Bump newrelic_rpm from 4.7.1.340 to 9.13.0 #455

dependabot · 2024-08-23T10:23:41Z

Bumps newrelic_rpm from 4.7.1.340 to 9.13.0.

Release notes

9.13.0

No release notes provided.

9.13.0-pre

No release notes provided.

9.12.0

No release notes provided.

9.12.0-pre

No release notes provided.

9.11.0

No release notes provided.

9.11.0-pre

No release notes provided.

9.10.2

No release notes provided.

9.10.2-pre

No release notes provided.

9.10.1

No release notes provided.

9.10.1-pre

No release notes provided.

9.10.0

No release notes provided.

9.10.0-pre

No release notes provided.

9.9.0

No release notes provided.

9.9.0-pre

No release notes provided.

9.8.0

No release notes provided.

9.8.0-pre

No release notes provided.

9.7.1

No release notes provided.

... (truncated)

Changelog

Sourced from newrelic_rpm's changelog.

v9.13.0

Version 9.13.0 enhances support for AWS Lambda functions, adds experimental OpenSearch instrumentation, updates framework detection, silences a Bundler deprecation warning, fixes Falcon dispatcher detection, fixes a bug with Redis instrumentation installation, and addresses a JRuby-specific concurrency issue.

Feature: Enhance AWS Lambda function instrumentation

When utilized via the latest New Relic Ruby layer for AWS Lambda, the agent now offers enhanced support for AWS Lambda function instrumentation.

The agent's instrumentation for AWS Lambda functions now supports distributed tracing.

Web-triggered invocations are now identified as being "web"-based when an API Gateway call is involved, with support for both API Gateway versions 1.0 and 2.0.

Web-based calls have the HTTP method, URI, and status code recorded.

The agent now recognizes and reports on 12 separate AWS resources that are capable of triggering a Lambda function invocation: ALB, API Gateway V1, API Gateway V2, CloudFront, CloudWatch Scheduler, DynamoStreams, Firehose, Kinesis, S3, SES, SNS, and SQS.

The type of the triggering resource and its ARN will be recorded for each resource, and for many of them, extra resource-specific attributes will be recorded as well. For example, Lambda function invocations triggered by S3 bucket activity will now result in the S3 bucket name being recorded. PR#2811

Feature: Add experimental OpenSearch instrumentation

The agent will now automatically instrument the opensearch-ruby gem. We're marking this instrumentation as experimental because more work is needed to fully test it. OpenSearch instrumentation provides telemetry similar to Elasticsearch. Thank you, @Earlopain for reporting the issue and @praveen-ks for an initial draft of the instrumentation. Issue#2228 PR#2796

Feature: Improve framework detection accuracy for Grape and Padrino

Previously, applications using the Grape framework would set ruby as their framework within the Environment Report. Now, Grape applications will be set to grape. Similarly, applications using the Padrino framework would be set to sinatra. Now, they will be set to padrino. This will help the New Relic security agent compatibility checks. Thank you, @prateeksen for making this change. Issue#2777 PR#2789

Feature: Silence Bundler all_specs deprecation warning

Bundler.rubygems.all_specs was deprecated in favor of Bundler.rubygems.installed_specs in Bundler versions 2+, causing the agent to emit deprecation warnings. The method has been updated when Bundler 2+ is detected and warnings are now silenced. Thanks to @jcoyne for reporting this issue. Issue#2733 PR#2823

Bugfix: Fix Falcon dispatcher detection

Previously, we tried to use the object space to determine whether the Falcon web server was in use. However, Falcon is not added to the object space until after the environment report is generated, resulting in a nil dispatcher. Now, we revert to an earlier strategy that discovered the dispatcher using File.basename. Thank you, @prateeksen for reporting this issue and researching the problem. Issue#2778 PR#2795

Bugfix: Fix for a Redis instrumentation error when Redis::Cluster::Client is present

The Redis instrumentation previously contained a bug that would cause it to error out when Redis::Cluster::Client was present, owing to the use of a Ruby return outside of a method. Thanks very much to @jdelStrother for not only reporting this bug but pointing us to the root cause as well. Issue#2814 PR#2816

Bugfix: Address JRuby concurrency issue with config hash accessing

The agent's internal configuration class maintains a hash that occassionally gets rebuilt. During the rebuild, certain previously dynamically determined instrumentation values are preserved for the benefit of the New Relic Ruby security agent. After reports from JRuby customers regarding concurrency issues related to the hash being accessed while being modified, two separate fixes went into the hash rebuild logic previously: a Hash#dup operation and a synchronize do block. But errors were still reported. We ourselves remain unable to reproduce these concurrency errors despite using the same exact versions of JRuby and all reported software. After confirming that the hash access code in question is only needed for the Ruby security agent (which operates only in non-production dedicated security testing environments), we have introduced a new fix for JRuby customers that will simply skip over the troublesome code when JRuby is in play but the security agent is not. PR#2798

v9.12.0

Version 9.12.0 adds support for the newrelic_security agent, introduces instrumentation for the LogStasher gem, improves instrumentation for the redis-clustering gem, and updates the Elasticsearch instrumentation to only attempt to get the cluster name once per client, even if it fails.

Feature: Add support for the newrelic_security agent

New Relic Interactive Application Security Testing (IAST) can help you prevent cyberattacks and breaches on your applications by probing your running code for exploitable vulnerabilities.

The newrelic_security gem provides this feature for Ruby. It depends on newrelic_rpm. This is the first version of newrelic_rpm compatible with newrelic_security.

At this time, the security agent is intended for use only within a dedicated security testing environment with data that can tolerate modification or deletion. The security agent is available as a separate Ruby gem, newrelic_security. It is recommended that this separate gem only be introduced to a security testing environment by leveraging Bundler grouping like so:

... (truncated)

Commits

454d61f Merge pull request #2827 from newrelic/prerelease_updates_9.13.0-pre
dcc8ac0 bump version
f016fd1 Merge pull request #2825 from newrelic/bundler_changelog
a50b328 Update CHANGELOG.md
7adc0dc Add CHANGELOG for Bundler version update
a885001 Add Bundler version conditions (#2823)
77b0838 Merge pull request #2822 from newrelic/two_kinds_of_koalas
fff6656 bring in the latest cross-agent AWS Lambda JSON
7965561 Merge pull request #2821 from newrelic/james_best_face_barney_kessel_hands
c869cd9 serverless handler tested: comment disambiguation
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [newrelic_rpm](https://github.com/newrelic/newrelic-ruby-agent) from 4.7.1.340 to 9.13.0. - [Release notes](https://github.com/newrelic/newrelic-ruby-agent/releases) - [Changelog](https://github.com/newrelic/newrelic-ruby-agent/blob/dev/CHANGELOG.md) - [Commits](newrelic/newrelic-ruby-agent@4.7.1.340...9.13.0) --- updated-dependencies: - dependency-name: newrelic_rpm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-10-01T10:36:35Z

Superseded by #459.

dependabot bot added dependencies ruby Pull requests that update Ruby code labels Aug 23, 2024

dependabot bot mentioned this pull request Aug 23, 2024

Bump newrelic_rpm from 4.7.1.340 to 9.12.0 #452

Closed

dependabot bot closed this Oct 1, 2024

dependabot bot deleted the dependabot/bundler/newrelic_rpm-9.13.0 branch October 1, 2024 10:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump newrelic_rpm from 4.7.1.340 to 9.13.0 #455

Bump newrelic_rpm from 4.7.1.340 to 9.13.0 #455

dependabot bot commented on behalf of github Aug 23, 2024

dependabot bot commented on behalf of github Oct 1, 2024

Bump newrelic_rpm from 4.7.1.340 to 9.13.0 #455

Bump newrelic_rpm from 4.7.1.340 to 9.13.0 #455

Conversation

dependabot bot commented on behalf of github Aug 23, 2024

9.13.0

9.13.0-pre

9.12.0

9.12.0-pre

9.11.0

9.11.0-pre

9.10.2

9.10.2-pre

9.10.1

9.10.1-pre

9.10.0

9.10.0-pre

9.9.0

9.9.0-pre

9.8.0

9.8.0-pre

9.7.1

v9.13.0

v9.12.0

dependabot bot commented on behalf of github Oct 1, 2024