chore(deps): update dependency prometheus/prometheus to v3.1.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
prometheus/prometheus	minor	3.0.1 -> 3.1.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

prometheus/prometheus (prometheus/prometheus)

v3.1.0: 3.1.0 / 2025-01-02

Compare Source

What's Changed

• [SECURITY] upgrade golang.org/x/crypto to address reported CVE-2024-45337. #​15691
• [CHANGE] Notifier: Increment prometheus_notifications_errors_total by the number of affected alerts rather than per batch. #​15428
• [CHANGE] API: list rules field "groupNextToken:omitempty" renamed to "groupNextToken". #​15400
• [ENHANCEMENT] OTLP translate: keep identifying attributes in target_info. #​15448
• [ENHANCEMENT] Paginate rule groups, add infinite scroll to rules within groups. #​15677
• [ENHANCEMENT] TSDB: Improve calculation of space used by labels. #​13880
• [ENHANCEMENT] Rules: new metric rule_group_last_rule_duration_sum_seconds. #​15672
• [ENHANCEMENT] Observability: Export 'go_sync_mutex_wait_total_seconds_total' metric. #​15339
• [ENHANCEMEN] Remote-Write: optionally use a DNS resolver that picks a random IP. #​15329
• [PERF] Optimize l=~".+" matcher. #​15474, #​15684
• [PERF] TSDB: Cache all symbols for compaction . #​15455
• [PERF] TSDB: MemPostings: keep a map of label values slices. #​15426
• [PERF] Remote-Write: Remove interning hook. #​15456
• [PERF] Scrape: optimize string manipulation for experimental native histograms with custom buckets. #​15453
• [PERF] TSDB: reduce memory allocations. #​15465, #​15427
• [PERF] Storage: Implement limit in mergeGenericQuerier. #​14489
• [PERF] TSDB: Optimize inverse matching. #​14144
• [PERF] Regex: use stack memory for lowercase copy of string. #​15210
• [PERF] TSDB: When deleting from postings index, pause to unlock and let readers read. #​15242
• [BUGFIX] Main: Avoid possible segfault at exit. (#​15724)
• [BUGFIX] Rules: Do not run rules concurrently if uncertain about dependencies. #​15560
• [BUGFIX] PromQL: Adds test for absent, absent_over_time and deriv func with histograms. #​15667
• [BUGFIX] PromQL: Fix various bugs related to quoting UTF-8 characters. #​15531
• [BUGFIX] Scrape: fix nil panic after scrape loop reload. #​15563
• [BUGFIX] Remote-write: fix panic on repeated log message. #​15562
• [BUGFIX] Scrape: reload would ignore always_scrape_classic_histograms and convert_classic_histograms_to_nhcb configs. #​15489
• [BUGFIX] TSDB: fix data corruption in experimental native histograms. #​15482
• [BUGFIX] PromQL: Ignore histograms in all time related functions. #​15479
• [BUGFIX] OTLP receiver: Convert metric metadata. #​15416
• [BUGFIX] PromQL: Fix resets function for histograms. #​15527
• [BUGFIX] PromQL: Fix behaviour of changes() for mix of histograms and floats. #​15469
• [BUGFIX] PromQL: Fix behaviour of some aggregations with histograms. #​15432
• [BUGFIX] allow quoted exemplar keys in openmetrics text format. #​15260
• [BUGFIX] TSDB: fixes for rare conditions when loading write-behind-log (WBL). #​15380
• [BUGFIX] round() function did not remove __name__ label. #​15250
• [BUGFIX] Promtool: analyze block shows metric name with 0 cardinality. #​15438
• [BUGFIX] PromQL: Fix count_values for histograms. #​15422
• [BUGFIX] PromQL: fix issues with comparison binary operations with bool modifier and native histograms. #​15413
• [BUGFIX] PromQL: fix incorrect "native histogram ignored in aggregation" annotations. #​15414
• [BUGFIX] PromQL: Corrects the behaviour of some operator and aggregators with Native Histograms. #​15245
• [BUGFIX] TSDB: Always return unknown hint for first sample in non-gauge histogram chunk. #​15343
• [BUGFIX] PromQL: Clamp functions: Ignore any points with native histograms. #​15169
• [BUGFIX] TSDB: Fix race on stale values in headAppender. #​15322
• [BUGFIX] UI: Fix selector / series formatting for empty metric names. #​15340
• [BUGFIX] OTLP receiver: Allow colons in non-standard units. #​15710

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/prometheus:3.1.0

📦 Image Reference ghcr.io/uniget-org/tools/prometheus:3.1.0

digest	sha256:7fa5a9b541ab0638bbabba5e1a00a68636aea50bb919ca22f07736c2716b2b02
vulnerabilities
platform	linux/amd64
size	61 MB
packages	179

golang.org/x/net 0.32.0 (golang) pkg:golang/golang.org/x/net@0.32.0 Allocation of Resources Without Limits or Throttling Affected range <0.33.0 Fixed version 0.33.0 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Description An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

github.com/aws/aws-sdk-go 1.55.5 (golang) pkg:golang/github.com/aws/aws-sdk-go@1.55.5 Affected range >=0 Fixed version Not Fixed Description A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. Affected range >=0 Fixed version Not Fixed Description A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12585654717.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12585654717.