Oindrila Khan
2625721eba
ui: update jsonpath to 1.3.0
...
This addresses CVE-2025-61140 and CVE-2025-1615 by updating jsonpath to a patched version.
Signed-off-by: Oindrila Khan <oindrilakha12@gmail.com>
2026-06-03 14:54:21 +05:30
Michael Hoffmann
05d9bd4a27
scrape: add __convert_classic_histograms_to_nhcb__ internal label ( #18840 )
...
Adding this as a meta label makes it possible to dynamically configure
this setting through discovery labels.
This helps in usecases like K8S where we could enable this with a pod
annotation.
Signed-off-by: Michael Hoffmann <mhoffmann@cloudflare.com>
2026-06-03 13:11:21 +00:00
RoyS
f3d653fb5c
chore: fix typos in comments ( #18834 )
...
* chore: fix typos in comments
Fix three minor typos in source comments:
- scrape: mimicks -> mimics
- tsdb: descibes -> describes
- ui/codemirror-promql: theses -> these
Signed-off-by: RoySerbi <roy676564@gmail.com>
* ci: retrigger CI to clear known 32-bit flake
Empty commit to retrigger CI. The previous run failed only on
'Go tests for 32-bit x86' due to the known intermittent flake in
TestRemoteWrite_PerQueueMetricsAfterRelabeling (see #17356 ), which
is unrelated to this comment-only PR.
Signed-off-by: RoySerbi <roy676564@gmail.com>
---------
Signed-off-by: RoySerbi <roy676564@gmail.com>
2026-06-02 15:34:02 +02:00
Bartlomiej Plotka
a0524eeca9
Merge pull request #18822 from prometheus/sync312
...
Merge 3.12 to main
2026-05-29 17:06:50 +02:00
bwplotka
acdb302bee
fix go.work
...
Signed-off-by: bwplotka <bwplotka@gmail.com>
2026-05-29 15:38:41 +01:00
Julien
1dd4d3f6c3
ui: add supply-chain hardening .npmrc ( #18794 )
...
Set ignore-scripts=true, allow-git=none, and min-release-age=3 to
harden npm installs against lifecycle script abuse, git-sourced
dependencies, and recently published packages.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-29 12:28:10 +00:00
bwplotka
b902c36303
Merge branch 'release-3.12' into release-sync-main
2026-05-29 12:54:58 +01:00
bwplotka
4158cac050
upgade Go modules
...
Signed-off-by: bwplotka <bwplotka@gmail.com>
2026-05-28 15:58:39 +01:00
bwplotka
65f818aced
bump UI version
...
Signed-off-by: bwplotka <bwplotka@gmail.com>
2026-05-28 15:19:59 +01:00
Julius Volz
f37442d25a
Merge pull request #18783 from flying-musk/test-promql-quoted-label-name
...
buf.build / lint and publish (push) Waiting to run
CI / Go tests (push) Waiting to run
CI / More Go tests (push) Waiting to run
CI / Go tests for 32-bit x86 (push) Waiting to run
CI / Go tests for Prometheus upgrades and downgrades (push) Waiting to run
CI / Go tests with previous Go version (push) Waiting to run
CI / UI tests (push) Waiting to run
CI / Go tests on Windows (push) Waiting to run
CI / Mixins tests (push) Waiting to run
CI / Compliance testing (push) Waiting to run
CI / Build Prometheus for common architectures (push) Waiting to run
CI / Build Prometheus for all architectures (push) Waiting to run
CI / Report status of build Prometheus for all architectures (push) Blocked by required conditions
CI / Check generated parser (push) Waiting to run
CI / golangci-lint (push) Waiting to run
CI / fuzzing (push) Waiting to run
CI / codeql (push) Waiting to run
CI / Publish main branch artifacts (push) Blocked by required conditions
CI / Publish release artefacts (push) Blocked by required conditions
CI / Publish UI on npm Registry (push) Blocked by required conditions
govulncheck / Run govulncheck (push) Waiting to run
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
ui: cover PromQL label name quoting
2026-05-25 11:26:12 +02:00
Flying Musk
a8c57e3117
test(ui): cover Prometheus duration parsing
...
Signed-off-by: Flying Musk <musk.flying@gmail.com>
2026-05-24 16:15:45 -07:00
Flying Musk
672330bd70
test(ui): cover PromQL label name quoting
...
Signed-off-by: Flying Musk <musk.flying@gmail.com>
2026-05-24 15:45:59 -07:00
Flying Musk
5261349613
test(ui): cover PromQL URL-sensitive characters
...
Signed-off-by: Flying Musk <musk.flying@gmail.com>
2026-05-23 20:26:45 -07:00
renovate[bot]
1a7ad07bb9
Update module github.com/bufbuild/buf to v1.69.0 ( #18760 )
...
buf.build / lint and publish (push) Has been cancelled
CI / Go tests (push) Has been cancelled
CI / More Go tests (push) Has been cancelled
CI / Go tests for 32-bit x86 (push) Has been cancelled
CI / Go tests for Prometheus upgrades and downgrades (push) Has been cancelled
CI / Go tests with previous Go version (push) Has been cancelled
CI / UI tests (push) Has been cancelled
CI / Go tests on Windows (push) Has been cancelled
CI / Mixins tests (push) Has been cancelled
CI / Compliance testing (push) Has been cancelled
CI / Build Prometheus for common architectures (push) Has been cancelled
CI / Build Prometheus for all architectures (push) Has been cancelled
CI / Check generated parser (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
CI / fuzzing (push) Has been cancelled
CI / codeql (push) Has been cancelled
govulncheck / Run govulncheck (push) Has been cancelled
Scorecards supply-chain security / Scorecards analysis (push) Has been cancelled
CI / Report status of build Prometheus for all architectures (push) Has been cancelled
CI / Publish main branch artifacts (push) Has been cancelled
CI / Publish release artefacts (push) Has been cancelled
CI / Publish UI on npm Registry (push) Has been cancelled
* Update module github.com/bufbuild/buf to v1.69.0
* chore: bump go directive to 1.25.6
---------
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2026-05-23 16:05:26 +02:00
renovate[bot]
e1429b4f68
Update dependency sanitize-html to v2.17.4 [SECURITY] ( #18697 )
...
* chore(deps): update dependency sanitize-html to v2.17.4 [security]
---------
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2026-05-23 12:21:32 +00:00
renovate[bot]
a4abbf3092
Update Node.js to v22.22.3 ( #18148 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-23 13:10:34 +02:00
renovate[bot]
cc4dba12eb
Update module golang.org/x/net to v0.55.0 [SECURITY] ( #18775 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-23 13:08:45 +02:00
Julien
aa260fcde5
Merge pull request #18687 from roidelapluie/roidelapluie/greatest_least
...
Duration expression: Rename min/max -> min_of, max_of
2026-05-21 10:34:29 +02:00
Julien
0df8ce7ac9
web/api: reject 0 for limit and batch_size in search endpoints ( #18724 )
...
buf.build / lint and publish (push) Waiting to run
CI / Go tests (push) Waiting to run
CI / More Go tests (push) Waiting to run
CI / Go tests for 32-bit x86 (push) Waiting to run
CI / Go tests for Prometheus upgrades and downgrades (push) Waiting to run
CI / Go tests with previous Go version (push) Waiting to run
CI / UI tests (push) Waiting to run
CI / Go tests on Windows (push) Waiting to run
CI / Mixins tests (push) Waiting to run
CI / Compliance testing (push) Waiting to run
CI / Build Prometheus for common architectures (push) Waiting to run
CI / Build Prometheus for all architectures (push) Waiting to run
CI / Report status of build Prometheus for all architectures (push) Blocked by required conditions
CI / Check generated parser (push) Waiting to run
CI / golangci-lint (push) Waiting to run
CI / fuzzing (push) Waiting to run
CI / codeql (push) Waiting to run
CI / Publish main branch artifacts (push) Blocked by required conditions
CI / Publish release artefacts (push) Blocked by required conditions
CI / Publish UI on npm Registry (push) Blocked by required conditions
govulncheck / Run govulncheck (push) Waiting to run
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
* web/api: reject 0 for limit and batch_size in search endpoints
Treat 0 as invalid for limit and batch_size query parameters; clients
must supply a positive integer or omit the parameter to use the server
default of 100. Update OpenAPI descriptions accordingly.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
* Update web/api/v1/openapi.go
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Signed-off-by: Julien <291750+roidelapluie@users.noreply.github.com>
---------
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
Signed-off-by: Julien <291750+roidelapluie@users.noreply.github.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2026-05-19 15:05:45 +00:00
Jyotishmoy Deka
300b4f495b
web/ui: fix lezer-promql module build on Windows ( #18725 )
...
