This update for golang-github-prometheus-prometheus fixes the following issues:
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6:
- CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
- CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
- CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298)
- Other non-security bugs fixed and changes in this version update to 2.37.6:
- [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
- [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
- [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
- [BUGFIX] Properly close file descriptor when logging unfinished queries.
- [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
- [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
- [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
- [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
- [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
- [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
- [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
- [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
- [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration
values.
- [BUGFIX] Fix serving of static assets like fonts and favicon.
- [BUGFIX] promtool: Add --lint-fatal option.
- [BUGFIX] Changing TotalQueryableSamples from int to int64.
- [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
- [BUGFIX] TSDB: Fix chunk...