Bump github.com/newrelic/go-agent from 2.16.3+incompatible to 3.20.2+incompatible in /backend

[dependabot]

Bumps github.com/newrelic/go-agent from 2.16.3+incompatible to 3.20.2+incompatible.

Release notes

Sourced from github.com/newrelic/go-agent's releases.

Release v3.20.2

3.20.2

Added

• New NoticeExpectedError() method allows you to capture errors that you are expecting to handle, without triggering alerts

Fixed

• More defensive harvest cycle code that will avoid crashing even in the event of a panic.
• Update nats-server version to avoid known zip-slip exploit
• Update labstack/echo version to mitigate known open redirect exploit

Support Statement

New Relic recommends that you upgrade the agent regularly to ensure that you’re getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

We also recommend using the latest version of the Go language. At minimum, you should at least be using no version of Go older than what is supported by the Go team themselves.

See the Go Agent EOL Policy for details about supported versions of the Go Agent and third-party components.

Release 3.20.1

3.20.1

Added

• New integration nrpgx5 v1.0.0 to instrument github.com/jackc/pgx/v5.

Changed

• Changed the following TraceOption function to be consistent with their usage and other related identifier names. The old names remain for backward compatibility, but new code should use the new names.
  • WithIgnoredPrefix -> WithIgnoredPrefixes
  • WithPathPrefix -> WithPathPrefixes
• Implemented better handling of Code Level Metrics reporting when the data (e.g., function names) are excessively long, so that those attributes are suppressed rather than being reported with truncated names. Specifically:
  • Attributes with values longer than 255 characters are dropped.
  • No CLM attributes at all will be attached to a trace if the code.function attribute is empty or is longer than 255 characters.
  • No CLM attributes at all will be attached to a trace if both code.namespace and code.filepath are longer than 255 characters.

Support Statement

New Relic recommends that you upgrade the agent regularly to ensure that you’re getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

We also recommend using the latest version of the Go language. At minimum, you should at least be using no version of Go older than what is supported by the Go team themselves.

See the Go Agent EOL Policy for details about supported versions of the Go Agent and third-party components.

v3.20.0

PLEASE READ these changes, and verify your config settings to ensure your application behaves how you intend it to. This release changes some default behaviors in the go agent.

Added

• The Module Dependency Metrics feature was added. This collects the list of modules imported into your application, to aid in management of your application dependencies, enabling easier vulnerability detection and response, etc.
  • This feature is enabled by default, but may be disabled by explicitly including ConfigModuleDependencyMetricsEnable(false) in your application, or setting the equivalent environment variable or Config field direclty.
  • Modules may be explicitly excluded from the report via the ConfigModuleDependencyMetricsIgnoredPrefixes option.
  • Excluded module names may be redacted via the ConfigModuleDependencyMetricsRedactIgnoredPrefixes option. This is enabled by default.

... (truncated)

Changelog

Sourced from github.com/newrelic/go-agent's changelog.

3.20.2

Added

• New NoticeExpectedError() method allows you to capture errors that you are expecting to handle, without triggering alerts

Fixed

• More defensive harvest cycle code that will avoid crashing even in the event of a panic.
• Update nats-server version to avoid known zip-slip exploit
• Update labstack/echo version to mitigate known open redirect exploit

Support Statement

New Relic recommends that you upgrade the agent regularly to ensure that you’re getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

We also recommend using the latest version of the Go language. At minimum, you should at least be using no version of Go older than what is supported by the Go team themselves.

See the Go Agent EOL Policy for details about supported versions of the Go Agent and third-party components.

3.20.1

Added

• New integration nrpgx5 v1.0.0 to instrument github.com/jackc/pgx/v5.

Changed

• Changed the following TraceOption function to be consistent with their usage and other related identifier names. The old names remain for backward compatibility, but new code should use the new names.
  • WithIgnoredPrefix -> WithIgnoredPrefixes
  • WithPathPrefix -> WithPathPrefixes
• Implemented better handling of Code Level Metrics reporting when the data (e.g., function names) are excessively long, so that those attributes are suppressed rather than being reported with truncated names. Specifically:
  • Attributes with values longer than 255 characters are dropped.
  • No CLM attributes at all will be attached to a trace if the code.function attribute is empty or is longer than 255 characters.
  • No CLM attributes at all will be attached to a trace if both code.namespace and code.filepath are longer than 255 characters.

Support Statement

New Relic recommends that you upgrade the agent regularly to ensure that you’re getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life.

We also recommend using the latest version of the Go language. At minimum, you should at least be using no version of Go older than what is supported by the Go team themselves.

See the Go Agent EOL Policy for details about supported versions of the Go Agent and third-party components.

3.20.0

PLEASE READ these changes, and verify your config settings to ensure your application behaves how you intend it to. This release changes some default behaviors in the go agent.

Added

• The Module Dependency Metrics feature was added. This collects the list of modules imported into your application, to aid in management of your application dependencies, enabling easier vulnerability detection and response, etc.
  • This feature is enabled by default, but may be disabled by explicitly including ConfigModuleDependencyMetricsEnable(false) in your application, or setting the equivalent environment variable or Config field direclty.
  • Modules may be explicitly excluded from the report via the ConfigModuleDependencyMetricsIgnoredPrefixes option.
  • Excluded module names may be redacted via the ConfigModuleDependencyMetricsRedactIgnoredPrefixes option. This is enabled by default.
• Application Log Forwarding will now be ENABLED by default
  • Automatic application log forwarding is now enabled by default. This means that logging frameworks wrapped with one of the logcontext-v2 integrations will automatically send enriched application logs to New Relic with this version of the agent. To learn more about this feature, see the APM logs in context documentation. For additional configuration options, see the Go logs in context documentation. To learn about how to toggle log ingestion on or off by account, see our documentation to disable automatic logging via the UI or API.

... (truncated)

Commits

• b972074 Merge pull request #616 from newrelic/develop
• fbbbb5c Merge pull request #615 from iamemilio/readme
• 9fd0003 Merge pull request #610 from iamemilio/encode_bug
• d824822 Merge pull request #611 from iamemilio/expectedErrors
• dc72e67 Merge pull request #612 from iot-defcon/patch-1
• 649ab73 Merge pull request #613 from iot-defcon/patch-2
• 4f73195 remove direct dependencies from nrecho go mod bump
• dff95d1 set app version to 3.20.2
• 09a58e2 3.20.2 changelog
• 39824ad pull requests must be made against develop
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #754.