build(deps): bump github.com/prometheus/common from 0.57.0 to 0.60.0 #980
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/prometheus/common-0.60.0
branch
2 times, most recently
from
49b21f0
to
b4dbad9
Compare
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.57.0 to 0.60.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](prometheus/common@v0.57.0...v0.60.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/prometheus/common-0.60.0
branch
from
b4dbad9
to
2eec401
Compare
|
@dependabot rebase |
|
Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request |
|
I can't see fossa results. Here is my analysis. To remove the dependency on prometheus/common, we need to replace the model.Vector, model.ValVector, and model.AlertNameLabel with custom types or raw data handling that directly processes Prometheus API responses. This will likely involve a significant refactoring. We'd have to rewrite the code to parse and handle Prometheus query results manually, which could be complex and error-prone. Legally, I am not sure if importing and linking prometheus/common/model from the common package is the same as linking prometheus/common. As I haven't seen what causes the license conflict, I cannot propose a way forward as of today, without my fossa account fixed. |
evrardjp
deleted the
dependabot/go_modules/github.com/prometheus/common-0.60.0
branch
Bumps github.com/prometheus/common from 0.57.0 to 0.60.0.
Release notes
Sourced from github.com/prometheus/common's releases.
Commits
dae848dUpdate supported Go versions (#700)63ff77eBump golang.org/x/oauth2 from 0.22.0 to 0.23.0 (#698)b7aa68cBump golang.org/x/net from 0.28.0 to 0.29.0 (#699)4e3a6fdfeat: addpromslog.NewNopLogger()convenience func (#697)d66e745promslog: use UTC timestamps for go-kit log style (#696)14bac55Merge pull request #695 from prometheus/repo_sync8bc4cd5Update common Prometheus files40d6251Merge pull request #694 from jkroepke/slog/writerfa21dfdUpdate common Prometheus files (#692)5f9af24slog: expose io.WriterDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)