build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1

[dependabot]

Bumps github.com/prometheus/client_golang from 1.11.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
• [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
• [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028
• [ENHANCEMENT] prometheus/push.Pusher has now Error method that retrieve last error. #1075
• [ENHANCEMENT] testutil.GatherAndCompare provides now readable diff on failed comparisons. #998
• [ENHANCEMENT] Query API now supports timeouts. #1014
• [ENHANCEMENT] New MetricVec method DeletePartialMatch(labels Labels) for deleting all metrics that match provided labels. #1013
• [ENHANCEMENT] api.Config now accepts passing custom *http.Client. #1025
• [BUGFIX] Raise exemplar labels limit from 64 to 128 bytes as specified in OpenMetrics spec. #1091
• [BUGFIX] Allow adding exemplar to +Inf bucket to const histograms. #1094
• [ENHANCEMENT] Most promhttp.Instrument* middlewares now supports adding exemplars to metrics. This allows hooking those to your tracing middleware that retrieves trace ID and put it in exemplar if present. #1055
• [ENHANCEMENT] Added testutil.ScrapeAndCompare method. #1043
• [BUGFIX] Fixed GopherJS build support. #897
• [ENHANCEMENT] ⚠️ Added way to specify what runtime/metrics collectors.NewGoCollector should use. See ExampleGoCollector_WithAdvancedGoMetrics. #1102

1.12.2 / 2022-05-13

• [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag. #1031
• [CHANGE] ⚠️ Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
• [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
  • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
  • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
  • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
• [CHANCE] Removed -Inf buckets from new Go Collector histograms.

1.12.1 / 2022-01-29

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
  • Use simpler locking in the Go 1.17 collector #975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
• [ENHANCEMENT] API client: make HTTP reads more efficient #976

1.12.0 / 2022-01-19

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[phlogistonjohn]

This is an automated change by dependabot tooling and passes CI, I think it LGTM.

[anoopcs9]

This is an automated change by dependabot tooling and passes CI, I think it LGTM.

Fine by me too :-)

[anoopcs9]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[anoopcs9]

/test centos-ci/sink-clustered/mini-k8s-1.26

[anoopcs9]

/test centos-ci/sink-clustered/mini-k8s-1.26

I had to trigger the run manually as the author is outside approved contributor's list.

Automatic merge is pending due to #285.

[phlogistonjohn]

Looks like mergify is waiting for check-success=centos-ci/sink-clustered/mini-k8s-1.25 to be run successfully. @anoopcs9 is this a valid rule still? Do we need to run this OR do we have yet another out of date thing in the mergify config?

Next time I'll read your entire comment. :-D

[mergify]

⚠️ This pull request got rebased on behalf of a random user of the organization.
This behavior will change on the 1st February 2023, Mergify will pick the author of the pull request instead.

To get the future behavior now, you can configure bot_account options (e.g.: bot_account: { author } or update_bot_account: { author }.

Or you can create a dedicated github account for squash and rebase operations, and use it in different bot_account options.

[phlogistonjohn]

/test centos-ci/sink-clustered/mini-k8s-1.26