newrelic/NEWS.md

New Relic agent

### 4.13.0 (2018-12-20):

* Fixed clearing of active harvest via _stopHarvester()

* Fixed handling of harvest endpoints when not all fail.

* Added agent state "connecting" to indicate when handshake with New Relic servers
  is starting. This can be triggered on startup and restarts.

* Added `--no-package-lock` to `unit` and `integration` rules.

* Released `protocol_17` feature flag.

* The agent now reacts to failed New Relic requests based on response code, as
  opposed to parsing an exception message in the response body.

* Replaced `nsp` with `npm audit` in security checks.

* Collector now specify `application/json` content-type when data is compressed
  instead of `octet-stream`.

* Bumped ecmaVersion in test .eslintrc to 8

### 4.12.0 (2018-12-03):

* Converted error handling in `CollectorAPI` and `RemoteMethod` to callbacks.

  Previously many of the errors were thrown. For consistency with async errors,
  these are now handed to the callback instead of thrown. The old behavior could
  result in a crash under a few circumstances, such as when the agent exceeded a
  configured maximum payload size. These errors came from `RemoteMethod._safeRequest`.
  Since these errors are handed to the callback instead of thrown, this bug is no
  longer a potential.

* Added IP address collection and forwarding of metadata headers for upcoming
  protocol 17.

  These features are currently behind the `protocol_17` feature flag until all
  parts of protocol 17 are implemented.

* Refactored harvest interactions in preparation for protocol 17 status codes.

### 4.11.0 (2018-11-15):

* Changed totalTime attribute to be in decimal seconds instead of milliseconds for
  transaction events.

* Agent no longer produces spans on ignored transactions.

  Previously, the agent would produce distributed tracing span events regardless
  of the ignored status of the transaction the events originated from.

* Extended Restify instrumentation to mark possible transaction names in order to
  account for async response methods.

* Added `protocol_17` feature flag.

  Flag will be removed and protocol will be hard-coded to `17` once functionality
  is released on New Relic backend.

* Added switch statement indenting standard to eslintrc

* This release also includes changes to the agent to enable monitoring of Lambda
  functions. If you are interested in learning more or previewing New Relic Lambda
  monitoring please email lambda_preview@newrelic.com.

* Introduced "warn" level 2 space rule to eslintrc

* Updated `hapi@16` versioned tests to only run on Node 6 and above.

* Upgraded `@newrelic/test-utilities` to v2.

* Pinned mysql2 to `<1.6.2` in versioned tests.

* Added `waitForIdle` option to `API#shutdown`.

  This new option will make the agent wait for all active transactions to finish
  before actually shutting down. This does not pre-empt creation of new transactions,
  so care must be taken to ensure the active transaction pool drains or the agent
  will never shut down.

### 4.10.0 (2018-11-01):

* Added `DatastoreShim#getDatabaseNameFromUseQuery`

  This new method can be used to extract the database name from `USE` SQL queries.

* Added link to CONTRIBUTING.md file in README.md

  Thanks to Yuri Tkachenko (@tamtamchik) for the contribution.

* Added VS Code settings to git ignore.

* Fixed bug preventing Distributed Tracing (DT) from fully functioning when Cross
  Application Tracing (CAT) was disabled.

* The agent will no longer break express routers in the case of using regex paths
  in a list.

  Previously, the agent would overwrite the regex with the source of the regex. The
  agent now makes a copy of the route array and mutates that instead.

* Attributes will now be properly propagated to PageView events.

  The agent may now be configured to pass attributes along to the browser agent.
  The attributes that match the include/exclude rules in the
  `browser_monitor.attributes` section will now be placed on PageView events.

* Renames better-cat integration test organization to be distributed-tracing and
  updated some test verbiage to use DT or distributed tracing instead of CAT or
  cross application tracing.

### 4.9.0 (2018-10-01):

* Updated DT payload creation to use `primary_application_id` from connect response.

* Added protection against functions with modified prototypes in `shim.applySegment`.

* Replaced SQL ID hash generation algorithm with SHA1 instead of MD5 to allow usage
  in FIPS compliant environments.

* Leveraged 16 hex digits for creation of SQL ID.

* Fixed `codec.decode()` callback bug that would re-call a callback with an error
  thrown within the callback.

* Added `superagent` as built-in instrumentation.

  This instrumentation just maintains transaction state when using the `superagent`
  module to make HTTP requests with either callbacks or promises.

* Updated `noticeError` API method to be partially functional in High Security Mode.

  In HSM, any custom attributes will be ignored, but the error will still be tracked.
  This brings the Node agent in line with the behavior of other language agents.

* Upgraded ejs module to get rid of Github security warnings. The ejs module was
  only used for tests and not in main agent code.

* Fixed bug requiring Cross Application Tracing (CAT) to be enabled for Distributed
  Tracing (DT) `createDistributedTracePayload` and `acceptDistributedTracePayload`
  APIs to function. DT configuration will no longer consider CAT configuration.

* Changes DT payload configuration log messages to debug level as it is not uncommon
  for calls to occur before server configuration has been retrieved.

* Converted `net` instrumentation to use shim api.

* Converted child_process instrumentation to newer shim style.

* Converted Timers instrumentation to newer shim style.

* Fixed bug in wrap() that would fail to wrap callbacks if the callback index was 0.

* Added `PromiseShim` class for instrumenting promise libraries.

* Support for setting `transaction_tracer.transaction_threshold` to 0 has been added.

* The agent now respects `NEW_RELIC_TRACER_THRESHOLD`.

  Previously, this environment variable was stored as a string. The environment
  variable is now stored as a float.

