Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECCOPM-27660: Fix vulnerabilities #15

Merged
merged 397 commits into from
Feb 28, 2024
Merged

SECCOPM-27660: Fix vulnerabilities #15

merged 397 commits into from
Feb 28, 2024

Conversation

jaimeyh
Copy link

@jaimeyh jaimeyh commented Feb 28, 2024

No description provided.

SuperQ and others added 30 commits September 2, 2022 10:49
* Fix some mistakes
* Switch to an ignore file.

Signed-off-by: Ben Kochie <superq@gmail.com>

Signed-off-by: Ben Kochie <superq@gmail.com>
…prometheus#2459)

Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/jsimonetti/rtnetlink/releases)
- [Commits](jsimonetti/rtnetlink@v1.2.0...v1.2.2)

---
updated-dependencies:
- dependency-name: github.com/jsimonetti/rtnetlink
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.12.2...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mutex to prevent race condition.

Signed-off-by: Robin Nabel <rnabel@ucdavis.edu>
Signed-off-by: Serhii Freidin <sfreydin@macpaw.com>

Signed-off-by: Serhii Freidin <sfreydin@macpaw.com>
The textfile collector will now provide a unified metric description
(that will look like "Metric read from file/a.prom, file/b.prom")
for metrics collected accross several text-files that don't already
have a description.

Also change the error handling in the textfile collector tests to
ContinueOnError to better mirror the real-life use-case.

Signed-off-by: Guillaume Espanel <guillaume.espanel.ext@ovhcloud.com>

Signed-off-by: Guillaume Espanel <guillaume.espanel.ext@ovhcloud.com>
skip over the zfs IO metrics if their paths are missing

Signed-off-by: tnextday <fw2k4@163.com>

Signed-off-by: tnextday <fw2k4@163.com>
* Improve metrics filesystem scanning logic
* Makes ioctl syscalls to load the device error stats.
* Adds filesystem mountpoint labels to existing metrics for ease of use.

Signed-off-by: Marcus Cobden <leth@users.noreply.github.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>

Signed-off-by: prombot <prometheus-team@googlegroups.com>
* [CHANGE] Merge metrics descriptions in textfile collector prometheus#2475
* [FEATURE] [node-mixin] Add darwin dashboard to mixin prometheus#2351
* [FEATURE] Add "isolated" metric on cpu collector on linux prometheus#2251
* [FEATURE] Add cgroup summary collector prometheus#2408
* [FEATURE] Add selinux collector prometheus#2205
* [FEATURE] Add slab info collector prometheus#2376
* [FEATURE] Add sysctl collector prometheus#2425
* [FEATURE] Also track the CPU Spin time for OpenBSD systems prometheus#1971
* [FEATURE] Add support for MacOS version prometheus#2471
* [ENHANCEMENT] [node-mixin] Add missing selectors prometheus#2426
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default prometheus#2281
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table prometheus#2364
* [ENHANCEMENT] [node-mixin] Change io time units to %util prometheus#2375
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd prometheus#2266
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin prometheus#2240
* [ENHANCEMENT] Add device filter flags to arp collector prometheus#2254
* [ENHANCEMENT] Add diskstats include and exclude device flags prometheus#2417
* [ENHANCEMENT] Add node_softirqs_total metric prometheus#2221
* [ENHANCEMENT] Add rapl zone name label option prometheus#2401
* [ENHANCEMENT] Add slabinfo collector prometheus#1799
* [ENHANCEMENT] Allow user to select port on NTP server to query prometheus#2270
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev prometheus#2404
* [ENHANCEMENT] Enable builds against older macOS SDK prometheus#2327
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name prometheus#2432
* [ENHANCEMENT] systemd: Expose systemd minor version prometheus#2282
* [ENHANCEMENT] Use netlink for tcpstat collector prometheus#2322
* [ENHANCEMENT] Use netlink to get netdev stats prometheus#2074
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles prometheus#2191
* [ENHANCEMENT] Add btrfs device error stats prometheus#2193
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning prometheus#2352
* [BUGFIX] Fix concurrency issue in ethtool collector prometheus#2289
* [BUGFIX] Fix concurrency issue in netdev collector prometheus#2267
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes prometheus#2311
* [BUGFIX] Fix iostat on macos broken by deprecation warning prometheus#2292
* [BUGFIX] Fix NodeFileDescriptorLimit alerts prometheus#2340
* [BUGFIX] Sanitize rapl zone names prometheus#2299
* [BUGFIX] Add file descriptor close safely in test prometheus#2447
* [BUGFIX] Fix race condition in os_release.go prometheus#2454
* [BUGFIX] Skip ZFS IO metrics if their paths are missing prometheus#2451

Signed-off-by: Ben Kochie <superq@gmail.com>

Signed-off-by: Ben Kochie <superq@gmail.com>
…fixes prometheus#2482 (prometheus#2485)

Signed-off-by: Darshil Chanpura <darshil@thatwebsite.xyz>
Correctly handle the new `collector.diskstats.device-exclude` flag to
avoid errors when using the old `collector.diskstats.ignored-devices`
flag.

Fixes: prometheus#2486

Signed-off-by: Ben Kochie <superq@gmail.com>
Signed-off-by: Johannes 'fish' Ziemke <github@5pi.de>
* Bump crypto and net CVE-2022-27191 CVE-2022-27664

Signed-off-by: Jason Culligan <jason.culligan@intel.com>
We don't need to fully sanitize the hwmon label values to metric/label
name strings.
* Just make sure they're valid UTF-8.
* Always included the label metric to avoid group_left failures.

Signed-off-by: Ben Kochie <superq@gmail.com>

Signed-off-by: Ben Kochie <superq@gmail.com>
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](opencontainers/selinux@v1.10.1...v1.10.2)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/mdlayher/netlink](https://github.com/mdlayher/netlink) from 1.6.0 to 1.6.2.
- [Release notes](https://github.com/mdlayher/netlink/releases)
- [Changelog](https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md)
- [Commits](mdlayher/netlink@v1.6.0...v1.6.2)

---
updated-dependencies:
- dependency-name: github.com/mdlayher/netlink
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…4.0 (prometheus#2493)

Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0.
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](coreos/go-systemd@v22.3.2...v22.4.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-systemd/v22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rometheus#2446)

* docs/node-mixin: add fsMountpointSelector

This adds the option to add a `mountpoint` selector to filesystem
related alerts. The default is `mountpoint!=""`.

* docs/node-mixins: add fsMountpointSelector to dashboards

Signed-off-by: Jan Fajerski <jfajersk@redhat.com>
Note however that the InetDiagMsg struct contains a InetDiagSockID
member, which itself contains some members which are explicitly
specified as big-endian in Linux kernel source:

struct inet_diag_sockid {
	__be16	idiag_sport;
	__be16	idiag_dport;
	__be32	idiag_src[4];
	__be32	idiag_dst[4];
	__u32	idiag_if;
	__u32	idiag_cookie[2];
};

node_exporter currently does not use these members for anything, so this
is acceptable (for now).

Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
…heus#2393)

Update exporter-toolkit to v0.8.1 to enable new listener support.

Signed-off-by: Perry Naseck <git@perrynaseck.com>
Some systems have broken netlink messages due to patched kernels. Since
these messages can not be parsed, add a flag to fall back to parsing
from `/proc/net/dev`.

Fixes: prometheus#2502

Signed-off-by: Ben Kochie <superq@gmail.com>

Signed-off-by: Ben Kochie <superq@gmail.com>
Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/jsimonetti/rtnetlink/releases)
- [Commits](jsimonetti/rtnetlink@v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: github.com/jsimonetti/rtnetlink
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
* Respect rootfs path config option in btrfs ioctl
* Fix btrfs device stats always being zero

Signed-off-by: Marcus Cobden <leth@users.noreply.github.com>
Copr community prometheus-exporters repository is obsoleted.

Signed-off-by: Otto Sabart <seberm@seberm.com>

Signed-off-by: Otto Sabart <seberm@seberm.com>
* update rtnetlink package to v1.2.3
* add RTNL version of netclass collector that have all the metrics that netdev collector provides, too.

Signed-off-by: Haoyu Sun <hasun@redhat.com>
Signed-off-by: Manuel Stausberg <stausberg@denic.de>
* Refactor netclass_rtnl collector

Merge the netclass_rtnl collector into the netclass collector.
* Disabled by default
* Followup to prometheus#2492

Signed-off-by: Ben Kochie <superq@gmail.com>
Avoid running on all CPUs by limiting the Go runtime to one CPU by
default. Avoids having Go routines schedule on every CPU, driving up the
visible run queue length on high CPU count systems.

This also helps workaround a kernel deadlock issue with reading from
sysfs concurrently.

See:
* prometheus#1880
* prometheus#2500

Signed-off-by: Ben Kochie <superq@gmail.com>
dependabot bot and others added 24 commits December 19, 2023 10:08
…us#2877)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
…2885)

Bumps [github.com/prometheus/exporter-toolkit](https://github.com/prometheus/exporter-toolkit) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/prometheus/exporter-toolkit/releases)
- [Changelog](https://github.com/prometheus/exporter-toolkit/blob/master/CHANGELOG.md)
- [Commits](prometheus/exporter-toolkit@v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/exporter-toolkit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…us#2886)

Bumps [github.com/beevik/ntp](https://github.com/beevik/ntp) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/beevik/ntp/releases)
- [Changelog](https://github.com/beevik/ntp/blob/main/RELEASE_NOTES.md)
- [Commits](beevik/ntp@v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/beevik/ntp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
…s#2898)

Signed-off-by: DBS-ST-VIT <dbs-st-vit@users.noreply.github.com>
Co-authored-by: DBS-ST-VIT <dbs-st-vit@users.noreply.github.com>
Signed-off-by: Alper Polat <gitperr@gmail.com>
Signed-off-by: David O'Rourke <david.orourke@gmail.com>
Signed-off-by: tyltr <tylitianrui@126.com>
…rometheus#2910)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…prometheus#2909)

Bumps [github.com/jsimonetti/rtnetlink](https://github.com/jsimonetti/rtnetlink) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/jsimonetti/rtnetlink/releases)
- [Commits](jsimonetti/rtnetlink@v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/jsimonetti/rtnetlink
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix hwmon nil ptr

syslink maybe lost in some cases.

---------

Signed-off-by: TaoGe <6657718+yowenter@users.noreply.github.com>
Fix golangci-lint "ineffectual assignment" by correctly capturing any
errors within the hwmon gathering loop.

Signed-off-by: Ben Kochie <superq@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
…eus#2925)

This reverts commit f34aaa6.

Signed-off-by: Caleb Webber <caleb@codingthemsoftly.com>
Signed-off-by: DongWei <jiangxuege@hotmail.com>
NodeDiskIOSaturation description should say 30m per the "for" clause

Signed-off-by: Taylor Sly <slyt@users.noreply.github.com>
Add depguard to golangci-lint to enforce the no-os/exec policy.

Signed-off-by: Ben Kochie <superq@gmail.com>
filesystem: surface filesystem device error

Fixes: prometheus#2918
---------

Signed-off-by: Pamela Mei i540369 <pamela.mei@sap.com>
…)" (prometheus#2932)

This reverts commit 9f1f791.

Signed-off-by: Ben Kochie <superq@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
@jaimeyh jaimeyh requested a review from a team as a code owner February 28, 2024 10:50
@jaimeyh jaimeyh merged commit 3f95435 into build Feb 28, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.