4.26.0

Security Fixes

lodash: Remove reliance on vulnerable lodash.pick dependency (#3999), thanks @Nico385412 for the original PR and for notifying us

Bug Fixes

asm: fix mquery vulnerability location (#3797)

Features

dsm: add support for sqs/sns/kinesis in aws-sdk (#3864)

3.47.0

Security Fixes

lodash: Remove reliance on vulnerable lodash.pick dependency (#3999), thanks @Nico385412 for the original PR and for notifying us

Bug Fixes

asm: fix mquery vulnerability location (#3797)

Features

dsm: add support for sqs/sns/kinesis in aws-sdk (#3864)

v5.1.0

Bug Fixes

• core: fixed empty strings being kept as valid values in config (#3952)
• appsec: fixed reuse of requestOptions object (#3959)
• appsec: Fix WAF crash inside worker_threads

Improvements

• appsec: Appsec reporter now collects the x-amzn-trace-id header (#3984)
• iast: Added support for weak randomness vulnerability (#3960)
• iast: Ignore header vulnerabilities in cors headers (#3962)
• profiler: Added timelines env var, disabled timelines and CPU profiler on Windows (#3969)
• profiler: Disabled OOM monitoring by default on Windows (#3974)

v4.25.0

Bug Fixes

• core: fixed empty strings being kept as valid values in config (#3952)
• appsec: fixed reuse of requestOptions object (#3959)
• appsec: Fix WAF crash inside worker_threads

Improvements

• appsec: Appsec reporter now collects the x-amzn-trace-id header (#3984)
• iast: Added support for weak randomness vulnerability (#3960)
• iast: Ignore header vulnerabilities in cors headers (#3962)
• profiler: Added timelines env var, disabled timelines and CPU profiler on Windows (#3969)
• profiler: Disabled OOM monitoring by default on Windows (#3974)

v3.46.0

Bug Fixes

• core: fixed empty strings being kept as valid values in config (#3952)
• appsec: fixed reuse of requestOptions object (#3959)
• appsec: Fix WAF crash inside worker_threads

Improvements

• appsec: Appsec reporter now collects the x-amzn-trace-id header (#3984)
• iast: Added support for weak randomness vulnerability (#3960)
• iast: Ignore header vulnerabilities in cors headers (#3962)
• profiler: Added timelines env var, disabled timelines and CPU profiler on Windows (#3969)
• profiler: Disabled OOM monitoring by default on Windows (#3974)

v4.24.0

Features

• profiling: Add experimental CPU profiler (#3895)

Improvements

• profiling: GA Code hotspots and endpoint collection (#3940)

Bug Fixes

• core: Handle google-cloud-pubsub subscription closing (#2716)

v3.45.0

Features

• profiling: Add experimental CPU profiler (#3895)

Improvements

• profiling: GA Code hotspots and endpoint collection (#3940)

Bug Fixes

• core: Handle google-cloud-pubsub subscription closing (#2716)

v5.0.0

Breaking Changes

More information about the breaking changes from this release can be found in
the migration guide.

• core: drop support for Node 16 (#3905)
• core: fix TypeScript errors (#3912)

Features

• profiling: Add experimental CPU profiler (#3895)

Improvements

• profiling: GA Code hotspots and endpoint collection (#3940)

Bug Fixes

• core: Handle google-cloud-pubsub subscription closing (#2716)

v4.23.0

Features

• core: Add remote config support for custom tags (#3875)
• profiling: Add a process_id that contains process pid to profiles (#3911)
• core: Implement extended sampling (#3904)

Improvements

• core: Add instrumentation support for node:* specifiers (#3893)
• core: Fix instrumentation support for Fastify versions >= 4.23.0 (#3893)

Bug Fixes

• profiling: Fix compatibility with node < 14.18 (#3908)

v3.44.0

Features

• core: Add remote config support for custom tags (#3875)
• profiling: Add a process_id that contains process pid to profiles (#3911)
• core: Implement extended sampling (#3904)

Improvements

• core: Add instrumentation support for node:* specifiers (#3893)
• core: Fix instrumentation support for Fastify versions >= 4.23.0 (#3893)

Bug Fixes

• profiling: Fix compatibility with node < 14.18 (#3908)