Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

promhttp: Check validity of method and code label values #962

Merged
merged 5 commits into from
Jan 18, 2022

Conversation

kakkoyun
Copy link
Member

Signed-off-by: Kemal Akkoyun [email protected]

Copy link
Member

@bwplotka bwplotka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is epic! Proposed a more flexible API, otherwise, it's perfect, thanks!

prometheus/promhttp/instrument_client.go Outdated Show resolved Hide resolved
prometheus/promhttp/instrument_client.go Outdated Show resolved Hide resolved
Copy link
Member

@beorn7 beorn7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general, just a few thoughts.

prometheus/promhttp/instrument_server.go Outdated Show resolved Hide resolved
if len(additionalMethods) > 0 {
for _, method := range additionalMethods {
if strings.EqualFold(m, method) {
return strings.ToLower(m)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just use method here instead of m? It wouldn't require ToLower if we documented that additional methods are used with the same capitalization as provided (which some users might even need).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, it's an option. I just respected the previous design decisions here. Everything was the lower case before and just kept it. I'm inclined to keep the lower case behaviour and if someone requests it we can change it; it's a minor one anyways.

Signed-off-by: Kemal Akkoyun <[email protected]>
Copy link
Member

@bwplotka bwplotka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a small inconsistency. I would pick shorter name, additional is quite long word to use everywhere and in those case we often say extra, but up to you (:

if s >= 100 && s <= 599 {
return strconv.Itoa(s)
}
return "unknown"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(:

prometheus/promhttp/option.go Outdated Show resolved Hide resolved
prometheus/promhttp/instrument_server.go Show resolved Hide resolved
Signed-off-by: Kemal Akkoyun <[email protected]>
@kakkoyun kakkoyun merged commit 9075cdf into main Jan 18, 2022
@kakkoyun kakkoyun deleted the sanitize_method_and_code branch January 18, 2022 09:19
bwplotka pushed a commit that referenced this pull request Feb 15, 2022
* Check validity of method and code label values

Signed-off-by: Kemal Akkoyun <[email protected]>

* Use more flexibly functional option pattern for configuration

Signed-off-by: Kemal Akkoyun <[email protected]>

* Update documentation

Signed-off-by: Kemal Akkoyun <[email protected]>

* Simplify

Signed-off-by: Kemal Akkoyun <[email protected]>

* Fix inconsistent method naming

Signed-off-by: Kemal Akkoyun <[email protected]>
bwplotka added a commit that referenced this pull request Feb 15, 2022
* Check validity of method and code label values

Signed-off-by: Kemal Akkoyun <[email protected]>

* Use more flexibly functional option pattern for configuration

Signed-off-by: Kemal Akkoyun <[email protected]>

* Update documentation

Signed-off-by: Kemal Akkoyun <[email protected]>

* Simplify

Signed-off-by: Kemal Akkoyun <[email protected]>

* Fix inconsistent method naming

Signed-off-by: Kemal Akkoyun <[email protected]>

Co-authored-by: Kemal Akkoyun <[email protected]>
kodiakhq bot referenced this pull request in cloudquery/cloudquery Dec 29, 2023
….1 [SECURITY] (#15855)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | indirect | minor | `v1.1.0` -> `v1.11.1` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

### GitHub Vulnerability Alerts

#### [CVE-2022-21698](https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p)

This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.

### Impact

HTTP server susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods.

###  Affected Configuration

In order to be affected, an instrumented software must

* Use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`.
* Do not filter any specific methods (e.g GET) before middleware.
* Pass metric with `method` label name to our middleware.
* Not have any firewall/LB/proxy that filters away requests with unknown `method`.

