tetrate-ci opened a new pull request, #249: URL: https://github.com/apache/skywalking-satellite/pull/249
## Summary Upgrade `github.com/prometheus/prometheus` from `v0.311.2` to `v0.311.3` to fix the following CVEs: | CVE ID | Severity | Package | Fix | |--------|----------|---------|-----| | CVE-2026-42151 | HIGH | github.com/prometheus/prometheus | v0.311.2 → v0.311.3 | | CVE-2026-42154 | HIGH | github.com/prometheus/prometheus | v0.311.2 → v0.311.3 | | GHSA-fw8g-cg8f-9j28 | MEDIUM | github.com/prometheus/prometheus | v0.311.2 → v0.311.3 | ## Verification A Docker image was built locally and scanned with Trivy — **0 vulnerabilities** detected (0 Critical, 0 High, 0 Medium, 0 Low). ## Notes This fix addresses CVEs present in two satellite image tags used in the Tetrate monorepo: - Tag `vd8151c147760e2993a4fd583af75c5821c126bb1` (used in master and release-1.14.x): prometheus was at v0.311.2 - Tag `vebc14e3c7f2cbfbcf16cb59d057df353675b1ea6` (used in release-1.11.x and release-1.12.x): prometheus was at v0.43.0, already upgraded to v0.311.2 in commit 02962f1 Both tags are on the same `main` branch lineage — this single PR fixes both by advancing to v0.311.3. @kezhenxu94 Could you please review this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
