Bump newrelic from 12.25.0 to 13.2.1

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps newrelic from 12.25.0 to 13.2.1.

Release notes

Sourced from newrelic's releases.

v13.2.1

Code refactoring

• Updated agent to use @apm-js-collab/tracing-hooks for the CJS/ESM registration for tracing channel based instrumentation (#3324) (4b2c14f)

Documentation

• Updated compatibility report (#3330) (2831a89)

Support statement:

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date. (https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/update-new-relic-agent/)

See the New Relic Node.js agent EOL policy for information about agent releases and support dates. (https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/nodejs-agent-eol-policy/)

v13.2.0 (2025-08-20)

Features

• Added ability to register Supportability/Features/Instrumentation/OnRequire/<pkg> metrics for subscriber based instrumentation (#3312) (87bfa40)
• Added esm loader hook and commonjs patch to work with orchestrion-js (#3312) (415aeba)
• Added instrumentation for @modelcontextprotocol/sdk client calls client.callTool, client.readResource, and client.getPrompt (#3312) (5d9790b)

Bug fixes

• Fixed logic around detecting OTEL packages (#3326) (4df30e5)
• Updated shimmer.setupSubscribers to properly setup and skip subscribers that are disabled (#3312) (cf5b3ec)

Code refactoring

• Added ability to disable subscribers via config.instrumentation.<pkg-name>.enabled (#3312) (55f8fe7)
• Added ability to prevent creation of segments in subscriber based instrumentation when parent is marked as internal and of the same package (#3322) (91f91c2)
• Removed id parameter from opensearch class (#3312) (8be00ce)
• Updated opensearch instrumentation to subscribe to events emitted (#3312) (9a27a5d)
• Updated elasticsearch instrumentation to subscribe to events emitted (#3312) (a3e2348)
• Updated ioredis instrumentation to subscribe to events emitted (#3312) (90b97d2)
• Updated pino instrumentation to subscribe to events emitted (#3312) (28bbe9f)
• Updated subscribers to have a common createSegment that creates, assigns attributes, starts segment (#3317) (aa3f8d9)
• Updated undici instrumentation to remove its reliance on shim. Also updated storing the relevant segments on context instead of symbols on the request object (#3312) (ec17fa7)

Documentation

• Updated compatibility report (#3313) (749ddc9) (#3304) (cc000a7)

Miscellaneous chores

• change from ending segment to touching for feature parity with shim (#3312) (4d39fc5)
• Updated eslint configuration (#3296) (5c168a6)

... (truncated)

Changelog

Sourced from newrelic's changelog.

{ "repository": "newrelic/node-newrelic", "entries": [ { "version": "13.2.1", "changes": { "security": [], "bugfixes": [], "features": [] } }, { "version": "13.2.0", "changes": { "security": [], "bugfixes": [ "Fixed logic around detecting OTEL packages", "Updated shimmer.setupSubscribers to properly setup and skip subscribers that are disabled" ], "features": [ "Added ability to register Supportability/Features/Instrumentation/OnRequire/<pkg> metrics for subscriber based instrumentation", "Added instrumentation for @modelcontextprotocol/sdk client calls client.callTool, client.readResource, and client.getPrompt", "Added esm loader hook and commonjs patch to work with orchestrion-js" ] } }, { "version": "13.1.0", "changes": { "security": [], "bugfixes": [ "Fixed transaction.url obfuscation" ], "features": [ "Disabled timers instrumentation by default in the sample configuration", "Added supportability metrics when instrumentation has been disabled for a package", "Added support for OTEL logs API" ] } }, { "version": "13.0.0", "changes": { "security": [], "bugfixes": [], "features": [ "Dropped support for Node.js 18", "Updated min supported version for fastify to 3.0.0, pino to 8.0.0, and koa-router to 12.0.0" ] }

... (truncated)

Commits

• 34a423b chore: release v13.2.1 (#3334)
• 4b2c14f refactor: Updated agent to use @apm-js-collab/tracing-hooks for the CJS/ESM...
• 2831a89 docs: Updated compatibility report (#3330)
• de2b1c9 chore: release v13.2.0 (#3329)
• 4df30e5 fix: Fixed logic around detecting OTEL packages (#3326)
• 1f7f733 ci: Change benchmark tests to use TEST_LICENSE (#3325)
• 91f91c2 refactor: Added ability to prevent creation of segments in subscriber based i...
• aa3f8d9 refactor: Updated subscribers to have a common createSegment that creates, as...
• e45ab27 test: Fixed obtaining opensearch package version for older versions we instru...
• 749ddc9 docs: Updated compatibility report (#3313)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @liam-lloyd.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[liam-lloyd]

@dependabot rebase

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.21%. Comparing base (8661588) to head (344275c).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #445   +/-   ##
=======================================
  Coverage   98.21%   98.21%           
=======================================
  Files         101      101           
  Lines        2414     2414           
  Branches      401      401           
=======================================
  Hits         2371     2371           
  Misses         39       39           
  Partials        4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[liam-lloyd]

This is a minor version upgrade (despite the PR title), the tests pass, and I see no red flags in the release notes.

[liam-lloyd]

@dependabot merge