Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECCOMP-27660: Fix vulnerabilities with upstream repo changes #95

Merged
merged 156 commits into from
Feb 22, 2024

Conversation

jaimeyh
Copy link

@jaimeyh jaimeyh commented Feb 22, 2024

No description provided.

rgeyer and others added 30 commits May 25, 2022 14:35
Signed-off-by: Ryan J. Geyer <me@ryangeyer.com>
Signed-off-by: Joe Adams <github@joeadams.io>
It is necessary to be able to exclude backups from long-running
transaction alerts, as they are to be expected. With the current
pg_stat_activity metric there is no ability to filter out
specific users or application names.

Resolves prometheus-community#668

Signed-off-by: cezmunsta <github@incoming-email.co.uk>
Signed-off-by: cezmunsta <github@incoming-email.co.uk>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
… leak

Signed-off-by: Kurtis Bass <kurtis.bass@hinge.co>
Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>
Signed-off-by: Khiem Doan <doankhiem.crazy@gmail.com>
Signed-off-by: Khiem Doan <doankhiem.crazy@gmail.com>
Signed-off-by: Khiem Doan <doankhiem.crazy@gmail.com>
Signed-off-by: Oleksandr Mysyura <olexandr.mysyura@pragmaticplay.com>
…-dashboard-linting

Dashboard linting improvements for mixin
…/repo_sync

Synchronize common files from prometheus/prometheus
Signed-off-by: prombot <prometheus-team@googlegroups.com>
…/repo_sync

Synchronize common files from prometheus/prometheus
Update to the latest exporter-toolkit
* Enables multi-listener and systemd socket activation.
* Bump Go to 1.19.
* Remove `PG_EXPORTER_WEB_LISTEN_ADDRESS` env var because this is now a
  repeatable flag.

Signed-off-by: SuperQ <superq@gmail.com>
Signed-off-by: SuperQ <superq@gmail.com>
Signed-off-by: Zachary Caldarola <zachary.caldarola@reddit.com>
…/bjk/exporter-toolkit-bump

Update exporter-toolkit
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…/dependabot/go_modules/github.com/prometheus/client_golang-1.14.0

Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.37.0 to 0.39.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.37.0...v0.39.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…/dependabot/go_modules/github.com/prometheus/common-0.39.0

Bump github.com/prometheus/common from 0.37.0 to 0.39.0
Signed-off-by: Zachary Caldarola <zachary.caldarola@reddit.com>
Signed-off-by: Zachary Caldarola <zmc2005@gmail.com>
Signed-off-by: Zachary Caldarola <zmc2005@gmail.com>
Signed-off-by: Zachary Caldarola <zmc2005@gmail.com>
albix and others added 26 commits September 5, 2023 22:07
The leak was introduced in PR#882

Signed-off-by: Christian Albrecht <cal@albix.de>
Co-authored-by: Christian Albrecht <christian.albrecht@akquinet.de>
Signed-off-by: David Cook <dcook@divviup.org>
Signed-off-by: Vladimir Luksha <waldemarluksha@gmail.com>
Co-authored-by: Vladimir Luksha <luksha@limcore.io>
Signed-off-by: David Cook <dcook@divviup.org>
)

* Fix bugs mentioned in prometheus-community#908

These collectors are disabled by default, so unless enabled, they are not tested regularly.

Signed-off-by: Joe Adams <github@joeadams.io>

---------

Signed-off-by: Joe Adams <github@joeadams.io>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
* Add changelog for v0.14

- Add changelog entries since v0.13.2
- Update README with new options
- Bump version file

Signed-off-by: Joe Adams <github@joeadams.io>

* Add changelog entry for prometheus-community#904

Signed-off-by: Joe Adams <github@joeadams.io>

---------

Signed-off-by: Joe Adams <github@joeadams.io>
Signed-off-by: Eric tyrrell <eric.tyrrell18+github@gmail.com>
Another case of untyped integer overflows on 32-bit arch.

Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
Run Go tests with 32-bit to validate value overflow.

Signed-off-by: SuperQ <superq@gmail.com>
…theus-community#925)

* Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update tests for latest client_golang.

Signed-off-by: SuperQ <superq@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: SuperQ <superq@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: SuperQ <superq@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](golang/net@v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [ENHANCEMENT] Add 1kB and 2kB units prometheus-community#915
* [BUGFIX] Add error log when probe collector creation fails prometheus-community#918
* [BUGFIX] Fix test build failures on 32-bit arch prometheus-community#919
* [BUGFIX] Adjust collector to use separate connection per scrape prometheus-community#936

Signed-off-by: SuperQ <superq@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
Signed-off-by: Alex Simenduev <shamil.si@gmail.com>
…ommunity#948)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.44.0 to 0.45.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](https://github.com/prometheus/client_model/commits/v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…-community#961)

* feat(pg_stat_database): active time metric

---------

Signed-off-by: Jiri Sveceny <jiri.sveceny@icloud.com>
)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…theus-community#993)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ty#1003)

This is the only log message which didn't specify a level in the
postgres_exporter. I am unsure if this log message should be info or
debug, but leaning towards the more important since previously it would
just always log.

The way I validated this was the only non-leveled logger was via grep.
Both of these only returned this callsite previously:

  git grep 'logger\.Log'
  git grep '\.Log(' | grep -v level

Signed-off-by: Keegan Carruthers-Smith <keegan.csmith@gmail.com>
@jaimeyh jaimeyh requested a review from a team as a code owner February 22, 2024 14:55
@jaimeyh jaimeyh merged commit 1bd39e8 into build Feb 22, 2024
6 checks passed
@jaimeyh jaimeyh deleted the SECCOMP-27660 branch February 22, 2024 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet