SECCOPM-27660: Fix vulnerabilities #15
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix some mistakes * Switch to an ignore file. Signed-off-by: Ben Kochie <[email protected]> Signed-off-by: Ben Kochie <[email protected]>
…prometheus#2459) Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.2.0 to 1.2.2. - [Release notes](https://github.com/jsimonetti/rtnetlink/releases) - [Commits](jsimonetti/rtnetlink@v1.2.0...v1.2.2) --- updated-dependencies: - dependency-name: github.com/jsimonetti/rtnetlink dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.2...v1.13.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mutex to prevent race condition. Signed-off-by: Robin Nabel <[email protected]>
Signed-off-by: Serhii Freidin <[email protected]> Signed-off-by: Serhii Freidin <[email protected]>
The textfile collector will now provide a unified metric description (that will look like "Metric read from file/a.prom, file/b.prom") for metrics collected accross several text-files that don't already have a description. Also change the error handling in the textfile collector tests to ContinueOnError to better mirror the real-life use-case. Signed-off-by: Guillaume Espanel <[email protected]> Signed-off-by: Guillaume Espanel <[email protected]>
skip over the zfs IO metrics if their paths are missing Signed-off-by: tnextday <[email protected]> Signed-off-by: tnextday <[email protected]>
* Improve metrics filesystem scanning logic * Makes ioctl syscalls to load the device error stats. * Adds filesystem mountpoint labels to existing metrics for ease of use. Signed-off-by: Marcus Cobden <[email protected]>
Signed-off-by: prombot <[email protected]> Signed-off-by: prombot <[email protected]>
* [CHANGE] Merge metrics descriptions in textfile collector prometheus#2475 * [FEATURE] [node-mixin] Add darwin dashboard to mixin prometheus#2351 * [FEATURE] Add "isolated" metric on cpu collector on linux prometheus#2251 * [FEATURE] Add cgroup summary collector prometheus#2408 * [FEATURE] Add selinux collector prometheus#2205 * [FEATURE] Add slab info collector prometheus#2376 * [FEATURE] Add sysctl collector prometheus#2425 * [FEATURE] Also track the CPU Spin time for OpenBSD systems prometheus#1971 * [FEATURE] Add support for MacOS version prometheus#2471 * [ENHANCEMENT] [node-mixin] Add missing selectors prometheus#2426 * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default prometheus#2281 * [ENHANCEMENT] [node-mixin] Change disk graph to disk table prometheus#2364 * [ENHANCEMENT] [node-mixin] Change io time units to %util prometheus#2375 * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd prometheus#2266 * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin prometheus#2240 * [ENHANCEMENT] Add device filter flags to arp collector prometheus#2254 * [ENHANCEMENT] Add diskstats include and exclude device flags prometheus#2417 * [ENHANCEMENT] Add node_softirqs_total metric prometheus#2221 * [ENHANCEMENT] Add rapl zone name label option prometheus#2401 * [ENHANCEMENT] Add slabinfo collector prometheus#1799 * [ENHANCEMENT] Allow user to select port on NTP server to query prometheus#2270 * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev prometheus#2404 * [ENHANCEMENT] Enable builds against older macOS SDK prometheus#2327 * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name prometheus#2432 * [ENHANCEMENT] systemd: Expose systemd minor version prometheus#2282 * [ENHANCEMENT] Use netlink for tcpstat collector prometheus#2322 * [ENHANCEMENT] Use netlink to get netdev stats prometheus#2074 * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles prometheus#2191 * [ENHANCEMENT] Add btrfs device error stats prometheus#2193 * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning prometheus#2352 * [BUGFIX] Fix concurrency issue in ethtool collector prometheus#2289 * [BUGFIX] Fix concurrency issue in netdev collector prometheus#2267 * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes prometheus#2311 * [BUGFIX] Fix iostat on macos broken by deprecation warning prometheus#2292 * [BUGFIX] Fix NodeFileDescriptorLimit alerts prometheus#2340 * [BUGFIX] Sanitize rapl zone names prometheus#2299 * [BUGFIX] Add file descriptor close safely in test prometheus#2447 * [BUGFIX] Fix race condition in os_release.go prometheus#2454 * [BUGFIX] Skip ZFS IO metrics if their paths are missing prometheus#2451 Signed-off-by: Ben Kochie <[email protected]> Signed-off-by: Ben Kochie <[email protected]>
…fixes prometheus#2482 (prometheus#2485) Signed-off-by: Darshil Chanpura <[email protected]>
Correctly handle the new `collector.diskstats.device-exclude` flag to avoid errors when using the old `collector.diskstats.ignored-devices` flag. Fixes: prometheus#2486 Signed-off-by: Ben Kochie <[email protected]>
Signed-off-by: Johannes 'fish' Ziemke <[email protected]>
* Bump crypto and net CVE-2022-27191 CVE-2022-27664 Signed-off-by: Jason Culligan <[email protected]>
We don't need to fully sanitize the hwmon label values to metric/label name strings. * Just make sure they're valid UTF-8. * Always included the label metric to avoid group_left failures. Signed-off-by: Ben Kochie <[email protected]> Signed-off-by: Ben Kochie <[email protected]>
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/mdlayher/netlink](https://github.com/mdlayher/netlink) from 1.6.0 to 1.6.2. - [Release notes](https://github.com/mdlayher/netlink/releases) - [Changelog](https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md) - [Commits](mdlayher/netlink@v1.6.0...v1.6.2) --- updated-dependencies: - dependency-name: github.com/mdlayher/netlink dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…4.0 (prometheus#2493) Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](coreos/go-systemd@v22.3.2...v22.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rometheus#2446) * docs/node-mixin: add fsMountpointSelector This adds the option to add a `mountpoint` selector to filesystem related alerts. The default is `mountpoint!=""`. * docs/node-mixins: add fsMountpointSelector to dashboards Signed-off-by: Jan Fajerski <[email protected]>
Note however that the InetDiagMsg struct contains a InetDiagSockID
member, which itself contains some members which are explicitly
specified as big-endian in Linux kernel source:
struct inet_diag_sockid {
__be16 idiag_sport;
__be16 idiag_dport;
__be32 idiag_src[4];
__be32 idiag_dst[4];
__u32 idiag_if;
__u32 idiag_cookie[2];
};
node_exporter currently does not use these members for anything, so this
is acceptable (for now).
