dependabot[bot] opened a new pull request, #6685: URL: https://github.com/apache/camel-k/pull/6685
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.68.1 to 0.69.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/common/releases";>github.com/prometheus/common's releases</a>.</em></p> <blockquote> <h2>v0.69.0</h2> <h2>What's Changed</h2> <ul> <li>config: strip credentials on cross-host redirects by <a href="https://github.com/roidelapluie";><code>@roidelapluie</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/901";>prometheus/common#901</a></li> <li>Modernize Go by <a href="https://github.com/SuperQ";><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/919";>prometheus/common#919</a></li> <li>config: make isCrossHostRedirect sticky across the redirect chain by <a href="https://github.com/roidelapluie";><code>@roidelapluie</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/920";>prometheus/common#920</a></li> <li>config: check cross-host redirect before OAuth2 token fetch by <a href="https://github.com/roidelapluie";><code>@roidelapluie</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/921";>prometheus/common#921</a></li> <li>expfmt: fix nil pointer panic when parsing empty braces "{}" by <a href="https://github.com/roidelapluie";><code>@roidelapluie</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/922";>prometheus/common#922</a></li> <li>model: reduce allocations in Time.UnmarshalJSON by <a href="https://github.com/bboreham";><code>@bboreham</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/918";>prometheus/common#918</a></li> <li>config: resolve LoadHTTPConfigFile paths relative to the config file by <a href="https://github.com/roidelapluie";><code>@roidelapluie</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/925";>prometheus/common#925</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.68.1...v0.69.0";>https://github.com/prometheus/common/compare/v0.68.1...v0.69.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prometheus/common/blob/main/CHANGELOG.md";>github.com/prometheus/common's changelog</a>.</em></p> <blockquote> <h2>v0.69.0 / 2026-06-17</h2> <h3>Security / behavior changes</h3> <ul> <li><strong>config: credentials are no longer forwarded across cross-host redirects.</strong> When <code>FollowRedirects</code> is enabled, the HTTP client now strips <code>Authorization</code>, <code>Cookie</code>, <code>Proxy-Authorization</code> and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's <code>net/http</code> behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. <a href="https://redirect.github.com/prometheus/common/issues/901";>#901</a> <a href="https://redirect.github.com/prometheus/common/issues/920";>#920</a> <a href="https://redirect.github.com/prometheus/common/issues/921";>#921</a></li> <li>config: <code>LoadHTTPConfigFile</code> now resolves relative file paths (e.g. <code>*_file</code> credentials, <code>http_headers</code> files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. <a href="https://redirect.github.com/prometheus/common/issues/925";>#925</a></li> </ul> <h3>Bugfixes</h3> <ul> <li>expfmt: fix nil pointer panic when parsing empty braces <code>{}</code>. <a href="https://redirect.github.com/prometheus/common/issues/922";>#922</a></li> <li>model: fix <code>Time.UnmarshalJSON</code> for larger negative numbers. <a href="https://redirect.github.com/prometheus/common/issues/918";>#918</a></li> </ul> <h3>Performance</h3> <ul> <li>model: reduce allocations in <code>Time.UnmarshalJSON</code>. <a href="https://redirect.github.com/prometheus/common/issues/918";>#918</a></li> </ul> <h3>Internal</h3> <ul> <li>Synchronize common files from prometheus/prometheus. <a href="https://redirect.github.com/prometheus/common/issues/917";>#917</a></li> <li>Modernize Go. <a href="https://redirect.github.com/prometheus/common/issues/919";>#919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.68.1...v0.69.0";>https://github.com/prometheus/common/compare/v0.68.1...v0.69.0</a></p> <h2>v0.67.2 / 2025-10-28</h2> <h2>What's Changed</h2> <ul> <li>config: Fix panic in <code>tlsRoundTripper</code> when CA file is absent by <a href="https://github.com/ndk";><code>@ndk</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/792";>prometheus/common#792</a></li> <li>Cleanup