Skip to content

Update module github.com/prometheus/common to v0.69.0#971

Open
red-hat-konflux[bot] wants to merge 1 commit into
release/2.y.zfrom
konflux/mintmaker/release/2.y.z/github.com-prometheus-common-0.x
Open

Update module github.com/prometheus/common to v0.69.0#971
red-hat-konflux[bot] wants to merge 1 commit into
release/2.y.zfrom
konflux/mintmaker/release/2.y.z/github.com-prometheus-common-0.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/prometheus/common v0.67.5v0.69.0 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

prometheus/common (github.com/prometheus/common)

v0.69.0

Compare Source

Security / behavior changes
  • config: credentials are no longer forwarded across cross-host redirects. When FollowRedirects is enabled, the HTTP client now strips Authorization, Cookie, Proxy-Authorization and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's net/http behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. #​901 #​920 #​921
  • config: LoadHTTPConfigFile now resolves relative file paths (e.g. *_file credentials, http_headers files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. #​925
Bugfixes
  • expfmt: fix nil pointer panic when parsing empty braces {}. #​922
  • model: fix Time.UnmarshalJSON for larger negative numbers. #​918
Performance
  • model: reduce allocations in Time.UnmarshalJSON. #​918
Internal
  • Synchronize common files from prometheus/prometheus. #​917
  • Modernize Go. #​919

Full Changelog: prometheus/common@v0.68.1...v0.69.0

v0.68.1

Compare Source

Security / behavior changes
  • config: credentials are no longer forwarded across cross-host redirects. When FollowRedirects is enabled, the HTTP client now strips Authorization, Cookie, Proxy-Authorization and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's net/http behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. #​901 #​920 #​921
  • config: LoadHTTPConfigFile now resolves relative file paths (e.g. *_file credentials, http_headers files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. #​925
Bugfixes
  • expfmt: fix nil pointer panic when parsing empty braces {}. #​922
  • model: fix Time.UnmarshalJSON for larger negative numbers. #​918
Performance
  • model: reduce allocations in Time.UnmarshalJSON. #​918
Internal
  • Synchronize common files from prometheus/prometheus. #​917
  • Modernize Go. #​919

Full Changelog: prometheus/common@v0.68.1...v0.69.0

v0.68.0

Compare Source

What's Changed
New Contributors

Full Changelog: prometheus/common@v0.67.5...v0.68.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@sourcery-ai

sourcery-ai Bot commented Jul 4, 2026

Copy link
Copy Markdown
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates the indirect dependency github.com/prometheus/common from v0.67.5 to v0.69.0 in go.mod/go.sum, pulling in upstream security/behavior changes around HTTP config and several bug fixes and performance improvements from the Prometheus common library.

Sequence diagram for HTTP client behavior change with FollowRedirects in prometheus_common v0_69_0

sequenceDiagram
    actor Service
    participant HTTPClient
    participant HostA
    participant HostB

    Service->>HTTPClient: Do(request_with_credentials)
    HTTPClient->>HostA: RoundTrip(request_with_credentials)
    HostA-->>HTTPClient: 302 Redirect (Location: HostB)

    alt same_host_redirect
        HTTPClient->>HostA: RoundTrip(follow_redirect_with_credentials)
    else cross_host_redirect
        Note over HTTPClient: [v0.69.0: credentials are stripped on cross-host redirects]
        HTTPClient->>HostB: RoundTrip(follow_redirect_without_credentials)
    end
Loading

File-Level Changes

Change Details Files
Update github.com/prometheus/common dependency to v0.69.0.
  • Bump github.com/prometheus/common version constraint from v0.67.5 to v0.69.0 in the module definition.
  • Regenerate go.sum entries to match the new github.com/prometheus/common version and its transitive dependencies.
go.mod
go.sum

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@red-hat-konflux red-hat-konflux Bot changed the title Update module github.com/prometheus/common to v0.69.0 chore(deps): update module github.com/prometheus/common to v0.69.0 Jul 4, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/prometheus/common to v0.69.0 Update module github.com/prometheus/common to v0.69.0 Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants