* Chore: Bump golang.org/x/net to v0.36.0
* Chore: Use github.com/moby/moby version 27.5.1 instead of 26.0.0
* Chore: Bump github.com/ua-parser/uap-go to v0.0.0-20250213224047-9c035f085b90
* Chore: Bump github.com/grpc-ecosystem/go-grpc-middleware/v2 to fix 32-bit overflow issue
* feat(featuremgmt): introduce feature toggle for enabling sri checks
* feat(frontend): use assetSriChecks feature toggle to inject integrity hash into script tags
* chore(webpack): align sri algorithms across dev and prod builds
* docs(featuremgmt): update assetSriChecks to pass CI
* docs(featuremgmt): fix more spelling complaints with assetSriChecks
* Add crossorigin attribute
* chore(webpack): add subresource-integrity plugin
* build(webpack): wrap webpack jsonp loader integrity checks in feature flag checks
* revert(index.html): remove crossorigin attribute if assertSriChecks is disabled
---------
Co-authored-by: Kristian Bremberg <kristian.bremberg@grafana.com>
* feat(grafana-ui): build unstable entrypoint for experimental components
* feat(plugins): expose grafana/ui/unstable
* build(grafana-ui): add rollup plugin to create alias package.json for unstable entrypoint
* build(packages): rewrite prepare npm script to generate alias packagejson files
* chore(packages): use relative paths in publishConfig for exports generation
* chore(frontend): move npmcli/package-json package to root package.json
* revert(grafana-ui): remove rollup plugin for generating alias package.json files
* chore(grafana-ui): clean up unstable directory postpack to prevent yarn lock issues
* build(packages): fix scope for pkgName usage
* feat(packages): create separate cjs and esm builds that validate with arethetypeswrong cli
* chore(yarn): refresh lock file
* fix(packages): make sure alias package.jsons point to existing files
* Remove the unused `release_publisher` script.
* Remove the "whats new check" in Drone.
* Automatically set the What's New URL in releases based on the tagged version.
* adjut quickRanges type in v2
* clean up unused time_options property
* remove deprecated time_options property on time picker
* add schema migration for time_options
* adjust test
* Chore: pin tonistiigi/binfmt version
* change version to qemu-v7.0.0-28
* uninstall first, log version
* uninstall first, log version
* uninstall first, log version
* E2E: Add tasks for new reporting tests
* try to switch to pdf-parse
* fix pdf comparison
* add log
* increase threshold
* clean up
* apply review feedback
* improve logs + fix local setup for reporting
* format
* Chore: Bump Go to 1.23.4
This is done in preparation of updating the App SDK library we import, as it has bumped its Go version to 1.23.4 as well.
* Chore: make update-workspace
* Fix: MySQL integration tests don't need to verify CA
The _better_ solution here is to use our own, custom CA certificate. But there is also no real problem in risking a MITM
attack here as it's just test code, with no sensitive data, and it's ran on our own infra (so if we have a MITM problem,
we have even bigger issues...).
* Chore: make drone
* Chore: buildifier format
* Removes integration tests for MySQL 5.7 since it is EOL
Signed-off-by: Bruno Abrantes <bruno@brunoabrantes.com>
* Remake drone.yml
Signed-off-by: Bruno Abrantes <bruno@brunoabrantes.com>
---------
Signed-off-by: Bruno Abrantes <bruno@brunoabrantes.com>
* build(webpack): add a stats config and build:stats script for analysing bundles locally
* chore(yarn): dedupe lock file
* feat(webpack): use bundle analyser by default, env vars for additional plugins
* build(typescript): switch module resolution to bundler for exports imports goodness
* chore: bump react-calendar and temp patch prometheus-io package
* Wip
* feat(decoupled-plugin): fix types errors in tests by including testing-library/jest-dom
* chore(betterer): pass custom tsconfig so betterer continues to run
* Add basic usage of K8s API for notification policies
* Add permissions checks for navtree for routes
* Add and update permissions for routing tree logic
* Add capability to skip calling contact points hook
* Conditionally show list of mute timings depending on permissions
* Conditionally link to mute timings if user can see at least one
* Add work in progress k8s handlers for routing tree
* Update notification policy hooks
* Wire up policies to permissions better (conditionally calling APIs)
* Add additional checks for whether to show grafana AM
* Add permission checks to access control
* Remove accidental permissions after rebase
* Update types and const for k8s routes
* Improve statefulness and reset routing tree in tests
* Update notif policy tests to check k8s and config API
* Fix type assertion
* Move non-grafana test out of .each
* Make failure case safer
* Override tag invalidation for notification policies API
* Pass in error and add new error alert component
* Add basic mock server conflict check
* Add test to check user can save after a conflict
* Add logic to allow reloading policies if changed by another user
* Fix test
* Update translations in Modals
* Add ViewAlertGroups ability
* Tweak provisioning logic and memoize AM config response
* Update snapshots for useAbilities
* Update result destructure
* Use enums for provenance in routingtrees
* Use consistent memoisation
* Fix _metadata for vanilla AM
* useAsync for error / update state
* move k8s api error handling to separate file
* use cause for error codes
* Use `supported` bools from Alertmanager abilities and clarify default policy
---------
Co-authored-by: Konrad Lalik <konrad.lalik@grafana.com>
Co-authored-by: Gilles De Mey <gilles.de.mey@gmail.com>
* Add github app token generation in pipelines that use GITHUB_TOKEN
* ci?
* clone gh repo using x-access-token user
* address linting issues
* use mounted volume for exporting token
* remove unused github_token env var swagger gen step
* replace pat on release_pr pipepline
* cleanup GH PAT references
* linting
* Update scripts/drone/steps/lib.star
* make drone
---------
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
