From cef669fde5300b84b14aaf8305479f6ea3028295 Mon Sep 17 00:00:00 2001 From: mrickard Date: Wed, 9 Aug 2023 15:11:11 +0000 Subject: [PATCH 1/3] Setting version to v0.6.0. --- merged/nextjs/package-lock.json | 4 ++-- merged/nextjs/package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/merged/nextjs/package-lock.json b/merged/nextjs/package-lock.json index 99fe6235ee..1f755a6fec 100644 --- a/merged/nextjs/package-lock.json +++ b/merged/nextjs/package-lock.json @@ -1,12 +1,12 @@ { "name": "@newrelic/next", - "version": "0.5.2", + "version": "0.6.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@newrelic/next", - "version": "0.5.2", + "version": "0.6.0", "license": "Apache-2.0", "dependencies": { "semver": "^7.3.7" diff --git a/merged/nextjs/package.json b/merged/nextjs/package.json index c7792ac411..615a4aca47 100644 --- a/merged/nextjs/package.json +++ b/merged/nextjs/package.json @@ -1,6 +1,6 @@ { "name": "@newrelic/next", - "version": "0.5.2", + "version": "0.6.0", "description": "Next.js instrumentation for the New Relic Node.js agent. ", "main": "index.js", "scripts": { From 40f3af16faeb3307e12fe67c5332c0b8b00dc22b Mon Sep 17 00:00:00 2001 From: mrickard Date: Wed, 9 Aug 2023 15:11:15 +0000 Subject: [PATCH 2/3] Adds auto-generated release notes. --- merged/nextjs/CHANGELOG.md | 235 +++++++++++++++++++++++++++++++++++++ 1 file changed, 235 insertions(+) diff --git a/merged/nextjs/CHANGELOG.md b/merged/nextjs/CHANGELOG.md index c90ed8a465..980d8adc88 100644 --- a/merged/nextjs/CHANGELOG.md +++ b/merged/nextjs/CHANGELOG.md @@ -1,3 +1,238 @@ +### v0.6.0 (2023-08-09) + +* **BREAKING** - Dropped support for Node 14. + +* Updated instrumentation to no longer record spans for middleware execution. + * Updated instrumentation for api requests to properly extract the params and page. + +* Updated CI to run against versions 16-20. + +* Updated semver and word-wrap to resolve CVEs. + +--- NOTES NEEDS REVIEW --- +Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.2.3 to 7.2.4. +
+Release notes +

Sourced from protobufjs's releases.

+
+

protobufjs: v7.2.4

+

7.2.4 (2023-06-23)

+

Bug Fixes

+
    +
  • do not let setProperty change the prototype (#1899) (e66379f)
    • +
+
+
+
+Changelog +

Sourced from protobufjs's changelog.

+
+

7.2.4 (2023-06-23)

+

Bug Fixes

+
    +
  • do not let setProperty change the prototype (#1899) (e66379f)
    • +
+
+
+
+Commits + +
+
+ + +[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.2.3&new-version=7.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) + +Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. + +[//]: # (dependabot-automerge-start) +[//]: # (dependabot-automerge-end) + +--- + +
+Dependabot commands and options +
+ +You can trigger Dependabot actions by commenting on this PR: +- `@dependabot rebase` will rebase this PR +- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it +- `@dependabot merge` will merge this PR after your CI passes on it +- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it +- `@dependabot cancel merge` will cancel a previously requested merge and block automerging +- `@dependabot reopen` will reopen this PR if it is closed +- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually +- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) +You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/newrelic-node-nextjs/network/alerts). + +
+-------------------------- + +--- NOTES NEEDS REVIEW --- +Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [@aws-sdk/client-lambda](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-lambda). These dependencies needed to be updated together. +Updates `fast-xml-parser` from 4.2.4 to 4.2.5 +
+Changelog +

Sourced from fast-xml-parser's changelog.

