Pull Request Explorer

Summary

Grafana API clients: Replace plop generator

Replaces the legacy Plop-based generator with a lightweight Enquirer-based script, cutting dependency weight and simplifying client updates.

Health Assessment

• • The PR involved extensive refactoring of the generator with over 2,000 lines of change, but the review process was straightforward and completed within a day, indicating manageable risk for the team.

Summary

Add knip lint step to CI

Adds a lint step to catch knip regressions, improving code quality for Grafana developers.

Health Assessment

• • Fast cycle time and quick approval indicate smooth integration.

Summary

Remove unused namespacer field from FolderAPIBuilder

Clean up the Folder API builder by eliminating an unused field and related test setup, improving code clarity and reducing maintenance overhead.

Health Assessment

• • PR merged within 0.7 hours with a single commit and no review iterations, indicating a straightforward, low-risk refactor.

Summary

Require new token on provisioning URL change

Ensures that provisioning updates cannot reuse old tokens when repository URLs change, enhancing security for Grafana admins.

Health Assessment

• • Fast review and merge with minimal rework indicates a straightforward, low‑risk change.

Summary

Validate ref query parameter on provisioning endpoints

Ensures that only valid Git references are accepted by the provisioning API, preventing malformed requests from reaching backends and reducing error rates and potential security issues.

Health Assessment

• • Fast cycle time and single review round indicate a straightforward bugfix with minimal friction; the large number of added lines is largely due to comprehensive tests rather than complex logic changes.

Summary

Chore: run knip against e2e-playwright/test-plugins

Runs knip to identify and remove unused code and dependencies in the e2e-playwright/test-plugins directory, improving code hygiene for Grafana developers.

Health Assessment

• • Merged within 1.4 hours after a single review, indicating a low-risk tooling update with minimal friction.

Summary

Run knip against grafana-ui

Clean up dead code and unused dependencies in the Grafana UI codebase, improving maintainability for developers.

Health Assessment

• • Fast review and merge (18.9h cycle time) with minimal rework indicates a straightforward cleanup that posed little risk to the codebase.

Summary

Use service identity for internal k8s lookups

Ensures internal k8s user-service lookups run with a service identity, preventing unauthorized access and aligning user roles with authentication assertions, improving security and consistency.

Health Assessment

• • The PR required multiple iterations after review, indicating moderate complexity. The changes touch critical authentication flows, so thorough testing was performed.

Summary

Fix RBAC API documentation links

Corrects broken links in RBAC API docs, improving developer experience.

Health Assessment

• • Quick, single‑commit change with minimal review, indicating a low‑risk documentation fix.

Summary

Onboard frontend-platform team to notifications

Adds configuration to onboard the frontend-platform team to the community notifications system, enabling all four notification types and requiring vault admin to add Slack channel mapping.

Health Assessment

• • Quick approval with minimal changes, indicating a straightforward config update.

Summary

Fix nil pointer dereference in webhook updateLastEvent

Prevents 500 errors when a webhook is uninitialized, improving reliability of provisioning updates.

Health Assessment

• • Merged within 12 hours with a single commit and minimal review, indicating a straightforward, low‑risk fix.

Summary

Fix webhook host detection for provisioning

Improves security by correctly gating webhook registration against private and reserved IP ranges, preventing misconfiguration and potential exposure.

Health Assessment

• • Fast review and merge with minimal changes suggest low complexity and risk.

Summary

Remove GET method from webhook connector

Prevents unauthenticated callers from inferring repository existence via webhook GET requests, enhancing security.

Health Assessment

• • Quick resolution with a single commit and no back‑and‑forth, indicating a straightforward, low‑risk change.

Summary

Simplify folder integration tests

Streamlines folder integration tests by removing obsolete dual writer logic, reducing test runtime and maintenance overhead.

Health Assessment

• • Fast review and merge, minimal changes to test suite, no production code affected.

Summary

Upgrade ip-address to address CVE-2026-42338

Fixes a critical XSS vulnerability in the ip-address library by bumping to a patched version, ensuring secure production and development environments.

Health Assessment

• • Fast review and merge with minimal changes, indicating a straightforward security fix.

Summary

Upgrade brace-expansion to fix CVE-2026-45149

This upgrade patches a critical denial‑of‑service vulnerability in the brace‑expansion library, ensuring the application remains secure against large numeric range attacks. The change is a semver‑compatible bump that requires no code modifications, keeping the system stable.