linting issues by <a href="https://github.com/SuperQ";><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/860";>prometheus/common#860</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ndk";><code>@ndk</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/792";>prometheus/common#792</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.67.1...v0.67.2";>https://github.com/prometheus/common/compare/v0.67.1...v0.67.2</a></p> <h2>v0.67.1 / 2025-10-07</h2> <h2>What's Changed</h2> <ul> <li>Remove VERSION file to avoid Go conflict error in <a href="https://redirect.github.com/prometheus/common/pull/853";>prometheus/common#853</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.67.0...v0.67.1";>https://github.com/prometheus/common/compare/v0.67.0...v0.67.1</a></p> <h2>v0.67.0 / 2025-10-07</h2> <h2>What's Changed</h2> <ul> <li>Create CHANGELOG.md for easier communication of library changes, especially possible breaking changes. by <a href="https://github.com/ywwg";><code>@ywwg</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/833";>prometheus/common#833</a></li> <li>model: New test for validation with dots by <a href="https://github.com/m1k1o";><code>@m1k1o</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/759";>prometheus/common#759</a></li> <li>expfmt: document NewTextParser as required by <a href="https://github.com/burgerdev";><code>@burgerdev</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/842";>prometheus/common#842</a></li> <li>expfmt: Add support for float histograms and gauge histograms by <a href="https://github.com/beorn7";><code>@beorn7</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/843";>prometheus/common#843</a></li> <li>Updated minimum Go version to 1.24.0, updated Go dependecies by <a href="https://github.com/SuperQ";><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/849";>prometheus/common#849</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prometheus/common/commit/e3c14a039d494d866242b36ac253dfecf9c7210b";><code>e3c14a0</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/925";>#925</a> from roidelapluie/roidelapluie/fix-loadhttpconfigfile...</li> <li><a href="https://github.com/prometheus/common/commit/a7b791d0a0cd8e7be164d7f3fdb33450c1868b1c";><code>a7b791d</code></a> config: resolve LoadHTTPConfigFile paths relative to the config file</li> <li><a href="https://github.com/prometheus/common/commit/f84efec4e4deb31a8afd39c4f4f7ba2b30f39df3";><code>f84efec</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/918";>#918</a> from prometheus/time-split</li> <li><a href="https://github.com/prometheus/common/commit/2269d3d1af9a40c9324bb523087f7704fabe7f1d";><code>2269d3d</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/922";>#922</a> from roidelapluie/roidelapluie/fix-textparse-empty-br...</li> <li><a href="https://github.com/prometheus/common/commit/a1600af967b7eaa77360339b402b447855c24915";><code>a1600af</code></a> expfmt: fix nil pointer panic when parsing empty braces "{}"</li> <li><a href="https://github.com/prometheus/common/commit/56fe3954537fa60da94055f19172fafa25347948";><code>56fe395</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/921";>#921</a> from roidelapluie/roidelapluie/oauth2-cross-host-check</li> <li><a href="https://github.com/prometheus/common/commit/0fcda471410c91d285776092b7d768d8ac199bc9";><code>0fcda47</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/920";>#920</a> from roidelapluie/roidelapluie/cross-host-sticky</li> <li><a href="https://github.com/prometheus/common/commit/30ba470f4f55107af9dbe7fbe9c95c0617c13f43";><code>30ba470</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/919";>#919</a> from prometheus/superq/modernize</li> <li><a href="https://github.com/prometheus/common/commit/2b55b3e9e7e899f2cbcbcb7afdcb55c2db6a1754";><code>2b55b3e</code></a> config: check cross-host redirect before OAuth2 token fetch</li> <li><a href="https://github.com/prometheus/common/commit/428856f9a5d0d790dacdf03e789c2ef87b03fc40";><code>428856f</code></a> config: make isCrossHostRedirect sticky across the redirect chain</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/common/compare/v0.68.1...v0.69.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
