Bump newrelic_rpm from 6.7.0.359 to 6.13.1

[dependabot-preview]

Bumps newrelic_rpm from 6.7.0.359 to 6.13.1.

Release notes

Sourced from newrelic_rpm's releases.

6.13.1-pre

Pre-release for 6.13.1

6.13.0 Prerelease

Prerelease version of 6.13.0 used for internal testing.

Changelog

Sourced from newrelic_rpm's changelog.

New Relic Ruby Agent Release Notes

v6.13.1

• Bugfix: obfuscating URLs to external services no longer modifying original URI

  A recent change to the Ruby agent to obfuscate URIs sent to external services had the unintended side-effect of removing query parameters from the original URI. This is fixed to obfuscate while also preserving the original URI.

  Thanks to @VictorJimenezKwast for pinpointing and helpful unit test to demonstrate.

v6.13.0

• Bugfix: never use redirect host when accessing preconnect endpoint

  When connecting to New Relic, the Ruby Agent uses the value in Agent.config[:host] to post a request to the New Relic preconnect endpoint. This endpoint returns a "redirect host" which is the URL to which agents send data from that point on.

  Previously, if the agent needed to reconnect to the collector, it would incorrectly use this redirect host to call the preconnect endpoint, when it should have used the original configured value in Agent.config[:host]. The agent now uses the correct host for all calls to preconnect.

• Bugfix: calling add_custom_attributes no longer modifies the params of the caller

  The previous agent's improvements to recording attributes at the span level had an unexpected side-effect of modifying the params passed to the API call as duplicated attributes were deleted in the process. This is now fixed and params passed in are no longer modified.

  Thanks to Pete Johns (@johnsyweb) for the PR that resolves this bug.

• Bugfix: http.url query parameters spans are now obfuscated

  Previously, the agent was recording the full URL of the external requests, including the query and fragment parts of the URL as part of the attributes on the external request span. This has been fixed so that the URL is obfuscated to filter out potentially sensitive data.

• Use system SSL certificates by default

  The Ruby agent previously used a root SSL/TLS certificate bundle by default. Now the agent will attempt to use the default system certificates, but will fall back to the bundled certs if there is an issue (and log that this occurred).

• Bugfix: reduce allocations for segment attributes

  Previously, every segment received an Attributes object on initialization. The agent now lazily creates attributes on segments, resulting in a significant reduction in object allocations for a typical transaction.

• Bugfix: eliminate errors around Rake::VERSION with Rails

  When running a Rails application with rake tasks, customers could see the following error:

• Prevent connecting agent thread from hanging on shutdown

Commits

• 296134b Merge pull request #453 from newrelic/dev
• bc7e8d0 Update CHANGELOG.md
• 1d95a3d CHANGELOG and VERSION bumped to 6.13.1
• abcdebb Merge pull request #452 from newrelic/query_params_lost_for_external_requests
• 43501ed resolves Issue 451 and possibly 450
• 7efa422 Update README.md
• f55303a infinite-tracing is in sub-folder
• b000bf7 separate run commands to set OTP then publish, take 2
• a4e9187 separate run commands to set OTP then publish
• 121a310 install onetimepass for python
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #91.