Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package golang-github-prometheus-prometheus
for openSUSE:Factory checked in at 2026-05-04 12:49:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus (Old)
and
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.30200 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "golang-github-prometheus-prometheus"
Mon May 4 12:49:18 2026 rev:71 rq:1350610 version:3.11.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/golang-github-prometheus-prometheus.changes
2026-04-23 17:03:23.473728214 +0200
+++
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.30200/golang-github-prometheus-prometheus.changes
2026-05-04 12:50:31.650094303 +0200
@@ -1,0 +2,19 @@
+Thu Apr 30 11:04:41 UTC 2026 - Johannes Kastl
<[email protected]>
+
+- update to 3.11.3:
+ This release fixes mutiple security issues.
+ * [SECURITY] AzureAD remote write: Fix OAuth client_secret being
+ exposed in plaintext via /-/config endpoint. GHSA-wg65-39gg-5wfj /
+ CVE-2026-42151 #18590
+ * [SECURITY] Remote-read: Reject snappy-compressed requests whose
+ declared decoded length exceeds the decode
+ limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154 #18584
+ * [SECURITY] UI: Fix stored XSS via unescaped le label values in old
+ UI heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588
+
+-------------------------------------------------------------------
+Tue Apr 28 13:09:42 UTC 2026 - Witek Bedyk <[email protected]>
+
+- Use systemd tmpfiles.d to create /var/lib/prometheus hierarchy
+
+-------------------------------------------------------------------
Old:
----
prometheus-3.11.2.obscpio
New:
----
prometheus-3.11.3.obscpio
prometheus.tmpfiles
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ golang-github-prometheus-prometheus.spec ++++++
--- /var/tmp/diff_new_pack.byDVVr/_old 2026-05-04 12:50:39.026398013 +0200
+++ /var/tmp/diff_new_pack.byDVVr/_new 2026-05-04 12:50:39.030398178 +0200
@@ -27,7 +27,7 @@
%endif
Name: golang-github-prometheus-prometheus
-Version: 3.11.2
+Version: 3.11.3
Release: 0
Summary: The Prometheus monitoring system and time series database
License: Apache-2.0
@@ -39,6 +39,7 @@
Source4: prometheus.yml
Source5: prometheus.sysconfig
Source6: prometheus.firewall.xml
+Source7: prometheus.tmpfiles
#
Source10: package-lock.json
Source11: node_modules.spec.inc
@@ -131,9 +132,7 @@
install -m 0644 %{SOURCE6}
%{buildroot}%{_prefix}/lib/firewalld/services/prometheus.xml
%endif
-install -Dd -m 0750 %{buildroot}%{_localstatedir}/lib/prometheus
-install -Dd -m 0750 %{buildroot}%{_localstatedir}/lib/prometheus/data
-install -Dd -m 0750 %{buildroot}%{_localstatedir}/lib/prometheus/metrics
+install -D -m 0644 %{SOURCE7}
%{buildroot}%{_prefix}/lib/tmpfiles.d/prometheus.conf
install -D -m0644 %{_builddir}/prometheus-%{version}/npm_licenses.tar.bz2
%{buildroot}/%{_defaultlicensedir}/%{name}/npm_licenses.tar.bz2
@@ -168,9 +167,7 @@
%{_unitdir}/prometheus.service
%{_sbindir}/rcprometheus
%{_fillupdir}/sysconfig.prometheus
-%dir %attr(0700,prometheus,prometheus) %{_sharedstatedir}/prometheus
-%dir %attr(0700,prometheus,prometheus) %{_sharedstatedir}/prometheus/data
-%dir %attr(0700,prometheus,prometheus) %{_sharedstatedir}/prometheus/metrics
+%{_prefix}/lib/tmpfiles.d/prometheus.conf
%dir %{_sysconfdir}/prometheus
%config(noreplace) %{_sysconfdir}/prometheus/prometheus.yml
++++++ _service ++++++
--- /var/tmp/diff_new_pack.byDVVr/_old 2026-05-04 12:50:39.182404436 +0200
+++ /var/tmp/diff_new_pack.byDVVr/_new 2026-05-04 12:50:39.186404601 +0200
@@ -6,7 +6,7 @@
<param name="exclude">go.work</param>
<param name="exclude">go.work.sum</param>
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">v3.11.2</param>
+ <param name="revision">v3.11.3</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="match-tag">v3*</param>
</service>
++++++ node_modules.obscpio ++++++
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/node_modules.obscpio
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.30200/node_modules.obscpio
differ: char 2341923, line 8986
++++++ node_modules.spec.inc ++++++
--- /var/tmp/diff_new_pack.byDVVr/_old 2026-05-04 12:50:39.250407236 +0200
+++ /var/tmp/diff_new_pack.byDVVr/_new 2026-05-04 12:50:39.266407895 +0200
@@ -42,10 +42,10 @@
Source10041:
https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.3.tgz#/@codemirror-commands-6.10.3.tgz
Source10042:
https://registry.npmjs.org/@codemirror/language/-/language-6.12.3.tgz#/@codemirror-language-6.12.3.tgz
Source10043:
https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.5.tgz#/@codemirror-lint-6.9.5.tgz
-Source10044:
https://registry.npmjs.org/@codemirror/search/-/search-6.6.0.tgz#/@codemirror-search-6.6.0.tgz
+Source10044:
https://registry.npmjs.org/@codemirror/search/-/search-6.7.0.tgz#/@codemirror-search-6.7.0.tgz
Source10045:
https://registry.npmjs.org/@codemirror/state/-/state-6.6.0.tgz#/@codemirror-state-6.6.0.tgz
Source10046:
https://registry.npmjs.org/@codemirror/theme-one-dark/-/theme-one-dark-6.1.3.tgz#/@codemirror-theme-one-dark-6.1.3.tgz
-Source10047:
https://registry.npmjs.org/@codemirror/view/-/view-6.41.0.tgz#/@codemirror-view-6.41.0.tgz
+Source10047:
https://registry.npmjs.org/@codemirror/view/-/view-6.41.1.tgz#/@codemirror-view-6.41.1.tgz
