Bug 2067870: Address CVE-2022-21698

[pierreprinetti]

See See the Prometheus advisory

What this PR does / why we need it:
This patch upgrades github.com/prometheus/client_golang to v1.12,
where the vulnerability has been fixed.

This commit is the result of running:

go get github.com/prometheus/client_golang \
	&& go mod tidy && go mod vendor

Notes for the reviewer:
One handy way to check that the version of client_go used for compiling contains the security patch, is to run go mod vendor and check that the InstrumentRoundTripperCounter method contains a variadic options argument.

Release note:

Preemptively address CVE-2022-21698

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pierreprinetti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [pierreprinetti]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@pierreprinetti: This pull request references Bugzilla bug 2067870, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.11.0) matches configured target release for branch (4.11.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @eurijon

Details

In response to this:

Bug 2067870: Address CVE-2022-21698

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@pierreprinetti: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[mandre]

/lgtm

[openshift-ci]

@pierreprinetti: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/cluster-api-provider-openstack#224 is open

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with /bugzilla refresh.

Bugzilla bug 2067870 has not been moved to the MODIFIED state.

Details

In response to this:

Bug 2067870: Address CVE-2022-21698

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.