This is probably due to GitHub dependabot currently flagging a security issue with go-restful (I hit the same issue yesterday).
On Fri, 10 Feb 2023 at 09:13, Matthias Rampke <[email protected]> wrote: > You are on the right track with go mod graph: go-restful is a dependency > of k8s.io/client-go and k8s.io/kube-openapi, so colloquially "the > Kubernetes client library". Prometheus uses it for service discovery, > fetching information about pods, endpoints, and services. From a cursory > look through github.com/kubernetes > <https://cs.github.com/?q=org%3Akubernetes+go-restful&p=5&pt=95635d459e0c25fdd23327d2aafd76e1f37667b598be932cf35f694610b9e2fdf25d33e2091317b4ac9ab081a73c33fb776e90bf43b358ccf8565727b3f565af4626586ae6c28a4f093334dae79e5902c0585106a7c18533377316a7ed7ed3707c35cfb5c6cefeec6a6bf460e6d647ef3efaff12d0e8f030086105ec53f721c80b8f6ef53f1b2a14a5056bba204cfd393caa86738516c15447179894b1d4c306b2eff7f90304288c1a6c77e4fe4c78d28ff57c899caf2022ee5307c5557005db6805dd6cdadf95e112f02963229e83c1650497d49955865324acdbcb5fe1022ffff1fe4086dd34dd004f2f61932b84a0bbd9389c3a8d765f1a5a7696b1a730b888cf34251395a7e13d938d87f3720eca3e989d8a24f0a3451a6c12e134fda00a78ca4e393e1c7983f67c1292ae451465e2726d9d5464f0944d6248f8be7106c441b2b7fadff735dc91161d5cdae0d714ea5039c73703981936c01cf2c7d2e4912d428bcd766b1cd7f9ab1f13ccc1b70882598ed5db908d4861f53c18ba6afbd5829b801d50dbade208b5726b8f396b05&scope=&scopeName=All+repos>, > it seems that it is only actually *called* on the kube-apiserver side, so > Prometheus should not encounter any of it, but don't take my word for it. > > I am curious now, can you share why you are interested in go-restful? 😄 > > Best, > Matthias > > > > On Fri, Feb 10, 2023 at 9:59 AM Gavin <[email protected]> wrote: > >> Hello Prometheus team, >> >> May I have a question about how Prometheus uses go-restful ? >> >> We are using Prometheus 2.38.0 and from the binary, we can see go-restful >> is compiled. >> >> $go version -m prometheus |grep go-restful >> dep github.com/emicklei/go-restful >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-93b88ba1585bcc50&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful> >> v2.16.0+incompatible h1:rgqiKNjTnFQA6kkhFe16D8epTksy9HQ1MyrbDXSdYhM= >> >> I did grep on Prometheus source code, and failed to find where go-restful >> is invoked, 'go mod why', 'go mod graph' and 'go list 'don't help much >> either. >> >> prometheus $ [v2.38.0] [] $ go mod graph |grep go-restful >> >> github.com/prometheus/prometheus >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-c33587582a4a88bd&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Fprometheus%2Fprometheus> >> github.com/emicklei/[email protected]+incompatible >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-393d0419c214a867&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v2.16.0%2Bincompatible> >> >> k8s.io/[email protected] >> github.com/emicklei/[email protected]+incompatible >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-55c83c6042a445e0&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v2.9.5%2Bincompatible> >> >> k8s.io/[email protected] >> github.com/emicklei/[email protected] >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-1574f85b7eb8631a&q=1&e=0b06f888-fcaa-4df9-97aa-bff71ddd877f&u=http%3A%2F%2Fgithub.com%2Femicklei%2Fgo-restful%40v0.0.0-20170410110728-ff4f55a20633> >> >> It would be highly appreciated if you could pinpoint why/where go-restful >> is used. >> >> Thanks! >> >> BRs >> >> /Gavin >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-developers/9c7b9160-b8ce-42cd-bf78-1d0ee48ed638n%40googlegroups.com >> <https://groups.google.com/d/msgid/prometheus-developers/9c7b9160-b8ce-42cd-bf78-1d0ee48ed638n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gYk7BFQHaHtffU1Ze4ztrd-5O7%2BMKFnXXLdz5V5LJjDvQ%40mail.gmail.com > <https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gYk7BFQHaHtffU1Ze4ztrd-5O7%2BMKFnXXLdz5V5LJjDvQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Tristan Colgate-McFarlane ---- -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAPGZSG%2Bg8H6-%3DRJJ2nkuZrEpAEUWMPZQbNTyQcTE_EX1-7TOQg%40mail.gmail.com.
