This is probably due to GitHub dependabot currently flagging a security issue with go-restful (I hit the same issue yesterday).
On Fri, 10 Feb 2023 at 09:13, Matthias Rampke <matth...@prometheus.io> wrote: > You are on the right track with go mod graph: go-restful is a dependency > of k8s.io/client-go and k8s.io/kube-openapi, so colloquially "the > Kubernetes client library". Prometheus uses it for service discovery, > fetching information about pods, endpoints, and services. From a cursory > look through github.com/kubernetes > <https://cs.github.com/?q=org%3Akubernetes+go-restful&p=5&pt=95635d459e0c25fdd23327d2aafd76e1f37667b598be932cf35f694610b9e2fdf25d33e2091317b4ac9ab081a73c33fb776e90bf43b358ccf8565727b3f565af4626586ae6c28a4f093334dae79e5902c0585106a7c18533377316a7ed7ed3707c35cfb5c6cefeec6a6bf460e6d647ef3efaff12d0e8f030086105ec53f721c80b8f6ef53f1b2a14a5056bba204cfd393caa86738516c15447179894b1d4c306b2eff7f90304288c1a6c77e4fe4c78d28ff57c899caf2022ee5307c5557005db6805dd6cdadf95e112f02963229e83c1650497d49955865324acdbcb5fe1022ffff1fe4086dd34dd004f2f61932b84a0bbd9389c3a8d765f1a5a7696b1a730b888cf34251395a7e13d938d87f3720eca3e989d8a24f0a3451a6c12e134fda00a78ca4e393e1c7983f67c1292ae451465e2726d9d5464f0944d6248f8be7106c441b2b7fadff735dc91161d5cdae0d714ea5039c73703981936c01cf2c7d2e4912d428bcd766b1cd7f9ab1f13ccc1b70882598ed5db908d4861f53c18ba6afbd5829b801d50dbade208b5726b8f396b05&scope=&scopeName=All+repos>, > it seems that it is only actually *called* on the kube-apiserver side, so > Prometheus should not encounter any of it, but don't take my word for it. > > I am curious now, can you share why you are interested in go-restful? 😄 > > Best, > Matthias > > > > On Fri, Feb 10, 2023 at 9:59 AM Gavin <gavine...@gmail.com> wrote: > >> Hello Prometheus team, >> >> May I have a question about how Prometheus uses go-restful ? >> >> We are using Prometheus 2.38.0 and from the binary, we can see go-restful >> is compiled. >> >> $go version -m prometheus |grep go-restful >> dep github.com/emicklei/go-restful >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-93b88ba1585bcc50&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful> >> v2.16.0+incompatible h1:rgqiKNjTnFQA6kkhFe16D8epTksy9HQ1MyrbDXSdYhM= >> >> I did grep on Prometheus source code, and failed to find where go-restful >> is invoked, 'go mod why', 'go mod graph' and 'go list 'don't help much >> either. >> >> prometheus $ [v2.38.0] [] $ go mod graph |grep go-restful >> >> github.com/prometheus/prometheus >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-c33587582a4a88bd&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Fprometheus%2Fprometheus> >> github.com/emicklei/go-restful@v2.16.0+incompatible >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-393d0419c214a867&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v2.16.0%2Bincompatible> >> >> k8s.io/client-go@v0.24.3 >> github.com/emicklei/go-restful@v2.9.5+incompatible >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-55c83c6042a445e0&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v2.9.5%2Bincompatible> >> >> k8s.io/kube-openapi@v0.0.0-20220328201542-3ee0da9b0b42 >> github.com/emicklei/go-restful@v0.0.0-20170410110728-ff4f55a20633 >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-1574f85b7eb8631a&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v0.0.0-20170410110728-ff4f55a20633> >> >> It would be highly appreciated if you could pinpoint why/where go-restful >> is used. >> >> Thanks! >> >> BRs >> >> /Gavin >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to prometheus-developers+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-developers/9c7b9160-b8ce-42cd-bf78-1d0ee48ed638n%40googlegroups.com >> <https://groups.google.com/d/msgid/prometheus-developers/9c7b9160-b8ce-42cd-bf78-1d0ee48ed638n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to prometheus-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gYk7BFQHaHtffU1Ze4ztrd-5O7%2BMKFnXXLdz5V5LJjDvQ%40mail.gmail.com > <https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gYk7BFQHaHtffU1Ze4ztrd-5O7%2BMKFnXXLdz5V5LJjDvQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Tristan Colgate-McFarlane ---- -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAPGZSG%2Bg8H6-%3DRJJ2nkuZrEpAEUWMPZQbNTyQcTE_EX1-7TOQg%40mail.gmail.com.
