Pull Request Explorer

Summary

Fix RBAC Terraform provisioning guidance

Corrects documentation for Terraform RBAC provisioning, clarifying that basic roles cannot be assigned via grafana_role_assignment and providing proper guidance.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Split Migrate stat-card components into separate files

Refactors provisioning UI components for cleaner structure, improving maintainability without changing user experience.

Health Assessment

• • Single commit with no review, indicating low complexity and quick turnaround.

Summary

Fix privilege escalation in IAM K8s role API

Removes a critical privilege escalation vulnerability in the IAM K8s role API, preventing unauthorized escalation of permissions.

Health Assessment

• • The PR addressed a critical security flaw, required multiple iterations and extended review time, indicating high complexity and risk. The addition of comprehensive tests helped lock the behavior.

Summary

Health Assessment

Summary

Resolve built‑in Grafana datasource type lookup

This change resolves a critical RBAC provisioning issue that caused failures for global roles. By directly returning the built‑in Grafana datasource type, it ensures consistent role grants across all organizations.

Health Assessment

• • The PR was merged quickly with a single commit and one review, indicating a straightforward, low‑risk fix.

Summary

Open alert rule drawer from panel menu

Allows users to create alert rules directly from the dashboard panel menu via an inline drawer, improving consistency and reducing navigation friction.

Health Assessment

• • Fast review and minimal rework led to a smooth merge after a 4‑day cycle, with a moderate code change that improved user experience by keeping users on the dashboard.

Summary

Migrate dashboards-issue-add-label to GATB

Switches CI workflow to use GitHub App Token Broker, improving security and simplifying secret management.

Health Assessment

• • Quick review and single commit indicate a straightforward change; long cycle time reflects scheduling rather than complexity.

Summary

Apply security patches for June 2nd release

Fixes multiple security vulnerabilities in Loki and Tempo data sources, improving system integrity.

Health Assessment

• • Rapid merge after single review indicates high confidence in patches.

Summary

Apply patches for June 2nd release

Security patches for Grafana release 12.2.9

Health Assessment

• • Fast review and merge, likely due to security patch urgency

Summary

Apply security patches for June 2nd release

Fixes multiple security vulnerabilities in Loki and Tempo data sources, strengthening system integrity and protecting user data.

Health Assessment

• • Rapid review and merge (1 h cycle time) indicate high confidence in patch quality and minimal impact on existing functionality.

Summary

Apply security patches for June 2nd release

This PR applies critical security fixes across multiple data sources and UI components, ensuring system integrity and compliance.

Health Assessment

• • Rapid merge after a single review indicates high confidence in the applied security patches.

Summary

Apply security patches for June 2nd release

Fixes multiple security vulnerabilities across Grafana components, ensuring safer user interactions.

Health Assessment

• • Rapid review and merge indicate high confidence in patch quality and low risk.

Summary

Migrate alerting-update-module workflow to GATB

Simplifies the alerting module update by replacing a two‑step vault secret fetch with a single GitHub App Token Broker call, reducing complexity and improving reliability.

Health Assessment

• • Fast review and merge with minimal changes to CI workflow, indicating low complexity and risk.

Summary

Add Basic Role Aggregator for ST mode-5

Adds a basic role aggregator to align with enterprise code, enabling role‑based access control enhancements for ST mode‑5.

Health Assessment

• • PR had a long cycle time with a delayed first review, but minimal back‑and‑forth discussion and a moderate number of commits after the review.

Summary

Increase service account token query limit

Allows users with more than 300 tokens to retrieve all tokens via UI/API until pagination endpoint is added.

Health Assessment

• • Long review and merge cycle indicates low priority or slow process; small scope change with minimal risk.

Summary

Inline receiver conversion in GetAlertmanagerConfig

Improves alert manager configuration validation by folding conversion logic directly into the core function, enabling faster failure detection and accurate mapping of receiver formats.

Health Assessment

• • The PR experienced a prolonged review period (~9 days) but required minimal rework, indicating a complex but ultimately straightforward change.

Summary

Fix toast spam on silence matcher regex

Reduces error notifications for users typing invalid regexes in silence creation form, improving UX.

