Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1

[dependabot]

Bumps github.com/prometheus/client_golang from 1.11.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
• [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
• [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028
• [ENHANCEMENT] prometheus/push.Pusher has now Error method that retrieve last error. #1075
• [ENHANCEMENT] testutil.GatherAndCompare provides now readable diff on failed comparisons. #998
• [ENHANCEMENT] Query API now supports timeouts. #1014
• [ENHANCEMENT] New MetricVec method DeletePartialMatch(labels Labels) for deleting all metrics that match provided labels. #1013
• [ENHANCEMENT] api.Config now accepts passing custom *http.Client. #1025
• [BUGFIX] Raise exemplar labels limit from 64 to 128 bytes as specified in OpenMetrics spec. #1091
• [BUGFIX] Allow adding exemplar to +Inf bucket to const histograms. #1094
• [ENHANCEMENT] Most promhttp.Instrument* middlewares now supports adding exemplars to metrics. This allows hooking those to your tracing middleware that retrieves trace ID and put it in exemplar if present. #1055
• [ENHANCEMENT] Added testutil.ScrapeAndCompare method. #1043
• [BUGFIX] Fixed GopherJS build support. #897
• [ENHANCEMENT] ⚠️ Added way to specify what runtime/metrics collectors.NewGoCollector should use. See ExampleGoCollector_WithAdvancedGoMetrics. #1102

1.12.2 / 2022-05-13

• [CHANGE] Added collectors.WithGoCollections that allows to choose what collection of Go runtime metrics user wants: Equivalent of MemStats structure configured using GoRuntimeMemStatsCollection, new based on dedicated runtime/metrics metrics represented by GoRuntimeMetricsCollection option, or both by specifying GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection flag. #1031
• [CHANGE] ⚠️ Change in collectors.NewGoCollector metrics: Reverting addition of new ~80 runtime metrics by default. You can enable this back with GoRuntimeMetricsCollection option or GoRuntimeMemStatsCollection | GoRuntimeMetricsCollection for smooth transition.
• [BUGFIX] Fixed the bug that causes generated histogram metric names to end with _total. ⚠️ This changes 3 metric names in the new Go collector that was reverted from default in this release.
  • go_gc_heap_allocs_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes,
  • go_gc_heap_frees_by_size_bytes_total -> go_gc_heap_allocs_by_size_bytes
  • go_gc_pauses_seconds_total -> go_gc_pauses_seconds.
• [CHANCE] Removed -Inf buckets from new Go Collector histograms.

1.12.1 / 2022-01-29

• [BUGFIX] Make the Go 1.17 collector concurrency-safe #969
  • Use simpler locking in the Go 1.17 collector #975
• [BUGFIX] Reduce granularity of histogram buckets for Go 1.17 collector #974
• [ENHANCEMENT] API client: make HTTP reads more efficient #976

1.12.0 / 2022-01-19

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ dustinxie
❌ dependabot[bot]
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov]

Codecov Report

Merging #3809 (b47d722) into master (e1f0636) will increase coverage by 0.04%.
The diff coverage is 75.67%.

❗ Current head b47d722 differs from pull request most recent head 812388c. Consider uploading reports for the commit 812388c to get more accurate results

@@            Coverage Diff             @@
##           master    #3809      +/-   ##
==========================================
+ Coverage   75.38%   75.42%   +0.04%     
==========================================
  Files         303      303              
  Lines       25923    26009      +86     
==========================================
+ Hits        19541    19618      +77     
- Misses       5360     5367       +7     
- Partials     1022     1024       +2     

Impacted Files	Coverage Δ
api/web3server_marshal.go	93.21% <ø> (ø)
api/web3server_utils.go	69.20% <16.66%> (-3.67%)	⬇️
api/serverV2.go	86.95% <50.00%> (ø)
api/web3server.go	81.41% <87.50%> (+2.74%)	⬆️
api/coreservice.go	68.09% <88.23%> (+0.74%)	⬆️
blockchain/genesis/genesis.go	72.36% <100.00%> (ø)

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[github-actions]

Starting review process for this pull request send by **None**
**Commits** in this pull request: 1

**Additions**: 3
**Changed** files: 2
**Deletions**: 3

[github-actions]

🚨 Fail code review process for file go.mod.

You didn't provide an API key. You need to provide your API key in an Authorization header using Bearer auth (i.e. Authorization: Bearer YOUR_KEY), or as the password field (with blank username) if you're accessing the API from your browser and are prompted for a username and password. You can obtain an API key from https://platform.openai.com/account/api-keys.

[github-actions]

🚨 Fail code review process for file go.sum.

You didn't provide an API key. You need to provide your API key in an Authorization header using Bearer auth (i.e. Authorization: Bearer YOUR_KEY), or as the password field (with blank username) if you're accessing the API from your browser and are prompted for a username and password. You can obtain an API key from https://platform.openai.com/account/api-keys.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[github-actions]

Starting review process for this pull request send by **None**
**Commits** in this pull request: 2

**Additions**: 3
**Changed** files: 2
**Deletions**: 3

[github-actions]

🚨 Fail code review process for file go.mod.

