diff --git a/.gitignore b/.gitignore
index 9c9ebef..a6dbaab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/grafana-9.2.10.tar.gz
-SOURCES/grafana-vendor-9.2.10-2.tar.xz
-SOURCES/grafana-webpack-9.2.10-2.tar.gz
+SOURCES/grafana-10.2.6.tar.gz
+SOURCES/grafana-vendor-10.2.6-2.tar.xz
+SOURCES/grafana-webpack-10.2.6-2.tar.gz
diff --git a/.grafana.metadata b/.grafana.metadata
index 9f15ac9..518f49a 100644
--- a/.grafana.metadata
+++ b/.grafana.metadata
@@ -1,3 +1,3 @@
-4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
-1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz
-ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz
+5c65a9460e0d0ecff29e397b5889b4167f046142 SOURCES/grafana-10.2.6.tar.gz
+1dbd3823c3004d7127fab43b82a0ca9e988922dc SOURCES/grafana-vendor-10.2.6-2.tar.xz
+7229d7721cd93d95fde2a306ae775876053a05b0 SOURCES/grafana-webpack-10.2.6-2.tar.gz
diff --git a/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch b/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
index ae15f74..837d0ff 100644
--- a/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@@ -1,4 +1,4 @@
-From 226822e64ed4badb22e18740e6db411617b42bb7 Mon Sep 17 00:00:00 2001
+From 1e47ea7adc316e2df3d0081c2c0ebe75ddd6bda0 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 16:57:52 +0200
 Subject: [PATCH] update grafana-cli script with distro-specific paths and
@@ -6,18 +6,19 @@ Subject: [PATCH] update grafana-cli script with distro-specific paths and
 
 
 diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
-index dafa075a2c..eda358c425 100755
+index 7c6c46aef9..945714642b 100755
 --- a/packaging/wrappers/grafana-cli
 +++ b/packaging/wrappers/grafana-cli
-@@ -5,18 +5,19 @@
+@@ -5,7 +5,7 @@
  # the system-wide Grafana configuration that was bundled with the package as we
  # use the binary.
  
 -DEFAULT=/etc/default/grafana
 +DEFAULT=/etc/sysconfig/grafana-server
  
- GRAFANA_HOME=/usr/share/grafana
- CONF_DIR=/etc/grafana
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana
  DATA_DIR=/var/lib/grafana
  PLUGINS_DIR=/var/lib/grafana/plugins
  LOG_DIR=/var/log/grafana
@@ -26,12 +27,12 @@ index dafa075a2c..eda358c425 100755
  CONF_FILE=$CONF_DIR/grafana.ini
  PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
  
--EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
 +EXECUTABLE=$LIBEXEC_DIR/grafana-cli
  
  if [ ! -x $EXECUTABLE ]; then
-  echo "Program not installed or not executable"
-@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then
+  echo "$EXECUTABLE not installed or not executable"
+@@ -29,14 +30,23 @@ if [ -f "$DEFAULT" ]; then
    . "$DEFAULT"
  fi
  
@@ -42,8 +43,6 @@ index dafa075a2c..eda358c425 100755
 -                        cfg:default.paths.data=${DATA_DIR} \
 -                        cfg:default.paths.logs=${LOG_DIR} \
 -                        cfg:default.paths.plugins=${PLUGINS_DIR}'"
--
--eval $EXECUTABLE "$OPTS" '$@'
 +OPTS=("--homepath=${GRAFANA_HOME}"
 +      "--config=${CONF_FILE}"
 +      "--pluginsDir=${PLUGINS_DIR}"
@@ -51,7 +50,10 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.data=${DATA_DIR} \
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
-+
+ 
+ CMD=cli
+ 
+-eval $EXECUTABLE "$CMD" "$OPTS" "$@"
 +if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
diff --git a/SOURCES/0002-add-manpages.patch b/SOURCES/0002-add-manpages.patch
index 4ded6f1..a059e0a 100644
--- a/SOURCES/0002-add-manpages.patch
+++ b/SOURCES/0002-add-manpages.patch
@@ -1,4 +1,4 @@
-From c065b6608a65967bde152557566e0410238714a1 Mon Sep 17 00:00:00 2001
+From 5b6c18f715808f99c32550fc3b670fc5bf600f72 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:01:09 +0200
 Subject: [PATCH] add manpages
diff --git a/SOURCES/0003-update-default-configuration.patch b/SOURCES/0003-update-default-configuration.patch
index e20a6fb..a0c961a 100644
--- a/SOURCES/0003-update-default-configuration.patch
+++ b/SOURCES/0003-update-default-configuration.patch
@@ -1,14 +1,14 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
+From 026c4f235fd3bfc741304a5e12e13bd1c7b85eac Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:05:48 +0200
 Subject: [PATCH] update default configuration
 
 
 diff --git a/conf/defaults.ini b/conf/defaults.ini
-index 2d6e1235b6..f0eff6d2ac 100644
+index 9f7cf4a90b..e1e5468bfa 100644
 --- a/conf/defaults.ini
 +++ b/conf/defaults.ini
-@@ -196,7 +196,7 @@ row_limit = 1000000
+@@ -240,7 +240,7 @@ user_agent =
  # No ip addresses are being tracked, only simple counters to track
  # running instances, dashboard and error counts. It is very helpful to us.
  # Change this option to false to disable reporting.
@@ -17,20 +17,22 @@ index 2d6e1235b6..f0eff6d2ac 100644
  
  # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
  reporting_distributor = grafana-labs
-@@ -206,7 +206,7 @@ reporting_distributor = grafana-labs
+@@ -249,8 +249,8 @@ reporting_distributor = grafana-labs
+ # for new versions of grafana. The check is used
  # in some UI views to notify that a grafana update exists.
  # This option does not cause any auto updates, nor send any information
- # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
+-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
 -check_for_updates = true
++# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
 +check_for_updates = false
  
  # Set to false to disable all checks to https://grafana.com
  # for new versions of plugins. The check is used
 diff --git a/conf/sample.ini b/conf/sample.ini
-index 227c90e895..dc9fd6a3a5 100644
+index 916de769f9..2f270d4940 100644
 --- a/conf/sample.ini
 +++ b/conf/sample.ini
-@@ -202,7 +202,7 @@
+@@ -247,7 +247,7 @@
  # No ip addresses are being tracked, only simple counters to track
  # running instances, dashboard and error counts. It is very helpful to us.
  # Change this option to false to disable reporting.
@@ -39,16 +41,18 @@ index 227c90e895..dc9fd6a3a5 100644
  
  # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
  ;reporting_distributor = grafana-labs
-@@ -212,7 +212,7 @@
+@@ -256,8 +256,8 @@
+ # for new versions of grafana. The check is used
  # in some UI views to notify that a grafana update exists.
  # This option does not cause any auto updates, nor send any information
- # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
+-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
 -;check_for_updates = true
++# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
 +;check_for_updates = false
  
  # Set to false to disable all checks to https://grafana.com
  # for new versions of plugins. The check is used
-@@ -356,7 +356,7 @@
+@@ -427,7 +427,7 @@
  
  # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
  # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@@ -57,7 +61,7 @@ index 227c90e895..dc9fd6a3a5 100644
  
  # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
  ;default_home_dashboard_path =
-@@ -1094,7 +1094,7 @@
+@@ -1411,7 +1411,7 @@
  ;enable_alpha = false
  ;app_tls_skip_verify_insecure = false
  # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
diff --git a/SOURCES/0004-remove-unused-backend-dependencies.patch b/SOURCES/0004-remove-unused-backend-dependencies.patch
index 86908a3..1569748 100644
--- a/SOURCES/0004-remove-unused-backend-dependencies.patch
+++ b/SOURCES/0004-remove-unused-backend-dependencies.patch
@@ -1,4 +1,4 @@
-From 944d07247d07b433777ee6ab46bc55cc1d9debe8 Mon Sep 17 00:00:00 2001
+From 076177ff583b8e6d92948e0a4ddde0e8992d09a3 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:18:56 +0200
 Subject: [PATCH] remove unused backend dependencies
@@ -7,123 +7,56 @@ saml and gofpdf are not used in the OSS edition of Grafana
 after editing `pkg/extensions/main.go`, run `go mod tidy`
 
 diff --git a/go.mod b/go.mod
-index 03c00985c4..faedd337d3 100644
+index fcbc09da5e..82fdf39842 100644
 --- a/go.mod
 +++ b/go.mod
-@@ -30,7 +30,6 @@ require (
- 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
- 	github.com/centrifugal/centrifuge v0.25.0
- 	github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
--	github.com/crewjam/saml v0.4.9
- 	github.com/davecgh/go-spew v1.1.1
- 	github.com/denisenkom/go-mssqldb v0.12.0
- 	github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
-@@ -67,7 +66,6 @@ require (
- 	github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
- 	github.com/jmespath/go-jmespath v0.4.0
- 	github.com/json-iterator/go v1.1.12
--	github.com/jung-kurt/gofpdf v1.16.2
- 	github.com/lib/pq v1.10.4
- 	github.com/linkedin/goavro/v2 v2.10.0
- 	github.com/m3db/prometheus_remote_client_golang v0.4.4
-@@ -192,7 +190,6 @@ require (
+@@ -45,7 +45,6 @@ require (
+ 	github.com/blang/semver/v4 v4.0.0 // @grafana/grafana-release-guild
+ 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // @grafana/backend-platform
+ 	github.com/centrifugal/centrifuge v0.30.2 // @grafana/grafana-app-platform-squad
+-	github.com/crewjam/saml v0.4.13 // @grafana/grafana-authnz-team
+ 	github.com/fatih/color v1.15.0 // @grafana/backend-platform
+ 	github.com/gchaincl/sqlhooks v1.3.0 // @grafana/backend-platform
+ 	github.com/go-ldap/ldap/v3 v3.4.4 // @grafana/grafana-authnz-team
+@@ -187,7 +186,6 @@ require (
  	github.com/josharian/intern v1.0.0 // indirect
  	github.com/jpillora/backoff v1.0.0 // indirect
  	github.com/mailru/easyjson v0.7.7 // indirect
 -	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
  	github.com/mattetti/filebuffer v1.0.1 // indirect
- 	github.com/mattn/go-runewidth v0.0.9 // indirect
- 	github.com/miekg/dns v1.1.43 // indirect
-@@ -208,7 +205,7 @@
- 	github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect
- 	github.com/pmezard/go-difflib v1.0.0 // indirect
- 	github.com/prometheus/common/sigv4 v0.1.0 // indirect
--	github.com/prometheus/exporter-toolkit v0.7.1 // indirect
-+	github.com/prometheus/exporter-toolkit v0.7.3 // indirect
- 	github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect
- 	github.com/prometheus/procfs v0.8.0 // indirect
- 	github.com/protocolbuffers/txtpbfmt v0.0.0-20220428173112-74888fd59c2b // indirect
+ 	github.com/mattn/go-runewidth v0.0.13 // indirect
+ 	github.com/miekg/dns v1.1.51 // indirect
 diff --git a/go.sum b/go.sum
-index e3b45a9f35..b98dc78c57 100644
+index d05dfb55fd..b160387abe 100644
 --- a/go.sum
 +++ b/go.sum
-@@ -665,7 +665,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
- github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
- github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
- github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
--github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
- github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
- github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
- github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
-@@ -1376,8 +1375,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.139.0 h1:2RQKM2QpSaWTtaGN6sK+R7LO7zy
- github.com/grafana/grafana-plugin-sdk-go v0.139.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
- github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293 h1:dJIdfHqu+XjKz+w9zXLqXKPdp6Jjx/UPSOwdeSfWdeQ=
- github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293/go.mod h1:HVHqK+BVPa/tmL8EMhLCCrPt2a1GdJpEyxr5hgur2UI=
--github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7 h1:cujJQ3XV6IK7Y96VpYurd2EpI5rfMRFcuyGqUlk+030=
--github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
- github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104 h1:dYpwFYIChrMfpq3wDa/ZBxAbUGSW5NYmYBeSezhaoao=
- github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104/go.mod h1:fCV1rqv6XRQg2GfIQ7pU9zdxd5fLRcEBCnrDVwlK+ZY=
- github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o=
-@@ -1664,8 +1661,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
- github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
- github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
- github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
--github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
--github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
- github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
- github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
- github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-@@ -1787,8 +1782,6 @@ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+@@ -1826,8 +1826,6 @@ github.com/grafana/pyroscope/api v0.3.0/go.mod h1:JggA80ToAAUACYGfwL49XoFk5aN5ec
+ github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+ github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db h1:7aN5cccjIqCLTzedH7MZzRZt5/lsAHch6Z3L2ZGn5FA=
+ github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c h1:1pHLC1ZTz7N5QI3jzCs5sqmVvAKe+JwGnpp9lQ+iUjY=
+-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c/go.mod h1:S4+611dxnKt8z/ulbvaJzcgSHsuhjVc1QHNTcr1R7Fw=
+ github.com/grafana/sqlds/v2 v2.3.10 h1:HWKhE0vR6LoEiE+Is8CSZOgaB//D1yqb2ntkass9Fd4=
+ github.com/grafana/sqlds/v2 v2.3.10/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
+ github.com/grafana/tempo v1.5.1-0.20230524121406-1dc1bfe7085b h1:mDlkqgTEJuK7vjPG44f3ZMtId5AAYLWHvBVbiGqIOOQ=
+@@ -2222,8 +2220,6 @@ github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9Hmu
+ github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w=
+ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
  github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
- github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
- github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk=
 -github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
 -github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
  github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
  github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
  github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-@@ -2066,7 +2059,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
- github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
- github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
- github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
--github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
- github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
- github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
- github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-@@ -2156,8 +2148,9 @@ github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdD
- github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
- github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
- github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
--github.com/prometheus/exporter-toolkit v0.7.1 h1:c6RXaK8xBVercEeUQ4tRNL8UGWzDHfvj9dseo1FcK1Y=
- github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
-+github.com/prometheus/exporter-toolkit v0.7.3 h1:IYBn0CTGi/nYxstdTUKysuSofUNJ3DQW3FmZ/Ub6rgU=
-+github.com/prometheus/exporter-toolkit v0.7.3/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
- github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM=
- github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc=
- github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-@@ -2696,7 +2688,6 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
- golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
- golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
- golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
--golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
-index 72371bdab4..a7bb7abe0f 100644
+index 327e208221..426aad2a21 100644
 --- a/pkg/extensions/main.go
 +++ b/pkg/extensions/main.go
-@@ -11,13 +11,11 @@ import (
+@@ -11,7 +11,6 @@ import (
+ 	_ "github.com/beevik/etree"
  	_ "github.com/blugelabs/bluge"
  	_ "github.com/blugelabs/bluge_segment_api"
- 	_ "github.com/cortexproject/cortex/pkg/util"
 -	_ "github.com/crewjam/saml"
+ 	_ "github.com/go-jose/go-jose/v3"
  	_ "github.com/gobwas/glob"
  	_ "github.com/googleapis/gax-go/v2"
- 	_ "github.com/grafana/dskit/backoff"
- 	_ "github.com/grafana/dskit/flagext"
- 	_ "github.com/grpc-ecosystem/go-grpc-middleware"
--	_ "github.com/jung-kurt/gofpdf"
- 	_ "github.com/linkedin/goavro/v2"
- 	_ "github.com/m3db/prometheus_remote_client_golang/promremote"
- 	_ "github.com/pkg/errors"
diff --git a/SOURCES/0005-remove-unused-frontend-crypto.patch b/SOURCES/0005-remove-unused-frontend-crypto.patch
index dee203d..268eadb 100644
--- a/SOURCES/0005-remove-unused-frontend-crypto.patch
+++ b/SOURCES/0005-remove-unused-frontend-crypto.patch
@@ -1,4 +1,4 @@
-From 3709d320189b10a12a3780d15e46afd777f06554 Mon Sep 17 00:00:00 2001
+From ddd615152004e0bc5985a574c05d31778351dfa3 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:36:47 +0200
 Subject: [PATCH] remove unused frontend crypto
@@ -7,73 +7,47 @@ update `package.json` and then run `yarn install` to update the
 `yarn.lock` lockfile
 
 diff --git a/package.json b/package.json
-index e26f95d855..91d71f1414 100644
+index 38deb6d7de..aad5e88bf0 100644
 --- a/package.json
 +++ b/package.json
-@@ -405,8 +405,10 @@
-     "whatwg-fetch": "3.6.2"
-   },
+@@ -425,6 +425,9 @@
    "resolutions": {
+     "underscore": "1.13.6",
+     "@types/slate": "0.47.11",
 +    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
 +    "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
 +    "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
-     "underscore": "1.13.4",
--    "@mdx-js/loader/loader-utils": "^2.0.0",
-     "@types/slate": "0.47.9",
-     "@rushstack/node-core-library": "3.52.0",
-     "@rushstack/rig-package": "0.3.13",
+     "ngtemplate-loader/loader-utils": "^2.0.0",
+     "semver@~7.0.0": "7.5.4",
+     "semver@7.3.4": "7.5.4",
 diff --git a/yarn.lock b/yarn.lock
-index f374e10e33..12c06ad883 100644
+index bf22ba52a1..1552ddc052 100644
 --- a/yarn.lock
 +++ b/yarn.lock
-@@ -4571,10 +4571,10 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
--"@braintree/sanitize-url@npm:6.0.0":
--  version: 6.0.0
--  resolution: "@braintree/sanitize-url@npm:6.0.0"
--  checksum: 409ce7709dc1a0c67bc887d20af1becd4145d5c62cc5124b1c4c1f3ea2a8d69b0ee9f582d446469c6f5294b56442b99048cbbba6861dd5c834d4e019b95e1f40
-+"@braintree/sanitize-url@npm:^6.0.0":
-+  version: 6.0.2
-+  resolution: "@braintree/sanitize-url@npm:6.0.2"
-+  checksum: 6a9dfd4081cc96516eeb281d1a83d3b5f1ad3d2837adf968fcc2ba18889ee833554f9c641b4083c36d3360a932e4504ddf25b0b51e9933c3742622df82cf7c9a
-   languageName: node
-   linkType: hard
- 
-@@ -5375,7 +5375,7 @@ __metadata:
-   version: 0.0.0-use.local
-   resolution: "@grafana/data@workspace:packages/grafana-data"
-   dependencies:
--    "@braintree/sanitize-url": 6.0.0
-+    "@braintree/sanitize-url": ^6.0.0
-     "@grafana/schema": 9.2.8
-     "@grafana/tsconfig": ^1.2.0-rc1
-     "@rollup/plugin-commonjs": 22.0.1
-@@ -14511,22 +14511,6 @@ __metadata:
+@@ -10935,22 +10935,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"asn1@npm:~0.2.3":
--  version: 0.2.4
--  resolution: "asn1@npm:0.2.4"
+-  version: 0.2.6
+-  resolution: "asn1@npm:0.2.6"
 -  dependencies:
--    safer-buffer: ~2.1.0
--  checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c
+-    safer-buffer: "npm:~2.1.0"
+-  checksum: cf629291fee6c1a6f530549939433ebf32200d7849f38b810ff26ee74235e845c0c12b2ed0f1607ac17383d19b219b69cefa009b920dab57924c5c544e495078
 -  languageName: node
 -  linkType: hard
 -
 -"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
 -  version: 1.0.0
 -  resolution: "assert-plus@npm:1.0.0"
--  checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64
+-  checksum: f4f991ae2df849cc678b1afba52d512a7cbf0d09613ba111e72255409ff9158550c775162a47b12d015d1b82b3c273e8e25df0e4783d3ddb008a293486d00a07
 -  languageName: node
 -  linkType: hard
 -
- "assert@npm:2.0.0":
+ "assert@npm:2.0.0, assert@npm:^2.0.0":
    version: 2.0.0
    resolution: "assert@npm:2.0.0"
-@@ -15231,15 +15215,6 @@ __metadata:
+@@ -11427,15 +11411,6 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -81,29 +55,29 @@ index f374e10e33..12c06ad883 100644
 -  version: 1.0.2
 -  resolution: "bcrypt-pbkdf@npm:1.0.2"
 -  dependencies:
--    tweetnacl: ^0.14.3
--  checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291
+-    tweetnacl: "npm:^0.14.3"
+-  checksum: 13a4cde058250dbf1fa77a4f1b9a07d32ae2e3b9e28e88a0c7a1827835bc3482f3e478c4a0cfd4da6ff0c46dae07da1061123a995372b32cc563d9975f975404
 -  languageName: node
 -  linkType: hard
 -
  "before-after-hook@npm:^2.2.0":
    version: 2.2.2
    resolution: "before-after-hook@npm:2.2.2"
-@@ -17053,13 +17028,6 @@ __metadata:
+@@ -12929,13 +12904,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"core-util-is@npm:1.0.2":
 -  version: 1.0.2
 -  resolution: "core-util-is@npm:1.0.2"
--  checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab
+-  checksum: d0f7587346b44a1fe6c269267e037dd34b4787191e473c3e685f507229d88561c40eb18872fabfff02977301815d474300b7bfbd15396c13c5377393f7e87ec3
 -  languageName: node
 -  linkType: hard
 -
  "core-util-is@npm:~1.0.0":
    version: 1.0.3
    resolution: "core-util-is@npm:1.0.3"
-@@ -18097,15 +18065,6 @@ __metadata:
+@@ -13857,15 +13825,6 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -111,15 +85,15 @@ index f374e10e33..12c06ad883 100644
 -  version: 1.14.1
 -  resolution: "dashdash@npm:1.14.1"
 -  dependencies:
--    assert-plus: ^1.0.0
--  checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598
+-    assert-plus: "npm:^1.0.0"
+-  checksum: 137b287fa021201ce100cef772c8eeeaaafdd2aa7282864022acf3b873021e54cb809e9c060fa164840bf54ff72d00d6e2d8da1ee5a86d7200eeefa1123a8f7f
 -  languageName: node
 -  linkType: hard
 -
- "data-urls@npm:^2.0.0":
-   version: 2.0.0
-   resolution: "data-urls@npm:2.0.0"
-@@ -18842,16 +18801,6 @@ __metadata:
+ "data-urls@npm:^3.0.2":
+   version: 3.0.2
+   resolution: "data-urls@npm:3.0.2"
+@@ -14573,16 +14532,6 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -127,37 +101,37 @@ index f374e10e33..12c06ad883 100644
 -  version: 0.1.2
 -  resolution: "ecc-jsbn@npm:0.1.2"
 -  dependencies:
--    jsbn: ~0.1.0
--    safer-buffer: ^2.1.0
--  checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a
+-    jsbn: "npm:~0.1.0"
+-    safer-buffer: "npm:^2.1.0"
+-  checksum: d43591f2396196266e186e6d6928038cc11c76c3699a912cb9c13757060f7bbc7f17f47c4cb16168cdeacffc7965aef021142577e646fb3cb88810c15173eb57
 -  languageName: node
 -  linkType: hard
 -
  "ee-first@npm:1.1.1":
    version: 1.1.1
    resolution: "ee-first@npm:1.1.1"
-@@ -20489,20 +20438,6 @@ __metadata:
+@@ -15991,20 +15940,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"extsprintf@npm:1.3.0":
 -  version: 1.3.0
 -  resolution: "extsprintf@npm:1.3.0"
--  checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2
+-  checksum: 26967d6c7ecbfb5bc5b7a6c43503dc5fafd9454802037e9fa1665e41f615da4ff5918bd6cb871a3beabed01a31eca1ccd0bdfb41231f50ad50d405a430f78377
 -  languageName: node
 -  linkType: hard
 -
 -"extsprintf@npm:^1.2.0":
--  version: 1.4.0
--  resolution: "extsprintf@npm:1.4.0"
--  checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e
+-  version: 1.4.1
+-  resolution: "extsprintf@npm:1.4.1"
+-  checksum: bfd6d55f3c0c04d826fe0213264b383c03f32825af6b1ff777f3f2dc49467e599361993568d75b7b19a8ea1bb08c8e7cd8c3d87d179ced91bb0dcf81ca6938e0
 -  languageName: node
 -  linkType: hard
 -
- "fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
+ "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
    version: 3.1.3
    resolution: "fast-deep-equal@npm:3.1.3"
-@@ -21462,15 +21397,6 @@ __metadata:
+@@ -16916,15 +16851,6 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -165,15 +139,15 @@ index f374e10e33..12c06ad883 100644
 -  version: 0.1.7
 -  resolution: "getpass@npm:0.1.7"
 -  dependencies:
--    assert-plus: ^1.0.0
+-    assert-plus: "npm:^1.0.0"
 -  checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
 -  languageName: node
 -  linkType: hard
 -
- "git-raw-commits@npm:^2.0.8":
-   version: 2.0.11
-   resolution: "git-raw-commits@npm:2.0.11"
-@@ -22832,25 +22758,10 @@ __metadata:
+ "giget@npm:^1.0.0":
+   version: 1.1.2
+   resolution: "giget@npm:1.1.2"
+@@ -18263,25 +18189,10 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -181,10 +155,10 @@ index f374e10e33..12c06ad883 100644
 -  version: 1.2.0
 -  resolution: "http-signature@npm:1.2.0"
 -  dependencies:
--    assert-plus: ^1.0.0
--    jsprim: ^1.2.2
--    sshpk: ^1.7.0
--  checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c
+-    assert-plus: "npm:^1.0.0"
+-    jsprim: "npm:^1.2.2"
+-    sshpk: "npm:^1.7.0"
+-  checksum: 2ff7112e6b0d8f08b382dfe705078c655501f2ddd76cf589d108445a9dd388a0a9be928c37108261519a7f53e6bbd1651048d74057b804807cce1ec49e87a95b
 -  languageName: node
 -  linkType: hard
 -
@@ -192,10 +166,10 @@ index f374e10e33..12c06ad883 100644
 -  version: 1.3.6
 -  resolution: "http-signature@npm:1.3.6"
 -  dependencies:
--    assert-plus: ^1.0.0
--    jsprim: ^2.0.2
--    sshpk: ^1.14.1
--  checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c
+-    assert-plus: "npm:^1.0.0"
+-    jsprim: "npm:^2.0.2"
+-    sshpk: "npm:^1.14.1"
+-  checksum: 5f08e0c82174999da97114facb0d0d47e268d60b6fc10f92cb87b99d5ccccd36f79b9508c29dda0b4f4e3a1b2f7bcaf847e68ecd5da2f1fc465fcd1d054b7884
 +"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
 +  version: 1.1.3
 +  resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
@@ -203,47 +177,47 @@ index f374e10e33..12c06ad883 100644
    languageName: node
    linkType: hard
  
-@@ -25418,13 +25329,6 @@ __metadata:
+@@ -20609,13 +20520,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"jsbn@npm:~0.1.0":
 -  version: 0.1.1
 -  resolution: "jsbn@npm:0.1.1"
--  checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2
+-  checksum: 5450133242845100e694f0ef9175f44c012691a9b770b2571e677314e6f70600abb10777cdfc9a0c6a9f2ac6d134577403633de73e2fcd0f97875a67744e2d14
 -  languageName: node
 -  linkType: hard
 -
- "jsdoc-type-pratt-parser@npm:~2.2.5":
-   version: 2.2.5
-   resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
-@@ -25572,13 +25476,6 @@ __metadata:
+ "jscodeshift@npm:^0.14.0":
+   version: 0.14.0
+   resolution: "jscodeshift@npm:0.14.0"
+@@ -20767,13 +20671,6 @@ __metadata:
    languageName: node
    linkType: hard
  
--"json-schema@npm:0.2.3, json-schema@npm:0.4.0":
+-"json-schema@npm:0.4.0":
 -  version: 0.4.0
 -  resolution: "json-schema@npm:0.4.0"
--  checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72
+-  checksum: 8b3b64eff4a807dc2a3045b104ed1b9335cd8d57aa74c58718f07f0f48b8baa3293b00af4dcfbdc9144c3aafea1e97982cc27cc8e150fc5d93c540649507a458
 -  languageName: node
 -  linkType: hard
 -
  "json-source-map@npm:0.6.1":
    version: 0.6.1
    resolution: "json-source-map@npm:0.6.1"
-@@ -25709,30 +25606,6 @@ __metadata:
+@@ -20886,30 +20783,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"jsprim@npm:^1.2.2":
--  version: 1.4.1
--  resolution: "jsprim@npm:1.4.1"
+-  version: 1.4.2
+-  resolution: "jsprim@npm:1.4.2"
 -  dependencies:
--    assert-plus: 1.0.0
--    extsprintf: 1.3.0
--    json-schema: 0.2.3
--    verror: 1.10.0
--  checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373
+-    assert-plus: "npm:1.0.0"
+-    extsprintf: "npm:1.3.0"
+-    json-schema: "npm:0.4.0"
+-    verror: "npm:1.10.0"
+-  checksum: df2bf234eab1b5078d01bcbff3553d50a243f7b5c10a169745efeda6344d62798bd1d85bcca6a8446f3b5d0495e989db45f9de8dae219f0f9796e70e0c776089
 -  languageName: node
 -  linkType: hard
 -
@@ -251,50 +225,27 @@ index f374e10e33..12c06ad883 100644
 -  version: 2.0.2
 -  resolution: "jsprim@npm:2.0.2"
 -  dependencies:
--    assert-plus: 1.0.0
--    extsprintf: 1.3.0
--    json-schema: 0.4.0
--    verror: 1.10.0
--  checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838
+-    assert-plus: "npm:1.0.0"
+-    extsprintf: "npm:1.3.0"
+-    json-schema: "npm:0.4.0"
+-    verror: "npm:1.10.0"
+-  checksum: fcfca5b55f83e1b8be5f932c71754bd37afd2611f81685abd05689e8ce718a91155ff7bd5b94c65ce483a787b5c43c6d0c18c1d2259fca5bb61a3f8ea2e29c0a
 -  languageName: node
 -  linkType: hard
 -
  "jsurl@npm:^0.1.5":
    version: 0.1.5
    resolution: "jsurl@npm:0.1.5"
-@@ -26192,6 +26065,17 @@ __metadata:
+@@ -22734,7 +22607,7 @@ __metadata:
    languageName: node
    linkType: hard
  