Health Assessment

• • Long review cycle indicates low priority or blocker; PR resolved after a single review with minimal changes.

Summary

Pin Grafana GitHub Actions to SHA for signed commits

Ensures backport commits are signed and fixes broken backport on main by pinning action to a specific SHA.

Health Assessment

• • The PR was a simple CI workflow tweak with a single review and quick commit, but the overall cycle time was extended, likely due to scheduling or other external factors.

Summary

Improve dashboard validator app logging

Adds detailed datasource context to logs during dashboard validation, enhancing observability and debugging for users.

Health Assessment

• • The PR received a single AI‑assisted review and merged within 3.8 days, indicating a smooth, low‑risk change.

Summary

Fix silence button visibility for alert.silences permission

Users with fine‑grained silence permission now see the Add Silence button, improving usability for admins assigning specific RBAC permissions.

Health Assessment

• • Quick approval with minimal changes indicates low complexity and high confidence in the fix.

Summary

Disable mmap for bulk backend parquet reader

Fixes crash after upgrade by disabling memory mapping for bulk parquet reads, improving stability.

Health Assessment

• • Quick fix with minimal changes, merged within 1.5 hours, indicating low complexity and high confidence.

Summary

Disable mmap for parquet reader to fix Windows startup

Fixes Windows startup failure by disabling memory-mapped I/O in the parquet reader used during SQLite migration, ensuring cross‑platform compatibility.

Health Assessment

• • Quick fix with minimal changes, approved within 0.4h, no rework.

Summary

Health Assessment

Summary

Download translations from Crowdin

Automatically pulls updated translations from Crowdin into Grafana, ensuring localized content stays current.

Health Assessment

• • The PR was merged quickly with minimal review, indicating an automated process and low complexity despite large file changes.

Summary

Reject duplicate deprecated internal IDs in storage

Prevents duplicate legacy IDs that caused API errors, improving reliability of dashboard data.

Health Assessment

• • Fast cycle time and single review round indicate efficient resolution of a critical API error.

Summary

Reject HTTP URLs with Tokens in Provisioning

Prevents credential leakage by rejecting insecure HTTP URLs when a token is present, ensuring secure provisioning in production.

Health Assessment

• • Fast review and merge with minimal iterations, indicating low complexity and high confidence in the fix.

Summary

Guard null condition params in alert rule view

Prevents crashes when viewing alert rules with null parameters, improving stability and reducing alerting errors.

Health Assessment

• • Quick fix with minimal changes, fast review and merge, low risk.

Summary

Add apimachinery validators and slash-separated KV layout

Improves validation consistency by using Kubernetes apimachinery validators and simplifies KV path layout, reducing parsing complexity and potential errors.

Health Assessment

• • Fast review and merge with minimal rework, indicating a clear, low-complexity change.

Summary

Add fuzz tests for storage parsers and validators

Enhances reliability of unified storage by adding fuzz tests for pagination tokens, key parsing, and snapshot validation, uncovering a timestamp parsing bug.

Health Assessment

• • PR was merged within 5.4 hours after a single 1.1‑hour review, with no rework, indicating a straightforward test addition with minimal risk.

Summary

Add spec scaffolding for Commit & PR Conventions

Spec-only changes adding fields for commit and PR conventions, enabling future workflow enhancements.

Health Assessment

• • Fast review and merge with minimal iterations, but large code changes suggest moderate risk.

Summary

Remove kubernetesDashboards feature toggle

Eliminates hardcoded kubernetesDashboards flag, simplifying configuration and reducing risk of unintended feature exposure.

Health Assessment

• • Quick review and merge within 5 hours, minimal changes, low risk.

Summary

Add knip linting for plugins

Adds automated knip linting to the CI pipeline for Grafana plugins, helping developers catch regressions before release.

Health Assessment

• • Quick merge with minimal changes indicates low complexity and high confidence in the CI update.

Summary

Add queryHistory feature flags

Adds two experimental feature flags to gate local query history storage and UI, enabling developers to toggle new functionality before GA.

Health Assessment

• • PR had a single review and quick merge after a few commits, indicating straightforward implementation.

Summary

Upgrade yaml dependencies for security fix

Bumps yaml to address CVE-2026-33532, ensuring secure dependencies for all users.

