Bump the grafana-dependencies group with 3 updates
Open
Number: #87
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Contributor
Comments: 0
dependabot[bot]Association: Contributor
Comments: 0
Created:
July 17, 2025 at 02:02 PM UTC
(4 months ago)
(4 months ago)
Updated:
July 17, 2025 at 02:02 PM UTC
(4 months ago)
(4 months ago)
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps the grafana-dependencies group with 3 updates: @grafana/data, @grafana/runtime and @grafana/ui.
Updates @grafana/data from 12.0.0 to 12.0.2
Release notes
Sourced from @grafana/data's releases.
12.0.2
Download page What's new highlights
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
12.0.1
Download page What's new highlights
Features and enhancements
- Chore: Bump Go version to 1.24.3 #105101,
@macabu- Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12 #105368,
@macabu- Dependencies: Unpin and bump github.com/getkin/kin-openapi from v0.126.0 to v0.132.0 #105249,
@macabu- K8s: Dashboards: Add fine grained access control checks to /apis #104419,
@stephaniehingtgenBug fixes
- Dashboard: Fix Panel Explore link subpath duplication (#104952) #105056,
@axelavargas- Dashboard: Fixes issue with row repeats and first row #104469,
@torkelo- Graphite: Ensure template variables are interpolated correctly #105389,
@aangelisc- Graphite: Fix Graphite series interpolation #104516,
@aangelisc- InfluxDB: Fix nested variable interpolation #104176,
@aangelisc- MetricsDrilldown: Restore link to Metrics Drilldown from Explore #104073,
@NWRichmond- NestedFolderPicker: Fix scroll jumps back to top #105769,
@samsch- Preferences: Disable the save button whilst saving preferences #105612,
@ashharrison90- Prometheus: Fix semver import path #104945,
@jackw- Themes: Prevent duplicated API call in drawer #105611,
@ashharrison90- XYChart: Coerce threshold steps to numbers #104492,
@leeoniya- Security: Fix CVE-2025-3454
- Security: Fix CVE-2025-2703
12.0.1+security-01
Download page What's new highlights
Bug fixes
... (truncated)
Changelog
Sourced from @grafana/data's changelog.
12.0.2 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
11.6.3 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.5.6 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.4.6 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106569,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106119,
@macabuBug fixes
- Security: Fixes CVE-2025-3415
... (truncated)
Commits
7726a96Release: 12.0.1 (#105909)44cfb7cChore: Update version inrelease-12.0.1branch (#104061)- See full diff in compare view
Updates @grafana/runtime from 12.0.0 to 12.0.2
Release notes
Sourced from @grafana/runtime's releases.
12.0.2
Download page What's new highlights
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
12.0.1
Download page What's new highlights
Features and enhancements
- Chore: Bump Go version to 1.24.3 #105101,
@macabu- Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12 #105368,
@macabu- Dependencies: Unpin and bump github.com/getkin/kin-openapi from v0.126.0 to v0.132.0 #105249,
@macabu- K8s: Dashboards: Add fine grained access control checks to /apis #104419,
@stephaniehingtgenBug fixes
- Dashboard: Fix Panel Explore link subpath duplication (#104952) #105056,
@axelavargas- Dashboard: Fixes issue with row repeats and first row #104469,
@torkelo- Graphite: Ensure template variables are interpolated correctly #105389,
@aangelisc- Graphite: Fix Graphite series interpolation #104516,
@aangelisc- InfluxDB: Fix nested variable interpolation #104176,
@aangelisc- MetricsDrilldown: Restore link to Metrics Drilldown from Explore #104073,
@NWRichmond- NestedFolderPicker: Fix scroll jumps back to top #105769,
@samsch- Preferences: Disable the save button whilst saving preferences #105612,
@ashharrison90- Prometheus: Fix semver import path #104945,
@jackw- Themes: Prevent duplicated API call in drawer #105611,
@ashharrison90- XYChart: Coerce threshold steps to numbers #104492,
@leeoniya- Security: Fix CVE-2025-3454
- Security: Fix CVE-2025-2703
12.0.1+security-01
Download page What's new highlights
Bug fixes
... (truncated)
Changelog
Sourced from @grafana/runtime's changelog.
12.0.2 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
11.6.3 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.5.6 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.4.6 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106569,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106119,
@macabuBug fixes
- Security: Fixes CVE-2025-3415
... (truncated)
Commits
7726a96Release: 12.0.1 (#105909)44cfb7cChore: Update version inrelease-12.0.1branch (#104061)- See full diff in compare view
Updates @grafana/ui from 12.0.0 to 12.0.2
Release notes
Sourced from @grafana/ui's releases.