* Converted zlib instrumentation to use shim API.

### 4.8.1 (2018-08-27):

* Converted File System instrumentation to use newer shim style.

* Agent instrumentation will no longer interfere with promisification of core
  methods.

  Some core methods expose pre-promisified versions of the methods as a reference
  on the method itself. When instrumenting these methods, it neglected to forward
  these references onto the wrapper function. Now the instrumentation will properly
  forward property look ups to the original method.

* Converted DNS instrumentation to newer shim style.

* Added tracking of callbacks to DNS instrumentation.

* Converted crypto instrumentation to newer shim style.

* Updated domains instrumentation to use an instrumentation shim.

* Refactored the global instrumentation to use the shim API.

* Ported inspector instrumentation to use an instrumentation shim.

* Ported async_hooks based promise instrumentation over to using shims.

* Added shim types for core instrumentations.

* Fixed outbound https call to use example.com to resolve integration test issue.

* Fixed tests for ioredis 4.0.0 and above.

* Improved benchmark comparison output.

* Added `http` benchmark tests.

### 4.8.0 (2018-08-13):

* Added JSON-formatted output to benchmarks to enable automated benchmark comparison.

* Updated the benchmark runner to measure specifically userland CPU overhead.

* Added DatastoreShim benchmarks.

* Fixed MongoDB instrumentation for driver versions greater than 3.0.6.

  Mongo 3.0.6 removed metadata the Agent relied upon to instrument the driver. This
  fixes that by going back to the old method of manually listing all objects and
  methods to instrument.

* Implemented enforcement of `max_payload_size_in_bytes` config value.

  Any payload during the harvest sequence that exceeds the configured limit will
  be discarded.

* Updated MySQL versioned tests to run against the latest release.

### 4.7.0 (2018-07-31):

* Added support for distributed tracing.

  Distributed tracing lets you see the path that a request takes as it travels
  through your distributed system. By showing the distributed activity through a
  unified view, you can troubleshoot and understand a complex system better than
  ever before.

  Distributed tracing is available with an APM Pro or equivalent subscription.
  To see a complete distributed trace, you need to enable the feature on a set of
  neighboring services. Enabling distributed tracing changes the behavior of some
  New Relic features, so carefully consult the [transition guide](https://docs.newrelic.com/docs/transition-guide-distributed-tracing) before
  you enable this feature.

  To enable distributed tracing, set `distributed_tracing.enabled` to `true` in
  your `newrelic.js` file, or set `NEW_RELIC_DISTRIBUTED_TRACING_ENABLED` in your
  environment.

* Added a warning for too-new versions of Node.js during agent startup.

* Appropriately obfuscated SQL statements will now be included in all transaction
  traces.

  Previously, the agent would only include the SQL statements if the corresponding
  query was sufficiently slow.

* Added ability to execute instrumentation functions in the context of the segment
  the segment descriptor is describing.

  All `record*` methods supplied by all instrumentation shim classes now allow for
  a function to be executed under the context of the segment the record call will
  produce. This may be done by supplying a function in the `inContext` key for the
  segment descriptor passed to the record method.

* Reservoirs will now respect setting their size to 0.

### 4.6.0 (2018-07-24):

* Added full support for Node v10.

* Added instrumentation for `crypto.scrypt`.

* Added instrumentation for `fs.realpath.native`.

* Added instrumentation for `process.setUncaughtExceptionCaptureCallback`.

* Updated tests to use `asyncResource.runInAsyncScope` instead of `emitBefore` and
  `emitAfter`

* Pulled `distributed_tracing` config value from behind `feature_flag`.

### 4.5.1 (2018-07-18):

- The agent will now properly remerge event data on collection failure.

  Previously, the agent wouldn't observe the correct format for remerging, causing
  undefined events to be pushed into the reservoir.

### 4.5.0 (2018-07-16):

* Feature flags may now be set from environment variables.

  Using the naming convention `NEW_RELIC_FEATURE_FLAG_<feature flag name in upper
  case>`.

* Transaction events may be harvested in two payloads now.

  This change reduces the occurrence of harvests being rejected due to large
  payloads. Payloads will only be split when they are large (greater than 1/3 the
  maximum).

* Updated Hapi v17 instrumentation to wrap `server` export, in addition to `Server`.

* `ROOT` segment no longer turns into a span event.

* Fixed span collection when transactions are `sampled=false`.

* Removed `grandparentId` from spans.

### 4.4.0 (2018-07-12):

* Added config `utilization` env vars to the `BOOLEAN_VARS` set.

  This ensures that if these boolean config values are set outside of a config file,
  their values are respected, particularly when they are disabled.

* Replaced `trusted_account_ids` array with `trusted_account_key`.

* Added node v10 to the test matrix.

* Converted distributed trace `x-newrelic-trace` header name to `newrelic`.

* Added support for different transport types in distributed tracing.

* Added more tests around priority/sampled attributes on traces and events.

* Lazily calculate transaction priority only when needed.

* Transaction priority is now truncated to 6 decimal places on generation.

* Adaptive sampling now uses the `sampling_target` and
  `sampling_target_period_in_seconds` configuration values.

  With these configurations, the adaptive sampling window is separated from the
  harvest window.

* Removed `nr.tripId` attribute from distributed trace intrinsics.

* Default span events to enabled.

  These are still protected behind `feature_flag.distributed_tracing` which defaults
  to `false`.

### 4.3.0 (2018-07-09):

* Added `nonce` option for `newrelic.getBrowserTimingHeader()`

  This allows people to pass in a string to be injected as the `nonce` property of
  the generated script tag. Special thanks to João Vieira (@joaovieira) for
  contributing this feature!

