TencentCloud / tencentcloud-monitor-grafana-app

Tencent Cloud Monitor App Plugin for Grafana
https://grafana.com/grafana/plugins/tencentcloud-monitor-app/
Apache License 2.0
153 stars 43 forks source link

build(deps): bump @braintree/sanitize-url, @grafana/ui, @grafana/data, @grafana/runtime and @grafana/toolkit #149

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps @braintree/sanitize-url to 6.0.1 and updates ancestor dependencies @braintree/sanitize-url, @grafana/ui, @grafana/data, @grafana/runtime and @grafana/toolkit. These dependencies need to be updated together.

Updates @braintree/sanitize-url from 4.0.0 to 6.0.1

Changelog

Sourced from @​braintree/sanitize-url's changelog.

6.0.1

  • Fix issue where urls in the form javascript:alert('xss'); were not properly sanitized
  • Fix issue where urls in the form javasc	ript:alert('XSS'); were not properly sanitized

6.0.0

Breaking Changes

  • Decode HTML characters automatically that would result in an XSS vulnerability when rendering links via a server rendered HTML file
// decodes to javacript:alert('XSS')
const vulnerableUrl =
  "&[#0000106](https://github.com/braintree/sanitize-url/issues/0000106)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000118](https://github.com/braintree/sanitize-url/issues/0000118)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000115](https://github.com/braintree/sanitize-url/issues/0000115)&[#0000099](https://github.com/braintree/sanitize-url/issues/0000099)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000105](https://github.com/braintree/sanitize-url/issues/0000105)&[#0000112](https://github.com/braintree/sanitize-url/issues/0000112)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000058](https://github.com/braintree/sanitize-url/issues/0000058)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000108](https://github.com/braintree/sanitize-url/issues/0000108)&[#0000101](https://github.com/braintree/sanitize-url/issues/0000101)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000040](https://github.com/braintree/sanitize-url/issues/0000040)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000088](https://github.com/braintree/sanitize-url/issues/0000088)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000041](https://github.com/braintree/sanitize-url/issues/0000041)";

sanitizeUrl(vulnerableUrl); // 'about:blank'

const okUrl = "https://example.com/" + vulnerableUrl;

// since the javascript bit is in the path instead of the protocol // this is successfully sanitized sanitizeUrl(okUrl); // 'https://example.com/javascript:alert('XSS');

5.0.2

  • Fix issue where certain invisible white space characters were not being sanitized (#35)

5.0.1

  • Fix issue where certain safe characters were being filtered out (#31 thanks @​akirchmyer)

5.0.0

Breaking Changes

4.1.1

  • Fixup path to type declaration (closes #25)

4.1.0

  • Add typescript types

4.0.1

  • Fix issue where urls with accented characters were incorrectly sanitized
Commits
Maintainer changes

This version was pushed to npm by braintree, a new releaser for @​braintree/sanitize-url since your current version.


Updates @grafana/ui from 7.5.12 to 9.3.6

Release notes

Sourced from @​grafana/ui's releases.

9.3.6 (2023-01-26)

Download page What's new highlights

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Download page What's new highlights

Features and enhancements

Bug fixes

9.3.2 (2022-12-16)

Download page What's new highlights

Features and enhancements

... (truncated)

Changelog

Sourced from @​grafana/ui's changelog.

9.3.6 (2023-01-26)

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Features and enhancements

Bug fixes

9.3.2 (2023-12-13)

Features and enhancements

Bug fixes

... (truncated)

Commits
  • 978237e Release: Bump version to 9.3.6 (#743)
  • 8e3111a Merge 'v9.3.x' into v9.3.x
  • 1c8a50b [v9.3.x] SVG: Add dompurify preprocessor step (#62157)
  • c69fb85 [v9.3.x] add export customHeadersSettings component (#62141)
  • 0d00936 Release: Bump version to 9.3.5 (#62074)
  • 77b7420 Release: Bump version to 9.3.5 (#729)
  • c9c7f0d [v9.3.x] SVG: Add dompurify preprocessor step (#698) (#703)
  • 384eaed Snapshots: Fix originalUrl spoof security issue (#675)
  • 85c62f0 [v9.3.x] Query Builder: Fix max width of input component to prevent overflows...
  • ae78664 [v9.3.x] Fix Barchart legend aligning right when orientation is horizontal (#...
  • Additional commits viewable in compare view


Updates @grafana/data from 7.5.2 to 9.3.6

Release notes

Sourced from @​grafana/data's releases.