Health Assessment

• • Fast review and merge with minimal changes indicates low risk and efficient process.

Summary

Add useImportProvisionedSave hook

Provides a reusable hook that handles the entire workflow for importing provisioned dashboards, converting JSON, writing to the repository, and navigating to the dashboard.

Health Assessment

• • The PR merged after 48 hours with a single review round, showing moderate complexity and efficient collaboration.

Summary

Download translations from Crowdin

Automatically pulls updated translations into Grafana, keeping internationalization current without manual intervention.

Health Assessment

• • Fast, automated merge with no review required; minimal risk and high confidence in translation consistency.

Summary

Enforce rule-level access on ruler export endpoints

Improves security by ensuring users receive 403 instead of 500 when lacking rule access, preventing silent failures and clarifying permissions.

Health Assessment

• • PR closed in under two hours with a single commit and one approval, indicating a straightforward, low-risk change.

Summary

Add folder permission check to PatchLibraryElement

Ensures users cannot move library elements into folders without proper create permissions, preventing unauthorized access and maintaining data integrity.

Health Assessment

• • Quick review and merge with minimal rework indicates low complexity and high confidence in the change.

Summary

Fix nil pointer dereference in webhook updateLastEvent

Prevents 500 errors caused by nil webhook references during provisioning updates. It ensures reliable webhook handling and improves system stability.

Health Assessment

• • The PR was resolved in under 4 hours with a single commit and no review rework, indicating low friction. The change is small and unlikely to introduce new issues.

Summary

Docs: Clarify multiline regex usage

This PR updates documentation to explain that '.' does not match newlines and recommends using [\s\S] for multiline strings, improving clarity for users working with logs.

Health Assessment

• • Fast turnaround with minimal changes; documentation update completed quickly with no review friction.

Summary

Remove field selectors hack for global variables

Eliminates temporary hack, enabling proper field selection in global variable definitions, improving API consistency and reducing maintenance overhead. This change restores native SDK functionality and cleans up legacy scripts.

Health Assessment

• • PR merged quickly with minimal changes and no review friction, indicating a straightforward refactor.

Summary

Update Grafana Alerting module to latest version

Updates Grafana Alerting module to latest version, ensuring compatibility and bug fixes.

Health Assessment

• • Quick review and single commit indicate low complexity and minimal risk.

Summary

Add canvas tests for SparklineCell

Adds comprehensive canvas rendering tests for the SparklineCell component, ensuring visual fidelity and preventing regressions in chart panels.

Health Assessment

• • The PR added extensive canvas tests for the SparklineCell component, taking over five days to merge but received a quick review, indicating a well-structured change with minimal friction.

Summary

Show error on unknown dashboard import

Adds user-facing error message when importing dashboards with unsupported schemas, improving UX by preventing silent failures.

Health Assessment

• • The PR was reviewed and merged within 0.7 hours, indicating a smooth process.
• • Minimal changes and AI-assisted review contributed to rapid resolution.

Summary

Fix webhook host detection for public URLs

Ensures webhook registration only occurs when callback URLs are publicly reachable, preventing silent failures and improving reliability for external integrations. This reduces misconfigurations and improves integration reliability.

Health Assessment

• • Quick review and merge with minimal iterations indicates a straightforward bug fix that was easy to validate and deploy.

Summary

Health Assessment

Summary

Provisioning: Remove GET method from webhook connector

Eliminates insecure GET endpoint on webhook connector, preventing unauthenticated callers from inferring repository existence, thereby tightening security and reducing potential attack surface.

Health Assessment

• • Quick approval with minimal changes indicates low complexity and high confidence in the fix.

Summary

Require new token on provisioning URL change

Enhances security by ensuring that any change to a repository URL forces a new authentication token, preventing unauthorized access for Grafana admins and operators.

Health Assessment

• • The PR was reviewed and merged within 6 hours, indicating a smooth review process and minimal friction.

Summary

Health Assessment

Summary

Document heatmap Y bucket scale option

Adds documentation for the new Y bucket scale option in heatmap visualizations, clarifying usage and tick alignment behavior.

Health Assessment

• • The PR took 14 days to merge with a single review and multiple iterations, indicating moderate review friction but low risk due to documentation-only changes.

Summary

Backport GitHub Actions from main branch

Integrates updated CI workflows into the slow branch, ensuring consistent build and test processes across branches.

Health Assessment

• • Rapid merge after minimal review indicates high confidence in CI changes; large scope suggests significant impact on build stability.

Summary

Check folder permissions for provisioning resource moves

Ensures that when a provisioning resource is moved to a different folder, the system verifies destination folder permissions, preventing unauthorized writes and maintaining security integrity.

Health Assessment

• • Fast turnaround with minimal rework; quick merge after single review indicates straightforward change.

Summary

Backport GitHub Actions from main branch

Synchronizes CI configuration with main to ensure consistency across branches, improving build reliability.

Health Assessment

• • Rapid merge with minimal review, indicating a straightforward CI configuration update.

Summary

Replace glob with node builtin fs.glob

Remove unused glob dependency to reduce the dependency tree and simplify future updates.

Health Assessment

• • Long review time due to large dependency changes, but minimal rework after review.

Summary

Backport GitHub Actions to slow branch

Ensures CI pipeline consistency across branches, enabling reliable builds.

Health Assessment

• • The PR was merged within an hour, indicating minimal review friction and a straightforward CI update.

Summary

Add yarn dedupe check to CI

Adds a check to the frontend lint workflow to ensure yarn lockfile has no duplicate dependencies.

Health Assessment

• • Fast review and merge, minimal rework, straightforward CI enhancement.

Summary

Run knip on grafana-runtime

Clean up dead code and dependencies for Grafana developers.

Health Assessment

• • Fast cycle time and single review round indicate a straightforward cleanup with minimal risk.

Summary

Update Go dependencies to address CVEs

This PR updates critical Go networking libraries to mitigate multiple CVEs, enhancing security for Grafana's backend services.

Health Assessment

• • Rapid security patch with minimal review, indicating efficient process but large scope increases risk of build or runtime regressions.

Summary

Split snapshot store interface into file and manifest methods

Refactors snapshot storage interface to support parallel chunk I/O, enabling future KV-backed implementations without affecting existing functionality. This change improves scalability and prepares the system for large file handling.

Health Assessment

• • Quick approval with minimal changes indicates a straightforward refactor with clear intent.

Summary

Health Assessment

Summary

GlobalRoles Seeding for Mode-5 Authorization

Adds no‑op seeding for global roles in Mode‑5, aligning with Enterprise implementation and enabling feature‑toggle control.

Health Assessment

• • PR had a long cycle time due to multiple merges with main and rework, but final changes were small and straightforward.

Summary

Wrap errors in resource permission SQL

Improves error visibility for resource permission inserts, reducing flaky tests and aiding debugging for users.

Health Assessment

• • Small change but required multiple commits to address missing errors and merge conflicts, indicating moderate review friction but low overall risk.

Summary

Chore: Run `knip` against some more packages

Runs knip to clean up unused code and dependencies across several Grafana packages, improving maintainability for developers.

Health Assessment

• • The PR closed quickly (21 h) but required several commits after the first review, indicating moderate rework. The change touches 20 files with a moderate code churn, so the risk is considered medium.

Summary

Add destination folder permission check for provisioning

Ensures users cannot move provisioned resources into folders they lack access to, preventing unauthorized data placement and maintaining folder-level security.

Health Assessment

• • Quick review and merge within 4 hours, indicating straightforward change with minimal friction.

Summary

Add duplicate-path validation to provisioning form

Prevents duplicate file paths in provisioning, reducing errors and improving data integrity.

Health Assessment

• • The PR required over a day for review and included a couple of iterations to refine validation logic and tests, indicating moderate review friction. The changes add a new feature that enhances data integrity for provisioning workflows.

Summary

Backport GATB to release 11.6.15

Updates GitHub app usage to employ the GitHub app token broker, enhancing authentication security and reliability for the release.

Health Assessment

• • Fast cycle time and minimal review rounds indicate efficient process; scope is large due to many workflow changes but risk remains low.

Summary

Delay no-op check until server

Fixes an API bug where unauthorized users receive a 200 OK instead of 403 Forbidden when attempting to update unchanged resources, improving security and client expectations.

Health Assessment

• • Fast review and merge with minimal rework, straightforward bug fix.

Summary

Run knip against grafana-api-clients

Clean up dead code and dependencies in the grafana-api-clients package, improving maintainability for Grafana developers.

Health Assessment

• • Fast cycle time and minimal changes indicate a straightforward maintenance task with quick approval.