* Added check to mark Hapi `'onPreResponse'` extensions as error handlers.

  Previously, the agent was unable to mark any Hapi errors as handled, even if they
  were, resulting in inaccurate reporting. This change assumes that `'onPreResponse'`
  extensions act as error handlers, so errors are only reported if they persist to
  the final response.

* Expose the External segment on the `http` request instance for outbound calls.

### 4.2.1 (2018-07-02):

* Fixed issue with tracking external requests to default ports.

  Special thanks to Ryan King for pinpointing the cause of this issue.

* Added extra check for handling arrays of functions when wrapping middleware
  mounters.

  This fixes a bug with the agent incorrectly assuming that arrays passed as the
  first argument in middleware would only contain route paths, causing a fatal error.

* The agent now reports the total time of the transaction on transaction events.

* Added more tests for transaction naming with Restify.

### 4.2.0 (2018-06-19):

* Refactored harvest cycle into separate class.

  This refactoring eases managing harvested data and re-merging unharvested values
  on failure.

* Added seen/sent/dropped supportability metrics for all event collections.

* Updated `WebFrameworkShim` to handle arrays of routes when wrapping middleware
  mounters.

  Previously, a transaction that hit a shared middleware (eg, `app.use(['/one',
  '/two'], ...)`) would always be tagged with `<unknown>` in its name, due to the
  agent not interpreting arrays of paths. Now transaction names will include all
  paths for a shared middleware, comma-delimited, followed by the current route
  (`'WebTransaction/Expressjs/GET//one,/two/one'`).

* Added an option for using the `finally` method on promises for instrumentation.

  The promise instrumentation would use `Promise#finally` if available. This change
  is in response to Node v10 promises calling `then` inside their `finally` method,
  which caused infinite recursion in the agent's promise instrumentation.

* No longer download gcc on test suites that do not require it.

* Added `url` parameter to `http` external segments.

* Renamed request parameters on external segments.

  Previously these were named just the parameter name (e.g. `/foo?bar=baz` would
  become the parameter `"bar": "baz"`). Now they are prefixed with
  `request.parameter`. (e.g. `"request.parameter.bar": "baz"`).

* Added `EventAggregator` base class.

  The `ErrorAggregator` class was refactored and most generic event aggregation
  logic was moved to the new `EventAggregator` class.

* Added `SpanEvent` and `SpanAggregator` classes.

* Added Span event generation to the trace `end` method.

* Added Span events to harvest cycle steps.

### 4.1.5 (2018-06-11):

* Make `require()` statements explicitly reference `package.json` as a `.json` file.

  This solves a problem when requiring/importing newrelic from a Typescript file.
  Thanks @guyellis for the submission!

* Check if `process.mainModule.filename` exists before using in missing config file
  check.

  When the agent is preloaded with Node's `--require` flag, `mainModule` is not yet
  defined when the agent checks for a config file, resulting in a `TypeError` in
  the event that no config file exists. Defaulting to the file path being executed
  in `process.argv` ensures that the app will not crash when preloaded without a
  config file.

* Updated dev dependency `tap` to v12.0.1.

* Fixed identification of errors with express.

  Previously the call `next('router')` was considered an error. This is actually
  valid usage of express and will no longer generate an error.

* Removed `debug.internal_metrics` configuration.

  This legacy debug configuration was never used since trace-level logging provides
  everything this did and more.

* Upgraded optional dependency `@newrelic/native-metrics` to v3.

  With this update comes pre-built binaries for Node 5 and 7. GC metrics are also
  now aggregated in C++ until the agent is ready to harvest them instead of hopping
  into JS for each event.

* Added additional checks to `uninstrumented` ensuring that files with names
  matching instrumented modules do not result in a false uninstrumented status.

  For example, some users load config/env info before the agent. In that case, a
  file responsible for exporting DB config information (`config/redis.js`), may
  result in a false `uninstrumented` status, because the agent would interpret
  `redis.js` as the module itself.

* Moved `computeSampled` call to `Transaction` constructor.

  Previously it was only called in `createDistributedTracePayload`, but this
  gives all transactions a `sampled` value, and potentially a boosted priority.

### 4.1.4 (2018-06-04):

* Transaction stubs are now created properly in `api#getTransaction`

  During a refactor to use classes for the `TransactionHandle` class, the
  `TransactionHandleStub` was converted into a class. This change in interface
  wasn't reflected in the use around the agent and would pass back the class
  instead of an instance.

  Big shoutout to Roy Miloh (@roymiloh) for submitting the fix to this!

* Upgraded dev dependency `chai` to version 4.

### 4.1.3 (2018-05-29):

* Fixed metric merging when using `debug.internal_metrics`.

  The debug metrics cache would cause timestamps for harvested metrics to get stuck
  at agent startup. This will no longer happen, and the debug cache is reset each
  harvest.

* Modularlized configuration constants to improve readability.

* Added `distributed_tracing` feature flag.

* Added `acceptDistributedTracePayload` method to `Transaction`.

* Added `createDistributedTracePayload` method to `Transaction`.

* Updated `Agent#recordSupportability` to not include `Nodejs/` in the default metric name.

* Added distributed tracing methods to `TransactionHandle`.

* Added distributed tracing cases for `http` and `other` metric recorders.

* Implemented `_addDistributedTraceInstrinsics` on `Transaction`.

  If the `distributed_tracing` feature flag is enabled, the agent will ignore old
  CAT attributes in favor of distributed trace–related ones.

* Added integration tests around better CAT functionality.

### 4.1.2 (2018-05-22):

* Fixed access to properties on promisified methods.

  Thanks to John Morrison (@jrgm) for pointing this out and providing a
  reproduction.

* Updated use of `fs.unlink` without a callback to `fs.unlinkSync`.

  As of Node v10, the callback is [no longer optional](https://nodejs.org/dist/latest-v10.x/docs/api/fs.html#fs_fs_unlink_path_callback), which was causing a false
  test failure.

### 4.1.1 (2018-05-14):

* Logger no longer tries to create very large log messages.

  When a message is created that would be too large to log, a process warning is
  emitted.

* Optimized `unhandledRejection` reporting when using `async_hooks`.

* The agent no longer resizes the metric timeslice start time to be the earliest
  start time of the transactions that finish during the timeslice.

* Replaced all uses of `util._extend` with `Object.assign`.

* Background transactions created may now be named through `API#setTransactionName`.

  Previously, the agent didn't respect the transaction naming precedence for
  background transactions. Background transaction naming behavior is now in line
  with web transaction behavior.

* Completed TODOs regarding the Node 0.10 and 0.12 deprecation.

* Added PriorityQueue serialization benchmarks.

* Added check for a route prefix when wrapping Hapi route handlers.

  Previously, route prefixes specified via plugin options weren't being included
  in transaction names. Now, if the agent finds a route prefix associated with a
  given realm, it is prepended to the route path in the transaction name.

* The agent will now respect event count limits when merging data from a failed send.

  Previously, when merging data into an event pool the agent wouldn't maintain the
  size limit of the reservoir.

### 4.1.0 (2018-04-23):

* Updated logic around wrapping route handlers when `config` object is present.

  Before, the agent would only attempt to wrap `config.handler` when any `config`
  object was present, without defaulting to the root `handler` if it didn't exist.

* Added `PriorityQueue` class for collecting events.

  This replaces the `Reservoir` class for event sampling. Using priority sampling
  allows the agent to maintain randomness across a given time period while
  improving the chances that events will be coordinated across Transaction, Error,
  and Custom event pools.

* The agent will now allow external instrumentation modules to fail in a safe way.

  Previously, the agent would stop running if an externally loaded instrumentation
  failed for any reason. Due to the way external instrumentations can be updated
  independently, the agent should allow them to fail and carry on after logging a
  warning.

* Added the `strip_exception_messages.enabled` config option.

  The agent can now be configured to redact error messages on collected errors.

* Added the `attributes.include_enabled` config option.

  The agent can now be configured to disallow attribute include patterns to be
  specified.

### 4.0.0 (2018-04-12):

* BREAKING: Updated the version of `https-proxy-agent` to v2.x - Dropped support
  for v0.10 and v0.12 of node.

  The version of `https-proxy-agent` used in the agent has a known security
  issue you can read about here: https://snyk.io/vuln/npm:https-proxy-agent:20180402
  In order to resolve this issue, the dependency had to be updated to at least
  v2.2.0, which only supported node versions >=4.  The update to this dependency
  forces the incompatibility of the agent with versions 0.10 and 0.12 of Node.

  In order to use use the Node.js agent, please upgrade node to version >=4, or you can
  continue to use the agent on Node versions 0.10 and 0.12 by pinning the agent
  to v3.

  You can read more about the issue here: https://docs.newrelic.com/docs/using-new-relic/new-relic-security/security-bulletins/security-bulletin-nr18-08

### 3.3.1 (2018-04-10):

* Added a type check to attribute validation, restricting values to primitive types
  (but not `undefined`).

  Previously the agent was only enforcing byte limits on string values, resulting
  in overly large arrays being collected. This brings the agent in line with other
  language agents.

* The `DatastoreShim` will now respect specified `after` handlers.

  Previously on methods like `DatastoreShim#recordQuery` the `after` handler would
  be dropped. The property is now correctly propagated to the underlying
  `Shim#record` call.

* The agent will now check that a specified parent segment is part of an active
  segment before running a method under instrumentation.

  Previously the agent would unconditionally run a method under a specified
  parent. The shim expects the parent to exist and be active, and will throw
  errors in the case where the parent belongs to an inactive transaction.

### 3.3.0 (2018-03-27):

* Added `newrelic.startSegment()` which replaces `newrelic.createTracer()`.

  This new API method allows you to create custom segments using either callbacks
  or promises.

* Fixed bug in `pre` route config option in Hapi instrumentation.

  Only applies to Hapi v16 and below. The `pre` handler wrapping was not properly
  returning in cases when the element was a string referring to a registered server
  method, and as a result these elements would be replaced with `undefined`.

### 3.2.0 (2018-03-14):

* Added [`@newrelic/koa`](https://github.com/newrelic/node-newrelic-koa) as a
  dependency.

  This introduces instrumentation for **Koa v2.0.0** or higher. It will be treated
  as first-party instrumentation within the agent, but publishing it as a
  separate module allows it to be installed independently according to users' needs.

* Refactored instrumentation hooks to work with modules.

  With this change it is now possible to link against external instrumentation
  modules.

### 3.1.0 (2018-03-13):

* Promise based web framework middleware instrumentation now supports callback
  based sequencing.

  Previously, a promise based middleware was assumed to continue to the next
  middleware once the promise it returned resolved.  This assumption has been
  relaxed to allow for a callback to be supplied to the middleware to invoke the
  next middleware.

### 3.0.0 (2018-03-06):

* Removed the `ssl` configuration option.