Signed-off-by: jyotishmoy12 <jyotishmoydeka62@gmail.com>
2026-05-19 15:50:28 +02:00
Julien
e1f4380b2a
web/api: add search API endpoint ( #18573 )
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-19 13:58:00 +02:00
Julien Pivotto
a74f0b2e7a
PromQL: Rename greatest, least, to max_of, min_of.
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-19 13:07:16 +02:00
Bartlomiej Plotka
2a146bce7f
Revert "chore: prepare 3.12.0-rc.0 release"
2026-05-19 08:40:18 +01:00
Julien Pivotto
7af21f195c
promql: add least() and greatest() scalar functions
...
Implement least(a, b) and greatest(a, b) as scalar-returning PromQL
functions backed by math.Min and math.Max respectively.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-18 11:15:31 +02:00
bwplotka
981aadfb02
make ui-bump-version
...
Signed-off-by: bwplotka <bwplotka@gmail.com>
2026-05-15 11:28:16 +01:00
Asish Kumar
a21f58c2c0
test: expect label value completion apply text
...
Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
2026-05-14 22:13:03 +05:30
Asish Kumar
0254e010b3
Address PromQL autocomplete review feedback
...
Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
2026-05-14 22:11:04 +05:30
Asish Kumar
7c6bab8c58
ui: escape label values in PromQL autocomplete
...
Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
2026-05-14 22:11:04 +05:30
Julien Pivotto
76c859969d
promql: rename min/max duration expr functions to least/greatest
...
Rename the `min()` and `max()` duration expression functions to
`least()` and `greatest()` to avoid conflicts with the existing
PromQL aggregate functions `min` and `max`.
Update documentation and tests accordingly.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-13 17:35:52 +02:00
Julien Pivotto
dd406b3df5
web/api/v1: enable ExperimentalDurationExpr in translate AST tests
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-13 10:52:59 +02:00
Julien Pivotto
7b29b912e3
Revert "PromQL: Promote duration expressions as stable"
...
This reverts commit 1463a5bb5a
2026-05-13 09:59:50 +02:00
Julius Volz
ce93018f4e
Merge pull request #18682 from flying-musk/fix-y-axis-tick-precision
...
ui: improve y-axis tick precision
2026-05-13 08:00:14 +02:00
Flying Musk
b69f991b57
ui: improve y-axis tick precision
...
Signed-off-by: Flying Musk <musk.flying@gmail.com>
2026-05-12 16:11:03 -07:00
bwplotka
d36e9114cb
chore: Upgrade Go deps
...
Signed-off-by: bwplotka <bwplotka@gmail.com>
2026-05-11 12:10:00 +01:00
Bartlomiej Plotka
24c06c068d
Merge pull request #18664 from prometheus/deps-update/go-github.com-prometheus-prometheus-vulnerability
...
