Pull Request Explorer

Summary

Check folder permissions for provisioning resource moves

Ensures that when a provisioning resource is moved to a different folder, the system verifies destination folder permissions, preventing unauthorized writes and maintaining security integrity.

Health Assessment

• • Fast turnaround with minimal rework; quick merge after single review indicates straightforward change.

Summary

Backport GitHub Actions from main branch

Synchronizes CI configuration with main to ensure consistency across branches, improving build reliability.

Health Assessment

• • Rapid merge with minimal review, indicating a straightforward CI configuration update.

Summary

Replace glob with node builtin fs.glob

Remove unused glob dependency to reduce the dependency tree and simplify future updates.

Health Assessment

• • Long review time due to large dependency changes, but minimal rework after review.

Summary

Backport GitHub Actions to slow branch

Ensures CI pipeline consistency across branches, enabling reliable builds.

Health Assessment

• • The PR was merged within an hour, indicating minimal review friction and a straightforward CI update.

Summary

Add yarn dedupe check to CI

Adds a check to the frontend lint workflow to ensure yarn lockfile has no duplicate dependencies.

Health Assessment

• • Fast review and merge, minimal rework, straightforward CI enhancement.

Summary

Run knip on grafana-runtime

Clean up dead code and dependencies for Grafana developers.

Health Assessment

• • Fast cycle time and single review round indicate a straightforward cleanup with minimal risk.

Summary

Update Go dependencies to address CVEs

This PR updates critical Go networking libraries to mitigate multiple CVEs, enhancing security for Grafana's backend services.

Health Assessment

• • Rapid security patch with minimal review, indicating efficient process but large scope increases risk of build or runtime regressions.

Summary

Split snapshot store interface into file and manifest methods

Refactors snapshot storage interface to support parallel chunk I/O, enabling future KV-backed implementations without affecting existing functionality. This change improves scalability and prepares the system for large file handling.

Health Assessment

• • Quick approval with minimal changes indicates a straightforward refactor with clear intent.

Summary

Health Assessment

Summary

GlobalRoles Seeding for Mode-5 Authorization

Adds no‑op seeding for global roles in Mode‑5, aligning with Enterprise implementation and enabling feature‑toggle control.

Health Assessment

• • PR had a long cycle time due to multiple merges with main and rework, but final changes were small and straightforward.

Summary

Wrap errors in resource permission SQL

Improves error visibility for resource permission inserts, reducing flaky tests and aiding debugging for users.

Health Assessment

• • Small change but required multiple commits to address missing errors and merge conflicts, indicating moderate review friction but low overall risk.

Summary

Chore: Run `knip` against some more packages

Runs knip to clean up unused code and dependencies across several Grafana packages, improving maintainability for developers.

Health Assessment

• • The PR closed quickly (21 h) but required several commits after the first review, indicating moderate rework. The change touches 20 files with a moderate code churn, so the risk is considered medium.

Summary

Add destination folder permission check for provisioning

Ensures users cannot move provisioned resources into folders they lack access to, preventing unauthorized data placement and maintaining folder-level security.

Health Assessment

• • Quick review and merge within 4 hours, indicating straightforward change with minimal friction.

Summary

Add duplicate-path validation to provisioning form

Prevents duplicate file paths in provisioning, reducing errors and improving data integrity.

Health Assessment

• • The PR required over a day for review and included a couple of iterations to refine validation logic and tests, indicating moderate review friction. The changes add a new feature that enhances data integrity for provisioning workflows.

Summary

Backport GATB to release 11.6.15

Updates GitHub app usage to employ the GitHub app token broker, enhancing authentication security and reliability for the release.

Health Assessment

• • Fast cycle time and minimal review rounds indicate efficient process; scope is large due to many workflow changes but risk remains low.

Summary

Delay no-op check until server

Fixes an API bug where unauthorized users receive a 200 OK instead of 403 Forbidden when attempting to update unchanged resources, improving security and client expectations.

Health Assessment

• • Fast review and merge with minimal rework, straightforward bug fix.

Summary

Run knip against grafana-api-clients

Clean up dead code and dependencies in the grafana-api-clients package, improving maintainability for Grafana developers.

Health Assessment

• • Fast cycle time and minimal changes indicate a straightforward maintenance task with quick approval.

Summary

Add default minWidth and placeholder truncation to FiltersOverview

Ensures the filter overview panel maintains a minimum width so the layout remains consistent. Truncates placeholder text with ellipsis when space is limited, improving readability.

