Update dependency prom-client to v15

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
prom-client	^14.0.0 → ^15.0.0

---

Release Notes

siimon/prom-client (prom-client)

v15.1.3

Compare Source

Changed

• Improve error message when number of registered labels mismatch with the number of labels provided

v15.1.2

Compare Source

Changed

• Add Registry.PROMETHEUS_CONTENT_TYPE and Registry.OPENMETRICS_CONTENT_TYPE constants to the TypeScript types
• Correctly read and set contentType top level export

Added

• Enable bun.js by catching NotImplemented error (Fixes #​570)

v15.1.1

Compare Source

Changed

• Improve the memory usage of histograms when the enableExemplars option is disabled
• fix: Avoid updating exemplar values during subsequent metric changes (Fixes #​616)

v15.1.0

Compare Source

Changed

• remove unnecessary loop from osMemoryHeapLinux
• Improve performance of hashObject by using pre-sorted array of label names
• Fix type of collectDefaultMetrics.metricsList

Added

• Allow Pushgateway to now require job names for compatibility with Gravel Gateway.
• Allow histogram.startTime() to be used with exemplars.

v15.0.0

Compare Source

Changed

• remove unnecessary loop from osMemoryHeapLinux
• Improve performance of hashObject by using pre-sorted array of label names
• Fix type of collectDefaultMetrics.metricsList

Added

• Allow Pushgateway to now require job names for compatibility with Gravel Gateway.
• Allow histogram.startTime() to be used with exemplars.

v14.2.0

Compare Source

Breaking

• drop support for Node.js versions 10, 12, 14, 17 and 19

Changed

• Refactor histogram internals and provide a fast path for rendering metrics to
  Prometheus strings when there are many labels shared across different values.
• Disable custom content encoding for pushgateway delete requests in order to
  avoid failures from the server when using Content-Encoding: gzip header.
• Refactor escapeString helper in lib/registry.js to improve performance and
  avoid an unnecessarily complex regex.
• Cleanup code and refactor to be more efficient
• Correct TS types for working with OpenMetrics
• Updated Typescript and Readme docs for setToCurrentTime() to reflect units as seconds.
• Do not ignore error if request to pushgateway fails
• Make sure to reject the request to pushgateway if it times out

Added

• Support for OpenMetrics and Exemplars

v14.1.1

Compare Source

Changed

• Refactor getMetricAsPrometheusString method in the Registry class to use Array.prototype.join
  instead of loop of string concatenations.
• Also use Array.prototype.map, and object spread instead of an explicit for loop
• changed: updated the sample output in example/default-metrics.js
• summary metrics now has a pruneAgedBuckets config parameter
  to remove entries without any new values in the last maxAgeSeconds.
  Default is false (old behavior)

Added

• Add get method to type definitions of metric classes

v14.1.0

Compare Source

Changed

• Increase compatibility with external build system such as rollup by making perf_hooks optional in gc.js

v14.0.1

Compare Source

Changed

• types: converted all the generic Metric types to be optional

• The done() functions returned by gauge.startTimer() and
  summary.startTimer() now return the timed duration. Histograms already had
  this behavior.

• types: fixed type for registry.getMetricsAsArray()

• Improve performance of gague.inc() and gauge.dec() by calling hashObject() once.

Added

• The processResources metric was added, which keeps a track of all sorts of
  active resources. It consists of the following gauges:

  • nodejs_active_resources - Number of active resources that are currently
    keeping the event loop alive, grouped by async resource type.
  • nodejs_active_resources_total - Total number of active resources.
    It is supposed to provide the combined result of the processHandles and
    processRequests metrics along with information about any other types of
    async resources that these metrics do not keep a track of (like timers).

• Support gzipped pushgateway requests

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	prom-client@​14.0.0 ⏵ 15.1.3

View full report

[stepsecurity-app]

Security Policy Alert: Compromised Actions Detected

This workflow run has been blocked by StepSecurity's compromised actions policy because it uses actions that have been identified as compromised or malicious.

Compromised Actions Detected:

• aquasecurity/trivy-action@master

To fix this issue, please remove or replace these actions with trusted alternatives. These actions have been flagged as compromised and may pose a security risk to your workflows.

For more information, see StepSecurity's Compromised Actions Policy documentation.