fix(deps): update github.com/grafana/loki digest to 3555001 [security] (release-2.9.x)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/grafana/loki	require	digest	4e4359e -> 3555001
github.com/grafana/loki	require	digest	90888a0 -> 3555001

GitHub Vulnerability Alerts

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: tools/lambda-promtail/go.sum

Command failed: go mod tidy
go: finding module for package github.com/googleapis/gnostic/openapiv2
go: finding module for package k8s.io/apimachinery/pkg/util/clock
go: found github.com/googleapis/gnostic/openapiv2 in github.com/googleapis/gnostic v0.7.0
go: main/lambda-promtail imports
	github.com/grafana/loki/pkg/logproto imports
	github.com/grafana/loki/pkg/querier/plan imports
	github.com/grafana/loki/pkg/logql/syntax imports
	github.com/prometheus/prometheus/promql imports
	github.com/prometheus/prometheus/util/teststorage imports
	github.com/prometheus/prometheus/tsdb imports
	github.com/prometheus/prometheus/config tested by
	github.com/prometheus/prometheus/config.test imports
	github.com/prometheus/prometheus/discovery/kubernetes imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/discovery imports
	github.com/googleapis/gnostic/openapiv2: github.com/googleapis/[email protected]: parsing go.mod:
	module declares its path as: github.com/google/gnostic
	        but was required as: github.com/googleapis/gnostic

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for the github.com/grafana/loki 3555001 update again.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.