Bump github.com/prometheus/common from 0.53.0 to 0.59.1

[dependabot]

Bumps github.com/prometheus/common from 0.53.0 to 0.59.1.

Release notes

Sourced from github.com/prometheus/common's releases.

v0.59.1

What's Changed

• fix(utf8): Fix multiple metric name inside braces validation by @​fedetorres93 in prometheus/common#691

Full Changelog: prometheus/common@v0.59.0...v0.59.1

v0.59.0

What's Changed

• expfmt: Add WithEscapingScheme to help construct Formats by @​ywwg in prometheus/common#688
• Change the default escape method to UnderscoreEscaping by @​ywwg in prometheus/common#690

Full Changelog: prometheus/common@v0.58.0...v0.59.0

v0.58.0

What's Changed

• docs: mention new promslog package in package list in README by @​tjhop in prometheus/common#683
• Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 by @​dependabot in prometheus/common#684
• Bump golang.org/x/net from 0.27.0 to 0.28.0 by @​dependabot in prometheus/common#685
• Remove secret file existence check in Validate for headers by @​roidelapluie in prometheus/common#687

Full Changelog: prometheus/common@v0.57.0...v0.58.0

v0.57.0

What's Changed

• feat: new promslog and promslog/flag packages to wrap log/slog by @​tjhop in prometheus/common#677

New Contributors

• @​tjhop made their first contribution in prometheus/common#677

Full Changelog: prometheus/common@v0.56.0...v0.57.0

v0.56.0

What's Changed

• Don't always fetch a OAuth2 token, if the secret from a file didn't change by @​multani in prometheus/common#647
• remove dependency to github.com/prometheus/client_golang by @​ilius in prometheus/common#662
• Bump github.com/aws/aws-sdk-go from 1.54.7 to 1.54.11 in /sigv4 by @​dependabot in prometheus/common#661
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#664
• Revert #576 and add deprecation notice by @​SuperQ in prometheus/common#665
• Bump golang.org/x/net from 0.26.0 to 0.27.0 by @​dependabot in prometheus/common#667
• use basic string in IsValidLegacyMetricName by @​ywwg in prometheus/common#668
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#672
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#674
• Bump github.com/aws/aws-sdk-go from 1.54.19 to 1.55.5 in /sigv4 by @​dependabot in prometheus/common#671
• sigv4: support nil body by @​roidelapluie in prometheus/common#673
• Fix overflows of untyped int constants on 32-bit by @​dswarbrick in prometheus/common#675
• Update client_golang by @​SuperQ in prometheus/common#676
• Update golangci lint by @​roidelapluie in prometheus/common#679

... (truncated)

Commits

• be8a747 fix(utf8): Fix multiple metric name inside braces validation (#691)
• bf4843e Merge pull request #690 from ywwg/owilliams/default-escaping
• 01da226 Change the default escape method to UnderscoreEscaping
• 4f8e8f4 expfmt: Add WithEscapingScheme to help construct Formats (#688)
• b1880d0 Merge pull request #687 from roidelapluie/checkheader
• 334963d Change the logic for SetDirectory
• d64a747 Remove secret file existence check in Validate for headers
• 06c2425 Bump golang.org/x/net from 0.27.0 to 0.28.0 (#685)
• 4606c0a Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#684)
• d98411b Merge pull request #683 from tjhop/docs/promslog-README
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 8 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/net	0.28.0	Null	Unknown License
golang.org/x/oauth2	0.22.0	Null	Unknown License
golang.org/x/sys	0.23.0	Null	Unknown License
golang.org/x/term	0.23.0	Null	Unknown License
golang.org/x/text	0.17.0	Null	Unknown License
golang.org/x/tools	0.21.1-0.20240508182429-e35e4ccd0d2d	Null	Unknown License
google.golang.org/protobuf	1.34.2	Null	Unknown License
github.com/klauspost/compress	1.17.9	Null	Unknown License

Allowed Licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, CC0-1.0, ISC, MIT, MPL-2.0, Unlicense

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/cespare/xxhash/v2	2.3.0	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 2 Found 6/28 approved changesets -- score normalized to 2 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
gomod/github.com/klauspost/compress	1.17.9	🟢 6.8	Details Check Score Reason Code-Review ⚠️ 2 Found 7/24 approved changesets -- score normalized to 2 Maintained 🟢 10 11 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected
gomod/github.com/prometheus/client_golang	1.20.0	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 14/15 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
gomod/github.com/prometheus/client_model	0.6.1	🟢 8.2	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/prometheus/common	0.59.1	🟢 8.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
gomod/github.com/prometheus/procfs	0.15.1	🟢 7.2	Details Check Score Reason Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 Maintained 🟢 9 10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 10 all dependencies are pinned Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/golang.org/x/net	0.28.0	Unknown	Unknown
gomod/golang.org/x/oauth2	0.22.0	Unknown	Unknown
gomod/golang.org/x/sys	0.23.0	Unknown	Unknown
gomod/golang.org/x/term	0.23.0	Unknown	Unknown
gomod/golang.org/x/text	0.17.0	Unknown	Unknown
gomod/golang.org/x/tools	0.21.1-0.20240508182429-e35e4ccd0d2d	Unknown	Unknown
gomod/google.golang.org/protobuf	1.34.2	Unknown	Unknown
gomod/github.com/cespare/xxhash/v2	2.2.0	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 2 Found 6/28 approved changesets -- score normalized to 2 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
gomod/github.com/prometheus/client_golang	1.19.0	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 14/15 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
gomod/github.com/prometheus/client_model	0.6.0	🟢 8.2	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/prometheus/common	0.53.0	🟢 8.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
gomod/github.com/prometheus/procfs	0.12.0	🟢 7.2	Details Check Score Reason Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 Maintained 🟢 9 10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 10 all dependencies are pinned Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/golang.org/x/net	0.25.0	Unknown	Unknown
gomod/golang.org/x/oauth2	0.18.0	Unknown	Unknown
gomod/golang.org/x/sys	0.20.0	Unknown	Unknown
gomod/golang.org/x/term	0.20.0	Unknown	Unknown
gomod/golang.org/x/text	0.15.0	Unknown	Unknown
gomod/golang.org/x/tools	0.21.0	Unknown	Unknown
gomod/google.golang.org/appengine	1.6.8	🟢 7.6	Details Check Score Reason Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
gomod/google.golang.org/protobuf	1.33.0	Unknown	Unknown

Scanned Manifest Files

go.mod

• github.com/cespare/xxhash/[email protected]
• github.com/klauspost/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• google.golang.org/[email protected]
• github.com/cespare/xxhash/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• github.com/prometheus/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• golang.org/x/[email protected]
• google.golang.org/[email protected]
• google.golang.org/[email protected]

[flavio]

@dependabot rebase