chore(deps): bump github.com/prometheus/common from 0.62.0 to 0.63.0

[dependabot]

Bumps github.com/prometheus/common from 0.62.0 to 0.63.0.

Release notes

Sourced from github.com/prometheus/common's releases.

v0.63.0

What's Changed

• Making the map a public variable for promtheus-operator by @​dongjiang1989 in prometheus/common#741
• setup ossf scorecard and codeql workflows by @​mmorel-35 in prometheus/common#564
• feat(promslog): implement reserved keys, rename duplicates by @​tjhop in prometheus/common#746
• Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 by @​dependabot in prometheus/common#750
• Bump golang.org/x/net from 0.33.0 to 0.34.0 by @​dependabot in prometheus/common#749
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by @​dependabot in prometheus/common#751
• promslog: Make AllowedLevel concurrency safe. by @​bwplotka in prometheus/common#754
• Fix typo 'the an' by @​petern48 in prometheus/common#752
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#757
• build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in prometheus/common#756
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot in prometheus/common#761
• build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @​dependabot in prometheus/common#763
• build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 by @​dependabot in prometheus/common#762
• model: Clarify the purpose of model.NameValidationScheme by @​ywwg in prometheus/common#765
• Fix spelling mistake in godoc by @​grobinson-grafana in prometheus/common#766
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#767
• otlptranslator: Add dependency free package that translates OTLP data into Prometheus metric/label names by @​ArthurSens in prometheus/common#768

New Contributors

• @​dongjiang1989 made their first contribution in prometheus/common#741
• @​petern48 made their first contribution in prometheus/common#752

Full Changelog: prometheus/common@v0.62.0...v0.63.0

Commits

• cf3c56f Merge pull request #768 from prometheus/otlp-translator
• b35ad99 Add test case for BuildCompliantMetricName with a metric that starts with a d...
• 227989c otlptranslator: Add dependency free package that translator OTLP data into Pr...
• a9cc7f7 Update common Prometheus files (#767)
• 0decf1f Fix spelling mistake in godoc (#766)
• 6b9636c model: Clarify the purpose of model.NameValidationScheme (#765)
• 56f6f38 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 (#762)
• b516f6d build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#763)
• 0db99da build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 (#761)
• ca40aa0 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#756)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

go.mod

Name	Version	Vulnerability	Severity
golang.org/x/net	0.35.0	HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net	moderate

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/net	0.35.0	Null	Unknown License
golang.org/x/sys	0.30.0	Null	Unknown License
golang.org/x/term	0.29.0	Null	Unknown License
google.golang.org/protobuf	1.36.5	Null	Unknown License

Allowed Licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, CC0-1.0, ISC, MIT, MPL-2.0, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
gomod/golang.org/x/net	0.35.0	Unknown	Unknown
gomod/github.com/google/go-cmp	0.7.0	🟢 8.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 1 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 4 Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/prometheus/common	0.63.0	🟢 8.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 25 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
gomod/golang.org/x/sys	0.30.0	Unknown	Unknown
gomod/golang.org/x/term	0.29.0	Unknown	Unknown
gomod/google.golang.org/protobuf	1.36.5	Unknown	Unknown

Scanned Files

• go.mod