12.0.2
Download page What's new highlights
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
12.0.1
Download page What's new highlights
Features and enhancements
- Chore: Bump Go version to 1.24.3 #105101,
@macabu- Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12 #105368,
@macabu- Dependencies: Unpin and bump github.com/getkin/kin-openapi from v0.126.0 to v0.132.0 #105249,
@macabu- K8s: Dashboards: Add fine grained access control checks to /apis #104419,
@stephaniehingtgenBug fixes
- Dashboard: Fix Panel Explore link subpath duplication (#104952) #105056,
@axelavargas- Dashboard: Fixes issue with row repeats and first row #104469,
@torkelo- Graphite: Ensure template variables are interpolated correctly #105389,
@aangelisc- Graphite: Fix Graphite series interpolation #104516,
@aangelisc- InfluxDB: Fix nested variable interpolation #104176,
@aangelisc- MetricsDrilldown: Restore link to Metrics Drilldown from Explore #104073,
@NWRichmond- NestedFolderPicker: Fix scroll jumps back to top #105769,
@samsch- Preferences: Disable the save button whilst saving preferences #105612,
@ashharrison90- Prometheus: Fix semver import path #104945,
@jackw- Themes: Prevent duplicated API call in drawer #105611,
@ashharrison90- XYChart: Coerce threshold steps to numbers #104492,
@leeoniya- Security: Fix CVE-2025-3454
- Security: Fix CVE-2025-2703
12.0.1+security-01
Download page What's new highlights
Bug fixes
... (truncated)
Changelog
Sourced from @grafana/ui's changelog.
12.0.2 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106565,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106116,
@macabu- Storage: Take
migration_lockingsetting into account #105951,@JohnnyQQQQBug fixes
- Alerting: Fix $value type when single data source is queried #106101,
@alexander-akhmetov- Alerting: Fix group-level labels and query_offset in the import API #106392,
@alexander-akhmetov- Azure: Fix Application Insights metadata requests #105838,
@aangelisc- Org: Fix org deletion #106461,
@stephaniehingtgen- Security: Fixes CVE-2025-3415
11.6.3 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.5.6 (2025-06-17)
Bug fixes
- Security: Fixes CVE-2025-3415
11.4.6 (2025-06-17)
Features and enhancements
- Dependencies: Bump Go to v1.24.4 #106569,
@macabu- Dependencies: Bump github.com/openfga/openfga to v1.8.13 to address CVE-2025-48371 #106119,
@macabuBug fixes
- Security: Fixes CVE-2025-3415
... (truncated)
Commits
54200ca[release-12.0.1] TableNG: Fix sub table styles + expand/collapse (#104322)7726a96Release: 12.0.1 (#105909)076b525[release-12.0.1] TableNG: Fix filtering bug (#105693)5906e2f[release-12.0.1] TableNG: Filter and sort sub tables (#105043)6f806cb[release-12.0.1] TableNG: Align sparkline value correctly (#105013)9357bda[release-12.0.1] TableNG: Always use correct original row index (#104962)6db7f10[release-12.0.1] TableNG: Fix sparkline sorting + column key config (#104955)2e4020a[release 12.0.1] TableNG: Use correct row index for background colour calcula...5f3107c[Release 12.0.1] TableNG: Fix interpolation for actions (#104577) (#104799)835516f[release-12.0.1] DataLinks: Long link title wrapping (#104383)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Pull Request Statistics
Commits:
0
0
Files Changed:
0
0
Additions:
+0
+0
Deletions:
-0
-0
Package Dependencies
Security Advisories
Grafana's datasource proxy API allows authorization checks to be bypassed
GHSA-9j65-rv5x-4vrf
CVE-2025-3454
MODERATE
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.
Users with minimal permissions could gain unauth...
OpenFGA Authorization Bypass
GHSA-c72g-53hw-82q7
CVE-2025-48371
MODERATE
### Overview
OpenFGA v1.8.0 to v1.8.12 ( openfga-0.2.16 <= Helm chart <= openfga-0.2.31, v1.8.0 <= docker <= v.1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls...
Technical Details
| ID: | 3518977 |
| UUID: | 2674088793 |
| Node ID: | PR_kwDOIZBN9M6fY1tZ |
| Host: | GitHub |
| Repository: | grafana/grafana-async-query-data-js |