Bump newrelic_rpm from 10.2.0 to 10.5.0

[dependabot]

Bumps newrelic_rpm from 10.2.0 to 10.5.0.

Changelog

Sourced from newrelic_rpm's changelog.

v10.5.0

• Feature: Add Dalli 5.0 support and fix meta protocol instrumentation

  The agent now supports Dalli 5.0+, which removed Dalli::Protocol::Binary in favor of the meta protocol exclusively. For Dalli 3.2.0+, pipelined_get instrumentation now correctly targets Dalli::Protocol::Base (where the method is defined) rather than Dalli::Protocol::Binary, fixing a gap where get_multi calls went uninstrumented when using the meta protocol. For Dalli 5.0+, the agent additionally instruments Dalli::Protocol::Meta#read_multi_req, which is invoked by Dalli's single-server get_multi optimization. PR#3541

• Feature: Add active_record_use_table_name configuration option

  A new configuration option, active_record_use_table_name, uses an Active Record model's table name instead of its class name when naming metrics, spans, and transaction trace segments. This can particularly be helpful to reduce cardinality in applications using single-table inheritance. The option defaults to false to preserve existing behavior. PR#3540

• Feature: Partially redact license keys in agent logs

  Previously, the agent would fully redact New Relic license keys in agent logs. Now, the first 10 characters are visible while the rest are replaced with *. This preserves enough to troubleshoot region-related issues without exposing the secret portion of the key. PR#3547

• Bugfix: Fix Semantic Logger instrumentation incompatibility with rails_semantic_logger

  Previously, an ArgumentError would be raised when an exception reached ActionDispatch::DebugExceptions while using rails_semantic_logger. This has been fixed. Thank you to @​jdelStrother for reporting this! PR#3548

v10.4.0

• Feature: Add Rails.event instrumentation for structured logging

  The agent now supports Rails.event as structured log events. When enabled, events published via Rails.event.notify are captured and forwarded to New Relic as log events. Event payloads, tags, context, timestamps, and source locations are automatically captured as log attributes.

  This instrumentation can be configured with the following options:

  • instrumentation.rails_event_logger - Controls whether Rails.event instrumentation is enabled. Defaults to use the value of application_logging.enabled.
  • instrumentation.rails_event_logger.event_names - An array of specific event names to capture. When empty (default), all Rails.event notifications are captured. Use this to filter events by name, for example: ['user.signup', 'payment.processed'].

  PR#3526

• Feature: Add instrumentation for Rails Active Job Continuations

  The agent now instruments Rails Active Job Continuations, providing visibility into individual step execution within long-running jobs. Step names are included in segment metrics (e.g., Ruby/ActiveJob/default/MyJob/step/process_records) and step-specific attributes like cursor position, resumed status, and interrupted status are captured. A new configuration option, disable_active_job_step_names, allows users to exclude step names from metric names to reduce metric cardinality if needed (defaults to false). PR#3493

• Feature: Add sidekiq.separate_transactions configuration option

  A new configuration option, sidekiq.separate_transactions, allows Sidekiq jobs executed during a web transaction to run in their own separate transaction. When enabled, this prevents Sidekiq job execution time from being included in web transaction metrics, providing more accurate performance data. The feature is opt-in (default: false) to maintain backward compatibility. This only affects jobs executed during active web transactions; jobs starting independently or nested within other background jobs are unaffected. Issue#3364 PR#3514

• Bugfix: Update regexes that may have been vulnerable to ReDOS attacks

  Previously, the agent had a few regexes identified as possible targets for polynomial time complexity (ReDOS) attacks. Those regexes are now updated to address the concerns. PR#3520

• Bugfix: Prevent crashes during HTTPX segment creation

  Previously, if start_external_request_segment encountered an error and returned nil, the agent would trigger a NoMethodError when attempting to add headers to the missing segment. We've added a guard check to ensure the instrumentation handles these cases gracefully.

  Bravo to @​thebravoman for the report! Issue#3509 PR#3510

• Bugfix: Make Transaction#finish idempotent

... (truncated)

Commits

• b3dc21e Merge pull request #3559 from newrelic/prerelease_updates_10.5.0-pre
• 292b792 bump version
• a8d3787 Merge pull request #3556 from newrelic/agent-metadata-workflow
• 8964548 Merge pull request #3555 from newrelic/fix-version-metric
• 7c53e7b Output the version within the release job
• 4348115 Set agent version as output
• dff6793 Move update agent metadata into the release job
• 02fd33b Update version for update-agent-metadata
• aeb8ce6 Merge pull request #3547 from newrelic/obfuscate_all_but_first_10
• 7a57aef Merge branch 'dev' into obfuscate_all_but_first_10
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)