Update prom/prometheus Docker tag to v3.13.0#354
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
f32a5ee to
b33501a
Compare
b33501a to
a4f3e76
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v3.11.2→v3.13.0Release Notes
prometheus/prometheus (prom/prometheus)
v3.13.0: 3.13.0 / 2026-07-01Compare Source
This is a Long Term Support LTS release.
sanitize-htmlto fix a cross-site scripting vulnerability (CVE-2026-44990). #18697/assets/third-party-licenses.txt, replacing thenpm_licenses.tar.bz2archive previously shipped in release tarballs and container images. #18997--http.config.fileare now resolved relative to that config file's directory instead of its parent directory. Via prometheus/common v0.69.0. #18949min()andmax()duration-expression functions (experimental feature flagexperimental-duration-expr) tomin_of()andmax_of()to avoid confusion with theminandmaxaggregate operators. #18687min_of(a, b)andmax_of(a, b)scalar experimental functions, returning the smaller or larger of two scalar values. #18687samplesRead(andsamplesReadPerStepwithstats=alland thepromql-per-step-statsfeature flag) in the query stats response, and add theprometheus_engine_query_samples_read_totalengine counter.samplesReadreflects storage I/O distinct fromtotalQueryableSamples, which counts samples loaded into the evaluator (and so over-counts when a sample is reused across multiple range-vector windows). #18081__convert_classic_histograms_to_nhcb__internal label to allow per-target override ofconvert_classic_histograms_to_nhcbscrape configuration via relabeling. #18840storage.tsdb.chunk_encoding.floatsconfiguration field to select float chunk encoding (xororxor2) at runtime, independently of the--enable-feature=xor2-encodingflag. #18769__always_scrape_classic_histograms__and__scrape_native_histograms__internal labels to allow per-target override of thealways_scrape_classic_histogramsandscrape_native_histogramsscrape configuration via relabeling. #18929fill_left(x) fill_right(x)asfill(x)when both fill values are equal. #18851--enable-feature=created-timestamp-zero-ingestion). #18813endwas not aligned tostepcaused subqueries inside it to evaluate past the parent's last actual step, inflatingpeakSamplesin the query stats and against thequery.max-sampleslimit, and wasting storage I/O reading samples that were never used in the result. #18081@modifier (e.g.predict_linear(metric[60s] @​ T, X)) silently under-countedtotalQueryableSamplesfor steps after step 0. #18081fill_left/fill_rightproducing missing samples in range queries when usinggroup_left/group_right. #188501[5m] smoothedand similar expressions when extended range selectors are enabled. #18764smoothedinstant vector selector produces no samples for a series. #18943foo offset -(5)). #18768{}. Via prometheus/common v0.69.0. #18949check healthyandcheck readywhen--urlends with a trailing slash. #18854private_iporpublic_ipfield, but do have private NICs attached. #18772v3.12.0: 3.12.0 / 2026-05-28Compare Source
This release contains security fixes, new features (especially around PromQL and Service Discovery), performance improvements in TSDB, Start Timestamp improvements and numerous bug fixes.
Thanks to all contributors!
Key Highlights
rate(),irate(),increase(), andresets(). New experimental functionsstart(),end(),range(), andstep()are introduced.Changelog
/-/configendpoint. Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18649st-storageflag is enabled. #18221/api/v1/status/self_metricsendpoint returning the current state of the Prometheus server's own metrics about itself as JSON. #18411outscale_sd_configs) for discovering scrape targets from the Outscale Cloud API. #18139sort,sort_by_labelorsort_by_label_descis used within range (matrix) queries, as these functions do not have effect in that context. #18498start(),end(),range(), andstep()experimental functions #17877resets()function to consider start timestamp resets. Hidden behinduse-start-timestampsfeature flag. #18627CheckpointFromInMemorySeriesoption toagent.DBthat enables checkpoint based on in-memory series. #17948rate(),irate(), andincrease()calculations, behind a feature flaguse-start-timestamps. Doesn't work together with extended range selectorsanchoredandsmoothed. #18344st-synthesiswhich synthesizes unknown STs for scraped cumulative metrics. Useful when Remote Writing 2.0 with delta or Otel-based backends. #18279@stannotation inloadblocks to specify per-sample start timestamps. #18360external_idfield to ECS/MSK/RDS/Elasticache. #18579external_idfield. #17171--headerflag toquery instantcommand, matching existingquery rangebehaviour. #18418info()function incorrectly handling negated__name__matchers #17932/parse_ast. #18624health_filterfor Health API filtering, fixing breakage when using Catalog-only fields likeServiceTagsinfilter. #18479 #18499smoothedrate/increase returning zero instead of no result when all data falls strictly after the query range. #18523range()keyword in duration expressions such asfoo[5m+range()]. #18623@modifier is used. #18531prometheus_sd_refresh*andprometheus_sd_discovered_targetsmetrics for specific scrape jobs are deleted when the scrape job is removed. #17614--enable-featureflag description and sort feature names. #18487v3.11.3: 3.11.3 / 2026-04-27Compare Source
This release fixes mutiple security issues.
We would like to thank the following people for the responsible disclosures:
Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode vulnerability.
Brett Gervasoni for the AzureAD OAuth
client_secretvulnerability.@iiihaiii and @Ngocnn97 for the Old UI XSS vulnerability.
[SECURITY] AzureAD remote write: Fix OAuth
client_secretbeing exposed in plaintext via/-/configendpoint. GHSA-wg65-39gg-5wfj / CVE-2026-42151 #18590[SECURITY] Remote-read: Reject snappy-compressed requests whose declared decoded length exceeds the decode limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154 #18584
[SECURITY] UI: Fix stored XSS via unescaped
lelabel values in old UI heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.