Update module github.com/prometheus/prometheus to v0.311.3 [SECURITY]
2026-05-11 13:00:56 +02:00
Bartlomiej Plotka
42003b2e13
Merge pull request #18624 from roidelapluie/roidelapluie/dur-expr-in-parse-ast
...
web/api: emit duration expression trees
2026-05-11 12:59:41 +02:00
renovate[bot]
73844c223f
Update module github.com/prometheus/prometheus to v0.311.3 [SECURITY]
2026-05-11 10:20:11 +00:00
Julien
ecab2f45a8
Merge pull request #18651 from roidelapluie/roidelapluie/fgprof-concurrency-limit
...
web: reject concurrent fgprof profiles with 500, aligning with pprof
2026-05-08 18:12:46 +02:00
Julien Pivotto
dd54642a47
web: reject concurrent fgprof profiles with 500, aligning with pprof
...
Add a mutex around the fgprof handler so that only one profile can
run at a time. A second concurrent request returns 500 with an error
message matching the pprof behaviour for CPU profiling already in use.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-08 17:41:27 +02:00
Julien Pivotto
64e465dddc
chore: Update NPM deps for 3.12
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-08 13:59:50 +02:00
Julien Pivotto
20b5f16159
web/api: emit duration expression trees
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-05-06 12:10:03 +02:00
Julien
75ec141616
Merge pull request #18305 from charleskorn/duration-openapi-docs
...
fix: correctly document supported formats for duration query request parameters in OpenAPI spec
2026-05-05 14:29:13 +02:00
Julien Pivotto
5e4c110c65
Merge branch 'release-3.11' into merge-3.11
2026-04-27 17:11:39 +02:00
Julien Pivotto
5ba3545753
Release 3.11.3
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-04-27 15:48:10 +02:00
Julius Volz
38f23b9075
ui: fix stored XSS in old UI heatmap chart tick labels
...
This fixes the stored XSS as described in:
https://github.com/prometheus/prometheus/security/advisories/GHSA-fw8g-cg8f-9j28
Signed-off-by: Julius Volz <julius.volz@gmail.com>
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-04-27 12:28:10 +02:00
Julien Pivotto
1463a5bb5a
PromQL: Promote duration expressions as stable
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-04-24 18:45:09 +02:00
Julien
89f5f51f46
Merge pull request #18538 from roidelapluie/roidelapluie/fixreturn
...
buf.build / lint and publish (push) Waiting to run
CI / Go tests (push) Waiting to run
CI / More Go tests (push) Waiting to run
CI / Go tests for Prometheus upgrades and downgrades (push) Waiting to run
CI / Go tests with previous Go version (push) Waiting to run
CI / UI tests (push) Waiting to run
CI / Go tests on Windows (push) Waiting to run
CI / Mixins tests (push) Waiting to run
CI / Compliance testing (push) Waiting to run
CI / Build Prometheus for common architectures (push) Waiting to run
CI / Build Prometheus for all architectures (push) Waiting to run
CI / Report status of build Prometheus for all architectures (push) Blocked by required conditions
CI / Check generated parser (push) Waiting to run
CI / golangci-lint (push) Waiting to run
CI / fuzzing (push) Waiting to run
CI / codeql (push) Waiting to run
CI / Publish main branch artifacts (push) Blocked by required conditions
CI / Publish release artefacts (push) Blocked by required conditions
CI / Publish UI on npm Registry (push) Blocked by required conditions
Push README to Docker Hub / Push README to Docker Hub (push) Waiting to run
Push README to Docker Hub / Push README to quay.io (push) Waiting to run
govulncheck / Run govulncheck (push) Waiting to run
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
web/api: return after respondError in serveWALReplayStatus
2026-04-22 12:27:26 +02:00
Julien Pivotto
c20c88e0db
web/api: return after respondError in serveWALReplayStatus
...
Without the return, a successful respond() call would always follow
the error response, writing a second body to an already-written
ResponseWriter and producing a malformed HTTP response.
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-04-17 17:03:25 +02:00
Julien Pivotto
504c5e67ea
promql/ui: highlight start()/end()/range()/step() as functions; start()/end() as modifiers only after @
...
Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>
2026-04-17 16:48:54 +02:00
Julien
5d0bc055ef
Merge pull request #17877 from roidelapluie/roidelapluie/funcs
...
PromQL: Add start() end() range() and step() functions
2026-04-17 13:51:37 +02:00
