Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade prom-client from 13.2.0 to 15.1.3 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade prom-client from 13.2.0 to 15.1.3 #6

wants to merge 1 commit into from

Conversation

OKEAMAH
Copy link
Owner

@OKEAMAH OKEAMAH commented Aug 1, 2024

snyk-top-banner

Snyk has created this PR to upgrade prom-client from 13.2.0 to 15.1.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 12 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 159 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 159 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 159 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 159 No Known Exploit
high severity Prototype Pollution
SNYK-JS-INI-1048974		 159 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 159 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 159 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 159 No Known Exploit
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 159 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 159 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 159 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 159 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 159 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 159 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 159 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 159 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 159 Proof of Concept
Release notes
Package name: prom-client
  • 15.1.3 - 2024-06-27

    What's Changed

    New Contributors

    Full Changelog: v15.1.2...v15.1.3

  • 15.1.2 - 2024-04-16

    What's Changed

    • Enable bun.js by catching NotImplemented errorby @ owlcode in #624
    • Add Registry.PROMETHEUS_CONTENT_TYPE and Registry.OPENMETRICS_CONTENT_TYPE constants to the TypeScript types by @ SimenB in #626
    • Correctly read and set contentType top level export by @ SimenB in #625

    New Contributors

    Full Changelog: v15.1.1...v15.1.2

  • 15.1.1 - 2024-03-26

    What's Changed

    • perf: improve the memory usage of histogram by @ xsbchen in #606
    • fix: avoid updating exemplar values during subsequent metric changes by @ psimk in #620

    New Contributors

    Full Changelog: v15.1.0...v15.1.1

  • 15.1.0 - 2023-12-15

    Changed

    • remove unnecessary loop from osMemoryHeapLinux
    • Improve performance of hashObject by using pre-sorted array of label names
    • Fix type of collectDefaultMetrics.metricsList

    Added

    • Allow Pushgateway to now require job names for compatibility with Gravel Gateway.
    • Allow histogram.startTime() to be used with exemplars.

    New Contributors

    Full Changelog: v15.0.0...v15.1.0

  • 15.0.0 - 2023-10-09

    Added

    • Support for OpenMetrics and Exemplars

    Breaking

    • drop support for Node.js versions 10, 12, 14, 17 and 19

    Changed

    • Refactor histogram internals and provide a fast path for rendering metrics to Prometheus strings when there are many labels shared across different values.
    • Disable custom content encoding for pushgateway delete requests in order to avoid failures from the server when using Content-Encoding: gzip header.
    • Refactor escapeString helper in lib/registry.js to improve performance and avoid an unnecessarily complex regex.
    • Cleanup code and refactor to be more efficient
    • Correct TS types for working with OpenMetrics
    • Updated Typescript and Readme docs for setToCurrentTime() to reflect units as seconds.
    • Do not ignore error if request to pushgateway fails
    • Make sure to reject the request to pushgateway if it times out

    New Contributors

    Full Changelog: v14.2.0...v15.0.0

  • 15.0.0-1 - 2023-03-13

    What's Changed

    • fix: correct exemplar formating (#556) 4a800f4
    • perf: improve performance of rendering metrics to Prometheus string (#549) a38aa2b
    • fix: Disable content encoding for pushgateway delete requests (#551) 0f872ff

    Full Changelog: v15.0.0-0...v15.0.0-1

  • 15.0.0-0 - 2023-03-09

    What's Changed

    Breaking changes

    • drop support for Node.js versions 10, 12 and 17

    New Contributors

    Full Changelog: v14.2.0...v15.0.0-0

  • 14.2.0 - 2023-03-06

    Changed

    • Refactor getMetricAsPrometheusString method in the Registry class to use Array.prototype.join
      instead of loop of string concatenations.
    • Also use Array.prototype.map, and object spread instead of an explicit for loop
    • changed: updated the sample output in example/default-metrics.js
    • summary metrics now has a pruneAgedBuckets config parameter
      to remove entries without any new values in the last maxAgeSeconds.
      Default is false (old behavior)

    Added

    • Add get method to type definitions of metric classes

    New Contributors

    Full Changelog: v14.1.1...v14.2.0

  • 14.1.1 - 2022-12-31

    What's Changed

    • Fix incompatibility with perf_hooks accross nodejs versions by @ Fadoli in #515

    New Contributors

    Full Changelog: v14.1.0...v14.1.1

  • 14.1.0 - 2022-08-23

    Changed

    • types: converted all the generic Metric types to be optional

    • The done() functions returned by gauge.startTimer() and
      summary.startTimer() now return the timed duration. Histograms already had
      this behavior.

    • types: fixed type for registry.getMetricsAsArray()

    • Improve performance of gague.inc() and gauge.dec() by calling hashObject() once.

    Added

    • The processResources metric was added, which keeps a track of all sorts of
      active resources. It consists of the following gauges:

      • nodejs_active_resources - Number of active resources that are currently
        keeping the event loop alive, grouped by async resource type.
      • nodejs_active_resources_total - Total number of active resources.
        It is supposed to provide the combined result of the processHandles and
        processRequests metrics along with information about any other types of
        async resources that these metrics do not keep a track of (like timers).

    • Support gzipped pushgateway requests

    New Contributors

    Full Changelog: v14.0.1...v14.1.0

  • 14.0.1 - 2021-11-02
  • 14.0.0 - 2021-09-19
  • 13.2.0 - 2021-08-09
from prom-client GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade prom-client from 13.2.0 to 15.1.3
3cafc95 
Snyk has created this PR to upgrade prom-client from 13.2.0 to 15.1.3.

See this package in npm:
prom-client

See this project in Snyk:
https://app.snyk.io/org/okeamah/project/35ea5e7b-1c5b-4976-a210-3b24a864574e?utm_source=github&utm_medium=referral&page=upgrade-pr
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 1, 2024

⚠️ No Changeset found

Latest commit: 3cafc95

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai[bot]
sourcery-ai bot reviewed Aug 1, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

@mergeable Mergeable
Copy link

mergeable bot commented Aug 1, 2024
edited by unfurl-links bot
Loading

❌ Error Occurred while executing an Action

If you believe this is an unexpected error, please report it on our issue tracker: https://github.com/mergeability/mergeable/issues/new

Error Details

HttpError: Invalid request.

Only 65535 characters are allowed; 65863 were supplied.

GitHub
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

@iacbot iacbot
Copy link

iacbot bot commented Aug 1, 2024

🔍 [Audit-Mode] Lacework analyzed your pull request. Here is the summary.

Static Analysis: ⚠️ Found 44 violations in this pull request.
  • Critical : 0
  • High : 4
  • Medium : 17
  • Low : 23
  • Info : 0
Violation Severity File Guidelines
Use read-only filesystem for containers where possible High deployment.yaml VIEW
Use read-only filesystem for containers where possible High redis-slave-statefulset.yaml VIEW
Use read-only filesystem for containers where possible High test-connection.yaml VIEW
Use read-only filesystem for containers where possible High redis-master-statefulset.yaml VIEW
CPU requests should be set Medium test-connection.yaml VIEW
CPU requests should be set Medium redis-slave-statefulset.yaml VIEW
Image Pull Policy should be Always Medium redis-master-statefulset.yaml VIEW
Image Pull Policy should be Always Medium deployment.yaml VIEW
Image Pull Policy should be Always Medium redis-slave-statefulset.yaml VIEW
Memory limits should be set Medium redis-slave-statefulset.yaml VIEW
Memory limits should be set Medium deployment.yaml VIEW
Memory limits should be set Medium test-connection.yaml VIEW
Memory limits should be set Medium redis-master-statefulset.yaml VIEW
Memory requests should be set Medium test-connection.yaml VIEW
Memory requests should be set Medium redis-slave-statefulset.yaml VIEW
Minimize the admission of containers with capabilities assigned Medium deployment.yaml VIEW
Minimize the admission of containers with capabilities assigned Medium test-connection.yaml VIEW
Minimize the admission of containers with capabilities assigned Medium redis-slave-statefulset.yaml VIEW
Minimize the admission of containers with capabilities assigned Medium redis-master-statefulset.yaml VIEW
Prefer using secrets as files over secrets as environment variables Medium redis-slave-statefulset.yaml VIEW
Prefer using secrets as files over secrets as environment variables Medium redis-master-statefulset.yaml VIEW
Ensure that Service Account Tokens are only mounted where necessary Low redis-slave-statefulset.yaml VIEW
Ensure that Service Account Tokens are only mounted where necessary Low test-connection.yaml VIEW
Ensure that Service Account Tokens are only mounted where necessary Low redis-master-statefulset.yaml VIEW
Ensure that Service Account Tokens are only mounted where necessary Low deployment.yaml VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default Low test-connection.yaml VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default Low deployment.yaml VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default Low redis-slave-statefulset.yaml VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default Low redis-master-statefulset.yaml VIEW
Image Tag should be fixed - not latest or blank Low test-connection.yaml VIEW
Liveness Probe Should be Configured Low test-connection.yaml VIEW
Readiness Probe Should be Configured Low test-connection.yaml VIEW
The default namespace should not be used Low headless-svc.yaml VIEW
The default namespace should not be used Low health-configmap.yaml VIEW
The default namespace should not be used Low test-connection.yaml VIEW
The default namespace should not be used Low redis-slave-statefulset.yaml VIEW
The default namespace should not be used Low redis-slave-svc.yaml VIEW
The default namespace should not be used Low service.yaml VIEW
The default namespace should not be used Low secret.yaml VIEW
The default namespace should not be used Low redis-master-statefulset.yaml VIEW
The default namespace should not be used Low serviceaccount.yaml VIEW
The default namespace should not be used Low configmap.yaml VIEW
The default namespace should not be used Low deployment.yaml VIEW
The default namespace should not be used Low redis-master-svc.yaml VIEW

💬 Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai Sourcery AI sourcery-ai left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@OKEAMAH @snyk-bot