-+"loader-utils@npm:2.0.0":
-+  version: 2.0.0
-+  resolution: "loader-utils@npm:2.0.0"
-+  dependencies:
-+    big.js: ^5.2.2
-+    emojis-list: ^3.0.0
-+    json5: ^2.1.2
-+  checksum: 6856423131b50b6f5f259da36f498cfd7fc3c3f8bb17777cf87fdd9159e797d4ba4288d9a96415fd8da62c2906960e88f74711dee72d03a9003bddcd0d364a51
-+  languageName: node
-+  linkType: hard
-+
- "loader-utils@npm:^2.0.0":
-   version: 2.0.3
-   resolution: "loader-utils@npm:2.0.3"
-@@ -27755,13 +27639,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
--"node-forge@npm:^1":
--  version: 1.3.1
--  resolution: "node-forge@npm:1.3.1"
--  checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9
--  languageName: node
--  linkType: hard
--
- "node-gettext@npm:^3.0.0":
-   version: 3.0.0
-   resolution: "node-gettext@npm:3.0.0"
-@@ -33404,7 +33281,7 @@ __metadata:
+-"node-forge@npm:^1, node-forge@npm:^1.3.1":
++"node-forge@npm:^1.3.1":
+   version: 1.3.1
+   resolution: "node-forge@npm:1.3.1"
+   checksum: 05bab6868633bf9ad4c3b1dd50ec501c22ffd69f556cdf169a00998ca1d03e8107a6032ba013852f202035372021b845603aeccd7dfcb58cdb7430013b3daa8d
+@@ -27151,7 +27024,7 @@ __metadata:
    languageName: node
    linkType: hard
  
@@ -302,17 +253,17 @@ index f374e10e33..12c06ad883 100644
 +"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
    version: 2.1.2
    resolution: "safer-buffer@npm:2.1.2"
-   checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
-@@ -33623,12 +33500,10 @@ __metadata:
+   checksum: 7eaf7a0cf37cc27b42fb3ef6a9b1df6e93a1c6d98c6c6702b02fe262d5fcbd89db63320793b99b21cb5348097d0a53de81bd5f4e8b86e20cc9412e3f1cfb4e83
+@@ -27282,12 +27155,10 @@ __metadata:
    languageName: node
    linkType: hard
  
--"selfsigned@npm:^2.0.1":
--  version: 2.0.1
--  resolution: "selfsigned@npm:2.0.1"
+-"selfsigned@npm:^2.1.1":
+-  version: 2.1.1
+-  resolution: "selfsigned@npm:2.1.1"
 -  dependencies:
--    node-forge: ^1
--  checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93
+-    node-forge: "npm:^1"
+-  checksum: 6005206e0d005448274aceceaded5195b944f67a42b72d212a6169d2e5f4bdc87c15a3fe45732c544db8c7175702091aaf95403ad6632585294a6ec8cca63638
 +"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
 +  version: 1.1.3
 +  resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
@@ -320,49 +271,49 @@ index f374e10e33..12c06ad883 100644
    languageName: node
    linkType: hard
  
-@@ -34591,27 +34466,6 @@ __metadata:
+@@ -28053,27 +27924,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
--  version: 1.16.1
--  resolution: "sshpk@npm:1.16.1"
+-  version: 1.17.0
+-  resolution: "sshpk@npm:1.17.0"
 -  dependencies:
--    asn1: ~0.2.3
--    assert-plus: ^1.0.0
--    bcrypt-pbkdf: ^1.0.0
--    dashdash: ^1.12.0
--    ecc-jsbn: ~0.1.1
--    getpass: ^0.1.1
--    jsbn: ~0.1.0
--    safer-buffer: ^2.0.2
--    tweetnacl: ~0.14.0
+-    asn1: "npm:~0.2.3"
+-    assert-plus: "npm:^1.0.0"
+-    bcrypt-pbkdf: "npm:^1.0.0"
+-    dashdash: "npm:^1.12.0"
+-    ecc-jsbn: "npm:~0.1.1"
+-    getpass: "npm:^0.1.1"
+-    jsbn: "npm:~0.1.0"
+-    safer-buffer: "npm:^2.0.2"
+-    tweetnacl: "npm:~0.14.0"
 -  bin:
 -    sshpk-conv: bin/sshpk-conv
 -    sshpk-sign: bin/sshpk-sign
 -    sshpk-verify: bin/sshpk-verify
--  checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857
+-  checksum: 668c2a279a6ce66fd739ce5684e37927dd75427cc020c828a208f85890a4c400705d4ba09f32fa44efca894339dc6931941664f6f6ba36dfa543de6d006cbe9c
 -  languageName: node
 -  linkType: hard
 -
- "ssri@npm:^8.0.0, ssri@npm:^8.0.1":
-   version: 8.0.1
-   resolution: "ssri@npm:8.0.1"
-@@ -36287,13 +36141,6 @@ __metadata:
+ "ssri@npm:^10.0.0, ssri@npm:^10.0.1":
+   version: 10.0.5
+   resolution: "ssri@npm:10.0.5"
+@@ -29479,13 +29329,6 @@ __metadata:
    languageName: node
    linkType: hard
  
 -"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
 -  version: 0.14.5
 -  resolution: "tweetnacl@npm:0.14.5"
--  checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487
+-  checksum: 04ee27901cde46c1c0a64b9584e04c96c5fe45b38c0d74930710751ea991408b405747d01dfae72f80fc158137018aea94f9c38c651cb9c318f0861a310c3679
 -  languageName: node
 -  linkType: hard
 -
  "type-check@npm:^0.4.0, type-check@npm:~0.4.0":
    version: 0.4.0
    resolution: "type-check@npm:0.4.0"
-@@ -37042,17 +36889,6 @@ __metadata:
+@@ -30199,17 +30042,6 @@ __metadata:
    languageName: node
    linkType: soft
  
@@ -370,28 +321,13 @@ index f374e10e33..12c06ad883 100644
 -  version: 1.10.0
 -  resolution: "verror@npm:1.10.0"
 -  dependencies:
--    assert-plus: ^1.0.0
--    core-util-is: 1.0.2
--    extsprintf: ^1.2.0
--  checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea
+-    assert-plus: "npm:^1.0.0"
+-    core-util-is: "npm:1.0.2"
+-    extsprintf: "npm:^1.2.0"
+-  checksum: da548149dd9c130a8a2587c9ee71ea30128d1526925707e2d01ed9c5c45c9e9f86733c66a328247cdd5f7c1516fb25b0f959ba754bfbe15072aa99ff96468a29
 -  languageName: node
 -  linkType: hard
 -
- "vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
-   version: 3.2.0
-   resolution: "vfile-location@npm:3.2.0"
-
-diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
-index e26f95d855..91d71f1414 100644
---- a/packages/grafana-data/package.json
-+++ b/packages/grafana-data/package.json
-@@ -33,7 +33,7 @@
-     "typecheck": "tsc --emitDeclarationOnly false --noEmit"
-   },
-   "dependencies": {
--    "@braintree/sanitize-url": "6.0.0",
-+    "@braintree/sanitize-url": "^6.0.0",
-     "@grafana/schema": "9.2.8",
-     "@types/d3-interpolate": "^1.4.0",
-     "d3-interpolate": "1.4.0",
-
+ "vinyl-fs@npm:^3.0.2":
+   version: 3.0.3
+   resolution: "vinyl-fs@npm:3.0.3"
diff --git a/SOURCES/0006-skip-marketplace-plugin-install-test.patch b/SOURCES/0006-skip-marketplace-plugin-install-test.patch
index d56fe4e..3180726 100644
--- a/SOURCES/0006-skip-marketplace-plugin-install-test.patch
+++ b/SOURCES/0006-skip-marketplace-plugin-install-test.patch
@@ -1,4 +1,4 @@
-From a23cb1162fd705147489915667b83a236ad248be Mon Sep 17 00:00:00 2001
+From ed8a438d72a667844ae07804491b568ad2f5dcdd Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Thu, 23 Jun 2022 17:00:46 +0200
 Subject: [PATCH] skip marketplace plugin install test
@@ -8,10 +8,10 @@ Network connectivity is disabled in the build environment for security
 reasons, therefore we need to disable this test.
 
 diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
-index 0d62275c4b..c237aa9389 100644
+index 4fc2295ed8..a326c40b04 100644
 --- a/pkg/tests/api/plugins/api_plugins_test.go
 +++ b/pkg/tests/api/plugins/api_plugins_test.go
-@@ -56,6 +56,7 @@ func TestPlugins(t *testing.T) {
+@@ -71,6 +71,7 @@ func TestIntegrationPlugins(t *testing.T) {
  		})
  
  		t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
diff --git a/SOURCES/0007-fix-alert-test.patch b/SOURCES/0007-fix-alert-test.patch
deleted file mode 100644
index 71039d1..0000000
--- a/SOURCES/0007-fix-alert-test.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
-From: Stan Cox <scox@redhat.com>
-Date: Wed, 22 Jun 2022 17:05:48 +0200
-Subject: [PATCH] fix alert test
-
-
-diff --git a/pkg/tests/api/alerting/api_alertmanager_test.go b/pkg/tests/api/alerting/api_alertmanager_test.go
-index 2d6e1235b6..f0eff6d2ac 100644
---- a/pkg/tests/api/alerting/api_alertmanager_test.go	2023-01-24 14:44:19.000000000 -0500
-+++ b/pkg/tests/api/alerting/api_alertmanager_test.go	2023-04-13 16:20:51.718515009 -0400
-@@ -210,7 +210,7 @@
- 		{
- 			"comment": "string",
- 			"createdBy": "string",
--			"endsAt": "2023-03-31T14:17:04.419Z",
-+			"endsAt": "2032-03-31T14:17:04.419Z",
- 			"matchers": [
- 			  {
- 				"isRegex": true,
diff --git a/SOURCES/0009-redact-weak-ciphers.patch b/SOURCES/0007-redact-weak-ciphers.patch
similarity index 52%
rename from SOURCES/0009-redact-weak-ciphers.patch
rename to SOURCES/0007-redact-weak-ciphers.patch
index 746d0c2..1b7148a 100644
--- a/SOURCES/0009-redact-weak-ciphers.patch
+++ b/SOURCES/0007-redact-weak-ciphers.patch
@@ -1,30 +1,30 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
+From 7ac26d6beb2175f0d6001ca0df322ce610401cce Mon Sep 17 00:00:00 2001
 From: Stan Cox <scox@redhat.com>
 Date: Wed, 22 Jun 2022 17:05:48 +0200
 Subject: [PATCH] redact weak ciphers
 
 
 diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go
-index 2d6e1235b6..f0eff6d2ac 100644
---- a/pkg/api/http_server.go	2023-01-24 14:44:19.000000000 -0500
-+++ b/pkg/api/http_server.go	2023-04-21 13:14:02.684857018 -0400
-@@ -489,13 +489,13 @@
+index da04044683..8a29270d4d 100644
+--- a/pkg/api/http_server.go
++++ b/pkg/api/http_server.go
+@@ -820,13 +820,13 @@ func (hs *HTTPServer) getDefaultCiphers(tlsVersion uint16, protocol string) []ui
  			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 -			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-+//			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
++			//			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 -			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 -			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 -			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 -			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 -			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-+//			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-+//			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-+//			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-+//			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-+//			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- 		},
++			//			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
++			//			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
++			//			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
++			//			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
++			//			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+ 		}
  	}
- 
+ 	if protocol == "h2" {
diff --git a/SOURCES/0008-graphite-functions-xss.patch b/SOURCES/0008-graphite-functions-xss.patch
deleted file mode 100644
index a686e9a..0000000
--- a/SOURCES/0008-graphite-functions-xss.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: ismail simsek <ismailsimsek09@gmail.com>
-Date:   Thu Mar 16 23:16:03 2023 +0100
-Subject: [PATCH] graphite functions xss
-
-commit e59427c074
-    [v9.2.x] Fix xss in Graphite functions tooltip (#810)
-    
-    Fix xss in Graphite functions tooltip (#804)
-    
-    (cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
-    
-    Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
-
-diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-index facd0b2511..d4d41da720 100644
---- a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-+++ b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-@@ -11,11 +11,9 @@ export interface FunctionEditorControlsProps {
- }
- 
- const FunctionDescription = React.lazy(async () => {
--  // @ts-ignore
--  const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
-   return {
-     default(props: { description?: string }) {
--      return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />;
-+      return <div>{props.description}</div>;
-     },
-   };
- });
diff --git a/SOURCES/0008-replace-faulty-slices-sort.patch b/SOURCES/0008-replace-faulty-slices-sort.patch
new file mode 100644
index 0000000..b9cea8c
--- /dev/null
+++ b/SOURCES/0008-replace-faulty-slices-sort.patch
@@ -0,0 +1,40 @@
+From 3f45f26993ed94837001bb9760d7859e7a057649 Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:00:55 -0500
+Subject: [PATCH] replace faulty slices sort
+
+
+diff --git a/pkg/services/sqlstore/migrator/dialect.go b/pkg/services/sqlstore/migrator/dialect.go
+index 183b619de8..da21edeafa 100644
+--- a/pkg/services/sqlstore/migrator/dialect.go
++++ b/pkg/services/sqlstore/migrator/dialect.go
+@@ -368,7 +368,8 @@ func (b *BaseDialect) InsertQuery(tableName string, row map[string]any) (string,
+ 	for col := range row {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
++	slices.Sort(keys)
++	//slices.Sort[string](keys)
+ 
+ 	// build query and values
+ 	for _, col := range keys {
+@@ -398,7 +399,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma
+ 	for col := range row {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
++	slices.Sort(keys)
++	//slices.Sort[string](keys)
+ 
+ 	// build update query and values
+ 	for _, col := range keys {
+@@ -411,7 +413,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma
+ 	for col := range where {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
++	slices.Sort(keys)
++	//slices.Sort[string](keys)
+ 
+ 	// build where clause and values
+ 	for _, col := range keys {
diff --git a/SOURCES/0009-update-wrappers-and-systemd-with-distro-paths.patch b/SOURCES/0009-update-wrappers-and-systemd-with-distro-paths.patch
new file mode 100644
index 0000000..5331ddf
--- /dev/null
+++ b/SOURCES/0009-update-wrappers-and-systemd-with-distro-paths.patch
@@ -0,0 +1,76 @@
+From 5fe02f961e67af04907dc57beda42456128ab1c8 Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:05:24 -0500
+Subject: [PATCH] update wrappers and systemd with distro paths
+
+
+diff --git a/packaging/rpm/systemd/grafana-server.service b/packaging/rpm/systemd/grafana-server.service
+index e3adc3f469..b2e4aced06 100644
+--- a/packaging/rpm/systemd/grafana-server.service
++++ b/packaging/rpm/systemd/grafana-server.service
+@@ -14,7 +14,7 @@ Restart=on-failure
+ WorkingDirectory=/usr/share/grafana
+ RuntimeDirectory=grafana
+ RuntimeDirectoryMode=0750
+-ExecStart=/usr/share/grafana/bin/grafana server                                     \
++ExecStart=/usr/sbin/grafana server                                     \
+                             --config=${CONF_FILE}                                   \
+                             --pidfile=${PID_FILE_DIR}/grafana-server.pid            \
+                             --packaging=rpm                                         \
+diff --git a/packaging/wrappers/grafana b/packaging/wrappers/grafana
+index 86e0fc9faa..5c88bae4c3 100755
+--- a/packaging/wrappers/grafana
++++ b/packaging/wrappers/grafana
+@@ -5,7 +5,7 @@
+ # the system-wide Grafana configuration that was bundled with the package as we
+ # use the binary.
+ 
+-DEFAULT=/etc/default/grafana
++DEFAULT=/etc/sysconfig/grafana-server
+ 
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana
+ DATA_DIR=/var/lib/grafana
+ PLUGINS_DIR=/var/lib/grafana/plugins
+ LOG_DIR=/var/log/grafana
+++LIBEXEC_DIR=/usr/libexec/grafana
+ 
+ CONF_FILE=$CONF_DIR/grafana.ini
+ PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
+ 
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
+++EXECUTABLE=$LIBEXEC_DIR/grafana
+ 
+ if [ ! -x $EXECUTABLE ]; then
+  echo "$EXECUTABLE not installed or not executable"
+@@ -46,4 +47,13 @@ if [ "$CMD" = cli ]; then
+        --pluginsDir=${PLUGINS_DIR}"
+ fi
+ 
+-eval $EXECUTABLE "$CMD" "$OPTS" "$@"
++if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
++  cd "${GRAFANA_HOME}"
++  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@"
++elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
++  cd "${GRAFANA_HOME}"
++  exec "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@"
++else
++  echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
++  exit 5
++fi
+\ No newline at end of file
+diff --git a/packaging/wrappers/grafana-server b/packaging/wrappers/grafana-server
+index 466b0d7c69..6be356f562 100755
+--- a/packaging/wrappers/grafana-server
++++ b/packaging/wrappers/grafana-server
+@@ -7,7 +7,8 @@
+ 
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
++LIBEXEC_DIR=/usr/libexec/grafana
++EXECUTABLE=$LIBEXEC_DIR/grafana
+ 
+ if [ ! -x $EXECUTABLE ]; then
+  echo "$EXECUTABLE not installed or not executable"
diff --git a/SOURCES/0010-remove-bcrypt-references.patch b/SOURCES/0010-remove-bcrypt-references.patch
new file mode 100644
index 0000000..d617c85
--- /dev/null
+++ b/SOURCES/0010-remove-bcrypt-references.patch
@@ -0,0 +1,108 @@
+From eb711315d4c8a81ff52984293758a47372c21b8d Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:07:22 -0500
+Subject: [PATCH] remove bcrypt references
+
+
+diff --git a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
+index 8c5a90248d..43f6d11e08 100644
+--- a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
++++ b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
+@@ -19,7 +19,6 @@ import (
+ 	"github.com/ory/fosite/compose"
+ 	"github.com/ory/fosite/storage"
+ 	"github.com/ory/fosite/token/jwt"
+-	"golang.org/x/crypto/bcrypt"
+ 
+ 	"github.com/grafana/grafana/pkg/api/routing"
+ 	"github.com/grafana/grafana/pkg/bus"
+@@ -235,88 +234,7 @@ func (s *OAuth2ServiceImpl) RemoveExternalService(ctx context.Context, name stri
+ // it ensures that the associated service account has the correct permissions.
+ // Database consistency is not guaranteed, consider changing this in the future.
+ func (s *OAuth2ServiceImpl) SaveExternalService(ctx context.Context, registration *extsvcauth.ExternalServiceRegistration) (*extsvcauth.ExternalService, error) {
+-	if registration == nil {
+-		s.logger.Warn("RegisterExternalService called without registration")
+-		return nil, nil
+-	}
+-	slug := registration.Name
+-	s.logger.Info("Registering external service", "external service", slug)
+-
+-	// Check if the client already exists in store
+-	client, errFetchExtSvc := s.sqlstore.GetExternalServiceByName(ctx, slug)
+-	if errFetchExtSvc != nil && !errors.Is(errFetchExtSvc, oauthserver.ErrClientNotFound) {
+-		s.logger.Error("Error fetching service", "external service", slug, "error", errFetchExtSvc)
+-		return nil, errFetchExtSvc
+-	}
+-	// Otherwise, create a new client
+-	if client == nil {
+-		s.logger.Debug("External service does not yet exist", "external service", slug)
+-		client = &oauthserver.OAuthExternalService{
+-			Name:             slug,
+-			ServiceAccountID: oauthserver.NoServiceAccountID,
+-			Audiences:        s.cfg.AppURL,
+-		}
+-	}
+-
+-	// Parse registration form to compute required permissions for the client
+-	client.SelfPermissions, client.ImpersonatePermissions = s.handleRegistrationPermissions(registration)
+-
+-	if registration.OAuthProviderCfg == nil {
+-		return nil, errors.New("missing oauth provider configuration")
+-	}
+-
+-	if registration.OAuthProviderCfg.RedirectURI != nil {
+-		client.RedirectURI = *registration.OAuthProviderCfg.RedirectURI
+-	}
+-
+-	var errGenCred error
+-	client.ClientID, client.Secret, errGenCred = s.genCredentials()
+-	if errGenCred != nil {
+-		s.logger.Error("Error generating credentials", "client", client.LogID(), "error", errGenCred)
+-		return nil, errGenCred
+-	}
+-
+-	grantTypes := s.computeGrantTypes(registration.Self.Enabled, registration.Impersonation.Enabled)
+-	client.GrantTypes = strings.Join(grantTypes, ",")
+-
+-	// Handle key options
+-	s.logger.Debug("Handle key options")
+-	keys, err := s.handleKeyOptions(ctx, registration.OAuthProviderCfg.Key)
+-	if err != nil {
+-		s.logger.Error("Error handling key options", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	if keys != nil {
+-		client.PublicPem = []byte(keys.PublicPem)
+-	}
+-	dto := client.ToExternalService(keys)
+-
+-	hashedSecret, err := bcrypt.GenerateFromPassword([]byte(client.Secret), bcrypt.DefaultCost)
+-	if err != nil {
+-		s.logger.Error("Error hashing secret", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	client.Secret = string(hashedSecret)
+-
+-	s.logger.Debug("Save service account")
+-	saID, errSaveServiceAccount := s.saService.ManageExtSvcAccount(ctx, &serviceaccounts.ManageExtSvcAccountCmd{
+-		ExtSvcSlug:  slugify.Slugify(client.Name),
+-		Enabled:     registration.Self.Enabled,
+-		OrgID:       oauthserver.TmpOrgID,
+-		Permissions: client.SelfPermissions,
+-	})
+-	if errSaveServiceAccount != nil {
+-		return nil, errSaveServiceAccount
+-	}
+-	client.ServiceAccountID = saID
+-
+-	err = s.sqlstore.SaveExternalService(ctx, client)
+-	if err != nil {
+-		s.logger.Error("Error saving external service", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	s.logger.Debug("Registered", "client", client.LogID())
+-	return dto, nil
++	panic("bcrypt cipher not available")
+ }
+ 
+ // randString generates a a cryptographically secure random string of n bytes
diff --git a/SOURCES/0010-skip-tests.patch b/SOURCES/0010-skip-tests.patch
deleted file mode 100644
index 832ac3b..0000000
--- a/SOURCES/0010-skip-tests.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
-From: Stan Cox <scox@redhat.com>
-Date: Wed, 22 Jun 2022 17:05:48 +0200
-Subject: [PATCH] skip tests
-
-These tests are problematic on s390 but lint complains about patches
-in an %ifarch block so apply to all architectures.
-
-diff --git a/pkg/services/ngalert/notifier/alertmanager_test.go b/pkg/services/ngalert/notifier/alertmanager_test.go
---- a/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-04 22:38:26.566930436 -0400
-+++ b/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-06 13:25:43.785556819 -0400
-@@ -54,6 +54,7 @@
- }
- 
- func TestPutAlert(t *testing.T) {
-+	t.Skip("Skip testing TestPutAlert")
- 	am := setupAMTest(t)
- 
- 	startTime := time.Now()
-@@ -350,6 +351,7 @@
- // implement a custom maintenance function for silences, because we snapshot
- // our data differently, so we test that functionality.
- func TestSilenceCleanup(t *testing.T) {
-+	t.Skip("Skip testing TestSilenceCleanup")
- 	require := require.New(t)
- 
- 	oldRetention := retentionNotificationsAndSilences
-diff --git a/pkg/services/ngalert/state/manager_test.go b/pkg/services/ngalert/state/manager_test.go
---- a/pkg/services/ngalert/state/manager_test.go	2023-06-04 22:38:26.570930475 -0400
-+++ b/pkg/services/ngalert/state/manager_test.go	2023-06-06 13:26:47.588172342 -0400
-@@ -78,6 +78,7 @@
- }
- 
- func TestProcessEvalResults(t *testing.T) {
-+	t.Skip("Skip testing TestProcessEvalResults")
- 	evaluationTime, err := time.Parse("2006-01-02", "2021-03-25")
- 	if err != nil {
- 		t.Fatalf("error parsing date format: %s", err.Error())
-diff --git a/pkg/services/ngalert/schedule/schedule_test.go b/pkg/services/ngalert/schedule/schedule_test.go
---- a/pkg/services/ngalert/schedule/schedule_test.go	2023-06-04 22:38:26.569930465 -0400
-+++ b/pkg/services/ngalert/schedule/schedule_test.go	2023-06-06 13:27:14.475431726 -0400
-@@ -130,6 +130,7 @@
- }
- 
- func TestAlertingTicker(t *testing.T) {
-+	t.Skip("Skip testing TestAlertingTicker")
- 	ctx := context.Background()
- 	_, dbstore := tests.SetupTestEnv(t, 1)
- 
-diff --git a/pkg/infra/filestorage/fs_integration_test.go b/pkg/infra/filestorage/fs_integration_test.go
---- a/pkg/infra/filestorage/fs_integration_test.go	2023-06-04 22:38:26.539930172 -0400
-+++ b/pkg/infra/filestorage/fs_integration_test.go	2023-06-06 13:27:48.535760305 -0400
-@@ -169,6 +169,7 @@
- }
- 
- func TestIntegrationFsStorage(t *testing.T) {
-+	t.Skip("Skip testing TestIntegrationFsStorage")
- 	if testing.Short() {
- 		t.Skip("skipping integration test")
- 	}
-diff --git a/pkg/tests/api/alerting/api_prometheus_test.go b/pkg/tests/api/alerting/api_prometheus_test.go
---- a/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-04 22:38:26.588930651 -0400
-+++ b/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-06 13:28:13.260998838 -0400
-@@ -25,6 +25,7 @@
- )
- 
- func TestPrometheusRules(t *testing.T) {
-+	t.Skip("Skip testing TestPrometheusRules")
- 	dir, path := testinfra.CreateGrafDir(t, testinfra.GrafanaOpts{
- 		DisableLegacyAlerting: true,
- 		EnableUnifiedAlerting: true,
diff --git a/SOURCES/0011-remove-email-lookup.patch b/SOURCES/0011-remove-email-lookup.patch
deleted file mode 100644
index 27a68b1..0000000
--- a/SOURCES/0011-remove-email-lookup.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-commit bae86dbeb0
-Author: Ieva <ieva.vasiljeva@grafana.com>
-Date:   Tue Jun 6 17:45:31 2023 +0100
-
-    Auth: Remove Email Lookup from oauth integrations 9.2 (#898)
-    
-    backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x
-
-diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
-index 22014aee43..af00c56a68 100644
---- a/pkg/api/login_oauth.go
-+++ b/pkg/api/login_oauth.go
-@@ -302,16 +302,17 @@
- 	connect social.SocialConnector,
- ) (*user.User, error) {
- 	oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
-+	lookupParams := models.UserLookupParams{}
-+	if hs.Cfg.OAuthAllowInsecureEmailLookup {
-+		lookupParams.Email = &extUser.Email
-+	}
-+
- 	// add/update user in Grafana
- 	cmd := &models.UpsertUserCommand{
--		ReqContext:    ctx,
--		ExternalUser:  extUser,
--		SignupAllowed: connect.IsSignupAllowed(),
--		UserLookupParams: models.UserLookupParams{
--			Email:  &extUser.Email,
--			UserID: nil,
--			Login:  nil,
--		},
-+		ReqContext:       ctx,
-+		ExternalUser:     extUser,
-+		SignupAllowed:    connect.IsSignupAllowed(),
-+		UserLookupParams: lookupParams,
- 	}
- 
- 	if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
-diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
-index 20e8f78a2f..03aa5c17d8 100644
---- a/pkg/setting/setting.go
-+++ b/pkg/setting/setting.go
-@@ -318,7 +318,8 @@
- 	AuthProxySyncTTL          int
- 
- 	// OAuth
--	OAuthCookieMaxAge int
-+	OAuthCookieMaxAge             int
-+	OAuthAllowInsecureEmailLookup bool
- 
- 	// JWT Auth
- 	JWTAuthEnabled                 bool
-@@ -1256,6 +1256,8 @@
- 		return err
- 	}
- 
-+	cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
-+
- 	const defaultMaxLifetime = "30d"
- 	maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
- 	cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)
diff --git a/SOURCES/0012-coredump-selinux-error.patch b/SOURCES/0012-coredump-selinux-error.patch
deleted file mode 100644
index 5bdcc5b..0000000
--- a/SOURCES/0012-coredump-selinux-error.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go
-index 20d111edba..6655f81cee 100644
---- a/pkg/framework/coremodel/helpers.go
-+++ b/pkg/framework/coremodel/helpers.go
-@@ -26,7 +26,7 @@ func init() {
- 	var err error
- 	defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext())
- 	if err != nil {
--		panic(err)
-+//		panic(err)
- 	}
- }
- 
diff --git a/SOURCES/1001-vendor-patch-removed-backend-crypto.patch b/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
index c8786da..82707ca 100644
--- a/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
+++ b/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
@@ -35,178 +35,8 @@ index 0000000000..871e612a61
 +func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
 +	panic("ElGamal encryption not available")
 +}
-diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
-index 0a19794a8e..25a5ee9158 100644
---- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
-+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
-@@ -22,7 +22,6 @@ import (
- 	"math/big"
- 	"math/bits"
- 
--	"golang.org/x/crypto/cast5"
- 	"golang.org/x/crypto/openpgp/errors"
- )
- 
-@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {
- 	case Cipher3DES:
- 		return 24
- 	case CipherCAST5:
--		return cast5.KeySize
-+		panic("cast5 cipher not available")
- 	case CipherAES128:
- 		return 16
- 	case CipherAES192:
-@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
- 	case Cipher3DES:
- 		block, _ = des.NewTripleDESCipher(key)
- 	case CipherCAST5:
--		block, _ = cast5.NewCipher(key)
-+		panic("cast5 cipher not available")
- 	case CipherAES128, CipherAES192, CipherAES256:
- 		block, _ = aes.NewCipher(key)
- 	}
-diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
-index 6126030eb9..3a54c5f2b1 100644
---- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
-+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
-@@ -5,13 +5,12 @@
- package packet
- 
- import (
--	"crypto/cipher"
- 	"crypto/sha1"
- 	"crypto/subtle"
--	"golang.org/x/crypto/openpgp/errors"
- 	"hash"
- 	"io"
--	"strconv"
-+
-+	"golang.org/x/crypto/openpgp/errors"
- )
- 
- // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
-@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
- // packet can be read. An incorrect key can, with high probability, be detected
- // immediately and this will result in a KeyIncorrect error being returned.
- func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
--	keySize := c.KeySize()
--	if keySize == 0 {
--		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
--	}
--	if len(key) != keySize {
--		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
--	}
--
--	if se.prefix == nil {
--		se.prefix = make([]byte, c.blockSize()+2)
--		_, err := readFull(se.contents, se.prefix)
--		if err != nil {
--			return nil, err
--		}
--	} else if len(se.prefix) != c.blockSize()+2 {
--		return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
--	}
--
--	ocfbResync := OCFBResync
--	if se.MDC {
--		// MDC packets use a different form of OCFB mode.
--		ocfbResync = OCFBNoResync
--	}
--
--	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
--	if s == nil {
--		return nil, errors.ErrKeyIncorrect
--	}
--
--	plaintext := cipher.StreamReader{S: s, R: se.contents}
--
--	if se.MDC {
--		// MDC packets have an embedded hash that we need to check.
--		h := sha1.New()
--		h.Write(se.prefix)
--		return &seMDCReader{in: plaintext, h: h}, nil
--	}
--
--	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
--	return seReader{plaintext}, nil
-+	panic("OCFB cipher not available")
- }
- 
- // seReader wraps an io.Reader with a no-op Close method.
-@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
- // written.
- // If config is nil, sensible defaults will be used.
- func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
--	if c.KeySize() != len(key) {
--		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
--	}
--	writeCloser := noOpCloser{w}
--	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
--	if err != nil {
--		return
--	}
--
--	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
--	if err != nil {
--		return
--	}
--
--	block := c.new(key)
--	blockSize := block.BlockSize()
--	iv := make([]byte, blockSize)
--	_, err = config.Random().Read(iv)
--	if err != nil {
--		return
--	}
--	s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
--	_, err = ciphertext.Write(prefix)
--	if err != nil {
--		return
--	}
--	plaintext := cipher.StreamWriter{S: s, W: ciphertext}
--
--	h := sha1.New()
--	h.Write(iv)
--	h.Write(iv[blockSize-2:])
--	contents = &seMDCWriter{w: plaintext, h: h}
--	return
-+	panic("OCFB cipher not available")
- }
-diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go
-index 484ca51b71..5f502b8df1 100644
---- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
-+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
-@@ -11,8 +11,6 @@ import (
- 	"crypto/x509/pkix"
- 	"encoding/asn1"
- 	"errors"
--
--	"golang.org/x/crypto/pkcs12/internal/rc2"
- )
- 
- var (
-@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
- 
- type shaWith40BitRC2CBC struct{}
- 
--func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
--	return rc2.New(key, len(key)*8)
--}
--
- func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
- 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)
- }
-@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
- 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
- 		cipherType = shaWithTripleDESCBC{}
- 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
--		cipherType = shaWith40BitRC2CBC{}
-+		panic("RC2 encryption not available")
- 	default:
- 		return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
- 	}
 diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
-index ae3ebc03b9..11dbc3c56e 100644
+index c607a16..11dbc3c 100644
 --- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
 +++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
 @@ -16,14 +16,11 @@
@@ -224,7 +54,7 @@ index ae3ebc03b9..11dbc3c56e 100644
  )
  
  // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP
-@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
+@@ -37,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
  	"Content-Security-Policy":   nil,
  }
  
@@ -247,7 +77,7 @@ index ae3ebc03b9..11dbc3c56e 100644
  // validateHeaderConfig checks that the provided header configuration is correct.
  // It does not check the validity of all the values, only the ones which are
  // well-defined enumerations.
-@@ -67,60 +49,3 @@ type webHandler struct {
+@@ -84,60 +65,3 @@ type webHandler struct {
  	// only once in parallel as this is CPU intensive.
  	bcryptMtx sync.Mutex
  }
@@ -309,41 +139,81 @@ index ae3ebc03b9..11dbc3c56e 100644
 -	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 -}
 diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
---- grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go	2023-03-13 20:00:00.000000000 -0400
-+++ /tmp/rpkg/grafana-1-v6p2z4of/grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go	2023-03-16 13:43:13.300238021 -0400
-@@ -18,12 +18,8 @@
+index 61383bc..7f71298 100644
+--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
++++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
+@@ -18,16 +18,10 @@ import (
  	"crypto/x509"
+ 	"errors"
  	"fmt"
- 	"io/ioutil"
 -	"net"
 -	"net/http"
+ 	"os"
  	"path/filepath"
  
+-	"github.com/coreos/go-systemd/v22/activation"
 -	"github.com/go-kit/log"
 -	"github.com/go-kit/log/level"
- 	"github.com/pkg/errors"
  	config_util "github.com/prometheus/common/config"
+-	"golang.org/x/sync/errgroup"
  	"gopkg.in/yaml.v2"
-@@ -177,98 +173,6 @@
- 	return cfg, nil
- }
+ )
  
--// ListenAndServe starts the server on the given address. Based on the file
--// tlsConfigPath, TLS or basic auth could be enabled.
--func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {
--	listener, err := net.Listen("tcp", server.Addr)
--	if err != nil {
--		return err
+@@ -263,132 +257,16 @@ func ConfigToTLSConfig(c *TLSConfig) (*tls.Config, error) {
+ 
+ // ServeMultiple starts the server on the given listeners. The FlagConfig is
+ // also passed on to Serve.
+-func ServeMultiple(listeners []net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error {
+-	errs := new(errgroup.Group)
+-	for _, l := range listeners {
+-		l := l
+-		errs.Go(func() error {
+-			return Serve(l, server, flags, logger)
+-		})
 -	}
--	defer listener.Close()
--	return Serve(listener, server, tlsConfigPath, logger)
+-	return errs.Wait()
 -}
+ 
+ // ListenAndServe starts the server on addresses given in WebListenAddresses in
+ // the FlagConfig or instead uses systemd socket activated listeners if
+ // WebSystemdSocket in the FlagConfig is true. The FlagConfig is also passed on
+ // to ServeMultiple.
+-func ListenAndServe(server *http.Server, flags *FlagConfig, logger log.Logger) error {
+-	if flags.WebSystemdSocket == nil && (flags.WebListenAddresses == nil || len(*flags.WebListenAddresses) == 0) {
+-		return ErrNoListeners
+-	}
 -
--// Server starts the server on the given listener. Based on the file
--// tlsConfigPath, TLS or basic auth could be enabled.
--func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {
+-	if flags.WebSystemdSocket != nil && *flags.WebSystemdSocket {
+-		level.Info(logger).Log("msg", "Listening on systemd activated listeners instead of port listeners.")
+-		listeners, err := activation.Listeners()
+-		if err != nil {
+-			return err
+-		}
+-		if len(listeners) < 1 {
+-			return errors.New("no socket activation file descriptors found")
+-		}
+-		return ServeMultiple(listeners, server, flags, logger)
+-	}
+-
+-	listeners := make([]net.Listener, 0, len(*flags.WebListenAddresses))
+-	for _, address := range *flags.WebListenAddresses {
+-		listener, err := net.Listen("tcp", address)
+-		if err != nil {
+-			return err
+-		}
+-		defer listener.Close()
+-		listeners = append(listeners, listener)
+-	}
+-	return ServeMultiple(listeners, server, flags, logger)
+-}
+ 
+ // Server starts the server on the given listener. Based on the file path
+ // WebConfigFile in the FlagConfig, TLS or basic auth could be enabled.
+-func Serve(l net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error {
+-	level.Info(logger).Log("msg", "Listening on", "address", l.Addr().String())
+-	tlsConfigPath := *flags.WebConfigFile
 -	if tlsConfigPath == "" {
--		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
+-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String())
 -		return server.Serve(l)
 -	}
 -
@@ -376,10 +246,10 @@ diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/v
 -			server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 -		}
 -		// Valid TLS config.
--		level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)
+-		level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2, "address", l.Addr().String())
 -	case errNoTLSConfig:
 -		// No TLS config, back to plain HTTP.
--		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
+-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String())
 -		return server.Serve(l)
 -	default:
 -		// Invalid TLS config.
@@ -400,8 +270,8 @@ diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/v
 -	}
 -	return server.ServeTLS(l, "", "")
 -}
--
--// Validate configuration file by reading the configuration and the certificates.
+ 
+ // Validate configuration file by reading the configuration and the certificates.
 -func Validate(tlsConfigPath string) error {
 -	if tlsConfigPath == "" {
 -		return nil
@@ -419,11 +289,10 @@ diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/v
 -	}
 -	return err
 -}
--
- type cipher uint16
  
- func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
-@@ -351,11 +255,3 @@
+ type Cipher uint16
+ 
+@@ -472,11 +350,3 @@ func (tv *TLSVersion) MarshalYAML() (interface{}, error) {
  	}
  	return fmt.Sprintf("%v", tv), nil
  }
@@ -432,725 +301,1834 @@ diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/v
 -// tlsConfigPath, TLS or basic auth could be enabled.
 -//
 -// Deprecated: Use ListenAndServe instead.
--func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
--	return ListenAndServe(server, tlsConfigPath, logger)
+-func Listen(server *http.Server, flags *FlagConfig, logger log.Logger) error {
+-	return ListenAndServe(server, flags, logger)
 -}
-diff a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go
---- a/vendor/github.com/go-git/go-git/v5/options.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/options.go	2022-12-20 10:24:35.162653691 -0500
-@@ -7,7 +7,7 @@
- 	"strings"
- 	"time"
- 
--	"github.com/ProtonMail/go-crypto/openpgp"
-+	//	"github.com/ProtonMail/go-crypto/openpgp"
- 	"github.com/go-git/go-git/v5/config"
- 	"github.com/go-git/go-git/v5/plumbing"
- 	"github.com/go-git/go-git/v5/plumbing/object"
-@@ -434,7 +434,7 @@
- 	// SignKey denotes a key to sign the commit with. A nil value here means the
- 	// commit will not be signed. The private key must be present and already
- 	// decrypted.
--	SignKey *openpgp.Entity
-+	//	SignKey *openpgp.Entity
- }
- 
- // Validate validates the fields and sets the default values.
-@@ -517,7 +517,7 @@
- 	Message string
- 	// SignKey denotes a key to sign the tag with. A nil value here means the tag
- 	// will not be signed. The private key must be present and already decrypted.
--	SignKey *openpgp.Entity
-+	//	SignKey *openpgp.Entity
- }
- 
- // Validate validates the fields and sets the default values.
-diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
---- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go	2022-12-20 10:33:26.630073026 -0500
-@@ -9,7 +9,7 @@
- 	"io"
- 	"strings"
- 
--	"github.com/ProtonMail/go-crypto/openpgp"
-+	//	"github.com/ProtonMail/go-crypto/openpgp"
- 
- 	"github.com/go-git/go-git/v5/plumbing"
- 	"github.com/go-git/go-git/v5/plumbing/storer"
-@@ -354,7 +354,8 @@
- 
- // Verify performs PGP verification of the commit with a provided armored
- // keyring and returns openpgp.Entity associated with verifying key on success.
--func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
-+func (c *Commit) Verify(armoredKeyRing string) (*int, error) {
-+	/*
- 	keyRingReader := strings.NewReader(armoredKeyRing)
- 	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
- 	if err != nil {
-@@ -375,6 +376,8 @@
- 	}
- 
- 	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
-+	*/
-+	return nil,  nil
- }
- 
- func indent(t string) string {
-diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go
---- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go	2022-12-20 10:37:05.542949113 -0500
-@@ -6,9 +6,9 @@
- 	"fmt"
- 	"io"
- 	stdioutil "io/ioutil"
--	"strings"
-+	//	"strings"
- 
--	"github.com/ProtonMail/go-crypto/openpgp"
-+	//	"github.com/ProtonMail/go-crypto/openpgp"
- 
- 	"github.com/go-git/go-git/v5/plumbing"
- 	"github.com/go-git/go-git/v5/plumbing/storer"
-@@ -284,7 +284,8 @@
- 
- // Verify performs PGP verification of the tag with a provided armored
- // keyring and returns openpgp.Entity associated with verifying key on success.
--func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
-+func (t *Tag) Verify(armoredKeyRing string) (*int, error) {
-+	/*
- 	keyRingReader := strings.NewReader(armoredKeyRing)
- 	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
- 	if err != nil {
-@@ -305,6 +306,8 @@
- 	}
- 
- 	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil)
-+	*/
-+	return nil, nil
- }
- 
- // TagIter provides an iterator for a set of tags.
-diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go
---- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go	2022-12-20 13:42:13.659296361 -0500
-@@ -1,6 +1,7 @@
- package ssh
- 
- import (
-+	/*
- 	"errors"
- 	"fmt"
- 	"io/ioutil"
-@@ -14,6 +15,7 @@
- 	sshagent "github.com/xanzy/ssh-agent"
- 	"golang.org/x/crypto/ssh"
- 	"golang.org/x/crypto/ssh/knownhosts"
-+	*/
+diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
+index 5760cff..0c87736 100644
+--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
+@@ -8,8 +8,6 @@ import (
+ 	"crypto/aes"
+ 	"crypto/cipher"
+ 	"crypto/des"
+-
+-	"golang.org/x/crypto/cast5"
  )
  
- const DefaultUsername = "git"
-@@ -22,10 +24,12 @@
- // must implement. The clientConfig method returns the ssh client
- // configuration needed to establish an ssh connection.
- type AuthMethod interface {
-+	/*
- 	transport.AuthMethod
- 	// ClientConfig should return a valid ssh.ClientConfig to be used to create
- 	// a connection to the SSH server.
- 	ClientConfig() (*ssh.ClientConfig, error)
-+	*/
- }
+ // Cipher is an official symmetric key cipher algorithm. See RFC 4880,
+@@ -38,7 +36,6 @@ const (
+ // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
+ var CipherById = map[uint8]Cipher{
+ 	TripleDES.Id(): TripleDES,
+-	CAST5.Id():     CAST5,
+ 	AES128.Id():    AES128,
+ 	AES192.Id():    AES192,
+ 	AES256.Id():    AES256,
+@@ -53,7 +50,6 @@ func (sk CipherFunction) Id() uint8 {
  
- // The names of the AuthMethod implementations. To be returned by the
-@@ -42,78 +46,101 @@
- // KeyboardInteractive implements AuthMethod by using a
- // prompt/response sequence controlled by the server.
- type KeyboardInteractive struct {
-+	/*
- 	User      string
- 	Challenge ssh.KeyboardInteractiveChallenge
- 	HostKeyCallbackHelper
-+	*/
- }
- 
- func (a *KeyboardInteractive) Name() string {
--	return KeyboardInteractiveName
-+	//	return KeyboardInteractiveName
-+	return ""
- }
- 
- func (a *KeyboardInteractive) String() string {
--	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+ 	return ""
- }
- 
--func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) {
-+func (a *KeyboardInteractive) ClientConfig() (*int, error) {
-+	/*
- 	return a.SetHostKeyCallback(&ssh.ClientConfig{
- 		User: a.User,
- 		Auth: []ssh.AuthMethod{
- 			a.Challenge,
- 		},
- 	})
-+	*/
-+	return nil, nil
- }
- 
- // Password implements AuthMethod by using the given password.
- type Password struct {
-+	/*
- 	User     string
- 	Password string
- 	HostKeyCallbackHelper
-+	*/
- }
- 
- func (a *Password) Name() string {
--	return PasswordName
-+	//	return PasswordName
-+	return ""
- }
- 
- func (a *Password) String() string {
--	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	return ""
- }
- 
--func (a *Password) ClientConfig() (*ssh.ClientConfig, error) {
-+func (a *Password) ClientConfig() (*int, error) {
-+	/*
- 	return a.SetHostKeyCallback(&ssh.ClientConfig{
- 		User: a.User,
- 		Auth: []ssh.AuthMethod{ssh.Password(a.Password)},
- 	})
-+	*/
-+	return nil, nil
- }
- 
- // PasswordCallback implements AuthMethod by using a callback
- // to fetch the password.
- type PasswordCallback struct {
-+	/*
- 	User     string
- 	Callback func() (pass string, err error)
- 	HostKeyCallbackHelper
-+	*/
- }
- 
- func (a *PasswordCallback) Name() string {
--	return PasswordCallbackName
-+	//	return PasswordCallbackName
-+	return ""
- }
- 
- func (a *PasswordCallback) String() string {
--	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	return ""
- }
- 
--func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) {
-+func (a *PasswordCallback) ClientConfig() (*int, error) {
-+	/*
- 	return a.SetHostKeyCallback(&ssh.ClientConfig{
- 		User: a.User,
- 		Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)},
- 	})
-+	*/
-+	return nil, nil
- }
- 
- // PublicKeys implements AuthMethod by using the given key pairs.
- type PublicKeys struct {
-+	/*
- 	User   string
- 	Signer ssh.Signer
- 	HostKeyCallbackHelper
-+	*/
- }
- 
- // NewPublicKeys returns a PublicKeys from a PEM encoded private key. An
-@@ -121,6 +148,7 @@
- // encrypted PEM block otherwise password should be empty. It supports RSA
- // (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys.
- func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) {
-+	/*
- 	signer, err := ssh.ParsePrivateKey(pemBytes)
- 	if _, ok := err.(*ssh.PassphraseMissingError); ok {
- 		signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password))
-@@ -129,36 +157,47 @@
- 		return nil, err
+ var keySizeByID = map[uint8]int{
+ 	TripleDES.Id(): 24,
+-	CAST5.Id():     cast5.KeySize,
+ 	AES128.Id():    16,
+ 	AES192.Id():    24,
+ 	AES256.Id():    32,
+@@ -65,7 +61,7 @@ func (cipher CipherFunction) KeySize() int {
+ 	case TripleDES:
+ 		return 24
+ 	case CAST5:
+-		return cast5.KeySize
++		panic("cast5 cipher not available")
+ 	case AES128:
+ 		return 16
+ 	case AES192:
+@@ -82,7 +78,7 @@ func (cipher CipherFunction) BlockSize() int {
+ 	case TripleDES:
+ 		return des.BlockSize
+ 	case CAST5:
+-		return 8
++		panic("cast5 cipher not available")
+ 	case AES128, AES192, AES256:
+ 		return 16
  	}
- 	return &PublicKeys{User: user, Signer: signer}, nil
-+	*/
-+	return nil, nil
- }
- 
- // NewPublicKeysFromFile returns a PublicKeys from a file containing a PEM
- // encoded private key. An encryption password should be given if the pemBytes
- // contains a password encrypted PEM block otherwise password should be empty.
- func NewPublicKeysFromFile(user, pemFile, password string) (*PublicKeys, error) {
-+	/*
- 	bytes, err := ioutil.ReadFile(pemFile)
- 	if err != nil {
- 		return nil, err
+@@ -96,7 +92,7 @@ func (cipher CipherFunction) New(key []byte) (block cipher.Block) {
+ 	case TripleDES:
+ 		block, err = des.NewTripleDESCipher(key)
+ 	case CAST5:
+-		block, err = cast5.NewCipher(key)
++		panic("cast5 cipher not available")
+ 	case AES128, AES192, AES256:
+ 		block, err = aes.NewCipher(key)
  	}
+diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
+index a436959..420df86 100644
+--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
+@@ -15,7 +15,6 @@ import (
  
- 	return NewPublicKeys(user, bytes, password)
-+	*/
-+	return nil, nil
- }
- 
- func (a *PublicKeys) Name() string {
--	return PublicKeysName
-+	//	return PublicKeysName
-+	return ""
- }
- 
- func (a *PublicKeys) String() string {
--	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	return ""
- }
- 
--func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) {
-+func (a *PublicKeys) ClientConfig() (*int, error) {
-+	/*
- 	return a.SetHostKeyCallback(&ssh.ClientConfig{
- 		User: a.User,
- 		Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)},
- 	})
-+	*/
-+	return nil, nil
- }
- 
- func username() (string, error) {
-+	/*
- 	var username string
- 	if user, err := user.Current(); err == nil {
- 		username = user.Username
-@@ -171,20 +210,25 @@
- 	}
- 
- 	return username, nil
-+	*/
-+	return "",  nil
- }
- 
- // PublicKeysCallback implements AuthMethod by asking a
- // ssh.agent.Agent to act as a signer.
- type PublicKeysCallback struct {
-+	/*
- 	User     string
- 	Callback func() (signers []ssh.Signer, err error)
- 	HostKeyCallbackHelper
-+	*/
- }
- 
- // NewSSHAgentAuth returns a PublicKeysCallback based on a SSH agent, it opens
- // a pipe with the SSH agent and uses the pipe as the implementer of the public
- // key callback function.
- func NewSSHAgentAuth(u string) (*PublicKeysCallback, error) {
-+	/*
- 	var err error
- 	if u == "" {
- 		u, err = username()
-@@ -202,21 +246,28 @@
- 		User:     u,
- 		Callback: a.Signers,
- 	}, nil
-+	*/
-+	return nil, nil
- }
- 
- func (a *PublicKeysCallback) Name() string {
--	return PublicKeysCallbackName
-+	   //	return PublicKeysCallbackName
-+	   return ""
- }
- 
- func (a *PublicKeysCallback) String() string {
--	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	//	return fmt.Sprintf("user: %s, name: %s", a.User, a.Name())
-+	return ""
- }
- 
--func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) {
-+func (a *PublicKeysCallback) ClientConfig() (*int, error) {
-+	/*	
- 	return a.SetHostKeyCallback(&ssh.ClientConfig{
- 		User: a.User,
- 		Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)},
- 	})
-+	*/
-+	return nil, nil
- }
- 
- // NewKnownHostsCallback returns ssh.HostKeyCallback based on a file based on a
-@@ -229,7 +280,8 @@
- // If SSH_KNOWN_HOSTS is not set the following file locations will be used:
- //   ~/.ssh/known_hosts
- //   /etc/ssh/ssh_known_hosts
--func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) {
-+func NewKnownHostsCallback(files ...string) (*int, error) {
-+	/*
- 	var err error
- 
- 	if len(files) == 0 {
-@@ -243,9 +295,12 @@
- 	}
- 
- 	return knownhosts.New(files...)
-+	*/
-+	return nil, nil
- }
- 
--func getDefaultKnownHostsFiles() ([]string, error) {
-+func getDefaultKnownHostsFiles() (*int, error) {
-+	/*
- 	files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS"))
- 	if len(files) != 0 {
- 		return files, nil
-@@ -260,9 +315,12 @@
- 		filepath.Join(homeDirPath, "/.ssh/known_hosts"),
- 		"/etc/ssh/ssh_known_hosts",
- 	}, nil
-+	*/
-+	return nil, nil
- }
- 
--func filterKnownHostsFiles(files ...string) ([]string, error) {
-+func filterKnownHostsFiles(files ...string) (*int, error) {
-+	/*
- 	var out []string
- 	for _, file := range files {
- 		_, err := os.Stat(file)
-@@ -281,6 +339,8 @@
- 	}
- 
- 	return out, nil
-+	*/
-+	return nil, nil
- }
- 
- // HostKeyCallbackHelper is a helper that provides common functionality to
-@@ -289,13 +349,14 @@
- 	// HostKeyCallback is the function type used for verifying server keys.
- 	// If nil default callback will be create using NewKnownHostsCallback
- 	// without argument.
--	HostKeyCallback ssh.HostKeyCallback
-+	//	HostKeyCallback ssh.HostKeyCallback
- }
- 
- // SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If
- // HostKeyCallback is empty a default callback is created using
- // NewKnownHostsCallback.
--func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) {
-+func (m *HostKeyCallbackHelper) SetHostKeyCallback(*int) (*int, error) {
-+	/*
- 	var err error
- 	if m.HostKeyCallback == nil {
- 		if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil {
-@@ -305,4 +366,6 @@
- 
- 	cfg.HostKeyCallback = m.HostKeyCallback
- 	return cfg, nil
-+	*/
-+	return nil, nil
- }
-diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
---- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go	2022-12-20 14:01:25.825788050 -0500
-@@ -2,18 +2,22 @@
- package ssh
- 
- import (
--	"context"
-+	//	"context"
- 	"fmt"
-+	/*
- 	"reflect"
- 	"strconv"
- 	"strings"
-+	*/
- 
- 	"github.com/go-git/go-git/v5/plumbing/transport"
- 	"github.com/go-git/go-git/v5/plumbing/transport/internal/common"
- 
- 	"github.com/kevinburke/ssh_config"
-+	/*
- 	"golang.org/x/crypto/ssh"
- 	"golang.org/x/net/proxy"
-+	*/
+ 	"github.com/ProtonMail/go-crypto/openpgp/errors"
+ 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+-	"golang.org/x/crypto/argon2"
  )
  
- // DefaultClient is the default SSH client.
-@@ -28,23 +32,26 @@
- }
+ type Mode uint8
+@@ -27,7 +26,6 @@ const (
+ 	SimpleS2K         Mode = 0
+ 	SaltedS2K         Mode = 1
+ 	IteratedSaltedS2K Mode = 3
+-	Argon2S2K         Mode = 4
+ 	GnuS2K            Mode = 101
+ )
  
- // NewClient creates a new SSH client with an optional *ssh.ClientConfig.
--func NewClient(config *ssh.ClientConfig) transport.Transport {
--	return common.NewClient(&runner{config: config})
-+func NewClient(*int) transport.Transport {
-+	//	return common.NewClient(&runner{config: config})
-+	return nil
- }
- 
- // DefaultAuthBuilder is the function used to create a default AuthMethod, when
- // the user doesn't provide any.
- var DefaultAuthBuilder = func(user string) (AuthMethod, error) {
--	return NewSSHAgentAuth(user)
-+	//	return NewSSHAgentAuth(user)
-+	return nil, nil
- }
- 
- const DefaultPort = 22
- 
- type runner struct {
--	config *ssh.ClientConfig
-+	//	config *ssh.ClientConfig
- }
- 
- func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) {
-+	/*
- 	c := &command{command: cmd, endpoint: ep, config: r.config}
- 	if auth != nil {
- 		c.setAuth(auth)
-@@ -54,9 +61,12 @@
- 		return nil, err
- 	}
- 	return c, nil
-+	*/
-+	return nil, nil
- }
- 
- type command struct {
-+	/*
- 	*ssh.Session
- 	connected bool
- 	command   string
-@@ -64,24 +74,29 @@
- 	client    *ssh.Client
- 	auth      AuthMethod
- 	config    *ssh.ClientConfig
-+	*/
- }
- 
- func (c *command) setAuth(auth transport.AuthMethod) error {
-+	/*
- 	a, ok := auth.(AuthMethod)
- 	if !ok {
- 		return transport.ErrInvalidAuthMethod
+@@ -87,10 +85,10 @@ func decodeCount(c uint8) int {
+ // encodeMemory converts the Argon2 "memory" in the range parallelism*8 to
+ // 2**31, inclusive, to an encoded memory. The return value is the
+ // octet that is actually stored in the GPG file. encodeMemory panics
+-// if is not in the above range 
++// if is not in the above range
+ // See OpenPGP crypto refresh Section 3.7.1.4.
+ func encodeMemory(memory uint32, parallelism uint8) uint8 {
+-	if memory < (8 * uint32(parallelism)) || memory > uint32(2147483648) {
++	if memory < (8*uint32(parallelism)) || memory > uint32(2147483648) {
+ 		panic("Memory argument memory is outside the required range")
  	}
  
- 	c.auth = a
-+	*/
- 	return nil
+@@ -174,33 +172,20 @@ func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) {
+ 
+ // Argon2 writes to out the key derived from the password (in) with the Argon2
+ // function (the crypto refresh, section 3.7.1.4)
+-func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) {
+-	key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out)))
+-	copy(out[:], key)
+-}
+ 
+ // Generate generates valid parameters from given configuration.
+ // It will enforce the Iterated and Salted or Argon2 S2K method.
+ func Generate(rand io.Reader, c *Config) (*Params, error) {
+ 	var params *Params
+-	if c != nil && c.Mode() == Argon2S2K {
+-		// handle Argon2 case
+-		argonConfig := c.Argon2()
+-		params = &Params{
+-			mode:        Argon2S2K,
+-			passes:      argonConfig.Passes(),
+-			parallelism: argonConfig.Parallelism(),
+-			memoryExp:   argonConfig.EncodedMemory(),
+-		}
+-	} else if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy
++	if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy
+ 		hashId, ok := algorithm.HashToHashId(c.hash())
+ 		if !ok {
+ 			return nil, errors.UnsupportedError("no such hash")
+ 		}
+ 
+ 		params = &Params{
+-			mode:      SaltedS2K,
+-			hashId:    hashId,
++			mode:   SaltedS2K,
++			hashId: hashId,
+ 		}
+ 	} else { // Enforce IteratedSaltedS2K method otherwise
+ 		hashId, ok := algorithm.HashToHashId(c.hash())
+@@ -211,7 +196,7 @@ func Generate(rand io.Reader, c *Config) (*Params, error) {
+ 			c.S2KMode = IteratedSaltedS2K
+ 		}
+ 		params = &Params{
+-			mode:      IteratedSaltedS2K, 
++			mode:      IteratedSaltedS2K,
+ 			hashId:    hashId,
+ 			countByte: c.EncodedCount(),
+ 		}
+@@ -274,16 +259,6 @@ func ParseIntoParams(r io.Reader) (params *Params, err error) {
+ 		copy(params.salt(), buf[1:9])
+ 		params.countByte = buf[9]
+ 		return params, nil
+-	case Argon2S2K:
+-		_, err = io.ReadFull(r, buf[:Argon2SaltSize+3])
+-		if err != nil {
+-			return nil, err
+-		}
+-		copy(params.salt(), buf[:Argon2SaltSize])
+-		params.passes = buf[Argon2SaltSize]
+-		params.parallelism = buf[Argon2SaltSize+1]
+-		params.memoryExp = buf[Argon2SaltSize+2]
+-		return params, nil
+ 	case GnuS2K:
+ 		// This is a GNU extension. See
+ 		// https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
+@@ -306,9 +281,10 @@ func (params *Params) Dummy() bool {
+ 
+ func (params *Params) salt() []byte {
+ 	switch params.mode {
+-		case SaltedS2K, IteratedSaltedS2K: return params.saltBytes[:8]
+-		case Argon2S2K: return params.saltBytes[:Argon2SaltSize]
+-		default: return nil
++	case SaltedS2K, IteratedSaltedS2K:
++		return params.saltBytes[:8]
++	default:
++		return nil
+ 	}
  }
  