+
+

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

+

4.2.5 / 2023-06-22

+
    +
  • change code implementation
    • +
+

4.2.4 / 2023-06-06

+
    +
  • fix security bug
    • +
+

4.2.3 / 2023-06-05

+
    +
  • fix security bug
    • +
+

4.2.2 / 2023-04-18

+
    +
  • fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag
    • +
+

4.2.1 / 2023-04-18

+
    +
  • fix: jpath after unpaired tags
    • +
+

4.2.0 / 2023-04-09

+
    +
  • support updateTag parser property
    • +
+

4.1.4 / 2023-04-08

+
    +
  • update typings to let user create XMLBuilder instance without options (#556) (By Patrick)
    • +
  • fix: IsArray option isn't parsing tags with 0 as value correctly #490 (#557) (By Aleksandr Murashkin)
    • +
  • feature: support oneListGroup to group repeated children tags udder single group
    • +
+

4.1.3 / 2023-02-26

+
    +
  • fix #546: Support complex entity value
    • +
+

4.1.2 / 2023-02-12

+
    +
  • Security Fix
    • +
+

4.1.1 / 2023-02-03

+
    +
  • Fix #540: ignoreAttributes breaks unpairedTags
    • +
  • Refactor XML builder code
    • +
+

4.1.0 / 2023-02-02

+
    +
  • Fix '' in DTD comment throwing an error. (#533) (By Adam Baker)
    • +
  • Set "eNotation" to 'true' as default
    • +
+

4.0.15 / 2023-01-25

+
    +
  • make "eNotation" optional
    • +
+

4.0.14 / 2023-01-22

+
    +
  • fixed: add missed typing "eNotation" to parse values
    • +
+

4.0.13 / 2023-01-07

+ +

4.0.12 / 2022-11-19

+ +
+

... (truncated)

+
+
+Commits + +
+
+ +Updates `@aws-sdk/client-lambda` from 3.358.0 to 3.359.0 +
+Release notes +

Sourced from @​aws-sdk/client-lambda's releases.

+
+

v3.359.0

+

3.359.0(2023-06-23)

+
Chores
+ +
Documentation Changes
+
    +
  • client-verifiedpermissions: Added improved descriptions and new code samples to SDK documentation. (2eb1c550)
    • +
  • client-fsx: Update to Amazon FSx documentation. (daf0eeaa)
    • +
  • client-rds: Documentation improvements for create, describe, and modify DB clusters and DB instances. (8e56fb35)
    • +
+
New Features
+
    +
  • client-devops-guru: This release adds support for encryption via customer managed keys. (89734786)
    • +
+
+
+
+Changelog +

Sourced from @​aws-sdk/client-lambda's changelog.

+
+

3.359.0 (2023-06-23)

+

Note: Version bump only for package @​aws-sdk/client-lambda

+
+
+
+Commits + +
+
+ + +Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. + +[//]: # (dependabot-automerge-start) +[//]: # (dependabot-automerge-end) + +--- + +
+Dependabot commands and options +
+ +You can trigger Dependabot actions by commenting on this PR: +- `@dependabot rebase` will rebase this PR +- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it +- `@dependabot merge` will merge this PR after your CI passes on it +- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it +- `@dependabot cancel merge` will cancel a previously requested merge and block automerging +- `@dependabot reopen` will reopen this PR if it is closed +- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually +- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) +You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/newrelic-node-nextjs/network/alerts). + +
+-------------------------- + +## Changes included in this PR + +- Changes to the following files to upgrade the vulnerable dependencies to a fixed version: + - package.json + - package-lock.json + ### v0.5.2 (2023-06-26) * Fixed Next.js `getServerSideProps` instrumentation to register via `renderToResponseWithComponents` instead of `renderHTML` From 94d6ae003de41d566966e1a0fdc035e916e552bc Mon Sep 17 00:00:00 2001 From: mrickard Date: Wed, 9 Aug 2023 12:07:56 -0400 Subject: [PATCH 3/3] chore: Edited CHANGELOG.md Signed-off-by: mrickard --- merged/nextjs/CHANGELOG.md | 234 +------------------------------------ 1 file changed, 4 insertions(+), 230 deletions(-) diff --git a/merged/nextjs/CHANGELOG.md b/merged/nextjs/CHANGELOG.md index 980d8adc88..d27f9de286 100644 --- a/merged/nextjs/CHANGELOG.md +++ b/merged/nextjs/CHANGELOG.md @@ -1,237 +1,11 @@ ### v0.6.0 (2023-08-09) * **BREAKING** - Dropped support for Node 14. - -* Updated instrumentation to no longer record spans for middleware execution. - * Updated instrumentation for api requests to properly extract the params and page. - +* Added support for Node 20. +* Updated instrumentation to no longer record spans for middleware execution. Middleware instrumentation is now recorded only for Next.js 12.2.0-13.4.12. +* Updated instrumentation for api requests to properly extract the params and page. * Updated CI to run against versions 16-20. - -* Updated semver and word-wrap to resolve CVEs. - ---- NOTES NEEDS REVIEW --- -Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.2.3 to 7.2.4. -
-Release notes -

Sourced from protobufjs's releases.