9.3.6 (2023-01-26)

Download page What's new highlights

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Download page What's new highlights

Features and enhancements

Bug fixes

9.3.2 (2022-12-16)

Download page What's new highlights

Features and enhancements

... (truncated)

Changelog

Sourced from @​grafana/data's changelog.

9.3.6 (2023-01-26)

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Features and enhancements

Bug fixes

9.3.2 (2023-12-13)

Features and enhancements

Bug fixes

... (truncated)

Commits
  • 978237e Release: Bump version to 9.3.6 (#743)
  • 77b7420 Release: Bump version to 9.3.5 (#729)
  • 24abde9 [v9.3.x] DataFrame: Add explicit histogram frame type (panel & transforms)
  • 62984d2 [v9.3.x] TimeSeries: Fix y-axis Yes/No and On/Off boolean units (#61208)
  • a4b7019 [v9.3.x] Plugins: add option to proxy ds connections through a secure socks p...
  • 55b87d5 Release: Bump version to 9.3.3 (#60429)
  • 8c9b6ef [v9.3.x] Transformations: Fix bug in convert fields boolean to number (#60355)
  • 4f68c4e [9.3.x] Backport Contexthandler: Add uname as response header #59930 (#59951)
  • 3adad3c Users: Use Remote Cache for storing signed in users [v9.3.x] (#59883) (#59934)
  • a32d25b Auth: Session cache [v9.3.x] (#59937)
  • Additional commits viewable in compare view


Updates @grafana/runtime from 7.5.2 to 9.3.6

Release notes

Sourced from @​grafana/runtime's releases.

9.3.6 (2023-01-26)

Download page What's new highlights

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Download page What's new highlights

Features and enhancements

Bug fixes

9.3.2 (2022-12-16)

Download page What's new highlights

Features and enhancements

... (truncated)

Changelog

Sourced from @​grafana/runtime's changelog.

9.3.6 (2023-01-26)

Bug fixes

  • QueryEditorRow: Fixes issue loading query editor when data source variable selected. #61927, @​torkelo

9.3.4 (2023-01-25)

Features and enhancements

Bug fixes

9.3.2 (2023-12-13)

Features and enhancements

Bug fixes

... (truncated)

Commits
  • 978237e Release: Bump version to 9.3.6 (#743)
  • 77b7420 Release: Bump version to 9.3.5 (#729)
  • 55b87d5 Release: Bump version to 9.3.3 (#60429)
  • b297cbf [v9.3.x] Dashboards: Show error when data source is missing (#60313)
  • 923fcd4 Alerting: Reduce number of buildinfo calls (#59319) (#59716)
  • c53ae81 Release: Bump version to 9.3.2 (#59680)
  • 95b7cab [v9.3.x] Build: Adds a fallback script to fix package.json main and types fie...
  • 6c1463e Release: Bump version to 9.3.0 (#59532)
  • 8ae02b4 [v9.3.x] DataSourceWithBackend - Set postResource method to POST (#59117)
  • 1bcdaeb [v9.3.x] @​grafana/runtime: Avoid calling applyTemplateVariables for the wrong...
  • Additional commits viewable in compare view


Updates @grafana/toolkit from 8.4.3 to 8.5.20

Release notes

Sourced from @​grafana/toolkit's releases.

8.5.20

Download page What's new highlights

Features and enhancements

8.5.16 (2023-01-25)

Download page What's new highlights

Features and enhancements

8.5.15 (2022-11-08)

Download page What's new highlights

Features and enhancements

8.5.13 (2022-09-20)

Download page What's new highlights

Features and enhancements

  • Plugins: Expose @​emotion/react to plugins to prevent load failures. #55297, @​jackw

Bug fixes

8.5.11 (2022-08-30)

Download page

... (truncated)

Changelog

Sourced from @​grafana/toolkit's changelog.

8.5.20 (2023-01-25)

Features and enhancements

8.5.15 (2022-11-08)

Features and enhancements

8.5.14 (2022-10-11)

Features and enhancements

8.5.13 (2022-09-20)

Features and enhancements

  • Plugins: Expose @​emotion/react to plugins to prevent load failures. #55297, @​jackw

Bug fixes

8.5.11 (2022-08-30)

Features and enhancements

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TencentCloud/tencentcloud-monitor-grafana-app/network/alerts).