From a0d2e781b95dd689e3f8e6f0925365571cd3262c Mon Sep 17 00:00:00 2001 From: bizob2828 Date: Wed, 19 Apr 2023 16:19:39 +0000 Subject: [PATCH 1/3] Setting version to v7.2.0. --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index b326231..b60ff22 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@newrelic/koa", - "version": "7.1.1", + "version": "7.2.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@newrelic/koa", - "version": "7.1.1", + "version": "7.2.0", "license": "Apache-2.0", "devDependencies": { "@koa/router": "^8.0.0", diff --git a/package.json b/package.json index 6c2b89d..72538fa 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@newrelic/koa", - "version": "7.1.1", + "version": "7.2.0", "description": "Koa instrumentation for the New Relic Node agent", "main": "index.js", "directories": { From d27ed87352e80b6e9258f97125c5a46da1247bb5 Mon Sep 17 00:00:00 2001 From: bizob2828 Date: Wed, 19 Apr 2023 16:19:43 +0000 Subject: [PATCH 2/3] Adds auto-generated release notes. --- NEWS.md | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/NEWS.md b/NEWS.md index b5c9cb0..28f3303 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,94 @@ +### v7.2.0 (2023-04-19) + +* Updates the registration of instrumentation to indicate that it will share a shim instance id for checking if items are wrapped. + +* Update README header image to latest OSS office required images + +* Fixed dead links in the docs. + +--- NOTES NEEDS REVIEW --- +Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2. +
+Release notes +

Sourced from json5's releases.

+
+

v2.2.2

+
    +
  • Fix: Properties with the name __proto__ are added to objects and arrays. +(#199) This also fixes a prototype pollution vulnerability reported by +Jonathan Gregson! (#295).
    • +
+
+
+
+Changelog +

Sourced from json5's changelog.

+
+

v2.2.2 [code, diff]

+
    +
  • Fix: Properties with the name __proto__ are added to objects and arrays. +(#199) This also fixes a prototype pollution vulnerability reported by +Jonathan Gregson! (#295).
    • +
+
+
+
+Commits +
    +
  • 14f8cb1 2.2.2
    • +
  • 10cc7ca docs: update CHANGELOG for v2.2.2
    • +
  • 7774c10 fix: add proto to objects and arrays
    • +
  • edde30a Readme: slight tweak to intro
    • +
  • 97286f8 Improve example in readme
    • +
  • d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
    • +
  • 910ce25 docs: fix spelling of Aseem
    • +
  • 2aab4dd test: require tap as t in cli tests
    • +
  • 6d42686 test: remove mocha syntax from tests
    • +
  • 4798b9d docs: update installation and usage for modules
    • +
  • Additional commits viewable in compare view
    • +
+
+
+ + +[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=2.2.1&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) + +Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. + +[//]: # (dependabot-automerge-start) +[//]: # (dependabot-automerge-end) + +--- + +
+Dependabot commands and options +
+ +You can trigger Dependabot actions by commenting on this PR: +- `@dependabot rebase` will rebase this PR +- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it +- `@dependabot merge` will merge this PR after your CI passes on it +- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it +- `@dependabot cancel merge` will cancel a previously requested merge and block automerging +- `@dependabot reopen` will reopen this PR if it is closed +- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually +- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) +- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language +- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language +- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language +- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language + +You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/node-newrelic-koa/network/alerts). + +
+-------------------------- + +* Added testing coverage to ensure Code Level Metrics functionality with Koa instrumentation + +* Added lockfile checks to CI workflow to prevent malicious changes + ### v7.1.1 (2022-12-16) * Updated Koa instrumentation to work in applications using the ES Modules loader. From a5fb8bbb8dfd86adb51fdc0878022b70933db8ae Mon Sep 17 00:00:00 2001 From: Bob Evans Date: Wed, 19 Apr 2023 12:24:20 -0400 Subject: [PATCH 3/3] changelog edits --- NEWS.md | 85 +++------------------------------------------------------ 1 file changed, 4 insertions(+), 81 deletions(-) diff --git a/NEWS.md b/NEWS.md index 28f3303..bbaf423 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,94 +1,17 @@ ### v7.2.0 (2023-04-19) -* Updates the registration of instrumentation to indicate that it will share a shim instance id for checking if items are wrapped. +* Updated the registration of instrumentation to indicate that it will share a shim instance id for checking if items are wrapped. -* Update README header image to latest OSS office required images +* Updated README header image to latest OSS office required images * Fixed dead links in the docs. ---- NOTES NEEDS REVIEW --- -Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2. -
-Release notes -

Sourced from json5's releases.

-
-

v2.2.2

-
    -
  • Fix: Properties with the name __proto__ are added to objects and arrays. -(#199) This also fixes a prototype pollution vulnerability reported by -Jonathan Gregson! (#295).
    • -
-
-
-
-Changelog -

Sourced from json5's changelog.

-
-

v2.2.2 [code, diff]

-
    -
  • Fix: Properties with the name __proto__ are added to objects and arrays. -(#199) This also fixes a prototype pollution vulnerability reported by -Jonathan Gregson! (#295).
    • -
-
-
-
-Commits -
    -
  • 14f8cb1 2.2.2
    • -
  • 10cc7ca docs: update CHANGELOG for v2.2.2
    • -
  • 7774c10 fix: add proto to objects and arrays
    • -
  • edde30a Readme: slight tweak to intro
    • -
  • 97286f8 Improve example in readme
    • -
  • d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
    • -
  • 910ce25 docs: fix spelling of Aseem
    • -
  • 2aab4dd test: require tap as t in cli tests
    • -
  • 6d42686 test: remove mocha syntax from tests
    • -
  • 4798b9d docs: update installation and usage for modules
    • -
  • Additional commits viewable in compare view
    • -
-
-
- - -[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=2.2.1&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language -- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language -- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language -- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/node-newrelic-koa/network/alerts). - -
--------------------------- - * Added testing coverage to ensure Code Level Metrics functionality with Koa instrumentation * Added lockfile checks to CI workflow to prevent malicious changes +* Updated json5 devDependency to latest. + ### v7.1.1 (2022-12-16) * Updated Koa instrumentation to work in applications using the ES Modules loader.