- func (c *command) Start() error {
--	return c.Session.Start(endpointToCommand(c.command, c.endpoint))
-+	//	return c.Session.Start(endpointToCommand(c.command, c.endpoint))
-+	return nil
- }
- 
- // Close closes the SSH session and connection.
- func (c *command) Close() error {
-+	/*
- 	if !c.connected {
- 		return nil
+@@ -317,15 +293,13 @@ func (params *Params) Function() (f func(out, in []byte), err error) {
+ 		return nil, errors.ErrDummyPrivateKey("dummy key found")
  	}
-@@ -99,6 +114,8 @@
+ 	var hashObj crypto.Hash
+-	if params.mode != Argon2S2K {
+-		var ok bool
+-		hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId)
+-		if !ok {
+-			return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId)))
+-		}
+-		if !hashObj.Available() {
+-			return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj)))
+-		}
++	var ok bool
++	hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId)
++	if !ok {
++		return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId)))
++	}
++	if !hashObj.Available() {
++		return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj)))
  	}
  
- 	return err
-+	*/
-+	return nil
- }
+ 	switch params.mode {
+@@ -346,11 +320,6 @@ func (params *Params) Function() (f func(out, in []byte), err error) {
+ 			Iterated(out, hashObj.New(), in, params.salt(), decodeCount(params.countByte))
+ 		}
  
- // connect connects to the SSH server, unless a AuthMethod was set with
-@@ -106,6 +123,7 @@
- // it connects to a SSH agent, using the address stored in the SSH_AUTH_SOCK
- // environment var.
- func (c *command) connect() error {
-+	/*
- 	if c.connected {
- 		return transport.ErrAlreadyConnected
- 	}
-@@ -136,10 +154,12 @@
+-		return f, nil
+-	case Argon2S2K:
+-		f := func(out, in []byte) {
+-			Argon2(out, in, params.salt(), params.passes, params.parallelism, params.memoryExp)
+-		}
+ 		return f, nil
  	}
  
- 	c.connected = true
-+	*/
- 	return nil
- }
- 
--func dial(network, addr string, config *ssh.ClientConfig) (*ssh.Client, error) {
-+func dial(network, addr string, config *int) (*int, error) {
-+	/*
- 	var (
- 		ctx    = context.Background()
- 		cancel context.CancelFunc
-@@ -160,9 +180,12 @@
- 		return nil, err
- 	}
- 	return ssh.NewClient(c, chans, reqs), nil
-+	*/
-+	return nil, nil
- }
- 
- func (c *command) getHostWithPort() string {
-+	/*
- 	if addr, found := c.doGetHostWithPortFromSSHConfig(); found {
- 		return addr
- 	}
-@@ -174,9 +197,12 @@
- 	}
- 
- 	return fmt.Sprintf("%s:%d", host, port)
-+	*/
-+	return ""
- }
- 
- func (c *command) doGetHostWithPortFromSSHConfig() (addr string, found bool) {
-+	/*
- 	if DefaultSSHConfig == nil {
+@@ -361,10 +330,8 @@ func (params *Params) Serialize(w io.Writer) (err error) {
+ 	if _, err = w.Write([]byte{uint8(params.mode)}); err != nil {
  		return
  	}
-@@ -202,12 +228,13 @@
+-	if params.mode != Argon2S2K {
+-		if _, err = w.Write([]byte{params.hashId}); err != nil {
+-			return
+-		}
++	if _, err = w.Write([]byte{params.hashId}); err != nil {
++		return
+ 	}
+ 	if params.Dummy() {
+ 		_, err = w.Write(append([]byte("GNU"), 1))
+@@ -377,9 +344,6 @@ func (params *Params) Serialize(w io.Writer) (err error) {
+ 		if params.mode == IteratedSaltedS2K {
+ 			_, err = w.Write([]byte{params.countByte})
+ 		}
+-		if params.mode == Argon2S2K {
+-			_, err = w.Write([]byte{params.passes, params.parallelism, params.memoryExp})
+-		}
  	}
- 
- 	addr = fmt.Sprintf("%s:%d", host, port)
-+	*/
  	return
  }
- 
- func (c *command) setAuthFromEndpoint() error {
- 	var err error
--	c.auth, err = DefaultAuthBuilder(c.endpoint.User)
-+	//	c.auth, err = DefaultAuthBuilder(c.endpoint.User)
- 	return err
- }
- 
-@@ -215,7 +242,8 @@
- 	return fmt.Sprintf("%s '%s'", cmd, ep.Path)
- }
- 
--func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) {
-+func overrideConfig(overrides *int, c *int) {
-+	/*
- 	if overrides == nil {
- 		return
- 	}
-@@ -232,4 +260,5 @@
- 	}
- 
- 	*c = vc.Interface().(ssh.ClientConfig)
-+	*/
- }
-diff a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go
---- a/vendor/github.com/go-git/go-git/v5/repository.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/repository.go	2022-12-20 13:46:57.584666477 -0500
-@@ -13,7 +13,7 @@
- 	"strings"
- 	"time"
- 
--	"github.com/ProtonMail/go-crypto/openpgp"
-+	//	"github.com/ProtonMail/go-crypto/openpgp"
- 	"github.com/go-git/go-billy/v5"
- 	"github.com/go-git/go-billy/v5/osfs"
- 	"github.com/go-git/go-billy/v5/util"
-@@ -706,6 +706,7 @@
- 		Target:     hash,
- 	}
- 
-+	/*
- 	if opts.SignKey != nil {
- 		sig, err := r.buildTagSignature(tag, opts.SignKey)
- 		if err != nil {
-@@ -714,6 +715,7 @@
- 
- 		tag.PGPSignature = sig
- 	}
-+	*/
- 
- 	obj := r.Storer.NewEncodedObject()
- 	if err := tag.Encode(obj); err != nil {
-@@ -723,7 +725,8 @@
- 	return r.Storer.SetEncodedObject(obj)
- }
- 
--func (r *Repository) buildTagSignature(tag *object.Tag, signKey *openpgp.Entity) (string, error) {
-+func (r *Repository) buildTagSignature(tag *object.Tag, signKey *int) (string, error) {
-+	/*
- 	encoded := &plumbing.MemoryObject{}
- 	if err := tag.Encode(encoded); err != nil {
- 		return "", err
-@@ -740,6 +743,8 @@
- 	}
- 
- 	return b.String(), nil
-+	*/
-+	return "", nil
- }
- 
- // Tag returns a tag from the repository.
-diff a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go
---- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go	2022-10-30 20:00:00.000000000 -0400
-+++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go	2022-12-20 13:47:27.671919357 -0500
-@@ -1,7 +1,7 @@
- package git
+diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
+index e96252c..42ddccf 100644
+--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
+@@ -5,12 +5,9 @@
+ package packet
  
  import (
--	"bytes"
-+	//	"bytes"
- 	"path"
- 	"sort"
- 	"strings"
-@@ -12,7 +12,7 @@
- 	"github.com/go-git/go-git/v5/plumbing/object"
- 	"github.com/go-git/go-git/v5/storage"
+-	"crypto/cipher"
+-	"crypto/sha256"
+ 	"io"
  
--	"github.com/ProtonMail/go-crypto/openpgp"
-+	//	"github.com/ProtonMail/go-crypto/openpgp"
- 	"github.com/go-git/go-billy/v5"
+ 	"github.com/ProtonMail/go-crypto/openpgp/errors"
+-	"golang.org/x/crypto/hkdf"
  )
  
-@@ -101,6 +101,7 @@
- 		ParentHashes: opts.Parents,
- 	}
+ // parseAead parses a V2 SEIPD packet (AEAD) as specified in
+@@ -62,95 +59,11 @@ func (se *SymmetricallyEncrypted) associatedData() []byte {
+ // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+ func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) {
+-	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData())
+-
+-	// Carry the first tagLen bytes
+-	tagLen := se.Mode.TagLength()
+-	peekedBytes := make([]byte, tagLen)
+-	n, err := io.ReadFull(se.Contents, peekedBytes)
+-	if n < tagLen || (err != nil && err != io.EOF) {
+-		return nil, errors.StructuralError("not enough data to decrypt:" + err.Error())
+-	}
+-
+-	return &aeadDecrypter{
+-		aeadCrypter: aeadCrypter{
+-			aead:           aead,
+-			chunkSize:      decodeAEADChunkSize(se.ChunkSizeByte),
+-			initialNonce:   nonce,
+-			associatedData: se.associatedData(),
+-			chunkIndex:     make([]byte, 8),
+-			packetTag:      packetTypeSymmetricallyEncryptedIntegrityProtected,
+-		},
+-		reader:      se.Contents,
+-		peekedBytes: peekedBytes,
+-	}, nil
++	panic("hkdf cipher not available")
+ }
  
-+	/*
- 	if opts.SignKey != nil {
- 		sig, err := w.buildCommitSignature(commit, opts.SignKey)
- 		if err != nil {
-@@ -108,6 +109,7 @@
+ // serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+ func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) {
+-	// cipherFunc must have block size 16 to use AEAD
+-	if cipherSuite.Cipher.blockSize() != 16 {
+-		return nil, errors.InvalidArgumentError("invalid aead cipher function")
+-	}
+-
+-	if cipherSuite.Cipher.KeySize() != len(inputKey) {
+-		return nil, errors.InvalidArgumentError("error in aead serialization: bad key length")
+-	}
+-
+-	// Data for en/decryption: tag, version, cipher, aead mode, chunk size
+-	prefix := []byte{
+-		0xD2,
+-		symmetricallyEncryptedVersionAead,
+-		byte(cipherSuite.Cipher),
+-		byte(cipherSuite.Mode),
+-		chunkSizeByte,
+-	}
+-
+-	// Write header (that correspond to prefix except first byte)
+-	n, err := ciphertext.Write(prefix[1:])
+-	if err != nil || n < 4 {
+-		return nil, err
+-	}
+-
+-	// Random salt
+-	salt := make([]byte, aeadSaltSize)
+-	if _, err := rand.Read(salt); err != nil {
+-		return nil, err
+-	}
+-
+-	if _, err := ciphertext.Write(salt); err != nil {
+-		return nil, err
+-	}
+-
+-	aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix)
+-
+-	return &aeadEncrypter{
+-		aeadCrypter: aeadCrypter{
+-			aead:           aead,
+-			chunkSize:      decodeAEADChunkSize(chunkSizeByte),
+-			associatedData: prefix,
+-			chunkIndex:     make([]byte, 8),
+-			initialNonce:   nonce,
+-			packetTag:      packetTypeSymmetricallyEncryptedIntegrityProtected,
+-		},
+-		writer: ciphertext,
+-	}, nil
+-}
+-
+-func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) {
+-	hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData)
+-
+-	encryptionKey := make([]byte, c.KeySize())
+-	_, _ = readFull(hkdfReader, encryptionKey)
+-
+-	// Last 64 bits of nonce are the counter
+-	nonce = make([]byte, mode.IvLength()-8)
+-
+-	_, _ = readFull(hkdfReader, nonce)
+-
+-	blockCipher := c.new(encryptionKey)
+-	aead = mode.new(blockCipher)
+-
+-	return
++	panic("hkdf cipher not available")
+ }
+diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
+index 8499c73..eaffe19 100644
+--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
+@@ -17,7 +17,6 @@ import (
+ 	"github.com/ProtonMail/go-crypto/openpgp/errors"
+ 	"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ 	"github.com/ProtonMail/go-crypto/openpgp/packet"
+-	_ "golang.org/x/crypto/sha3"
+ )
+ 
+ // SignatureType is the armor type for a PGP signature.
+diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
+index 214df4c..f049462 100644
+--- a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
++++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
+@@ -20,9 +20,6 @@ package aeadcrypter
+ 
+ import (
+ 	"crypto/cipher"
+-	"fmt"
+-
+-	"golang.org/x/crypto/chacha20poly1305"
+ )
+ 
+ // Supported key size in bytes.
+@@ -39,14 +36,7 @@ type chachapoly struct {
+ // NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must
+ // be Chacha20Poly1305KeySize bytes in length.
+ func NewChachaPoly(key []byte) (S2AAEADCrypter, error) {
+-	if len(key) != Chacha20Poly1305KeySize {
+-		return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key))
+-	}
+-	c, err := chacha20poly1305.New(key)
+-	if err != nil {
+-		return nil, err
+-	}
+-	return &chachapoly{aead: c}, nil
++	panic("chachap20poly1305 cipher not available")
+ }
+ 
+ // Encrypt is the encryption function. dst can contain bytes at the beginning of
+diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
+index dff99ff..052f645 100644
+--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
+@@ -26,7 +26,6 @@ import (
+ 
+ 	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+ 	"github.com/google/s2a-go/internal/record/internal/aeadcrypter"
+-	"golang.org/x/crypto/cryptobyte"
+ )
+ 
+ // The constants below were taken from Section 7.2 and 7.3 in
+@@ -175,19 +174,5 @@ func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte {
+ // deriveSecret implements the Derive-Secret function, as specified in
+ // https://tools.ietf.org/html/rfc8446#section-7.1.
+ func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) {
+-	var hkdfLabel cryptobyte.Builder
+-	hkdfLabel.AddUint16(uint16(length))
+-	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+-		b.AddBytes(label)
+-	})
+-	// Append an empty `Context` field to the label, as specified in the RFC.
+-	// The half connection does not use the `Context` field.
+-	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+-		b.AddBytes([]byte(""))
+-	})
+-	hkdfLabelBytes, err := hkdfLabel.Bytes()
+-	if err != nil {
+-		return nil, fmt.Errorf("deriveSecret failed: %v", err)
+-	}
+-	return hc.expander.expand(secret, hkdfLabelBytes, length)
++	panic("cryptobyte cipher not available")
+ }
+diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
+index e05f2c3..f46c3a9 100644
+--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
+@@ -19,10 +19,7 @@
+ package halfconn
+ 
+ import (
+-	"fmt"
+ 	"hash"
+-
+-	"golang.org/x/crypto/hkdf"
+ )
+ 
+ // hkdfExpander is the interface for the HKDF expansion function; see
+@@ -47,13 +44,5 @@ func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander {
+ }
+ 
+ func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) {
+-	outBuf := make([]byte, length)
+-	n, err := hkdf.Expand(d.h, secret, label).Read(outBuf)
+-	if err != nil {
+-		return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err)
+-	}
+-	if n < length {
+-		return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length)
+-	}
+-	return outBuf, nil
++	panic("hkdf cipher not available")
+ }
+diff --git a/vendor/github.com/Masterminds/sprig/v3/crypto.go b/vendor/github.com/Masterminds/sprig/v3/crypto.go
+index 13a5cd5..a92eaec 100644
+--- a/vendor/github.com/Masterminds/sprig/v3/crypto.go
++++ b/vendor/github.com/Masterminds/sprig/v3/crypto.go
+@@ -9,7 +9,6 @@ import (
+ 	"crypto/ecdsa"
+ 	"crypto/ed25519"
+ 	"crypto/elliptic"
+-	"crypto/hmac"
+ 	"crypto/rand"
+ 	"crypto/rsa"
+ 	"crypto/sha1"
+@@ -18,7 +17,6 @@ import (
+ 	"crypto/x509/pkix"
+ 	"encoding/asn1"
+ 	"encoding/base64"
+-	"encoding/binary"
+ 	"encoding/hex"
+ 	"encoding/pem"
+ 	"errors"
+@@ -32,8 +30,6 @@ import (
+ 	"strings"
+ 
+ 	"github.com/google/uuid"
+-	bcrypt_lib "golang.org/x/crypto/bcrypt"
+-	"golang.org/x/crypto/scrypt"
+ )
+ 
+ func sha256sum(input string) string {
+@@ -52,12 +48,7 @@ func adler32sum(input string) string {
+ }
+ 
+ func bcrypt(input string) string {
+-	hash, err := bcrypt_lib.GenerateFromPassword([]byte(input), bcrypt_lib.DefaultCost)
+-	if err != nil {
+-		return fmt.Sprintf("failed to encrypt string with bcrypt: %s", err)
+-	}
+-
+-	return string(hash)
++	panic("bcrypt cipher not available")
+ }
+ 
+ func htpasswd(username string, password string) string {
+@@ -108,40 +99,7 @@ var templateCharacters = map[byte]string{
+ }
+ 
+ func derivePassword(counter uint32, passwordType, password, user, site string) string {
+-	var templates = passwordTypeTemplates[passwordType]
+-	if templates == nil {
+-		return fmt.Sprintf("cannot find password template %s", passwordType)
+-	}
+-
+-	var buffer bytes.Buffer
+-	buffer.WriteString(masterPasswordSeed)
+-	binary.Write(&buffer, binary.BigEndian, uint32(len(user)))
+-	buffer.WriteString(user)
+-
+-	salt := buffer.Bytes()
+-	key, err := scrypt.Key([]byte(password), salt, 32768, 8, 2, 64)
+-	if err != nil {
+-		return fmt.Sprintf("failed to derive password: %s", err)
+-	}
+-
+-	buffer.Truncate(len(masterPasswordSeed))
+-	binary.Write(&buffer, binary.BigEndian, uint32(len(site)))
+-	buffer.WriteString(site)
+-	binary.Write(&buffer, binary.BigEndian, counter)
+-
+-	var hmacv = hmac.New(sha256.New, key)
+-	hmacv.Write(buffer.Bytes())
+-	var seed = hmacv.Sum(nil)
+-	var temp = templates[int(seed[0])%len(templates)]
+-
+-	buffer.Truncate(0)
+-	for i, element := range temp {
+-		passChars := templateCharacters[element]
+-		passChar := passChars[int(seed[i+1])%len(passChars)]
+-		buffer.WriteByte(passChar)
+-	}
+-
+-	return buffer.String()
++	panic("scrypt cipher not available")
+ }
+ 
+ func generatePrivateKey(typ string) string {
+diff --git a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go
+index d95032f..f5cbe66 100644
+--- a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go
++++ b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go
+@@ -16,7 +16,6 @@ import (
+ 	"github.com/microsoft/go-mssqldb/msdsn"
+ 
+ 	//lint:ignore SA1019 MD4 is used by legacy NTLM
+-	"golang.org/x/crypto/md4"
+ )
+ 
+ const (
+@@ -162,10 +161,7 @@ func lmResponse(challenge [8]byte, password string) [24]byte {
+ }
+ 
+ func ntlmHash(password string) (hash [21]byte) {
+-	h := md4.New()
+-	h.Write(utf16le(password))
+-	h.Sum(hash[:0])
+-	return
++	panic("md4 cipher not available")
+ }
+ 
+ func ntResponse(challenge [8]byte, password string) [24]byte {
+@@ -194,12 +190,7 @@ func ntlmSessionResponse(clientNonce [8]byte, serverChallenge [8]byte, password
+ }
+ 
+ func ntlmHashNoPadding(val string) []byte {
+-	hash := make([]byte, 16)
+-	h := md4.New()
+-	h.Write(utf16le(val))
+-	h.Sum(hash[:0])
+-
+-	return hash
++	panic("md4 cipher not available")
+ }
+ 
+ func hmacMD5(passwordHash, data []byte) []byte {
+diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
+index 804eba899e..221306e7dc 100644
+--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
++++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
+@@ -16,7 +16,6 @@ import (
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+ 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
+-	"golang.org/x/crypto/pkcs12"
+ )
+ 
+ const credNameCert = "ClientCertificateCredential"
+@@ -158,15 +157,7 @@ func loadPEMCert(certData []byte) ([]*pem.Block, error) {
+ }
+ 
+ func loadPKCS12Cert(certData []byte, password string) ([]*pem.Block, error) {
+-	blocks, err := pkcs12.ToPEM(certData, password)
+-	if err != nil {
+-		return nil, err
+-	}
+-	if len(blocks) == 0 {
+-		// not mentioning PKCS12 in this message because we end up here when certData is garbage
+-		return nil, errors.New("didn't find any certificate content")
+-	}
+-	return blocks, err
++	panic("pkcs12 cipher not available")
+ }
+ 
+ var _ azcore.TokenCredential = (*ClientCertificateCredential)(nil)
+diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go
+index 2a974a3..1ea6648 100644
+--- a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go
++++ b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go
+@@ -23,8 +23,6 @@ import (
+ 	"io/ioutil"
+ 	"os"
+ 	"path/filepath"
+-
+-	"golang.org/x/crypto/pkcs12"
+ )
+ 
+ var (
+@@ -90,46 +88,5 @@ func SaveToken(path string, mode os.FileMode, token Token) error {
+ // private key or an error is returned.
+ // If the private key is not password protected pass the empty string for password.
+ func DecodePfxCertificateData(pfxData []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) {
+-	blocks, err := pkcs12.ToPEM(pfxData, password)
+-	if err != nil {
+-		return nil, nil, err
+-	}
+-	// first extract the private key
+-	var priv *rsa.PrivateKey
+-	for _, block := range blocks {
+-		if block.Type == "PRIVATE KEY" {
+-			priv, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+-			if err != nil {
+-				return nil, nil, err
+-			}
+-			break
+-		}
+-	}
+-	if priv == nil {
+-		return nil, nil, ErrMissingPrivateKey
+-	}
+-	// now find the certificate with the matching public key of our private key
+-	var cert *x509.Certificate
+-	for _, block := range blocks {
+-		if block.Type == "CERTIFICATE" {
+-			pcert, err := x509.ParseCertificate(block.Bytes)
+-			if err != nil {
+-				return nil, nil, err
+-			}
+-			certKey, ok := pcert.PublicKey.(*rsa.PublicKey)
+-			if !ok {
+-				// keep looking
+-				continue
+-			}
+-			if priv.E == certKey.E && priv.N.Cmp(certKey.N) == 0 {
+-				// found a match
+-				cert = pcert
+-				break
+-			}
+-		}
+-	}
+-	if cert == nil {
+-		return nil, nil, ErrMissingCertificate
+-	}
+-	return cert, priv, nil
++	panic("pkcs12 cipher not available")
+ }
+diff --git a/vendor/github.com/Azure/go-ntlmssp/nlmp.go b/vendor/github.com/Azure/go-ntlmssp/nlmp.go
+index 1e65abe..0ef2301 100644
+--- a/vendor/github.com/Azure/go-ntlmssp/nlmp.go
++++ b/vendor/github.com/Azure/go-ntlmssp/nlmp.go
+@@ -10,7 +10,6 @@ package ntlmssp
+ import (
+ 	"crypto/hmac"
+ 	"crypto/md5"
+-	"golang.org/x/crypto/md4"
+ 	"strings"
+ )
+ 
+@@ -19,9 +18,7 @@ func getNtlmV2Hash(password, username, target string) []byte {
+ }
+ 
+ func getNtlmHash(password string) []byte {
+-	hash := md4.New()
+-	hash.Write(toUnicode(password))
+-	return hash.Sum(nil)
++	panic("md4 cipher not available")
+ }
+ 
+ func computeNtlmV2Response(ntlmV2Hash, serverChallenge, clientChallenge,
+diff --git a/vendor/github.com/ory/fosite/hash_bcrypt.go b/vendor/github.com/ory/fosite/hash_bcrypt.go
+index 44b8fcb..4a75d24 100644
+--- a/vendor/github.com/ory/fosite/hash_bcrypt.go
++++ b/vendor/github.com/ory/fosite/hash_bcrypt.go
+@@ -5,10 +5,6 @@ package fosite
+ 
+ import (
+ 	"context"
+-
+-	"github.com/ory/x/errorsx"
+-
+-	"golang.org/x/crypto/bcrypt"
+ )
+ 
+ const DefaultBCryptWorkFactor = 12
+@@ -21,20 +17,9 @@ type BCrypt struct {
+ }
+ 
+ func (b *BCrypt) Hash(ctx context.Context, data []byte) ([]byte, error) {
+-	wf := b.Config.GetBCryptCost(ctx)
+-	if wf == 0 {
+-		wf = DefaultBCryptWorkFactor
+-	}
+-	s, err := bcrypt.GenerateFromPassword(data, wf)
+-	if err != nil {
+-		return nil, errorsx.WithStack(err)
+-	}
+-	return s, nil
++	panic("bcrypt ciper not available")
+ }
+ 
+ func (b *BCrypt) Compare(ctx context.Context, hash, data []byte) error {
+-	if err := bcrypt.CompareHashAndPassword(hash, data); err != nil {
+-		return errorsx.WithStack(err)
+-	}
+-	return nil
++	panic("bcrypt cipher not available")
+ }
+diff --git a/vendor/filippo.io/age/internal/stream/stream.go b/vendor/filippo.io/age/internal/stream/stream.go
+index 7cf02c4..29f4f44 100644
+--- a/vendor/filippo.io/age/internal/stream/stream.go
++++ b/vendor/filippo.io/age/internal/stream/stream.go
+@@ -10,9 +10,6 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"io"
+-
+-	"golang.org/x/crypto/chacha20poly1305"
+-	"golang.org/x/crypto/poly1305"
+ )
+ 
+ const ChunkSize = 64 * 1024
+@@ -25,23 +22,16 @@ type Reader struct {
+ 	buf    [encChunkSize]byte
+ 
+ 	err   error
+-	nonce [chacha20poly1305.NonceSize]byte
++	nonce []byte
+ }
+ 
+ const (
+-	encChunkSize  = ChunkSize + poly1305.TagSize
++	encChunkSize  = ChunkSize
+ 	lastChunkFlag = 0x01
+ )
+ 
+ func NewReader(key []byte, src io.Reader) (*Reader, error) {
+-	aead, err := chacha20poly1305.New(key)
+-	if err != nil {
+-		return nil, err
+-	}
+-	return &Reader{
+-		a:   aead,
+-		src: src,
+-	}, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ func (r *Reader) Read(p []byte) (int, error) {
+@@ -87,64 +77,20 @@ func (r *Reader) Read(p []byte) (int, error) {
+ // in r.unread. last is true if the chunk was marked as the end of the message.
+ // readChunk must not be called again after returning a last chunk or an error.
+ func (r *Reader) readChunk() (last bool, err error) {
+-	if len(r.unread) != 0 {
+-		panic("stream: internal error: readChunk called with dirty buffer")
+-	}
++	panic("poly1305 cipher not available")
+ 
+-	in := r.buf[:]
+-	n, err := io.ReadFull(r.src, in)
+-	switch {
+-	case err == io.EOF:
+-		// A message can't end without a marked chunk. This message is truncated.
+-		return false, io.ErrUnexpectedEOF
+-	case err == io.ErrUnexpectedEOF:
+-		// The last chunk can be short, but not empty unless it's the first and
+-		// only chunk.
+-		if !nonceIsZero(&r.nonce) && n == r.a.Overhead() {
+-			return false, errors.New("last chunk is empty, try age v1.0.0, and please consider reporting this")
+-		}
+-		in = in[:n]
+-		last = true
+-		setLastChunkFlag(&r.nonce)
+-	case err != nil:
+-		return false, err
+-	}
+-
+-	outBuf := make([]byte, 0, ChunkSize)
+-	out, err := r.a.Open(outBuf, r.nonce[:], in, nil)
+-	if err != nil && !last {
+-		// Check if this was a full-length final chunk.
+-		last = true
+-		setLastChunkFlag(&r.nonce)
+-		out, err = r.a.Open(outBuf, r.nonce[:], in, nil)
+-	}
+-	if err != nil {
+-		return false, errors.New("failed to decrypt and authenticate payload chunk")
+-	}
+-
+-	incNonce(&r.nonce)
+-	r.unread = r.buf[:copy(r.buf[:], out)]
+-	return last, nil
+ }
+ 
+-func incNonce(nonce *[chacha20poly1305.NonceSize]byte) {
+-	for i := len(nonce) - 2; i >= 0; i-- {
+-		nonce[i]++
+-		if nonce[i] != 0 {
+-			break
+-		} else if i == 0 {
+-			// The counter is 88 bits, this is unreachable.
+-			panic("stream: chunk counter wrapped around")
+-		}
+-	}
++func incNonce(nonce *[]byte) {
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+-func setLastChunkFlag(nonce *[chacha20poly1305.NonceSize]byte) {
+-	nonce[len(nonce)-1] = lastChunkFlag
++func setLastChunkFlag(nonce *[]byte) {
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+-func nonceIsZero(nonce *[chacha20poly1305.NonceSize]byte) bool {
+-	return *nonce == [chacha20poly1305.NonceSize]byte{}
++func nonceIsZero(nonce *[]byte) bool {
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ type Writer struct {
+@@ -152,47 +98,17 @@ type Writer struct {
+ 	dst       io.Writer
+ 	unwritten []byte // backed by buf
+ 	buf       [encChunkSize]byte
+-	nonce     [chacha20poly1305.NonceSize]byte
++	nonce     []byte
+ 	err       error
+ }
+ 
+ func NewWriter(key []byte, dst io.Writer) (*Writer, error) {
+-	aead, err := chacha20poly1305.New(key)
+-	if err != nil {
+-		return nil, err
+-	}
+-	w := &Writer{
+-		a:   aead,
+-		dst: dst,
+-	}
+-	w.unwritten = w.buf[:0]
+-	return w, nil
++	panic("chacha20poly1305 cipher not available")
++
+ }
+ 
+ func (w *Writer) Write(p []byte) (n int, err error) {
+-	// TODO: consider refactoring with a bytes.Buffer.
+-	if w.err != nil {
+-		return 0, w.err
+-	}
+-	if len(p) == 0 {
+-		return 0, nil
+-	}
+-
+-	total := len(p)
+-	for len(p) > 0 {
+-		freeBuf := w.buf[len(w.unwritten):ChunkSize]
+-		n := copy(freeBuf, p)
+-		p = p[n:]
+-		w.unwritten = w.unwritten[:len(w.unwritten)+n]
+-
+-		if len(w.unwritten) == ChunkSize && len(p) > 0 {
+-			if err := w.flushChunk(notLastChunk); err != nil {
+-				w.err = err
+-				return 0, err
+-			}
+-		}
+-	}
+-	return total, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ // Close flushes the last chunk. It does not close the underlying Writer.
+@@ -216,16 +132,5 @@ const (
+ )
+ 
+ func (w *Writer) flushChunk(last bool) error {
+-	if !last && len(w.unwritten) != ChunkSize {
+-		panic("stream: internal error: flush called with partial chunk")
+-	}
+-
+-	if last {
+-		setLastChunkFlag(&w.nonce)
+-	}
+-	buf := w.a.Seal(w.buf[:0], w.nonce[:], w.unwritten, nil)
+-	_, err := w.dst.Write(buf)
+-	w.unwritten = w.buf[:0]
+-	incNonce(&w.nonce)
+-	return err
++	panic("chacha20poly1305 cipher not available")
+ }
+diff --git a/vendor/filippo.io/age/primitives.go b/vendor/filippo.io/age/primitives.go
+index 804b019..2ee760f 100644
+--- a/vendor/filippo.io/age/primitives.go
++++ b/vendor/filippo.io/age/primitives.go
+@@ -5,29 +5,14 @@
+ package age
+ 
+ import (
+-	"crypto/hmac"
+-	"crypto/sha256"
+ 	"errors"
+-	"io"
+ 
+ 	"filippo.io/age/internal/format"
+-	"golang.org/x/crypto/chacha20poly1305"
+-	"golang.org/x/crypto/hkdf"
+ )
+ 
+ // aeadEncrypt encrypts a message with a one-time key.
+ func aeadEncrypt(key, plaintext []byte) ([]byte, error) {
+-	aead, err := chacha20poly1305.New(key)
+-	if err != nil {
+-		return nil, err
+-	}
+-	// The nonce is fixed because this function is only used in places where the
+-	// spec guarantees each key is only used once (by deriving it from values
+-	// that include fresh randomness), allowing us to save the overhead.
+-	// For the code that encrypts the actual payload, look at the
+-	// filippo.io/age/internal/stream package.
+-	nonce := make([]byte, chacha20poly1305.NonceSize)
+-	return aead.Seal(nil, nonce, plaintext, nil), nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ var errIncorrectCiphertextSize = errors.New("encrypted value has unexpected length")
+@@ -38,35 +23,13 @@ var errIncorrectCiphertextSize = errors.New("encrypted value has unexpected leng
+ // can be crafted that decrypts successfully under multiple keys. Short
+ // ciphertexts can only target two keys, which has limited impact.
+ func aeadDecrypt(key []byte, size int, ciphertext []byte) ([]byte, error) {
+-	aead, err := chacha20poly1305.New(key)
+-	if err != nil {
+-		return nil, err
+-	}
+-	if len(ciphertext) != size+aead.Overhead() {
+-		return nil, errIncorrectCiphertextSize
+-	}
+-	nonce := make([]byte, chacha20poly1305.NonceSize)
+-	return aead.Open(nil, nonce, ciphertext, nil)
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ func headerMAC(fileKey []byte, hdr *format.Header) ([]byte, error) {
+-	h := hkdf.New(sha256.New, fileKey, nil, []byte("header"))
+-	hmacKey := make([]byte, 32)
+-	if _, err := io.ReadFull(h, hmacKey); err != nil {
+-		return nil, err
+-	}
+-	hh := hmac.New(sha256.New, hmacKey)
+-	if err := hdr.MarshalWithoutMAC(hh); err != nil {
+-		return nil, err
+-	}
+-	return hh.Sum(nil), nil
++	panic("hkdf cipher not available")
+ }
+ 
+ func streamKey(fileKey, nonce []byte) []byte {
+-	h := hkdf.New(sha256.New, fileKey, nonce, []byte("payload"))
+-	streamKey := make([]byte, chacha20poly1305.KeySize)
+-	if _, err := io.ReadFull(h, streamKey); err != nil {
+-		panic("age: internal error: failed to read from HKDF: " + err.Error())
+-	}
+-	return streamKey
++	panic("chacha20poly1305 cipher not available")
+ }
+diff --git a/vendor/filippo.io/age/scrypt.go b/vendor/filippo.io/age/scrypt.go
+index 1346ad1..a97e385 100644
+--- a/vendor/filippo.io/age/scrypt.go
++++ b/vendor/filippo.io/age/scrypt.go
+@@ -5,15 +5,8 @@
+ package age
+ 
+ import (
+-	"crypto/rand"
+ 	"errors"
+-	"fmt"
+ 	"regexp"
+-	"strconv"
+-
+-	"filippo.io/age/internal/format"
+-	"golang.org/x/crypto/chacha20poly1305"
+-	"golang.org/x/crypto/scrypt"
+ )
+ 
+ const scryptLabel = "age-encryption.org/v1/scrypt"
+@@ -61,30 +54,7 @@ func (r *ScryptRecipient) SetWorkFactor(logN int) {
+ const scryptSaltSize = 16
+ 
+ func (r *ScryptRecipient) Wrap(fileKey []byte) ([]*Stanza, error) {
+-	salt := make([]byte, scryptSaltSize)
+-	if _, err := rand.Read(salt[:]); err != nil {
+-		return nil, err
+-	}
+-
+-	logN := r.workFactor
+-	l := &Stanza{
+-		Type: "scrypt",
+-		Args: []string{format.EncodeToString(salt), strconv.Itoa(logN)},
+-	}
+-
+-	salt = append([]byte(scryptLabel), salt...)
+-	k, err := scrypt.Key(r.password, salt, 1<<logN, 8, 1, chacha20poly1305.KeySize)
+-	if err != nil {
+-		return nil, fmt.Errorf("failed to generate scrypt hash: %v", err)
+-	}
+-
+-	wrappedKey, err := aeadEncrypt(k, fileKey)
+-	if err != nil {
+-		return nil, err
+-	}
+-	l.Body = wrappedKey
+-
+-	return []*Stanza{l}, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ // ScryptIdentity is a password-based identity.
+@@ -132,51 +102,5 @@ func (i *ScryptIdentity) Unwrap(stanzas []*Stanza) ([]byte, error) {
+ var digitsRe = regexp.MustCompile(`^[1-9][0-9]*$`)
+ 
+ func (i *ScryptIdentity) unwrap(block *Stanza) ([]byte, error) {
+-	if block.Type != "scrypt" {
+-		return nil, ErrIncorrectIdentity
+-	}
+-	if len(block.Args) != 2 {
+-		return nil, errors.New("invalid scrypt recipient block")
+-	}
+-	salt, err := format.DecodeString(block.Args[0])
+-	if err != nil {
+-		return nil, fmt.Errorf("failed to parse scrypt salt: %v", err)
+-	}
+-	if len(salt) != scryptSaltSize {
+-		return nil, errors.New("invalid scrypt recipient block")
+-	}
+-	if w := block.Args[1]; !digitsRe.MatchString(w) {
+-		return nil, fmt.Errorf("scrypt work factor encoding invalid: %q", w)
+-	}
+-	logN, err := strconv.Atoi(block.Args[1])
+-	if err != nil {
+-		return nil, fmt.Errorf("failed to parse scrypt work factor: %v", err)
+-	}
+-	if logN > i.maxWorkFactor {
+-		return nil, fmt.Errorf("scrypt work factor too large: %v", logN)
+-	}
+-	if logN <= 0 { // unreachable
+-		return nil, fmt.Errorf("invalid scrypt work factor: %v", logN)
+-	}
+-
+-	salt = append([]byte(scryptLabel), salt...)
+-	k, err := scrypt.Key(i.password, salt, 1<<logN, 8, 1, chacha20poly1305.KeySize)
+-	if err != nil { // unreachable
+-		return nil, fmt.Errorf("failed to generate scrypt hash: %v", err)
+-	}
+-
+-	// This AEAD is not robust, so an attacker could craft a message that
+-	// decrypts under two different keys (meaning two different passphrases) and
+-	// then use an error side-channel in an online decryption oracle to learn if
+-	// either key is correct. This is deemed acceptable because the use case (an
+-	// online decryption oracle) is not recommended, and the security loss is
+-	// only one bit. This also does not bypass any scrypt work, although that work
+-	// can be precomputed in an online oracle scenario.
+-	fileKey, err := aeadDecrypt(k, fileKeySize, block.Body)
+-	if err == errIncorrectCiphertextSize {
+-		return nil, errors.New("invalid scrypt recipient block: incorrect file key size")
+-	} else if err != nil {
+-		return nil, ErrIncorrectIdentity
+-	}
+-	return fileKey, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+diff --git a/vendor/filippo.io/age/x25519.go b/vendor/filippo.io/age/x25519.go
+index 6cd87a8..f0d7dd7 100644
+--- a/vendor/filippo.io/age/x25519.go
++++ b/vendor/filippo.io/age/x25519.go
+@@ -5,18 +5,10 @@
+ package age
+ 
+ import (
+-	"crypto/rand"
+-	"crypto/sha256"
+-	"errors"
+ 	"fmt"
+-	"io"
+ 	"strings"
+ 
+ 	"filippo.io/age/internal/bech32"
+-	"filippo.io/age/internal/format"
+-	"golang.org/x/crypto/chacha20poly1305"
+-	"golang.org/x/crypto/curve25519"
+-	"golang.org/x/crypto/hkdf"
+ )
+ 
+ const x25519Label = "age-encryption.org/v1/X25519"
+@@ -34,14 +26,7 @@ var _ Recipient = &X25519Recipient{}
+ 
+ // newX25519RecipientFromPoint returns a new X25519Recipient from a raw Curve25519 point.
+ func newX25519RecipientFromPoint(publicKey []byte) (*X25519Recipient, error) {
+-	if len(publicKey) != curve25519.PointSize {
+-		return nil, errors.New("invalid X25519 public key")
+-	}
+-	r := &X25519Recipient{
+-		theirPublicKey: make([]byte, curve25519.PointSize),
+-	}
+-	copy(r.theirPublicKey, publicKey)
+-	return r, nil
++	panic("curve25519 cipher not available")
+ }
+ 
+ // ParseX25519Recipient returns a new X25519Recipient from a Bech32 public key
+@@ -62,41 +47,7 @@ func ParseX25519Recipient(s string) (*X25519Recipient, error) {
+ }
+ 
+ func (r *X25519Recipient) Wrap(fileKey []byte) ([]*Stanza, error) {
+-	ephemeral := make([]byte, curve25519.ScalarSize)
+-	if _, err := rand.Read(ephemeral); err != nil {
+-		return nil, err
+-	}
+-	ourPublicKey, err := curve25519.X25519(ephemeral, curve25519.Basepoint)
+-	if err != nil {
+-		return nil, err
+-	}
+-
+-	sharedSecret, err := curve25519.X25519(ephemeral, r.theirPublicKey)
+-	if err != nil {
+-		return nil, err
+-	}
+-
+-	l := &Stanza{
+-		Type: "X25519",
+-		Args: []string{format.EncodeToString(ourPublicKey)},
+-	}
+-
+-	salt := make([]byte, 0, len(ourPublicKey)+len(r.theirPublicKey))
+-	salt = append(salt, ourPublicKey...)
+-	salt = append(salt, r.theirPublicKey...)
+-	h := hkdf.New(sha256.New, sharedSecret, salt, []byte(x25519Label))
+-	wrappingKey := make([]byte, chacha20poly1305.KeySize)
+-	if _, err := io.ReadFull(h, wrappingKey); err != nil {
+-		return nil, err
+-	}
+-
+-	wrappedKey, err := aeadEncrypt(wrappingKey, fileKey)
+-	if err != nil {
+-		return nil, err
+-	}
+-	l.Body = wrappedKey
+-
+-	return []*Stanza{l}, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ // String returns the Bech32 public key encoding of r.
+@@ -115,24 +66,12 @@ var _ Identity = &X25519Identity{}
+ 
+ // newX25519IdentityFromScalar returns a new X25519Identity from a raw Curve25519 scalar.
+ func newX25519IdentityFromScalar(secretKey []byte) (*X25519Identity, error) {
+-	if len(secretKey) != curve25519.ScalarSize {
+-		return nil, errors.New("invalid X25519 secret key")
+-	}
+-	i := &X25519Identity{
+-		secretKey: make([]byte, curve25519.ScalarSize),
+-	}
+-	copy(i.secretKey, secretKey)
+-	i.ourPublicKey, _ = curve25519.X25519(i.secretKey, curve25519.Basepoint)
+-	return i, nil
++	panic("curve25519 cipher not available")
+ }
+ 
+ // GenerateX25519Identity randomly generates a new X25519Identity.
+ func GenerateX25519Identity() (*X25519Identity, error) {
+-	secretKey := make([]byte, curve25519.ScalarSize)
+-	if _, err := rand.Read(secretKey); err != nil {
+-		return nil, fmt.Errorf("internal error: %v", err)
+-	}
+-	return newX25519IdentityFromScalar(secretKey)
++	panic("curve25519 cipher not available")
+ }
+ 
+ // ParseX25519Identity returns a new X25519Identity from a Bech32 private key
+@@ -157,41 +96,7 @@ func (i *X25519Identity) Unwrap(stanzas []*Stanza) ([]byte, error) {
+ }
+ 
+ func (i *X25519Identity) unwrap(block *Stanza) ([]byte, error) {
+-	if block.Type != "X25519" {
+-		return nil, ErrIncorrectIdentity
+-	}
+-	if len(block.Args) != 1 {
+-		return nil, errors.New("invalid X25519 recipient block")
+-	}
+-	publicKey, err := format.DecodeString(block.Args[0])
+-	if err != nil {
+-		return nil, fmt.Errorf("failed to parse X25519 recipient: %v", err)
+-	}
+-	if len(publicKey) != curve25519.PointSize {
+-		return nil, errors.New("invalid X25519 recipient block")
+-	}
+-
+-	sharedSecret, err := curve25519.X25519(i.secretKey, publicKey)
+-	if err != nil {
+-		return nil, fmt.Errorf("invalid X25519 recipient: %v", err)
+-	}
+-
+-	salt := make([]byte, 0, len(publicKey)+len(i.ourPublicKey))
+-	salt = append(salt, publicKey...)
+-	salt = append(salt, i.ourPublicKey...)
+-	h := hkdf.New(sha256.New, sharedSecret, salt, []byte(x25519Label))
+-	wrappingKey := make([]byte, chacha20poly1305.KeySize)
+-	if _, err := io.ReadFull(h, wrappingKey); err != nil {
+-		return nil, err
+-	}
+-
+-	fileKey, err := aeadDecrypt(wrappingKey, fileKeySize, block.Body)
+-	if err == errIncorrectCiphertextSize {
+-		return nil, errors.New("invalid X25519 recipient block: incorrect file key size")
+-	} else if err != nil {
+-		return nil, ErrIncorrectIdentity
+-	}
+-	return fileKey, nil
++	panic("chacha20poly1305 cipher not available")
+ }
+ 
+ // Recipient returns the public X25519Recipient value corresponding to i.
+diff --git a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
+index b69aa03..ba67845 100644
+--- a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
++++ b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go
+@@ -28,7 +28,6 @@ import (
+ 	"fmt"
+ 	"math/big"
+ 
+-	"golang.org/x/crypto/ed25519"
+ 	josecipher "gopkg.in/square/go-jose.v2/cipher"
+ 	"gopkg.in/square/go-jose.v2/json"
+ )
+@@ -48,10 +47,6 @@ type ecEncrypterVerifier struct {
+ 	publicKey *ecdsa.PublicKey
+ }
+ 
+-type edEncrypterVerifier struct {
+-	publicKey ed25519.PublicKey
+-}
+-
+ // A key generator for ECDH-ES
+ type ecKeyGenerator struct {
+ 	size      int
+@@ -64,10 +59,6 @@ type ecDecrypterSigner struct {
+ 	privateKey *ecdsa.PrivateKey
+ }
+ 
+-type edDecrypterSigner struct {
+-	privateKey ed25519.PrivateKey
+-}
+-
+ // newRSARecipient creates recipientKeyInfo based on the given key.
+ func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) {
+ 	// Verify that key management algorithm is supported by this encrypter
+@@ -113,25 +104,6 @@ func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipi
+ 	}, nil
+ }
+ 
+-func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) {
+-	if sigAlg != EdDSA {
+-		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+-	}
+-
+-	if privateKey == nil {
+-		return recipientSigInfo{}, errors.New("invalid private key")
+-	}
+-	return recipientSigInfo{
+-		sigAlg: sigAlg,
+-		publicKey: staticPublicKey(&JSONWebKey{
+-			Key: privateKey.Public(),
+-		}),
+-		signer: &edDecrypterSigner{
+-			privateKey: privateKey,
+-		},
+-	}, nil
+-}
+-
+ // newECDHRecipient creates recipientKeyInfo based on the given key.
+ func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) {
+ 	// Verify that key management algorithm is supported by this encrypter
+@@ -467,33 +439,6 @@ func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientI
+ 	return josecipher.KeyUnwrap(block, recipient.encryptedKey)
+ }
+ 
+-func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+-	if alg != EdDSA {
+-		return Signature{}, ErrUnsupportedAlgorithm
+-	}
+-
+-	sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0))
+-	if err != nil {
+-		return Signature{}, err
+-	}
+-
+-	return Signature{
+-		Signature: sig,
+-		protected: &rawHeader{},
+-	}, nil
+-}
+-
+-func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+-	if alg != EdDSA {
+-		return ErrUnsupportedAlgorithm
+-	}
+-	ok := ed25519.Verify(ctx.publicKey, payload, signature)
+-	if !ok {
+-		return errors.New("square/go-jose: ed25519 signature failed to verify")
+-	}
+-	return nil
+-}
+-
+ // Sign the given payload
+ func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+ 	var expectedBitSize int
+diff --git a/vendor/gopkg.in/square/go-jose.v2/jwk.go b/vendor/gopkg.in/square/go-jose.v2/jwk.go
+index 222e260..98438e1 100644
+--- a/vendor/gopkg.in/square/go-jose.v2/jwk.go
++++ b/vendor/gopkg.in/square/go-jose.v2/jwk.go
+@@ -34,8 +34,6 @@ import (
+ 	"reflect"
+ 	"strings"
+ 
+-	"golang.org/x/crypto/ed25519"
+-
+ 	"gopkg.in/square/go-jose.v2/json"
+ )
+ 
+@@ -95,14 +93,10 @@ func (k JSONWebKey) MarshalJSON() ([]byte, error) {
+ 	var err error
+ 
+ 	switch key := k.Key.(type) {
+-	case ed25519.PublicKey:
+-		raw = fromEdPublicKey(key)
+ 	case *ecdsa.PublicKey:
+ 		raw, err = fromEcPublicKey(key)
+ 	case *rsa.PublicKey:
+ 		raw = fromRsaPublicKey(key)
+-	case ed25519.PrivateKey:
+-		raw, err = fromEdPrivateKey(key)
+ 	case *ecdsa.PrivateKey:
+ 		raw, err = fromEcPrivateKey(key)
+ 	case *rsa.PrivateKey:
+@@ -216,15 +210,7 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
+ 		key, err = raw.symmetricKey()
+ 	case "OKP":
+ 		if raw.Crv == "Ed25519" && raw.X != nil {
+-			if raw.D != nil {
+-				key, err = raw.edPrivateKey()
+-				if err == nil {
+-					keyPub = key.(ed25519.PrivateKey).Public()
+-				}
+-			} else {
+-				key, err = raw.edPublicKey()
+-				keyPub = key
+-			}
++			panic("ed25519 cipher not available")
+ 		} else {
+ 			err = fmt.Errorf("square/go-jose: unknown curve %s'", raw.Crv)
  		}
- 		commit.PGPSignature = sig
- 	}
-+	*/
- 
- 	obj := w.r.Storer.NewEncodedObject()
- 	if err := commit.Encode(obj); err != nil {
-@@ -116,7 +118,8 @@
- 	return w.r.Storer.SetEncodedObject(obj)
+@@ -356,23 +342,12 @@ func rsaThumbprintInput(n *big.Int, e int) (string, error) {
+ 		newBuffer(n.Bytes()).base64()), nil
  }
  
