Docker links in Contributing.md
  • The agent will now end/serialize transactions in the event of an uncaught
    exception while operating in serverless mode.
• 5.11.0 - 2019-07-31
  
  • Adds NEW_RELIC_ERROR_COLLECTOR_IGNORE_ERRORS,
    NEW_RELIC_ERROR_COLLECTOR_EXPECTED_CODES, NEW_RELIC_ERROR_COLLECTOR_EXPECTED_ERRORS
    ENV vars for new ignore and expected error configuration values
  • Bumps jsdoc to 3.6.3 to get past latest vulnerability warning.

  • Implements the ignore_messages and ignore_classes configuration values, allowing
    the agent to completely ignore certain errors

  • Adds server side configuration boilerplate for ,
    , , , and
    code

  • Bumps lodash minimum dev dependency to get past most recent vulnerability.

  • Added support for scoped package name introduced in hapi v18 (@hapi/hapi).

    This will provide functionality at parity with instrumentation for hapi v17. Any
    new features may not yet be supported.

  Huge shoutout to Aori Nevo (@aorinevo) for this contribution.

  • Updated development deps to clear known security vulnerabilities.
    Shoutouts to Aori Nevo (@aorinevo) for this contribution.

  • Fixed bug where agent would count errors towards error metrics even if they were
    dropped due to the error collector being disabled.

  • Adds , , and
    functionality to the error collector, allow users to report errors that will not
    impact the error counts or apdex

  • The agent will now properly track cached paths to files in loaded modules on Node
    versions >10.

    As of Node v11, the path to a file in a module being loaded will only be resolved
    on the first load; subsequent resolution of that file will use a cached value.
    The agent records this resolved path and uses it for relative file look ups in
    order to deep link into modules using . Since the agent couldn't
    reliably get at the path on the subsequent calls to require, it now replicates
    the caching logic and hold onto the resolved path for a given file.

  • Adds detailed logging through harvest/collector code to increase supportability.

• 5.10.0 - 2019-06-12
  

  • The agent now allows installation on node v11 and v12.

    This change relaxes the engines restriction to include node v11 and v12. This does
    not constitute official support for those versions, and users on those versions
    may run into subtle incompatibilities. For those users who are interested in
    experimenting with the agent on the v11 and v12, we are tracking relevant issues
    here: #279.

  • Lambda invocations ended with promises will now be recorded properly.

    Previously, the lambda instrumentation was not intercepting the promise
    resolution/rejection returned from a lambda handler. The instrumentation now
    properly observes the promise, and ends the transaction when the promise has
    finished.

  • Lambda invocations will only attempt to end the related transaction a single time.

    In the event of two lambda response events (e.g. callback called, and a promise
    returned), the agent would attempt to end the transaction twice, producing an
    extraneous empty payload. The agent now limits itself to a single end call for
    a given transaction.

  • The agent will now properly end transactions in the face of uncaught exceptions
    while in serverless mode.

  • Enables ability to migrate to Configurable Security Policies (CSP) on a per agent
    basis for accounts already using High Security Mode (HSM).

    When both HSM and CSP are enabled for an account, an agent (this version or later)
    can successfully connect with either or the appropriate
    configured. has been added as part of
    the preconnect payload.

• 5.9.1 - 2019-05-28
  

  • moved third party notices to

  • Shim#require will now operate as expected.

    Previously, the module interception code made the faulty assumption that a module's
    filepath would be resolved before the module load call was invoked. This caused
    the wrap filepath to be attributed to the modules being instrumented. This meant
    that attempted relative require calls using Shim#require would resolved from the
    incorrect path. The logic has been changed to keep a stack of the resolved
    filepaths, resolving the issue.

  • Updates error message for license check to indicate all places that need to be
    updated.

  • Shim#wrapReturn now uses ES6 proxies to wrap its methods.

    This will accurately propagate look up and assignment onto the underlying wrapped
    function, while maintaining all previous functionality.

  • Updated versioned test configurations to reflect current engine support.

• 5.9.0 - 2019-05-20
  

  null

• 5.8.0 - 2019-05-06
  

  • Modifies route property to allow functions and defers route
    processing and segment naming until just before needed (each middleware
    invocation).

  • Fixed outdated ref in .

  • Middleware instrumentation now honors spec.appendPath for more cases and will
    not pop paths when it has not appended a path.

• 5.7.0 - 2019-04-24
  

  • Added to .

    Now web transactions will be named after known status code messages (404, 405,
    and 501).

  • Broke apart script test globs.

  • Added option to MiddlewareSpec.

• 5.6.4 - 2019-04-16
• 5.6.3 - 2019-04-01
• 5.6.2 - 2019-03-25
• 5.6.1 - 2019-03-11
• 5.6.0 - 2019-03-04
• 5.5.0 - 2019-02-19
• 5.3.0 - 2019-02-12
• 5.2.1 - 2019-01-29

from newrelic GitHub release notes

Commit messages

Package name: newrelic

• fcf7e89 release: published 5.13.1
• 7f5b760 Updated release notes
• ef90567 Updated release notes for 5.13.1
• a5dccb7 Merge pull request Bug: Repo name is not shown in "release" notification on mobile integrations/slack#1831 from NodeJS-agent/cpearson/NODE-2146-utilization-event-listener
• bdccdb6 NODE-2146 - remove comments and add extra assertions to tap test
• f0595e3 Merge pull request Option to disable GitHub Actions statuses for subscribed PR notifications  integrations/slack#1839 from NodeJS-agent/mgoin/NODE-2124-HarvestCleanup
• b66d628 Merge branch 'integration' into cpearson/NODE-2146-utilization-event-listener
• 5c8560d NODE-2146 - add tap test for agent restarts
• f18244a Merge branch 'integration' into mgoin/NODE-2124-HarvestCleanup
• 428099d Removes Nodejs/Transactions/Created support metric that seems to have never worked correctly.
• 407e8f2 Fixes issue where collector api call could return synchronously, resulting in clear() not getting executed prior to merge attempt and an infinite merge in PriorityQueue. Adds back entity stats on metric harvests.
• 4c4f3aa Merge pull request Tasklist renders really badly in the slack integration integrations/slack#1836 from NodeJS-agent/asturur/https-proxy-update
• 8c8f719 updated package lock
• 9ab4978 Removes old harvest classes. Comments out currently unused entity stats code to prevent accidental memory growth w/o clearing.
• 255465f Update dependency https-proxy-agent to 3.0
• 8ced648 Removes old/unused event aggregator.
• fdca0e7 Removes old/unused harvest code from agent
• fa6f6a4 Merge pull request Add support for bold headings integrations/slack#1824 from NodeJS-agent/injector
• 4dab881 Removes usage of data_report_period.
• c1fe8a0 Merge pull request Create auto-close-pr.yml integrations/slack#1835 from NodeJS-agent/mgoin/NODE-2161-FixApiShutdownHarvest
• 27eaf71 API.shutdown now forces final harvest on new aggregators when configured to.
• 6d74b24 actually update the config check
• ac92ad4 Merge pull request Encountering incorrect dialog invocation from the Slack adapter in Bot Framework Composer. integrations/slack#1834 from NodeJS-agent/mgoin/NODE-2086-DefaultPrimaryAppIdForServerless
• adba864 added env var for enabling diagnostic code

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs