Bump github.com/prometheus/client_golang from 1.3.0 to 1.11.1

[dependabot[bot]]

Bumps github.com/prometheus/client_golang from 1.3.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1

v1.11.0 / 2021-06-07

• [CHANGE] Add new collectors package. #862
• [CHANGE] prometheus.NewExpvarCollector is deprecated, use collectors.NewExpvarCollector instead. #862
• [CHANGE] prometheus.NewGoCollector is deprecated, use collectors.NewGoCollector instead. #862
• [CHANGE] prometheus.NewBuildInfoCollector is deprecated, use collectors.NewBuildInfoCollector instead. #862
• [FEATURE] Add new collector for database/sql#DBStats. #866
• [FEATURE] API client: Add exemplars API support. #861
• [ENHANCEMENT] API client: Add newer fields to Rules API. #855
• [ENHANCEMENT] API client: Add missing fields to Targets API. #856

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#846
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#849
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#853
• Add newer fields to Rules API by @​gouthamve in prometheus/client_golang#855
• Add missing fields to targets API by @​yeya24 in prometheus/client_golang#856
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#857
• Add exemplars API support by @​yeya24 in prometheus/client_golang#861
• Improve description of MaxAge in summary docs by @​Dean-Coakley in prometheus/client_golang#864
• Add new collectors package by @​johejo in prometheus/client_golang#862
• Add collector for database/sql#DBStats by @​johejo in prometheus/client_golang#866
• Make dbStatsCollector more DRY by @​beorn7 in prometheus/client_golang#867
• Change maintainers from @​beorn7 to @bwplotka/@​kakkoyun by @​beorn7 in prometheus/client_golang#873
• Document implications of negative observations by @​beorn7 in prometheus/client_golang#871
• Update Go modules by @​SuperQ in prometheus/client_golang#875

New Contributors

• @​gouthamve made their first contribution in prometheus/client_golang#855

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0

1.10.0 / 2021-03-18

• [CHANGE] Minimum required Go version is now 1.13.
• [CHANGE] API client: Add matchers to LabelNames and LabesValues. #828
• [FEATURE] API client: Add buildinfo call. #841
• [BUGFIX] Fix build on riscv64. #833

What's Changed

• Add SECURITY.md by @​roidelapluie in prometheus/client_golang#831
• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by @​zhsj in prometheus/client_golang#833
• Fix typo in comments in prometheus/client_golang#835

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
• [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
• [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028
• [ENHANCEMENT] prometheus/push.Pusher has now Error method that retrieve last error. #1075
• [ENHANCEMENT] testutil.GatherAndCompare provides now readable diff on failed comparisons. #998
• [ENHANCEMENT] Query API now supports timeouts. #1014
• [ENHANCEMENT] New MetricVec method DeletePartialMatch(labels Labels) for deleting all metrics that match provided labels. #1013
• [ENHANCEMENT] api.Config now accepts passing custom *http.Client. #1025
• [BUGFIX] Raise exemplar labels limit from 64 to 128 bytes as specified in OpenMetrics spec. #1091
• [BUGFIX] Allow adding exemplar to +Inf bucket to const histograms. #1094
• [ENHANCEMENT] Most promhttp.Instrument* middlewares now supports adding exemplars to metrics. This allows hooking those to your tracing middleware that retrieves trace ID and put it in exemplar if present. #1055
• [ENHANCEMENT] Added testutil.ScrapeAndCompare method. #1043
• [BUGFIX] Fixed GopherJS build support. #897
• [ENHANCEMENT] :warning: Added way to specify what runtime/metrics collectors.NewGoCollector should use. See ExampleGoCollector_WithAdvancedGoMetrics. #1102

1.12.2 / 2022-05-13

• [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag. #1031
• [CHANGE] :warning: Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
• [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
  • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
  • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
  • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
• [CHANCE] Removed -Inf buckets from new Go Collector histograms.

1.12.1 / 2022-01-29

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
  • Use simpler locking in the Go 1.17 collector #975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
• [ENHANCEMENT] API client: make HTTP reads more efficient #976

1.12.0 / 2022-01-19

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• 8184d76 Cut v1.11.0 (#877)
• 2539062 Merge pull request #875 from prometheus/superq/update_mods
• 68cd1e9 Update Go modules
• f22935d Merge pull request #871 from prometheus/beorn7/doc
• 11aba26 Change maintainers from @​beorn7 to @bwplotka/@​kakkoyun (#873)
• f34145a Document implications of negative observations
• a7515ca Merge pull request #867 from prometheus/beorn7/collectors
• 81a9556 Make dbStatsCollector more DRY
• a66da1d Add collector for database/sql#DBStats (#866)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/grafana/network/alerts).

[guardrails[bot]]

:warning: We detected 22 security issues in this pull request:

Mode: paranoid | Total findings: 22 | Considered vulnerability: 22

Vulnerable Libraries (22)

Severity | Details ----- | -------- N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210603081109-ebe580a85c40@v0.0.0-20210603081109-ebe580a85c40](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L403) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* High | [pkg:golang/gopkg.in/yaml.v2@v2.3.0@v2.3.0](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L89) - **no patch available** High | [pkg:golang/gopkg.in/yaml.v2@v2.3.0@v2.3.0](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L482) - **no patch available** N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c @v0.0.0-20210124154548-22da62e12c0c ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.sum#L5) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@0.0.0-20210124154548-22da62e12c0c@0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.mod#L8) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200625212154-ddb9806d33ae@v0.0.0-20200625212154-ddb9806d33ae](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L401) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200323222414-85ca7c5b95cd@v0.0.0-20200323222414-85ca7c5b95cd](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L399) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L402) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.mod#L8) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210124154548-22da62e12c0c@v0.0.0-20210124154548-22da62e12c0c](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/vendor/github.com/prometheus/procfs/go.sum#L5) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20210603081109-ebe580a85c40 @v0.0.0-20210603081109-ebe580a85c40 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L403) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9 @v0.0.0-20200622213623-75b288015ac9 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L345) upgrade to: *0.0.0-20220314234659-1baeb1ce4c0b* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200106162015-b016eb3dc98e@v0.0.0-20200106162015-b016eb3dc98e](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L398) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20200615200032-f1bc736245b1@v0.0.0-20200615200032-f1bc736245b1](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L400) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* N/A | [pkg:golang/golang.org/x/net@0.0.0-20200625001655-4c5254603344@0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L74) upgrade to: *1.18.9,1.19.4,0.4.0* High | [pkg:golang/github.com/prometheus/client_golang@v1.7.1@v1.7.1](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L254) upgrade to: *1.11.1* N/A | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344 @v0.0.0-20200625001655-4c5254603344 ](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L370) upgrade to: *1.18.9,1.19.4,0.4.0* Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9@v0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L72) - **no patch available** Medium | [pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9@v0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L345) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344@v0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L74) - **no patch available** High | [pkg:golang/golang.org/x/net@v0.0.0-20200625001655-4c5254603344@v0.0.0-20200625001655-4c5254603344](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.sum#L370) - **no patch available** N/A | [pkg:golang/golang.org/x/crypto@0.0.0-20200622213623-75b288015ac9@0.0.0-20200622213623-75b288015ac9](https://github.com/turkdevops/grafana/blob/e1dbef93ab13f14874ac4ac9c066055a56b674d7/go.mod#L72) upgrade to: *0.0.0-20201216223049-8b5274cf687f* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr#).

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.