--func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) {
-+func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *int) (string, error) {
-+	/*
- 	encoded := &plumbing.MemoryObject{}
- 	if err := commit.Encode(encoded); err != nil {
- 		return "", err
-@@ -130,6 +133,8 @@
- 		return "", err
+-func edThumbprintInput(ed ed25519.PublicKey) (string, error) {
+-	crv := "Ed25519"
+-	if len(ed) > 32 {
+-		return "", errors.New("square/go-jose: invalid elliptic key (too large)")
+-	}
+-	return fmt.Sprintf(edThumbprintTemplate, crv,
+-		newFixedSizeBuffer(ed, 32).base64()), nil
+-}
+-
+ // Thumbprint computes the JWK Thumbprint of a key using the
+ // indicated hash algorithm.
+ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+ 	var input string
+ 	var err error
+ 	switch key := k.Key.(type) {
+-	case ed25519.PublicKey:
+-		input, err = edThumbprintInput(key)
+ 	case *ecdsa.PublicKey:
+ 		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+ 	case *ecdsa.PrivateKey:
+@@ -381,8 +356,6 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+ 		input, err = rsaThumbprintInput(key.N, key.E)
+ 	case *rsa.PrivateKey:
+ 		input, err = rsaThumbprintInput(key.N, key.E)
+-	case ed25519.PrivateKey:
+-		input, err = edThumbprintInput(ed25519.PublicKey(key[32:]))
+ 	default:
+ 		return nil, fmt.Errorf("square/go-jose: unknown key type '%s'", reflect.TypeOf(key))
  	}
- 	return b.String(), nil
-+	*/
-+	return "", nil
+@@ -399,7 +372,7 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+ // IsPublic returns true if the JWK represents a public key (not symmetric, not private).
+ func (k *JSONWebKey) IsPublic() bool {
+ 	switch k.Key.(type) {
+-	case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
++	case *ecdsa.PublicKey, *rsa.PublicKey:
+ 		return true
+ 	default:
+ 		return false
+@@ -417,8 +390,6 @@ func (k *JSONWebKey) Public() JSONWebKey {
+ 		ret.Key = key.Public()
+ 	case *rsa.PrivateKey:
+ 		ret.Key = key.Public()
+-	case ed25519.PrivateKey:
+-		ret.Key = key.Public()
+ 	default:
+ 		return JSONWebKey{} // returning invalid key
+ 	}
+@@ -447,14 +418,6 @@ func (k *JSONWebKey) Valid() bool {
+ 		if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 {
+ 			return false
+ 		}
+-	case ed25519.PublicKey:
+-		if len(key) != 32 {
+-			return false
+-		}
+-	case ed25519.PrivateKey:
+-		if len(key) != 64 {
+-			return false
+-		}
+ 	default:
+ 		return false
+ 	}
+@@ -472,14 +435,6 @@ func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) {
+ 	}, nil
  }
  