Source10048:
https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.1.0.tgz#/@csstools-color-helpers-5.1.0.tgz
Source10049:
https://registry.npmjs.org/@csstools/css-calc/-/css-calc-2.1.4.tgz#/@csstools-css-calc-2.1.4.tgz
Source10050:
https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-3.1.0.tgz#/@csstools-css-color-parser-3.1.0.tgz
@@ -132,7 +132,7 @@
Source10131:
https://registry.npmjs.org/@lezer/common/-/common-1.5.2.tgz#/@lezer-common-1.5.2.tgz
Source10132:
https://registry.npmjs.org/@lezer/generator/-/generator-1.8.0.tgz#/@lezer-generator-1.8.0.tgz
Source10133:
https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.3.tgz#/@lezer-highlight-1.2.3.tgz
-Source10134:
https://registry.npmjs.org/@lezer/lr/-/lr-1.4.9.tgz#/@lezer-lr-1.4.9.tgz
+Source10134:
https://registry.npmjs.org/@lezer/lr/-/lr-1.4.10.tgz#/@lezer-lr-1.4.10.tgz
Source10135:
https://registry.npmjs.org/@mantine/code-highlight/-/code-highlight-8.3.18.tgz#/@mantine-code-highlight-8.3.18.tgz
Source10136:
https://registry.npmjs.org/@mantine/core/-/core-8.3.18.tgz#/@mantine-core-8.3.18.tgz
Source10137:
https://registry.npmjs.org/@mantine/dates/-/dates-8.3.18.tgz#/@mantine-dates-8.3.18.tgz
@@ -141,7 +141,7 @@
Source10140:
https://registry.npmjs.org/@mantine/store/-/store-8.3.18.tgz#/@mantine-store-8.3.18.tgz
Source10141:
https://registry.npmjs.org/@marijn/find-cluster-break/-/find-cluster-break-1.0.2.tgz#/@marijn-find-cluster-break-1.0.2.tgz
Source10142:
https://registry.npmjs.org/@microsoft/fetch-event-source/-/fetch-event-source-2.0.1.tgz#/@microsoft-fetch-event-source-2.0.1.tgz
-Source10143:
https://registry.npmjs.org/@mswjs/interceptors/-/interceptors-0.41.3.tgz#/@mswjs-interceptors-0.41.3.tgz
+Source10143:
https://registry.npmjs.org/@mswjs/interceptors/-/interceptors-0.41.7.tgz#/@mswjs-interceptors-0.41.7.tgz
Source10144:
https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.12.tgz#/@napi-rs-wasm-runtime-0.2.12.tgz
Source10145:
https://registry.npmjs.org/@nexucis/fuzzy/-/fuzzy-0.5.1.tgz#/@nexucis-fuzzy-0.5.1.tgz
Source10146:
https://registry.npmjs.org/@nexucis/kvsearch/-/kvsearch-0.9.1.tgz#/@nexucis-kvsearch-0.9.1.tgz
@@ -154,31 +154,31 @@
Source10153:
https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.27.tgz#/@rolldown-pluginutils-1.0.0-beta.27.tgz
Source10154:
https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-16.0.3.tgz#/@rollup-plugin-node-resolve-16.0.3.tgz
Source10155:
https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.3.0.tgz#/@rollup-pluginutils-5.3.0.tgz
-Source10156:
https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.1.tgz#/@rollup-rollup-android-arm-eabi-4.60.1.tgz
-Source10157:
https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.1.tgz#/@rollup-rollup-android-arm64-4.60.1.tgz
-Source10158:
https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.1.tgz#/@rollup-rollup-darwin-arm64-4.60.1.tgz
-Source10159:
https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.1.tgz#/@rollup-rollup-darwin-x64-4.60.1.tgz
-Source10160:
https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.1.tgz#/@rollup-rollup-freebsd-arm64-4.60.1.tgz
-Source10161:
https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.1.tgz#/@rollup-rollup-freebsd-x64-4.60.1.tgz
-Source10162:
https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.1.tgz#/@rollup-rollup-linux-arm-gnueabihf-4.60.1.tgz
-Source10163:
https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.1.tgz#/@rollup-rollup-linux-arm-musleabihf-4.60.1.tgz
-Source10164:
https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.1.tgz#/@rollup-rollup-linux-arm64-gnu-4.60.1.tgz
-Source10165:
https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.1.tgz#/@rollup-rollup-linux-arm64-musl-4.60.1.tgz
-Source10166:
https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.1.tgz#/@rollup-rollup-linux-loong64-gnu-4.60.1.tgz
-Source10167:
https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.1.tgz#/@rollup-rollup-linux-loong64-musl-4.60.1.tgz
-Source10168:
https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.1.tgz#/@rollup-rollup-linux-ppc64-gnu-4.60.1.tgz
-Source10169:
https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.1.tgz#/@rollup-rollup-linux-ppc64-musl-4.60.1.tgz
-Source10170:
https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz#/@rollup-rollup-linux-riscv64-gnu-4.60.1.tgz
-Source10171:
https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz#/@rollup-rollup-linux-riscv64-musl-4.60.1.tgz
-Source10172:
https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz#/@rollup-rollup-linux-s390x-gnu-4.60.1.tgz
-Source10173:
https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz#/@rollup-rollup-linux-x64-gnu-4.60.1.tgz
-Source10174:
https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz#/@rollup-rollup-linux-x64-musl-4.60.1.tgz
-Source10175:
https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz#/@rollup-rollup-openbsd-x64-4.60.1.tgz
-Source10176:
https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz#/@rollup-rollup-openharmony-arm64-4.60.1.tgz
-Source10177:
https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz#/@rollup-rollup-win32-arm64-msvc-4.60.1.tgz
-Source10178:
https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz#/@rollup-rollup-win32-ia32-msvc-4.60.1.tgz