This model's maximum context length is 4097 tokens. However, you requested 7128 tokens (4056 in the messages, 3072 in the completion). Please reduce the length of the messages or completion.

[github-actions]

🚨 Fail code review process for file go.sum.

This model's maximum context length is 4097 tokens. However, your messages resulted in 98131 tokens. Please reduce the length of the messages.

[github-actions]

ChatGPT's review about .github/workflows/chatgpt.yaml file:
There are no obvious bugs in this code, but there are a few potential Code Smells and areas for improvement:

1. The name of the job and the workflow are the same, which can be confusing. It would be better to give the job a more descriptive name, such as "Run ChatGPT Code Review".

2. The permissions for the job are overly permissive. It's not clear why the job needs write access to all contents, pull requests, issues, and statuses. It would be better to limit the permissions to only what the job actually needs.

3. The openai-max-tokens parameter is hard-coded to 3072. It would be better to make this a configurable parameter, so that it can be adjusted as needed.

4. The exclude-dir parameter is commented out, but it's not clear why. If this parameter is needed, it should be uncommented and configured appropriately.

Here's an updated version of the code with these improvements:

b'name: ChatGPT Code Review\n\non:\n pull_request:\n types: [opened, synchronize]\n\npermissions: write\n\njobs:\n Run ChatGPT Code Review:\n permissions:\n contents: read\n pull-requests: write\n runs-on: ubuntu-latest\n steps:\n - uses: xianhuawei/github-chatgpt-integration@main\n with:\n openai-api-key: ${{ secrets.OPENAI_TOKEN }}\n github-token: ${{ secrets.GITHUB_TOKEN }}\n github-pr-id: ${{ github.event.number }}\n dev-lang: Go\n openai-max-tokens: ${{ env.MAX_TOKENS }}\n exclude-dir: ${{ env.EXCLUDE_DIR }}\n'

In this version, the job name has been changed to "Run ChatGPT Code Review", the permissions have been limited to only what the job needs, the openai-max-tokens parameter has been made configurable, and the exclude-dir parameter has been uncommented and made configurable.

[github-actions]

ChatGPT's review about .github/workflows/ci.yaml file:
There are a few potential issues and improvements that can be made to this Go code:

1. The go-version specified in the setup-go step is hardcoded to 1.18.5. It would be better to use a variable or parameter to allow for easier version updates in the future.

2. The cache option in the setup-go step is set to false. Caching can significantly speed up build times, so it may be worth enabling this option.

3. The golint command in the Run Test step is using the master branch of the golang.org/x/lint/golint package. It would be better to specify a specific version or commit hash to ensure consistent behavior.

4. The grep commands in the Run Test step are filtering out certain directories (/vendor/, /explorer/idl/, and /api/idl/). It's not clear why these directories are being excluded, so it may be worth revisiting this decision.

5. The Make Minicluster step is only executed if the pull request has been merged. It's not clear why this is necessary, as the step could be executed regardless of the pull request status.

6. The Make Minicluster step is using the bash shell instead of the default sh shell. This may cause issues if the bash shell is not installed on the system.

Here's a revised version of the code with these improvements:

name: ci

on:
  pull_request:
    branches: [master]
  workflow_dispatch:

permissions:
  contents: read
  pull-requests: read
  packages: write

env:
  GO111MODULE: on
  GO_VERSION: 1.18.5

jobs:
  ci:
    name: ci flow
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        # with:
        #   submodules: recursive

      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GO_VERSION }}
          cache: true

      - name: Build Go
        run: go build ./...

      - name: Run Test
        id: unittest
        run: |
          go install golang.org/x/lint/[email protected]
          go install github.com/dave/courtney@latest
          go mod tidy
          golint -set_exit_status $(go list ./...)
          #go get -u github.com/dave/courtney@038390a12707e2d91979d2ca77a71597f4afe400
          ./go.test.sh
          #make test
          go test -run=XXX -bench=. $(go list ./crypto)
          bash <(curl -s https://codecov.io/bash)

      - name: Make Minicluster
        id: minicluster
        run: |
          make minicluster

In this revised version, the go-version is specified using an environment variable, which can be easily updated. The cache option is also set to true to enable caching. The golint command now specifies a specific version (v1.42.0) instead of using master. The grep commands have been removed, as it's not clear why they were necessary. The Make Minicluster step is now executed regardless of the pull request status, and the bash shell has been removed to use the default sh shell.

[github-actions]

🚨 Fail code review process for file api/coreservice_test.go.

This model's maximum context length is 4097 tokens. However, you requested 7022 tokens (3950 in the messages, 3072 in the completion). Please reduce the length of the messages or completion.

[github-actions]

🚨 Fail code review process for file api/serverV2.go.

This model's maximum context length is 4097 tokens. However, you requested 4401 tokens (1329 in the messages, 3072 in the completion). Please reduce the length of the messages or completion.

[github-actions]

🚨 Fail code review process for file go.mod.

This model's maximum context length is 4097 tokens. However, you requested 7128 tokens (4056 in the messages, 3072 in the completion). Please reduce the length of the messages or completion.

[github-actions]

🚨 Fail code review process for file go.sum.

This model's maximum context length is 4097 tokens. However, your messages resulted in 98137 tokens. Please reduce the length of the messages.