Health Assessment

• • PR had a single review comment and quick approval, indicating straightforward changes with minimal risk.

Summary

Add team creator as admin when K8s redirect enabled

When teams are created through Kubernetes, the creator is now automatically granted admin privileges, preventing permission gaps. Legacy consumers continue to receive a deprecated internal ID for compatibility.

Health Assessment

• • The PR had a moderate review cycle with two commits after the initial review, indicating some rework but overall quick resolution.

Summary

Scope Metrics Cache Entries by Org

Aligns cache key with Grafana's multi‑org model, preventing cross‑org data leakage and improving data isolation.

Health Assessment

• • Fast cycle time of 2 hours and a single review round indicate a straightforward, low‑risk change.

Summary

Break circular dependency with @grafana/test-utils

Fixes a circular dependency in the Grafana UI package by inlining test utilities and removing the devDependency on @grafana/test-utils, improving build stability and reducing workspace complexity.

Health Assessment

• • The PR had a long cycle time and delayed first review, but only a single review round and minimal rework, indicating a straightforward fix with limited impact.

Summary

Restrict tenant_watcher TLS to Development Mode

Prevents insecure TLS configuration in production by disabling tenant watcher insecure TLS flag unless in development mode, enhancing security.

Health Assessment

• • Fast cycle, single review, minimal changes, low risk.

Summary

Remove unused CI tools and standardize cue usage

Eliminates unused CI tools jb and cog, ensuring consistent cue installation, improving build reliability.

Health Assessment

• • Quick merge with minimal changes, no review needed, indicates straightforward maintenance.

Summary

Warn on missing resource in delete job

This change makes delete jobs idempotent, reducing failures from stale references and improving reliability for users.

Health Assessment

• • Fast cycle time and minimal review iterations indicate efficient process.

Summary

Enforce RBAC on IAM user search filter

This change enforces RBAC on IAM user search, ensuring that only authorized users can view user lists. It protects sensitive user data and aligns search behavior with security policies.

Health Assessment

• • The PR experienced significant delays and multiple merge conflicts, indicating complex integration with existing code and a lengthy review process. The large cycle time and many review rounds suggest high risk and potential for regression.

Summary

Remove fsperfbaseline from perf tests

Eliminates obsolete performance test, saving CI resources and time.

Health Assessment

• • Fast review and minimal changes indicate low risk and quick integration.

Summary

Clean up stray kubernetesDashboards references

Removes obsolete feature toggle references and updates test mocks, ensuring codebase consistency without changing behavior.

Health Assessment

• • PR took over 12 days to merge with a single review, indicating a slow review cycle but minimal changes and low risk.

Summary

Simplify dashboard scene serialization and export drawer

Reduces code complexity and removes dead branches, improving maintainability without affecting user experience.

Health Assessment

• • Long cycle time (12.5 days) and slow first review (3.5 days) indicate a backlog, but the change involved minimal rework and no new functionality. The removal of dead code poses low risk and improves code quality.

Summary

Replace uuid v4 with crypto.randomUUID()

Eliminates the external uuid dependency, reducing bundle size and improving security and performance for Grafana developers and maintainers.

Health Assessment

• • The PR involved extensive refactoring across 20 files and 474 lines, leading to a slow review cycle and multiple review rounds, indicating high complexity and potential risk.

Summary

Remove Kubernetes Dashboards Toggle from Alerting Tests

Clean up test setup by removing unused toggle and adding mock for unified API, ensuring tests pass without affecting production. No production impact, only test infrastructure updated.

Health Assessment

• • The PR had a long cycle time but minimal review friction and no rework, indicating a straightforward test refactor with low risk.

Summary

Pin dev dependency and group workflow scripts

Ensures CI uses a pinned version of @grafana/levitate, improving reproducibility and security.

Health Assessment

• • Quick review and merge, minimal rework, straightforward CI improvement.

Summary

Fix /api/teams responses for k8s redirect

Restores legacy API behavior for team endpoints when Kubernetes redirect is enabled, ensuring clients receive correct data and error codes.

Health Assessment

• • The PR required multiple iterations to align k8s redirect behavior with legacy API expectations, but was reviewed and merged within two days, indicating efficient collaboration.

Summary

Remove legacy Redux dashboard import flow

Eliminates dead Redux-based import logic, simplifying codebase without affecting user experience.

Health Assessment

• • PR merged after 12+ days with a single review; large code removal but no functional change, keeping risk minimal.

Summary

Add grafana.initDataSourcesAsync feature toggle

Introduces an experimental feature toggle to switch data source initialization from synchronous to asynchronous, improving scalability for organizations with many data sources.

Health Assessment

• • The PR had a relatively long cycle time of 215.1 hours, but the changes are well-contained and focused on adding a feature toggle.

Summary

Chore: Update mailparser to 3.9.3

Updates the mailparser dependency to address CVE-2026-3455, ensuring secure email parsing for all users.

Health Assessment

• • Fast review and merge within 16 hours, minimal code changes, effectively mitigated a security vulnerability.

Summary

Fix dynamic key retriever silent failures and missing loop

This PR fixes issues with the dynamic plugin signing key retriever, improving observability and ensuring periodic key sync.

Health Assessment

• • The PR was reviewed and approved quickly, with minimal changes required.
• • The fix improves the reliability and observability of the dynamic key retriever.

Summary

Cleanup provisioning dual write logic

Removes obsolete folder checks and migration logic, simplifying provisioning code.

Health Assessment

• • Fast cycle time and minimal changes indicate low risk and efficient review.

Summary

Add dependabot scanning for all .citools modules

Ensures all internal Go tools are automatically updated, eliminating known CVEs in golang.org/x/crypto and x/net and preventing future security vulnerabilities.

Health Assessment

• • Fast cycle time and minimal review rounds indicate a straightforward, low‑risk update that improves security posture by expanding automated dependency scanning.

Summary

Update Presets Documentation for GA Release

Documentation updated to reflect the Presets feature being generally available, removing feature toggle references.

Health Assessment

• • Quick review and merge, minimal changes, straightforward docs update.

Summary

Health Assessment

Summary

Update auto-milestone to use x64 runners

Switches CI auto-milestone workflow to x64 runners to avoid ARM64 compatibility issues, ensuring reliable automation.

Health Assessment

• • Quick update to CI workflow to resolve ARM64 incompatibility, minimal code changes and risk.

Summary

Fix documentation CI build

Resolved CI build failure caused by architecture mismatch on self-hosted runners, ensuring documentation pipeline runs reliably.

Health Assessment

• • Quick fix with minimal changes, merged within 20 minutes.

Summary

Persist dashboard outline state

Adds persistence of dashboard outline state across pane toggles and mode switches, improving user experience.

Health Assessment

• • PR introduced a new feature to persist dashboard outline state, required a single review cycle with moderate review time, and involved a moderate scope of changes across six frontend files.

Summary

Add periodic cleanup of stale bleve index folders

This PR introduces an opt‑in background sweep that removes stale Bleve index folders, preventing disk space leaks and improving system reliability. The cleanup runs at a configurable interval and only removes folders no longer needed, reducing manual intervention.

Health Assessment

• • The PR was merged quickly with minimal review, indicating confidence in the implementation. The large code addition suggests significant refactoring of the storage layer.

Summary

Migrate semver dependency to v3

Upgrades the semver library to v3 for stricter parsing and improved compatibility, ensuring search and resource packages use the updated API without breaking existing functionality.

Health Assessment

• • Quick review and merge, minimal changes, no major risk.

Summary

Fix folder permission chain flattening

Corrects permission handling for nested folders, ensuring accurate access control and preventing privilege escalation.

Health Assessment

• • The PR required multiple review rounds and a lengthy cycle time, indicating complex changes to permission logic across backend and frontend. AI‑assisted review helped catch issues, but the process was slow due to extensive testing and validation.

Summary

CI: Address zizmor warnings in CodeQL

Permission scope tightened, moved from workflow to job, with fine-grained permissions. This should address all findings from zizmor in CodeQL.

Health Assessment

• • Fast cycle time and minimal rework indicate a straightforward CI configuration update.

Summary

Harden provisioning frontend against XSS and injection

Improves security of the provisioning UI by sanitizing README rendering, URLs, and input values, protecting users from XSS and injection attacks.

Health Assessment

• • Fast 15‑hour cycle with a single commit and minimal review rounds, indicating efficient resolution of multiple security findings.

Summary

Move plugins-bundled to writable directory in packages

This change moves the bundled plugins directory into a writable location, preventing startup errors when newer plugin versions are available. It improves reliability for users who rely on bundled plugins.

Health Assessment

• • Packaging change with minimal code modifications; long cycle time likely due to scheduling; low risk to production.

Summary

Configure Prometheus Registerer for Leader Election

Ensures leader election components register Prometheus metrics correctly, preventing build failures and maintaining system stability.

Health Assessment

• • Quick fix with minimal changes, resolved build issues promptly.