-Source10179:
https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz#/@rollup-rollup-win32-x64-gnu-4.60.1.tgz
-Source10180:
https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz#/@rollup-rollup-win32-x64-msvc-4.60.1.tgz
+Source10156:
https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.2.tgz#/@rollup-rollup-android-arm-eabi-4.60.2.tgz
+Source10157:
https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.2.tgz#/@rollup-rollup-android-arm64-4.60.2.tgz
+Source10158:
https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.2.tgz#/@rollup-rollup-darwin-arm64-4.60.2.tgz
+Source10159:
https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.2.tgz#/@rollup-rollup-darwin-x64-4.60.2.tgz
+Source10160:
https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.2.tgz#/@rollup-rollup-freebsd-arm64-4.60.2.tgz
+Source10161:
https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.2.tgz#/@rollup-rollup-freebsd-x64-4.60.2.tgz
+Source10162:
https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.2.tgz#/@rollup-rollup-linux-arm-gnueabihf-4.60.2.tgz
+Source10163:
https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.2.tgz#/@rollup-rollup-linux-arm-musleabihf-4.60.2.tgz
+Source10164:
https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.2.tgz#/@rollup-rollup-linux-arm64-gnu-4.60.2.tgz
+Source10165:
https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.2.tgz#/@rollup-rollup-linux-arm64-musl-4.60.2.tgz
+Source10166:
https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.2.tgz#/@rollup-rollup-linux-loong64-gnu-4.60.2.tgz
+Source10167:
https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.2.tgz#/@rollup-rollup-linux-loong64-musl-4.60.2.tgz
+Source10168:
https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.2.tgz#/@rollup-rollup-linux-ppc64-gnu-4.60.2.tgz
+Source10169:
https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.2.tgz#/@rollup-rollup-linux-ppc64-musl-4.60.2.tgz
+Source10170:
https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.2.tgz#/@rollup-rollup-linux-riscv64-gnu-4.60.2.tgz
+Source10171:
https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.2.tgz#/@rollup-rollup-linux-riscv64-musl-4.60.2.tgz
+Source10172:
https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.2.tgz#/@rollup-rollup-linux-s390x-gnu-4.60.2.tgz
+Source10173:
https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.2.tgz#/@rollup-rollup-linux-x64-gnu-4.60.2.tgz
+Source10174:
https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.2.tgz#/@rollup-rollup-linux-x64-musl-4.60.2.tgz
+Source10175:
https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.2.tgz#/@rollup-rollup-openbsd-x64-4.60.2.tgz
+Source10176:
https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.2.tgz#/@rollup-rollup-openharmony-arm64-4.60.2.tgz
+Source10177:
https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.2.tgz#/@rollup-rollup-win32-arm64-msvc-4.60.2.tgz
+Source10178:
https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.2.tgz#/@rollup-rollup-win32-ia32-msvc-4.60.2.tgz
+Source10179:
https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.2.tgz#/@rollup-rollup-win32-x64-gnu-4.60.2.tgz
+Source10180:
https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.2.tgz#/@rollup-rollup-win32-x64-msvc-4.60.2.tgz
Source10181:
https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.10.tgz#/@sinclair-typebox-0.27.10.tgz
Source10182:
https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.49.tgz#/@sinclair-typebox-0.34.49.tgz
Source10183:
https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz#/@sinonjs-commons-3.0.1.tgz
@@ -187,8 +187,8 @@
Source10186:
https://registry.npmjs.org/@standard-schema/utils/-/utils-0.3.0.tgz#/@standard-schema-utils-0.3.0.tgz
Source10187:
https://registry.npmjs.org/@tabler/icons/-/icons-3.41.1.tgz#/@tabler-icons-3.41.1.tgz
Source10188:
https://registry.npmjs.org/@tabler/icons-react/-/icons-react-3.41.1.tgz#/@tabler-icons-react-3.41.1.tgz
-Source10189:
https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.99.0.tgz#/@tanstack-query-core-5.99.0.tgz
-Source10190:
https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.99.0.tgz#/@tanstack-react-query-5.99.0.tgz
+Source10189:
https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.100.6.tgz#/@tanstack-query-core-5.100.6.tgz
+Source10190:
https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.100.6.tgz#/@tanstack-react-query-5.100.6.tgz
Source10191:
https://registry.npmjs.org/@testing-library/dom/-/dom-10.4.1.tgz#/@testing-library-dom-10.4.1.tgz
Source10192:
https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-6.9.1.tgz#/@testing-library-jest-dom-6.9.1.tgz
Source10193:
https://registry.npmjs.org/@testing-library/react/-/react-16.3.2.tgz#/@testing-library-react-16.3.2.tgz
@@ -216,16 +216,16 @@
Source10215:
https://registry.npmjs.org/@types/use-sync-external-store/-/use-sync-external-store-0.0.6.tgz#/@types-use-sync-external-store-0.0.6.tgz
Source10216:
https://registry.npmjs.org/@types/yargs/-/yargs-17.0.35.tgz#/@types-yargs-17.0.35.tgz
Source10217:
https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz#/@types-yargs-parser-21.0.3.tgz
-Source10218:
https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.2.tgz#/@typescript-eslint-eslint-plugin-8.58.2.tgz
