RED-175742: Sync with upstream master#1
Merged
petar-valchev-redis merged 253 commits intomasterfrom Mar 12, 2026
Merged
Conversation
Needed-for: prometheus#3032 Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
Signed-off-by: mchtech <michu_an@126.com>
Signed-off-by: mchtech <michu_an@126.com>
Signed-off-by: mchtech <michu_an@126.com>
Signed-off-by: myeunee <myeunee@gmail.com>
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.53.0 to 0.55.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](prometheus/common@v0.53.0...v0.55.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…heus#3072) * Add include and exclude filter for sensors in hwmon collector Fixes prometheus#2242 This commit adds two new flags (`collector.hwmon.sensor-include` and `collector.hwmon.sensor-exclude`) to the `hwmon` collector to allow inclusion or exclusion of specific sensors. Some devices export nonsensical values for certain sensors. Here is an example: ``` node_hwmon_temp_celsius{chip="platform_nct6775_656",sensor="temp13"} 49.75 node_hwmon_temp_celsius{chip="platform_nct6775_656",sensor="temp15"} 3.892313987e+06 node_hwmon_temp_celsius{chip="platform_nct6775_656",sensor="temp16"} 3.892313987e+06 ``` As a user I would like to only exclude these sensors, not necessarily the complete device (as is currently possible with the `--collector.hwmon.chip-exclude` flag) as other sensor values might be sensical or desired. The new option filters based both on device name and sensor name, separated by a semicolon. For example, to exclude the two sensors above, the following regex can be used: ~~~ --collector.hwmon.sensor-exclude="platform_nct6775_656;temp1[5,6]" ~~~ --------- Signed-off-by: Simon Krenger <skrenger@redhat.com>
Automatically add a uid to each dashboard. This prevents changing URLs when restarting a grafana pod and re-importing the dashboards via ConfigMaps. Signed-off-by: Stefan Andres <sandres@anaconda.com>
Signed-off-by: Maarten van den Berg <maarten@channable.com>
…eus#3049) * ref!: convert linux meminfo implementation to use procfs lib Part of prometheus#2957 Prometheus' procfs lib supports collecting memory info and we're using a new enough version of the lib that has it available, so this converts the meminfo collector for Linux to use data from procfs lib instead. The bits I've touched for darwin/openbsd/netbsd are with intent to preserve the original struct implementation/backwards compatibility. Signed-off-by: TJ Hoplock <t.hoplock@gmail.com> * fix: meminfo debug log unsupported value Fixes: ``` ts=2024-06-11T19:04:55.591Z caller=meminfo.go:44 level=debug collector=meminfo msg="Set node_mem" memInfo="unsupported value type" ``` Signed-off-by: TJ Hoplock <t.hoplock@gmail.com> * fix: don't coerce nil Meminfo entries to 0, leave out if nil Nil entries in procfs.Meminfo fields indicate that the value isn't present on the system. Coercing those nil values to `0` introduces new metrics on systems that should not be present and can break some queries. Addresses PR feedback: prometheus#3049 (comment) prometheus#3049 (comment) Signed-off-by: TJ Hoplock <t.hoplock@gmail.com> --------- Signed-off-by: TJ Hoplock <t.hoplock@gmail.com>
* collector/zfs: Prevent `procfs` integer underflow Prevent integer underflow when parsing the `procfs` file as it used a `ParseUint` to parse signed values. Fixes: prometheus#2766 --------- Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
…3073) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0. - [Commits](golang/sys@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In order to reduce cardinality of the interrupts collector add filtering options * Add include/exclude regexp filter flags. * Add boolean flag to include zero values, enabled by default. Signed-off-by: Ben Kochie <superq@gmail.com>
Signed-off-by: Ricardo F <r@rfmoz.eu> Co-authored-by: Ricardo F <r@rfmoz.eu>
* Add node_filesystem_mount_info metric Fixes: prometheus#1384 --------- Signed-off-by: Miguel Oliveira <miguel.oliveira4224@gmail.com>
Update to Go 1.23. * Use Docker for Arm tests. Signed-off-by: Ben Kochie <superq@gmail.com>
Signed-off-by: Tomas Vilemaitis <tomas.vilemaitis@gmail.com>
Switch from promlog/go-kit to promslog/slog for logging. * Update Go build to 1.23. Signed-off-by: Ben Kochie <superq@gmail.com>
This PR adds a `exclude[]` URL parameter to exclude specific enabled collectors. Compared to `collect[]` parameter, the `exclude[]` parameter results in a filtered list which equals enabled collectors minus excluded ones. Signed-off-by: Siavash Safi <git@hosted.run>
Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
…us#3062) node_exporter has reasonable defaults so it is able to start without explicit config. Such a setup is common in /usr/-only images where /etc/ is an empty tmpfs upon boot. Signed-off-by: Nils K <24257556+septatrix@users.noreply.github.com>
Signed-off-by: Tobias Nygren <tnn@NetBSD.org>
Log using the machinery introduced in prometheus#3097. Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
Signed-off-by: Steve Wills <steve@mouf.net>
Signed-off-by: Johannes Ziemke <github@5pi.de>
Signed-off-by: Johannes Ziemke <github@5pi.de>
Signed-off-by: Johannes Ziemke <github@5pi.de>
Signed-off-by: Johannes Ziemke <github@5pi.de>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…theus#3534) Bumps [github.com/mdlayher/wifi](https://github.com/mdlayher/wifi) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/mdlayher/wifi/releases) - [Commits](mdlayher/wifi@v0.7.1...v0.7.2) --- updated-dependencies: - dependency-name: github.com/mdlayher/wifi dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…etheus#3531) Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.2.0 to 5.2.2. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](godbus/dbus@v5.2.0...v5.2.2) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-version: 5.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump BSD Go versions and `vmactions/netbsd-vm`. Signed-off-by: Ben Kochie <superq@gmail.com>
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Anvesh J <ajaggapa@redhat.com>
…heus#3358) When mounting nfs with nconnect, mountstats will show multiple transports. Currently the mountstats exporter fails to create metrics from this information due to repeated entries. Fix this by adding transport metrics a "transport" label enumerating their order in the mountstats output. Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
…theus#3547) Signed-off-by: Ingmar Stein <490610+IngmarStein@users.noreply.github.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
* Update common Prometheus files Signed-off-by: prombot <prometheus-team@googlegroups.com> * Fix lint issue > S1009: should omit nil check; len() for nil slices is defined as zero Signed-off-by: Ben Kochie <superq@gmail.com> --------- Signed-off-by: prombot <prometheus-team@googlegroups.com> Signed-off-by: Ben Kochie <superq@gmail.com> Co-authored-by: Ben Kochie <superq@gmail.com>
…2.0 (prometheus#3557) Bumps [github.com/jsimonetti/rtnetlink/v2](https://github.com/jsimonetti/rtnetlink) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/jsimonetti/rtnetlink/releases) - [Commits](jsimonetti/rtnetlink@v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/jsimonetti/rtnetlink/v2 dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update Go to 1.26.x. * Update minimum Go version to 1.25.0. * Use Go direct download for OpenBSD. Signed-off-by: Ben Kochie <superq@gmail.com>
…ometheus#3559) Bumps [github.com/mdlayher/ethtool](https://github.com/mdlayher/ethtool) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/mdlayher/ethtool/releases) - [Commits](mdlayher/ethtool@v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/mdlayher/ethtool dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rometheus#3558) Bumps [github.com/prometheus/procfs](https://github.com/prometheus/procfs) from 0.19.2 to 0.20.0. - [Release notes](https://github.com/prometheus/procfs/releases) - [Commits](prometheus/procfs@v0.19.2...v0.20.0) --- updated-dependencies: - dependency-name: github.com/prometheus/procfs dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: prombot <prometheus-team@googlegroups.com>
* rules: introduce instance:node_network_receive_bytes_physical:rate recording rule This rule uses a user configurable selector with a sane default. That allows users to customize what network devices they want to aggregate. Fixes: prometheus#3524 Signed-off-by: Jan Fajerski <jfajersk@redhat.com> * use dashboard: don't show virtual network links in network graphs Signed-off-by: Jan Fajerski <jfajersk@redhat.com> --------- Signed-off-by: Jan Fajerski <jfajersk@redhat.com>
…3560) Bumps [github.com/prometheus/exporter-toolkit](https://github.com/prometheus/exporter-toolkit) from 0.15.0 to 0.15.1. - [Release notes](https://github.com/prometheus/exporter-toolkit/releases) - [Commits](prometheus/exporter-toolkit@v0.15.0...v0.15.1) --- updated-dependencies: - dependency-name: github.com/prometheus/exporter-toolkit dependency-version: 0.15.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add nvme namespace metrics. --------- Signed-off-by: Shashwat Hiregoudar <shashwathiregoudar@gmail.com> Signed-off-by: Shashwat Hiregoudar <shashwat.h@flipkart.com> Co-authored-by: Shashwat Hiregoudar <shashwat.h@flipkart.com>
…ometheus#3563) Bumps [github.com/mdlayher/netlink](https://github.com/mdlayher/netlink) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/mdlayher/netlink/releases) - [Changelog](https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md) - [Commits](mdlayher/netlink@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: github.com/mdlayher/netlink dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s#3569) Bumps [vmactions/solaris-vm](https://github.com/vmactions/solaris-vm) from 1.2.7 to 1.3.1. - [Release notes](https://github.com/vmactions/solaris-vm/releases) - [Commits](vmactions/solaris-vm@37d40b6...69d382b) --- updated-dependencies: - dependency-name: vmactions/solaris-vm dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Use official Go binary download for FreeBSD and Darwin. This allows us to use the same Go version across all UNIX pipelines. * Add architecture handling. Signed-off-by: Ben Kochie <superq@gmail.com>
…etheus#3565) Bumps [vmactions/dragonflybsd-vm](https://github.com/vmactions/dragonflybsd-vm) from 1.2.2 to 1.2.6. - [Release notes](https://github.com/vmactions/dragonflybsd-vm/releases) - [Commits](vmactions/dragonflybsd-vm@00c5014...0460132) --- updated-dependencies: - dependency-name: vmactions/dragonflybsd-vm dependency-version: 1.2.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#3566) Bumps [vmactions/netbsd-vm](https://github.com/vmactions/netbsd-vm) from 1.3.5 to 1.3.6. - [Release notes](https://github.com/vmactions/netbsd-vm/releases) - [Commits](vmactions/netbsd-vm@88a20b1...e04aec0) --- updated-dependencies: - dependency-name: vmactions/netbsd-vm dependency-version: 1.3.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s#3567) Bumps [vmactions/freebsd-vm](https://github.com/vmactions/freebsd-vm) from 1.3.8 to 1.4.2. - [Release notes](https://github.com/vmactions/freebsd-vm/releases) - [Commits](vmactions/freebsd-vm@ba6bede...c9f815b) --- updated-dependencies: - dependency-name: vmactions/freebsd-vm dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
🛡️ Jit Security Scan Results
🚨 Summary• Critical vulnerability in golang.org/x/crypto may lead to authorization bypass 🔍 FindingsCRITICAL - 1 finding
1. Critical Authorization Bypass in golang.org/x/crypto
Remediation: - golang.org/x/crypto v0.23.0
+ golang.org/x/crypto v0.31.0HIGH - 1 finding
1. Denial of Service Vulnerability in golang.org/x/crypto
Remediation: - golang.org/x/crypto v0.23.0
+ golang.org/x/crypto v0.35.0
|
petar-valchev-redis
force-pushed
the
RED-175742-sync-with-upstream-master
branch
from
9dc5ec1 to
d81f923
Compare
svalchev-redis
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There is a fix for this vulnerability in prometheus/node_exporter repo. However, it's merged only in master and there is no new version since October, 2025 (check versions).
This is why we will do the following:
RedisLabs/node_exportermaster branch withprometheus/node_exportermaster branch.NOTE: We have previously fixed some security vulnerabilities in our fork. However, we should prefer the versions of
go.sumandgo.modinprometheus/node_exportermaster branch as the version inRedisLabs/node_exportermaster branch was not used for a long time now and it's outdated.node_exporter-rl-1.10.2-patched) from master inRedisLabs/node_exporter.This PR addresses only step 1 from the plan above.
There are 2 security vulnerabilities found by
jit-ci, related togolang.org/x/cryptoversion. They already exist inprometheus/node_exporter(we are not introducing any new vulnerabilities) and will be addressed in this ticket.