Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: update prometheus/exporter-toolkit for CVE-2022-46146 #3675

Merged
merged 2 commits into from
Dec 12, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* [ENHANCEMENT] Store-gateway: Add experimental alternate implementation of index-header reader that does not use mmap. This reader is expected to improve stability of the store-gateway. This implementation can be enabled with the flag `-blocks-storage.bucket-store.index-header.stream-reader-enabled`. #3639
* [BUGFIX] Log the names of services that are not yet running rather than `unsupported value type` when calling `/ready` and some services are not running. #3625
* [BUGFIX] Alertmanager: Fix template spurious deletion with relative data dir. #3604
* [BUGFIX] Security: update prometheus/exporter-toolkit for CVE-2022-46146. #3675

### Mixin

Expand Down
45 changes: 22 additions & 23 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -27,22 +27,22 @@ require (
github.com/opentracing-contrib/go-stdlib v1.0.0
github.com/opentracing/opentracing-go v1.2.0
github.com/pkg/errors v0.9.1
github.com/prometheus/alertmanager v0.24.1-0.20221026084920-33bba9509939
github.com/prometheus/client_golang v1.13.0
github.com/prometheus/alertmanager v0.24.1-0.20221130160919-c60fafa6025c
github.com/prometheus/client_golang v1.14.0
github.com/prometheus/client_model v0.3.0
github.com/prometheus/common v0.37.0
github.com/prometheus/prometheus v1.8.2-0.20220620125440-d7e7b8e04b5e
github.com/segmentio/fasthash v0.0.0-20180216231524-a72b379d632e
github.com/sirupsen/logrus v1.9.0
github.com/spf13/afero v1.6.0
github.com/spf13/afero v1.8.2
github.com/stretchr/testify v1.8.0
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/weaveworks/common v0.0.0-20220927162600-d0a1a93a15be
github.com/weaveworks/common v0.0.0-20221201103051-7c2720a9024d
go.uber.org/atomic v1.10.0
go.uber.org/goleak v1.2.0
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
golang.org/x/net v0.0.0-20221002022538-bcab6841153b
golang.org/x/sync v0.0.0-20220907140024-f12130a52804
golang.org/x/crypto v0.1.0
golang.org/x/net v0.1.0
golang.org/x/sync v0.1.0
golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45
google.golang.org/grpc v1.49.0
gopkg.in/yaml.v2 v2.4.0
Expand All @@ -66,11 +66,11 @@ require (
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/prometheusremotewrite v0.54.0
github.com/thanos-io/objstore v0.0.0-20221025150406-0ea26d7a8d2b
go.opentelemetry.io/collector/pdata v0.54.0
go.opentelemetry.io/otel v1.10.0
go.opentelemetry.io/otel/trace v1.10.0
go.opentelemetry.io/otel v1.11.1
go.opentelemetry.io/otel/trace v1.11.1
go.uber.org/multierr v1.8.0
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e
golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
golang.org/x/sys v0.1.0
google.golang.org/api v0.97.0
gopkg.in/alecthomas/kingpin.v2 v2.2.6
sigs.k8s.io/kustomize/kyaml v0.13.7
Expand Down Expand Up @@ -109,7 +109,7 @@ require (
github.com/chromedp/cdproto v0.0.0-20220629234738-4cfc9cdeeb92 // indirect
github.com/chromedp/chromedp v0.8.2 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/coreos/go-systemd/v22 v22.4.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/dnaeon/go-vcr v1.2.0 // indirect
Expand All @@ -128,10 +128,10 @@ require (
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
github.com/go-openapi/runtime v0.24.3-0.20221021160911-4425b20330b2 // indirect
github.com/go-openapi/runtime v0.25.0 // indirect
github.com/go-openapi/spec v0.20.7 // indirect
github.com/go-openapi/validate v0.22.0 // indirect
github.com/gofrs/uuid v4.3.0+incompatible // indirect
github.com/gofrs/uuid v4.3.1+incompatible // indirect
github.com/gogo/googleapis v1.4.1 // indirect
github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
Expand All @@ -146,7 +146,7 @@ require (
github.com/hashicorp/consul/api v1.15.2 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-hclog v1.1.0 // indirect
github.com/hashicorp/go-hclog v1.2.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-msgpack v0.5.5 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
Expand All @@ -162,12 +162,11 @@ require (
github.com/julienschmidt/httprouter v1.3.0 // indirect
github.com/klauspost/compress v1.15.9 // indirect
github.com/klauspost/cpuid/v2 v2.1.1 // indirect
github.com/kr/pretty v0.3.0 // indirect
github.com/kylelemons/godebug v1.1.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/miekg/dns v1.1.50 // indirect
github.com/minio/md5-simd v1.1.2 // indirect
github.com/minio/sha256-simd v1.0.0 // indirect
Expand All @@ -182,7 +181,7 @@ require (
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/common/sigv4 v0.1.0 // indirect
github.com/prometheus/exporter-toolkit v0.7.2-0.20220901134540-2434b08435da // indirect
github.com/prometheus/exporter-toolkit v0.8.2 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
Expand All @@ -203,23 +202,23 @@ require (
go.etcd.io/etcd/api/v3 v3.5.4 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect
go.etcd.io/etcd/client/v3 v3.5.4 // indirect
go.mongodb.org/mongo-driver v1.10.2 // indirect
go.mongodb.org/mongo-driver v1.11.0 // indirect
go.opencensus.io v0.23.0 // indirect
go.opentelemetry.io/collector v0.54.0 // indirect
go.opentelemetry.io/collector/semconv v0.54.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.36.0 // indirect
go.opentelemetry.io/otel/metric v0.32.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/mod v0.6.0 // indirect
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
golang.org/x/text v0.3.8 // indirect
golang.org/x/tools v0.1.12 // indirect
golang.org/x/text v0.4.0 // indirect
golang.org/x/tools v0.2.0 // indirect
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/ini.v1 v1.66.6 // indirect
gopkg.in/telebot.v3 v3.0.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/telebot.v3 v3.1.2 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
Expand Down
Loading