-Source10219:
https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.2.tgz#/@typescript-eslint-parser-8.58.2.tgz
-Source10220:
https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.2.tgz#/@typescript-eslint-project-service-8.58.2.tgz
-Source10221:
https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.2.tgz#/@typescript-eslint-scope-manager-8.58.2.tgz
-Source10222:
https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.2.tgz#/@typescript-eslint-tsconfig-utils-8.58.2.tgz
-Source10223:
https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.2.tgz#/@typescript-eslint-type-utils-8.58.2.tgz
-Source10224:
https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.2.tgz#/@typescript-eslint-types-8.58.2.tgz
-Source10225:
https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.2.tgz#/@typescript-eslint-typescript-estree-8.58.2.tgz
-Source10226:
https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.2.tgz#/@typescript-eslint-utils-8.58.2.tgz
-Source10227:
https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.2.tgz#/@typescript-eslint-visitor-keys-8.58.2.tgz
+Source10218:
https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.1.tgz#/@typescript-eslint-eslint-plugin-8.59.1.tgz
+Source10219:
https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.1.tgz#/@typescript-eslint-parser-8.59.1.tgz
+Source10220:
https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.1.tgz#/@typescript-eslint-project-service-8.59.1.tgz
+Source10221:
https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.1.tgz#/@typescript-eslint-scope-manager-8.59.1.tgz
+Source10222:
https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.1.tgz#/@typescript-eslint-tsconfig-utils-8.59.1.tgz
+Source10223:
https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.1.tgz#/@typescript-eslint-type-utils-8.59.1.tgz
+Source10224:
https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.1.tgz#/@typescript-eslint-types-8.59.1.tgz
+Source10225:
https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.1.tgz#/@typescript-eslint-typescript-estree-8.59.1.tgz
+Source10226:
https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.1.tgz#/@typescript-eslint-utils-8.59.1.tgz
+Source10227:
https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.1.tgz#/@typescript-eslint-visitor-keys-8.59.1.tgz
Source10228:
https://registry.npmjs.org/@uiw/codemirror-extensions-basic-setup/-/codemirror-extensions-basic-setup-4.25.9.tgz#/@uiw-codemirror-extensions-basic-setup-4.25.9.tgz
Source10229:
https://registry.npmjs.org/@uiw/react-codemirror/-/react-codemirror-4.25.9.tgz#/@uiw-react-codemirror-4.25.9.tgz
Source10230:
https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz#/@ungap-structured-clone-1.3.0.tgz
@@ -259,7 +259,7 @@
Source10258:
https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz#/acorn-8.16.0.tgz
Source10259:
https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz#/acorn-jsx-5.3.2.tgz
Source10260:
https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz#/agent-base-7.1.4.tgz
-Source10261:
https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz#/ajv-6.14.0.tgz
+Source10261:
https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz#/ajv-6.15.0.tgz
Source10262:
https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz#/ansi-escapes-4.3.2.tgz
Source10263:
https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz#/ansi-regex-5.0.1.tgz
Source10264:
https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz#/ansi-regex-6.2.2.tgz
@@ -279,7 +279,7 @@
Source10278:
https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-30.3.0.tgz#/babel-preset-jest-30.3.0.tgz
Source10279:
https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz#/balanced-match-1.0.2.tgz
Source10280:
https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz#/balanced-match-4.0.4.tgz
-Source10281:
https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.19.tgz#/baseline-browser-mapping-2.10.19.tgz
+Source10281:
https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz#/baseline-browser-mapping-2.10.24.tgz
Source10282:
https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz#/brace-expansion-1.1.14.tgz
Source10283:
https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz#/brace-expansion-2.1.0.tgz
Source10284:
https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz#/brace-expansion-5.0.5.tgz
@@ -294,7 +294,7 @@
Source10293:
https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz#/camelcase-5.3.1.tgz
Source10294:
https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz#/camelcase-6.3.0.tgz
Source10295:
https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz#/camelcase-css-2.0.1.tgz
-Source10296:
https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz#/caniuse-lite-1.0.30001788.tgz
+Source10296:
https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz#/caniuse-lite-1.0.30001791.tgz
Source10297:
https://registry.npmjs.org/chai/-/chai-5.3.3.tgz#/chai-5.3.3.tgz
Source10298:
https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz#/chalk-4.1.2.tgz
Source10299:
https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz#/char-regex-1.0.2.tgz
@@ -341,7 +341,7 @@
Source10340:
https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz#/domutils-3.2.2.tgz
Source10341:
https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz#/dunder-proto-1.0.1.tgz
Source10342:
https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz#/eastasianwidth-0.2.0.tgz
-Source10343:
https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz#/electron-to-chromium-1.5.340.tgz
+Source10343:
https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz#/electron-to-chromium-1.5.345.tgz
Source10344:
https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz#/emittery-0.13.1.tgz
Source10345:
https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz#/emoji-regex-8.0.0.tgz
Source10346:
https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz#/emoji-regex-9.2.2.tgz
@@ -531,10 +531,10 @@
Source10530:
https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.4.tgz#/napi-postinstall-0.3.4.tgz
Source10531:
https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz#/natural-compare-1.4.0.tgz
Source10532:
https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz#/neo-async-2.6.2.tgz
-Source10533:
https://registry.npmjs.org/nock/-/nock-14.0.12.tgz#/nock-14.0.12.tgz
+Source10533:
https://registry.npmjs.org/nock/-/nock-14.0.13.tgz#/nock-14.0.13.tgz
Source10534:
https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz#/node-fetch-2.7.0.tgz
Source10535:
https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz#/node-int64-0.4.0.tgz
-Source10536:
https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz#/node-releases-2.0.37.tgz
+Source10536:
https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz#/node-releases-2.0.38.tgz
Source10537:
https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz#/normalize-path-3.0.0.tgz
Source10538:
https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz#/npm-run-path-4.0.1.tgz
Source10539:
https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.23.tgz#/nwsapi-2.2.23.tgz
@@ -565,7 +565,7 @@
Source10564:
https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz#/picomatch-4.0.4.tgz
Source10565:
https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz#/pirates-4.0.7.tgz
Source10566:
https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz#/pkg-dir-4.2.0.tgz
-Source10567:
https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz#/postcss-8.5.10.tgz
+Source10567:
https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz#/postcss-8.5.12.tgz
Source10568:
https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz#/postcss-js-4.1.0.tgz
Source10569:
https://registry.npmjs.org/postcss-mixins/-/postcss-mixins-12.1.2.tgz#/postcss-mixins-12.1.2.tgz
Source10570:
https://registry.npmjs.org/postcss-nested/-/postcss-nested-7.0.2.tgz#/postcss-nested-7.0.2.tgz
@@ -593,8 +593,8 @@
Source10592:
https://registry.npmjs.org/react-refresh/-/react-refresh-0.17.0.tgz#/react-refresh-0.17.0.tgz
Source10593:
https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.7.2.tgz#/react-remove-scroll-2.7.2.tgz
Source10594:
https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.8.tgz#/react-remove-scroll-bar-2.3.8.tgz
-Source10595:
https://registry.npmjs.org/react-router/-/react-router-7.14.1.tgz#/react-router-7.14.1.tgz
-Source10596:
https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.1.tgz#/react-router-dom-7.14.1.tgz
+Source10595:
https://registry.npmjs.org/react-router/-/react-router-7.14.2.tgz#/react-router-7.14.2.tgz
+Source10596:
https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.2.tgz#/react-router-dom-7.14.2.tgz
Source10597:
https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.2.3.tgz#/react-style-singleton-2.2.3.tgz
Source10598:
https://registry.npmjs.org/react-textarea-autosize/-/react-textarea-autosize-8.5.9.tgz#/react-textarea-autosize-8.5.9.tgz
Source10599:
https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz#/react-transition-group-4.4.5.tgz
@@ -607,7 +607,7 @@
Source10606:
https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz#/resolve-cwd-3.0.0.tgz
Source10607:
https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz#/resolve-from-4.0.0.tgz
Source10608:
https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz#/resolve-from-5.0.0.tgz
-Source10609:
https://registry.npmjs.org/rollup/-/rollup-4.60.1.tgz#/rollup-4.60.1.tgz
+Source10609:
https://registry.npmjs.org/rollup/-/rollup-4.60.2.tgz#/rollup-4.60.2.tgz
Source10610:
https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.7.1.tgz#/rrweb-cssom-0.7.1.tgz
Source10611:
https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.8.0.tgz#/rrweb-cssom-0.8.0.tgz
Source10612:
https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz#/safer-buffer-2.1.2.tgz
++++++ package-lock.json ++++++
++++ 3728 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/package-lock.json
++++ and
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.30200/package-lock.json
++++++ prometheus-3.11.2.obscpio -> prometheus-3.11.3.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/CHANGELOG.md
new/prometheus-3.11.3/CHANGELOG.md
--- old/prometheus-3.11.2/CHANGELOG.md 2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/CHANGELOG.md 2026-04-27 16:40:41.000000000 +0200
@@ -1,5 +1,18 @@
# Changelog
+## 3.11.3 / 2026-04-27
+
+This release fixes mutiple security issues.