  TLS is now always used in communication with New Relic Servers. The `ssl`
  configuration value and `NEW_RELIC_USE_SSL` environment value are no longer
  used. Setting either value to anything other than `true` will result in a
  warning.

* Security bulletin [NR18-05](https://docs.newrelic.com/docs/accounts-partnerships/new-relic-security/security-bulletins/security-bulletin-nr18-06):

  Fixes issue introduced in 2.8.0 where the agent may have captured all
  transaction attributes, even with High Security Mode enabled on the account.
  This may have included sensitive data attached to transactions.

* All request parameters now prefixed with `request.parameters.`.

  Previously request parameters such as route and query parameters were added
  as attributes without any name changes. For example `/foo?bar=value` would add
  the attribute `bar` to the transaction. Now this attribute would be named
  `request.parameters.bar`.

  Any Insights dashboards, alerts, or other NRQL queries using these attributes
  must be updated to use the new attribute names.

### 2.9.1 (2018-03-05):

* Security bulletin [NR18-05](https://docs.newrelic.com/docs/accounts-partnerships/new-relic-security/security-bulletins/security-bulletin-nr18-06):

  Fixes issue introduced in 2.8.0 where the agent may have captured all
  transaction attributes, even with High Security Mode enabled on the account.
  This may have included sensitive data attached to transactions.

* Removed support for agent attributes include/exclude rules.

  These will be coming back in Node Agent v3.0.0. The fix for the above security
  bulletin required a backwards incompatible change to our attributes.

* Fixed bug in Bluebird instrumentation.

  Some methods were not instrumented correctly. This would cause a problem if a
  function was passed to these methods.

  Special thanks to Andreas Lind (@papandreou) for helping us find this bug.

### 2.9.0 (2018-02-27):

* Added the `WebFrameworkShim#savePossibleTransactionName` method.

  This method may be used to mark the current running middleware as a potential
  responder. `savePossibleTransactionName` should be used if a middleware can't
  be determined to be a terminal middleware while it executes, but may be
  responsible for responding after execution has finished.

* Fixed `dns.resolve` results assertion.

* Added check for `parentSegment` in `async_hooks` instrumentation, to help
  ensure that transaction context is maintained.

* Expanded `async_hooks` tests around maintain transaction context.

* Added Koa to metric naming objects.

* Added `callback` prop to `middlewareWithPromiseRecorder` return spec.

  While we aren't actually wrapping any callback, this is a workaround that gives
  us access to the active segment. This ensures that all segments inside Koa
  transaction traces are named correctly, particularly in cases when transaction
  context may be lost.

* Updated `after` prop in `middlewareWithPromiseRecorder` return spec to set
  `txInfo.errorHandled = true` in cases when there is no error.

  Because Koa has no concept of errorware in the same sense as Express or Connect
  (`(err, req, res, next)`), the agent now assumes if a middleware resolves, any
  error that may have occurred can be marked as handled.

* Upgraded `tap` dev dependency to v10.

* Added a check for the function's prototype in `shim#wrapReturn`.

  The agent used to throw if a function with no prototype was passed into
  `wrapReturn`, then `bind` was called on the wrapper.

### 2.8.0 (2018-02-21):

* Added instrumentation support for MongoDB version 3.

  Version 3 of [mongodb](https://npmjs.org/package/mongodb) is now supported.
  Previously datastore host information (instance metrics) was incorrectly
  captured by the agent with `mongodb` v3. This has been fixed and all features
  should be functional now.

* Enable certain agent attributes when high security mode is enabled.

  During the switch from the old `capture_params`/`ignored_params` to the new
  attribute include/exclude rules, high security mode was over-zealous in what
  attributes it disallowed. This has been trimmed back to be in line with other
  agents.

* Updated documentation for `apdex_t` setting and removed environment variable.

  This was never configurable on client side and the documentation was misleading.

* Documented environment variables for `slow_sql` configurations.

  Thanks to Olivier Tassinari (@oliviertassinari) for the update!

* Updated `hapi/hapi-pre-17/package.json` to run `errors.tap.js` in more versions.

* Added internal cache to unwrapped core modules for agent use.

* Improved logging around environment facts gathering.

### 2.7.1 (2018-02-08):

* Change `attributes.enabled` to `true` by default.

  In the previous version we defaulted this to `false` to maintain parity with
  `capture_params` which defaulted to `false`. However, this is a invalid parity
  because `attribute.enabled` controls more attributes than `capture_params`.

* The agent will no longer generate browser data for ignored transactions.

* Removed unnecessary checks around `Timer.unref()` calls.

  `unref` has been supported since Node v0.9, meaning it will always be present
  in timers set by the agent (with 0.10 being the earliest supported version).

* Expanded Hapi instrumentation to support route [`pre` handlers](https://github.com/hapijs/hapi/blob/v16/API.md#route-prerequisites).

  This is a Hapi route config option that was previously uninstrumented, causing
  transaction names to become invalid. This expanded instrumentation ensures
  that all additional handlers are wrapped and associated with the main route.

* Added a split in the node versions for the `mysql2` and `cassandra` versioned
  tests.

  As of `mysql2` v1.3.1 and `cassandra` v3.4.0 the minimum supported version of
  Node is 4.

* Replaced as many instances of `{}` as possible with `Object.create(null)`.

* Removed extraneous logger arg in `addCustomAttribute` call.

### 2.7.0 (2018-02-01):

* Added agent attribute filtering via include and exclude rules.

  Agent attributes can now be controlled using fine grained include and exclude
  rules. These rules, described below, replace `capture_params` and
  `ignored_params`. Any attributes listed in `ignored_params` will be migrated
  to `attributes.exclude` internally, unless `attributes.exclude` is explicitly
  set.