Health Assessment

• • Quick review and single iteration, minimal risk, but large line changes due to lock file update.

Summary

Limit recursion in dashboard summary computation

Reduces processing overhead and log noise caused by malformed dashboard inputs, improving search performance.

Health Assessment

• • Quick resolution with minimal rework, indicating a straightforward bug fix.

Summary

Add KV-backed RemoteIndexStore for search indexing

Provides a KV-backed implementation of RemoteIndexStore, enabling snapshot storage in KV for search indexing, improving reliability and testability.

Health Assessment

• • PR merged after ~28h with moderate review activity; large code addition but single commit indicates a straightforward implementation.

Summary

Add replay protection for GitHub provisioning webhooks

Prevents duplicate GitHub webhook events from re-enqueuing sync jobs, improving reliability and security.

Health Assessment

• • Fast cycle time and minimal review rounds indicate smooth integration; backport required only minor conflict resolution.

Summary

Block Viewers from Alert Group edit route

Fixes a frontend RBAC gap on the Alert Group edit route, preventing viewers from accessing the edit UI and improving user experience.

Health Assessment

• • Quick fix with minimal changes, resolved in under a day with a single review.

Summary

Add provisioned dashboard import flow

Users can now import dashboards into Git‑provisioned folders, streamlining configuration and ensuring unique file paths.

Health Assessment

• • The PR had a long cycle time with many commits after the first review, indicating significant rework and complexity. The feature adds substantial new UI and logic for provisioning dashboards, requiring careful testing.

Summary

Clean up nested background service managers on startup failure

Improves system stability by ensuring proper cleanup of nested background services during startup failures, preventing flaky behavior and potential resource leaks.

Health Assessment

• • Quick, low‑impact fix with minimal code churn and no new features.

Summary

Change owner of generated feature flag files to grafanabot

Updates the owner of generated OpenFeature frontend files to @grafanabot, avoiding unnecessary review tags for Frontend Platform.

Health Assessment

• • Quick change with minimal review, indicating low complexity and risk.

Summary

Upgrade file-type to 21.3.1

This PR updates the file-type library to patch CVE-2026-31808, ensuring all Grafana users remain secure.

Health Assessment

• • The PR was reviewed quickly and merged within a day, indicating low complexity and risk.

Summary

Run knip against Azure Monitor datasource

Clean up dead code and dependencies for Grafana developers, improving code quality and maintainability.

Health Assessment

• • The PR had a long review time and required multiple commits, indicating moderate complexity and some friction in the review process.
• • The change touches many frontend files and a workflow, reflecting a sizable refactor of the Azure Monitor datasource code.

Summary

Run knip against Loki datasource

Adds knip linting to the Loki datasource to clean up dead code and dependencies, improving maintainability for Grafana developers.

Health Assessment

• • PR took over a day to review but had minimal rework, indicating a straightforward change with moderate review delay.

Summary

Add replay protection for GitHub provisioning webhooks

Adds a short‑lived cache keyed on the validated signature to prevent replayed GitHub webhook requests, reducing duplicate sync jobs and hardening security.

Health Assessment

• • The PR involved multiple AI‑generated code changes and several review rounds, indicating a complex security enhancement that required careful iteration. The moderate cycle time and high number of commits after the first review suggest significant rework, but the final merge was achieved within a reasonable timeframe.

Summary

Update CI to flag decoupled plugins as backend

The CI workflow now treats decoupled plugins as backend code, ensuring compatibility checks flag them appropriately.

Health Assessment

• • Quick review and merge indicate a straightforward change with minimal risk.

Summary

Remove unused id-token write permissions from workflow

Reduces privilege scope for CI jobs, improving security by limiting token usage.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Run knip against Tempo datasource

Adds a static analysis check to the Tempo datasource, cleaning dead code and dependencies for Grafana developers.

Health Assessment

• • Fast cycle time and minimal review rounds indicate smooth integration.

Summary

Pass commit message for managed-resource writes

Ensures non-empty commit messages for dashboard API writes, preventing HTTP 500 errors and improving auditability.

Health Assessment

• • Rapid review and merge indicates a straightforward bug fix with minimal impact.

Summary

Health Assessment