+
+We would like to thank the following people for the responsible disclosures:
+- Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode
vulnerability.
+- Brett Gervasoni for the AzureAD OAuth `client_secret` vulnerability.
+- @iiihaiii and @Ngocnn97 for the Old UI XSS vulnerability.
+
+- [SECURITY] AzureAD remote write: Fix OAuth `client_secret` being exposed in
plaintext via `/-/config` endpoint. GHSA-wg65-39gg-5wfj / CVE-2026-42151 #18590
+- [SECURITY] Remote-read: Reject snappy-compressed requests whose declared
decoded length exceeds the decode limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154
#18584
+- [SECURITY] UI: Fix stored XSS via unescaped `le` label values in old UI
heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588
+
## 3.11.2 / 2026-04-13
This release has a fix for a Stored XSS vulnerability that can be triggered
via crafted metric names and label values in Prometheus web UI tooltips and
metrics explorer. Thanks to Duc Anh Nguyen from TinyxLab for reporting it.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/VERSION
new/prometheus-3.11.3/VERSION
--- old/prometheus-3.11.2/VERSION 2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/VERSION 2026-04-27 16:40:41.000000000 +0200
@@ -1 +1 @@
-3.11.2
+3.11.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/storage/remote/azuread/azuread.go
new/prometheus-3.11.3/storage/remote/azuread/azuread.go
--- old/prometheus-3.11.2/storage/remote/azuread/azuread.go 2026-04-13
13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/storage/remote/azuread/azuread.go 2026-04-27
16:40:41.000000000 +0200
@@ -27,6 +27,7 @@
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/google/uuid"
"github.com/grafana/regexp"
+ config_util "github.com/prometheus/common/config"
)
// Clouds.
@@ -75,7 +76,7 @@
ClientID string `yaml:"client_id,omitempty"`
// ClientSecret is the clientSecret of the azure active directory
application that is being used to authenticate.
- ClientSecret string `yaml:"client_secret,omitempty"`
+ ClientSecret config_util.Secret `yaml:"client_secret,omitempty"`
// TenantID is the tenantId of the azure active directory application
that is being used to authenticate.
TenantID string `yaml:"tenant_id,omitempty"`
@@ -357,7 +358,7 @@
// newOAuthTokenCredential returns new OAuth token credential.
func newOAuthTokenCredential(clientOpts *azcore.ClientOptions, oAuthConfig
*OAuthConfig) (azcore.TokenCredential, error) {
opts := &azidentity.ClientSecretCredentialOptions{ClientOptions:
*clientOpts}
- return azidentity.NewClientSecretCredential(oAuthConfig.TenantID,
oAuthConfig.ClientID, oAuthConfig.ClientSecret, opts)
+ return azidentity.NewClientSecretCredential(oAuthConfig.TenantID,
oAuthConfig.ClientID, string(oAuthConfig.ClientSecret), opts)
}
// newSDKTokenCredential returns new SDK token credential.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/prometheus-3.11.2/storage/remote/azuread/azuread_test.go
new/prometheus-3.11.3/storage/remote/azuread/azuread_test.go
--- old/prometheus-3.11.2/storage/remote/azuread/azuread_test.go
2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/storage/remote/azuread/azuread_test.go
2026-04-27 16:40:41.000000000 +0200
@@ -25,6 +25,7 @@
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/google/uuid"
"github.com/prometheus/client_golang/prometheus/promhttp"
+ config_util "github.com/prometheus/common/config"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
@@ -32,11 +33,11 @@
)
const (
- dummyAudience = "dummyAudience"
- dummyClientID = "00000000-0000-0000-0000-000000000000"
- dummyClientSecret = "Cl1ent$ecret!"
- dummyTenantID = "00000000-a12b-3cd4-e56f-000000000000"
- testTokenString = "testTokenString"
+ dummyAudience = "dummyAudience"
+ dummyClientID =
"00000000-0000-0000-0000-000000000000"
+ dummyClientSecret config_util.Secret = "Cl1ent$ecret!"
+ dummyTenantID =
"00000000-a12b-3cd4-e56f-000000000000"
+ testTokenString = "testTokenString"
)
func testTokenExpiry() time.Time { return time.Now().Add(5 * time.Second) }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/storage/remote/codec.go
new/prometheus-3.11.3/storage/remote/codec.go
--- old/prometheus-3.11.2/storage/remote/codec.go 2026-04-13
13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/storage/remote/codec.go 2026-04-27
16:40:41.000000000 +0200
@@ -67,6 +67,14 @@
return nil, err
}
+ decodedLen, err := snappy.DecodedLen(compressed)
+ if err != nil {
+ return nil, err
+ }
+ if decodedLen > decodeReadLimit {
+ return nil, fmt.Errorf("snappy: decoded length %d exceeds limit
%d", decodedLen, decodeReadLimit)
+ }
+
reqBuf, err := snappy.Decode(nil, compressed)
if err != nil {
return nil, err
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/storage/remote/codec_test.go
new/prometheus-3.11.3/storage/remote/codec_test.go
--- old/prometheus-3.11.2/storage/remote/codec_test.go 2026-04-13
13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/storage/remote/codec_test.go 2026-04-27
16:40:41.000000000 +0200
@@ -18,6 +18,7 @@
"errors"
"fmt"
"io"
+ "net/http"
"sync"
"testing"
@@ -729,6 +730,17 @@
}
}
+func TestDecodeReadRequestTooLarge(t *testing.T) {
+ // 5-byte snappy stream whose header claims 256 MiB decoded length,
+ // well above decodeReadLimit (32 MiB).
+ bomb := []byte{0x80, 0x80, 0x80, 0x80, 0x01}
+ req, err := http.NewRequest(http.MethodPost, "/", bytes.NewReader(bomb))
+ require.NoError(t, err)
+
+ _, err = DecodeReadRequest(req)
+ require.ErrorContains(t, err, "exceeds limit")
+}
+
func TestDecodeWriteRequest(t *testing.T) {
buf, _, _, err := buildWriteRequest(nil,
writeRequestFixture.Timeseries, nil, nil, nil, nil, "snappy")
require.NoError(t, err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/web/ui/mantine-ui/package.json
new/prometheus-3.11.3/web/ui/mantine-ui/package.json
--- old/prometheus-3.11.2/web/ui/mantine-ui/package.json 2026-04-13
13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/web/ui/mantine-ui/package.json 2026-04-27
16:40:41.000000000 +0200
@@ -1,7 +1,7 @@
{
"name": "@prometheus-io/mantine-ui",
"private": true,
- "version": "0.311.2",
+ "version": "0.311.3",
"type": "module",
"scripts": {
"start": "vite",
@@ -28,7 +28,7 @@
"@microsoft/fetch-event-source": "^2.0.1",
"@nexucis/fuzzy": "^0.5.1",
"@nexucis/kvsearch": "^0.9.1",
- "@prometheus-io/codemirror-promql": "0.311.2",
+ "@prometheus-io/codemirror-promql": "0.311.3",
"@reduxjs/toolkit": "^2.11.2",
"@tabler/icons-react": "^3.40.0",
"@tanstack/react-query": "^5.95.2",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/prometheus-3.11.2/web/ui/module/codemirror-promql/package.json
new/prometheus-3.11.3/web/ui/module/codemirror-promql/package.json
--- old/prometheus-3.11.2/web/ui/module/codemirror-promql/package.json
2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/web/ui/module/codemirror-promql/package.json
2026-04-27 16:40:41.000000000 +0200
@@ -1,6 +1,6 @@
{
"name": "@prometheus-io/codemirror-promql",
- "version": "0.311.2",
+ "version": "0.311.3",
"description": "a CodeMirror mode for the PromQL language",
"types": "dist/esm/index.d.ts",
"module": "dist/esm/index.js",
@@ -29,7 +29,7 @@
},
"homepage":
"https://github.com/prometheus/prometheus/blob/main/web/ui/module/codemirror-promql/README.md";,
"dependencies": {
- "@prometheus-io/lezer-promql": "0.311.2",
+ "@prometheus-io/lezer-promql": "0.311.3",
"lru-cache": "^11.2.7"
},
"devDependencies": {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/prometheus-3.11.2/web/ui/module/lezer-promql/package.json
new/prometheus-3.11.3/web/ui/module/lezer-promql/package.json
--- old/prometheus-3.11.2/web/ui/module/lezer-promql/package.json
2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/web/ui/module/lezer-promql/package.json
2026-04-27 16:40:41.000000000 +0200
@@ -1,6 +1,6 @@
{
"name": "@prometheus-io/lezer-promql",
- "version": "0.311.2",
+ "version": "0.311.3",
"description": "lezer-based PromQL grammar",
"main": "dist/index.cjs",
"type": "module",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/web/ui/package-lock.json
new/prometheus-3.11.3/web/ui/package-lock.json
--- old/prometheus-3.11.2/web/ui/package-lock.json 2026-04-13
13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/web/ui/package-lock.json 2026-04-27
16:40:41.000000000 +0200
@@ -1,12 +1,12 @@
{
"name": "prometheus-io",
- "version": "0.311.2",
+ "version": "0.311.3",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "prometheus-io",
- "version": "0.311.2",
+ "version": "0.311.3",
"workspaces": [
"mantine-ui",
"module/*"
@@ -24,7 +24,7 @@
},
"mantine-ui": {
"name": "@prometheus-io/mantine-ui",
- "version": "0.311.2",
+ "version": "0.311.3",
"dependencies": {
"@codemirror/autocomplete": "^6.20.1",
"@codemirror/language": "^6.12.3",
@@ -42,7 +42,7 @@
"@microsoft/fetch-event-source": "^2.0.1",
"@nexucis/fuzzy": "^0.5.1",
"@nexucis/kvsearch": "^0.9.1",
- "@prometheus-io/codemirror-promql": "0.311.2",
+ "@prometheus-io/codemirror-promql": "0.311.3",
"@reduxjs/toolkit": "^2.11.2",
"@tabler/icons-react": "^3.40.0",
"@tanstack/react-query": "^5.95.2",
@@ -172,10 +172,10 @@
},
"module/codemirror-promql": {
"name": "@prometheus-io/codemirror-promql",
- "version": "0.311.2",
+ "version": "0.311.3",
"license": "Apache-2.0",
"dependencies": {
- "@prometheus-io/lezer-promql": "0.311.2",
+ "@prometheus-io/lezer-promql": "0.311.3",
"lru-cache": "^11.2.7"
},
"devDependencies": {
@@ -205,7 +205,7 @@
},
"module/lezer-promql": {
"name": "@prometheus-io/lezer-promql",
- "version": "0.311.2",
+ "version": "0.311.3",
"license": "Apache-2.0",
"devDependencies": {
"@lezer/generator": "^1.8.0",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/prometheus-3.11.2/web/ui/package.json
new/prometheus-3.11.3/web/ui/package.json
--- old/prometheus-3.11.2/web/ui/package.json 2026-04-13 13:39:08.000000000
+0200
+++ new/prometheus-3.11.3/web/ui/package.json 2026-04-27 16:40:41.000000000
+0200
@@ -1,7 +1,7 @@
{
"name": "prometheus-io",
"description": "Monorepo for the Prometheus UI",
- "version": "0.311.2",
+ "version": "0.311.3",
"private": true,
"scripts": {
"build": "bash build_ui.sh --all",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/prometheus-3.11.2/web/ui/react-app/src/pages/graph/Graph.tsx
new/prometheus-3.11.3/web/ui/react-app/src/pages/graph/Graph.tsx
--- old/prometheus-3.11.2/web/ui/react-app/src/pages/graph/Graph.tsx
2026-04-13 13:39:08.000000000 +0200
+++ new/prometheus-3.11.3/web/ui/react-app/src/pages/graph/Graph.tsx
2026-04-27 16:40:41.000000000 +0200
@@ -10,6 +10,7 @@
import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
import { faTimes } from '@fortawesome/free-solid-svg-icons';
import { GraphDisplayMode } from './Panel';
+import { escapeHTML } from '../../utils';
require('../../vendor/flot/jquery.flot');
require('../../vendor/flot/jquery.flot.stack');
@@ -151,7 +152,7 @@
if (options.yaxis && isHeatmap) {
options.yaxis.ticks = () => new Array(data.length + 1).fill(0).map((_el,
i) => i);
- options.yaxis.tickFormatter = (val) => `${val ? data[val - 1].labels.le
: ''}`;
+ options.yaxis.tickFormatter = (val) => `${val ? escapeHTML(data[val -
1].labels.le) : ''}`;
options.yaxis.min = 0;
options.yaxis.max = data.length;
options.series.lines = { show: false };
++++++ prometheus.obsinfo ++++++
--- /var/tmp/diff_new_pack.byDVVr/_old 2026-05-04 12:50:41.842513963 +0200
+++ /var/tmp/diff_new_pack.byDVVr/_new 2026-05-04 12:50:41.854514457 +0200
@@ -1,5 +1,5 @@
name: prometheus
-version: 3.11.2
-mtime: 1776080348
-commit: f0f0fdd679dcd6df320b0558b20919f7cd44c407
+version: 3.11.3
+mtime: 1777300841
+commit: eb173f5256d4022afba1e9bc3d19740a76859fae
++++++ prometheus.tmpfiles ++++++
d /var/lib/prometheus 0700 prometheus prometheus
d /var/lib/prometheus/data 0700 prometheus prometheus
d /var/lib/prometheus/metrics 0700 prometheus prometheus
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/golang-github-prometheus-prometheus/vendor.tar.gz
/work/SRC/openSUSE:Factory/.golang-github-prometheus-prometheus.new.30200/vendor.tar.gz
differ: char 13, line 1