- // buildTreeHelper converts a given index.Index file into multiple git objects
+-func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey {
+-	return &rawJSONWebKey{
+-		Kty: "OKP",
+-		Crv: "Ed25519",
+-		X:   newBuffer(pub),
+-	}
+-}
+-
+ func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey {
+ 	return &rawJSONWebKey{
+ 		Kty: "RSA",
+@@ -559,36 +514,6 @@ func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) {
+ 	return key, nil
+ }
+ 
+-func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) {
+-	var missing []string
+-	switch {
+-	case key.D == nil:
+-		missing = append(missing, "D")
+-	case key.X == nil:
+-		missing = append(missing, "X")
+-	}
+-
+-	if len(missing) > 0 {
+-		return nil, fmt.Errorf("square/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", "))
+-	}
+-
+-	privateKey := make([]byte, ed25519.PrivateKeySize)
+-	copy(privateKey[0:32], key.D.bytes())
+-	copy(privateKey[32:], key.X.bytes())
+-	rv := ed25519.PrivateKey(privateKey)
+-	return rv, nil
+-}
+-
+-func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) {
+-	if key.X == nil {
+-		return nil, fmt.Errorf("square/go-jose: invalid Ed key, missing x value")
+-	}
+-	publicKey := make([]byte, ed25519.PublicKeySize)
+-	copy(publicKey[0:32], key.X.bytes())
+-	rv := ed25519.PublicKey(publicKey)
+-	return rv, nil
+-}
+-
+ func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) {
+ 	var missing []string
+ 	switch {
+@@ -634,13 +559,6 @@ func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) {
+ 	return rv, err
+ }
+ 
+-func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) {
+-	raw := fromEdPublicKey(ed25519.PublicKey(ed[32:]))
+-
+-	raw.D = newBuffer(ed[0:32])
+-	return raw, nil
+-}
+-
+ func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) {
+ 	if len(rsa.Primes) != 2 {
+ 		return nil, ErrUnsupportedKeyType
+diff --git a/vendor/gopkg.in/square/go-jose.v2/signing.go b/vendor/gopkg.in/square/go-jose.v2/signing.go
+index bad820c..8065475 100644
+--- a/vendor/gopkg.in/square/go-jose.v2/signing.go
++++ b/vendor/gopkg.in/square/go-jose.v2/signing.go
+@@ -24,8 +24,6 @@ import (
+ 	"errors"
+ 	"fmt"
+ 
+-	"golang.org/x/crypto/ed25519"
+-
+ 	"gopkg.in/square/go-jose.v2/json"
+ )
+ 
+@@ -154,10 +152,6 @@ func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) {
+ // newVerifier creates a verifier based on the key type
+ func newVerifier(verificationKey interface{}) (payloadVerifier, error) {
+ 	switch verificationKey := verificationKey.(type) {
+-	case ed25519.PublicKey:
+-		return &edEncrypterVerifier{
+-			publicKey: verificationKey,
+-		}, nil
+ 	case *rsa.PublicKey:
+ 		return &rsaEncrypterVerifier{
+ 			publicKey: verificationKey,
+@@ -193,8 +187,6 @@ func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interf
+ 
+ func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) {
+ 	switch signingKey := signingKey.(type) {
+-	case ed25519.PrivateKey:
+-		return newEd25519Signer(alg, signingKey)
+ 	case *rsa.PrivateKey:
+ 		return newRSASigner(alg, signingKey)
+ 	case *ecdsa.PrivateKey:
+diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go
+index 4bb18ee8..a3342a76 100644
+--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go
++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go
+@@ -23,14 +23,11 @@ import (
+ 	"crypto/cipher"
+ 	"crypto/rand"
+ 	"encoding/base64"
+-	"fmt"
+ 	"time"
+ 
+ 	"k8s.io/apiserver/pkg/storage/value"
+ 	"k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics"
+ 	"k8s.io/utils/lru"
+-
+-	"golang.org/x/crypto/cryptobyte"
+ )
+ 
+ func init() {
+@@ -82,75 +79,12 @@ func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransfor
+ 
+ // TransformFromStorage decrypts data encrypted by this transformer using envelope encryption.
+ func (t *envelopeTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) {
+-	metrics.RecordArrival(metrics.FromStorageLabel, time.Now())
+-
+-	// Read the 16 bit length-of-DEK encoded at the start of the encrypted DEK. 16 bits can
+-	// represent a maximum key length of 65536 bytes. We are using a 256 bit key, whose
+-	// length cannot fit in 8 bits (1 byte). Thus, we use 16 bits (2 bytes) to store the length.
+-	var encKey cryptobyte.String
+-	s := cryptobyte.String(data)
+-	if ok := s.ReadUint16LengthPrefixed(&encKey); !ok {
+-		return nil, false, fmt.Errorf("invalid data encountered by envelope transformer: failed to read uint16 length prefixed data")
+-	}
+-
+-	encData := []byte(s)
+-
+-	// Look up the decrypted DEK from cache or Envelope.
+-	transformer := t.getTransformer(encKey)
+-	if transformer == nil {
+-		if t.cacheEnabled {
+-			value.RecordCacheMiss()
+-		}
+-		key, err := t.envelopeService.Decrypt(encKey)
+-		if err != nil {
+-			// Do NOT wrap this err using fmt.Errorf() or similar functions
+-			// because this gRPC status error has useful error code when
+-			// record the metric.
+-			return nil, false, err
+-		}
+-
+-		transformer, err = t.addTransformer(encKey, key)
+-		if err != nil {
+-			return nil, false, err
+-		}
+-	}
+-
+-	return transformer.TransformFromStorage(ctx, encData, dataCtx)
++	panic("cryptobyte cipher not available")
+ }
+ 
+ // TransformToStorage encrypts data to be written to disk using envelope encryption.
+ func (t *envelopeTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) {
+-	metrics.RecordArrival(metrics.ToStorageLabel, time.Now())
+-	newKey, err := generateKey(32)
+-	if err != nil {
+-		return nil, err
+-	}
+-
+-	encKey, err := t.envelopeService.Encrypt(newKey)
+-	if err != nil {
+-		// Do NOT wrap this err using fmt.Errorf() or similar functions
+-		// because this gRPC status error has useful error code when
+-		// record the metric.
+-		return nil, err
+-	}
+-
+-	transformer, err := t.addTransformer(encKey, newKey)
+-	if err != nil {
+-		return nil, err
+-	}
+-
+-	result, err := transformer.TransformToStorage(ctx, data, dataCtx)
+-	if err != nil {
+-		return nil, err
+-	}
+-	// Append the length of the encrypted DEK as the first 2 bytes.
+-	b := cryptobyte.NewBuilder(nil)
+-	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-		b.AddBytes([]byte(encKey))
+-	})
+-	b.AddBytes(result)
+-
+-	return b.Bytes()
++	panic("cryptobyte cipher not available")
+ }
+ 
+ var _ value.Transformer = &envelopeTransformer{}
+diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go
+index cf8f3930..de4d145f 100644
+--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go
++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go
+@@ -20,14 +20,10 @@ import (
+ 	"bytes"
+ 	"context"
+ 	"crypto/aes"
+-	"crypto/sha256"
+ 	"errors"
+ 	"fmt"
+-	"io"
+ 	"time"
+ 
+-	"golang.org/x/crypto/hkdf"
+-
+ 	"k8s.io/apiserver/pkg/storage/value"
+ 	"k8s.io/utils/clock"
+ )
+@@ -132,14 +128,7 @@ func (e *extendedNonceGCM) derivedKeyTransformer(info []byte, dataCtx value.Cont
+ }
+ 
+ func (e *extendedNonceGCM) sha256KDFExpandOnly(info []byte) ([]byte, error) {
+-	kdf := hkdf.Expand(sha256.New, e.seed, info)
+-
+-	derivedKey := make([]byte, derivedKeySizeExtendedNonceGCM)
+-	if _, err := io.ReadFull(kdf, derivedKey); err != nil {
+-		return nil, fmt.Errorf("failed to read a derived key from KDF: %w", err)
+-	}
+-
+-	return derivedKey, nil
++	panic("hkdf cipher not available")
+ }
+ 
+ func newGCMTransformerWithInfo(key, info []byte) (*transformerWithInfo, error) {
+
+diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go
+index 45d5db58..db3bd2f9 100644
+--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go
++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go
+@@ -23,12 +23,10 @@ import (
+ 	"crypto/cipher"
+ 	"crypto/sha256"
+ 	"fmt"
+-	"sort"
+ 	"time"
+ 	"unsafe"
+ 
+ 	"github.com/gogo/protobuf/proto"
+-	"golang.org/x/crypto/cryptobyte"
+ 
+ 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+ 	"k8s.io/apimachinery/pkg/util/uuid"
+@@ -418,41 +416,7 @@ func getRequestInfoFromContext(ctx context.Context) *genericapirequest.RequestIn
+ //     a. annotation key
+ //     b. annotation value
+ func generateCacheKey(encryptedDEKSourceType kmstypes.EncryptedDEKSourceType, encryptedDEKSource []byte, keyID string, annotations map[string][]byte) ([]byte, error) {
+-	// TODO(aramase): use sync pool buffer to avoid allocations
+-	b := cryptobyte.NewBuilder(nil)
+-	b.AddUint32(uint32(encryptedDEKSourceType))
+-	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-		b.AddBytes(encryptedDEKSource)
+-	})
+-	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-		b.AddBytes(toBytes(keyID))
+-	})
+-	if len(annotations) == 0 {
+-		return b.Bytes()
+-	}
+-
+-	// add the length of annotations to the cache key
+-	b.AddUint32(uint32(len(annotations)))
+-
+-	// Sort the annotations by key.
+-	keys := make([]string, 0, len(annotations))
+-	for k := range annotations {
+-		k := k
+-		keys = append(keys, k)
+-	}
+-	sort.Strings(keys)
+-	for _, k := range keys {
+-		// The maximum size of annotations is annotationsMaxSize (32 kB) so we can safely
+-		// assume that the length of the key and value will fit in a uint16.
+-		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-			b.AddBytes(toBytes(k))
+-		})
+-		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-			b.AddBytes(annotations[k])
+-		})
+-	}
+-
+-	return b.Bytes()
++	panic("cryptobyte cipher not available")
+ }
+ 
+ // toBytes performs unholy acts to avoid allocations
+
+diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go
+index 9aec8acd..d0a19c71 100644
+--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go
++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go
+@@ -19,10 +19,6 @@ package secretbox
+ 
+ import (
+ 	"context"
+-	"crypto/rand"
+-	"fmt"
+-
+-	"golang.org/x/crypto/nacl/secretbox"
+ 
+ 	"k8s.io/apiserver/pkg/storage/value"
+ )
+@@ -43,28 +39,9 @@ func NewSecretboxTransformer(key [32]byte) value.Transformer {
+ }
+ 
+ func (t *secretboxTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, bool, error) {
+-	if len(data) < (secretbox.Overhead + nonceSize) {
+-		return nil, false, fmt.Errorf("the stored data was shorter than the required size")
+-	}
+-	var nonce [nonceSize]byte
+-	copy(nonce[:], data[:nonceSize])
+-	data = data[nonceSize:]
+-	out := make([]byte, 0, len(data)-secretbox.Overhead)
+-	result, ok := secretbox.Open(out, data, &nonce, &t.key)
+-	if !ok {
+-		return nil, false, fmt.Errorf("output array was not large enough for encryption")
+-	}
+-	return result, false, nil
++	panic("nacl cipher not available")
+ }
+ 
+ func (t *secretboxTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx value.Context) ([]byte, error) {
+-	var nonce [nonceSize]byte
+-	n, err := rand.Read(nonce[:])
+-	if err != nil {
+-		return nil, err
+-	}
+-	if n != nonceSize {
+-		return nil, fmt.Errorf("unable to read sufficient random bytes")
+-	}
+-	return secretbox.Seal(nonce[:], data, &nonce, &t.key), nil
++	panic("nacl cipher not available")
+ }
+
+diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go
+index d678f52d..da4abbae 100644
+--- a/vendor/k8s.io/apiserver/pkg/server/config.go
++++ b/vendor/k8s.io/apiserver/pkg/server/config.go
+@@ -18,8 +18,6 @@ package server
+ 
+ import (
+ 	"context"
+-	"crypto/sha256"
+-	"encoding/base32"
+ 	"fmt"
+ 	"net"
+ 	"net/http"
+@@ -34,7 +32,6 @@ import (
+ 
+ 	jsonpatch "github.com/evanphx/json-patch"
+ 	"github.com/google/uuid"
+-	"golang.org/x/crypto/cryptobyte"
+ 
+ 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ 	"k8s.io/apimachinery/pkg/runtime"
+@@ -374,29 +371,7 @@ func NewConfig(codecs serializer.CodecFactory) *Config {
+ 	defaultHealthChecks := []healthz.HealthChecker{healthz.PingHealthz, healthz.LogHealthz}
+ 	var id string
+ 	if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) {
+-		hostname, err := hostnameFunc()
+-		if err != nil {
+-			klog.Fatalf("error getting hostname for apiserver identity: %v", err)
+-		}
+-
+-		// Since the hash needs to be unique across each kube-apiserver and aggregated apiservers,
+-		// the hash used for the identity should include both the hostname and the identity value.
+-		// TODO: receive the identity value as a parameter once the apiserver identity lease controller
+-		// post start hook is moved to generic apiserver.
+-		b := cryptobyte.NewBuilder(nil)
+-		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-			b.AddBytes([]byte(hostname))
+-		})
+-		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+-			b.AddBytes([]byte("kube-apiserver"))
+-		})
+-		hashData, err := b.Bytes()
+-		if err != nil {
+-			klog.Fatalf("error building hash data for apiserver identity: %v", err)
+-		}
+-
+-		hash := sha256.Sum256(hashData)
+-		id = "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16]))
++		panic("cryptobyte cipher not available")
+ 	}
+ 	lifecycleSignals := newLifecycleSignals()
diff --git a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
index 48a4536..ad92fb1 100644
--- a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
+++ b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
@@ -23,7 +23,7 @@ index 0000000000..5a06918832
 +
 +package boring
 +
-+// #include "openssl_pbkdf2.h"
++// #include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h"
 +// #cgo LDFLAGS: -ldl
 +import "C"
 +import (
@@ -39,14 +39,14 @@ index 0000000000..5a06918832
 +	emptySha256 = sha256.Sum256([]byte{})
 +)
 +
-+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
++func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR {
 +	emptyHash := h.Sum([]byte{})
 +
 +	switch {
 +	case bytes.Equal(emptyHash, emptySha1[:]):
-+		return C._goboringcrypto_EVP_sha1()
++		return C.go_openssl_EVP_sha1()
 +	case bytes.Equal(emptyHash, emptySha256[:]):
-+		return C._goboringcrypto_EVP_sha256()
++		return C.go_openssl_EVP_sha256()
 +	}
 +	return nil
 +}
@@ -78,7 +78,7 @@ index 0000000000..5a06918832
 +	}
 +
 +	out := make([]byte, keyLen)
-+	ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
++	ok := C.go_openssl_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
 +	if ok != 1 {
 +		panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
 +	}
@@ -106,17 +106,6 @@ index 0000000000..e244fb5663
 +func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
 +	panic("boringcrypto: not available")
 +}
-diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
-new file mode 100644
-index 0000000000..6dfdf10424
---- /dev/null
-+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
-@@ -0,0 +1,5 @@
-+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
-+
-+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
-+    (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
-+    (pass, passlen, salt, saltlen, iter, digest, keylen, out))
 diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
 index 593f653008..799a611f94 100644
 --- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
diff --git a/SOURCES/1004-vendor-Redacted-Url-in-logs.patch b/SOURCES/1004-vendor-Redacted-Url-in-logs.patch
new file mode 100644
index 0000000..9ac5827
--- /dev/null
+++ b/SOURCES/1004-vendor-Redacted-Url-in-logs.patch
@@ -0,0 +1,51 @@
+diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go
+index f40d241..765a828 100644
+--- a/vendor/github.com/hashicorp/go-retryablehttp/client.go
++++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go
+@@ -584,9 +584,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
+ 	if logger != nil {
+ 		switch v := logger.(type) {
+ 		case LeveledLogger:
+-			v.Debug("performing request", "method", req.Method, "url", req.URL)
++			v.Debug("performing request", "method", req.Method, "url", req.URL.Redacted())
+ 		case Logger:
+-			v.Printf("[DEBUG] %s %s", req.Method, req.URL)
++			v.Printf("[DEBUG] %s %s", req.Method, req.URL.Redacted())
+ 		}
+ 	}
+ 
+@@ -641,9 +641,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
+ 		if err != nil {
+ 			switch v := logger.(type) {
+ 			case LeveledLogger:
+-				v.Error("request failed", "error", err, "method", req.Method, "url", req.URL)
++				v.Error("request failed", "error", err, "method", req.Method, "url", req.URL.Redacted())
+ 			case Logger:
+-				v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err)
++				v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL.Redacted(), err)
+ 			}
+ 		} else {
+ 			// Call this here to maintain the behavior of logging all requests,
+@@ -679,7 +679,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
+ 
+ 		wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp)
+ 		if logger != nil {
+-			desc := fmt.Sprintf("%s %s", req.Method, req.URL)
++			desc := fmt.Sprintf("%s %s", req.Method, req.URL.Redacted())
+ 			if resp != nil {
+ 				desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode)
+ 			}
+@@ -735,11 +735,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
+ 	// communicate why
+ 	if err == nil {
+ 		return nil, fmt.Errorf("%s %s giving up after %d attempt(s)",
+-			req.Method, req.URL, attempt)
++			req.Method, req.URL.Redacted(), attempt)
+ 	}
+ 
+ 	return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w",
+-		req.Method, req.URL, attempt, err)
++		req.Method, req.URL.Redacted(), attempt, err)
+ }
+ 
+ // Try to read the response body so we can reuse this connection.
diff --git a/SOURCES/create_bundles.sh b/SOURCES/create_bundles.sh
index 647ad5c..feb9994 100755
--- a/SOURCES/create_bundles.sh
+++ b/SOURCES/create_bundles.sh
@@ -30,9 +30,28 @@ make gen-go
 rm -r vendor/golang.org/x/crypto/bcrypt
 rm -r vendor/golang.org/x/crypto/blowfish
 rm -r vendor/golang.org/x/crypto/cast5
-rm -r vendor/golang.org/x/crypto/openpgp/elgamal
-rm    vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
-rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2
+rm -r vendor/golang.org/x/crypto/acme
+rm -r vendor/golang.org/x/crypto/argon2
+rm -r vendor/golang.org/x/crypto/blake2b
+rm -r vendor/golang.org/x/crypto/chacha20
+rm -r vendor/golang.org/x/crypto/chacha20poly1305
+rm -r vendor/golang.org/x/crypto/cryptobyte
+rm -r vendor/golang.org/x/crypto/curve25519
+rm -r vendor/golang.org/x/crypto/ed25519
+rm -r vendor/golang.org/x/crypto/hkdf
+rm -r vendor/golang.org/x/crypto/internal
+rm -r vendor/golang.org/x/crypto/md4
+rm -r vendor/golang.org/x/crypto/nacl
+rm -r vendor/golang.org/x/crypto/openpgp
+rm -r vendor/golang.org/x/crypto/pkcs12
+rm -r vendor/golang.org/x/crypto/poly1305
+rm -r vendor/golang.org/x/crypto/salsa20
+rm -r vendor/golang.org/x/crypto/scrypt
+rm -r vendor/golang.org/x/crypto/sha3
+
+# Remove unused code under apsl licenses
+rm -r vendor/modernc.org/libc
+rm -r vendor/modernc.org/sqlite
 
 # List bundled dependencies
 awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \
diff --git a/SOURCES/create_bundles_in_container.sh b/SOURCES/create_bundles_in_container.sh
index 4640068..216efab 100755
--- a/SOURCES/create_bundles_in_container.sh
+++ b/SOURCES/create_bundles_in_container.sh
@@ -6,7 +6,7 @@
 #
 
 cat <<EOF | podman build -t grafana-build -f - .
-FROM fedora:36
+FROM fedora:39
 
 RUN dnf upgrade -y && \
     dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg
diff --git a/SOURCES/grafana.fc b/SOURCES/grafana.fc
index 5a090ea..ae17d09 100644
--- a/SOURCES/grafana.fc
+++ b/SOURCES/grafana.fc
@@ -5,6 +5,7 @@
 
 /usr/sbin/grafana-cli					--	gen_context(system_u:object_r:grafana_exec_t,s0)
 /usr/sbin/grafana-server				--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/sbin/grafana				        --	gen_context(system_u:object_r:grafana_exec_t,s0)
 
 /var/lib/grafana(/.*)?						gen_context(system_u:object_r:grafana_var_lib_t,s0)
 #/var/lib/grafana/grafana.db				--	gen_context(system_u:object_r:grafana_db_t,s0)
diff --git a/SOURCES/grafana.te b/SOURCES/grafana.te
index b7acfed..d25174e 100644
--- a/SOURCES/grafana.te
+++ b/SOURCES/grafana.te
@@ -123,6 +123,14 @@ optional_policy(`
 	allow grafana_t postgresql_var_run_t:sock_file write;
 ')
 
+optional_policy(`
+	require {
+		type proc_net_t;
+		class lnk_file { read };
+	}
+	allow grafana_t proc_net_t:lnk_file read;
+')
+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 
diff --git a/SOURCES/list_bundled_nodejs_packages.py b/SOURCES/list_bundled_nodejs_packages.py
index 2a30201..0636632 100755
--- a/SOURCES/list_bundled_nodejs_packages.py
+++ b/SOURCES/list_bundled_nodejs_packages.py
@@ -25,6 +25,7 @@ def read_declared_pkgs(package_json_path):
 
 
 def read_installed_pkgs(yarn_lock_path):
+    bad_version_strings = ['0.0.0-use.local', '7.0.1-patch.1']
     with open(yarn_lock_path) as f:
         lockfile = yaml.safe_load(f)
         for pkg_decl, meta in lockfile.items():
@@ -33,7 +34,8 @@ def read_installed_pkgs(yarn_lock_path):
                     continue
                 pkg_name = pkg[: pkg.index("@", 1)]
                 pkg_version = meta["version"]
-                yield (pkg_name, pkg_version)
+                if pkg_version not in bad_version_strings:
+                    yield (pkg_name, pkg_version)
 
 
 def list_provides(declared_pkgs, installed_pkgs):
diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index 7ff55af..cfbf93d 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -24,8 +24,8 @@ end}
 %global selinux_variants mls targeted
 
 Name:             grafana
-Version:          9.2.10
-Release:          15%{?dist}
+Version:          10.2.6
+Release:          4%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -72,17 +72,17 @@ Patch3:           0003-update-default-configuration.patch
 Patch4:           0004-remove-unused-backend-dependencies.patch
 Patch5:           0005-remove-unused-frontend-crypto.patch
 Patch6:           0006-skip-marketplace-plugin-install-test.patch
-Patch7:           0007-fix-alert-test.patch
-Patch8:           0008-graphite-functions-xss.patch
-Patch9:           0009-redact-weak-ciphers.patch
-Patch10:          0010-skip-tests.patch
-Patch11:          0011-remove-email-lookup.patch
-Patch12:          0012-coredump-selinux-error.patch
+Patch7:           0007-redact-weak-ciphers.patch
+Patch8:           0008-replace-faulty-slices-sort.patch
+Patch9:           0009-update-wrappers-and-systemd-with-distro-paths.patch
+# https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4
+Patch10:          0010-remove-bcrypt-references.patch
 
 # Patches affecting the vendor tarball
 Patch1001:        1001-vendor-patch-removed-backend-crypto.patch
 Patch1002:        1002-vendor-use-pbkdf2-from-OpenSSL.patch
 Patch1003:        1003-vendor-skip-goldenfiles-tests.patch
+Patch1004:        1004-vendor-Redacted-Url-in-logs.patch
 
 # Intersection of go_arches and nodejs_arches
 ExclusiveArch:    %{grafana_arches}
@@ -156,568 +156,582 @@ Provides:         grafana-stackdriver = 7.3.6-1
 # this is for security purposes, if nodejs-foo ever needs an update,
 # affected packages can be easily identified.
 # Note: generated by the Makefile (see README.md)
-Provides: bundled(golang(cloud.google.com/go/storage)) = 1.21.0
-Provides: bundled(golang(cuelang.org/go)) = 0.4.3
-Provides: bundled(golang(github.com/Azure/azure-sdk-for-go)) = 59.3.0+incompatible
-Provides: bundled(golang(github.com/Azure/go-autorest/autorest)) = 0.11.22
-Provides: bundled(golang(github.com/BurntSushi/toml)) = 1.1.0
+Provides: bundled(golang(cloud.google.com/go/storage)) = 1.30.1
+Provides: bundled(golang(cuelang.org/go)) = 0.6.0-0.dev
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go)) = 65.0.0+incompatible
+Provides: bundled(golang(github.com/Azure/go-autorest/autorest)) = 0.11.28
+Provides: bundled(golang(github.com/BurntSushi/toml)) = 1.3.2
 Provides: bundled(golang(github.com/Masterminds/semver)) = 1.5.0
 Provides: bundled(golang(github.com/VividCortex/mysqlerr)) = 0.0.0-20170204212430.6c6b55f8796f
-Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.44.109
-Provides: bundled(golang(github.com/beevik/etree)) = 1.1.0
-Provides: bundled(golang(github.com/benbjohnson/clock)) = 1.3.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.44.325
+Provides: bundled(golang(github.com/beevik/etree)) = 1.2.0
+Provides: bundled(golang(github.com/benbjohnson/clock)) = 1.3.5
+Provides: bundled(golang(github.com/blang/semver/v4)) = 4.0.0
 Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20190913173617.a41fca850d0b
-Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.25.0
-Provides: bundled(golang(github.com/cortexproject/cortex)) = 1.10.1-0.20211014125347.85c378182d0d
-Provides: bundled(golang(github.com/davecgh/go-spew)) = 1.1.1
-Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.12.0
-Provides: bundled(golang(github.com/dop251/goja)) = 0.0.0-20210804101310.32956a348b49
-Provides: bundled(golang(github.com/fatih/color)) = 1.13.0
+Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.30.2
+Provides: bundled(golang(github.com/fatih/color)) = 1.15.0
 Provides: bundled(golang(github.com/gchaincl/sqlhooks)) = 1.3.0
-Provides: bundled(golang(github.com/getsentry/sentry-go)) = 0.13.0
-Provides: bundled(golang(github.com/go-git/go-git/v5)) = 5.4.2
-Provides: bundled(golang(github.com/go-kit/kit)) = 0.11.0
-Provides: bundled(golang(github.com/go-openapi/strfmt)) = 0.21.3
-Provides: bundled(golang(github.com/go-redis/redis/v8)) = 8.11.4
+Provides: bundled(golang(github.com/go-ldap/ldap/v3)) = 3.4.4
+Provides: bundled(golang(github.com/go-openapi/strfmt)) = 0.21.7
+Provides: bundled(golang(github.com/go-redis/redis/v8)) = 8.11.5
 Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.3+incompatible
-Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.6.0
+Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.7.1
 Provides: bundled(golang(github.com/go-stack/stack)) = 1.8.1
 Provides: bundled(golang(github.com/gobwas/glob)) = 0.2.3
 Provides: bundled(golang(github.com/gogo/protobuf)) = 1.3.2
 Provides: bundled(golang(github.com/golang/mock)) = 1.6.0
 Provides: bundled(golang(github.com/golang/snappy)) = 0.0.4
-Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.8
-Provides: bundled(golang(github.com/google/uuid)) = 1.3.0
+Provides: bundled(golang(github.com/google/go-cmp)) = 0.6.0
+Provides: bundled(golang(github.com/google/uuid)) = 1.4.0
 Provides: bundled(golang(github.com/google/wire)) = 0.5.0
 Provides: bundled(golang(github.com/gorilla/websocket)) = 1.5.0
-Provides: bundled(golang(github.com/gosimple/slug)) = 1.12.0
-Provides: bundled(golang(github.com/grafana/cuetsy)) = 0.0.4-0.20220714174355.ebd987fdab27
-Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.10.8
-Provides: bundled(golang(github.com/grafana/grafana-azure-sdk-go)) = 1.3.0
-Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.139.0
-Provides: bundled(golang(github.com/grafana/thema)) = 0.0.0-20220817114012.ebeee841c104
-Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.3.0
-Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 1.0.0
-Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.4.3
-Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.3.0
-Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.6.0
+Provides: bundled(golang(github.com/grafana/alerting)) = 0.0.0-20231101090315.bf12694896a8
+Provides: bundled(golang(github.com/grafana/cuetsy)) = 0.1.11
+Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.19.1
+Provides: bundled(golang(github.com/grafana/grafana-azure-sdk-go)) = 1.9.0
+Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.196.0
+Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.4.0
+Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 1.5.0
+Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.6.0
+Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.6.0
+Provides: bundled(golang(github.com/hashicorp/hcl/v2)) = 2.17.0
+Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.12.3
 Provides: bundled(golang(github.com/influxdata/line-protocol)) = 0.0.0-20210311194329.9aa0e372d097
 Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.4.0
 Provides: bundled(golang(github.com/json-iterator/go)) = 1.1.12
-Provides: bundled(golang(github.com/lib/pq)) = 1.10.4
+Provides: bundled(golang(github.com/lib/pq)) = 1.10.9
 Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.10.0
 Provides: bundled(golang(github.com/m3db/prometheus_remote_client_golang)) = 0.4.4
-Provides: bundled(golang(github.com/magefile/mage)) = 1.13.0
-Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.14
-Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.16
-Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = 1.0.2
+Provides: bundled(golang(github.com/magefile/mage)) = 1.15.0
+Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.18
+Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.19
+Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = 1.0.4
 Provides: bundled(golang(github.com/mwitkow/go-conntrack)) = 0.0.0-20190716064945.2f068394615f
-Provides: bundled(golang(github.com/ohler55/ojg)) = 1.12.9
-Provides: bundled(golang(github.com/opentracing/opentracing-go)) = 1.2.0
 Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible
-Provides: bundled(golang(github.com/pkg/errors)) = 0.9.1
-Provides: bundled(golang(github.com/prometheus/alertmanager)) = 0.24.1-0.20221003101219.ae510d09c048
-Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.13.1
-Provides: bundled(golang(github.com/prometheus/client_model)) = 0.2.0
-Provides: bundled(golang(github.com/prometheus/common)) = 0.37.0
-Provides: bundled(golang(github.com/prometheus/prometheus)) = 1.8.2-0.20211011171444.354d8d2ecfac
+Provides: bundled(golang(github.com/prometheus/alertmanager)) = 0.25.0
+Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.17.0
+Provides: bundled(golang(github.com/prometheus/client_model)) = 0.5.0
+Provides: bundled(golang(github.com/prometheus/common)) = 0.45.0
+Provides: bundled(golang(github.com/prometheus/prometheus)) = 1.8.2-0.20221021121301.51a44e6657c3
 Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1
-Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.1.1
-Provides: bundled(golang(github.com/stretchr/testify)) = 1.8.0
+Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.4.0
+Provides: bundled(golang(github.com/stretchr/testify)) = 1.8.4
 Provides: bundled(golang(github.com/teris-io/shortid)) = 0.0.0-20171029131806.771a37caa5cf
 Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20211112212520.00c877edfe0f
-Provides: bundled(golang(github.com/uber/jaeger-client-go)) = 2.29.1+incompatible
-Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.3.0
+Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.25.0
 Provides: bundled(golang(github.com/vectordotdev/go-datemath)) = 0.1.1-0.20220323213446.f3954d0b18ae
-Provides: bundled(golang(github.com/xorcare/pointer)) = 1.1.0
 Provides: bundled(golang(github.com/yalue/merged_fs)) = 1.2.2
 Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0
-Provides: bundled(golang(go.opentelemetry.io/collector)) = 0.31.0
-Provides: bundled(golang(go.opentelemetry.io/collector/model)) = 0.31.0
-Provides: bundled(golang(go.opentelemetry.io/otel)) = 1.6.3
-Provides: bundled(golang(go.opentelemetry.io/otel/exporters/jaeger)) = 1.0.0
-Provides: bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.6.3
-Provides: bundled(golang(go.opentelemetry.io/otel/trace)) = 1.6.3
-Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20220622213112.05595931fe9d
-Provides: bundled(golang(golang.org/x/exp)) = 0.0.0-20220613132600.b0d781184e0d
-Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20220608161450.d0670ef3b1eb
-Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20220722155255.886fb9371eb4
-Provides: bundled(golang(golang.org/x/time)) = 0.0.0-20220609170525.579cf78fd858
-Provides: bundled(golang(golang.org/x/tools)) = 0.1.12
-Provides: bundled(golang(gonum.org/v1/gonum)) = 0.11.0
-Provides: bundled(golang(google.golang.org/api)) = 0.74.0
-Provides: bundled(golang(google.golang.org/grpc)) = 1.45.0
-Provides: bundled(golang(google.golang.org/protobuf)) = 1.28.1
-Provides: bundled(golang(gopkg.in/ini.v1)) = 1.66.2
-Provides: bundled(golang(gopkg.in/ldap.v3)) = 3.1.0
+Provides: bundled(golang(go.opentelemetry.io/collector/pdata)) = 1.0.0-rc8
+Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace)) = 0.46.1
+Provides: bundled(golang(go.opentelemetry.io/otel/exporters/jaeger)) = 1.10.0
+Provides: bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.21.0
+Provides: bundled(golang(go.opentelemetry.io/otel/trace)) = 1.21.0
+Provides: bundled(golang(golang.org/x/crypto)) = 0.17.0
+Provides: bundled(golang(golang.org/x/exp)) = 0.0.0-20230321023759.10a507213a29
+Provides: bundled(golang(golang.org/x/net)) = 0.19.0
+Provides: bundled(golang(golang.org/x/oauth2)) = 0.15.0
+Provides: bundled(golang(golang.org/x/sync)) = 0.4.0
+Provides: bundled(golang(golang.org/x/time)) = 0.3.0
+Provides: bundled(golang(golang.org/x/tools)) = 0.13.0
+Provides: bundled(golang(gonum.org/v1/gonum)) = 0.12.0
+Provides: bundled(golang(google.golang.org/api)) = 0.148.0
+Provides: bundled(golang(google.golang.org/grpc)) = 1.59.0
+Provides: bundled(golang(google.golang.org/protobuf)) = 1.31.0
+Provides: bundled(golang(gopkg.in/ini.v1)) = 1.67.0
 Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1
-Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.5.1
-Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.4.0
 Provides: bundled(golang(gopkg.in/yaml.v3)) = 3.0.1
 Provides: bundled(golang(xorm.io/builder)) = 0.3.6
 Provides: bundled(golang(xorm.io/core)) = 0.7.3
 Provides: bundled(golang(xorm.io/xorm)) = 0.8.2
-Provides: bundled(golang(github.com/andybalholm/brotli)) = 1.0.3
-Provides: bundled(golang(github.com/deepmap/oapi-codegen)) = 1.10.1
+Provides: bundled(golang(github.com/andybalholm/brotli)) = 1.0.4
 Provides: bundled(golang(github.com/go-kit/log)) = 0.2.1
 Provides: bundled(golang(github.com/go-openapi/loads)) = 0.21.2
-Provides: bundled(golang(github.com/golang/protobuf)) = 1.5.2
-Provides: bundled(golang(github.com/googleapis/gax-go/v2)) = 2.2.0
-Provides: bundled(golang(github.com/grafana/grafana-google-sdk-go)) = 0.0.0-20211104130251.b190293eaf58
+Provides: bundled(golang(github.com/go-openapi/runtime)) = 0.26.0
+Provides: bundled(golang(github.com/golang-jwt/jwt/v4)) = 4.5.0
+Provides: bundled(golang(github.com/golang/protobuf)) = 1.5.3
+Provides: bundled(golang(github.com/googleapis/gax-go/v2)) = 2.12.0
+Provides: bundled(golang(github.com/gorilla/mux)) = 1.8.0
+Provides: bundled(golang(github.com/grafana/grafana-google-sdk-go)) = 0.1.0
 Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 1.1.1
-Provides: bundled(golang(github.com/segmentio/encoding)) = 0.3.5
-Provides: bundled(golang(go.uber.org/atomic)) = 1.9.0
-Provides: bundled(golang(golang.org/x/text)) = 0.4.0
-Provides: bundled(golang(google.golang.org/genproto)) = 0.0.0-20220421151946.72621c1f0bd3
-Provides: bundled(golang(cloud.google.com/go/kms)) = 1.4.0
-Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 0.13.2
-Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) = 0.4.0
-Provides: bundled(golang(github.com/Azure/go-autorest/autorest/adal)) = 0.9.17
+Provides: bundled(golang(github.com/modern-go/reflect2)) = 1.0.2
+Provides: bundled(golang(github.com/olekukonko/tablewriter)) = 0.0.5
+Provides: bundled(golang(go.uber.org/atomic)) = 1.11.0
+Provides: bundled(golang(golang.org/x/text)) = 0.14.0
+Provides: bundled(golang(google.golang.org/genproto)) = 0.0.0-20231012201019.e917dd12ba7a
+Provides: bundled(golang(cloud.google.com/go/kms)) = 1.15.2
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 1.3.0
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) = 0.9.0
+Provides: bundled(golang(github.com/Azure/azure-storage-blob-go)) = 0.15.0
+Provides: bundled(golang(github.com/Azure/go-autorest/autorest/adal)) = 0.9.22
 Provides: bundled(golang(github.com/armon/go-radix)) = 1.0.0
 Provides: bundled(golang(github.com/blugelabs/bluge)) = 0.1.9
 Provides: bundled(golang(github.com/blugelabs/bluge_segment_api)) = 0.2.0
+Provides: bundled(golang(github.com/bufbuild/connect-go)) = 1.10.0
 Provides: bundled(golang(github.com/dlmiddlecote/sqlstats)) = 1.0.2
-Provides: bundled(golang(github.com/drone/drone-cli)) = 1.5.0
-Provides: bundled(golang(github.com/getkin/kin-openapi)) = 0.94.0
+Provides: bundled(golang(github.com/drone/drone-cli)) = 1.6.1
+Provides: bundled(golang(github.com/getkin/kin-openapi)) = 0.120.0
 Provides: bundled(golang(github.com/golang-migrate/migrate/v4)) = 4.7.0
+Provides: bundled(golang(github.com/google/go-github)) = 17.0.0+incompatible
 Provides: bundled(golang(github.com/google/go-github/v45)) = 45.2.0
-Provides: bundled(golang(github.com/grafana/dskit)) = 0.0.0-20211011144203.3a88ec0b675f
+Provides: bundled(golang(github.com/grafana/codejen)) = 0.0.3
+Provides: bundled(golang(github.com/grafana/dskit)) = 0.0.0-20230706162620.5081d8ed53e6
+Provides: bundled(golang(github.com/huandu/xstrings)) = 1.3.1
 Provides: bundled(golang(github.com/jmoiron/sqlx)) = 1.3.5
-Provides: bundled(golang(github.com/urfave/cli)) = 1.22.5
-Provides: bundled(golang(go.etcd.io/etcd/api/v3)) = 3.5.4
-Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc)) = 0.31.0
-Provides: bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.6.0
-Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.6.3
-Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.6.3
+Provides: bundled(golang(github.com/matryer/is)) = 1.4.0
+Provides: bundled(golang(github.com/urfave/cli)) = 1.22.14
+Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc)) = 0.46.1
+Provides: bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.21.1
+Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.21.0
+Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.21.0
 Provides: bundled(golang(gocloud.dev)) = 0.25.0
+Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/bufbuild/connect-go)) = 1.4.1-20221222094228.8b1d3d0f62e6.1
+Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/protocolbuffers/go)) = 1.28.1-20221222094228.8b1d3d0f62e6.4
+Provides: bundled(golang(github.com/Masterminds/semver/v3)) = 3.1.1
+Provides: bundled(golang(github.com/alicebob/miniredis/v2)) = 2.30.1
+Provides: bundled(golang(github.com/dave/dst)) = 0.27.2
+Provides: bundled(golang(github.com/go-jose/go-jose/v3)) = 3.0.1
+Provides: bundled(golang(github.com/grafana/dataplane/examples)) = 0.0.1
+Provides: bundled(golang(github.com/grafana/dataplane/sdata)) = 0.0.6
+Provides: bundled(golang(github.com/grafana/kindsys)) = 0.0.0-20230508162304.452481b63482
+Provides: bundled(golang(github.com/grafana/tempo)) = 1.5.1-0.20230524121406.1dc1bfe7085b
+Provides: bundled(golang(github.com/grafana/thema)) = 0.0.0-20230712153715.375c1b45f3ed
+Provides: bundled(golang(github.com/microsoft/go-mssqldb)) = 1.5.0
+Provides: bundled(golang(github.com/ory/fosite)) = 0.44.1-0.20230317114349.45a6785cc54f
+Provides: bundled(golang(github.com/redis/go-redis/v9)) = 9.0.2
+Provides: bundled(golang(github.com/weaveworks/common)) = 0.0.0-20230511094633.334485600903
+Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = 0.0.0-20180127040702.4e3ac2762d5f
+Provides: bundled(golang(go.opentelemetry.io/contrib/samplers/jaegerremote)) = 0.15.1
+Provides: bundled(golang(golang.org/x/mod)) = 0.12.0
+Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.6.0
+Provides: bundled(golang(k8s.io/utils)) = 0.0.0-20230406110748.d93618cff8a2
+Provides: bundled(golang(github.com/spf13/cobra)) = 1.7.0
+Provides: bundled(golang(go.opentelemetry.io/otel)) = 1.21.0
+Provides: bundled(golang(k8s.io/apimachinery)) = 0.28.3
+Provides: bundled(golang(k8s.io/apiserver)) = 0.28.3
+Provides: bundled(golang(k8s.io/client-go)) = 0.28.3
+Provides: bundled(golang(k8s.io/component-base)) = 0.28.3
+Provides: bundled(golang(k8s.io/klog/v2)) = 2.100.1
+Provides: bundled(golang(k8s.io/kube-openapi)) = 0.0.0-20230717233707.2695361300d9
+Provides: bundled(golang(github.com/bwmarrin/snowflake)) = 0.3.0
+Provides: bundled(golang(github.com/mitchellh/mapstructure)) = 1.5.0
+Provides: bundled(golang(sigs.k8s.io/yaml)) = 1.3.0
+Provides: bundled(golang(filippo.io/age)) = 1.1.1
+Provides: bundled(golang(github.com/Masterminds/sprig/v3)) = 3.2.2
+Provides: bundled(golang(github.com/ProtonMail/go-crypto)) = 0.0.0-20230828082145.3c4c8a2d2371
+Provides: bundled(golang(github.com/docker/docker)) = 23.0.4+incompatible
+Provides: bundled(golang(github.com/go-logr/logr)) = 1.3.0
+Provides: bundled(golang(github.com/hmarr/codeowners)) = 1.1.2
 Provides: bundled(golang(github.com/wk8/go-ordered-map)) = 1.0.0
-Provides: bundled(npm(@babel/core)) = 7.12.9
-Provides: bundled(npm(@babel/plugin-proposal-class-properties)) = 7.16.7
-Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.16.7
-Provides: bundled(npm(@babel/plugin-proposal-object-rest-spread)) = 7.12.1
-Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.16.7
+Provides: bundled(golang(github.com/xlab/treeprint)) = 1.2.0
+Provides: bundled(npm(@babel/core)) = 7.23.2
+Provides: bundled(npm(@babel/plugin-proposal-class-properties)) = 7.18.6
+Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.18.6
+Provides: bundled(npm(@babel/plugin-proposal-object-rest-spread)) = 7.20.7
+Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.21.0
 Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.8.3
-Provides: bundled(npm(@babel/plugin-transform-react-constant-elements)) = 7.18.9
-Provides: bundled(npm(@babel/plugin-transform-runtime)) = 7.18.10
-Provides: bundled(npm(@babel/plugin-transform-typescript)) = 7.16.7
-Provides: bundled(npm(@babel/preset-env)) = 7.16.11
-Provides: bundled(npm(@babel/preset-react)) = 7.16.7
-Provides: bundled(npm(@babel/preset-typescript)) = 7.16.7
-Provides: bundled(npm(@babel/runtime)) = 7.15.4
+Provides: bundled(npm(@babel/plugin-transform-react-constant-elements)) = 7.22.5
+Provides: bundled(npm(@babel/plugin-transform-runtime)) = 7.23.2
+Provides: bundled(npm(@babel/plugin-transform-typescript)) = 7.22.9
+Provides: bundled(npm(@babel/preset-env)) = 7.23.2
+Provides: bundled(npm(@babel/preset-react)) = 7.22.5
+Provides: bundled(npm(@babel/preset-typescript)) = 7.23.2
+Provides: bundled(npm(@babel/runtime)) = 7.23.2
 Provides: bundled(npm(@betterer/betterer)) = 5.4.0
 Provides: bundled(npm(@betterer/cli)) = 5.4.0
 Provides: bundled(npm(@betterer/eslint)) = 5.4.0
 Provides: bundled(npm(@betterer/regexp)) = 5.4.0
 Provides: bundled(npm(@braintree/sanitize-url)) = 6.0.2
-Provides: bundled(npm(@cypress/webpack-preprocessor)) = 5.12.0
-Provides: bundled(npm(@daybrush/utils)) = 1.6.0
-Provides: bundled(npm(@emotion/css)) = 10.0.27
-Provides: bundled(npm(@emotion/eslint-plugin)) = 11.7.0
-Provides: bundled(npm(@emotion/react)) = 11.9.0
-Provides: bundled(npm(@grafana/agent-core)) = 0.4.0
-Provides: bundled(npm(@grafana/agent-web)) = 0.4.0
-Provides: bundled(npm(@grafana/aws-sdk)) = 0.0.37
-Provides: bundled(npm(@grafana/data)) = 0.0.0-use.local
-Provides: bundled(npm(@grafana/e2e)) = 0.0.0-use.local
-Provides: bundled(npm(@grafana/e2e-selectors)) = 0.0.0-use.local
-Provides: bundled(npm(@grafana/eslint-config)) = 5.0.0
-Provides: bundled(npm(@grafana/experimental)) = 1.0.1
-Provides: bundled(npm(@grafana/google-sdk)) = 0.0.3
-Provides: bundled(npm(@grafana/lezer-logql)) = 0.1.0
-Provides: bundled(npm(@grafana/runtime)) = 0.0.0-use.local
-Provides: bundled(npm(@grafana/schema)) = 0.0.0-use.local
-Provides: bundled(npm(@grafana/toolkit)) = 0.0.0-use.local
+Provides: bundled(npm(@cypress/webpack-preprocessor)) = 5.17.1
+Provides: bundled(npm(@daybrush/utils)) = 1.13.0
+Provides: bundled(npm(@emotion/css)) = 11.11.2
+Provides: bundled(npm(@emotion/eslint-plugin)) = 11.11.0
+Provides: bundled(npm(@emotion/react)) = 11.11.1
+Provides: bundled(npm(@fingerprintjs/fingerprintjs)) = 3.4.2
+Provides: bundled(npm(@glideapps/glide-data-grid)) = 5.2.1
+Provides: bundled(npm(@grafana/aws-sdk)) = 0.3.1
+Provides: bundled(npm(@grafana/e2e-selectors)) = 10.0.2
+Provides: bundled(npm(@grafana/eslint-config)) = 6.0.1
+Provides: bundled(npm(@grafana/experimental)) = 1.7.0
+Provides: bundled(npm(@grafana/faro-core)) = 1.2.1
+Provides: bundled(npm(@grafana/faro-web-sdk)) = 1.2.1
+Provides: bundled(npm(@grafana/google-sdk)) = 0.1.1
+Provides: bundled(npm(@grafana/lezer-logql)) = 0.2.2
+Provides: bundled(npm(@grafana/lezer-traceql)) = 0.0.11
+Provides: bundled(npm(@grafana/monaco-logql)) = 0.0.7
+Provides: bundled(npm(@grafana/scenes)) = 1.27.0
 Provides: bundled(npm(@grafana/tsconfig)) = 1.2.0rc1
-Provides: bundled(npm(@grafana/ui)) = 0.0.0-use.local
-Provides: bundled(npm(@jaegertracing/jaeger-ui-components)) = 0.0.0-use.local
-Provides: bundled(npm(@jest/core)) = 27.5.1
-Provides: bundled(npm(@kusto/monaco-kusto)) = 5.2.0
-Provides: bundled(npm(@lezer/common)) = 1.0.0
-Provides: bundled(npm(@lezer/highlight)) = 1.0.0
-Provides: bundled(npm(@lezer/lr)) = 1.2.3
-Provides: bundled(npm(@lingui/cli)) = 3.14.0
-Provides: bundled(npm(@lingui/core)) = 3.14.0
-Provides: bundled(npm(@lingui/macro)) = 3.12.1
-Provides: bundled(npm(@lingui/react)) = 3.14.0
-Provides: bundled(npm(@mdx-js/react)) = 1.6.22
+Provides: bundled(npm(@kusto/monaco-kusto)) = 7.7.0
+Provides: bundled(npm(@leeoniya/ufuzzy)) = 1.0.8
+Provides: bundled(npm(@lezer/common)) = 1.0.2
+Provides: bundled(npm(@lezer/highlight)) = 1.1.3
+Provides: bundled(npm(@lezer/lr)) = 1.3.3
+Provides: bundled(npm(@locker/near-membrane-dom)) = 0.13.3
+Provides: bundled(npm(@locker/near-membrane-shared)) = 0.13.3
+Provides: bundled(npm(@locker/near-membrane-shared-dom)) = 0.13.3
 Provides: bundled(npm(@mochajs/json-file-reporter)) = 1.3.0
-Provides: bundled(npm(@monaco-editor/react)) = 4.4.5
-Provides: bundled(npm(@opentelemetry/api)) = 1.1.0
+Provides: bundled(npm(@monaco-editor/react)) = 4.6.0
+Provides: bundled(npm(@opentelemetry/api)) = 1.6.0
 Provides: bundled(npm(@opentelemetry/exporter-collector)) = 0.25.0
 Provides: bundled(npm(@opentelemetry/semantic-conventions)) = 0.25.0
-Provides: bundled(npm(@pmmmwh/react-refresh-webpack-plugin)) = 0.5.7
-Provides: bundled(npm(@popperjs/core)) = 2.11.2
+Provides: bundled(npm(@pmmmwh/react-refresh-webpack-plugin)) = 0.5.10
+Provides: bundled(npm(@popperjs/core)) = 2.11.8
 Provides: bundled(npm(@prometheus-io/lezer-promql)) = 0.37.0
-Provides: bundled(npm(@react-aria/button)) = 3.6.1
-Provides: bundled(npm(@react-aria/dialog)) = 3.3.1
-Provides: bundled(npm(@react-aria/focus)) = 3.8.0
-Provides: bundled(npm(@react-aria/interactions)) = 3.11.0
-Provides: bundled(npm(@react-aria/menu)) = 3.6.1
-Provides: bundled(npm(@react-aria/overlays)) = 3.10.1
-Provides: bundled(npm(@react-aria/utils)) = 3.13.1
-Provides: bundled(npm(@react-stately/collections)) = 3.4.1
-Provides: bundled(npm(@react-stately/menu)) = 3.4.1
-Provides: bundled(npm(@react-stately/tree)) = 3.3.1
-Provides: bundled(npm(@react-types/button)) = 3.6.1
-Provides: bundled(npm(@react-types/menu)) = 3.7.1
-Provides: bundled(npm(@react-types/overlays)) = 3.6.1
-Provides: bundled(npm(@react-types/shared)) = 3.13.1
-Provides: bundled(npm(@reduxjs/toolkit)) = 1.8.5
-Provides: bundled(npm(@rollup/plugin-commonjs)) = 22.0.1
-Provides: bundled(npm(@rollup/plugin-json)) = 4.1.0
-Provides: bundled(npm(@rollup/plugin-node-resolve)) = 13.3.0
-Provides: bundled(npm(@rtsao/plugin-proposal-class-properties)) = 7.0.1-patch.1
-Provides: bundled(npm(@sentry/browser)) = 6.19.7
-Provides: bundled(npm(@sentry/types)) = 6.19.7
-Provides: bundled(npm(@sentry/utils)) = 6.19.7
-Provides: bundled(npm(@storybook/addon-a11y)) = 6.4.21
-Provides: bundled(npm(@storybook/addon-actions)) = 6.4.21
-Provides: bundled(npm(@storybook/addon-docs)) = 6.4.21
-Provides: bundled(npm(@storybook/addon-essentials)) = 6.4.21
-Provides: bundled(npm(@storybook/addon-knobs)) = 6.4.0
-Provides: bundled(npm(@storybook/addon-storysource)) = 6.4.21
-Provides: bundled(npm(@storybook/addons)) = 6.4.21
-Provides: bundled(npm(@storybook/api)) = 6.4.21
-Provides: bundled(npm(@storybook/builder-webpack5)) = 6.4.21
-Provides: bundled(npm(@storybook/client-api)) = 6.4.21
-Provides: bundled(npm(@storybook/components)) = 6.4.21
-Provides: bundled(npm(@storybook/core-events)) = 6.4.21
-Provides: bundled(npm(@storybook/manager-webpack5)) = 6.4.21
-Provides: bundled(npm(@storybook/react)) = 6.4.21
-Provides: bundled(npm(@storybook/theming)) = 6.4.21
-Provides: bundled(npm(@swc/core)) = 1.3.1
-Provides: bundled(npm(@swc/helpers)) = 0.4.3
-Provides: bundled(npm(@testing-library/dom)) = 8.13.0
-Provides: bundled(npm(@testing-library/jest-dom)) = 5.16.4
-Provides: bundled(npm(@testing-library/react)) = 12.1.4
+Provides: bundled(npm(@react-aria/button)) = 3.8.0
+Provides: bundled(npm(@react-aria/dialog)) = 3.5.3
+Provides: bundled(npm(@react-aria/focus)) = 3.13.0
+Provides: bundled(npm(@react-aria/interactions)) = 3.16.0
+Provides: bundled(npm(@react-aria/menu)) = 3.10.0
+Provides: bundled(npm(@react-aria/overlays)) = 3.15.0
+Provides: bundled(npm(@react-aria/utils)) = 3.18.0
+Provides: bundled(npm(@react-awesome-query-builder/core)) = 6.4.1
+Provides: bundled(npm(@react-awesome-query-builder/ui)) = 6.4.1
+Provides: bundled(npm(@react-stately/collections)) = 3.9.0
+Provides: bundled(npm(@react-stately/menu)) = 3.5.3
+Provides: bundled(npm(@react-stately/tree)) = 3.7.0
+Provides: bundled(npm(@react-types/button)) = 3.9.0
+Provides: bundled(npm(@react-types/menu)) = 3.9.2
+Provides: bundled(npm(@react-types/overlays)) = 3.8.0
+Provides: bundled(npm(@react-types/shared)) = 3.21.0
+Provides: bundled(npm(@reduxjs/toolkit)) = 1.9.5
+Provides: bundled(npm(@remix-run/router)) = 1.5.0
+Provides: bundled(npm(@rollup/plugin-commonjs)) = 25.0.2
+Provides: bundled(npm(@rollup/plugin-json)) = 6.0.0
+Provides: bundled(npm(@rollup/plugin-node-resolve)) = 15.2.3
+Provides: bundled(npm(@storybook/addon-a11y)) = 7.4.5
+Provides: bundled(npm(@storybook/addon-actions)) = 7.4.5
+Provides: bundled(npm(@storybook/addon-docs)) = 7.4.5
+Provides: bundled(npm(@storybook/addon-essentials)) = 7.4.5
+Provides: bundled(npm(@storybook/addon-storysource)) = 7.4.5
+Provides: bundled(npm(@storybook/api)) = 7.4.5
+Provides: bundled(npm(@storybook/blocks)) = 7.4.5
+Provides: bundled(npm(@storybook/client-api)) = 7.4.5
+Provides: bundled(npm(@storybook/components)) = 7.4.5
+Provides: bundled(npm(@storybook/core-events)) = 7.4.5
+Provides: bundled(npm(@storybook/mdx2-csf)) = 1.1.0
+Provides: bundled(npm(@storybook/preset-scss)) = 1.0.3
+Provides: bundled(npm(@storybook/react)) = 7.4.5
+Provides: bundled(npm(@storybook/react-webpack5)) = 7.4.5
+Provides: bundled(npm(@storybook/theming)) = 7.4.5
+Provides: bundled(npm(@swc/core)) = 1.3.38
+Provides: bundled(npm(@swc/helpers)) = 0.4.14
+Provides: bundled(npm(@testing-library/dom)) = 9.3.3
+Provides: bundled(npm(@testing-library/jest-dom)) = 6.1.2
+Provides: bundled(npm(@testing-library/react)) = 14.0.0
 Provides: bundled(npm(@testing-library/react-hooks)) = 8.0.1
-Provides: bundled(npm(@testing-library/user-event)) = 14.4.3
-Provides: bundled(npm(@types/angular)) = 1.8.3
-Provides: bundled(npm(@types/angular-route)) = 1.7.2
-Provides: bundled(npm(@types/chrome-remote-interface)) = 0.31.4
-Provides: bundled(npm(@types/classnames)) = 2.3.0
-Provides: bundled(npm(@types/command-exists)) = 1.2.0
+Provides: bundled(npm(@testing-library/user-event)) = 14.5.1
+Provides: bundled(npm(@types/angular)) = 1.8.5
+Provides: bundled(npm(@types/angular-route)) = 1.7.3
+Provides: bundled(npm(@types/chance)) = 1.1.3
+Provides: bundled(npm(@types/chrome-remote-interface)) = 0.31.10
 Provides: bundled(npm(@types/common-tags)) = 1.8.1
 Provides: bundled(npm(@types/d3)) = 7.4.0
-Provides: bundled(npm(@types/d3-force)) = 2.1.4
-Provides: bundled(npm(@types/d3-interpolate)) = 1.4.2
-Provides: bundled(npm(@types/d3-scale-chromatic)) = 1.3.1
-Provides: bundled(npm(@types/debounce-promise)) = 3.1.4
-Provides: bundled(npm(@types/deep-freeze)) = 0.1.2
+Provides: bundled(npm(@types/d3-force)) = 3.0.4
+Provides: bundled(npm(@types/d3-interpolate)) = 3.0.1
+Provides: bundled(npm(@types/d3-scale-chromatic)) = 3.0.0
+Provides: bundled(npm(@types/debounce-promise)) = 3.1.6
+Provides: bundled(npm(@types/diff)) = 5.0.5
 Provides: bundled(npm(@types/dompurify)) = 2.4.0
-Provides: bundled(npm(@types/enzyme)) = 3.10.10
-Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6
-Provides: bundled(npm(@types/eslint)) = 7.28.2
+Provides: bundled(npm(@types/eslint)) = 8.44.0
 Provides: bundled(npm(@types/file-saver)) = 2.0.5
-Provides: bundled(npm(@types/fs-extra)) = 9.0.13
+Provides: bundled(npm(@types/glob)) = 7.2.0
 Provides: bundled(npm(@types/google.analytics)) = 0.0.42
-Provides: bundled(npm(@types/gtag.js)) = 0.0.11
-Provides: bundled(npm(@types/history)) = 4.7.9
+Provides: bundled(npm(@types/gtag.js)) = 0.0.12
+Provides: bundled(npm(@types/history)) = 4.7.11
 Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1
-Provides: bundled(npm(@types/inquirer)) = 8.2.1
 Provides: bundled(npm(@types/is-hotkey)) = 0.1.7
 Provides: bundled(npm(@types/jest)) = 26.0.15
-Provides: bundled(npm(@types/jquery)) = 3.5.14
+Provides: bundled(npm(@types/jquery)) = 3.5.16
 Provides: bundled(npm(@types/js-yaml)) = 4.0.5
 Provides: bundled(npm(@types/jsurl)) = 1.2.30
-Provides: bundled(npm(@types/lingui__macro)) = 3.0.0
-Provides: bundled(npm(@types/lodash)) = 4.14.149
-Provides: bundled(npm(@types/logfmt)) = 1.2.2
-Provides: bundled(npm(@types/marked)) = 4.0.3
+Provides: bundled(npm(@types/lodash)) = 4.14.195
+Provides: bundled(npm(@types/logfmt)) = 1.2.3
+Provides: bundled(npm(@types/lucene)) = 2.1.4
+Provides: bundled(npm(@types/marked)) = 5.0.1
 Provides: bundled(npm(@types/mock-raf)) = 1.0.3
-Provides: bundled(npm(@types/mousetrap)) = 1.6.9
-Provides: bundled(npm(@types/node)) = 14.17.32
-Provides: bundled(npm(@types/ol-ext)) = 2.3.0
-Provides: bundled(npm(@types/papaparse)) = 5.3.2
-Provides: bundled(npm(@types/pluralize)) = 0.0.29
-Provides: bundled(npm(@types/prettier)) = 2.4.2
+Provides: bundled(npm(@types/mousetrap)) = 1.6.11
+Provides: bundled(npm(@types/node)) = 14.18.36
+Provides: bundled(npm(@types/node-forge)) = 1.3.2
+Provides: bundled(npm(@types/ol-ext)) = 3.2.0
+Provides: bundled(npm(@types/papaparse)) = 5.3.7
+Provides: bundled(npm(@types/pluralize)) = 0.0.30
 Provides: bundled(npm(@types/prismjs)) = 1.26.0
-Provides: bundled(npm(@types/prop-types)) = 15.7.4
-Provides: bundled(npm(@types/rc-time-picker)) = 3.4.1
-Provides: bundled(npm(@types/rc-tree)) = 3.0.0
-Provides: bundled(npm(@types/react)) = 17.0.30
-Provides: bundled(npm(@types/react-beautiful-dnd)) = 13.1.2
-Provides: bundled(npm(@types/react-calendar)) = 3.5.1
+Provides: bundled(npm(@types/react)) = 18.0.28
+Provides: bundled(npm(@types/react-beautiful-dnd)) = 13.1.4
+Provides: bundled(npm(@types/react-calendar)) = 3.9.0
 Provides: bundled(npm(@types/react-color)) = 3.0.6
-Provides: bundled(npm(@types/react-dev-utils)) = 9.0.10
-Provides: bundled(npm(@types/react-dom)) = 17.0.10
+Provides: bundled(npm(@types/react-dom)) = 18.2.7
 Provides: bundled(npm(@types/react-grid-layout)) = 1.3.2
 Provides: bundled(npm(@types/react-highlight-words)) = 0.16.4
-Provides: bundled(npm(@types/react-icons)) = 2.2.7
-Provides: bundled(npm(@types/react-redux)) = 7.1.20
-Provides: bundled(npm(@types/react-resizable)) = 3.0.2
+Provides: bundled(npm(@types/react-resizable)) = 3.0.4
 Provides: bundled(npm(@types/react-router-dom)) = 5.3.3
-Provides: bundled(npm(@types/react-table)) = 7.7.12
-Provides: bundled(npm(@types/react-test-renderer)) = 17.0.1
-Provides: bundled(npm(@types/react-transition-group)) = 4.4.4
+Provides: bundled(npm(@types/react-table)) = 7.7.14
+Provides: bundled(npm(@types/react-test-renderer)) = 18.0.0
+Provides: bundled(npm(@types/react-transition-group)) = 4.4.6
 Provides: bundled(npm(@types/react-virtualized-auto-sizer)) = 1.0.1
 Provides: bundled(npm(@types/react-window)) = 1.8.5
 Provides: bundled(npm(@types/react-window-infinite-loader)) = 1.0.6
 Provides: bundled(npm(@types/redux-mock-store)) = 1.0.3
-Provides: bundled(npm(@types/reselect)) = 2.2.0
-Provides: bundled(npm(@types/rimraf)) = 3.0.2
-Provides: bundled(npm(@types/semver)) = 7.3.9
-Provides: bundled(npm(@types/sinon)) = 10.0.13
-Provides: bundled(npm(@types/slate)) = 0.47.9
+Provides: bundled(npm(@types/semver)) = 7.5.0
+Provides: bundled(npm(@types/slate)) = 0.47.11
 Provides: bundled(npm(@types/slate-plain-serializer)) = 0.7.2
 Provides: bundled(npm(@types/slate-react)) = 0.22.9
-Provides: bundled(npm(@types/systemjs)) = 0.20.8
-Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.14.1
-Provides: bundled(npm(@types/testing-library__react-hooks)) = 3.4.1
+Provides: bundled(npm(@types/string-hash)) = 1.1.1
+Provides: bundled(npm(@types/systemjs)) = 6.13.1
+Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.14.8
 Provides: bundled(npm(@types/tinycolor2)) = 1.4.3
-Provides: bundled(npm(@types/tmp)) = 0.2.3
+Provides: bundled(npm(@types/trusted-types)) = 2.0.3
 Provides: bundled(npm(@types/uuid)) = 8.3.4
-Provides: bundled(npm(@types/webpack-env)) = 1.16.3
-Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 5.16.0
-Provides: bundled(npm(@typescript-eslint/parser)) = 5.16.0
-Provides: bundled(npm(@visx/event)) = 2.6.0
-Provides: bundled(npm(@visx/gradient)) = 2.10.0
-Provides: bundled(npm(@visx/group)) = 2.10.0
-Provides: bundled(npm(@visx/scale)) = 2.2.2
-Provides: bundled(npm(@visx/shape)) = 2.12.2
-Provides: bundled(npm(@visx/tooltip)) = 2.10.0
+Provides: bundled(npm(@types/webpack-assets-manifest)) = 5.1.4
+Provides: bundled(npm(@types/webpack-env)) = 1.18.1
+Provides: bundled(npm(@types/yargs)) = 15.0.14
+Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 5.42.0
+Provides: bundled(npm(@typescript-eslint/parser)) = 5.42.0
+Provides: bundled(npm(@typescript-eslint/types)) = 5.42.0
+Provides: bundled(npm(@typescript-eslint/utils)) = 5.42.0
+Provides: bundled(npm(@visx/event)) = 3.3.0
+Provides: bundled(npm(@visx/gradient)) = 3.3.0
+Provides: bundled(npm(@visx/group)) = 3.3.0
+Provides: bundled(npm(@visx/scale)) = 3.3.0
+Provides: bundled(npm(@visx/shape)) = 3.3.0
+Provides: bundled(npm(@visx/tooltip)) = 3.3.0
 Provides: bundled(npm(@welldone-software/why-did-you-render)) = 7.0.1
-Provides: bundled(npm(@wojtekmaj/enzyme-adapter-react-17)) = 0.6.7
 Provides: bundled(npm(angular)) = 1.8.3
 Provides: bundled(npm(angular-bindonce)) = 0.3.1
 Provides: bundled(npm(angular-route)) = 1.8.3
 Provides: bundled(npm(angular-sanitize)) = 1.8.3
 Provides: bundled(npm(ansicolor)) = 1.1.100
-Provides: bundled(npm(app)) = 0.0.0-use.local
-Provides: bundled(npm(autoprefixer)) = 9.8.8
-Provides: bundled(npm(axios)) = 0.25.0
-Provides: bundled(npm(babel-jest)) = 27.5.1
-Provides: bundled(npm(babel-loader)) = 8.2.5
+Provides: bundled(npm(autoprefixer)) = 10.4.14
+Provides: bundled(npm(babel-jest)) = 29.6.4
+Provides: bundled(npm(babel-loader)) = 9.1.3
 Provides: bundled(npm(babel-plugin-angularjs-annotate)) = 0.10.0
 Provides: bundled(npm(babel-plugin-macros)) = 2.8.0
 Provides: bundled(npm(baron)) = 3.0.3
 Provides: bundled(npm(blink-diff)) = 1.0.13
+Provides: bundled(npm(blob-polyfill)) = 7.0.20220408
 Provides: bundled(npm(brace)) = 0.11.1
+Provides: bundled(npm(browserslist)) = 4.22.0
 Provides: bundled(npm(calculate-size)) = 1.1.1
-Provides: bundled(npm(centrifuge)) = 3.0.1
-Provides: bundled(npm(chalk)) = 2.4.2
-Provides: bundled(npm(chance)) = 1.1.8
-Provides: bundled(npm(chrome-remote-interface)) = 0.31.3
-Provides: bundled(npm(classnames)) = 2.3.1
+Provides: bundled(npm(centrifuge)) = 4.0.1
+Provides: bundled(npm(chance)) = 1.1.11
+Provides: bundled(npm(chrome-remote-interface)) = 0.33.0
+Provides: bundled(npm(classnames)) = 2.3.2
+Provides: bundled(npm(codeowners)) = 5.1.1
 Provides: bundled(npm(combokeys)) = 3.0.1
-Provides: bundled(npm(comlink)) = 4.3.1
-Provides: bundled(npm(command-exists)) = 1.2.9
+Provides: bundled(npm(comlink)) = 4.4.1
 Provides: bundled(npm(commander)) = 2.11.0
-Provides: bundled(npm(common-tags)) = 1.8.0
-Provides: bundled(npm(copy-to-clipboard)) = 3.3.1
-Provides: bundled(npm(copy-webpack-plugin)) = 9.0.1
+Provides: bundled(npm(common-tags)) = 1.8.2
+Provides: bundled(npm(copy-webpack-plugin)) = 11.0.0
 Provides: bundled(npm(core-js)) = 2.6.12
-Provides: bundled(npm(css-loader)) = 5.2.7
-Provides: bundled(npm(css-minimizer-webpack-plugin)) = 3.4.1
+Provides: bundled(npm(css-loader)) = 6.8.1
+Provides: bundled(npm(css-minimizer-webpack-plugin)) = 5.0.1
 Provides: bundled(npm(csstype)) = 2.6.18
 Provides: bundled(npm(cypress)) = 9.5.1
 Provides: bundled(npm(cypress-file-upload)) = 5.0.8
-Provides: bundled(npm(d3)) = 5.15.0
-Provides: bundled(npm(d3-force)) = 1.2.1
-Provides: bundled(npm(d3-interpolate)) = 1.4.0
-Provides: bundled(npm(d3-scale-chromatic)) = 1.5.0
+Provides: bundled(npm(d3)) = 7.8.5
+Provides: bundled(npm(d3-force)) = 3.0.0
+Provides: bundled(npm(d3-interpolate)) = 3.0.1
+Provides: bundled(npm(d3-scale-chromatic)) = 3.0.0
 Provides: bundled(npm(dangerously-set-html-content)) = 1.0.9
-Provides: bundled(npm(date-fns)) = 2.25.0
+Provides: bundled(npm(date-fns)) = 2.30.0
 Provides: bundled(npm(debounce-promise)) = 3.1.2
-Provides: bundled(npm(deep-freeze)) = 0.0.1
 Provides: bundled(npm(devtools-protocol)) = 0.0.927104
-Provides: bundled(npm(dompurify)) = 2.3.8
+Provides: bundled(npm(diff)) = 4.0.2
+Provides: bundled(npm(dompurify)) = 2.4.5
 Provides: bundled(npm(emotion)) = 10.0.27
-Provides: bundled(npm(enzyme)) = 3.11.0
-Provides: bundled(npm(enzyme-to-json)) = 3.6.2
-Provides: bundled(npm(esbuild)) = 0.15.7
-Provides: bundled(npm(eslint)) = 8.11.0
-Provides: bundled(npm(eslint-config-prettier)) = 8.5.0
-Provides: bundled(npm(eslint-plugin-import)) = 2.26.0
-Provides: bundled(npm(eslint-plugin-jest)) = 26.6.0
-Provides: bundled(npm(eslint-plugin-jsdoc)) = 38.0.6
-Provides: bundled(npm(eslint-plugin-jsx-a11y)) = 6.6.1
+Provides: bundled(npm(esbuild)) = 0.17.19
+Provides: bundled(npm(esbuild-loader)) = 3.0.1
+Provides: bundled(npm(esbuild-plugin-browserslist)) = 0.8.1
+Provides: bundled(npm(eslint)) = 8.42.0
+Provides: bundled(npm(eslint-config-prettier)) = 8.8.0
+Provides: bundled(npm(eslint-plugin-import)) = 2.27.5
+Provides: bundled(npm(eslint-plugin-jest)) = 27.6.0
+Provides: bundled(npm(eslint-plugin-jsdoc)) = 46.2.6
+Provides: bundled(npm(eslint-plugin-jsx-a11y)) = 6.7.1
 Provides: bundled(npm(eslint-plugin-lodash)) = 7.4.0
-Provides: bundled(npm(eslint-plugin-react)) = 7.29.4
-Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.3.0
-Provides: bundled(npm(eslint-webpack-plugin)) = 3.2.0
+Provides: bundled(npm(eslint-plugin-react)) = 7.32.2
+Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.0
+Provides: bundled(npm(eslint-webpack-plugin)) = 4.0.0
 Provides: bundled(npm(eventemitter3)) = 4.0.7
-Provides: bundled(npm(execa)) = 1.0.0
-Provides: bundled(npm(expose-loader)) = 4.0.0
+Provides: bundled(npm(execa)) = 4.1.0
+Provides: bundled(npm(expose-loader)) = 4.1.0
 Provides: bundled(npm(fast-deep-equal)) = 3.1.3
 Provides: bundled(npm(fast-json-patch)) = 3.1.1
 Provides: bundled(npm(fast_array_intersect)) = 1.1.0
 Provides: bundled(npm(file-saver)) = 2.0.5
-Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 4.1.6
+Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 8.0.0
 Provides: bundled(npm(framework-utils)) = 1.1.0
-Provides: bundled(npm(fs-extra)) = 0.30.0
-Provides: bundled(npm(fuzzy)) = 0.1.3
 Provides: bundled(npm(glob)) = 7.1.4
-Provides: bundled(npm(globby)) = 9.2.0
 Provides: bundled(npm(history)) = 4.10.1
 Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2
-Provides: bundled(npm(html-loader)) = 3.1.0
-Provides: bundled(npm(html-webpack-plugin)) = 5.5.0
+Provides: bundled(npm(html-loader)) = 4.2.0
+Provides: bundled(npm(html-webpack-plugin)) = 5.5.3
 Provides: bundled(npm(http-server)) = 14.1.1
-Provides: bundled(npm(husky)) = 8.0.1
-Provides: bundled(npm(immer)) = 9.0.7
+Provides: bundled(npm(i18next)) = 21.9.2
+Provides: bundled(npm(i18next-browser-languagedetector)) = 7.0.2
+Provides: bundled(npm(i18next-parser)) = 6.6.0
+Provides: bundled(npm(immer)) = 9.0.21
 Provides: bundled(npm(immutable)) = 3.8.2
-Provides: bundled(npm(inquirer)) = 7.3.3
 Provides: bundled(npm(is-hotkey)) = 0.1.4
-Provides: bundled(npm(jest)) = 27.5.1
-Provides: bundled(npm(jest-canvas-mock)) = 2.3.1
+Provides: bundled(npm(jest)) = 29.3.1
+Provides: bundled(npm(jest-canvas-mock)) = 2.5.2
 Provides: bundled(npm(jest-date-mock)) = 1.0.8
-Provides: bundled(npm(jest-environment-jsdom)) = 27.5.1
-Provides: bundled(npm(jest-fail-on-console)) = 2.4.2
-Provides: bundled(npm(jest-junit)) = 13.1.0
-Provides: bundled(npm(jest-matcher-utils)) = 27.5.1
-Provides: bundled(npm(jquery)) = 3.5.1
+Provides: bundled(npm(jest-environment-jsdom)) = 29.3.1
+Provides: bundled(npm(jest-fail-on-console)) = 3.1.1
+Provides: bundled(npm(jest-junit)) = 16.0.0
+Provides: bundled(npm(jest-matcher-utils)) = 29.6.4
+Provides: bundled(npm(jquery)) = 3.7.0
 Provides: bundled(npm(js-yaml)) = 3.14.1
-Provides: bundled(npm(json-markup)) = 1.1.3
+Provides: bundled(npm(json-markup)) = 1.1.4
 Provides: bundled(npm(json-source-map)) = 0.6.1
 Provides: bundled(npm(jsurl)) = 0.1.5
-Provides: bundled(npm(kbar)) = 0.1.0b36
-Provides: bundled(npm(lerna)) = 5.2.0
-Provides: bundled(npm(less)) = 4.1.2
-Provides: bundled(npm(less-loader)) = 10.2.0
-Provides: bundled(npm(lint-staged)) = 13.0.3
+Provides: bundled(npm(kbar)) = 0.1.0b44
+Provides: bundled(npm(lerna)) = 7.4.1
 Provides: bundled(npm(lodash)) = 4.17.21
 Provides: bundled(npm(logfmt)) = 1.3.2
-Provides: bundled(npm(lru-cache)) = 6.0.0
+Provides: bundled(npm(lru-cache)) = 5.1.1
 Provides: bundled(npm(lru-memoize)) = 1.1.0
-Provides: bundled(npm(marked)) = 4.1.0
-Provides: bundled(npm(md5-file)) = 5.0.0
+Provides: bundled(npm(lucene)) = 2.1.1
+Provides: bundled(npm(marked)) = 5.1.1
+Provides: bundled(npm(marked-mangle)) = 1.1.0
 Provides: bundled(npm(memoize-one)) = 4.0.3
-Provides: bundled(npm(mini-css-extract-plugin)) = 2.6.0
-Provides: bundled(npm(mocha)) = 10.0.0
+Provides: bundled(npm(micro-memoize)) = 4.1.2
+Provides: bundled(npm(mini-css-extract-plugin)) = 2.7.6
+Provides: bundled(npm(ml-regression-polynomial)) = 3.0.0
+Provides: bundled(npm(ml-regression-simple-linear)) = 3.0.0
+Provides: bundled(npm(mocha)) = 10.2.0
 Provides: bundled(npm(mock-raf)) = 1.0.1
 Provides: bundled(npm(moment)) = 2.29.4
-Provides: bundled(npm(moment-timezone)) = 0.5.35
+Provides: bundled(npm(moment-timezone)) = 0.5.43
 Provides: bundled(npm(monaco-editor)) = 0.34.0
 Provides: bundled(npm(monaco-promql)) = 1.7.4
 Provides: bundled(npm(mousetrap)) = 1.6.5
 Provides: bundled(npm(mousetrap-global-bind)) = 1.1.0
-Provides: bundled(npm(moveable)) = 0.35.4
-Provides: bundled(npm(msw)) = 0.48.1
+Provides: bundled(npm(moveable)) = 0.43.1
+Provides: bundled(npm(msw)) = 1.3.2
 Provides: bundled(npm(mutationobserver-shim)) = 0.3.7
 Provides: bundled(npm(ngtemplate-loader)) = 2.1.0
+Provides: bundled(npm(node-forge)) = 1.3.1
 Provides: bundled(npm(node-notifier)) = 10.0.1
-Provides: bundled(npm(ol)) = 6.15.1
-Provides: bundled(npm(ol-ext)) = 3.2.28
-Provides: bundled(npm(ora)) = 5.4.1
-Provides: bundled(npm(papaparse)) = 5.3.1
-Provides: bundled(npm(pixelmatch)) = 5.2.1
+Provides: bundled(npm(ol)) = 7.4.0
+Provides: bundled(npm(ol-ext)) = 4.0.10
+Provides: bundled(npm(papaparse)) = 5.4.1
 Provides: bundled(npm(pluralize)) = 8.0.0
-Provides: bundled(npm(pngjs)) = 2.3.1
-Provides: bundled(npm(postcss)) = 7.0.39
-Provides: bundled(npm(postcss-flexbugs-fixes)) = 4.2.1
-Provides: bundled(npm(postcss-loader)) = 4.3.0
-Provides: bundled(npm(postcss-preset-env)) = 7.4.3
+Provides: bundled(npm(postcss)) = 8.4.31
+Provides: bundled(npm(postcss-loader)) = 7.3.3
 Provides: bundled(npm(postcss-reporter)) = 7.0.5
-Provides: bundled(npm(postcss-scss)) = 4.0.2
-Provides: bundled(npm(prettier)) = 2.3.0
+Provides: bundled(npm(postcss-scss)) = 4.0.6
+Provides: bundled(npm(prettier)) = 2.8.7
 Provides: bundled(npm(prismjs)) = 1.27.0
 Provides: bundled(npm(process)) = 0.11.10
-Provides: bundled(npm(prop-types)) = 15.7.2
-Provides: bundled(npm(raw-loader)) = 4.0.2
-Provides: bundled(npm(rc-cascader)) = 3.6.1
-Provides: bundled(npm(rc-drawer)) = 4.4.3
-Provides: bundled(npm(rc-slider)) = 9.7.5
+Provides: bundled(npm(prop-types)) = 15.8.1
+Provides: bundled(npm(pseudoizer)) = 0.1.0
+Provides: bundled(npm(rc-cascader)) = 3.20.0
+Provides: bundled(npm(rc-drawer)) = 6.5.2
+Provides: bundled(npm(rc-slider)) = 10.3.1
 Provides: bundled(npm(rc-time-picker)) = 3.7.3
-Provides: bundled(npm(rc-tree)) = 5.6.5
+Provides: bundled(npm(rc-tooltip)) = 6.1.1
+Provides: bundled(npm(rc-tree)) = 5.8.0
 Provides: bundled(npm(re-resizable)) = 6.9.9
-Provides: bundled(npm(react)) = 17.0.1
-Provides: bundled(npm(react-awesome-query-builder)) = 5.1.2
-Provides: bundled(npm(react-beautiful-dnd)) = 13.1.0
-Provides: bundled(npm(react-calendar)) = 3.7.0
-Provides: bundled(npm(react-colorful)) = 5.5.1
+Provides: bundled(npm(react)) = 18.2.0
+Provides: bundled(npm(react-beautiful-dnd)) = 13.1.1
+Provides: bundled(npm(react-calendar)) = 4.6.0
+Provides: bundled(npm(react-colorful)) = 5.6.1
 Provides: bundled(npm(react-custom-scrollbars-2)) = 4.5.0
-Provides: bundled(npm(react-dev-utils)) = 12.0.0
 Provides: bundled(npm(react-diff-viewer)) = 3.1.1
-Provides: bundled(npm(react-dom)) = 17.0.1
-Provides: bundled(npm(react-draggable)) = 4.4.4
-Provides: bundled(npm(react-dropzone)) = 14.2.2
+Provides: bundled(npm(react-dom)) = 18.2.0
+Provides: bundled(npm(react-draggable)) = 4.4.5
+Provides: bundled(npm(react-dropzone)) = 14.2.3
 Provides: bundled(npm(react-grid-layout)) = 1.3.4
-Provides: bundled(npm(react-highlight-words)) = 0.18.0
+Provides: bundled(npm(react-highlight-words)) = 0.20.0
 Provides: bundled(npm(react-hook-form)) = 7.5.3
-Provides: bundled(npm(react-icons)) = 2.2.7
-Provides: bundled(npm(react-inlinesvg)) = 3.0.0
-Provides: bundled(npm(react-moveable)) = 0.38.4
-Provides: bundled(npm(react-popper)) = 2.2.5
-Provides: bundled(npm(react-popper-tooltip)) = 3.1.1
-Provides: bundled(npm(react-redux)) = 7.2.6
+Provides: bundled(npm(react-i18next)) = 12.0.0
+Provides: bundled(npm(react-inlinesvg)) = 3.0.2
+Provides: bundled(npm(react-loading-skeleton)) = 3.3.1
+Provides: bundled(npm(react-moveable)) = 0.46.1
+Provides: bundled(npm(react-popper)) = 2.3.0
+Provides: bundled(npm(react-popper-tooltip)) = 4.4.2
+Provides: bundled(npm(react-redux)) = 7.2.8
 Provides: bundled(npm(react-refresh)) = 0.11.0
-Provides: bundled(npm(react-resizable)) = 3.0.4
-Provides: bundled(npm(react-reverse-portal)) = 2.1.1
-Provides: bundled(npm(react-router-dom)) = 5.3.0
-Provides: bundled(npm(react-select)) = 3.2.0
-Provides: bundled(npm(react-select-event)) = 5.3.0
-Provides: bundled(npm(react-simple-compat)) = 1.2.2
+Provides: bundled(npm(react-resizable)) = 3.0.5
+Provides: bundled(npm(react-responsive-carousel)) = 3.2.23
+Provides: bundled(npm(react-router-dom)) = 5.3.3
+Provides: bundled(npm(react-router-dom-v5-compat)) = 6.10.0
+Provides: bundled(npm(react-select)) = 5.7.4
+Provides: bundled(npm(react-select-event)) = 5.5.1
+Provides: bundled(npm(react-simple-compat)) = 1.2.3
 Provides: bundled(npm(react-split-pane)) = 0.1.92
 Provides: bundled(npm(react-table)) = 7.8.0
-Provides: bundled(npm(react-test-renderer)) = 17.0.2
-Provides: bundled(npm(react-transition-group)) = 4.4.2
+Provides: bundled(npm(react-test-renderer)) = 18.2.0
+Provides: bundled(npm(react-transition-group)) = 4.4.5
 Provides: bundled(npm(react-use)) = 17.4.0
-Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.6
-Provides: bundled(npm(react-window)) = 1.8.7
-Provides: bundled(npm(react-window-infinite-loader)) = 1.0.8
-Provides: bundled(npm(redux)) = 4.1.1
+Provides: bundled(npm(react-virtual)) = 2.10.4
+Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.7
+Provides: bundled(npm(react-window)) = 1.8.9
+Provides: bundled(npm(react-window-infinite-loader)) = 1.0.9
+Provides: bundled(npm(redux)) = 4.2.1
 Provides: bundled(npm(redux-mock-store)) = 1.5.4
-Provides: bundled(npm(redux-thunk)) = 2.4.1
+Provides: bundled(npm(redux-thunk)) = 2.4.2
 Provides: bundled(npm(regenerator-runtime)) = 0.11.1
 Provides: bundled(npm(replace-in-file-webpack-plugin)) = 1.0.6
-Provides: bundled(npm(reselect)) = 4.1.0
-Provides: bundled(npm(resolve-as-bin)) = 2.1.0
-Provides: bundled(npm(rimraf)) = 2.7.1
-Provides: bundled(npm(rollup)) = 2.77.2
-Provides: bundled(npm(rollup-plugin-dts)) = 4.2.2
-Provides: bundled(npm(rollup-plugin-esbuild)) = 4.9.1
-Provides: bundled(npm(rollup-plugin-node-externals)) = 4.1.0
+Provides: bundled(npm(reselect)) = 4.1.8
+Provides: bundled(npm(resolve-bin)) = 1.0.1
+Provides: bundled(npm(rimraf)) = 2.6.3
+Provides: bundled(npm(rollup)) = 2.79.1
+Provides: bundled(npm(rollup-plugin-copy)) = 3.5.0
+Provides: bundled(npm(rollup-plugin-dts)) = 5.3.0
+Provides: bundled(npm(rollup-plugin-esbuild)) = 5.0.0
+Provides: bundled(npm(rollup-plugin-node-externals)) = 5.0.2
 Provides: bundled(npm(rollup-plugin-sourcemaps)) = 0.6.3
-Provides: bundled(npm(rollup-plugin-svg-import)) = 1.6.0
 Provides: bundled(npm(rollup-plugin-terser)) = 7.0.2
-Provides: bundled(npm(rst2html)) = 1.0.4
-Provides: bundled(npm(rudder-sdk-js)) = 2.13.0
-Provides: bundled(npm(rxjs)) = 6.6.7
-Provides: bundled(npm(sass)) = 1.50.1
-Provides: bundled(npm(sass-loader)) = 12.6.0
-Provides: bundled(npm(selecto)) = 1.19.1
-Provides: bundled(npm(semver)) = 5.7.1
-Provides: bundled(npm(simple-git)) = 3.7.1
-Provides: bundled(npm(sinon)) = 14.0.0
+Provides: bundled(npm(rudder-sdk-js)) = 2.43.0
+Provides: bundled(npm(rxjs)) = 7.8.1
+Provides: bundled(npm(sass)) = 1.69.4
+Provides: bundled(npm(sass-loader)) = 13.3.2
+Provides: bundled(npm(selecto)) = 1.26.0
+Provides: bundled(npm(semver)) = 5.7.2
 Provides: bundled(npm(slate)) = 0.47.9
-Provides: bundled(npm(slate-plain-serializer)) = 0.7.11
+Provides: bundled(npm(slate-plain-serializer)) = 0.7.13
 Provides: bundled(npm(slate-react)) = 0.22.10
 Provides: bundled(npm(sql-formatter-plus)) = 1.3.6
-Provides: bundled(npm(storybook-dark-mode)) = 1.1.0
-Provides: bundled(npm(style-loader)) = 1.3.0
-Provides: bundled(npm(stylelint)) = 14.9.1
-Provides: bundled(npm(stylelint-config-prettier)) = 9.0.3
-Provides: bundled(npm(stylelint-config-sass-guidelines)) = 9.0.1
+Provides: bundled(npm(storybook)) = 7.4.5
+Provides: bundled(npm(storybook-addon-turbo-build)) = 2.0.1
+Provides: bundled(npm(storybook-dark-mode)) = 3.0.1
+Provides: bundled(npm(string-hash)) = 1.1.3
+Provides: bundled(npm(style-loader)) = 3.3.3
+Provides: bundled(npm(stylelint)) = 15.11.0
+Provides: bundled(npm(stylelint-config-prettier)) = 9.0.5
+Provides: bundled(npm(stylelint-config-sass-guidelines)) = 10.0.0
+Provides: bundled(npm(swc-loader)) = 0.2.3
 Provides: bundled(npm(symbol-observable)) = 4.0.0
-Provides: bundled(npm(systemjs)) = 0.20.19
-Provides: bundled(npm(terser-webpack-plugin)) = 4.2.3
-Provides: bundled(npm(test)) = 0.0.0-use.local
-Provides: bundled(npm(testing-library-selector)) = 0.2.1
+Provides: bundled(npm(systemjs)) = 6.14.2
+Provides: bundled(npm(systemjs-cjs-extra)) = 0.2.0
+Provides: bundled(npm(terser-webpack-plugin)) = 5.3.9
+Provides: bundled(npm(testing-library-selector)) = 0.3.1
 Provides: bundled(npm(tether-drop)) = 1.5.0
-Provides: bundled(npm(tinycolor2)) = 1.4.2
+Provides: bundled(npm(tinycolor2)) = 1.6.0
 Provides: bundled(npm(tracelib)) = 1.0.1
-Provides: bundled(npm(ts-jest)) = 27.1.3
+Provides: bundled(npm(ts-jest)) = 29.0.5
 Provides: bundled(npm(ts-loader)) = 8.4.0
-Provides: bundled(npm(ts-node)) = 9.1.1
+Provides: bundled(npm(ts-node)) = 10.9.1
 Provides: bundled(npm(tslib)) = 1.14.1
 Provides: bundled(npm(tween-functions)) = 1.2.0
-Provides: bundled(npm(typescript)) = 4.6.4
-Provides: bundled(npm(uplot)) = 1.6.22
+Provides: bundled(npm(typescript)) = 4.8.4
+Provides: bundled(npm(uplot)) = 1.6.27
 Provides: bundled(npm(uuid)) = 3.4.0
-Provides: bundled(npm(vendor)) = 0.0.0-use.local
 Provides: bundled(npm(visjs-network)) = 4.25.0
-Provides: bundled(npm(wait-on)) = 6.0.1
-Provides: bundled(npm(webpack)) = 5.72.0
-Provides: bundled(npm(webpack-bundle-analyzer)) = 4.5.0
-Provides: bundled(npm(webpack-cli)) = 4.10.0
-Provides: bundled(npm(webpack-dev-server)) = 4.9.3
-Provides: bundled(npm(webpack-filter-warnings-plugin)) = 1.2.1
+Provides: bundled(npm(webpack)) = 5.76.0
+Provides: bundled(npm(webpack-assets-manifest)) = 5.1.0
+Provides: bundled(npm(webpack-bundle-analyzer)) = 4.9.0
+Provides: bundled(npm(webpack-cli)) = 5.1.4
+Provides: bundled(npm(webpack-dev-server)) = 4.15.1
 Provides: bundled(npm(webpack-manifest-plugin)) = 5.0.0
-Provides: bundled(npm(webpack-merge)) = 5.8.0
+Provides: bundled(npm(webpack-merge)) = 5.9.0
 Provides: bundled(npm(whatwg-fetch)) = 3.6.2
-Provides: bundled(npm(xss)) = 1.0.13
+Provides: bundled(npm(xlsx)) = 0.19.1
+Provides: bundled(npm(xss)) = 1.0.14
 Provides: bundled(npm(yaml)) = 1.10.2
+Provides: bundled(npm(yargs)) = 16.2.0
 
