Affected by GO-2026-5381
and 2 other vulnerabilities
GO-2026-5381: Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus
GO-2026-5662: Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus
GO-2026-5710: Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus
NewRoundTripper creates a round tripper that adds Google Cloud Monitoring authorization to calls
using either a credentials file or the default credentials.