Signed-off-by: Daniel Swarbrick <[email protected]>
…heus#2393) Update exporter-toolkit to v0.8.1 to enable new listener support. Signed-off-by: Perry Naseck <[email protected]>
Some systems have broken netlink messages due to patched kernels. Since these messages can not be parsed, add a flag to fall back to parsing from `/proc/net/dev`. Fixes: prometheus#2502 Signed-off-by: Ben Kochie <[email protected]> Signed-off-by: Ben Kochie <[email protected]>
Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](prometheus/client_model@v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.2.2 to 1.2.3. - [Release notes](https://github.com/jsimonetti/rtnetlink/releases) - [Commits](jsimonetti/rtnetlink@v1.2.2...v1.2.3) --- updated-dependencies: - dependency-name: github.com/jsimonetti/rtnetlink dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
* Respect rootfs path config option in btrfs ioctl * Fix btrfs device stats always being zero Signed-off-by: Marcus Cobden <[email protected]>
Copr community prometheus-exporters repository is obsoleted. Signed-off-by: Otto Sabart <[email protected]> Signed-off-by: Otto Sabart <[email protected]>
* update rtnetlink package to v1.2.3 * add RTNL version of netclass collector that have all the metrics that netdev collector provides, too. Signed-off-by: Haoyu Sun <[email protected]>
Signed-off-by: Manuel Stausberg <[email protected]>
* Refactor netclass_rtnl collector Merge the netclass_rtnl collector into the netclass collector. * Disabled by default * Followup to prometheus#2492 Signed-off-by: Ben Kochie <[email protected]>
Avoid running on all CPUs by limiting the Go runtime to one CPU by default. Avoids having Go routines schedule on every CPU, driving up the visible run queue length on high CPU count systems. This also helps workaround a kernel deadlock issue with reading from sysfs concurrently. See: * prometheus#1880 * prometheus#2500 Signed-off-by: Ben Kochie <[email protected]>
…us#2877) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: prombot <[email protected]>
…2885) Bumps [github.com/prometheus/exporter-toolkit](https://github.com/prometheus/exporter-toolkit) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/prometheus/exporter-toolkit/releases) - [Changelog](https://github.com/prometheus/exporter-toolkit/blob/master/CHANGELOG.md) - [Commits](prometheus/exporter-toolkit@v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/prometheus/exporter-toolkit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…us#2886) Bumps [github.com/beevik/ntp](https://github.com/beevik/ntp) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/beevik/ntp/releases) - [Changelog](https://github.com/beevik/ntp/blob/main/RELEASE_NOTES.md) - [Commits](beevik/ntp@v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/beevik/ntp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.17.0...v1.18.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: prombot <[email protected]>
…s#2898) Signed-off-by: DBS-ST-VIT <[email protected]> Co-authored-by: DBS-ST-VIT <[email protected]>
Signed-off-by: Alper Polat <[email protected]>
Signed-off-by: David O'Rourke <[email protected]>
Signed-off-by: tyltr <[email protected]>
…rometheus#2910) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.45.0 to 0.46.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.45.0...v0.46.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…prometheus#2909) Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/jsimonetti/rtnetlink/releases) - [Commits](jsimonetti/rtnetlink@v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/jsimonetti/rtnetlink dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix hwmon nil ptr syslink maybe lost in some cases. --------- Signed-off-by: TaoGe <[email protected]>
Fix golangci-lint "ineffectual assignment" by correctly capturing any errors within the hwmon gathering loop. Signed-off-by: Ben Kochie <[email protected]>
Signed-off-by: prombot <[email protected]>
…eus#2925) This reverts commit f34aaa6. Signed-off-by: Caleb Webber <[email protected]>
Signed-off-by: DongWei <[email protected]>
NodeDiskIOSaturation description should say 30m per the "for" clause Signed-off-by: Taylor Sly <[email protected]>
Add depguard to golangci-lint to enforce the no-os/exec policy. Signed-off-by: Ben Kochie <[email protected]>
filesystem: surface filesystem device error Fixes: prometheus#2918 --------- Signed-off-by: Pamela Mei i540369 <[email protected]>
…)" (prometheus#2932) This reverts commit 9f1f791. Signed-off-by: Ben Kochie <[email protected]>
Signed-off-by: prombot <[email protected]>
eckelon
approved these changes
Feb 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.