Merge branch 'main' into ecs-docker-id

Author: umaannamalai

.github/workflows/tests.yml

@@ -54,6 +54,47 @@ jobs:
       - name: Success
         run: echo "Success!"
 
+  # Upload Trivy data
+  trivy:
+    if: success() || failure() # Does not run on cancelled workflows
+    runs-on: ubuntu-20.04
+    needs:
+      - tests
+
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: table
+          exit-code: 1
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        if: ${{ github.event_name == 'schedule' }}
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: ${{ github.event_name == 'schedule' }}
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
   # Combine and upload coverage data
   coverage:
     if: success() || failure() # Does not run on cancelled workflows

newrelic/hooks/logger_loguru.py

@@ -26,7 +26,6 @@
 _logger = logging.getLogger(__name__)
 
 IS_PYPY = hasattr(sys, "pypy_version_info")
-LOGURU_VERSION = get_package_version_tuple("loguru")
 LOGURU_FILTERED_RECORD_ATTRS = {"extra", "message", "time", "level", "_nr_original_message", "record"}
 ALLOWED_LOGURU_OPTIONS_LENGTHS = frozenset((8, 9))
 
@@ -69,7 +68,7 @@ def _nr_log_forwarder(message_instance):
             try:
                 time = record.get("time", None)
                 if time:
-                    time = int(time.timestamp()*1000)
+                    time = int(time.timestamp() * 1000)
                 record_log_event(message, level_name, time, attributes=attrs)
             except Exception:
                 pass
@@ -116,18 +115,15 @@ def _nr_log_patcher(record):
                 record["_nr_original_message"] = message = record["message"]
                 record["message"] = add_nr_linking_metadata(message)
 
-    if LOGURU_VERSION > (0, 6, 0):
-        if original_patcher is not None:
-            patchers = [p for p in original_patcher]  # Consumer iterable into list so we can modify
-            # Wipe out reference so patchers aren't called twice, as the framework will handle calling other patchers.
-            original_patcher = None
-        else:
-            patchers = []
-
-        patchers.append(_nr_log_patcher)
-        return patchers
+    if original_patcher is not None:
+        patchers = [p for p in original_patcher]  # Consumer iterable into list so we can modify
+        # Wipe out reference so patchers aren't called twice, as the framework will handle calling other patchers.
+        original_patcher = None
     else:
-        return _nr_log_patcher
+        patchers = []
+
+    patchers.append(_nr_log_patcher)
+    return patchers
 
 
 def wrap_Logger_init(wrapped, instance, args, kwargs):

newrelic/packages/requirements.txt

@@ -3,6 +3,6 @@
 # This file is used by dependabot to keep track of and recommend updates
 # to the New Relic Python Agent's dependencies in newrelic/packages/.
 opentelemetry_proto==1.0.0
-urllib3==1.26.18
+urllib3==1.26.19
 wrapt==1.16.0
 asgiref==3.6.0  # We only vendor asgiref.compatibility.py

newrelic/packages/urllib3/LICENSE.txt

@@ -19,6 +19,22 @@
 from .util.timeout import Timeout
 from .util.url import get_host
 
+# === NOTE TO REPACKAGERS AND VENDORS ===
+# Please delete this block, this logic is only
+# for urllib3 being distributed via PyPI.
+# See: https://github.com/urllib3/urllib3/issues/2680
+try:
+    import urllib3_secure_extra  # type: ignore # noqa: F401
+except ImportError:
+    pass
+else:
+    warnings.warn(
+        "'urllib3[secure]' extra is deprecated and will be removed "
+        "in a future release of urllib3 2.x. Read more in this issue: "
+        "https://github.com/urllib3/urllib3/issues/2680",
+        category=DeprecationWarning,
+        stacklevel=2,
+    )
 
 __author__ = "Andrey Petrov ([email protected])"
 __license__ = "MIT"

newrelic/packages/urllib3/__init__.py

@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.18"
+__version__ = "1.26.19"

newrelic/packages/urllib3/_version.py

@@ -68,7 +68,7 @@ class BrokenPipeError(Exception):
 
 # When it comes time to update this value as a part of regular maintenance
 # (ie test_recent_date is failing) update it to ~6 months before the current date.
-RECENT_DATE = datetime.date(2022, 1, 1)
+RECENT_DATE = datetime.date(2024, 1, 1)
 
 _CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]")
 
@@ -437,7 +437,7 @@ def connect(self):
             and self.ssl_version is None
             and hasattr(self.sock, "version")
             and self.sock.version() in {"TLSv1", "TLSv1.1"}
-        ):
+        ):  # Defensive:
             warnings.warn(
                 "Negotiating TLSv1/TLSv1.1 by default is deprecated "
                 "and will be disabled in urllib3 v2.0.0. Connecting to "

newrelic/packages/urllib3/connection.py

@@ -768,7 +768,9 @@ def _is_ssl_error_message_from_http_proxy(ssl_error):
                 # so we try to cover our bases here!
                 message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
                 return (
-                    "wrong version number" in message or "unknown protocol" in message
+                    "wrong version number" in message
+                    or "unknown protocol" in message
+                    or "record layer failure" in message
                 )
 
             # Try to detect a common user error with proxies which is to

newrelic/packages/urllib3/connectionpool.py

@@ -235,7 +235,9 @@ class Retry(object):
     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
 
     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
+        ["Cookie", "Authorization", "Proxy-Authorization"]
+    )
 
     #: Maximum backoff time.
     DEFAULT_BACKOFF_MAX = 120

newrelic/packages/urllib3/util/retry.py

@@ -17,7 +17,30 @@
 
 python_version = sys.version_info[:2]
 
-assert python_version >= (3, 7), "The New Relic Python agent only supports Python 3.7+."
+if python_version >= (3, 7):
+    pass
+else:
+    error_msg = "The New Relic Python agent only supports Python 3.7+. We recommend upgrading to a newer version of Python."
+    
+    try:
+        # Lookup table for the last agent versions to support each Python version.
+        last_supported_version_lookup = {
+            (2, 6): "3.4.0.95",
+            (2, 7): "9.13.0",
+            (3, 3): "3.4.0.95",
+            (3, 4): "4.20.0.120",
+            (3, 5): "5.24.0.153",
+            (3, 6): "7.16.0.178",
+        }
+        last_supported_version = last_supported_version_lookup.get(python_version, None)
+
+        if last_supported_version:
+            python_version_str = "%s.%s" % (python_version[0], python_version[1])
+            error_msg += " The last agent version to support Python %s was v%s." % (python_version_str, last_supported_version)
+    except Exception:
+        pass
+
+    raise RuntimeError(error_msg)
 
 with_setuptools = False