 
 %description
@@ -763,8 +777,6 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
 %patch -P 8 -p1
 %patch -P 9 -p1
 %patch -P 10 -p1
-%patch -P 11 -p1
-%patch -P 12 -p1
 
 %patch -P 1001 -p1
 %if %{enable_fips_mode}
@@ -773,6 +785,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
 %ifarch s390x i686 armv7hl
 %patch -P 1003 -p1
 %endif
+%patch -P 1004 -p1
 
 
 %build
@@ -789,7 +802,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
 export GOEXPERIMENT=boringcrypto
 # see grafana-X.Y.Z/pkg/build/cmd.go
 export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}"
-for cmd in grafana-cli grafana-server; do
+for cmd in grafana grafana-cli grafana-server; do
     %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
 done
 
@@ -815,10 +828,14 @@ rm -f %{buildroot}%{_datadir}/%{name}/public/lib/.gitignore
 
 # wrappers
 install -p -m 755 packaging/wrappers/grafana-cli %{buildroot}%{_sbindir}/%{name}-cli
+install -p -m 755 packaging/wrappers/grafana %{buildroot}%{_sbindir}/%{name}
+install -p -m 755 packaging/wrappers/grafana-server %{buildroot}%{_sbindir}/%{name}-server
 
 # binaries
 install -p -m 755 %{_builddir}/bin/%{name}-server %{buildroot}%{_sbindir}
 install -p -m 755 %{_builddir}/bin/%{name}-cli %{buildroot}%{_libexecdir}/%{name}
+install -p -m 755 %{_builddir}/bin/%{name} %{buildroot}%{_sbindir}
+install -p -m 755 %{_builddir}/bin/%{name} %{buildroot}%{_libexecdir}/%{name}
 
 # man pages
 install -d %{buildroot}%{_mandir}/man1
@@ -932,6 +949,7 @@ export TZ=GMT
 # binaries and wrappers
 %{_sbindir}/%{name}-server
 %{_sbindir}/%{name}-cli
+%{_sbindir}/%{name}
 %{_libexecdir}/%{name}
 
 # config files
@@ -972,7 +990,7 @@ export TZ=GMT
 # other docs and license
 %license LICENSE LICENSING.md NOTICE.md
 %doc CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md ISSUE_TRIAGE.md MAINTAINERS.md
-%doc PLUGIN_DEV.md README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md
+%doc README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md
 
 # SELinux policy
 %post selinux
@@ -981,7 +999,7 @@ do
   /usr/sbin/semodule -s ${selinuxvariant} -i \
     %{_datadir}/selinux/${selinuxvariant}/grafana.pp &> /dev/null || :
 done
-/sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || :
+/sbin/restorecon -RvF /usr/sbin/grafana* &> /dev/null || :
 /sbin/restorecon -RvF /etc/grafana &> /dev/null || :
 /sbin/restorecon -RvF /var/log/grafana &> /dev/null || :
 /sbin/restorecon -RvF /var/lib/grafana &> /dev/null || :
@@ -995,7 +1013,7 @@ if [ $1 -eq 0 ] ; then
   do
     /usr/sbin/semodule -s ${selinuxvariant} -r grafana &> /dev/null || :
   done
-  /sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || :
+  /sbin/restorecon -RvF /usr/sbin/grafana* &> /dev/null || :
   /sbin/restorecon -RvF /etc/grafana &> /dev/null || :
   /sbin/restorecon -RvF /var/log/grafana &> /dev/null || :
   /sbin/restorecon -RvF /var/lib/grafana &> /dev/null || :
@@ -1008,6 +1026,20 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Tue Jul 16 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-4
+- Resolves RHEL-44874
+
+* Tue Jul 9 2024 Lauren Chilton <lchilton@redhat.com> 10.2.6-3
+- Resolves RHEL-35937
+
+* Fri May 3 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-2
+- Fixes patch 1002 for update to golang-fips
+- Remove unused code under apsl-1.1 and apsl-1.2 licenses
+- Resolves RHEL-33655
+
+* Tue Apr 2 2024 Sam Feifer <sfeifer@redhat.com> 10.2.6-1
+- Rebase to grafana 10.2.6
+
 * Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
 - Resolves RHEL-23468
 - Allows for gid to be 0