  There are three new configuration properties added to the root config and
  each destination (more on destinations later). These new configurations are:

  * `attributes.enabled` - Enables collection of attributes for the destination.
  * `attributes.include` - A list of attributes or wildcard rules to include.
  * `attributes.exclude` - A list of attributes or wildcard rules to exclude.

  The include and exclude rules can be exact rules (for example
  `request.headers.contentLength`), or wildcard rules which match just the
  beginning of attribute keys (for example `request.headers.*` would match any
  request header).

  These rules can be specified globally at the root of the configuration, or
  for specific destinations. These destinations are:

  * `transaction_tracer` - Controls transaction trace attributes.
  * `transaction_events` - Controls transaction event attributes.
  * `error_collector` - Controls error event attributes.
  * `browser_monitoring` - Controls browser/RUM transaction attributes.

* Renamed `addCustomParameter` to `addCustomAttribute`.

  The `addCustomParameter` method is now deprecated and will be removed in a
  future release of the agent. The `addCustomAttribute` method is a drop-in
  replacement for it.

* Added cache to agent attribute filtering.

  To minimize the overhead of applying attribute rules, the agent caches results
  of filtering specific attribute keys and destinations. The cache is limited to
  1000 destination-key pairs by default but can be configured with
  `attributes.filter_cache_limit`. This cache offers a 10x improvement for
  applying filter rules for cache-hits.

* Added limits for agent attributes to keep monitoring overhead down.

  Attribute keys and values are limited to 255 bytes each. Keys which are larger
  than 255 bytes are dropped, and a warning message is logged. Values larger
  than 255 bytes are truncated to 255 bytes, respecting multi-byte UTF-8
  encoding. Custom attributes are limited to 64 per transaction. Attributes
  beyond the 64th are silently ignored.

* Added `allow_all_headers` to config options and updated `http` instrumentation.

  When set to `true`, the agent will collect all request headers. This collection
  respects the agent attribute include and exclude rules. A default set of
  exclusion rules are provided in `newrelic.js`. These rules exclude all cookies
  and authentication headers.

* The agent will no longer crash when `crypto.DEFAULT_ENCODING` has been changed.

  Previously, the agent would assume the result of `hash.digest()` was an
  instance of a Buffer. If `crypto.DEFAULT_ENCODING` is changed, `hash.digest()`
  will return a string and the agent would crash.  The agent now ensures that
  the value is a Buffer instance before moving on.

* Renamed `request_uri` attribute to `request.uri`.

  This brings the attribute name in line with all other request attributes.

* Updated `https-proxy-agent` dependency from `^0.3.5` to `^0.3.6`.

* Updated versioned tests where applicable to ensure most minor versions of
  instrumented modules work as expected.

* Fixed stalling test for v1 line of Mongo driver.

* Added tests verifying Hapi 404 transactions result in correctly named metrics.

  The Hapi instrumentation was doing the correct thing, but we did not have tests
  for this specific case.

* Fixed error if `process.config.variables.node_prefix` missing.

  If `process.config.variables.node_prefix` is falsey (which can happen if using
  electron, leading to this issue https://discuss.newrelic.com/t/new-relic-on-electron-nodejs/53601)
  the `getGlobalPackages` function in `lib/environment.js` will give an err when
  it shouldn't.

  Thanks to Jarred Filmer (@BrighTide) for the fix!

* Segments may now be flagged as opaque, causing internal segments to be omitted
  from the transaction trace.

* Added error to collector connection failure log message.

### 2.6.1 (2018-01-18):

* Fixed naming bug in Restify instrumentation regarding parameters to `next`.

  The instrumentation previously considered any truthy value passed to `next` to
  be an error. It is possible to pass a string or boolean to `next` in Restify
  to control further routing of the request. This would cause the middleware's
  mounting path to be erroneously appended to the transaction name.

* Fixed access to `bluebird.coroutine.addYieldHandler`.

  This was accidentally not copied by our instrumentation making access to the
  function fail. This has been resolved and tests expanded to ensure no other
  properties were missed.

* Added regression test for promise instrumentation and stack overflows.

### 2.6.0 (2018-01-09):

* Fixed a crashing error in the hapi instrumentation.

  When recording the execution of an extension listening to a server event
  (e.g. 'onPreStart') the agent would crash due to the lack of a `raw` property
  on the first argument passed to the extension handler. The agent now checks
  the event before wrapping the extension handler, and checks for the existence
  of the `raw` property before attempting to dereference off it.

* Fixed an incompatibility with the npm module `mimic-response`.

  The agent's HTTP instrumentation previously did not play well with the way
  `mimic-response` copied properties from an `http.IncomingMessage`. This caused
  modules that relied on that, such as `got`, to hang.

* Refactored promise instrumentation.

  This new instrumentation is far more performant than the previous and
  maintains a more sensible trace structure under a wider range of sequences.

* Added `transaction_tracer.hide_internals` configuration.

  This configuration controls the enumerability of the internal properties the
  agent. Making these properties non-enumerable can have an impact on the
  performance of the agent. Disabling this option may decrease agent overhead.

* Added concurrent environment scanning, limited to 2 reads at a time.

  This improves the performance of dependency scanning at agent startup,
  allowing the agent to connect to our services more quickly.

* Refactored instrumentation tests to run against wide range of module versions.

  Instrumentation tests will be run against all supported major versions of
  every instrumented module. For releases, we will test against every supported
  minor version of the modules. This vastly improves our test coverage and
  should reduce the instances of regressions for specific versions of modules.

