@prometheus-io/lezer-promql 0.312.0-rc.0 → 0.313.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +49 -2
- package/package.json +10 -8
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,53 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
## 3.
|
|
3
|
+
## 3.13.0-rc.1 / 2026-06-22
|
|
4
|
+
|
|
5
|
+
The 3.13.0-rc.0 release was only partially successful, so most of the changes in this release candidate are CI/build-related. The only user-facing change is:
|
|
6
|
+
|
|
7
|
+
- [CHANGE] UI: Third-party npm dependency licenses are now embedded in the Prometheus binary and served at `/assets/third-party-licenses.txt`, replacing the `npm_licenses.tar.bz2` archive previously shipped in release tarballs and container images. #18997
|
|
8
|
+
|
|
9
|
+
## 3.13.0-rc.0 / 2026-06-18
|
|
10
|
+
|
|
11
|
+
- [SECURITY] UI: Bump `sanitize-html` to fix a cross-site scripting vulnerability (CVE-2026-44990). #18697
|
|
12
|
+
- [CHANGE] API: Use SHA-256 instead of SHA-1 to generate rule group pagination tokens. #18927
|
|
13
|
+
- [CHANGE] HTTP clients: Credentials (Authorization header, basic auth, bearer token, OAuth2, configured headers) are no longer forwarded when following a redirect to a different host; affects scraping, remote read/write, alerting, and service discovery. Via prometheus/common v0.69.0 (CVE-2025-4673 CVE-2023-45289). #18949
|
|
14
|
+
- [CHANGE] promtool: Relative file paths in the file passed to `--http.config.file` are now resolved relative to that config file's directory instead of its parent directory. Via prometheus/common v0.69.0. #18949
|
|
15
|
+
- [CHANGE] PromQL: Rename the `min()` and `max()` duration-expression functions (experimental feature flag `experimental-duration-expr`) to `min_of()` and `max_of()` to avoid confusion with the `min` and `max` aggregate operators. #18687
|
|
16
|
+
- [FEATURE] API: Add experimental search endpoints to search metric names, label names, and label values. #18573
|
|
17
|
+
- [FEATURE] Discovery/AWS: Add ability to filter RDS instances. #18859
|
|
18
|
+
- [FEATURE] PromQL: Add `min_of(a, b)` and `max_of(a, b)` scalar experimental functions, returning the smaller or larger of two scalar values. #18687
|
|
19
|
+
- [FEATURE] PromQL: Add support for smoothed/anchored rate with native histograms. #18564
|
|
20
|
+
- [FEATURE] PromQL: Expose per-query `samplesRead` (and `samplesReadPerStep` with `stats=all` and the `promql-per-step-stats` feature flag) in the query stats response, and add the `prometheus_engine_query_samples_read_total` engine counter. `samplesRead` reflects storage I/O distinct from `totalQueryableSamples`, which counts samples loaded into the evaluator (and so over-counts when a sample is reused across multiple range-vector windows). #18081
|
|
21
|
+
- [FEATURE] Scrape: Add `__convert_classic_histograms_to_nhcb__` internal label to allow per-target override of `convert_classic_histograms_to_nhcb` scrape configuration via relabeling. #18840
|
|
22
|
+
- [FEATURE] TSDB: Add `storage.tsdb.chunk_encoding.floats` configuration field to select float chunk encoding (`xor` or `xor2`) at runtime, independently of the `--enable-feature=xor2-encoding` flag. #18769
|
|
23
|
+
- [FEATURE] remote_write: Add Certificate support for ingesting data into an Azure Monitor Workspace. #18217
|
|
24
|
+
- [FEATURE] Scrape: Add `__always_scrape_classic_histograms__` and `__scrape_native_histograms__` internal labels to allow per-target override of the `always_scrape_classic_histograms` and `scrape_native_histograms` scrape configuration via relabeling. #18929
|
|
25
|
+
- [ENHANCEMENT] Release: Container images are now also published to the GitHub Container Registry (ghcr.io). #18791
|
|
26
|
+
- [ENHANCEMENT] PromQL: Prettify `fill_left(x) fill_right(x)` as `fill(x)` when both fill values are equal. #18851
|
|
27
|
+
- [ENHANCEMENT] UI: Improve autocompletion after closing a function bracket. #18894
|
|
28
|
+
- [PERF] Labels: Add case-insensitive prefix matching to speed up evaluation of long case-insensitive regular expressions (up to ~2x faster). #18540
|
|
29
|
+
- [PERF] TSDB: Reduce per-sample overhead in chunk population, speeding up affected queries by ~12-15% in benchmarks. #18699
|
|
30
|
+
- [PERF] TSDB: Eliminate unnecessary heap allocations in the V2 histogram WAL decoder, reducing allocations by up to 50% and memory by up to 10% for deployments using native histograms with created-timestamp storage enabled (`--enable-feature=created-timestamp-zero-ingestion`). #18813
|
|
31
|
+
- [BUGFIX] Discovery/AWS: Fix failure when processing an AWS RDS cluster without instances. #18845
|
|
32
|
+
- [BUGFIX] Fix race condition in initTime that could cause ErrOutOfBounds. #18629
|
|
33
|
+
- [BUGFIX] PromQL: A range query whose `end` was not aligned to `step` caused subqueries inside it to evaluate past the parent's last actual step, inflating `peakSamples` in the query stats and against the `query.max-samples` limit, and wasting storage I/O reading samples that were never used in the result. #18081
|
|
34
|
+
- [BUGFIX] PromQL: A range query containing an at-modifier-unsafe function over a range-vector with an `@` modifier (e.g. `predict_linear(metric[60s] @ T, X)`) silently under-counted `totalQueryableSamples` for steps after step 0. #18081
|
|
35
|
+
- [BUGFIX] PromQL: Fix `fill_left`/`fill_right` producing missing samples in range queries when using `group_left`/`group_right`. #18850
|
|
36
|
+
- [BUGFIX] PromQL: Fix for resets() and changes() in anchored range extenders with histograms. #18906
|
|
37
|
+
- [BUGFIX] PromQL: Fix panic on `1[5m] smoothed` and similar expressions when extended range selectors are enabled. #18764
|
|
38
|
+
- [BUGFIX] PromQL: Fix panic when a `smoothed` instant vector selector produces no samples for a series. #18943
|
|
39
|
+
- [BUGFIX] PromQL: Fix panic when using a parenthesised plain number as an offset (e.g. `foo offset -(5)`). #18768
|
|
40
|
+
- [BUGFIX] promtool: Fix panic when parsing exposition text containing empty braces `{}`. Via prometheus/common v0.69.0. #18949
|
|
41
|
+
- [BUGFIX] Promtool: Fix `check healthy` and `check ready` when `--url` ends with a trailing slash. #18854
|
|
42
|
+
- [BUGFIX] Rules: Close PromQL query after each rule evaluation to ensure resources are released. #18733
|
|
43
|
+
- [BUGFIX] Scaleway SD: Resolve VPC/IPAM-only instances that have no legacy `private_ip` or `public_ip` field, but do have private NICs attached. #18772
|
|
44
|
+
- [BUGFIX] TSDB: Do not leak head series when an integer histogram append is rejected (e.g. out-of-order). #18838
|
|
45
|
+
- [BUGFIX] UI: Escape label values offered by PromQL autocomplete. #18658
|
|
46
|
+
- [BUGFIX] TSDB: Fix chunk snapshot encoding for EncXOR2 chunks, preventing corruption on TSDB restart when EncXOR2-encoded series were present. #18739
|
|
47
|
+
- [BUGFIX] TSDB: Store a millisecond timestamp (not a WAL segment number) in walExpiries when a series is evicted via CompactStaleHead/CompactSelectedSeries, so the series's label record is correctly retained in the next WAL checkpoint and replays cleanly. #18847
|
|
48
|
+
- [BUGFIX] TSDB: Prevent loss of samples at the chunk-range boundary when CompactSelectedSeries (and CompactStaleHead) evict the series — the per-slice compaction loop now runs one more iteration so the boundary timestamp is captured in a block before the in-memory copy is removed. #18849
|
|
49
|
+
|
|
50
|
+
## 3.12.0 / 2026-05-28
|
|
4
51
|
|
|
5
52
|
- [SECURITY] Remote-write: Reject snappy-compressed requests whose declared decoded length exceeds the 32MB. Thanks to @hibrian827 for reporting it. #18642
|
|
6
53
|
- [SECURITY] STACKIT SD: Fix secrets being exposed in plaintext via `/-/config` endpoint. Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18649
|
|
@@ -58,7 +105,7 @@
|
|
|
58
105
|
|
|
59
106
|
## 3.11.3 / 2026-04-27
|
|
60
107
|
|
|
61
|
-
This release fixes
|
|
108
|
+
This release fixes mutiple security issues.
|
|
62
109
|
|
|
63
110
|
We would like to thank the following people for the responsible disclosures:
|
|
64
111
|
- Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode vulnerability.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@prometheus-io/lezer-promql",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.313.0-rc.1",
|
|
4
4
|
"description": "lezer-based PromQL grammar",
|
|
5
5
|
"main": "dist/index.cjs",
|
|
6
6
|
"type": "module",
|
|
@@ -25,19 +25,21 @@
|
|
|
25
25
|
"url": "https://github.com/prometheus/prometheus/issues"
|
|
26
26
|
},
|
|
27
27
|
"homepage": "https://github.com/prometheus/prometheus/blob/main/web/ui/module/lezer-promql/README.md",
|
|
28
|
-
"scripts": {
|
|
29
|
-
"build": "bash ./build.sh",
|
|
30
|
-
"lint": "echo 'nothing to do'",
|
|
31
|
-
"test": "NODE_OPTIONS=--experimental-vm-modules jest"
|
|
32
|
-
},
|
|
33
28
|
"devDependencies": {
|
|
34
29
|
"@lezer/generator": "^1.8.0",
|
|
35
30
|
"@lezer/highlight": "^1.2.3",
|
|
36
31
|
"@lezer/lr": "^1.4.10",
|
|
37
|
-
"@rollup/plugin-node-resolve": "^16.0.3"
|
|
32
|
+
"@rollup/plugin-node-resolve": "^16.0.3",
|
|
33
|
+
"jest": "^30.4.2",
|
|
34
|
+
"rollup": "^4.62.0"
|
|
38
35
|
},
|
|
39
36
|
"peerDependencies": {
|
|
40
37
|
"@lezer/highlight": "^1.1.2",
|
|
41
38
|
"@lezer/lr": "^1.2.3"
|
|
39
|
+
},
|
|
40
|
+
"scripts": {
|
|
41
|
+
"build": "bash ./build.sh",
|
|
42
|
+
"lint": "echo 'nothing to do'",
|
|
43
|
+
"test": "NODE_OPTIONS=--experimental-vm-modules jest"
|
|
42
44
|
}
|
|
43
|
-
}
|
|
45
|
+
}
|