Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1

[dependabot[bot]]

Bumps github.com/prometheus/client_golang from 1.11.0 to 1.11.1.

Release notes

Sourced from github.com/prometheus/client_golang's releases.

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed CVE-2022-21698)

What's Changed

• promhttp: Check validity of method and code label values by @​bwplotka and @​kakkoyun in prometheus/client_golang#987

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.15.0 / 2023-04-13

What's Changed

• [BUGFIX] Fixed promhttp.Instrument* handlers wrongly trying to attach exemplar to unsupported metrics (e.g. summary),
  causing panics #1253

What's Changed

• [BUGFIX] Fix issue with atomic variables on ppc64le #1171
• [BUGFIX] Support for multiple samples within same metric #1181
• [BUGFIX] Bump golang.org/x/text to v0.3.8 to mitigate CVE-2022-32149 #1187
• [ENHANCEMENT] Add exemplars and middleware examples #1173
• [ENHANCEMENT] Add more context to "duplicate label names" error to enable debugging #1177
• [ENHANCEMENT] Add constrained labels and constrained variant for all MetricVecs #1151
• [ENHANCEMENT] Moved away from deprecated github.com/golang/protobuf package #1183
• [ENHANCEMENT] Add possibility to dynamically get label values for http instrumentation #1066
• [ENHANCEMENT] Add ability to Pusher to add custom headers #1218
• [ENHANCEMENT] api: Extend and improve efficiency of json-iterator usage #1225
• [ENHANCEMENT] Added (official) support for go 1.20 #1234
• [ENHANCEMENT] timer: Added support for exemplars #1233
• [ENHANCEMENT] Filter expected metrics as well in CollectAndCompare #1143
• [ENHANCEMENT] :warning: Only set start/end if time is not Zero. This breaks compatibility in experimental api package. If you strictly depend on empty time.Time as actual value, the behavior is now changed #1238

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
• [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Added prometheus.TransactionalGatherer interface for promhttp.Handler use which allows using low allocation update techniques for custom collectors. #989
• [ENHANCEMENT] Added exemplar support to prometheus.NewConstHistogram. See ExampleNewConstHistogram_WithExemplar example on how to use it. #986
• [ENHANCEMENT] prometheus/push.Pusher has now context aware methods that pass context to HTTP request. #1028
• [ENHANCEMENT] prometheus/push.Pusher has now Error method that retrieve last error. #1075
• [ENHANCEMENT] testutil.GatherAndCompare provides now readable diff on failed comparisons. #998
• [ENHANCEMENT] Query API now supports timeouts. #1014
• [ENHANCEMENT] New MetricVec method DeletePartialMatch(labels Labels) for deleting all metrics that match provided labels. #1013
• [ENHANCEMENT] api.Config now accepts passing custom *http.Client. #1025
• [BUGFIX] Raise exemplar labels limit from 64 to 128 bytes as specified in OpenMetrics spec. #1091
• [BUGFIX] Allow adding exemplar to +Inf bucket to const histograms. #1094

... (truncated)

Commits

• 989baa3 promhttp: Check validity of method and code label values (#962) (#987)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot[bot]]

Dependabot tried to add @nginxinc/kic as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/nginxinc/nginx-ingress-operator/pulls/285/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the nginxinc/nginx-ingress-operator repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request