### Patches

* [https://github.com/prometheus/client_golang/pull/962](https://github.com/prometheus/client_golang/pull/962)
* [https://github.com/prometheus/client_golang/pull/987](https://github.com/prometheus/client_golang/pull/987)

### Workarounds

If you cannot upgrade to [v1.11.1 or above](https://github.com/prometheus/client_golang/releases/tag/v1.11.1), in order to stop being affected you can:

* Remove `method` label name from counter/gauge you use in the InstrumentHandler.
* Turn off affected promhttp handlers.
* Add custom middleware before promhttp handler that will sanitize the request method given by Go http.Request.
* Use a reverse proxy or web application firewall, configured to only allow a limited set of methods.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in https://github.com/prometheus/client_golang
* Email us at `[email protected]`

---

### Release Notes

<details>
<summary>prometheus/client_golang (github.com/prometheus/client_golang)</summary>

### [`v1.11.1`](https://github.com/prometheus/client_golang/releases/tag/v1.11.1): 1.11.1 / 2022-02-15

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1)

-   \[SECURITY FIX] promhttp: Check validity of method and code label values[https://github.com/prometheus/client_golang/pull/987](https://github.com/prometheus/client_golang/pull/987)7 (Addressed [`CVE-2022-21698`](https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p))

#### What's Changed

-   promhttp: Check validity of method and code label values by [@&#8203;bwplotka](https://github.com/bwplotka) and [@&#8203;kakkoyun](https://github.com/kakkoyun) in  [https://github.com/prometheus/client_golang/pull/987](https://github.com/prometheus/client_golang/pull/987)

**Full Changelog**: prometheus/client_golang@v1.11.0...v1.11.1

### [`v1.11.0`](https://github.com/prometheus/client_golang/releases/tag/v1.11.0): / 2021-06-07

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0)

-   \[CHANGE] Add new collectors package. [#&#8203;862](https://github.com/prometheus/client_golang/issues/862)
-   \[CHANGE] `prometheus.NewExpvarCollector` is deprecated, use `collectors.NewExpvarCollector` instead. [#&#8203;862](https://github.com/prometheus/client_golang/issues/862)
-   \[CHANGE] `prometheus.NewGoCollector` is deprecated, use `collectors.NewGoCollector` instead. [#&#8203;862](https://github.com/prometheus/client_golang/issues/862)
-   \[CHANGE] `prometheus.NewBuildInfoCollector` is deprecated, use `collectors.NewBuildInfoCollector` instead. [#&#8203;862](https://github.com/prometheus/client_golang/issues/862)
-   \[FEATURE] Add new collector for database/sql#DBStats. [#&#8203;866](https://github.com/prometheus/client_golang/issues/866)
-   \[FEATURE] API client: Add exemplars API support. [#&#8203;861](https://github.com/prometheus/client_golang/issues/861)
-   \[ENHANCEMENT] API client: Add newer fields to Rules API. [#&#8203;855](https://github.com/prometheus/client_golang/issues/855)
-   \[ENHANCEMENT] API client: Add missing fields to Targets API. [#&#8203;856](https://github.com/prometheus/client_golang/issues/856)

#### What's Changed

-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/846](https://github.com/prometheus/client_golang/pull/846)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/849](https://github.com/prometheus/client_golang/pull/849)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/853](https://github.com/prometheus/client_golang/pull/853)
-   Add newer fields to Rules API by [@&#8203;gouthamve](https://github.com/gouthamve) in [https://github.com/prometheus/client_golang/pull/855](https://github.com/prometheus/client_golang/pull/855)
-   Add missing fields to targets API by [@&#8203;yeya24](https://github.com/yeya24) in [https://github.com/prometheus/client_golang/pull/856](https://github.com/prometheus/client_golang/pull/856)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/857](https://github.com/prometheus/client_golang/pull/857)
-   Add exemplars API support by [@&#8203;yeya24](https://github.com/yeya24) in [https://github.com/prometheus/client_golang/pull/861](https://github.com/prometheus/client_golang/pull/861)
-   Improve description of MaxAge in summary docs by [@&#8203;Dean-Coakley](https://github.com/Dean-Coakley) in [https://github.com/prometheus/client_golang/pull/864](https://github.com/prometheus/client_golang/pull/864)
-   Add new collectors package by [@&#8203;johejo](https://github.com/johejo) in [https://github.com/prometheus/client_golang/pull/862](https://github.com/prometheus/client_golang/pull/862)
-   Add collector for database/sql#DBStats by [@&#8203;johejo](https://github.com/johejo) in [https://github.com/prometheus/client_golang/pull/866](https://github.com/prometheus/client_golang/pull/866)
-   Make dbStatsCollector more DRY by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/867](https://github.com/prometheus/client_golang/pull/867)
-   Change maintainers from [@&#8203;beorn7](https://github.com/beorn7) to @&#8203;bwplotka/[@&#8203;kakkoyun](https://github.com/kakkoyun) by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/873](https://github.com/prometheus/client_golang/pull/873)
-   Document implications of negative observations by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/871](https://github.com/prometheus/client_golang/pull/871)
-   Update Go modules by [@&#8203;SuperQ](https://github.com/SuperQ) in [https://github.com/prometheus/client_golang/pull/875](https://github.com/prometheus/client_golang/pull/875)