* Added tests for _all_ of bluebird's promise methods.

  These tests ensure that we 100% instrument bluebird. Some gaps in
  instrumentation were found and fixed. Anyone using bluebird should upgrade.

* Fixed naming rule testing tool to use same url scrubbing as the agent itself.

### 2.5.0 (2018-01-03):
* Added hapi v17 instrumentation

  Hapi v17 added support for promise-based middleware which broke transaction
  tracking in the agent.  This caused issues in naming, as the agent will name
  the transaction after the path to the middleware that responded to a request.

* Added instrumentation for `vision@5`

  Due to the way `vision` is mounted to the hapi server when using hapi v17.x,
  the agent's instrumentation would not pick up on the middleware being mounted.
  This new instrumentation now correctly times rendering done in the `vision`
  middleware.

* Added `unwrapOnce` method to shim object

  This new method can be used to unwrap a single layer of instrumentation.
  `unwrapOnce` is useful in cases where multiple instrumentations wrap the same
  method and unwrapping of the top level is required.

* Added `isErrorWare` checks around `nameState.appendPath`/`nameState.popPath`
  calls to avoid doubling up paths in transaction names

  Previously, the agent would append its transaction name with the path fragment
  where an error handler middleware was mounted.  The extraneous path fragment
  will now be omitted, and the transaction will be named properly after the
  middleware that threw the error.

* Added `parent` property to webframework-shim segment description

* Added support for pg-latest on Node 5 or higher

* Fixed creating supportability metric when mysql2 goes uninstrumented.

* Added a `segmentStack.pop`to the middleware `after` in cases when an error is
  caught and there is no next handler

* Fixed determining parents for middleware segments when transaction state is
  lost and reinstated

* Refactored existing hapi instrumentation for different `server.ext()`
  invocations

* Refactored webframework-shim `_recordMiddleware` to construct different
  segment descriptions for callback- or promise-based middleware

* Added check to `_recordMiddleware` to avoid prepending a slash if original
  `route` is an array

* Changed logic in http instrumentation to attach `response.status` to the
  transaction as a string

* Updated `startWebTransaction` and `startBackgroundTransaction` to add nested
  transactions as segments to parent transactions

* Updated `node-postgres@^6` versioned tests to avoid deprecation warning on
  direct module `connect` and `end` calls

* Fixed running domain tests on Node 9.3.0.

* Improved logging for CAT headers and transaction name-state management.

* All `json-safe-stringify` calls now wrapped in `try/catch`

* Removed `lib/util/safe-json`

### 2.4.2 (2017-12-12):
* Added Peter Svetlichny to the contributors list!

* Optimized `NameState#getPath`.

* Optimized `shim.record`.

* Optimized `shim.recordMiddleware`.

* Upgraded `eslint` to v4.

* Fixed parsing SQL for queries containing newlines.

### 2.4.1 (2017-11-28):
* Added promise benchmarks to test non-async_hooks instrumentation.

* Added logging for external calls made outside of a transaction.

* Added logging for when `unhandledRejection` is noticed.

* Improved performance of creating and merging metrics.

* Improved performance of `tracer.bindFunction`.

* Moved `require` calls for vendor metadata to module-level.

* Removed try-catch around internal property setting on older versions of Node.

### 2.4.0 (2017-11-15):
* Instrumentation will now only modify the arity of wrapped functions when needed.

  This can be controlled with the `matchArity` property on a `WrapSpec`.
  Disabling arity matching has a significant, positive impact on the performance
  of instrumentation.

* Added benchmarks for shimmer methods.

* Pinned hapi tests at v16 due to incompatibility in hapi v17 with Node.js
  versions <8.

* The agent's parsed queries will now only hold onto the stack that the query
  was made at, instead of an error object instance.

  Previously, the parsed query objects would hold onto an error instance, which
  would in turn hold onto references to all the functions in the stack when the
  error was created. This could cause memory issues if the functions were
  holding onto references to other pieces of data.

* Revert wrapping of `https` for Node `^8.9.1`.

  The original cause for this problem was reverted by Node.

### 2.3.2 (2017-11-02):

* Fixed a bug with Node >=8.9 that prevented https externals from being recorded.

* Added Node 9 to test suite.

* Removed problematic tests for ancient version of Hapi (7.1).

* Document purpose of `throw` in tracer to prevent developer confusion.

* Added script for running agent micro benchmarks.

* Added benchmarks for all the `Shim` and `Tracer` methods.

### 2.3.1 (2017-10-24):
* Agent will attempt to reconnect to the collector forever after backing off to
  5 minute delays.

* Refactored environment scan to improve startup time and fix cyclical symlink
  resolving.

### 2.3.0 (2017-10-16):
* The agent will now support the `await` keyword by default.

* Added cases for omitting the agent with and without async hooks to the async
  hooks microbenchmark.

* Pinned version of Mocha to 3.x due to the incompatibility of Mocha v4 and Node
  v0.10 and v0.12.

* Added benchmark for performance of function wrapping.

* Added GC information to async_hooks benchmark.

* Improved trace-level logging for capturing queries.

### v2.2.2 (2017-09-26):
* Hapi handlers will now preserve the defaults associated with them.

  Previously when wrapping handlers, the agent would drop the associated defaults on
  the ground, these are now properly forwarded to the wrapper.  Big thanks to Sean
  Parmelee (@seanparmelee) for finding the root cause of this bug and reporting it!

* Pinned `request` version for testing old versions of Node.

* Added tests for feature flags created at agent initialization.

