Skip to content

chore(deps): update module github.com/prometheus/common to v0.69.0#398

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-prometheus-common-0.x
Open

chore(deps): update module github.com/prometheus/common to v0.69.0#398
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-prometheus-common-0.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 27, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
github.com/prometheus/common v0.67.5v0.69.0 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

prometheus/common (github.com/prometheus/common)

v0.69.0

Compare Source

Security / behavior changes
  • config: credentials are no longer forwarded across cross-host redirects. When FollowRedirects is enabled, the HTTP client now strips Authorization, Cookie, Proxy-Authorization and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's net/http behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. #​901 #​920 #​921
  • config: LoadHTTPConfigFile now resolves relative file paths (e.g. *_file credentials, http_headers files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. #​925
Bugfixes
  • expfmt: fix nil pointer panic when parsing empty braces {}. #​922
  • model: fix Time.UnmarshalJSON for larger negative numbers. #​918
Performance
  • model: reduce allocations in Time.UnmarshalJSON. #​918
Internal
  • Synchronize common files from prometheus/prometheus. #​917
  • Modernize Go. #​919

Full Changelog: prometheus/common@v0.68.1...v0.69.0

v0.68.1

Compare Source

Security / behavior changes
  • config: credentials are no longer forwarded across cross-host redirects. When FollowRedirects is enabled, the HTTP client now strips Authorization, Cookie, Proxy-Authorization and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's net/http behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. #​901 #​920 #​921
  • config: LoadHTTPConfigFile now resolves relative file paths (e.g. *_file credentials, http_headers files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. #​925
Bugfixes
  • expfmt: fix nil pointer panic when parsing empty braces {}. #​922
  • model: fix Time.UnmarshalJSON for larger negative numbers. #​918
Performance
  • model: reduce allocations in Time.UnmarshalJSON. #​918
Internal
  • Synchronize common files from prometheus/prometheus. #​917
  • Modernize Go. #​919

Full Changelog: prometheus/common@v0.68.1...v0.69.0

v0.68.0

Compare Source

What's Changed
New Contributors

Full Changelog: prometheus/common@v0.67.5...v0.68.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on saturday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Jun 27, 2026
@red-hat-konflux

Copy link
Copy Markdown
Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated

Details:

Package Change
golang.org/x/sys v0.44.0 -> v0.45.0
golang.org/x/net v0.54.0 -> v0.55.0

@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown

Walkthrough

Three Go module dependencies in go.mod are bumped: golang.org/x/sys to v0.45.0, github.com/prometheus/common to v0.69.0, and golang.org/x/net to v0.55.0.

Changes

Dependency Version Bumps

Layer / File(s) Summary
go.mod version bumps
go.mod
golang.org/x/sys bumped from v0.44.0 to v0.45.0, github.com/prometheus/common from v0.67.5 to v0.69.0, and golang.org/x/net from v0.54.0 to v0.55.0.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only bumps dependencies and vendored code; no *_test.go files or Ginkgo titles were added or modified.
Test Structure And Quality ✅ Passed PR only updates go.mod and vendored deps; no Ginkgo test files or test logic were changed.
Microshift Test Compatibility ✅ Passed PR only bumps deps/vendor code; no *_test.go files or Ginkgo test additions were changed, so MicroShift compatibility isn’t impacted.
Single Node Openshift (Sno) Test Compatibility ✅ Passed The PR only bumps go.mod/go.sum and vendored dependency code; no *_test.go files or new Ginkgo e2e tests were added, so no SNO-specific risk.
Topology-Aware Scheduling Compatibility ✅ Passed The PR only updates go.mod/go.sum and vendored dependencies; no deployment manifests, controllers, or scheduling logic changed.
Ote Binary Stdout Contract ✅ Passed No process-level stdout writes were introduced; diff is dependency/vendor updates only, and the only init() found uses builtin print/debug output, not fmt/log stdout.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Diff only updates go.mod/go.sum/vendor deps; no new Ginkgo e2e tests were added, so IPv4/external-connectivity checks are not applicable.
No-Weak-Crypto ✅ Passed PASS: The patch is a dependency/vendor refresh; added lines show no MD5/SHA1/DES/RC4/Blowfish/ECB or secret-comparison changes.
Container-Privileges ✅ Passed PR only updates Go deps and vendored code; no Kubernetes/container manifest changes with privileged settings were introduced.
No-Sensitive-Data-In-Logs ✅ Passed No added log statements or sensitive-data logging appeared in the patch; changes are dependency/vendor bumps only.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely matches the primary change: updating github.com/prometheus/common to v0.69.0.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/github.com-prometheus-common-0.x

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

2 similar comments
@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jun 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot

Copy link
Copy Markdown

/retest-required

Remaining retests: 0 against base HEAD 1165e36 and 2 for PR HEAD 025e3a2 in total

@openshift-merge-bot

Copy link
Copy Markdown

/retest-required

Remaining retests: 0 against base HEAD 857149e and 1 for PR HEAD 025e3a2 in total

@openshift-merge-bot

Copy link
Copy Markdown

/retest-required

Remaining retests: 0 against base HEAD 6f7127b and 0 for PR HEAD 025e3a2 in total

@openshift-merge-bot

Copy link
Copy Markdown

/hold

Revision 025e3a2 was retested 3 times: holding

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 30, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-prometheus-common-0.x branch from 025e3a2 to feccc24 Compare July 4, 2026 01:24
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 4, 2026
@openshift-ci

openshift-ci Bot commented Jul 4, 2026

Copy link
Copy Markdown

New changes are detected. LGTM label has been removed.

@openshift-ci

openshift-ci Bot commented Jul 4, 2026

Copy link
Copy Markdown

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ocp419-e2e-azure feccc24 link true /test ocp419-e2e-azure
ci/prow/ocp418-e2e-azure feccc24 link true /test ocp418-e2e-azure
ci/prow/ocp421-e2e-aws feccc24 link true /test ocp421-e2e-aws
ci/prow/ocp422-e2e-aws feccc24 link true /test ocp422-e2e-aws
ci/prow/ocp417-e2e-aws feccc24 link true /test ocp417-e2e-aws
ci/prow/ocp420-e2e-aws feccc24 link true /test ocp420-e2e-aws
ci/prow/ocp416-e2e-aws feccc24 link true /test ocp416-e2e-aws
ci/prow/ocp50-e2e-aws feccc24 link true /test ocp50-e2e-aws

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-prometheus-common-0.x branch from feccc24 to 28b2f5b Compare July 4, 2026 09:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants