Bump github.com/prometheus/prometheus from 3bd41cc92c7800cc6072171bd4237406126fa169 to 2.7.1

[dependabot-preview]

Bumps github.com/prometheus/prometheus from 3bd41cc92c7800cc6072171bd4237406126fa169 to 2.7.1. This release includes the previously tagged commit.

Release notes

Sourced from github.com/prometheus/prometheus's releases.

2.7.1 / 2019-01-31

This release has a fix for a Stored DOM XSS vulnerability that can be triggered when using the query history functionality. Thanks to Dor Tumarkin from Checkmarx for reporting it.

• [BUGFIX/SECURITY] Fix a Stored DOM XSS vulnerability with query history. #5163
• [BUGFIX] prometheus_rule_group_last_duration_seconds now reports seconds instead of nanoseconds. #5153
• [BUGFIX] Make sure the targets are consistently sorted in the targets page. #5161

Changelog

Sourced from github.com/prometheus/prometheus's changelog.

2.7.1 / 2019-01-31

This release has a fix for a Stored DOM XSS vulnerability that can be triggered when using the query history functionality. Thanks to Dor Tumarkin from Checkmarx for reporting it.

• [BUGFIX/SECURITY] Fix a Stored DOM XSS vulnerability with query history. #5163
• [BUGFIX] prometheus_rule_group_last_duration_seconds now reports seconds instead of nanoseconds. #5153
• [BUGFIX] Make sure the targets are consistently sorted in the targets page. #5161

2.7.0 / 2019-01-28

We're rolling back the Dockerfile changes introduced in 2.6.0. If you made changes to your docker deployment in 2.6.0, you will need to roll them back. This release also adds experimental support for disk size based retention. To accomodate that we are deprecating the flag storage.tsdb.retention in favour of storage.tsdb.retention.time. We print a warning if the flag is in use, but it will function without breaking until Prometheus 3.0.

• [CHANGE] Rollback Dockerfile to version at 2.5.0. Rollback of the breaking change introduced in 2.6.0. #5122
• [FEATURE] Add subqueries to PromQL. #4831
• [FEATURE] [EXPERIMENTAL] Add support for disk size based retention. Note that we don't consider the WAL size which could be significant and the time based retention policy also applies. #5109 Added storage size based retention method and new metrics prometheus-junkyard/tsdb#343
• [FEATURE] Add CORS origin flag. #5011
• [ENHANCEMENT] Consul SD: Add tagged address to the discovery metadata. #5001
• [ENHANCEMENT] Kubernetes SD: Add service external IP and external name to the discovery metadata. #4940
• [ENHANCEMENT] Azure SD: Add support for Managed Identity authentication. #4590
• [ENHANCEMENT] Azure SD: Add tenant and subscription IDs to the discovery metadata. #4969
• [ENHANCEMENT] OpenStack SD: Add support for application credentials based authentication. #4968
• [ENHANCEMENT] Add metric for number of rule groups loaded. #5090
• [BUGFIX] Avoid duplicate tests for alert unit tests. #4964
• [BUGFIX] Don't depend on given order when comparing samples in alert unit testing. #5049
• [BUGFIX] Make sure the retention period doesn't overflow. #5112
• [BUGFIX] Make sure the blocks don't get very large. #5112
• [BUGFIX] Don't generate blocks with no samples. Don't write empty blocks prometheus-junkyard/tsdb#374
• [BUGFIX] Reintroduce metric for WAL corruptions. re-add the missing prometheus_tsdb_wal_corruptions_total prometheus-junkyard/tsdb#473

2.6.1 / 2019-01-15

• [BUGFIX] Azure SD: Fix discovery getting stuck sometimes. #5088
• [BUGFIX] Marathon SD: Use Tasks.Ports when RequirePorts is false. #5026
• [BUGFIX] Promtool: Fix "out-of-order sample" errors when testing rules. #5069

2.6.0 / 2018-12-17

• [CHANGE] Remove default flags from the container's entrypoint, run Prometheus from /etc/prometheus and symlink the storage directory to /etc/prometheus/data. #4976
• [CHANGE] Promtool: Remove the update command. #3839
• [FEATURE] Add JSON log format via the --log.format flag. #4876
• [FEATURE] API: Add /api/v1/labels endpoint to get all label names. #4835
• [FEATURE] Web: Allow setting the page's title via the --web.ui-title flag. #4841
• [ENHANCEMENT] Add prometheus_tsdb_lowest_timestamp_seconds, prometheus_tsdb_head_min_time_seconds and prometheus_tsdb_head_max_time_seconds metrics. #4888
• [ENHANCEMENT] Add rule_group_last_evaluation_timestamp_seconds metric. #4852
• [ENHANCEMENT] Add prometheus_template_text_expansion_failures_total and prometheus_template_text_expansions_total metrics. #4747
• [ENHANCEMENT] Set consistent User-Agent header in outgoing requests. #4891
• [ENHANCEMENT] Azure SD: Error out at load time when authentication parameters are missing. #4907
• [ENHANCEMENT] EC2 SD: Add the machine's private DNS name to the discovery metadata. #4693
• [ENHANCEMENT] EC2 SD: Add the operating system's platform to the discovery metadata. #4663
• [ENHANCEMENT] Kubernetes SD: Add the pod's phase to the discovery metadata. #4824

... (truncated)

Commits

• 62e591f *: cut 2.7.1 (#5164)
• b03d6f6 Remove custom highlight code, it's not needed. (#5163)
• 10ae00a Fix bug from #4898 (#5161)
• 787eb1e Set rule_group_last_duration_seconds to seconds (#5153)
• 410ee9e *: cut 2.7.0 (#5141)
• 7f7b211 *: cut 2.7.0-rc.2 (#5134)
• b454ed3 *: cut 2.7.0-rc.1 (#5123)
• 4e83f91 Rollback Dockerfile to version @ 2.5.x (#5122)
• 9c4e258 corrected regex string check for anyorigin(*) (#5117)
• 24f19f0 *: cut 2.7.0-rc.0 (#5114)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.