-
-

protobufjs: v7.2.4

-

7.2.4 (2023-06-23)

-

Bug Fixes

-
    -
  • do not let setProperty change the prototype (#1899) (e66379f)
    • -
-
-
-
-Changelog -

Sourced from protobufjs's changelog.

-
-

7.2.4 (2023-06-23)

-

Bug Fixes

-
    -
  • do not let setProperty change the prototype (#1899) (e66379f)
    • -
-
-
-
-Commits - -
-
- - -[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.2.3&new-version=7.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/newrelic-node-nextjs/network/alerts). - -
--------------------------- - ---- NOTES NEEDS REVIEW --- -Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [@aws-sdk/client-lambda](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-lambda). These dependencies needed to be updated together. -Updates `fast-xml-parser` from 4.2.4 to 4.2.5 -
-Changelog -

Sourced from fast-xml-parser's changelog.

-
-

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

-

4.2.5 / 2023-06-22

-
    -
  • change code implementation
    • -
-

4.2.4 / 2023-06-06

-
    -
  • fix security bug
    • -
-

4.2.3 / 2023-06-05

-
    -
  • fix security bug
    • -
-

4.2.2 / 2023-04-18

-
    -
  • fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag
    • -
-

4.2.1 / 2023-04-18

-
    -
  • fix: jpath after unpaired tags
    • -
-

4.2.0 / 2023-04-09

-
    -
  • support updateTag parser property
    • -
-

4.1.4 / 2023-04-08

-
    -
  • update typings to let user create XMLBuilder instance without options (#556) (By Patrick)
    • -
  • fix: IsArray option isn't parsing tags with 0 as value correctly #490 (#557) (By Aleksandr Murashkin)
    • -
  • feature: support oneListGroup to group repeated children tags udder single group
    • -
-

4.1.3 / 2023-02-26

-
    -
  • fix #546: Support complex entity value
    • -
-

4.1.2 / 2023-02-12

-
    -
  • Security Fix
    • -
-

4.1.1 / 2023-02-03

-
    -
  • Fix #540: ignoreAttributes breaks unpairedTags
    • -
  • Refactor XML builder code
    • -
-

4.1.0 / 2023-02-02

-
    -
  • Fix '' in DTD comment throwing an error. (#533) (By Adam Baker)
    • -
  • Set "eNotation" to 'true' as default
    • -
-

4.0.15 / 2023-01-25

-
    -
  • make "eNotation" optional
    • -
-

4.0.14 / 2023-01-22

-
    -
  • fixed: add missed typing "eNotation" to parse values
    • -
-

4.0.13 / 2023-01-07

- -

4.0.12 / 2022-11-19

- -
-

... (truncated)

-
-
-Commits - -
-
- -Updates `@aws-sdk/client-lambda` from 3.358.0 to 3.359.0 -
-Release notes -

Sourced from @​aws-sdk/client-lambda's releases.

-
-

v3.359.0

-

3.359.0(2023-06-23)

-
Chores
- -
Documentation Changes
-
    -
  • client-verifiedpermissions: Added improved descriptions and new code samples to SDK documentation. (2eb1c550)
    • -
  • client-fsx: Update to Amazon FSx documentation. (daf0eeaa)
    • -
  • client-rds: Documentation improvements for create, describe, and modify DB clusters and DB instances. (8e56fb35)
    • -
-
New Features
-
    -
  • client-devops-guru: This release adds support for encryption via customer managed keys. (89734786)
    • -
-
-
-
-Changelog -

Sourced from @​aws-sdk/client-lambda's changelog.

-
-

3.359.0 (2023-06-23)

-

Note: Version bump only for package @​aws-sdk/client-lambda

-
-
-
-Commits - -
-
- - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/newrelic-node-nextjs/network/alerts). - -
--------------------------- - -## Changes included in this PR - -- Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - - package.json - - package-lock.json +* Updated `semver`, `word-wrap`, `protobuf`, `fast-xml-parser`, and `@aws-sdk/client-lambda` to resolve CVEs. ### v0.5.2 (2023-06-26)