Bump newrelic from 9.3.0 to 9.4.0

[dependabot]

Bumps newrelic from 9.3.0 to 9.4.0.

Release notes

Sourced from newrelic's releases.

v9.4.0

Notes

This release of the Python agent adds support for nonced content security policies for Browser Agent injection, adds new wheels for Python 3.12 and musl Linux systems such as Alpine, deprecates the ObjectWrapper and get_browser_timing_footer APIs, fixes a crash with Kafka instrumentation when using distributed tracing, and removes a case sensitive header check in ASGIBrowserMiddleware.

Install the agent using easy_install/pip/distribute via the Python Package Index or download it directly from the New Relic download site.

Deprecations

• Deprecate newrelic.agent.ObjectWrapper API Removes custom newrelic.agent.ObjectWrapper implementation and instead creates a pass through to wrapt.FunctionWrapper.

• Deprecate get_browser_timing_footer API Previously get_browser_timing_footer was an API that would be used to supply information to the Browser Agent loaded by get_browser_timing_header. This step is now included in get_browser_timing_header making get_browser_timing_footer obsolete. This function now returns an empty string to avoid breaking existing applications.

New features

• Add nonced content security policies (CSPs) for Browser Agent injection The Browser Agent injection API get_browser_timing_header has a new parameter nonce that takes a cryptographic nonce for use with content security policies. The nonce will be automatically inserted into the generated HTML.

• Add additional wheel options for Python 3.12 and musl Linux Add pre-built binary wheel support for Python 3.12, as well as alternative wheels for musl based Linux operating systems (such as Alpine).

• Add newrelic.agent.CallableObjectProxy to public APIs Previously CallableObjectProxy was never exposed for general use with custom instrumentation, but was present in internal modules used by the agent. This API has been added to newrelic.agent.CallableObjectProxy for general use.

Bug fixes

• Fix a crash with kafka-python and confluent-kafka when using distributed tracing Previously Kafka instrumentation packages would sometimes fail to generate distributed tracing headers and cause a crash. This has been fixed and distributed tracing headers should now generate correctly.

• Remove case sensitive header check in ASGIBrowserMiddleware The agent previously only supported HTML insertion for headers that were lowercase in ASGI applications. The header check is now case insensitive in compliance with the ASGI specification.

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

Commits

• 8399022 Add checkout actions to deploy workflow (#1027)
• 32c66d8 Deprecate ObjectWrapper API (#996)
• 27c874c Deprecate get_browser_timing_footer API (#999)
• 1483f73 Parallel Wheel Builds (#1024)
• 3962f54 Remove case sensitive check in ASGIBrowserMiddleware check. (#1017)
• c3314ae Temporarily pin hypercorn version in tests (#1021)
• 1357145 Drop py27 from memcache testing. (#1018)
• 23f969f Nonced CSP Support (#998)
• 8bfd2b7 Remove RPM config workflow. (#1007)
• 1575a24 Update flaskrestx testing (#1004)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)