#### New Contributors

-   [@&#8203;gouthamve](https://github.com/gouthamve) made their first contribution in [https://github.com/prometheus/client_golang/pull/855](https://github.com/prometheus/client_golang/pull/855)

**Full Changelog**: prometheus/client_golang@v1.10.0...v1.11.0

### [`v1.10.0`](https://github.com/prometheus/client_golang/releases/tag/v1.10.0): 1.10.0 / 2021-03-18

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.9.0...v1.10.0)

-   \[CHANGE] Minimum required Go version is now 1.13.
-   \[CHANGE] API client: Add matchers to `LabelNames` and `LabesValues`. [#&#8203;828](https://github.com/prometheus/client_golang/issues/828)
-   \[FEATURE] API client: Add buildinfo call. [#&#8203;841](https://github.com/prometheus/client_golang/issues/841)
-   \[BUGFIX] Fix build on riscv64. [#&#8203;833](https://github.com/prometheus/client_golang/issues/833)

#### What's Changed

-   Add SECURITY.md by [@&#8203;roidelapluie](https://github.com/roidelapluie) in [https://github.com/prometheus/client_golang/pull/831](https://github.com/prometheus/client_golang/pull/831)
-   Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by [@&#8203;zhsj](https://github.com/zhsj) in [https://github.com/prometheus/client_golang/pull/833](https://github.com/prometheus/client_golang/pull/833)
-   Fix typo in comments in [https://github.com/prometheus/client_golang/pull/835](https://github.com/prometheus/client_golang/pull/835)
-   Support matchers in labels API by [@&#8203;yeya24](https://github.com/yeya24) in [https://github.com/prometheus/client_golang/pull/828](https://github.com/prometheus/client_golang/pull/828)
-   Add buildinfo method by [@&#8203;ntk148v](https://github.com/ntk148v) in [https://github.com/prometheus/client_golang/pull/841](https://github.com/prometheus/client_golang/pull/841)
-   Update dependencies by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/843](https://github.com/prometheus/client_golang/pull/843)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/844](https://github.com/prometheus/client_golang/pull/844)
-   Cut v1.10.0 by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/845](https://github.com/prometheus/client_golang/pull/845)

#### New Contributors

-   [@&#8203;zhsj](https://github.com/zhsj) made their first contribution in [https://github.com/prometheus/client_golang/pull/833](https://github.com/prometheus/client_golang/pull/833)
-   [@&#8203;ntk148v](https://github.com/ntk148v) made their first contribution in [https://github.com/prometheus/client_golang/pull/841](https://github.com/prometheus/client_golang/pull/841)

**Full Changelog**: prometheus/client_golang@v1.9.0...v1.10.0

### [`v1.9.0`](https://github.com/prometheus/client_golang/releases/tag/v1.9.0): 1.9.0 / 2020-12-17

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.8.0...v1.9.0)

-   \[FEATURE] `NewPidFileFn` helper to create process collectors for processes whose PID is read from a file. [#&#8203;804](https://github.com/prometheus/client_golang/issues/804)
-   \[BUGFIX] promhttp: Prevent endless loop in `InstrumentHandler...` middlewares with invalid metric or label names. [#&#8203;823](https://github.com/prometheus/client_golang/issues/823)