* Fixed starting the agent with an invalid process version.

### v2.2.1 (2017-09-11):
* Added metrics for enabled/disabled feature flags.

* Fixed transaction naming for Hapi plugins.

  Thanks Marc Höffl (@KeKs0r) for providing a reproduction!

### v2.2.0 (2017-08-22):
* Added support for ignoring ranges of status codes.

  The configuration `error_collector.ignore_status_codes` can now take ranges
  of numbers. For example, `ignore_status_codes: ['400-404']` would ignore 400,
  401, 402, 403, and 404.

* Fixed a bug when a custom collector port was provided in the configuration
  that prevented redirected connections from working.

* Fixed a bug in `Shim#record` that could cause an exception when trying to
  create a new segment as part of an ended/inactive transaction.

* Fixed issue with custom Hapi handlers causing an error.

  Previously custom Hapi handlers defined using the `server.handler()` method
  were causing the Hapi server to return a 500 error. Now they are correctly
  handled and recorded as middleware functions.

* Transaction state is now maintained in `ChildProcess` event listeners.

* Updated examples and documentation regarding custom transaction creation.

  All examples and documentation now point at the `newrelic.start*Transaction`
  methods.

* Reducing logging verbosity in the SQL query obfuscator.

* Experimental instrumentation for `async/await`

  This is experimental instrumentation and has not yet been tested in a wide
  array of production environments. The feature is currently off by default
  behind a feature flag. To enable this experimental instrumentation, add
  `await_support: true` to the `feature_flag` setting in your agent config
  file.

### v2.1.0 (2017-08-08):
* Improved metadata collection for AWS, Azure, GCE, and Pivotal Cloud Foundry.

* Fixed a bug in PG query obfuscation for `$` placeholders.

  The agent used to mis-detect `$1` value placeholders as unmatched
  dollar-quoted strings causing the whole query to be obfuscated to just `?`.
  These placeholders are now correctly detected and obfuscated.

### v2.0.2 (2017-08-01):
* Improved documentation for `newrelic.start*Transaction` and `TransactionHandle.`

  Formatting for the `startWebTransaction` and `startBackgroundTransaction`
  methods was fixed and documentation for the `TransactionHandle` class which
  `getTransaction` returns was added.

* Fixed parsing the table name from SQL queries.

  Quotes around the table name are now stripped after parsing the query and
  before constructing the metrics.

* Fixed unhandled rejection error caused by `ioredis` instrumentation.

### v2.0.1 (2017-07-25):
* Fixed issue with transaction events not including correct duration values.

  This issue was introduced in v2.0.0, and it has affected web transactions histogram
  and percentile charts.

* Fixed issue with Redis instrumentation causing the agent to crash in some cases.

  Previously, the Redis instrumentation would crash the agent when Redis commands were
  called without a callback and after the transaction has ended.

* Fixed issue with the agent crashing on Node v4.0-4.4 and v5.0-5.9.

  This issue was caused by incorrect shim for Buffer.from(), and it affected older minor
  versions of Node v4 and v5.

### v2.0.0 (2017-07-17):
* [The New Relic Node Agent v2 is here!](https://blog.newrelic.com/2017/07/18/nodejs-agent-v2-api/)

  This release contains major changes to the agent instrumentation API, making
  it easier to create and distribute your own instrumentation for third party
  modules. Check out [Upgrade the Node agent](https://docs.newrelic.com/docs/agents/nodejs-agent/installation-configuration/upgrade-nodejs-agent)
  or the [Migration Guide](./Migration%20Guide.md) for more information on
  upgrading your application to this version.

* BREAKING: Reversed naming and ignore rules.

  Naming rules are now applied in the order they are defined.

* BREAKING: De-duplicated HTTP request transactions.

  Only one transaction is created per `request` event emitted by an HTTP server.
  Previously this was one transaction per listener per event emitted.

* BREAKING: Stopped swallowing outbound request errors.

  Errors emitted by outbound HTTP requests will no longer be swallowed by the
  agent.

* BREAKING: Node v0.8 is no longer supported. Minimum version is now v0.10.

  The v1 agent will continue to support Node 0.8 but will no longer receive
  updates.

* BREAKING: npm v1 is no longer supported. Minimum version is now v2.0.0.

* Added API for writing messaging framework instrumentation.

  Introduced new `MessageShim` class for writing instrumentation. This shim
  can be accessed using the `newrelic.instrumentMessages()` API method.

* Added `amqplib` instrumentation.

  Applications driven by `amqplib` consumers will now have transactions
  automatically created for consumed messages. See
  [Troubleshoot message consumers](https://docs.newrelic.com/docs/agents/nodejs-agent/troubleshooting/troubleshoot-message-consumers)
  for more information on this instrumentation and its limitations.

* Advanced instrumentation API is now generally available.

  New methods for instrumenting common modules were introduced during the Agent
  v2 beta. These APIs are now available to everyone:

  * `newrelic.instrument()`/`Shim`: This method can be used to instrument
    generic modules, such as connection pooling libraries, task schedulers, or
    anything else not covered by a specialized class.

  * `newrelic.instrumentDatastore()`/`DatastoreShim`: This method is good for
    instrumenting datastore modules such as `mongodb`, `mysql`, or `pg`.

  * `newrelic.instrumentWebframework()`/`WebFrameworkShim`: This method is
    used for instrumenting web frameworks like `restify` or `express`.

  Documentation and tutorials for the new API can be found on our GitHub
  documentation page: http://newrelic.github.io/node-newrelic/docs/

* Rewrote built-in instrumentation using the new `Shim` classes.

  The following i