fix(deps): update github.com/grafana/loki digest to f67fff3 [security] (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/grafana/loki	require	digest	4e4359e -> f67fff3
github.com/grafana/loki	require	digest	90888a0 -> f67fff3

GitHub Vulnerability Alerts

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Trivy scan found the following vulnerabilities:

• HIGH openssl: Incorrect cipher key and IV length processing in libcrypto3 v3.1.3-r0. Fixed in v3.1.4-r0
• HIGH openssl: Incorrect cipher key and IV length processing in libssl3 v3.1.3-r0. Fixed in v3.1.4-r0

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: tools/lambda-promtail/go.sum

Command failed: go mod tidy
go: downloading github.com/google/go-cmp v0.5.9
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/alicebob/miniredis/v2 v2.30.4
go: downloading github.com/OneOfOne/xxhash v1.2.6
go: downloading github.com/spaolacci/murmur3 v1.1.0
go: downloading github.com/alicebob/miniredis v2.5.0+incompatible
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/onsi/gomega v1.24.0
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/Workiva/go-datastructures v1.1.0
go: downloading github.com/pierrec/lz4/v4 v4.1.18
go: downloading github.com/HdrHistogram/hdrhistogram-go v1.1.2
go: downloading github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a
go: downloading github.com/yuin/gopher-lua v1.1.0
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.10.0
go: downloading github.com/pascaldekloe/goe v0.1.0
go: downloading github.com/hashicorp/consul/sdk v0.14.1
go: downloading github.com/hashicorp/go-uuid v1.0.3
go: downloading github.com/nxadm/tail v1.4.8
go: downloading github.com/hashicorp/go-version v1.2.1
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/Azure/go-autorest/autorest v0.11.29
go: downloading github.com/Azure/go-autorest v14.2.0+incompatible
go: downloading github.com/Azure/go-autorest/autorest/adal v0.9.23
go: downloading github.com/digitalocean/godo v1.99.0
go: downloading github.com/hetznercloud/hcloud-go/v2 v2.0.0
go: downloading github.com/ionos-cloud/sdk-go/v6 v6.1.8
go: downloading k8s.io/api v0.28.1
go: downloading k8s.io/apimachinery v0.28.1
go: downloading k8s.io/client-go v0.21.0
go: downloading github.com/linode/linodego v1.19.0
go: downloading github.com/docker/docker v24.0.7+incompatible
go: downloading github.com/hashicorp/nomad/api v0.0.0-20230718173136-3a687930bd3e
go: downloading github.com/gophercloud/gophercloud v1.5.0
go: downloading github.com/ovh/go-ovh v1.4.1
go: downloading github.com/scaleway/scaleway-sdk-go v1.0.0-beta.20
go: downloading github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b
go: downloading github.com/vultr/govultr/v2 v2.17.2
go: downloading github.com/envoyproxy/go-control-plane v0.11.1
go: downloading github.com/envoyproxy/protoc-gen-validate v1.0.2
go: downloading github.com/go-zookeeper/zk v1.0.3
go: downloading github.com/Azure/go-autorest/autorest/date v0.3.0
go: downloading github.com/Azure/go-autorest/autorest/to v0.4.0
go: downloading github.com/Azure/go-autorest/autorest/validation v0.3.1
go: downloading github.com/Azure/go-autorest/tracing v0.6.0
go: downloading github.com/Azure/go-autorest/logger v0.2.1
go: downloading github.com/google/go-querystring v1.1.0
go: downloading github.com/google/gofuzz v1.2.0
go: downloading k8s.io/klog/v2 v2.100.1
go: downloading k8s.io/utils v0.0.0-20230711102312-30195339c3c7
go: downloading k8s.io/klog v1.0.0
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.3.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading golang.org/x/term v0.13.0
go: downloading github.com/go-resty/resty/v2 v2.7.0
go: downloading gopkg.in/ini.v1 v1.67.0
go: downloading github.com/docker/go-connections v0.4.0
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/opencontainers/image-spec v1.0.2
go: downloading github.com/docker/distribution v2.8.2+incompatible
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/gorilla/websocket v1.5.0
go: downloading github.com/hashicorp/cronexpr v1.1.2
go: downloading github.com/hashicorp/go-retryablehttp v0.7.4
go: downloading github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4
go: downloading github.com/benbjohnson/clock v1.1.0
go: downloading github.com/dnaeon/go-vcr v1.2.0
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
go: downloading cloud.google.com/go/compute/metadata v0.2.3
go: downloading cloud.google.com/go/compute v1.23.0
go: downloading sigs.k8s.io/yaml v1.3.0
go: downloading github.com/Microsoft/go-winio v0.6.1
go: downloading github.com/jmespath/go-jmespath/internal/testify v1.5.1
go: downloading k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9
go: downloading cloud.google.com/go v0.110.7
go: downloading github.com/go-openapi/jsonreference v0.20.2
go: downloading github.com/go-openapi/swag v0.22.4
go: downloading github.com/google/gnostic-models v0.6.8
go: downloading github.com/go-openapi/jsonpointer v0.20.0
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/josharian/intern v1.0.0
go: finding module for package github.com/googleapis/gnostic/openapiv2
go: finding module for package k8s.io/apimachinery/pkg/util/clock
go: downloading k8s.io/apimachinery v0.28.4
go: downloading github.com/googleapis/gnostic v0.7.0
go: found github.com/googleapis/gnostic/openapiv2 in github.com/googleapis/gnostic v0.7.0
go: main/lambda-promtail imports
	github.com/grafana/loki/pkg/logproto imports
	github.com/grafana/loki/pkg/querier/plan imports
	github.com/grafana/loki/pkg/logql/syntax imports
	github.com/prometheus/prometheus/promql imports
	github.com/prometheus/prometheus/util/teststorage imports
	github.com/prometheus/prometheus/tsdb imports
	github.com/prometheus/prometheus/config tested by
	github.com/prometheus/prometheus/config.test imports
	github.com/prometheus/prometheus/discovery/kubernetes imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/discovery imports
	github.com/googleapis/gnostic/openapiv2: github.com/googleapis/[email protected]: parsing go.mod:
	module declares its path as: github.com/google/gnostic
	        but was required as: github.com/googleapis/gnostic

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for the github.com/grafana/loki f67fff3 update again.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.