Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1

[dependabot]

Bumps github.com/prometheus/client_golang from 1.11.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.16.0 / 2023-06-15

• [BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252
• [BUGFIX] api: Fix undefined execution order in return statements. #1260
• [BUGFIX] native histograms: Fix bug in bucket key calculation. #1279
• [ENHANCEMENT] Reduce constrainLabels allocations for all metrics. #1272
• [ENHANCEMENT] promhttp: Add process start time header for scrape efficiency. #1278
• [ENHANCEMENT] promlint: Improve metricUnits runtime. #1286

1.15.1 / 2023-05-3

• [BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary),
  causing panics. #1253

1.15.0 / 2023-04-13

• [BUGFIX] Fix issue with atomic variables on ppc64le. #1171
• [BUGFIX] Support for multiple samples within same metric. #1181
• [BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149. #1187
• [ENHANCEMENT] Add exemplars and middleware examples. #1173
• [ENHANCEMENT] Add more context to "duplicate label names" error to enable debugging. #1177
• [ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs. #1151
• [ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package. #1183
• [ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation. #1066
• [ENHANCEMENT] Add ability to Pusher to add custom headers. #1218
• [ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage. #1225
• [ENHANCEMENT] Added (official) support for go 1.20. #1234
• [ENHANCEMENT] timer: Added support for exemplars. #1233
• [ENHANCEMENT] Filter expected metrics as well in CollectAndCompare. #1143
• [ENHANCEMENT] ⚠️ Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed. #1238

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
• [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
• [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

Merging #86 (3a6b988) into master (50d96b9) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #86   +/-   ##
=======================================
  Coverage   59.76%   59.76%           
=======================================
  Files          11       11           
  Lines        1541     1541           
=======================================
  Hits          921      921           
  Misses        524      524           
  Partials       96       96           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[tekenstam]

@dependabot rebase