#### What's Changed

-   add the NewPidFileFn to helper by [@&#8203;sbookworm](https://github.com/sbookworm) in [https://github.com/prometheus/client_golang/pull/804](https://github.com/prometheus/client_golang/pull/804)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/809](https://github.com/prometheus/client_golang/pull/809)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/811](https://github.com/prometheus/client_golang/pull/811)
-   Added example api code showing how to add auth tokens and user agents to prom client. by [@&#8203;bwplotka](https://github.com/bwplotka) in [https://github.com/prometheus/client_golang/pull/817](https://github.com/prometheus/client_golang/pull/817)
-   Correct spelling: possibilites -> possibilities by [@&#8203;jubalh](https://github.com/jubalh) in [https://github.com/prometheus/client_golang/pull/819](https://github.com/prometheus/client_golang/pull/819)
-   Be more explicit about the multi-line properties of MultiError by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/821](https://github.com/prometheus/client_golang/pull/821)
-   promhttp: Correctly detect invalid metric and label names by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/823](https://github.com/prometheus/client_golang/pull/823)
-    Cut release 1.9.0 by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/826](https://github.com/prometheus/client_golang/pull/826)

#### New Contributors

-   [@&#8203;sbookworm](https://github.com/sbookworm) made their first contribution in [https://github.com/prometheus/client_golang/pull/804](https://github.com/prometheus/client_golang/pull/804)
-   [@&#8203;jubalh](https://github.com/jubalh) made their first contribution in [https://github.com/prometheus/client_golang/pull/819](https://github.com/prometheus/client_golang/pull/819)

**Full Changelog**: prometheus/client_golang@v1.8.0...v1.9.0

### [`v1.8.0`](https://github.com/prometheus/client_golang/releases/tag/v1.8.0): 1.8.0 / 2020-10-15

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.7.1...v1.8.0)

-   \[CHANGE] API client: Use `time.Time` rather than `string` for timestamps in `RuntimeinfoResult`. [#&#8203;777](https://github.com/prometheus/client_golang/issues/777)
-   \[FEATURE] Export `MetricVec` to facilitate implementation of vectors of custom `Metric` types. [#&#8203;803](https://github.com/prometheus/client_golang/issues/803)
-   \[FEATURE API client: Support `/status/tsdb` endpoint. [#&#8203;773](https://github.com/prometheus/client_golang/issues/773)
-   \[ENHANCEMENT] API client: Enable GET fallback on status code 501. [#&#8203;802](https://github.com/prometheus/client_golang/issues/802)
-   \[ENHANCEMENT] Remove `Metric` references after reslicing to free up more memory. [#&#8203;784](https://github.com/prometheus/client_golang/issues/784)

#### What's Changed

-   Add support for tsdb endpoint by [@&#8203;HimaVarsha94](https://github.com/HimaVarsha94) in [https://github.com/prometheus/client_golang/pull/773](https://github.com/prometheus/client_golang/pull/773)
-   Use time.Time for timestamps in Runtimeinfo by [@&#8203;mxey](https://github.com/mxey) in [https://github.com/prometheus/client_golang/pull/777](https://github.com/prometheus/client_golang/pull/777)
-   fix tests warning about string(int) type conversions by [@&#8203;johejo](https://github.com/johejo) in [https://github.com/prometheus/client_golang/pull/779](https://github.com/prometheus/client_golang/pull/779)
-   Update collector comment about GC stop-the-world by [@&#8203;roidelapluie](https://github.com/roidelapluie) in [https://github.com/prometheus/client_golang/pull/783](https://github.com/prometheus/client_golang/pull/783)
-   Remove reference to Metric after reslicing by [@&#8203;hummerd](https://github.com/hummerd) in [https://github.com/prometheus/client_golang/pull/784](https://github.com/prometheus/client_golang/pull/784)
-   Support go 1.15 by [@&#8203;roidelapluie](https://github.com/roidelapluie) in [https://github.com/prometheus/client_golang/pull/792](https://github.com/prometheus/client_golang/pull/792)
-   Replace with the standard library constant. by [@&#8203;johncming](https://github.com/johncming) in [https://github.com/prometheus/client_golang/pull/793](https://github.com/prometheus/client_golang/pull/793)
-   Synchronize common files from prometheus/prometheus by [@&#8203;prombot](https://github.com/prombot) in [https://github.com/prometheus/client_golang/pull/797](https://github.com/prometheus/client_golang/pull/797)
-   Remove spurious commas from links to the docs site by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/800](https://github.com/prometheus/client_golang/pull/800)
-   API client: Enable fallback on status code 501, too by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/802](https://github.com/prometheus/client_golang/pull/802)
-   Export MetricVec (again) by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/803](https://github.com/prometheus/client_golang/pull/803)
-   Cut v1.8.0 by [@&#8203;beorn7](https://github.com/beorn7) in [https://github.com/prometheus/client_golang/pull/806](https://github.com/prometheus/client_golang/pull/806)

