Node.js agent release notesRSS

Improvements

• Optimized unhandledRejection reporting when using async_hooks.
• Replaced all uses of util._extend with Object.assign.
• Completed TODOs regarding the Node 0.10 and 0.12 deprecation.
• Added PriorityQueue serialization benchmarks.

Bug fixes

• The agent no longer resizes the metric timeslice start time to be the earliest start time of the transactions that finish during the timeslice.

• Background transactions created may now be named through API#setTransactionName.

  Previously, the agent didn't respect the transaction naming precedence for background transactions. Background transaction naming behavior is now in line with web transaction behavior.

• Logger no longer tries to create very large log messages.

  When a message is created that would be too large to log, a process warning is emitted.

• The agent will now respect event count limits when merging data from a failed send.

  Previously, when merging data into an event pool the agent wouldn't maintain the size limit of the reservoir.

• Added check for a route prefix when wrapping Hapi route handlers.

  Previously, route prefixes specified via plugin options weren't being included in transaction names. Now, if the agent finds a route prefix associated with a given realm, it is prepended to the route path in the transaction name.

Improvements

• Added PriorityQueue class for collecting events.

  This replaces the Reservoir class for event sampling. Using priority sampling allows the agent to maintain randomness across a given time period while improving the chances that events will be coordinated across Transaction, Error, and Custom event pools.

• The agent will now allow external instrumentation modules to fail in a safe way.

  Previously, the agent would stop running if an externally loaded instrumentation failed for any reason. Due to the way external instrumentations can be updated independently, the agent should allow them to fail and carry on after logging a warning.

• Added the strip_exception_messages.enabled config option.

  The agent can now be configured to redact error messages on collected errors.

• Added the attributes.include_enabled config option.

  The agent can now be configured to disallow attribute include patterns to be specified.

Fixes.

• Updated logic around wrapping route handlers when config object is present.

  Before, the agent would only attempt to wrap config.handler when any config object was present, without defaulting to the root handler if it didn't exist.

Fixes

• BREAKING: Updated the version of https-proxy-agent to v2.x - Dropped support for v0.10 and v0.12 of node.

  The version of https-proxy-agent used in the agent has a known security issue you can read about here: https://snyk.io/vuln/npm:https-proxy-agent:20180402 In order to resolve this issue, the dependency had to be updated to at least v2.2.0, which only supported node versions >=4. The update to this dependency forces the incompatibility of the agent with versions 0.10 and 0.12 of node.

  In order to use use the Node.js agent, please upgrade node to version >=4, or you can continue to use the agent on node versions 0.10 and 0.12 by pinning the agent to v3.

  You can read more about the issue here: https://docs.newrelic.com/docs/using-new-relic/new-relic-security/securi...

Fixes

• Added a type check to attribute validation, restricting values to primitive types (but not undefined).

  Previously the agent was only enforcing byte limits on string values, resulting in overly large arrays being collected. This brings the agent in line with other language agents.

• The DatastoreShim will now respect specified after handlers.

  Previously on methods like DatastoreShim#recordQuery the after handler would be dropped. The property is now correctly propagated to the underlying Shim#record call.

• The agent will now check that a specified parent segment is part of an active segment before running a method under instrumentation.

  Previously the agent would unconditionally run a method under a specified parent. The shim expects the parent to exist and be active, and will throw errors in the case where the parent belongs to an inactive transaction.

New features

• Added newrelic.startSegment(), which replaces newrelic.createTracer().

  This new API method allows you to create custom segments using either callbacks or promises.

Bug fixes

• Fixed bug in pre route config option in Hapi instrumentation.

  Only applies to Hapi v16 and below. The pre handler wrapping was not properly returning in cases when the element was a string referring to a registered server method, and as a result these elements would be replaced with undefined.

New features

• Added @newrelic/koa as a dependency.

  This introduces instrumentation for Koa v2.0.0 or higher. It will be treated as first-party instrumentation within the agent, but publishing it as a separate module allows it to be installed independently according to users' needs.

Improvements

• Refactored instrumentation hooks to work with modules.

  With this change it is now possible to link against external instrumentation modules.

Improvements

• Promise based web framework middleware instrumentation now supports callback based sequencing.

  Previously, a promise based middleware was assumed to continue to the next middleware once the promise it returned resolved. This assumption has been relaxed to allow for a callback to be supplied to the middleware to invoke the next middleware.

Improvements

• Removed the ssl configuration option.

  TLS is now always used in communication with New Relic Servers. The ssl configuration value and NEW_RELIC_USE_SSL environment value are no longer used. Setting either value to anything other than true will result in a warning.

• Security bulletin NR18-05:

  Fixes issue introduced in 2.8.0 where the agent may have captured all transaction attributes, even with High-security mode enabled on the account. This may have included sensitive data attached to transactions.

• All request parameters now prefixed with request.parameters..

  Previously request parameters such as route and query parameters were added as attributes without any name changes. For example /foo?bar=value would add the attribute bar to the transaction. Now this attribute would be named request.parameters.bar.

  Any Insights dashboards, alerts, or other NRQL queries using these attributes must be updated to use the new attribute names.

• Adds support for EU Datacenter

Bug fixes

• Security bulletin NR18-06:

  Fixes issue introduced in 2.8.0 where the agent may have captured all transaction attributes, even with High-security mode enabled on the account. This may have included sensitive data attached to transactions.

• Removed support for agent attributes include/exclude rules.

  These will be coming back in Node Agent v3.0.0. The fix for the above security bulletin required a backwards incompatible change to our attributes.

• Fixed bug in Bluebird instrumentation.

  Some methods were not instrumented correctly. This would cause a problem if a function was passed to these methods.

  Special thanks to Andreas Lind (@papandreou) for helping us find this bug.