turkdevops / grafana

The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
https://grafana.com
Apache License 2.0
1 stars 0 forks source link

Bump github.com/prometheus/client_golang from 1.3.0 to 1.11.1 #760

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/prometheus/client_golang from 1.3.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

What's Changed

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1

v1.11.0 / 2021-06-07

  • [CHANGE] Add new collectors package. #862
  • [CHANGE] prometheus.NewExpvarCollector is deprecated, use collectors.NewExpvarCollector instead. #862
  • [CHANGE] prometheus.NewGoCollector is deprecated, use collectors.NewGoCollector instead. #862
  • [CHANGE] prometheus.NewBuildInfoCollector is deprecated, use collectors.NewBuildInfoCollector instead. #862
  • [FEATURE] Add new collector for database/sql#DBStats. #866
  • [FEATURE] API client: Add exemplars API support. #861
  • [ENHANCEMENT] API client: Add newer fields to Rules API. #855
  • [ENHANCEMENT] API client: Add missing fields to Targets API. #856

What's Changed

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0

1.10.0 / 2021-03-18

  • [CHANGE] Minimum required Go version is now 1.13.
  • [CHANGE] API client: Add matchers to LabelNames and LabesValues. #828
  • [FEATURE] API client: Add buildinfo call. #841
  • [BUGFIX] Fix build on riscv64. #833

What's Changed

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.14.0 / 2022-11-08

  • [FEATURE] Add Support for Native Histograms. #1150
  • [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

  • [BUGFIX] Fix race condition with Exemplar in Counter. #1146
  • [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
  • [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

  • [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
  • [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
  • [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
  • [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028
  • [ENHANCEMENT] prometheus/push.Pusher has now Error method that retrieve last error. #1075
  • [ENHANCEMENT] testutil.GatherAndCompare provides now readable diff on failed comparisons. #998
  • [ENHANCEMENT] Query API now supports timeouts. #1014
  • [ENHANCEMENT] New MetricVec method DeletePartialMatch(labels Labels) for deleting all metrics that match provided labels. #1013
  • [ENHANCEMENT] api.Config now accepts passing custom *http.Client. #1025
  • [BUGFIX] Raise exemplar labels limit from 64 to 128 bytes as specified in OpenMetrics spec. #1091
  • [BUGFIX] Allow adding exemplar to +Inf bucket to const histograms. #1094
  • [ENHANCEMENT] Most promhttp.Instrument* middlewares now supports adding exemplars to metrics. This allows hooking those to your tracing middleware that retrieves trace ID and put it in exemplar if present. #1055
  • [ENHANCEMENT] Added testutil.ScrapeAndCompare method. #1043
  • [BUGFIX] Fixed GopherJS build support. #897
  • [ENHANCEMENT] :warning: Added way to specify what runtime/metrics collectors.NewGoCollector should use. See ExampleGoCollector_WithAdvancedGoMetrics. #1102

1.12.2 / 2022-05-13

  • [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag. #1031
  • [CHANGE] :warning: Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
  • [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
    • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
    • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
    • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
  • [CHANCE] Removed -Inf buckets from new Go Collector histograms.

1.12.1 / 2022-01-29

  • [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
    • Use simpler locking in the Go 1.17 collector #975
  • [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
  • [ENHANCEMENT] API client: make HTTP reads more efficient #976

1.12.0 / 2022-01-19

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/grafana/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 22 security issues in this pull request:

Mode: paranoid | Total findings: 22 | Considered vulnerability: 22

Vulnerable Libraries (22)
Severity | Details ----- | -------- N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210603081109-ebe580a85c40@v0.0.0-20210603081109-ebe580a85c40](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L403) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/gopkg.in/yaml.v2@v2.3.0@v2.3.0](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L89) - **no patch available** High | [pkg:golang/gopkg.in/yaml.v2@v2.3.0@v2.3.0](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L482) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c @v0.0.0-20210124154548-22da62e12c0c ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.sum#L5) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@0.0.0-20210124154548-22da62e12c0c@0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.mod#L8) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200625212154-ddb9806d33ae@v0.0.0-20200625212154-ddb9806d33ae](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L401) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200323222414-85ca7c5b95cd@v0.0.0-20200323222414-85ca7c5b95cd](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L399) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L402) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.mod#L8) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.sum#L5) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210603081109-ebe580a85c40 @v0.0.0-20210603081109-ebe580a85c40 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L403) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9 @v0.0.0-20200622213623-75b288015ac9 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L345) upgrade to: *0.0.0-20220314234659-1baeb1ce4c0b* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200106162015-b016eb3dc98e@v0.0.0-20200106162015-b016eb3dc98e](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L398) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200615200032-f1bc736245b1@v0.0.0-20200615200032-f1bc736245b1](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L400) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/net@0.0.0-20200625001655-4c5254603344@0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L74) upgrade to: *1.18.9,1.19.4,0.4.0* High | [pkg:golang/github.com/prometheus/client_golang@v1.7.1@v1.7.1](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L254) upgrade to: *1.11.1* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344 @v0.0.0-20200625001655-4c5254603344 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L370) upgrade to: *1.18.9,1.19.4,0.4.0* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9@v0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L72) - **no patch available** Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9@v0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L345) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344@v0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L74) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344@v0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L370) - **no patch available** N/A | [pkg:golang/golang.org/x/crypto@0.0.0-20200622213623-75b288015ac9@0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L72) upgrade to: *0.0.0-20201216223049-8b5274cf687f* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.