#### New Contributors

-   [@&#8203;HimaVarsha94](https://github.com/HimaVarsha94) made their first contribution in [https://github.com/prometheus/client_golang/pull/773](https://github.com/prometheus/client_golang/pull/773)
-   [@&#8203;mxey](https://github.com/mxey) made their first contribution in [https://github.com/prometheus/client_golang/pull/777](https://github.com/prometheus/client_golang/pull/777)
-   [@&#8203;hummerd](https://github.com/hummerd) made their first contribution in [https://github.com/prometheus/client_golang/pull/784](https://github.com/prometheus/client_golang/pull/784)
-   [@&#8203;johncming](https://github.com/johncming) made their first contribution in [https://github.com/prometheus/client_golang/pull/793](https://github.com/prometheus/client_golang/pull/793)

**Full Changelog**: prometheus/client_golang@v1.7.1...v1.8.0

### [`v1.7.1`](https://github.com/prometheus/client_golang/releases/tag/v1.7.1): 1.7.1 / 2020-06-23

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.7.0...v1.7.1)

-   \[BUGFIX] API client: Actually propagate start/end parameters of `LabelNames` and `LabelValues`. [#&#8203;771](https://github.com/prometheus/client_golang/issues/771)

### [`v1.7.0`](https://github.com/prometheus/client_golang/releases/tag/v1.7.0): 1.7.0 / 2020-06-17

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.6.0...v1.7.0)

-   \[CHANGE] API client: Add start/end parameters to `LabelNames` and `LabelValues`. [#&#8203;767](https://github.com/prometheus/client_golang/issues/767)
-   \[FEATURE] testutil: Add `GatherAndCount` and enable filtering in `CollectAndCount` [#&#8203;753](https://github.com/prometheus/client_golang/issues/753)
-   \[FEATURE] API client: Add support for `status` and `runtimeinfo` endpoints. [#&#8203;755](https://github.com/prometheus/client_golang/issues/755)
-   \[ENHANCEMENT] Wrapping `nil` with a `WrapRegistererWith...` function creates a no-op `Registerer`.  [#&#8203;764](https://github.com/prometheus/client_golang/issues/764)
-   \[ENHANCEMENT] promlint: Allow Kelvin as a base unit for cases like color temperature. [#&#8203;761](https://github.com/prometheus/client_golang/issues/761)
-   \[BUGFIX] push: Properly handle empty job and label values. [#&#8203;752](https://github.com/prometheus/client_golang/issues/752)

### [`v1.6.0`](https://github.com/prometheus/client_golang/releases/tag/v1.6.0): 1.6.0 / 2020-04-28

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.5.1...v1.6.0)

-   \[FEATURE] testutil: Add lint checks for metrics, including a sub-package `promlint` to expose the linter engine for external usage. [#&#8203;739](https://github.com/prometheus/client_golang/issues/739) [#&#8203;743](https://github.com/prometheus/client_golang/issues/743)
-   \[ENHANCEMENT] API client: Improve error messages. [#&#8203;731](https://github.com/prometheus/client_golang/issues/731)
-   \[BUGFIX] process collector: Fix `process_resident_memory_bytes` on 32bit MS Windows. [#&#8203;734](https://github.com/prometheus/client_golang/issues/734)

### [`v1.5.1`](https://github.com/prometheus/client_golang/releases/tag/v1.5.1): 1.5.1 / 2020-03-14

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.5.0...v1.5.1)

-   \[BUGFIX] promhttp: Remove another superfluous `WriteHeader` call.

