lunar-renovate
commented
1 year ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: go.sum
Command failed: install-tool golang 1.21.0
No /opt/buildpack/tools/golang/1.21.0/bin defined - aborting
nixboot
This PR contains the following updates:
v1.8.0->v1.11.1GitHub Vulnerability Alerts
CVE-2022-21698
This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.
Impact
HTTP server susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods.
Affected Configuration
In order to be affected, an instrumented software must
promhttp.InstrumentHandler*middleware exceptRequestsInFlight.methodlabel name to our middleware.method.Patches
Workarounds
If you cannot upgrade to v1.11.1 or above, in order to stop being affected you can:
methodlabel name from counter/gauge you use in the InstrumentHandler.For more information
If you have any questions or comments about this advisory:
prometheus-team@googlegroups.comRelease Notes
prometheus/client_golang
### [`v1.11.1`](https://togithub.com/prometheus/client_golang/releases/tag/v1.11.1): 1.11.1 / 2022-02-15 [Compare Source](https://togithub.com/prometheus/client_golang/compare/v1.11.0...v1.11.1) - \[SECURITY FIX] promhttp: Check validity of method and code label values[https://github.com/prometheus/client_golang/pull/987](https://togithub.com/prometheus/client_golang/pull/987)7 (Addressed [`CVE-2022-21698`](https://togithub.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p)) #### What's Changed - promhttp: Check validity of method and code label values by [@bwplotka](https://togithub.com/bwplotka) and [@kakkoyun](https://togithub.com/kakkoyun) in [https://github.com/prometheus/client_golang/pull/987](https://togithub.com/prometheus/client_golang/pull/987) **Full Changelog**: https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1 ### [`v1.11.0`](https://togithub.com/prometheus/client_golang/releases/tag/v1.11.0): / 2021-06-07 [Compare Source](https://togithub.com/prometheus/client_golang/compare/v1.10.0...v1.11.0) - \[CHANGE] Add new collectors package. [#862](https://togithub.com/prometheus/client_golang/issues/862) - \[CHANGE] `prometheus.NewExpvarCollector` is deprecated, use `collectors.NewExpvarCollector` instead. [#862](https://togithub.com/prometheus/client_golang/issues/862) - \[CHANGE] `prometheus.NewGoCollector` is deprecated, use `collectors.NewGoCollector` instead. [#862](https://togithub.com/prometheus/client_golang/issues/862) - \[CHANGE] `prometheus.NewBuildInfoCollector` is deprecated, use `collectors.NewBuildInfoCollector` instead. [#862](https://togithub.com/prometheus/client_golang/issues/862) - \[FEATURE] Add new collector for database/sql#DBStats. [#866](https://togithub.com/prometheus/client_golang/issues/866) - \[FEATURE] API client: Add exemplars API support. [#861](https://togithub.com/prometheus/client_golang/issues/861) - \[ENHANCEMENT] API client: Add newer fields to Rules API. [#855](https://togithub.com/prometheus/client_golang/issues/855) - \[ENHANCEMENT] API client: Add missing fields to Targets API. [#856](https://togithub.com/prometheus/client_golang/issues/856) #### What's Changed - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/846](https://togithub.com/prometheus/client_golang/pull/846) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/849](https://togithub.com/prometheus/client_golang/pull/849) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/853](https://togithub.com/prometheus/client_golang/pull/853) - Add newer fields to Rules API by [@gouthamve](https://togithub.com/gouthamve) in [https://github.com/prometheus/client_golang/pull/855](https://togithub.com/prometheus/client_golang/pull/855) - Add missing fields to targets API by [@yeya24](https://togithub.com/yeya24) in [https://github.com/prometheus/client_golang/pull/856](https://togithub.com/prometheus/client_golang/pull/856) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/857](https://togithub.com/prometheus/client_golang/pull/857) - Add exemplars API support by [@yeya24](https://togithub.com/yeya24) in [https://github.com/prometheus/client_golang/pull/861](https://togithub.com/prometheus/client_golang/pull/861) - Improve description of MaxAge in summary docs by [@Dean-Coakley](https://togithub.com/Dean-Coakley) in [https://github.com/prometheus/client_golang/pull/864](https://togithub.com/prometheus/client_golang/pull/864) - Add new collectors package by [@johejo](https://togithub.com/johejo) in [https://github.com/prometheus/client_golang/pull/862](https://togithub.com/prometheus/client_golang/pull/862) - Add collector for database/sql#DBStats by [@johejo](https://togithub.com/johejo) in [https://github.com/prometheus/client_golang/pull/866](https://togithub.com/prometheus/client_golang/pull/866) - Make dbStatsCollector more DRY by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/867](https://togithub.com/prometheus/client_golang/pull/867) - Change maintainers from [@beorn7](https://togithub.com/beorn7) to @bwplotka/[@kakkoyun](https://togithub.com/kakkoyun) by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/873](https://togithub.com/prometheus/client_golang/pull/873) - Document implications of negative observations by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/871](https://togithub.com/prometheus/client_golang/pull/871) - Update Go modules by [@SuperQ](https://togithub.com/SuperQ) in [https://github.com/prometheus/client_golang/pull/875](https://togithub.com/prometheus/client_golang/pull/875) #### New Contributors - [@gouthamve](https://togithub.com/gouthamve) made their first contribution in [https://github.com/prometheus/client_golang/pull/855](https://togithub.com/prometheus/client_golang/pull/855) **Full Changelog**: https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0 ### [`v1.10.0`](https://togithub.com/prometheus/client_golang/releases/tag/v1.10.0): 1.10.0 / 2021-03-18 [Compare Source](https://togithub.com/prometheus/client_golang/compare/v1.9.0...v1.10.0) - \[CHANGE] Minimum required Go version is now 1.13. - \[CHANGE] API client: Add matchers to `LabelNames` and `LabesValues`. [#828](https://togithub.com/prometheus/client_golang/issues/828) - \[FEATURE] API client: Add buildinfo call. [#841](https://togithub.com/prometheus/client_golang/issues/841) - \[BUGFIX] Fix build on riscv64. [#833](https://togithub.com/prometheus/client_golang/issues/833) #### What's Changed - Add SECURITY.md by [@roidelapluie](https://togithub.com/roidelapluie) in [https://github.com/prometheus/client_golang/pull/831](https://togithub.com/prometheus/client_golang/pull/831) - Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by [@zhsj](https://togithub.com/zhsj) in [https://github.com/prometheus/client_golang/pull/833](https://togithub.com/prometheus/client_golang/pull/833) - Fix typo in comments in [https://github.com/prometheus/client_golang/pull/835](https://togithub.com/prometheus/client_golang/pull/835) - Support matchers in labels API by [@yeya24](https://togithub.com/yeya24) in [https://github.com/prometheus/client_golang/pull/828](https://togithub.com/prometheus/client_golang/pull/828) - Add buildinfo method by [@ntk148v](https://togithub.com/ntk148v) in [https://github.com/prometheus/client_golang/pull/841](https://togithub.com/prometheus/client_golang/pull/841) - Update dependencies by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/843](https://togithub.com/prometheus/client_golang/pull/843) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/844](https://togithub.com/prometheus/client_golang/pull/844) - Cut v1.10.0 by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/845](https://togithub.com/prometheus/client_golang/pull/845) #### New Contributors - [@zhsj](https://togithub.com/zhsj) made their first contribution in [https://github.com/prometheus/client_golang/pull/833](https://togithub.com/prometheus/client_golang/pull/833) - [@ntk148v](https://togithub.com/ntk148v) made their first contribution in [https://github.com/prometheus/client_golang/pull/841](https://togithub.com/prometheus/client_golang/pull/841) **Full Changelog**: https://github.com/prometheus/client_golang/compare/v1.9.0...v1.10.0 ### [`v1.9.0`](https://togithub.com/prometheus/client_golang/releases/tag/v1.9.0): 1.9.0 / 2020-12-17 [Compare Source](https://togithub.com/prometheus/client_golang/compare/v1.8.0...v1.9.0) - \[FEATURE] `NewPidFileFn` helper to create process collectors for processes whose PID is read from a file. [#804](https://togithub.com/prometheus/client_golang/issues/804) - \[BUGFIX] promhttp: Prevent endless loop in `InstrumentHandler...` middlewares with invalid metric or label names. [#823](https://togithub.com/prometheus/client_golang/issues/823) #### What's Changed - add the NewPidFileFn to helper by [@sbookworm](https://togithub.com/sbookworm) in [https://github.com/prometheus/client_golang/pull/804](https://togithub.com/prometheus/client_golang/pull/804) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/809](https://togithub.com/prometheus/client_golang/pull/809) - Synchronize common files from prometheus/prometheus by [@prombot](https://togithub.com/prombot) in [https://github.com/prometheus/client_golang/pull/811](https://togithub.com/prometheus/client_golang/pull/811) - Added example api code showing how to add auth tokens and user agents to prom client. by [@bwplotka](https://togithub.com/bwplotka) in [https://github.com/prometheus/client_golang/pull/817](https://togithub.com/prometheus/client_golang/pull/817) - Correct spelling: possibilites -> possibilities by [@jubalh](https://togithub.com/jubalh) in [https://github.com/prometheus/client_golang/pull/819](https://togithub.com/prometheus/client_golang/pull/819) - Be more explicit about the multi-line properties of MultiError by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/821](https://togithub.com/prometheus/client_golang/pull/821) - promhttp: Correctly detect invalid metric and label names by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/823](https://togithub.com/prometheus/client_golang/pull/823) -  Cut release 1.9.0 by [@beorn7](https://togithub.com/beorn7) in [https://github.com/prometheus/client_golang/pull/826](https://togithub.com/prometheus/client_golang/pull/826) #### New Contributors - [@sbookworm](https://togithub.com/sbookworm) made their first contribution in [https://github.com/prometheus/client_golang/pull/804](https://togithub.com/prometheus/client_golang/pull/804) - [@jubalh](https://togithub.com/jubalh) made their first contribution in [https://github.com/prometheus/client_golang/pull/819](https://togithub.com/prometheus/client_golang/pull/819) **Full Changelog**: https://github.com/prometheus/client_golang/compare/v1.8.0...v1.9.0Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.