### [`v1.5.0`](https://github.com/prometheus/client_golang/releases/tag/v1.5.0): 1.5.0 / 2020-03-03

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.4.1...v1.5.0)

-   \[FEATURE] promauto: Add a factory to allow automatic registration with a local registry. [#&#8203;713](https://github.com/prometheus/client_golang/issues/713)
-   \[FEATURE] promauto: Add `NewUntypedFunc`. [#&#8203;713](https://github.com/prometheus/client_golang/issues/713)
-   \[FEATURE] API client: Support new metadata endpoint. [#&#8203;718](https://github.com/prometheus/client_golang/issues/718)

### [`v1.4.1`](https://github.com/prometheus/client_golang/releases/tag/v1.4.1): 1.4.1 / 2020-02-07

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.4.0...v1.4.1)

-   \[BUGFIX] Fix timestamp of exemplars in `CounterVec`. [#&#8203;710](https://github.com/prometheus/client_golang/issues/710)

### [`v1.4.0`](https://github.com/prometheus/client_golang/releases/tag/v1.4.0): 1.4.0 / 2020-01-27

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.3.0...v1.4.0)

-   \[CHANGE] Go collector: Improve doc string for `go_gc_duration_seconds`. [#&#8203;702](https://github.com/prometheus/client_golang/issues/702)
-   \[FEATURE] Support a subset of OpenMetrics, including exemplars. Needs opt-in via `promhttp.HandlerOpts`. **EXPERIMENTAL** [#&#8203;706](https://github.com/prometheus/client_golang/issues/706)
-   \[FEATURE] Add `testutil.CollectAndCount`. [#&#8203;703](https://github.com/prometheus/client_golang/issues/703)

### [`v1.3.0`](https://github.com/prometheus/client_golang/releases/tag/v1.3.0): 1.3.0 / 2019-12-21

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.2.1...v1.3.0)

-   \[FEATURE] Support tags in Graphite bridge. [#&#8203;668](https://github.com/prometheus/client_golang/issues/668)
-   \[BUGFIX] API client: Actually return Prometheus warnings. [#&#8203;699](https://github.com/prometheus/client_golang/issues/699)

### [`v1.2.1`](https://github.com/prometheus/client_golang/releases/tag/v1.2.1): 1.2.1 / 2019-10-17

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.2.0...v1.2.1)

#### 1.2.1 / 2019-10-17

-   \[BUGFIX] Fix regression in the implementation of `Registerer.Unregister`. [#&#8203;663](https://github.com/prometheus/client_golang/issues/663)

### [`v1.2.0`](https://github.com/prometheus/client_golang/releases/tag/v1.2.0): 1.2.0 / 2019-10-15

[Compare Source](https://github.com/prometheus/client_golang/compare/v1.1.0...v1.2.0)

-   \[FEATURE] Support pushing to Pushgateway v0.10+. [#&#8203;652](https://github.com/prometheus/client_golang/issues/652)
-   \[ENHANCEMENT] Improve hashing to make a spurious `AlreadyRegisteredError` less likely to occur. [#&#8203;657](https://github.com/prometheus/client_golang/issues/657)
-   \[ENHANCEMENT] API client: Add godoc examples. [#&#8203;630](https://github.com/prometheus/client_golang/issues/630)
-   \[BUGFIX] promhttp: Correctly call WriteHeader in HTTP middleware. [#&#8203;634](https://github.com/prometheus/client_golang/issues/634)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMTAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjExMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants