From dd73ed59babc2cd0fba5d8f0df8709678e66bc19 Mon Sep 17 00:00:00 2001 From: Sam Feifer Date: Fri, 29 May 2026 13:18:28 -0400 Subject: [PATCH] Resolves: RHEL-171604 --- ...li-script-with-distro-specific-paths.patch | 4 +- 0002-add-manpages.patch | 125 +- 0003-update-default-configuration.patch | 18 +- 0004-remove-unused-backend-dependencies.patch | 62 - 0004-remove-unused-frontend-crypto.patch | 282 ++ 0005-remove-unused-frontend-crypto.patch | 333 -- ...skip-marketplace-plugin-install-test.patch | 6 +- 0006-redact-weak-ciphers.patch | 21 + 0007-redact-weak-ciphers.patch | 30 - ...appers-and-systemd-with-distro-paths.patch | 8 +- ...ls-for-versions-not-in-GCOM-registry.patch | 37 + 0008-replace-faulty-slices-sort.patch | 40 - ...ess-signature-warning-for-pcp-plugin.patch | 23 + 0010-remove-bcrypt-references.patch | 108 - 0011-fix-dompurify-CVE.patch | 55 - 0012-fix-jwt-CVE.patch | 28 - 0013-fix-CVE-2025-4123.patch | 32 - 0014-Fix-CVE-2026-21721.patch | 49 - 0015-Fix-CVE-2026-27877.patch | 123 - ...-vendor-patch-removed-backend-crypto.patch | 2794 +++++++++-------- 1002-vendor-use-pbkdf2-from-OpenSSL.patch | 9 +- 1004-vendor-Redacted-Url-in-logs.patch | 51 - README.md | 1 - build_frontend.sh | 12 +- create_bundles.sh | 30 +- create_bundles_in_container.sh | 2 +- grafana.rpmlintrc | 7 +- grafana.spec | 1147 ++++--- grafana.te | 2 + sources | 6 +- 30 files changed, 2559 insertions(+), 2886 deletions(-) delete mode 100644 0004-remove-unused-backend-dependencies.patch create mode 100644 0004-remove-unused-frontend-crypto.patch delete mode 100644 0005-remove-unused-frontend-crypto.patch rename 0006-skip-marketplace-plugin-install-test.patch => 0005-skip-marketplace-plugin-install-test.patch (84%) create mode 100644 0006-redact-weak-ciphers.patch delete mode 100644 0007-redact-weak-ciphers.patch rename 0009-update-wrappers-and-systemd-with-distro-paths.patch => 0007-update-wrappers-and-systemd-with-distro-paths.patch (93%) create mode 100644 0008-fix-plugin-details-for-versions-not-in-GCOM-registry.patch delete mode 100644 0008-replace-faulty-slices-sort.patch create mode 100644 0009-suppress-signature-warning-for-pcp-plugin.patch delete mode 100644 0010-remove-bcrypt-references.patch delete mode 100644 0011-fix-dompurify-CVE.patch delete mode 100644 0012-fix-jwt-CVE.patch delete mode 100644 0013-fix-CVE-2025-4123.patch delete mode 100644 0014-Fix-CVE-2026-21721.patch delete mode 100644 0015-Fix-CVE-2026-27877.patch delete mode 100644 1004-vendor-Redacted-Url-in-logs.patch diff --git a/0001-update-grafana-cli-script-with-distro-specific-paths.patch b/0001-update-grafana-cli-script-with-distro-specific-paths.patch index 837d0ff..cc2bd14 100644 --- a/0001-update-grafana-cli-script-with-distro-specific-paths.patch +++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch @@ -1,4 +1,4 @@ -From 1e47ea7adc316e2df3d0081c2c0ebe75ddd6bda0 Mon Sep 17 00:00:00 2001 +From 6c91a24de267022108b83f54a59e342cee058be1 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Wed, 22 Jun 2022 16:57:52 +0200 Subject: [PATCH] update grafana-cli script with distro-specific paths and @@ -6,7 +6,7 @@ Subject: [PATCH] update grafana-cli script with distro-specific paths and diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli -index 7c6c46aef9..945714642b 100755 +index 7c6c46aef9e..945714642b2 100755 --- a/packaging/wrappers/grafana-cli +++ b/packaging/wrappers/grafana-cli @@ -5,7 +5,7 @@ diff --git a/0002-add-manpages.patch b/0002-add-manpages.patch index a059e0a..7289dcd 100644 --- a/0002-add-manpages.patch +++ b/0002-add-manpages.patch @@ -1,4 +1,4 @@ -From 5b6c18f715808f99c32550fc3b670fc5bf600f72 Mon Sep 17 00:00:00 2001 +From bf16d1ebbd153bf7d973f522abd219970a5dc468 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Wed, 22 Jun 2022 17:01:09 +0200 Subject: [PATCH] add manpages @@ -6,11 +6,11 @@ Subject: [PATCH] add manpages diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1 new file mode 100644 -index 0000000000..39c0d5cee0 +index 00000000000..f22507c4ebf --- /dev/null +++ b/docs/man/man1/grafana-cli.1 -@@ -0,0 +1,63 @@ -+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands" +@@ -0,0 +1,60 @@ ++.TH GRAFANA "1" "March 2026" "Grafana cli version 12.4.2" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -28,18 +28,15 @@ index 0000000000..39c0d5cee0 +admin +Grafana admin commands +.TP -+cue -+Cue validation commands -+.TP +help, h +Shows a list of commands or help for one command +.SS "GLOBAL OPTIONS:" +.TP +\fB\-\-pluginsDir\fR value -+path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR] ++Path to the Grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR] +.TP +\fB\-\-repo\fR value -+url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO] ++URL to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO] +.TP +\fB\-\-pluginUrl\fR value +Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL] @@ -75,11 +72,11 @@ index 0000000000..39c0d5cee0 +.BR http://docs.grafana.org/ . diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1 new file mode 100644 -index 0000000000..683a2369cc +index 00000000000..1b10799c934 --- /dev/null +++ b/docs/man/man1/grafana-server.1 -@@ -0,0 +1,80 @@ -+.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands" +@@ -0,0 +1,103 @@ ++.TH VERSION "1" "March 2026" "Version 12.4.2" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -101,6 +98,13 @@ index 0000000000..683a2369cc +.B systemctl start grafana-server.service +.in +.P ++.SH COMMANDS ++.TP ++target ++Target specific grafana services ++.TP ++help, h ++Shows a list of commands or help for one command +.SH OPTIONS +The +.B grafana-server @@ -111,51 +115,102 @@ index 0000000000..683a2369cc +the same (or similar) name in the configuration file. +.P +.HP -+\fB\-config\fR string ++\fB\-\-config\fR value +.IP -+path to config file ++Path to config file +.HP -+\fB\-homepath\fR string ++\fB\-\-homepath\fR value +.IP -+path to grafana install/home path, defaults to working directory ++Path to Grafana install/home path, defaults to working directory +.HP -+\fB\-packaging\fR string ++\fB\-\-pidfile\fR value +.IP -+describes the way Grafana was installed (default "unknown") ++Path to Grafana pid file +.HP -+\fB\-pidfile\fR string ++\fB\-\-packaging\fR value +.IP -+path to pid file ++describes the way Grafana was installed (default: "unknown") +.HP -+\fB\-profile\fR ++\fB\-\-configOverrides\fR value ++.IP ++Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null ++.HP ++\fB\-\-version\fR, \fB\-v\fR ++.IP ++print the version ++.HP ++\fB\-\-vv\fR ++.IP ++prints current version, all dependencies and exits ++.HP ++\fB\-\-profile\fR +.IP +Turn on pprof profiling +.HP -+\fB\-profile\-addr\fR string ++\fB\-\-profile\-addr\fR value +.IP -+Define custom address for profiling (default "localhost") ++Define custom address for profiling (default: "localhost") +.HP -+\fB\-profile\-port\fR uint ++\fB\-\-profile\-port\fR value +.IP -+Define custom port for profiling (default 6060) ++Define custom port for profiling (default: 6060) +.HP -+\fB\-tracing\fR ++\fB\-\-profile\-block\-rate\fR value ++.IP ++Controls the fraction of goroutine blocking events that are reported in the blocking profile. The profiler aims to sample an average of one blocking event per rate nanoseconds spent blocked. To turn off profiling entirely, use 0 (default: 1) ++.HP ++\fB\-\-profile\-mutex\-rate\fR value ++.IP ++Controls the fraction of mutex contention events that are reported in the mutex profile. On average 1/rate events are reported. To turn off mutex profiling entirely, use 0 (default: 0) ++.HP ++\fB\-\-tracing\fR +.IP +Turn on tracing +.HP -+\fB\-tracing\-file\fR string ++\fB\-\-tracing\-file\fR value +.IP -+Define tracing output file (default "trace.out") -+.TP -+\fB\-v\fR ++Define tracing output file (default: "trace.out") ++.HP ++\fB\-\-help\fR, \fB\-h\fR +.IP -+prints current version and exits -+.TP -+\fB\-vv\fR -+.IP -+prints current version, all dependencies and exits ++show help +.SH "SEE ALSO" +The full documentation for +.B Grafana +is available on-line at +.BR http://docs.grafana.org/ . +diff --git a/docs/man/man1/grafana.1 b/docs/man/man1/grafana.1 +new file mode 100644 +index 00000000000..bd4c24e8662 +--- /dev/null ++++ b/docs/man/man1/grafana.1 +@@ -0,0 +1,29 @@ ++.TH GRAFANA "1" "March 2026" "Grafana version 12.4.2" "User Commands" ++.SH NAME ++grafana \- metrics dashboard and graph editor ++.SH DESCRIPTION ++.B grafana ++is the main entry point for the Grafana metrics dashboard and graph editor. ++It provides subcommands to start the Grafana server and manage plugins. ++.SH COMMANDS ++.TP ++server ++Start the Grafana back-end server. See ++.BR grafana-server (1) ++for details. ++.TP ++cli ++Command line administration for Grafana. See ++.BR grafana-cli (1) ++for details. ++.TP ++help, h ++Shows a list of commands or help for one command. ++.SH "SEE ALSO" ++.BR grafana-server (1), ++.BR grafana-cli (1). ++.P ++The full documentation for ++.B Grafana ++is available on-line at ++.BR http://docs.grafana.org/ . diff --git a/0003-update-default-configuration.patch b/0003-update-default-configuration.patch index dfe119b..4b57a52 100644 --- a/0003-update-default-configuration.patch +++ b/0003-update-default-configuration.patch @@ -1,14 +1,14 @@ -From 026c4f235fd3bfc741304a5e12e13bd1c7b85eac Mon Sep 17 00:00:00 2001 +From edebb6f199881f9769c579645ddfeb0733dc4509 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Wed, 22 Jun 2022 17:05:48 +0200 Subject: [PATCH] update default configuration diff --git a/conf/defaults.ini b/conf/defaults.ini -index 9f7cf4a90b..e1e5468bfa 100644 +index d5acfefd5d7..3dac6bd49af 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini -@@ -240,7 +240,7 @@ user_agent = +@@ -295,7 +295,7 @@ user_agent = # No ip addresses are being tracked, only simple counters to track # running instances, dashboard and error counts. It is very helpful to us. # Change this option to false to disable reporting. @@ -17,7 +17,7 @@ index 9f7cf4a90b..e1e5468bfa 100644 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs reporting_distributor = grafana-labs -@@ -249,8 +249,8 @@ reporting_distributor = grafana-labs +@@ -304,8 +304,8 @@ reporting_distributor = grafana-labs # for new versions of grafana. The check is used # in some UI views to notify that a grafana update exists. # This option does not cause any auto updates, nor send any information @@ -29,10 +29,10 @@ index 9f7cf4a90b..e1e5468bfa 100644 # Set to false to disable all checks to https://grafana.com # for new versions of plugins. The check is used diff --git a/conf/sample.ini b/conf/sample.ini -index 916de769f9..2f270d4940 100644 +index 604507b1e84..0cc0968c962 100644 --- a/conf/sample.ini +++ b/conf/sample.ini -@@ -247,7 +247,7 @@ +@@ -282,7 +282,7 @@ # No ip addresses are being tracked, only simple counters to track # running instances, dashboard and error counts. It is very helpful to us. # Change this option to false to disable reporting. @@ -41,7 +41,7 @@ index 916de769f9..2f270d4940 100644 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs ;reporting_distributor = grafana-labs -@@ -256,8 +256,8 @@ +@@ -291,8 +291,8 @@ # for new versions of grafana. The check is used # in some UI views to notify that a grafana update exists. # This option does not cause any auto updates, nor send any information @@ -52,7 +52,7 @@ index 916de769f9..2f270d4940 100644 # Set to false to disable all checks to https://grafana.com # for new versions of plugins. The check is used -@@ -427,7 +427,7 @@ +@@ -490,7 +490,7 @@ # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. @@ -61,7 +61,7 @@ index 916de769f9..2f270d4940 100644 # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" ;default_home_dashboard_path = -@@ -1411,7 +1411,7 @@ +@@ -1870,7 +1870,7 @@ default_datasource_uid = ;enable_alpha = false ;app_tls_skip_verify_insecure = false # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. diff --git a/0004-remove-unused-backend-dependencies.patch b/0004-remove-unused-backend-dependencies.patch deleted file mode 100644 index 1569748..0000000 --- a/0004-remove-unused-backend-dependencies.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 076177ff583b8e6d92948e0a4ddde0e8992d09a3 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Wed, 22 Jun 2022 17:18:56 +0200 -Subject: [PATCH] remove unused backend dependencies - -saml and gofpdf are not used in the OSS edition of Grafana -after editing `pkg/extensions/main.go`, run `go mod tidy` - -diff --git a/go.mod b/go.mod -index fcbc09da5e..82fdf39842 100644 ---- a/go.mod -+++ b/go.mod -@@ -45,7 +45,6 @@ require ( - github.com/blang/semver/v4 v4.0.0 // @grafana/grafana-release-guild - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // @grafana/backend-platform - github.com/centrifugal/centrifuge v0.30.2 // @grafana/grafana-app-platform-squad -- github.com/crewjam/saml v0.4.13 // @grafana/grafana-authnz-team - github.com/fatih/color v1.15.0 // @grafana/backend-platform - github.com/gchaincl/sqlhooks v1.3.0 // @grafana/backend-platform - github.com/go-ldap/ldap/v3 v3.4.4 // @grafana/grafana-authnz-team -@@ -187,7 +186,6 @@ require ( - github.com/josharian/intern v1.0.0 // indirect - github.com/jpillora/backoff v1.0.0 // indirect - github.com/mailru/easyjson v0.7.7 // indirect -- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect - github.com/mattetti/filebuffer v1.0.1 // indirect - github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/miekg/dns v1.1.51 // indirect -diff --git a/go.sum b/go.sum -index d05dfb55fd..b160387abe 100644 ---- a/go.sum -+++ b/go.sum -@@ -1826,8 +1826,6 @@ github.com/grafana/pyroscope/api v0.3.0/go.mod h1:JggA80ToAAUACYGfwL49XoFk5aN5ec - github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= - github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db h1:7aN5cccjIqCLTzedH7MZzRZt5/lsAHch6Z3L2ZGn5FA= - github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= --github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c h1:1pHLC1ZTz7N5QI3jzCs5sqmVvAKe+JwGnpp9lQ+iUjY= --github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c/go.mod h1:S4+611dxnKt8z/ulbvaJzcgSHsuhjVc1QHNTcr1R7Fw= - github.com/grafana/sqlds/v2 v2.3.10 h1:HWKhE0vR6LoEiE+Is8CSZOgaB//D1yqb2ntkass9Fd4= - github.com/grafana/sqlds/v2 v2.3.10/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs= - github.com/grafana/tempo v1.5.1-0.20230524121406-1dc1bfe7085b h1:mDlkqgTEJuK7vjPG44f3ZMtId5AAYLWHvBVbiGqIOOQ= -@@ -2222,8 +2220,6 @@ github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9Hmu - github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w= - github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= - github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= --github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU= --github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To= - github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM= - github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs= - github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go -index 327e208221..426aad2a21 100644 ---- a/pkg/extensions/main.go -+++ b/pkg/extensions/main.go -@@ -11,7 +11,6 @@ import ( - _ "github.com/beevik/etree" - _ "github.com/blugelabs/bluge" - _ "github.com/blugelabs/bluge_segment_api" -- _ "github.com/crewjam/saml" - _ "github.com/go-jose/go-jose/v3" - _ "github.com/gobwas/glob" - _ "github.com/googleapis/gax-go/v2" diff --git a/0004-remove-unused-frontend-crypto.patch b/0004-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000..40c4d05 --- /dev/null +++ b/0004-remove-unused-frontend-crypto.patch @@ -0,0 +1,282 @@ +From 17d7edbdd13fa561a60a8e855caca35f0abc0d82 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:36:47 +0200 +Subject: [PATCH] remove unused frontend crypto + +update `package.json` and then run `yarn install` to update the +`yarn.lock` lockfile + +diff --git a/package.json b/package.json +index 206ff23e4a2..88ddcd2f18f 100644 +--- a/package.json ++++ b/package.json +@@ -447,6 +447,7 @@ + "semver@npm:~7.3.5": "^7.3.5", + "debug@npm:^0.7.2": "2.6.9", + "debug@npm:^0.7.4": "2.6.9", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", + "slate-dev-environment@^0.2.2": "patch:slate-dev-environment@npm:0.2.5#.yarn/patches/slate-dev-environment-npm-0.2.5-9aeb7da7b5.patch", + "react-split-pane@0.1.92": "patch:react-split-pane@npm:0.1.92#.yarn/patches/react-split-pane-npm-0.1.92-93dbf51dff.patch", + "history@4.10.1": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch", +diff --git a/yarn.lock b/yarn.lock +index 1347dad105c..6c5506b85ed 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -13482,22 +13482,6 @@ __metadata: + languageName: node + linkType: hard + +-"asn1@npm:~0.2.3": +- version: 0.2.6 +- resolution: "asn1@npm:0.2.6" +- dependencies: +- safer-buffer: "npm:~2.1.0" +- checksum: 10/cf629291fee6c1a6f530549939433ebf32200d7849f38b810ff26ee74235e845c0c12b2ed0f1607ac17383d19b219b69cefa009b920dab57924c5c544e495078 +- languageName: node +- linkType: hard +- +-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0": +- version: 1.0.0 +- resolution: "assert-plus@npm:1.0.0" +- checksum: 10/f4f991ae2df849cc678b1afba52d512a7cbf0d09613ba111e72255409ff9158550c775162a47b12d015d1b82b3c273e8e25df0e4783d3ddb008a293486d00a07 +- languageName: node +- linkType: hard +- + "assert@npm:2.0.0": + version: 2.0.0 + resolution: "assert@npm:2.0.0" +@@ -13977,15 +13961,6 @@ __metadata: + languageName: node + linkType: hard + +-"bcrypt-pbkdf@npm:^1.0.0": +- version: 1.0.2 +- resolution: "bcrypt-pbkdf@npm:1.0.2" +- dependencies: +- tweetnacl: "npm:^0.14.3" +- checksum: 10/13a4cde058250dbf1fa77a4f1b9a07d32ae2e3b9e28e88a0c7a1827835bc3482f3e478c4a0cfd4da6ff0c46dae07da1061123a995372b32cc563d9975f975404 +- languageName: node +- linkType: hard +- + "before-after-hook@npm:^2.2.0": + version: 2.2.3 + resolution: "before-after-hook@npm:2.2.3" +@@ -15716,13 +15691,6 @@ __metadata: + languageName: node + linkType: hard + +-"core-util-is@npm:1.0.2": +- version: 1.0.2 +- resolution: "core-util-is@npm:1.0.2" +- checksum: 10/d0f7587346b44a1fe6c269267e037dd34b4787191e473c3e685f507229d88561c40eb18872fabfff02977301815d474300b7bfbd15396c13c5377393f7e87ec3 +- languageName: node +- linkType: hard +- + "core-util-is@npm:~1.0.0": + version: 1.0.3 + resolution: "core-util-is@npm:1.0.3" +@@ -16682,15 +16650,6 @@ __metadata: + languageName: node + linkType: hard + +-"dashdash@npm:^1.12.0": +- version: 1.14.1 +- resolution: "dashdash@npm:1.14.1" +- dependencies: +- assert-plus: "npm:^1.0.0" +- checksum: 10/137b287fa021201ce100cef772c8eeeaaafdd2aa7282864022acf3b873021e54cb809e9c060fa164840bf54ff72d00d6e2d8da1ee5a86d7200eeefa1123a8f7f +- languageName: node +- linkType: hard +- + "data-uri-to-buffer@npm:^6.0.2": + version: 6.0.2 + resolution: "data-uri-to-buffer@npm:6.0.2" +@@ -17570,16 +17529,6 @@ __metadata: + languageName: node + linkType: hard + +-"ecc-jsbn@npm:~0.1.1": +- version: 0.1.2 +- resolution: "ecc-jsbn@npm:0.1.2" +- dependencies: +- jsbn: "npm:~0.1.0" +- safer-buffer: "npm:^2.1.0" +- checksum: 10/d43591f2396196266e186e6d6928038cc11c76c3699a912cb9c13757060f7bbc7f17f47c4cb16168cdeacffc7965aef021142577e646fb3cb88810c15173eb57 +- languageName: node +- linkType: hard +- + "ee-first@npm:1.1.1": + version: 1.1.1 + resolution: "ee-first@npm:1.1.1" +@@ -19128,20 +19077,6 @@ __metadata: + languageName: node + linkType: hard + +-"extsprintf@npm:1.3.0": +- version: 1.3.0 +- resolution: "extsprintf@npm:1.3.0" +- checksum: 10/26967d6c7ecbfb5bc5b7a6c43503dc5fafd9454802037e9fa1665e41f615da4ff5918bd6cb871a3beabed01a31eca1ccd0bdfb41231f50ad50d405a430f78377 +- languageName: node +- linkType: hard +- +-"extsprintf@npm:^1.2.0": +- version: 1.4.1 +- resolution: "extsprintf@npm:1.4.1" +- checksum: 10/bfd6d55f3c0c04d826fe0213264b383c03f32825af6b1ff777f3f2dc49467e599361993568d75b7b19a8ea1bb08c8e7cd8c3d87d179ced91bb0dcf81ca6938e0 +- languageName: node +- linkType: hard +- + "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": + version: 3.1.3 + resolution: "fast-deep-equal@npm:3.1.3" +@@ -20281,15 +20216,6 @@ __metadata: + languageName: node + linkType: hard + +-"getpass@npm:^0.1.1": +- version: 0.1.7 +- resolution: "getpass@npm:0.1.7" +- dependencies: +- assert-plus: "npm:^1.0.0" +- checksum: 10/ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046 +- languageName: node +- linkType: hard +- + "gifwrap@npm:^0.10.1": + version: 0.10.1 + resolution: "gifwrap@npm:0.10.1" +@@ -21711,14 +21637,10 @@ __metadata: + languageName: node + linkType: hard + +-"http-signature@npm:~1.4.0": +- version: 1.4.0 +- resolution: "http-signature@npm:1.4.0" +- dependencies: +- assert-plus: "npm:^1.0.0" +- jsprim: "npm:^2.0.2" +- sshpk: "npm:^1.18.0" +- checksum: 10/f9f5eed4ac5db5e1ec6d00652680c7d8b76d553560017e34505c0c22c37abb2e6d22b9268ed4a8542aa9746852a2d64850531091e443393c9c8e0f4fd4174455 ++"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 10/78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1 + languageName: node + linkType: hard + +@@ -24050,13 +23972,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsbn@npm:~0.1.0": +- version: 0.1.1 +- resolution: "jsbn@npm:0.1.1" +- checksum: 10/5450133242845100e694f0ef9175f44c012691a9b770b2571e677314e6f70600abb10777cdfc9a0c6a9f2ac6d134577403633de73e2fcd0f97875a67744e2d14 +- languageName: node +- linkType: hard +- + "jsdoc-type-pratt-parser@npm:^4.0.0, jsdoc-type-pratt-parser@npm:~4.1.0": + version: 4.1.0 + resolution: "jsdoc-type-pratt-parser@npm:4.1.0" +@@ -24209,13 +24124,6 @@ __metadata: + languageName: node + linkType: hard + +-"json-schema@npm:0.4.0": +- version: 0.4.0 +- resolution: "json-schema@npm:0.4.0" +- checksum: 10/8b3b64eff4a807dc2a3045b104ed1b9335cd8d57aa74c58718f07f0f48b8baa3293b00af4dcfbdc9144c3aafea1e97982cc27cc8e150fc5d93c540649507a458 +- languageName: node +- linkType: hard +- + "json-source-map@npm:0.6.1": + version: 0.6.1 + resolution: "json-source-map@npm:0.6.1" +@@ -24335,18 +24243,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsprim@npm:^2.0.2": +- version: 2.0.2 +- resolution: "jsprim@npm:2.0.2" +- dependencies: +- assert-plus: "npm:1.0.0" +- extsprintf: "npm:1.3.0" +- json-schema: "npm:0.4.0" +- verror: "npm:1.10.0" +- checksum: 10/fcfca5b55f83e1b8be5f932c71754bd37afd2611f81685abd05689e8ce718a91155ff7bd5b94c65ce483a787b5c43c6d0c18c1d2259fca5bb61a3f8ea2e29c0a +- languageName: node +- linkType: hard +- + "jsurl@npm:^0.1.5": + version: 0.1.5 + resolution: "jsurl@npm:0.1.5" +@@ -31842,7 +31738,7 @@ __metadata: + languageName: node + linkType: hard + +-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0": ++"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": + version: 2.1.2 + resolution: "safer-buffer@npm:2.1.2" + checksum: 10/7eaf7a0cf37cc27b42fb3ef6a9b1df6e93a1c6d98c6c6702b02fe262d5fcbd89db63320793b99b21cb5348097d0a53de81bd5f4e8b86e20cc9412e3f1cfb4e83 +@@ -32899,27 +32795,6 @@ __metadata: + languageName: node + linkType: hard + +-"sshpk@npm:^1.18.0": +- version: 1.18.0 +- resolution: "sshpk@npm:1.18.0" +- dependencies: +- asn1: "npm:~0.2.3" +- assert-plus: "npm:^1.0.0" +- bcrypt-pbkdf: "npm:^1.0.0" +- dashdash: "npm:^1.12.0" +- ecc-jsbn: "npm:~0.1.1" +- getpass: "npm:^0.1.1" +- jsbn: "npm:~0.1.0" +- safer-buffer: "npm:^2.0.2" +- tweetnacl: "npm:~0.14.0" +- bin: +- sshpk-conv: bin/sshpk-conv +- sshpk-sign: bin/sshpk-sign +- sshpk-verify: bin/sshpk-verify +- checksum: 10/858339d43e3c6b6a848772a66f69442ce74f1a37655d9f35ba9d1f85329499ff0000af9f8ab83dbb39ad24c0c370edabe0be1e39863f70c6cded9924b8458c34 +- languageName: node +- linkType: hard +- + "ssri@npm:12.0.0, ssri@npm:^12.0.0": + version: 12.0.0 + resolution: "ssri@npm:12.0.0" +@@ -34683,13 +34558,6 @@ __metadata: + languageName: node + linkType: hard + +-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0": +- version: 0.14.5 +- resolution: "tweetnacl@npm:0.14.5" +- checksum: 10/04ee27901cde46c1c0a64b9584e04c96c5fe45b38c0d74930710751ea991408b405747d01dfae72f80fc158137018aea94f9c38c651cb9c318f0861a310c3679 +- languageName: node +- linkType: hard +- + "type-check@npm:^0.4.0, type-check@npm:~0.4.0": + version: 0.4.0 + resolution: "type-check@npm:0.4.0" +@@ -35528,17 +35396,6 @@ __metadata: + languageName: node + linkType: hard + +-"verror@npm:1.10.0": +- version: 1.10.0 +- resolution: "verror@npm:1.10.0" +- dependencies: +- assert-plus: "npm:^1.0.0" +- core-util-is: "npm:1.0.2" +- extsprintf: "npm:^1.2.0" +- checksum: 10/da548149dd9c130a8a2587c9ee71ea30128d1526925707e2d01ed9c5c45c9e9f86733c66a328247cdd5f7c1516fb25b0f959ba754bfbe15072aa99ff96468a29 +- languageName: node +- linkType: hard +- + "vinyl-contents@npm:^2.0.0": + version: 2.0.0 + resolution: "vinyl-contents@npm:2.0.0" diff --git a/0005-remove-unused-frontend-crypto.patch b/0005-remove-unused-frontend-crypto.patch deleted file mode 100644 index 268eadb..0000000 --- a/0005-remove-unused-frontend-crypto.patch +++ /dev/null @@ -1,333 +0,0 @@ -From ddd615152004e0bc5985a574c05d31778351dfa3 Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Wed, 22 Jun 2022 17:36:47 +0200 -Subject: [PATCH] remove unused frontend crypto - -update `package.json` and then run `yarn install` to update the -`yarn.lock` lockfile - -diff --git a/package.json b/package.json -index 38deb6d7de..aad5e88bf0 100644 ---- a/package.json -+++ b/package.json -@@ -425,6 +425,9 @@ - "resolutions": { - "underscore": "1.13.6", - "@types/slate": "0.47.11", -+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", -+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", -+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", - "ngtemplate-loader/loader-utils": "^2.0.0", - "semver@~7.0.0": "7.5.4", - "semver@7.3.4": "7.5.4", -diff --git a/yarn.lock b/yarn.lock -index bf22ba52a1..1552ddc052 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -10935,22 +10935,6 @@ __metadata: - languageName: node - linkType: hard - --"asn1@npm:~0.2.3": -- version: 0.2.6 -- resolution: "asn1@npm:0.2.6" -- dependencies: -- safer-buffer: "npm:~2.1.0" -- checksum: cf629291fee6c1a6f530549939433ebf32200d7849f38b810ff26ee74235e845c0c12b2ed0f1607ac17383d19b219b69cefa009b920dab57924c5c544e495078 -- languageName: node -- linkType: hard -- --"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0": -- version: 1.0.0 -- resolution: "assert-plus@npm:1.0.0" -- checksum: f4f991ae2df849cc678b1afba52d512a7cbf0d09613ba111e72255409ff9158550c775162a47b12d015d1b82b3c273e8e25df0e4783d3ddb008a293486d00a07 -- languageName: node -- linkType: hard -- - "assert@npm:2.0.0, assert@npm:^2.0.0": - version: 2.0.0 - resolution: "assert@npm:2.0.0" -@@ -11427,15 +11411,6 @@ __metadata: - languageName: node - linkType: hard - --"bcrypt-pbkdf@npm:^1.0.0": -- version: 1.0.2 -- resolution: "bcrypt-pbkdf@npm:1.0.2" -- dependencies: -- tweetnacl: "npm:^0.14.3" -- checksum: 13a4cde058250dbf1fa77a4f1b9a07d32ae2e3b9e28e88a0c7a1827835bc3482f3e478c4a0cfd4da6ff0c46dae07da1061123a995372b32cc563d9975f975404 -- languageName: node -- linkType: hard -- - "before-after-hook@npm:^2.2.0": - version: 2.2.2 - resolution: "before-after-hook@npm:2.2.2" -@@ -12929,13 +12904,6 @@ __metadata: - languageName: node - linkType: hard - --"core-util-is@npm:1.0.2": -- version: 1.0.2 -- resolution: "core-util-is@npm:1.0.2" -- checksum: d0f7587346b44a1fe6c269267e037dd34b4787191e473c3e685f507229d88561c40eb18872fabfff02977301815d474300b7bfbd15396c13c5377393f7e87ec3 -- languageName: node -- linkType: hard -- - "core-util-is@npm:~1.0.0": - version: 1.0.3 - resolution: "core-util-is@npm:1.0.3" -@@ -13857,15 +13825,6 @@ __metadata: - languageName: node - linkType: hard - --"dashdash@npm:^1.12.0": -- version: 1.14.1 -- resolution: "dashdash@npm:1.14.1" -- dependencies: -- assert-plus: "npm:^1.0.0" -- checksum: 137b287fa021201ce100cef772c8eeeaaafdd2aa7282864022acf3b873021e54cb809e9c060fa164840bf54ff72d00d6e2d8da1ee5a86d7200eeefa1123a8f7f -- languageName: node -- linkType: hard -- - "data-urls@npm:^3.0.2": - version: 3.0.2 - resolution: "data-urls@npm:3.0.2" -@@ -14573,16 +14532,6 @@ __metadata: - languageName: node - linkType: hard - --"ecc-jsbn@npm:~0.1.1": -- version: 0.1.2 -- resolution: "ecc-jsbn@npm:0.1.2" -- dependencies: -- jsbn: "npm:~0.1.0" -- safer-buffer: "npm:^2.1.0" -- checksum: d43591f2396196266e186e6d6928038cc11c76c3699a912cb9c13757060f7bbc7f17f47c4cb16168cdeacffc7965aef021142577e646fb3cb88810c15173eb57 -- languageName: node -- linkType: hard -- - "ee-first@npm:1.1.1": - version: 1.1.1 - resolution: "ee-first@npm:1.1.1" -@@ -15991,20 +15940,6 @@ __metadata: - languageName: node - linkType: hard - --"extsprintf@npm:1.3.0": -- version: 1.3.0 -- resolution: "extsprintf@npm:1.3.0" -- checksum: 26967d6c7ecbfb5bc5b7a6c43503dc5fafd9454802037e9fa1665e41f615da4ff5918bd6cb871a3beabed01a31eca1ccd0bdfb41231f50ad50d405a430f78377 -- languageName: node -- linkType: hard -- --"extsprintf@npm:^1.2.0": -- version: 1.4.1 -- resolution: "extsprintf@npm:1.4.1" -- checksum: bfd6d55f3c0c04d826fe0213264b383c03f32825af6b1ff777f3f2dc49467e599361993568d75b7b19a8ea1bb08c8e7cd8c3d87d179ced91bb0dcf81ca6938e0 -- languageName: node -- linkType: hard -- - "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": - version: 3.1.3 - resolution: "fast-deep-equal@npm:3.1.3" -@@ -16916,15 +16851,6 @@ __metadata: - languageName: node - linkType: hard - --"getpass@npm:^0.1.1": -- version: 0.1.7 -- resolution: "getpass@npm:0.1.7" -- dependencies: -- assert-plus: "npm:^1.0.0" -- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046 -- languageName: node -- linkType: hard -- - "giget@npm:^1.0.0": - version: 1.1.2 - resolution: "giget@npm:1.1.2" -@@ -18263,25 +18189,10 @@ __metadata: - languageName: node - linkType: hard - --"http-signature@npm:~1.2.0": -- version: 1.2.0 -- resolution: "http-signature@npm:1.2.0" -- dependencies: -- assert-plus: "npm:^1.0.0" -- jsprim: "npm:^1.2.2" -- sshpk: "npm:^1.7.0" -- checksum: 2ff7112e6b0d8f08b382dfe705078c655501f2ddd76cf589d108445a9dd388a0a9be928c37108261519a7f53e6bbd1651048d74057b804807cce1ec49e87a95b -- languageName: node -- linkType: hard -- --"http-signature@npm:~1.3.6": -- version: 1.3.6 -- resolution: "http-signature@npm:1.3.6" -- dependencies: -- assert-plus: "npm:^1.0.0" -- jsprim: "npm:^2.0.2" -- sshpk: "npm:^1.14.1" -- checksum: 5f08e0c82174999da97114facb0d0d47e268d60b6fc10f92cb87b99d5ccccd36f79b9508c29dda0b4f4e3a1b2f7bcaf847e68ecd5da2f1fc465fcd1d054b7884 -+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": -+ version: 1.1.3 -+ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" -+ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1 - languageName: node - linkType: hard - -@@ -20609,13 +20520,6 @@ __metadata: - languageName: node - linkType: hard - --"jsbn@npm:~0.1.0": -- version: 0.1.1 -- resolution: "jsbn@npm:0.1.1" -- checksum: 5450133242845100e694f0ef9175f44c012691a9b770b2571e677314e6f70600abb10777cdfc9a0c6a9f2ac6d134577403633de73e2fcd0f97875a67744e2d14 -- languageName: node -- linkType: hard -- - "jscodeshift@npm:^0.14.0": - version: 0.14.0 - resolution: "jscodeshift@npm:0.14.0" -@@ -20767,13 +20671,6 @@ __metadata: - languageName: node - linkType: hard - --"json-schema@npm:0.4.0": -- version: 0.4.0 -- resolution: "json-schema@npm:0.4.0" -- checksum: 8b3b64eff4a807dc2a3045b104ed1b9335cd8d57aa74c58718f07f0f48b8baa3293b00af4dcfbdc9144c3aafea1e97982cc27cc8e150fc5d93c540649507a458 -- languageName: node -- linkType: hard -- - "json-source-map@npm:0.6.1": - version: 0.6.1 - resolution: "json-source-map@npm:0.6.1" -@@ -20886,30 +20783,6 @@ __metadata: - languageName: node - linkType: hard - --"jsprim@npm:^1.2.2": -- version: 1.4.2 -- resolution: "jsprim@npm:1.4.2" -- dependencies: -- assert-plus: "npm:1.0.0" -- extsprintf: "npm:1.3.0" -- json-schema: "npm:0.4.0" -- verror: "npm:1.10.0" -- checksum: df2bf234eab1b5078d01bcbff3553d50a243f7b5c10a169745efeda6344d62798bd1d85bcca6a8446f3b5d0495e989db45f9de8dae219f0f9796e70e0c776089 -- languageName: node -- linkType: hard -- --"jsprim@npm:^2.0.2": -- version: 2.0.2 -- resolution: "jsprim@npm:2.0.2" -- dependencies: -- assert-plus: "npm:1.0.0" -- extsprintf: "npm:1.3.0" -- json-schema: "npm:0.4.0" -- verror: "npm:1.10.0" -- checksum: fcfca5b55f83e1b8be5f932c71754bd37afd2611f81685abd05689e8ce718a91155ff7bd5b94c65ce483a787b5c43c6d0c18c1d2259fca5bb61a3f8ea2e29c0a -- languageName: node -- linkType: hard -- - "jsurl@npm:^0.1.5": - version: 0.1.5 - resolution: "jsurl@npm:0.1.5" -@@ -22734,7 +22607,7 @@ __metadata: - languageName: node - linkType: hard - --"node-forge@npm:^1, node-forge@npm:^1.3.1": -+"node-forge@npm:^1.3.1": - version: 1.3.1 - resolution: "node-forge@npm:1.3.1" - checksum: 05bab6868633bf9ad4c3b1dd50ec501c22ffd69f556cdf169a00998ca1d03e8107a6032ba013852f202035372021b845603aeccd7dfcb58cdb7430013b3daa8d -@@ -27151,7 +27024,7 @@ __metadata: - languageName: node - linkType: hard - --"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0": -+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": - version: 2.1.2 - resolution: "safer-buffer@npm:2.1.2" - checksum: 7eaf7a0cf37cc27b42fb3ef6a9b1df6e93a1c6d98c6c6702b02fe262d5fcbd89db63320793b99b21cb5348097d0a53de81bd5f4e8b86e20cc9412e3f1cfb4e83 -@@ -27282,12 +27155,10 @@ __metadata: - languageName: node - linkType: hard - --"selfsigned@npm:^2.1.1": -- version: 2.1.1 -- resolution: "selfsigned@npm:2.1.1" -- dependencies: -- node-forge: "npm:^1" -- checksum: 6005206e0d005448274aceceaded5195b944f67a42b72d212a6169d2e5f4bdc87c15a3fe45732c544db8c7175702091aaf95403ad6632585294a6ec8cca63638 -+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": -+ version: 1.1.3 -+ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" -+ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d - languageName: node - linkType: hard - -@@ -28053,27 +27924,6 @@ __metadata: - languageName: node - linkType: hard - --"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0": -- version: 1.17.0 -- resolution: "sshpk@npm:1.17.0" -- dependencies: -- asn1: "npm:~0.2.3" -- assert-plus: "npm:^1.0.0" -- bcrypt-pbkdf: "npm:^1.0.0" -- dashdash: "npm:^1.12.0" -- ecc-jsbn: "npm:~0.1.1" -- getpass: "npm:^0.1.1" -- jsbn: "npm:~0.1.0" -- safer-buffer: "npm:^2.0.2" -- tweetnacl: "npm:~0.14.0" -- bin: -- sshpk-conv: bin/sshpk-conv -- sshpk-sign: bin/sshpk-sign -- sshpk-verify: bin/sshpk-verify -- checksum: 668c2a279a6ce66fd739ce5684e37927dd75427cc020c828a208f85890a4c400705d4ba09f32fa44efca894339dc6931941664f6f6ba36dfa543de6d006cbe9c -- languageName: node -- linkType: hard -- - "ssri@npm:^10.0.0, ssri@npm:^10.0.1": - version: 10.0.5 - resolution: "ssri@npm:10.0.5" -@@ -29479,13 +29329,6 @@ __metadata: - languageName: node - linkType: hard - --"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0": -- version: 0.14.5 -- resolution: "tweetnacl@npm:0.14.5" -- checksum: 04ee27901cde46c1c0a64b9584e04c96c5fe45b38c0d74930710751ea991408b405747d01dfae72f80fc158137018aea94f9c38c651cb9c318f0861a310c3679 -- languageName: node -- linkType: hard -- - "type-check@npm:^0.4.0, type-check@npm:~0.4.0": - version: 0.4.0 - resolution: "type-check@npm:0.4.0" -@@ -30199,17 +30042,6 @@ __metadata: - languageName: node - linkType: soft - --"verror@npm:1.10.0": -- version: 1.10.0 -- resolution: "verror@npm:1.10.0" -- dependencies: -- assert-plus: "npm:^1.0.0" -- core-util-is: "npm:1.0.2" -- extsprintf: "npm:^1.2.0" -- checksum: da548149dd9c130a8a2587c9ee71ea30128d1526925707e2d01ed9c5c45c9e9f86733c66a328247cdd5f7c1516fb25b0f959ba754bfbe15072aa99ff96468a29 -- languageName: node -- linkType: hard -- - "vinyl-fs@npm:^3.0.2": - version: 3.0.3 - resolution: "vinyl-fs@npm:3.0.3" diff --git a/0006-skip-marketplace-plugin-install-test.patch b/0005-skip-marketplace-plugin-install-test.patch similarity index 84% rename from 0006-skip-marketplace-plugin-install-test.patch rename to 0005-skip-marketplace-plugin-install-test.patch index 3180726..62a0456 100644 --- a/0006-skip-marketplace-plugin-install-test.patch +++ b/0005-skip-marketplace-plugin-install-test.patch @@ -1,4 +1,4 @@ -From ed8a438d72a667844ae07804491b568ad2f5dcdd Mon Sep 17 00:00:00 2001 +From a5fa7c218a70654f3bbbe76f9ca2951ff17f91e6 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Thu, 23 Jun 2022 17:00:46 +0200 Subject: [PATCH] skip marketplace plugin install test @@ -8,10 +8,10 @@ Network connectivity is disabled in the build environment for security reasons, therefore we need to disable this test. diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go -index 4fc2295ed8..a326c40b04 100644 +index 86158deafbc..7aba79bd499 100644 --- a/pkg/tests/api/plugins/api_plugins_test.go +++ b/pkg/tests/api/plugins/api_plugins_test.go -@@ -71,6 +71,7 @@ func TestIntegrationPlugins(t *testing.T) { +@@ -82,6 +82,7 @@ func TestIntegrationPlugins(t *testing.T) { }) t.Run("Request is not forbidden if from an admin", func(t *testing.T) { diff --git a/0006-redact-weak-ciphers.patch b/0006-redact-weak-ciphers.patch new file mode 100644 index 0000000..c58c7ac --- /dev/null +++ b/0006-redact-weak-ciphers.patch @@ -0,0 +1,21 @@ +From 35b75b4709df69fb566de51780e26abe3e348446 Mon Sep 17 00:00:00 2001 +From: Stan Cox +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] redact weak ciphers + + +diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go +index afd12214685..2db40b42e88 100644 +--- a/pkg/api/http_server.go ++++ b/pkg/api/http_server.go +@@ -839,8 +839,8 @@ func (hs *HTTPServer) getDefaultCiphers(tlsVersion uint16, protocol string) []ui + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, +- tls.TLS_RSA_WITH_AES_128_GCM_SHA256, +- tls.TLS_RSA_WITH_AES_256_GCM_SHA384, ++ // tls.TLS_RSA_WITH_AES_128_GCM_SHA256, ++ // tls.TLS_RSA_WITH_AES_256_GCM_SHA384, + } + } + if protocol == "h2" { diff --git a/0007-redact-weak-ciphers.patch b/0007-redact-weak-ciphers.patch deleted file mode 100644 index 1b7148a..0000000 --- a/0007-redact-weak-ciphers.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7ac26d6beb2175f0d6001ca0df322ce610401cce Mon Sep 17 00:00:00 2001 -From: Stan Cox -Date: Wed, 22 Jun 2022 17:05:48 +0200 -Subject: [PATCH] redact weak ciphers - - -diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go -index da04044683..8a29270d4d 100644 ---- a/pkg/api/http_server.go -+++ b/pkg/api/http_server.go -@@ -820,13 +820,13 @@ func (hs *HTTPServer) getDefaultCiphers(tlsVersion uint16, protocol string) []ui - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -+ // tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, -- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -- tls.TLS_RSA_WITH_AES_128_GCM_SHA256, -- tls.TLS_RSA_WITH_AES_256_GCM_SHA384, -- tls.TLS_RSA_WITH_AES_128_CBC_SHA, -- tls.TLS_RSA_WITH_AES_256_CBC_SHA, -+ // tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -+ // tls.TLS_RSA_WITH_AES_128_GCM_SHA256, -+ // tls.TLS_RSA_WITH_AES_256_GCM_SHA384, -+ // tls.TLS_RSA_WITH_AES_128_CBC_SHA, -+ // tls.TLS_RSA_WITH_AES_256_CBC_SHA, - } - } - if protocol == "h2" { diff --git a/0009-update-wrappers-and-systemd-with-distro-paths.patch b/0007-update-wrappers-and-systemd-with-distro-paths.patch similarity index 93% rename from 0009-update-wrappers-and-systemd-with-distro-paths.patch rename to 0007-update-wrappers-and-systemd-with-distro-paths.patch index 5331ddf..fd9bf4c 100644 --- a/0009-update-wrappers-and-systemd-with-distro-paths.patch +++ b/0007-update-wrappers-and-systemd-with-distro-paths.patch @@ -1,11 +1,11 @@ -From 5fe02f961e67af04907dc57beda42456128ab1c8 Mon Sep 17 00:00:00 2001 +From cf95173d39c2c6bcbe89ebd12c1474efaa2fc0d3 Mon Sep 17 00:00:00 2001 From: Sam Feifer Date: Fri, 1 Mar 2024 15:05:24 -0500 Subject: [PATCH] update wrappers and systemd with distro paths diff --git a/packaging/rpm/systemd/grafana-server.service b/packaging/rpm/systemd/grafana-server.service -index e3adc3f469..b2e4aced06 100644 +index e3adc3f4697..b2e4aced06f 100644 --- a/packaging/rpm/systemd/grafana-server.service +++ b/packaging/rpm/systemd/grafana-server.service @@ -14,7 +14,7 @@ Restart=on-failure @@ -18,7 +18,7 @@ index e3adc3f469..b2e4aced06 100644 --pidfile=${PID_FILE_DIR}/grafana-server.pid \ --packaging=rpm \ diff --git a/packaging/wrappers/grafana b/packaging/wrappers/grafana -index 86e0fc9faa..5c88bae4c3 100755 +index 86e0fc9faa2..5c88bae4c3b 100755 --- a/packaging/wrappers/grafana +++ b/packaging/wrappers/grafana @@ -5,7 +5,7 @@ @@ -61,7 +61,7 @@ index 86e0fc9faa..5c88bae4c3 100755 +fi \ No newline at end of file diff --git a/packaging/wrappers/grafana-server b/packaging/wrappers/grafana-server -index 466b0d7c69..6be356f562 100755 +index 466b0d7c690..6be356f562c 100755 --- a/packaging/wrappers/grafana-server +++ b/packaging/wrappers/grafana-server @@ -7,7 +7,8 @@ diff --git a/0008-fix-plugin-details-for-versions-not-in-GCOM-registry.patch b/0008-fix-plugin-details-for-versions-not-in-GCOM-registry.patch new file mode 100644 index 0000000..ad9b95a --- /dev/null +++ b/0008-fix-plugin-details-for-versions-not-in-GCOM-registry.patch @@ -0,0 +1,37 @@ +From fed1500265045d3464cac032f1a186b387031ffa Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Wed, 25 Mar 2026 19:19:07 -0400 +Subject: [PATCH] fix plugin details for versions not in GCOM registry + + +diff --git a/public/app/features/plugins/admin/api.ts b/public/app/features/plugins/admin/api.ts +index 8f2bc538ba8..724054630b8 100644 +--- a/public/app/features/plugins/admin/api.ts ++++ b/public/app/features/plugins/admin/api.ts +@@ -51,7 +51,7 @@ export async function getPluginDetails(id: string): Promise { + } + } + +-async function getPluginVersion(id: string, version: string): Promise { ++async function getPluginVersion(id: string, version: string): Promise { + try { + const v: PluginVersion = await getBackendSrv().get(`${GCOM_API_ROOT}/plugins/${id}/versions/${version}`); + +@@ -137,7 +137,7 @@ async function getPluginVersion(id: string, version: string): Promise { + // It can happen that GCOM is not available, in that case we show a limited set of information to the user. + error.isHandled = true; + } +- throw error; ++ return undefined; + } + } + diff --git a/0008-replace-faulty-slices-sort.patch b/0008-replace-faulty-slices-sort.patch deleted file mode 100644 index b9cea8c..0000000 --- a/0008-replace-faulty-slices-sort.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 3f45f26993ed94837001bb9760d7859e7a057649 Mon Sep 17 00:00:00 2001 -From: Sam Feifer -Date: Fri, 1 Mar 2024 15:00:55 -0500 -Subject: [PATCH] replace faulty slices sort - - -diff --git a/pkg/services/sqlstore/migrator/dialect.go b/pkg/services/sqlstore/migrator/dialect.go -index 183b619de8..da21edeafa 100644 ---- a/pkg/services/sqlstore/migrator/dialect.go -+++ b/pkg/services/sqlstore/migrator/dialect.go -@@ -368,7 +368,8 @@ func (b *BaseDialect) InsertQuery(tableName string, row map[string]any) (string, - for col := range row { - keys = append(keys, col) - } -- slices.Sort[string](keys) -+ slices.Sort(keys) -+ //slices.Sort[string](keys) - - // build query and values - for _, col := range keys { -@@ -398,7 +399,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma - for col := range row { - keys = append(keys, col) - } -- slices.Sort[string](keys) -+ slices.Sort(keys) -+ //slices.Sort[string](keys) - - // build update query and values - for _, col := range keys { -@@ -411,7 +413,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma - for col := range where { - keys = append(keys, col) - } -- slices.Sort[string](keys) -+ slices.Sort(keys) -+ //slices.Sort[string](keys) - - // build where clause and values - for _, col := range keys { diff --git a/0009-suppress-signature-warning-for-pcp-plugin.patch b/0009-suppress-signature-warning-for-pcp-plugin.patch new file mode 100644 index 0000000..7abf393 --- /dev/null +++ b/0009-suppress-signature-warning-for-pcp-plugin.patch @@ -0,0 +1,23 @@ +From e9949a271828e75a7a9095792bff049a5cd5d3a1 Mon Sep 17 00:00:00 2001 +From: Sam Feifer +Date: Wed, 25 Mar 2026 19:19:58 -0400 +Subject: [PATCH] suppress signature warning for pcp plugin + + +diff --git a/public/app/features/plugins/admin/components/PluginDetailsSignature.tsx b/public/app/features/plugins/admin/components/PluginDetailsSignature.tsx +index 711a29ccadb..c5f0eac72fd 100644 +--- a/public/app/features/plugins/admin/components/PluginDetailsSignature.tsx ++++ b/public/app/features/plugins/admin/components/PluginDetailsSignature.tsx +@@ -17,9 +17,11 @@ export function PluginDetailsSignature({ className, plugin }: Props): React.Reac + const isSignatureValid = plugin.signature === PluginSignatureStatus.valid; + const isCore = plugin.signature === PluginSignatureStatus.internal; + const isDisabled = plugin.isDisabled && isDisabledDueTooSignatureError(plugin.error); ++ // Suppress signature warning for distro-packaged plugins allowed via allow_loading_unsigned_plugins ++ const isDistroPlugin = plugin.id === 'performancecopilot-pcp-app'; + + // The basic information is already available in the header +- if (isSignatureValid || isCore || isDisabled) { ++ if (isSignatureValid || isCore || isDisabled || isDistroPlugin) { + return null; + } + diff --git a/0010-remove-bcrypt-references.patch b/0010-remove-bcrypt-references.patch deleted file mode 100644 index d617c85..0000000 --- a/0010-remove-bcrypt-references.patch +++ /dev/null @@ -1,108 +0,0 @@ -From eb711315d4c8a81ff52984293758a47372c21b8d Mon Sep 17 00:00:00 2001 -From: Sam Feifer -Date: Fri, 1 Mar 2024 15:07:22 -0500 -Subject: [PATCH] remove bcrypt references - - -diff --git a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go -index 8c5a90248d..43f6d11e08 100644 ---- a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go -+++ b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go -@@ -19,7 +19,6 @@ import ( - "github.com/ory/fosite/compose" - "github.com/ory/fosite/storage" - "github.com/ory/fosite/token/jwt" -- "golang.org/x/crypto/bcrypt" - - "github.com/grafana/grafana/pkg/api/routing" - "github.com/grafana/grafana/pkg/bus" -@@ -235,88 +234,7 @@ func (s *OAuth2ServiceImpl) RemoveExternalService(ctx context.Context, name stri - // it ensures that the associated service account has the correct permissions. - // Database consistency is not guaranteed, consider changing this in the future. - func (s *OAuth2ServiceImpl) SaveExternalService(ctx context.Context, registration *extsvcauth.ExternalServiceRegistration) (*extsvcauth.ExternalService, error) { -- if registration == nil { -- s.logger.Warn("RegisterExternalService called without registration") -- return nil, nil -- } -- slug := registration.Name -- s.logger.Info("Registering external service", "external service", slug) -- -- // Check if the client already exists in store -- client, errFetchExtSvc := s.sqlstore.GetExternalServiceByName(ctx, slug) -- if errFetchExtSvc != nil && !errors.Is(errFetchExtSvc, oauthserver.ErrClientNotFound) { -- s.logger.Error("Error fetching service", "external service", slug, "error", errFetchExtSvc) -- return nil, errFetchExtSvc -- } -- // Otherwise, create a new client -- if client == nil { -- s.logger.Debug("External service does not yet exist", "external service", slug) -- client = &oauthserver.OAuthExternalService{ -- Name: slug, -- ServiceAccountID: oauthserver.NoServiceAccountID, -- Audiences: s.cfg.AppURL, -- } -- } -- -- // Parse registration form to compute required permissions for the client -- client.SelfPermissions, client.ImpersonatePermissions = s.handleRegistrationPermissions(registration) -- -- if registration.OAuthProviderCfg == nil { -- return nil, errors.New("missing oauth provider configuration") -- } -- -- if registration.OAuthProviderCfg.RedirectURI != nil { -- client.RedirectURI = *registration.OAuthProviderCfg.RedirectURI -- } -- -- var errGenCred error -- client.ClientID, client.Secret, errGenCred = s.genCredentials() -- if errGenCred != nil { -- s.logger.Error("Error generating credentials", "client", client.LogID(), "error", errGenCred) -- return nil, errGenCred -- } -- -- grantTypes := s.computeGrantTypes(registration.Self.Enabled, registration.Impersonation.Enabled) -- client.GrantTypes = strings.Join(grantTypes, ",") -- -- // Handle key options -- s.logger.Debug("Handle key options") -- keys, err := s.handleKeyOptions(ctx, registration.OAuthProviderCfg.Key) -- if err != nil { -- s.logger.Error("Error handling key options", "client", client.LogID(), "error", err) -- return nil, err -- } -- if keys != nil { -- client.PublicPem = []byte(keys.PublicPem) -- } -- dto := client.ToExternalService(keys) -- -- hashedSecret, err := bcrypt.GenerateFromPassword([]byte(client.Secret), bcrypt.DefaultCost) -- if err != nil { -- s.logger.Error("Error hashing secret", "client", client.LogID(), "error", err) -- return nil, err -- } -- client.Secret = string(hashedSecret) -- -- s.logger.Debug("Save service account") -- saID, errSaveServiceAccount := s.saService.ManageExtSvcAccount(ctx, &serviceaccounts.ManageExtSvcAccountCmd{ -- ExtSvcSlug: slugify.Slugify(client.Name), -- Enabled: registration.Self.Enabled, -- OrgID: oauthserver.TmpOrgID, -- Permissions: client.SelfPermissions, -- }) -- if errSaveServiceAccount != nil { -- return nil, errSaveServiceAccount -- } -- client.ServiceAccountID = saID -- -- err = s.sqlstore.SaveExternalService(ctx, client) -- if err != nil { -- s.logger.Error("Error saving external service", "client", client.LogID(), "error", err) -- return nil, err -- } -- s.logger.Debug("Registered", "client", client.LogID()) -- return dto, nil -+ panic("bcrypt cipher not available") - } - - // randString generates a a cryptographically secure random string of n bytes diff --git a/0011-fix-dompurify-CVE.patch b/0011-fix-dompurify-CVE.patch deleted file mode 100644 index 9be0fdf..0000000 --- a/0011-fix-dompurify-CVE.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/package.json b/package.json -index 38deb6d7dee..010a24fb451 100644 ---- a/package.json -+++ b/package.json -@@ -432,7 +432,8 @@ - "react-split-pane@0.1.92": "patch:react-split-pane@npm:0.1.92#.yarn/patches/react-split-pane-npm-0.1.92-93dbf51dff.patch", - "@storybook/blocks@7.4.5": "patch:@storybook/blocks@npm%3A7.4.5#./.yarn/patches/@storybook-blocks-npm-7.4.5-5a2374564a.patch", - "history@4.10.1": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch", -- "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch" -+ "history@^4.9.0": "patch:history@npm%3A4.10.1#./.yarn/patches/history-npm-4.10.1-ee217563ae.patch", -+ "dompurify": "^2.5.0" - }, - "workspaces": { - "packages": [ -diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json -index 2182744e61b..4201ef58dda 100644 ---- a/packages/grafana-data/package.json -+++ b/packages/grafana-data/package.json -@@ -41,7 +41,7 @@ - "@types/string-hash": "1.1.1", - "d3-interpolate": "3.0.1", - "date-fns": "2.30.0", -- "dompurify": "^2.4.3", -+ "dompurify": "^2.5.0", - "eventemitter3": "5.0.1", - "fast_array_intersect": "1.1.0", - "history": "4.10.1", -diff --git a/yarn.lock b/yarn.lock -index bf22ba52a17..88fc4d3fbfb 100644 ---- a/yarn.lock -+++ b/yarn.lock -@@ -2953,7 +2953,7 @@ __metadata: - "@types/tinycolor2": "npm:1.4.3" - d3-interpolate: "npm:3.0.1" - date-fns: "npm:2.30.0" -- dompurify: "npm:^2.4.3" -+ dompurify: "npm:^2.5.0" - esbuild: "npm:0.18.12" - eventemitter3: "npm:5.0.1" - fast_array_intersect: "npm:1.1.0" -@@ -14478,10 +14478,10 @@ __metadata: - languageName: node - linkType: hard - --"dompurify@npm:^2.2.0, dompurify@npm:^2.4.3": -- version: 2.4.5 -- resolution: "dompurify@npm:2.4.5" -- checksum: d764c2ff126b3749dad35bc34eed40f51141d7dfd620e938c92f08d68c32beeb259d06abadeee91f6e2a8c8737ce670e2124ac9a257ba3bcdc666598cebcde01 -+"dompurify@npm:^2.5.0": -+ version: 2.5.7 -+ resolution: "dompurify@npm:2.5.7" -+ checksum: b150ca1e28083252cd51097162dc96cb45203f7e2af1fbaa8ef32b4f4d6b605e4aa8915190d38bd0635cbbf14d13a200138cd3ec1b084096819b14c718355122 - languageName: node - linkType: hard - diff --git a/0012-fix-jwt-CVE.patch b/0012-fix-jwt-CVE.patch deleted file mode 100644 index 04fc58e..0000000 --- a/0012-fix-jwt-CVE.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/go.mod b/go.mod -index fcbc09da5e6..1771902bc1c 100644 ---- a/go.mod -+++ b/go.mod -@@ -164,7 +164,7 @@ require ( - github.com/go-openapi/spec v0.20.9 // indirect - github.com/go-openapi/swag v0.22.4 // indirect - github.com/go-openapi/validate v0.22.1 // indirect -- github.com/golang-jwt/jwt/v4 v4.5.0 // @grafana/backend-platform -+ github.com/golang-jwt/jwt/v4 v4.5.2 // @grafana/backend-platform - github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect - github.com/golang/glog v1.1.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect -diff --git a/go.sum b/go.sum -index d05dfb55fd4..3a045f712eb 100644 ---- a/go.sum -+++ b/go.sum -@@ -1593,8 +1593,9 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw - github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= - github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= - github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= --github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= - github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= -+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= - github.com/golang-migrate/migrate/v4 v4.7.0 h1:gONcHxHApDTKXDyLH/H97gEHmpu1zcnnbAaq2zgrPrs= - github.com/golang-migrate/migrate/v4 v4.7.0/go.mod h1:Qvut3N4xKWjoH3sokBccML6WyHSnggXm/DvMMnTsQIc= - github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= diff --git a/0013-fix-CVE-2025-4123.patch b/0013-fix-CVE-2025-4123.patch deleted file mode 100644 index 5204e37..0000000 --- a/0013-fix-CVE-2025-4123.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2d4314b5ca1e527a3420fad11d3f1a25351700d4 Mon Sep 17 00:00:00 2001 -From: Sam Feifer -Date: Wed, 7 May 2025 16:27:08 -0400 -Subject: [PATCH] fix CVE-2025-4123 - - -diff --git a/conf/defaults.ini b/conf/defaults.ini -index e1e5468bfa3..4221144bf54 100644 ---- a/conf/defaults.ini -+++ b/conf/defaults.ini -@@ -363,7 +363,7 @@ x_xss_protection = true - - # Enable adding the Content-Security-Policy header to your requests. - # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. --content_security_policy = false -+content_security_policy = true - - # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. - # $NONCE in the template includes a random nonce. -diff --git a/conf/sample.ini b/conf/sample.ini -index 51d2b6c512b..fd588b48225 100644 ---- a/conf/sample.ini -+++ b/conf/sample.ini -@@ -364,7 +364,7 @@ - - # Enable adding the Content-Security-Policy header to your requests. - # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. --;content_security_policy = false -+;content_security_policy = true - - # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. - # $NONCE in the template includes a random nonce. diff --git a/0014-Fix-CVE-2026-21721.patch b/0014-Fix-CVE-2026-21721.patch deleted file mode 100644 index 6e47e8b..0000000 --- a/0014-Fix-CVE-2026-21721.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3efa5e004426fed8f25ec513f2dce4658e3b6564 Mon Sep 17 00:00:00 2001 -From: Sam Feifer -Date: Mon, 16 Feb 2026 15:35:19 -0500 -Subject: [PATCH] Fix CVE-2026-21721 - ---- - pkg/api/api.go | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/pkg/api/api.go b/pkg/api/api.go -index 3db3cbafe73..b8c1dd5736e 100644 ---- a/pkg/api/api.go -+++ b/pkg/api/api.go -@@ -461,12 +461,13 @@ func (hs *HTTPServer) registerRoutes() { - dashboardRoute.Get("/uid/:uid", authorize(ac.EvalPermission(dashboards.ActionDashboardsRead)), routing.Wrap(hs.GetDashboard)) - dashboardRoute.Delete("/uid/:uid", authorize(ac.EvalPermission(dashboards.ActionDashboardsDelete)), routing.Wrap(hs.DeleteDashboardByUID)) - dashboardRoute.Group("/uid/:uid", func(dashUidRoute routing.RouteRegister) { -+ dashUIDScope := dashboards.ScopeDashboardsProvider.GetResourceScopeUID(ac.Parameter(":uid")) - dashUidRoute.Get("/versions", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersions)) - dashUidRoute.Post("/restore", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.RestoreDashboardVersion)) - dashUidRoute.Get("/versions/:id", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersion)) - dashUidRoute.Group("/permissions", func(dashboardPermissionRoute routing.RouteRegister) { -- dashboardPermissionRoute.Get("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsRead)), routing.Wrap(hs.GetDashboardPermissionList)) -- dashboardPermissionRoute.Post("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite)), routing.Wrap(hs.UpdateDashboardPermissions)) -+ dashboardPermissionRoute.Get("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsRead, dashUIDScope)), routing.Wrap(hs.GetDashboardPermissionList)) -+ dashboardPermissionRoute.Post("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite, dashUIDScope)), routing.Wrap(hs.UpdateDashboardPermissions)) - }) - }) - -@@ -481,13 +482,14 @@ func (hs *HTTPServer) registerRoutes() { - - // Deprecated: use /uid/:uid API instead. - dashboardRoute.Group("/id/:dashboardId", func(dashIdRoute routing.RouteRegister) { -+ dashIDScope := dashboards.ScopeDashboardsProvider.GetResourceScope(ac.Parameter(":dashboardId")) - dashIdRoute.Get("/versions", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersions)) - dashIdRoute.Get("/versions/:id", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.GetDashboardVersion)) - dashIdRoute.Post("/restore", authorize(ac.EvalPermission(dashboards.ActionDashboardsWrite)), routing.Wrap(hs.RestoreDashboardVersion)) - - dashIdRoute.Group("/permissions", func(dashboardPermissionRoute routing.RouteRegister) { -- dashboardPermissionRoute.Get("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsRead)), routing.Wrap(hs.GetDashboardPermissionList)) -- dashboardPermissionRoute.Post("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite)), routing.Wrap(hs.UpdateDashboardPermissions)) -+ dashboardPermissionRoute.Get("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsRead, dashIDScope)), routing.Wrap(hs.GetDashboardPermissionList)) -+ dashboardPermissionRoute.Post("/", authorize(ac.EvalPermission(dashboards.ActionDashboardsPermissionsWrite, dashIDScope)), routing.Wrap(hs.UpdateDashboardPermissions)) - }) - }) - }) --- -2.52.0 - diff --git a/0015-Fix-CVE-2026-27877.patch b/0015-Fix-CVE-2026-27877.patch deleted file mode 100644 index 51c49a0..0000000 --- a/0015-Fix-CVE-2026-27877.patch +++ /dev/null @@ -1,123 +0,0 @@ -diff --git a/pkg/api/frontendsettings.go b/pkg/api/frontendsettings.go -index 215714b6f83..36949e126b9 100644 ---- a/pkg/api/frontendsettings.go -+++ b/pkg/api/frontendsettings.go -@@ -1,6 +1,7 @@ - package api - - import ( -+ "bytes" - "context" - "fmt" - "net/http" -@@ -18,6 +19,7 @@ import ( - "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings" - "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore" - "github.com/grafana/grafana/pkg/services/secrets/kvstore" -+ dashboardkind "github.com/grafana/grafana/pkg/services/store/kind/dashboard" - "github.com/grafana/grafana/pkg/setting" - "github.com/grafana/grafana/pkg/tsdb/grafanads" - "github.com/grafana/grafana/pkg/util" -@@ -297,7 +299,12 @@ func (hs *HTTPServer) getFSDataSources(c *contextmodel.ReqContext, availablePlug - - if c.IsPublicDashboardView() { - // If RBAC is enabled, it will filter out all datasources for a public user, so we need to skip it -- orgDataSources = dataSources -+ // But we can filter to only include datasources actually used by the dashboard -+ filtered, err := hs.publicDashFilterUsedDataSources(c, dataSources) -+ if err != nil { -+ return nil, err -+ } -+ orgDataSources = filtered - } else { - filtered, err := hs.dsGuardian.New(c.SignedInUser.OrgID, c.SignedInUser).FilterDatasourcesByQueryPermissions(dataSources) - if err != nil { -@@ -633,3 +640,36 @@ func (hs *HTTPServer) getEnabledOAuthProviders() map[string]any { - } - return providers - } -+ -+func (hs *HTTPServer) publicDashFilterUsedDataSources(c *contextmodel.ReqContext, allDataSources []*datasources.DataSource) ([]*datasources.DataSource, error) { -+ _, dash, err := hs.PublicDashboardsApi.PublicDashboardService.FindPublicDashboardAndDashboardByAccessToken(c.Req.Context(), c.PublicDashboardAccessToken) -+ if err != nil { -+ return nil, err -+ } -+ -+ payload, err := dash.Data.Encode() -+ if err != nil { -+ return nil, fmt.Errorf("failed to encode dashboard data: %w", err) -+ } -+ -+ lookup := dashboardkind.CreateDatasourceLookup([]*dashboardkind.DatasourceQueryResult{}) -+ -+ usedDSRefs, err := dashboardkind.ReadDashboard(bytes.NewReader(payload), lookup) -+ if err != nil { -+ return nil, fmt.Errorf("failed to parse dashboard: %w", err) -+ } -+ -+ usedUIDs := make(map[string]struct{}, len(usedDSRefs)) -+ for _, ds := range usedDSRefs { -+ usedUIDs[ds.UID] = struct{}{} -+ } -+ -+ filtered := make([]*datasources.DataSource, 0) -+ for _, ds := range allDataSources { -+ if _, ok := usedUIDs[ds.UID]; ok { -+ filtered = append(filtered, ds) -+ } -+ } -+ -+ return filtered, nil -+} -diff --git a/pkg/services/store/kind/dashboard/dashboard.go b/pkg/services/store/kind/dashboard/dashboard.go -index b325acd8c57..054dcafe8ca 100644 ---- a/pkg/services/store/kind/dashboard/dashboard.go -+++ b/pkg/services/store/kind/dashboard/dashboard.go -@@ -112,8 +112,17 @@ func newDatasourceVariableLookup(dsLookup DatasourceLookup) *datasourceVariableL - } - } - -+// ReadDashboard parses dashboard JSON and returns the data sources used in the dashboard. -+func ReadDashboard(stream io.Reader, lookup DatasourceLookup) ([]DataSourceRef, error) { -+ info, err := readDashboard(stream, lookup) -+ if err != nil { -+ return nil, err -+ } -+ return info.Datasource, nil -+} -+ - // nolint:gocyclo --// ReadDashboard will take a byte stream and return dashboard info -+// readDashboard will take a byte stream and return dashboard info - func readDashboard(stream io.Reader, lookup DatasourceLookup) (*dashboardInfo, error) { - dash := &dashboardInfo{} - -diff --git a/pkg/services/store/kind/dashboard/ds_lookup.go b/pkg/services/store/kind/dashboard/ds_lookup.go -index 5d132d569be..7330e598409 100644 ---- a/pkg/services/store/kind/dashboard/ds_lookup.go -+++ b/pkg/services/store/kind/dashboard/ds_lookup.go -@@ -100,6 +100,9 @@ func (d *DsLookup) ByRef(ref *DataSourceRef) *DataSourceRef { - if ref == nil { - return d.defaultDS - } -+ if ref.UID == "default" && ref.Type == "" { -+ return d.defaultDS -+ } - - key := "" - if ref.UID != "" { -@@ -117,7 +120,13 @@ func (d *DsLookup) ByRef(ref *DataSourceRef) *DataSourceRef { - return ds - } - -- return d.byName[key] -+ ds, ok = d.byName[key] -+ if ok { -+ return ds -+ } -+ -+ // With nothing was found (or configured), use the original reference -+ return ref - } - - func (d *DsLookup) ByType(dsType string) []DataSourceRef { diff --git a/1001-vendor-patch-removed-backend-crypto.patch b/1001-vendor-patch-removed-backend-crypto.patch index 82707ca..7e1a578 100644 --- a/1001-vendor-patch-removed-backend-crypto.patch +++ b/1001-vendor-patch-removed-backend-crypto.patch @@ -1,1042 +1,23 @@ patch removed backend crypto -the `Makefile` removed a few files containing (unused) crypto +the `create_bundles.sh` script removed a few files containing (unused) crypto algorithms from the vendor tarball, which are not used in Grafana. This patch removes all references to the deleted files. -diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go -new file mode 100644 -index 0000000000..871e612a61 ---- /dev/null -+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go -@@ -0,0 +1,25 @@ -+package elgamal -+ -+import ( -+ "io" -+ "math/big" -+) -+ -+// PublicKey represents an ElGamal public key. -+type PublicKey struct { -+ G, P, Y *big.Int -+} -+ -+// PrivateKey represents an ElGamal private key. -+type PrivateKey struct { -+ PublicKey -+ X *big.Int -+} -+ -+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { -+ panic("ElGamal encryption not available") -+} -+ -+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { -+ panic("ElGamal encryption not available") -+} -diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go -index c607a16..11dbc3c 100644 ---- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go -+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go -@@ -16,14 +16,11 @@ - package web - - import ( -- "encoding/hex" - "fmt" - "net/http" -- "strings" - "sync" - - "github.com/go-kit/log" -- "golang.org/x/crypto/bcrypt" - ) - - // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP -@@ -37,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{ - "Content-Security-Policy": nil, - } - --func validateUsers(configPath string) error { -- c, err := getConfig(configPath) -- if err != nil { -- return err -- } -- -- for _, p := range c.Users { -- _, err = bcrypt.Cost([]byte(p)) -- if err != nil { -- return err -- } -- } -- -- return nil --} -- - // validateHeaderConfig checks that the provided header configuration is correct. - // It does not check the validity of all the values, only the ones which are - // well-defined enumerations. -@@ -84,60 +65,3 @@ type webHandler struct { - // only once in parallel as this is CPU intensive. - bcryptMtx sync.Mutex - } -- --func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { -- c, err := getConfig(u.tlsConfigPath) -- if err != nil { -- u.logger.Log("msg", "Unable to parse configuration", "err", err) -- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) -- return -- } -- -- // Configure http headers. -- for k, v := range c.HTTPConfig.Header { -- w.Header().Set(k, v) -- } -- -- if len(c.Users) == 0 { -- u.handler.ServeHTTP(w, r) -- return -- } -- -- user, pass, auth := r.BasicAuth() -- if auth { -- hashedPassword, validUser := c.Users[user] -- -- if !validUser { -- // The user is not found. Use a fixed password hash to -- // prevent user enumeration by timing requests. -- // This is a bcrypt-hashed version of "fakepassword". -- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" -- } -- -- cacheKey := strings.Join( -- []string{ -- hex.EncodeToString([]byte(user)), -- hex.EncodeToString([]byte(hashedPassword)), -- hex.EncodeToString([]byte(pass)), -- }, ":") -- authOk, ok := u.cache.get(cacheKey) -- -- if !ok { -- // This user, hashedPassword, password is not cached. -- u.bcryptMtx.Lock() -- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) -- u.bcryptMtx.Unlock() -- -- authOk = validUser && err == nil -- u.cache.set(cacheKey, authOk) -- } -- -- if authOk && validUser { -- u.handler.ServeHTTP(w, r) -- return -- } -- } -- -- w.Header().Set("WWW-Authenticate", "Basic") -- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) --} -diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go -index 61383bc..7f71298 100644 ---- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go -+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go -@@ -18,16 +18,10 @@ import ( - "crypto/x509" - "errors" - "fmt" -- "net" -- "net/http" - "os" - "path/filepath" - -- "github.com/coreos/go-systemd/v22/activation" -- "github.com/go-kit/log" -- "github.com/go-kit/log/level" - config_util "github.com/prometheus/common/config" -- "golang.org/x/sync/errgroup" - "gopkg.in/yaml.v2" - ) - -@@ -263,132 +257,16 @@ func ConfigToTLSConfig(c *TLSConfig) (*tls.Config, error) { - - // ServeMultiple starts the server on the given listeners. The FlagConfig is - // also passed on to Serve. --func ServeMultiple(listeners []net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error { -- errs := new(errgroup.Group) -- for _, l := range listeners { -- l := l -- errs.Go(func() error { -- return Serve(l, server, flags, logger) -- }) -- } -- return errs.Wait() --} - - // ListenAndServe starts the server on addresses given in WebListenAddresses in - // the FlagConfig or instead uses systemd socket activated listeners if - // WebSystemdSocket in the FlagConfig is true. The FlagConfig is also passed on - // to ServeMultiple. --func ListenAndServe(server *http.Server, flags *FlagConfig, logger log.Logger) error { -- if flags.WebSystemdSocket == nil && (flags.WebListenAddresses == nil || len(*flags.WebListenAddresses) == 0) { -- return ErrNoListeners -- } -- -- if flags.WebSystemdSocket != nil && *flags.WebSystemdSocket { -- level.Info(logger).Log("msg", "Listening on systemd activated listeners instead of port listeners.") -- listeners, err := activation.Listeners() -- if err != nil { -- return err -- } -- if len(listeners) < 1 { -- return errors.New("no socket activation file descriptors found") -- } -- return ServeMultiple(listeners, server, flags, logger) -- } -- -- listeners := make([]net.Listener, 0, len(*flags.WebListenAddresses)) -- for _, address := range *flags.WebListenAddresses { -- listener, err := net.Listen("tcp", address) -- if err != nil { -- return err -- } -- defer listener.Close() -- listeners = append(listeners, listener) -- } -- return ServeMultiple(listeners, server, flags, logger) --} - - // Server starts the server on the given listener. Based on the file path - // WebConfigFile in the FlagConfig, TLS or basic auth could be enabled. --func Serve(l net.Listener, server *http.Server, flags *FlagConfig, logger log.Logger) error { -- level.Info(logger).Log("msg", "Listening on", "address", l.Addr().String()) -- tlsConfigPath := *flags.WebConfigFile -- if tlsConfigPath == "" { -- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String()) -- return server.Serve(l) -- } -- -- if err := validateUsers(tlsConfigPath); err != nil { -- return err -- } -- -- // Setup basic authentication. -- var handler http.Handler = http.DefaultServeMux -- if server.Handler != nil { -- handler = server.Handler -- } -- -- c, err := getConfig(tlsConfigPath) -- if err != nil { -- return err -- } -- -- server.Handler = &webHandler{ -- tlsConfigPath: tlsConfigPath, -- logger: logger, -- handler: handler, -- cache: newCache(), -- } -- -- config, err := ConfigToTLSConfig(&c.TLSConfig) -- switch err { -- case nil: -- if !c.HTTPConfig.HTTP2 { -- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) -- } -- // Valid TLS config. -- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2, "address", l.Addr().String()) -- case errNoTLSConfig: -- // No TLS config, back to plain HTTP. -- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false, "address", l.Addr().String()) -- return server.Serve(l) -- default: -- // Invalid TLS config. -- return err -- } -- -- server.TLSConfig = config -- -- // Set the GetConfigForClient method of the HTTPS server so that the config -- // and certs are reloaded on new connections. -- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { -- config, err := getTLSConfig(tlsConfigPath) -- if err != nil { -- return nil, err -- } -- config.NextProtos = server.TLSConfig.NextProtos -- return config, nil -- } -- return server.ServeTLS(l, "", "") --} - - // Validate configuration file by reading the configuration and the certificates. --func Validate(tlsConfigPath string) error { -- if tlsConfigPath == "" { -- return nil -- } -- if err := validateUsers(tlsConfigPath); err != nil { -- return err -- } -- c, err := getConfig(tlsConfigPath) -- if err != nil { -- return err -- } -- _, err = ConfigToTLSConfig(&c.TLSConfig) -- if err == errNoTLSConfig { -- return nil -- } -- return err --} - - type Cipher uint16 - -@@ -472,11 +350,3 @@ func (tv *TLSVersion) MarshalYAML() (interface{}, error) { - } - return fmt.Sprintf("%v", tv), nil - } -- --// Listen starts the server on the given address. Based on the file --// tlsConfigPath, TLS or basic auth could be enabled. --// --// Deprecated: Use ListenAndServe instead. --func Listen(server *http.Server, flags *FlagConfig, logger log.Logger) error { -- return ListenAndServe(server, flags, logger) --} -diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go -index 5760cff..0c87736 100644 ---- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go -+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go -@@ -8,8 +8,6 @@ import ( - "crypto/aes" - "crypto/cipher" - "crypto/des" -- -- "golang.org/x/crypto/cast5" - ) - - // Cipher is an official symmetric key cipher algorithm. See RFC 4880, -@@ -38,7 +36,6 @@ const ( - // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 - var CipherById = map[uint8]Cipher{ - TripleDES.Id(): TripleDES, -- CAST5.Id(): CAST5, - AES128.Id(): AES128, - AES192.Id(): AES192, - AES256.Id(): AES256, -@@ -53,7 +50,6 @@ func (sk CipherFunction) Id() uint8 { - - var keySizeByID = map[uint8]int{ - TripleDES.Id(): 24, -- CAST5.Id(): cast5.KeySize, - AES128.Id(): 16, - AES192.Id(): 24, - AES256.Id(): 32, -@@ -65,7 +61,7 @@ func (cipher CipherFunction) KeySize() int { - case TripleDES: - return 24 - case CAST5: -- return cast5.KeySize -+ panic("cast5 cipher not available") - case AES128: - return 16 - case AES192: -@@ -82,7 +78,7 @@ func (cipher CipherFunction) BlockSize() int { - case TripleDES: - return des.BlockSize - case CAST5: -- return 8 -+ panic("cast5 cipher not available") - case AES128, AES192, AES256: - return 16 - } -@@ -96,7 +92,7 @@ func (cipher CipherFunction) New(key []byte) (block cipher.Block) { - case TripleDES: - block, err = des.NewTripleDESCipher(key) - case CAST5: -- block, err = cast5.NewCipher(key) -+ panic("cast5 cipher not available") - case AES128, AES192, AES256: - block, err = aes.NewCipher(key) - } -diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go -index a436959..420df86 100644 ---- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go -+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go -@@ -15,7 +15,6 @@ import ( - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" -- "golang.org/x/crypto/argon2" - ) - - type Mode uint8 -@@ -27,7 +26,6 @@ const ( - SimpleS2K Mode = 0 - SaltedS2K Mode = 1 - IteratedSaltedS2K Mode = 3 -- Argon2S2K Mode = 4 - GnuS2K Mode = 101 - ) - -@@ -87,10 +85,10 @@ func decodeCount(c uint8) int { - // encodeMemory converts the Argon2 "memory" in the range parallelism*8 to - // 2**31, inclusive, to an encoded memory. The return value is the - // octet that is actually stored in the GPG file. encodeMemory panics --// if is not in the above range -+// if is not in the above range - // See OpenPGP crypto refresh Section 3.7.1.4. - func encodeMemory(memory uint32, parallelism uint8) uint8 { -- if memory < (8 * uint32(parallelism)) || memory > uint32(2147483648) { -+ if memory < (8*uint32(parallelism)) || memory > uint32(2147483648) { - panic("Memory argument memory is outside the required range") - } - -@@ -174,33 +172,20 @@ func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) { - - // Argon2 writes to out the key derived from the password (in) with the Argon2 - // function (the crypto refresh, section 3.7.1.4) --func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) { -- key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out))) -- copy(out[:], key) --} - - // Generate generates valid parameters from given configuration. - // It will enforce the Iterated and Salted or Argon2 S2K method. - func Generate(rand io.Reader, c *Config) (*Params, error) { - var params *Params -- if c != nil && c.Mode() == Argon2S2K { -- // handle Argon2 case -- argonConfig := c.Argon2() -- params = &Params{ -- mode: Argon2S2K, -- passes: argonConfig.Passes(), -- parallelism: argonConfig.Parallelism(), -- memoryExp: argonConfig.EncodedMemory(), -- } -- } else if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy -+ if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy - hashId, ok := algorithm.HashToHashId(c.hash()) - if !ok { - return nil, errors.UnsupportedError("no such hash") - } - - params = &Params{ -- mode: SaltedS2K, -- hashId: hashId, -+ mode: SaltedS2K, -+ hashId: hashId, - } - } else { // Enforce IteratedSaltedS2K method otherwise - hashId, ok := algorithm.HashToHashId(c.hash()) -@@ -211,7 +196,7 @@ func Generate(rand io.Reader, c *Config) (*Params, error) { - c.S2KMode = IteratedSaltedS2K - } - params = &Params{ -- mode: IteratedSaltedS2K, -+ mode: IteratedSaltedS2K, - hashId: hashId, - countByte: c.EncodedCount(), - } -@@ -274,16 +259,6 @@ func ParseIntoParams(r io.Reader) (params *Params, err error) { - copy(params.salt(), buf[1:9]) - params.countByte = buf[9] - return params, nil -- case Argon2S2K: -- _, err = io.ReadFull(r, buf[:Argon2SaltSize+3]) -- if err != nil { -- return nil, err -- } -- copy(params.salt(), buf[:Argon2SaltSize]) -- params.passes = buf[Argon2SaltSize] -- params.parallelism = buf[Argon2SaltSize+1] -- params.memoryExp = buf[Argon2SaltSize+2] -- return params, nil - case GnuS2K: - // This is a GNU extension. See - // https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109 -@@ -306,9 +281,10 @@ func (params *Params) Dummy() bool { - - func (params *Params) salt() []byte { - switch params.mode { -- case SaltedS2K, IteratedSaltedS2K: return params.saltBytes[:8] -- case Argon2S2K: return params.saltBytes[:Argon2SaltSize] -- default: return nil -+ case SaltedS2K, IteratedSaltedS2K: -+ return params.saltBytes[:8] -+ default: -+ return nil - } - } - -@@ -317,15 +293,13 @@ func (params *Params) Function() (f func(out, in []byte), err error) { - return nil, errors.ErrDummyPrivateKey("dummy key found") - } - var hashObj crypto.Hash -- if params.mode != Argon2S2K { -- var ok bool -- hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId) -- if !ok { -- return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId))) -- } -- if !hashObj.Available() { -- return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj))) -- } -+ var ok bool -+ hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId) -+ if !ok { -+ return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId))) -+ } -+ if !hashObj.Available() { -+ return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj))) - } - - switch params.mode { -@@ -346,11 +320,6 @@ func (params *Params) Function() (f func(out, in []byte), err error) { - Iterated(out, hashObj.New(), in, params.salt(), decodeCount(params.countByte)) - } - -- return f, nil -- case Argon2S2K: -- f := func(out, in []byte) { -- Argon2(out, in, params.salt(), params.passes, params.parallelism, params.memoryExp) -- } - return f, nil - } - -@@ -361,10 +330,8 @@ func (params *Params) Serialize(w io.Writer) (err error) { - if _, err = w.Write([]byte{uint8(params.mode)}); err != nil { - return - } -- if params.mode != Argon2S2K { -- if _, err = w.Write([]byte{params.hashId}); err != nil { -- return -- } -+ if _, err = w.Write([]byte{params.hashId}); err != nil { -+ return - } - if params.Dummy() { - _, err = w.Write(append([]byte("GNU"), 1)) -@@ -377,9 +344,6 @@ func (params *Params) Serialize(w io.Writer) (err error) { - if params.mode == IteratedSaltedS2K { - _, err = w.Write([]byte{params.countByte}) - } -- if params.mode == Argon2S2K { -- _, err = w.Write([]byte{params.passes, params.parallelism, params.memoryExp}) -- } - } - return - } -diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go -index e96252c..42ddccf 100644 ---- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go -+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go -@@ -5,12 +5,9 @@ - package packet - - import ( -- "crypto/cipher" -- "crypto/sha256" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -- "golang.org/x/crypto/hkdf" - ) - - // parseAead parses a V2 SEIPD packet (AEAD) as specified in -@@ -62,95 +59,11 @@ func (se *SymmetricallyEncrypted) associatedData() []byte { - // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 - func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) { -- aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData()) -- -- // Carry the first tagLen bytes -- tagLen := se.Mode.TagLength() -- peekedBytes := make([]byte, tagLen) -- n, err := io.ReadFull(se.Contents, peekedBytes) -- if n < tagLen || (err != nil && err != io.EOF) { -- return nil, errors.StructuralError("not enough data to decrypt:" + err.Error()) -- } -- -- return &aeadDecrypter{ -- aeadCrypter: aeadCrypter{ -- aead: aead, -- chunkSize: decodeAEADChunkSize(se.ChunkSizeByte), -- initialNonce: nonce, -- associatedData: se.associatedData(), -- chunkIndex: make([]byte, 8), -- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, -- }, -- reader: se.Contents, -- peekedBytes: peekedBytes, -- }, nil -+ panic("hkdf cipher not available") - } - - // serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 - func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) { -- // cipherFunc must have block size 16 to use AEAD -- if cipherSuite.Cipher.blockSize() != 16 { -- return nil, errors.InvalidArgumentError("invalid aead cipher function") -- } -- -- if cipherSuite.Cipher.KeySize() != len(inputKey) { -- return nil, errors.InvalidArgumentError("error in aead serialization: bad key length") -- } -- -- // Data for en/decryption: tag, version, cipher, aead mode, chunk size -- prefix := []byte{ -- 0xD2, -- symmetricallyEncryptedVersionAead, -- byte(cipherSuite.Cipher), -- byte(cipherSuite.Mode), -- chunkSizeByte, -- } -- -- // Write header (that correspond to prefix except first byte) -- n, err := ciphertext.Write(prefix[1:]) -- if err != nil || n < 4 { -- return nil, err -- } -- -- // Random salt -- salt := make([]byte, aeadSaltSize) -- if _, err := rand.Read(salt); err != nil { -- return nil, err -- } -- -- if _, err := ciphertext.Write(salt); err != nil { -- return nil, err -- } -- -- aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix) -- -- return &aeadEncrypter{ -- aeadCrypter: aeadCrypter{ -- aead: aead, -- chunkSize: decodeAEADChunkSize(chunkSizeByte), -- associatedData: prefix, -- chunkIndex: make([]byte, 8), -- initialNonce: nonce, -- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, -- }, -- writer: ciphertext, -- }, nil --} -- --func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) { -- hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData) -- -- encryptionKey := make([]byte, c.KeySize()) -- _, _ = readFull(hkdfReader, encryptionKey) -- -- // Last 64 bits of nonce are the counter -- nonce = make([]byte, mode.IvLength()-8) -- -- _, _ = readFull(hkdfReader, nonce) -- -- blockCipher := c.new(encryptionKey) -- aead = mode.new(blockCipher) -- -- return -+ panic("hkdf cipher not available") - } -diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go -index 8499c73..eaffe19 100644 ---- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go -+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go -@@ -17,7 +17,6 @@ import ( - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/packet" -- _ "golang.org/x/crypto/sha3" - ) - - // SignatureType is the armor type for a PGP signature. -diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go -index 214df4c..f049462 100644 ---- a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go -+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go -@@ -20,9 +20,6 @@ package aeadcrypter - - import ( - "crypto/cipher" -- "fmt" -- -- "golang.org/x/crypto/chacha20poly1305" - ) - - // Supported key size in bytes. -@@ -39,14 +36,7 @@ type chachapoly struct { - // NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must - // be Chacha20Poly1305KeySize bytes in length. - func NewChachaPoly(key []byte) (S2AAEADCrypter, error) { -- if len(key) != Chacha20Poly1305KeySize { -- return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key)) -- } -- c, err := chacha20poly1305.New(key) -- if err != nil { -- return nil, err -- } -- return &chachapoly{aead: c}, nil -+ panic("chachap20poly1305 cipher not available") - } - - // Encrypt is the encryption function. dst can contain bytes at the beginning of -diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go -index dff99ff..052f645 100644 ---- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go -+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go -@@ -26,7 +26,6 @@ import ( - - s2apb "github.com/google/s2a-go/internal/proto/common_go_proto" - "github.com/google/s2a-go/internal/record/internal/aeadcrypter" -- "golang.org/x/crypto/cryptobyte" - ) - - // The constants below were taken from Section 7.2 and 7.3 in -@@ -175,19 +174,5 @@ func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte { - // deriveSecret implements the Derive-Secret function, as specified in - // https://tools.ietf.org/html/rfc8446#section-7.1. - func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) { -- var hkdfLabel cryptobyte.Builder -- hkdfLabel.AddUint16(uint16(length)) -- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { -- b.AddBytes(label) -- }) -- // Append an empty `Context` field to the label, as specified in the RFC. -- // The half connection does not use the `Context` field. -- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { -- b.AddBytes([]byte("")) -- }) -- hkdfLabelBytes, err := hkdfLabel.Bytes() -- if err != nil { -- return nil, fmt.Errorf("deriveSecret failed: %v", err) -- } -- return hc.expander.expand(secret, hkdfLabelBytes, length) -+ panic("cryptobyte cipher not available") - } -diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go -index e05f2c3..f46c3a9 100644 ---- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go -+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go -@@ -19,10 +19,7 @@ - package halfconn - - import ( -- "fmt" - "hash" -- -- "golang.org/x/crypto/hkdf" - ) - - // hkdfExpander is the interface for the HKDF expansion function; see -@@ -47,13 +44,5 @@ func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander { - } - - func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) { -- outBuf := make([]byte, length) -- n, err := hkdf.Expand(d.h, secret, label).Read(outBuf) -- if err != nil { -- return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err) -- } -- if n < length { -- return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length) -- } -- return outBuf, nil -+ panic("hkdf cipher not available") - } -diff --git a/vendor/github.com/Masterminds/sprig/v3/crypto.go b/vendor/github.com/Masterminds/sprig/v3/crypto.go -index 13a5cd5..a92eaec 100644 ---- a/vendor/github.com/Masterminds/sprig/v3/crypto.go -+++ b/vendor/github.com/Masterminds/sprig/v3/crypto.go -@@ -9,7 +9,6 @@ import ( - "crypto/ecdsa" - "crypto/ed25519" - "crypto/elliptic" -- "crypto/hmac" - "crypto/rand" - "crypto/rsa" - "crypto/sha1" -@@ -18,7 +17,6 @@ import ( - "crypto/x509/pkix" - "encoding/asn1" - "encoding/base64" -- "encoding/binary" - "encoding/hex" - "encoding/pem" - "errors" -@@ -32,8 +30,6 @@ import ( - "strings" - - "github.com/google/uuid" -- bcrypt_lib "golang.org/x/crypto/bcrypt" -- "golang.org/x/crypto/scrypt" - ) - - func sha256sum(input string) string { -@@ -52,12 +48,7 @@ func adler32sum(input string) string { - } - - func bcrypt(input string) string { -- hash, err := bcrypt_lib.GenerateFromPassword([]byte(input), bcrypt_lib.DefaultCost) -- if err != nil { -- return fmt.Sprintf("failed to encrypt string with bcrypt: %s", err) -- } -- -- return string(hash) -+ panic("bcrypt cipher not available") - } - - func htpasswd(username string, password string) string { -@@ -108,40 +99,7 @@ var templateCharacters = map[byte]string{ - } - - func derivePassword(counter uint32, passwordType, password, user, site string) string { -- var templates = passwordTypeTemplates[passwordType] -- if templates == nil { -- return fmt.Sprintf("cannot find password template %s", passwordType) -- } -- -- var buffer bytes.Buffer -- buffer.WriteString(masterPasswordSeed) -- binary.Write(&buffer, binary.BigEndian, uint32(len(user))) -- buffer.WriteString(user) -- -- salt := buffer.Bytes() -- key, err := scrypt.Key([]byte(password), salt, 32768, 8, 2, 64) -- if err != nil { -- return fmt.Sprintf("failed to derive password: %s", err) -- } -- -- buffer.Truncate(len(masterPasswordSeed)) -- binary.Write(&buffer, binary.BigEndian, uint32(len(site))) -- buffer.WriteString(site) -- binary.Write(&buffer, binary.BigEndian, counter) -- -- var hmacv = hmac.New(sha256.New, key) -- hmacv.Write(buffer.Bytes()) -- var seed = hmacv.Sum(nil) -- var temp = templates[int(seed[0])%len(templates)] -- -- buffer.Truncate(0) -- for i, element := range temp { -- passChars := templateCharacters[element] -- passChar := passChars[int(seed[i+1])%len(passChars)] -- buffer.WriteByte(passChar) -- } -- -- return buffer.String() -+ panic("scrypt cipher not available") - } - - func generatePrivateKey(typ string) string { -diff --git a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go -index d95032f..f5cbe66 100644 ---- a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go -+++ b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go -@@ -16,7 +16,6 @@ import ( - "github.com/microsoft/go-mssqldb/msdsn" - - //lint:ignore SA1019 MD4 is used by legacy NTLM -- "golang.org/x/crypto/md4" - ) - - const ( -@@ -162,10 +161,7 @@ func lmResponse(challenge [8]byte, password string) [24]byte { - } - - func ntlmHash(password string) (hash [21]byte) { -- h := md4.New() -- h.Write(utf16le(password)) -- h.Sum(hash[:0]) -- return -+ panic("md4 cipher not available") - } - - func ntResponse(challenge [8]byte, password string) [24]byte { -@@ -194,12 +190,7 @@ func ntlmSessionResponse(clientNonce [8]byte, serverChallenge [8]byte, password - } - - func ntlmHashNoPadding(val string) []byte { -- hash := make([]byte, 16) -- h := md4.New() -- h.Write(utf16le(val)) -- h.Sum(hash[:0]) -- -- return hash -+ panic("md4 cipher not available") - } - - func hmacMD5(passwordHash, data []byte) []byte { -diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go -index 804eba899e..221306e7dc 100644 ---- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go -+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go -@@ -16,7 +16,6 @@ import ( - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" -- "golang.org/x/crypto/pkcs12" - ) - - const credNameCert = "ClientCertificateCredential" -@@ -158,15 +157,7 @@ func loadPEMCert(certData []byte) ([]*pem.Block, error) { - } - - func loadPKCS12Cert(certData []byte, password string) ([]*pem.Block, error) { -- blocks, err := pkcs12.ToPEM(certData, password) -- if err != nil { -- return nil, err -- } -- if len(blocks) == 0 { -- // not mentioning PKCS12 in this message because we end up here when certData is garbage -- return nil, errors.New("didn't find any certificate content") -- } -- return blocks, err -+ panic("pkcs12 cipher not available") - } - - var _ azcore.TokenCredential = (*ClientCertificateCredential)(nil) -diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go -index 2a974a3..1ea6648 100644 ---- a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go -+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go -@@ -23,8 +23,6 @@ import ( - "io/ioutil" - "os" - "path/filepath" -- -- "golang.org/x/crypto/pkcs12" - ) - - var ( -@@ -90,46 +88,5 @@ func SaveToken(path string, mode os.FileMode, token Token) error { - // private key or an error is returned. - // If the private key is not password protected pass the empty string for password. - func DecodePfxCertificateData(pfxData []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) { -- blocks, err := pkcs12.ToPEM(pfxData, password) -- if err != nil { -- return nil, nil, err -- } -- // first extract the private key -- var priv *rsa.PrivateKey -- for _, block := range blocks { -- if block.Type == "PRIVATE KEY" { -- priv, err = x509.ParsePKCS1PrivateKey(block.Bytes) -- if err != nil { -- return nil, nil, err -- } -- break -- } -- } -- if priv == nil { -- return nil, nil, ErrMissingPrivateKey -- } -- // now find the certificate with the matching public key of our private key -- var cert *x509.Certificate -- for _, block := range blocks { -- if block.Type == "CERTIFICATE" { -- pcert, err := x509.ParseCertificate(block.Bytes) -- if err != nil { -- return nil, nil, err -- } -- certKey, ok := pcert.PublicKey.(*rsa.PublicKey) -- if !ok { -- // keep looking -- continue -- } -- if priv.E == certKey.E && priv.N.Cmp(certKey.N) == 0 { -- // found a match -- cert = pcert -- break -- } -- } -- } -- if cert == nil { -- return nil, nil, ErrMissingCertificate -- } -- return cert, priv, nil -+ panic("pkcs12 cipher not available") - } -diff --git a/vendor/github.com/Azure/go-ntlmssp/nlmp.go b/vendor/github.com/Azure/go-ntlmssp/nlmp.go -index 1e65abe..0ef2301 100644 ---- a/vendor/github.com/Azure/go-ntlmssp/nlmp.go -+++ b/vendor/github.com/Azure/go-ntlmssp/nlmp.go -@@ -10,7 +10,6 @@ package ntlmssp - import ( - "crypto/hmac" - "crypto/md5" -- "golang.org/x/crypto/md4" - "strings" - ) - -@@ -19,9 +18,7 @@ func getNtlmV2Hash(password, username, target string) []byte { - } - - func getNtlmHash(password string) []byte { -- hash := md4.New() -- hash.Write(toUnicode(password)) -- return hash.Sum(nil) -+ panic("md4 cipher not available") - } - - func computeNtlmV2Response(ntlmV2Hash, serverChallenge, clientChallenge, -diff --git a/vendor/github.com/ory/fosite/hash_bcrypt.go b/vendor/github.com/ory/fosite/hash_bcrypt.go -index 44b8fcb..4a75d24 100644 ---- a/vendor/github.com/ory/fosite/hash_bcrypt.go -+++ b/vendor/github.com/ory/fosite/hash_bcrypt.go -@@ -5,10 +5,6 @@ package fosite - - import ( - "context" -- -- "github.com/ory/x/errorsx" -- -- "golang.org/x/crypto/bcrypt" - ) - - const DefaultBCryptWorkFactor = 12 -@@ -21,20 +17,9 @@ type BCrypt struct { - } - - func (b *BCrypt) Hash(ctx context.Context, data []byte) ([]byte, error) { -- wf := b.Config.GetBCryptCost(ctx) -- if wf == 0 { -- wf = DefaultBCryptWorkFactor -- } -- s, err := bcrypt.GenerateFromPassword(data, wf) -- if err != nil { -- return nil, errorsx.WithStack(err) -- } -- return s, nil -+ panic("bcrypt ciper not available") - } - - func (b *BCrypt) Compare(ctx context.Context, hash, data []byte) error { -- if err := bcrypt.CompareHashAndPassword(hash, data); err != nil { -- return errorsx.WithStack(err) -- } -- return nil -+ panic("bcrypt cipher not available") - } diff --git a/vendor/filippo.io/age/internal/stream/stream.go b/vendor/filippo.io/age/internal/stream/stream.go -index 7cf02c4..29f4f44 100644 +index 7551274bd..dfc3e870a 100644 --- a/vendor/filippo.io/age/internal/stream/stream.go +++ b/vendor/filippo.io/age/internal/stream/stream.go -@@ -10,9 +10,6 @@ import ( +@@ -10,8 +10,6 @@ import ( "errors" "fmt" "io" - - "golang.org/x/crypto/chacha20poly1305" -- "golang.org/x/crypto/poly1305" ) const ChunkSize = 64 * 1024 -@@ -25,23 +22,16 @@ type Reader struct { +@@ -24,23 +22,16 @@ type Reader struct { buf [encChunkSize]byte err error @@ -1045,7 +26,7 @@ index 7cf02c4..29f4f44 100644 } const ( -- encChunkSize = ChunkSize + poly1305.TagSize +- encChunkSize = ChunkSize + chacha20poly1305.Overhead + encChunkSize = ChunkSize lastChunkFlag = 0x01 ) @@ -1063,15 +44,14 @@ index 7cf02c4..29f4f44 100644 } func (r *Reader) Read(p []byte) (int, error) { -@@ -87,64 +77,20 @@ func (r *Reader) Read(p []byte) (int, error) { +@@ -86,64 +77,19 @@ func (r *Reader) Read(p []byte) (int, error) { // in r.unread. last is true if the chunk was marked as the end of the message. // readChunk must not be called again after returning a last chunk or an error. func (r *Reader) readChunk() (last bool, err error) { - if len(r.unread) != 0 { - panic("stream: internal error: readChunk called with dirty buffer") - } -+ panic("poly1305 cipher not available") - +- - in := r.buf[:] - n, err := io.ReadFull(r.src, in) - switch { @@ -1106,6 +86,7 @@ index 7cf02c4..29f4f44 100644 - incNonce(&r.nonce) - r.unread = r.buf[:copy(r.buf[:], out)] - return last, nil ++ panic("poly1305 cipher not available") } -func incNonce(nonce *[chacha20poly1305.NonceSize]byte) { @@ -1135,7 +116,7 @@ index 7cf02c4..29f4f44 100644 } type Writer struct { -@@ -152,47 +98,17 @@ type Writer struct { +@@ -151,47 +97,17 @@ type Writer struct { dst io.Writer unwritten []byte // backed by buf buf [encChunkSize]byte @@ -1187,7 +168,7 @@ index 7cf02c4..29f4f44 100644 } // Close flushes the last chunk. It does not close the underlying Writer. -@@ -216,16 +132,5 @@ const ( +@@ -215,16 +131,5 @@ const ( ) func (w *Writer) flushChunk(last bool) error { @@ -1206,7 +187,7 @@ index 7cf02c4..29f4f44 100644 + panic("chacha20poly1305 cipher not available") } diff --git a/vendor/filippo.io/age/primitives.go b/vendor/filippo.io/age/primitives.go -index 804b019..2ee760f 100644 +index 804b0193f..2ee760f3a 100644 --- a/vendor/filippo.io/age/primitives.go +++ b/vendor/filippo.io/age/primitives.go @@ -5,29 +5,14 @@ @@ -1280,14 +261,15 @@ index 804b019..2ee760f 100644 + panic("chacha20poly1305 cipher not available") } diff --git a/vendor/filippo.io/age/scrypt.go b/vendor/filippo.io/age/scrypt.go -index 1346ad1..a97e385 100644 +index 73d13b7fa..27e80124e 100644 --- a/vendor/filippo.io/age/scrypt.go +++ b/vendor/filippo.io/age/scrypt.go -@@ -5,15 +5,8 @@ +@@ -5,16 +5,8 @@ package age import ( - "crypto/rand" +- "encoding/hex" "errors" - "fmt" "regexp" @@ -1299,7 +281,7 @@ index 1346ad1..a97e385 100644 ) const scryptLabel = "age-encryption.org/v1/scrypt" -@@ -61,30 +54,7 @@ func (r *ScryptRecipient) SetWorkFactor(logN int) { +@@ -62,30 +54,7 @@ func (r *ScryptRecipient) SetWorkFactor(logN int) { const scryptSaltSize = 16 func (r *ScryptRecipient) Wrap(fileKey []byte) ([]*Stanza, error) { @@ -1330,8 +312,25 @@ index 1346ad1..a97e385 100644 + panic("chacha20poly1305 cipher not available") } + // WrapWithLabels implements [age.RecipientWithLabels], returning a random +@@ -100,15 +69,7 @@ func (r *ScryptRecipient) Wrap(fileKey []byte) ([]*Stanza, error) { + // + // [authenticated]: https://words.filippo.io/dispatches/age-authentication/ + func (r *ScryptRecipient) WrapWithLabels(fileKey []byte) (stanzas []*Stanza, labels []string, err error) { +- stanzas, err = r.Wrap(fileKey) +- +- random := make([]byte, 16) +- if _, err := rand.Read(random); err != nil { +- return nil, nil, err +- } +- labels = []string{hex.EncodeToString(random)} +- +- return ++ panic("chacha20poly1305 cipher not available") + } + // ScryptIdentity is a password-based identity. -@@ -132,51 +102,5 @@ func (i *ScryptIdentity) Unwrap(stanzas []*Stanza) ([]byte, error) { +@@ -156,51 +117,5 @@ func (i *ScryptIdentity) Unwrap(stanzas []*Stanza) ([]byte, error) { var digitsRe = regexp.MustCompile(`^[1-9][0-9]*$`) func (i *ScryptIdentity) unwrap(block *Stanza) ([]byte, error) { @@ -1385,7 +384,7 @@ index 1346ad1..a97e385 100644 + panic("chacha20poly1305 cipher not available") } diff --git a/vendor/filippo.io/age/x25519.go b/vendor/filippo.io/age/x25519.go -index 6cd87a8..f0d7dd7 100644 +index 6cd87a8da..7ca458a46 100644 --- a/vendor/filippo.io/age/x25519.go +++ b/vendor/filippo.io/age/x25519.go @@ -5,18 +5,10 @@ @@ -1536,312 +535,559 @@ index 6cd87a8..f0d7dd7 100644 } // Recipient returns the public X25519Recipient value corresponding to i. -diff --git a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go -index b69aa03..ba67845 100644 ---- a/vendor/gopkg.in/square/go-jose.v2/asymmetric.go -+++ b/vendor/gopkg.in/square/go-jose.v2/asymmetric.go -@@ -28,7 +28,6 @@ import ( - "fmt" - "math/big" - -- "golang.org/x/crypto/ed25519" - josecipher "gopkg.in/square/go-jose.v2/cipher" - "gopkg.in/square/go-jose.v2/json" +diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go +index 9e6bca1c9..e7204d0a8 100644 +--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go ++++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go +@@ -17,7 +17,6 @@ import ( + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" +- "golang.org/x/crypto/pkcs12" ) -@@ -48,10 +47,6 @@ type ecEncrypterVerifier struct { - publicKey *ecdsa.PublicKey + + const credNameCert = "ClientCertificateCredential" +@@ -162,15 +161,7 @@ func loadPEMCert(certData []byte) ([]*pem.Block, error) { } --type edEncrypterVerifier struct { -- publicKey ed25519.PublicKey --} -- - // A key generator for ECDH-ES - type ecKeyGenerator struct { - size int -@@ -64,10 +59,6 @@ type ecDecrypterSigner struct { - privateKey *ecdsa.PrivateKey - } - --type edDecrypterSigner struct { -- privateKey ed25519.PrivateKey --} -- - // newRSARecipient creates recipientKeyInfo based on the given key. - func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter -@@ -113,25 +104,6 @@ func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipi - }, nil - } - --func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) { -- if sigAlg != EdDSA { -- return recipientSigInfo{}, ErrUnsupportedAlgorithm -- } -- -- if privateKey == nil { -- return recipientSigInfo{}, errors.New("invalid private key") -- } -- return recipientSigInfo{ -- sigAlg: sigAlg, -- publicKey: staticPublicKey(&JSONWebKey{ -- Key: privateKey.Public(), -- }), -- signer: &edDecrypterSigner{ -- privateKey: privateKey, -- }, -- }, nil --} -- - // newECDHRecipient creates recipientKeyInfo based on the given key. - func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter -@@ -467,33 +439,6 @@ func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientI - return josecipher.KeyUnwrap(block, recipient.encryptedKey) - } - --func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { -- if alg != EdDSA { -- return Signature{}, ErrUnsupportedAlgorithm -- } -- -- sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0)) + func loadPKCS12Cert(certData []byte, password string) ([]*pem.Block, error) { +- blocks, err := pkcs12.ToPEM(certData, password) - if err != nil { -- return Signature{}, err +- return nil, err - } -- -- return Signature{ -- Signature: sig, -- protected: &rawHeader{}, -- }, nil --} -- --func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { -- if alg != EdDSA { -- return ErrUnsupportedAlgorithm +- if len(blocks) == 0 { +- // not mentioning PKCS12 in this message because we end up here when certData is garbage +- return nil, errors.New("didn't find any certificate content") - } -- ok := ed25519.Verify(ctx.publicKey, payload, signature) -- if !ok { -- return errors.New("square/go-jose: ed25519 signature failed to verify") +- return blocks, err ++ panic("pkcs12 cipher not available") + } + + var _ azcore.TokenCredential = (*ClientCertificateCredential)(nil) +diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go +index fb54a4323..f30496d01 100644 +--- a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go ++++ b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go +@@ -23,7 +23,6 @@ import ( + "os" + "path/filepath" + +- "golang.org/x/crypto/pkcs12" + ) + + var ( +@@ -89,46 +88,5 @@ func SaveToken(path string, mode os.FileMode, token Token) error { + // private key or an error is returned. + // If the private key is not password protected pass the empty string for password. + func DecodePfxCertificateData(pfxData []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) { +- blocks, err := pkcs12.ToPEM(pfxData, password) +- if err != nil { +- return nil, nil, err - } -- return nil --} -- - // Sign the given payload - func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - var expectedBitSize int -diff --git a/vendor/gopkg.in/square/go-jose.v2/jwk.go b/vendor/gopkg.in/square/go-jose.v2/jwk.go -index 222e260..98438e1 100644 ---- a/vendor/gopkg.in/square/go-jose.v2/jwk.go -+++ b/vendor/gopkg.in/square/go-jose.v2/jwk.go -@@ -34,8 +34,6 @@ import ( - "reflect" +- // first extract the private key +- var priv *rsa.PrivateKey +- for _, block := range blocks { +- if block.Type == "PRIVATE KEY" { +- priv, err = x509.ParsePKCS1PrivateKey(block.Bytes) +- if err != nil { +- return nil, nil, err +- } +- break +- } +- } +- if priv == nil { +- return nil, nil, ErrMissingPrivateKey +- } +- // now find the certificate with the matching public key of our private key +- var cert *x509.Certificate +- for _, block := range blocks { +- if block.Type == "CERTIFICATE" { +- pcert, err := x509.ParseCertificate(block.Bytes) +- if err != nil { +- return nil, nil, err +- } +- certKey, ok := pcert.PublicKey.(*rsa.PublicKey) +- if !ok { +- // keep looking +- continue +- } +- if priv.E == certKey.E && priv.N.Cmp(certKey.N) == 0 { +- // found a match +- cert = pcert +- break +- } +- } +- } +- if cert == nil { +- return nil, nil, ErrMissingCertificate +- } +- return cert, priv, nil ++ panic("pkcs12 cipher not available") + } +diff --git a/vendor/github.com/Azure/go-ntlmssp/nlmp.go b/vendor/github.com/Azure/go-ntlmssp/nlmp.go +index 1e65abe8b..0ef2301ed 100644 +--- a/vendor/github.com/Azure/go-ntlmssp/nlmp.go ++++ b/vendor/github.com/Azure/go-ntlmssp/nlmp.go +@@ -10,7 +10,6 @@ package ntlmssp + import ( + "crypto/hmac" + "crypto/md5" +- "golang.org/x/crypto/md4" + "strings" + ) + +@@ -19,9 +18,7 @@ func getNtlmV2Hash(password, username, target string) []byte { + } + + func getNtlmHash(password string) []byte { +- hash := md4.New() +- hash.Write(toUnicode(password)) +- return hash.Sum(nil) ++ panic("md4 cipher not available") + } + + func computeNtlmV2Response(ntlmV2Hash, serverChallenge, clientChallenge, +diff --git a/vendor/github.com/Masterminds/sprig/v3/crypto.go b/vendor/github.com/Masterminds/sprig/v3/crypto.go +index 75fe027e4..b402bc844 100644 +--- a/vendor/github.com/Masterminds/sprig/v3/crypto.go ++++ b/vendor/github.com/Masterminds/sprig/v3/crypto.go +@@ -9,7 +9,6 @@ import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" +- "crypto/hmac" + "crypto/rand" + "crypto/rsa" + "crypto/sha1" +@@ -19,7 +18,6 @@ import ( + "crypto/x509/pkix" + "encoding/asn1" + "encoding/base64" +- "encoding/binary" + "encoding/hex" + "encoding/pem" + "errors" +@@ -33,8 +31,6 @@ import ( "strings" -- "golang.org/x/crypto/ed25519" -- - "gopkg.in/square/go-jose.v2/json" + "github.com/google/uuid" +- bcrypt_lib "golang.org/x/crypto/bcrypt" +- "golang.org/x/crypto/scrypt" ) -@@ -95,14 +93,10 @@ func (k JSONWebKey) MarshalJSON() ([]byte, error) { - var err error - - switch key := k.Key.(type) { -- case ed25519.PublicKey: -- raw = fromEdPublicKey(key) - case *ecdsa.PublicKey: - raw, err = fromEcPublicKey(key) - case *rsa.PublicKey: - raw = fromRsaPublicKey(key) -- case ed25519.PrivateKey: -- raw, err = fromEdPrivateKey(key) - case *ecdsa.PrivateKey: - raw, err = fromEcPrivateKey(key) - case *rsa.PrivateKey: -@@ -216,15 +210,7 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) { - key, err = raw.symmetricKey() - case "OKP": - if raw.Crv == "Ed25519" && raw.X != nil { -- if raw.D != nil { -- key, err = raw.edPrivateKey() -- if err == nil { -- keyPub = key.(ed25519.PrivateKey).Public() -- } -- } else { -- key, err = raw.edPublicKey() -- keyPub = key -- } -+ panic("ed25519 cipher not available") - } else { - err = fmt.Errorf("square/go-jose: unknown curve %s'", raw.Crv) - } -@@ -356,23 +342,12 @@ func rsaThumbprintInput(n *big.Int, e int) (string, error) { - newBuffer(n.Bytes()).base64()), nil + func sha512sum(input string) string { +@@ -58,12 +54,7 @@ func adler32sum(input string) string { } --func edThumbprintInput(ed ed25519.PublicKey) (string, error) { -- crv := "Ed25519" -- if len(ed) > 32 { -- return "", errors.New("square/go-jose: invalid elliptic key (too large)") + func bcrypt(input string) string { +- hash, err := bcrypt_lib.GenerateFromPassword([]byte(input), bcrypt_lib.DefaultCost) +- if err != nil { +- return fmt.Sprintf("failed to encrypt string with bcrypt: %s", err) - } -- return fmt.Sprintf(edThumbprintTemplate, crv, -- newFixedSizeBuffer(ed, 32).base64()), nil --} - - // Thumbprint computes the JWK Thumbprint of a key using the - // indicated hash algorithm. - func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { - var input string - var err error - switch key := k.Key.(type) { -- case ed25519.PublicKey: -- input, err = edThumbprintInput(key) - case *ecdsa.PublicKey: - input, err = ecThumbprintInput(key.Curve, key.X, key.Y) - case *ecdsa.PrivateKey: -@@ -381,8 +356,6 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { - input, err = rsaThumbprintInput(key.N, key.E) - case *rsa.PrivateKey: - input, err = rsaThumbprintInput(key.N, key.E) -- case ed25519.PrivateKey: -- input, err = edThumbprintInput(ed25519.PublicKey(key[32:])) - default: - return nil, fmt.Errorf("square/go-jose: unknown key type '%s'", reflect.TypeOf(key)) +- return string(hash) ++ panic("bcrypt cipher not available") + } + + func htpasswd(username string, password string) string { +@@ -114,40 +105,7 @@ var templateCharacters = map[byte]string{ + } + + func derivePassword(counter uint32, passwordType, password, user, site string) string { +- var templates = passwordTypeTemplates[passwordType] +- if templates == nil { +- return fmt.Sprintf("cannot find password template %s", passwordType) +- } +- +- var buffer bytes.Buffer +- buffer.WriteString(masterPasswordSeed) +- binary.Write(&buffer, binary.BigEndian, uint32(len(user))) +- buffer.WriteString(user) +- +- salt := buffer.Bytes() +- key, err := scrypt.Key([]byte(password), salt, 32768, 8, 2, 64) +- if err != nil { +- return fmt.Sprintf("failed to derive password: %s", err) +- } +- +- buffer.Truncate(len(masterPasswordSeed)) +- binary.Write(&buffer, binary.BigEndian, uint32(len(site))) +- buffer.WriteString(site) +- binary.Write(&buffer, binary.BigEndian, counter) +- +- var hmacv = hmac.New(sha256.New, key) +- hmacv.Write(buffer.Bytes()) +- var seed = hmacv.Sum(nil) +- var temp = templates[int(seed[0])%len(templates)] +- +- buffer.Truncate(0) +- for i, element := range temp { +- passChars := templateCharacters[element] +- passChar := passChars[int(seed[i+1])%len(passChars)] +- buffer.WriteByte(passChar) +- } +- +- return buffer.String() ++ panic("scrypt cipher not available") + } + + func generatePrivateKey(typ string) string { +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go +index c76a75bcd..e76d5904c 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go +@@ -8,8 +8,6 @@ import ( + "crypto/aes" + "crypto/cipher" + "crypto/des" +- +- "golang.org/x/crypto/cast5" + ) + + // Cipher is an official symmetric key cipher algorithm. See RFC 4880, +@@ -38,7 +36,6 @@ const ( + // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 + var CipherById = map[uint8]Cipher{ + TripleDES.Id(): TripleDES, +- CAST5.Id(): CAST5, + AES128.Id(): AES128, + AES192.Id(): AES192, + AES256.Id(): AES256, +@@ -55,7 +52,7 @@ func (sk CipherFunction) Id() uint8 { + func (cipher CipherFunction) KeySize() int { + switch cipher { + case CAST5: +- return cast5.KeySize ++ panic("cast5 cipher not available") + case AES128: + return 16 + case AES192, TripleDES: +@@ -72,7 +69,7 @@ func (cipher CipherFunction) BlockSize() int { + case TripleDES: + return des.BlockSize + case CAST5: +- return 8 ++ panic("cast5 cipher not available") + case AES128, AES192, AES256: + return 16 } -@@ -399,7 +372,7 @@ func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) { - // IsPublic returns true if the JWK represents a public key (not symmetric, not private). - func (k *JSONWebKey) IsPublic() bool { - switch k.Key.(type) { -- case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey: -+ case *ecdsa.PublicKey, *rsa.PublicKey: - return true - default: - return false -@@ -417,8 +390,6 @@ func (k *JSONWebKey) Public() JSONWebKey { - ret.Key = key.Public() - case *rsa.PrivateKey: - ret.Key = key.Public() -- case ed25519.PrivateKey: -- ret.Key = key.Public() - default: - return JSONWebKey{} // returning invalid key +@@ -86,7 +83,7 @@ func (cipher CipherFunction) New(key []byte) (block cipher.Block) { + case TripleDES: + block, err = des.NewTripleDESCipher(key) + case CAST5: +- block, err = cast5.NewCipher(key) ++ panic("cast5 cipher not available") + case AES128, AES192, AES256: + block, err = aes.NewCipher(key) } -@@ -447,14 +418,6 @@ func (k *JSONWebKey) Valid() bool { - if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 { - return false - } -- case ed25519.PublicKey: -- if len(key) != 32 { -- return false -- } -- case ed25519.PrivateKey: -- if len(key) != 64 { -- return false -- } - default: - return false - } -@@ -472,14 +435,6 @@ func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) { - }, nil +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go +index 3ddc4fe4a..86340d4af 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go +@@ -5,14 +5,10 @@ + package packet + + import ( +- "crypto/cipher" +- "crypto/sha256" +- "fmt" + "io" + "strconv" + + "github.com/ProtonMail/go-crypto/openpgp/errors" +- "golang.org/x/crypto/hkdf" + ) + + // parseAead parses a V2 SEIPD packet (AEAD) as specified in +@@ -64,105 +60,11 @@ func (se *SymmetricallyEncrypted) associatedData() []byte { + // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in + // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 + func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) { +- if se.Cipher.KeySize() != len(inputKey) { +- return nil, errors.StructuralError(fmt.Sprintf("invalid session key length for cipher: got %d bytes, but expected %d bytes", len(inputKey), se.Cipher.KeySize())) +- } +- +- aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData()) +- // Carry the first tagLen bytes +- chunkSize := decodeAEADChunkSize(se.ChunkSizeByte) +- tagLen := se.Mode.TagLength() +- chunkBytes := make([]byte, chunkSize+tagLen*2) +- peekedBytes := chunkBytes[chunkSize+tagLen:] +- n, err := io.ReadFull(se.Contents, peekedBytes) +- if n < tagLen || (err != nil && err != io.EOF) { +- return nil, errors.StructuralError("not enough data to decrypt:" + err.Error()) +- } +- +- return &aeadDecrypter{ +- aeadCrypter: aeadCrypter{ +- aead: aead, +- chunkSize: decodeAEADChunkSize(se.ChunkSizeByte), +- nonce: nonce, +- associatedData: se.associatedData(), +- chunkIndex: nonce[len(nonce)-8:], +- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, +- }, +- reader: se.Contents, +- chunkBytes: chunkBytes, +- peekedBytes: peekedBytes, +- }, nil ++ panic("hkdf cipher not available") } --func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey { -- return &rawJSONWebKey{ -- Kty: "OKP", -- Crv: "Ed25519", -- X: newBuffer(pub), + // serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in + // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 + func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) { +- // cipherFunc must have block size 16 to use AEAD +- if cipherSuite.Cipher.blockSize() != 16 { +- return nil, errors.InvalidArgumentError("invalid aead cipher function") - } +- +- if cipherSuite.Cipher.KeySize() != len(inputKey) { +- return nil, errors.InvalidArgumentError("error in aead serialization: bad key length") +- } +- +- // Data for en/decryption: tag, version, cipher, aead mode, chunk size +- prefix := []byte{ +- 0xD2, +- symmetricallyEncryptedVersionAead, +- byte(cipherSuite.Cipher), +- byte(cipherSuite.Mode), +- chunkSizeByte, +- } +- +- // Write header (that correspond to prefix except first byte) +- n, err := ciphertext.Write(prefix[1:]) +- if err != nil || n < 4 { +- return nil, err +- } +- +- // Random salt +- salt := make([]byte, aeadSaltSize) +- if _, err := io.ReadFull(rand, salt); err != nil { +- return nil, err +- } +- +- if _, err := ciphertext.Write(salt); err != nil { +- return nil, err +- } +- +- aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix) +- +- chunkSize := decodeAEADChunkSize(chunkSizeByte) +- tagLen := aead.Overhead() +- chunkBytes := make([]byte, chunkSize+tagLen) +- return &aeadEncrypter{ +- aeadCrypter: aeadCrypter{ +- aead: aead, +- chunkSize: chunkSize, +- associatedData: prefix, +- nonce: nonce, +- chunkIndex: nonce[len(nonce)-8:], +- packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, +- }, +- writer: ciphertext, +- chunkBytes: chunkBytes, +- }, nil -} - - func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey { - return &rawJSONWebKey{ - Kty: "RSA", -@@ -559,36 +514,6 @@ func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) { - return key, nil +-func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) { +- hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData) +- +- encryptionKey := make([]byte, c.KeySize()) +- _, _ = readFull(hkdfReader, encryptionKey) +- +- nonce = make([]byte, mode.IvLength()) +- +- // Last 64 bits of nonce are the counter +- _, _ = readFull(hkdfReader, nonce[:len(nonce)-8]) +- +- blockCipher := c.new(encryptionKey) +- aead = mode.new(blockCipher) +- +- return ++ panic("hkdf cipher not available") + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go +index 5578797ed..ef2fc2554 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go +@@ -17,7 +17,6 @@ import ( + "github.com/ProtonMail/go-crypto/openpgp/errors" + "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" + "github.com/ProtonMail/go-crypto/openpgp/packet" +- _ "golang.org/x/crypto/sha3" + ) + + // SignatureType is the armor type for a PGP signature. +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go +index 214df4ca4..f0494624a 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go +@@ -20,9 +20,6 @@ package aeadcrypter + + import ( + "crypto/cipher" +- "fmt" +- +- "golang.org/x/crypto/chacha20poly1305" + ) + + // Supported key size in bytes. +@@ -39,14 +36,7 @@ type chachapoly struct { + // NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must + // be Chacha20Poly1305KeySize bytes in length. + func NewChachaPoly(key []byte) (S2AAEADCrypter, error) { +- if len(key) != Chacha20Poly1305KeySize { +- return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key)) +- } +- c, err := chacha20poly1305.New(key) +- if err != nil { +- return nil, err +- } +- return &chachapoly{aead: c}, nil ++ panic("chachap20poly1305 cipher not available") } --func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) { -- var missing []string -- switch { -- case key.D == nil: -- missing = append(missing, "D") -- case key.X == nil: -- missing = append(missing, "X") -- } + // Encrypt is the encryption function. dst can contain bytes at the beginning of +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go +index e05f2c36a..f46c3a958 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go +@@ -19,10 +19,7 @@ + package halfconn + + import ( +- "fmt" + "hash" - -- if len(missing) > 0 { -- return nil, fmt.Errorf("square/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", ")) -- } -- -- privateKey := make([]byte, ed25519.PrivateKeySize) -- copy(privateKey[0:32], key.D.bytes()) -- copy(privateKey[32:], key.X.bytes()) -- rv := ed25519.PrivateKey(privateKey) -- return rv, nil --} -- --func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) { -- if key.X == nil { -- return nil, fmt.Errorf("square/go-jose: invalid Ed key, missing x value") -- } -- publicKey := make([]byte, ed25519.PublicKeySize) -- copy(publicKey[0:32], key.X.bytes()) -- rv := ed25519.PublicKey(publicKey) -- return rv, nil --} -- - func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) { - var missing []string - switch { -@@ -634,13 +559,6 @@ func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) { - return rv, err +- "golang.org/x/crypto/hkdf" + ) + + // hkdfExpander is the interface for the HKDF expansion function; see +@@ -47,13 +44,5 @@ func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander { } --func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) { -- raw := fromEdPublicKey(ed25519.PublicKey(ed[32:])) + func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) { +- outBuf := make([]byte, length) +- n, err := hkdf.Expand(d.h, secret, label).Read(outBuf) +- if err != nil { +- return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err) +- } +- if n < length { +- return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length) +- } +- return outBuf, nil ++ panic("hkdf cipher not available") + } +diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go +index dff99ff59..052f64523 100644 +--- a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go ++++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go +@@ -26,7 +26,6 @@ import ( + + s2apb "github.com/google/s2a-go/internal/proto/common_go_proto" + "github.com/google/s2a-go/internal/record/internal/aeadcrypter" +- "golang.org/x/crypto/cryptobyte" + ) + + // The constants below were taken from Section 7.2 and 7.3 in +@@ -175,19 +174,5 @@ func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte { + // deriveSecret implements the Derive-Secret function, as specified in + // https://tools.ietf.org/html/rfc8446#section-7.1. + func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) { +- var hkdfLabel cryptobyte.Builder +- hkdfLabel.AddUint16(uint16(length)) +- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes(label) +- }) +- // Append an empty `Context` field to the label, as specified in the RFC. +- // The half connection does not use the `Context` field. +- hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { +- b.AddBytes([]byte("")) +- }) +- hkdfLabelBytes, err := hkdfLabel.Bytes() +- if err != nil { +- return nil, fmt.Errorf("deriveSecret failed: %v", err) +- } +- return hc.expander.expand(secret, hkdfLabelBytes, length) ++ panic("cryptobyte cipher not available") + } +diff --git a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go +index d95032f22..f6bfe7233 100644 +--- a/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go ++++ b/vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go +@@ -15,8 +15,6 @@ import ( + "github.com/microsoft/go-mssqldb/integratedauth" + "github.com/microsoft/go-mssqldb/msdsn" + +- //lint:ignore SA1019 MD4 is used by legacy NTLM +- "golang.org/x/crypto/md4" + ) + + const ( +@@ -162,10 +160,7 @@ func lmResponse(challenge [8]byte, password string) [24]byte { + } + + func ntlmHash(password string) (hash [21]byte) { +- h := md4.New() +- h.Write(utf16le(password)) +- h.Sum(hash[:0]) +- return ++ panic("md4 cipher not available") + } + + func ntResponse(challenge [8]byte, password string) [24]byte { +@@ -194,12 +189,7 @@ func ntlmSessionResponse(clientNonce [8]byte, serverChallenge [8]byte, password + } + + func ntlmHashNoPadding(val string) []byte { +- hash := make([]byte, 16) +- h := md4.New() +- h.Write(utf16le(val)) +- h.Sum(hash[:0]) - -- raw.D = newBuffer(ed[0:32]) -- return raw, nil --} -- - func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) { - if len(rsa.Primes) != 2 { - return nil, ErrUnsupportedKeyType -diff --git a/vendor/gopkg.in/square/go-jose.v2/signing.go b/vendor/gopkg.in/square/go-jose.v2/signing.go -index bad820c..8065475 100644 ---- a/vendor/gopkg.in/square/go-jose.v2/signing.go -+++ b/vendor/gopkg.in/square/go-jose.v2/signing.go -@@ -24,8 +24,6 @@ import ( +- return hash ++ panic("md4 cipher not available") + } + + func hmacMD5(passwordHash, data []byte) []byte { +diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go +index cf8f39305..de4d145fc 100644 +--- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go ++++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go +@@ -20,14 +20,10 @@ import ( + "bytes" + "context" + "crypto/aes" +- "crypto/sha256" "errors" "fmt" +- "io" + "time" -- "golang.org/x/crypto/ed25519" +- "golang.org/x/crypto/hkdf" - - "gopkg.in/square/go-jose.v2/json" + "k8s.io/apiserver/pkg/storage/value" + "k8s.io/utils/clock" ) +@@ -132,14 +128,7 @@ func (e *extendedNonceGCM) derivedKeyTransformer(info []byte, dataCtx value.Cont + } -@@ -154,10 +152,6 @@ func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) { - // newVerifier creates a verifier based on the key type - func newVerifier(verificationKey interface{}) (payloadVerifier, error) { - switch verificationKey := verificationKey.(type) { -- case ed25519.PublicKey: -- return &edEncrypterVerifier{ -- publicKey: verificationKey, -- }, nil - case *rsa.PublicKey: - return &rsaEncrypterVerifier{ - publicKey: verificationKey, -@@ -193,8 +187,6 @@ func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interf + func (e *extendedNonceGCM) sha256KDFExpandOnly(info []byte) ([]byte, error) { +- kdf := hkdf.Expand(sha256.New, e.seed, info) +- +- derivedKey := make([]byte, derivedKeySizeExtendedNonceGCM) +- if _, err := io.ReadFull(kdf, derivedKey); err != nil { +- return nil, fmt.Errorf("failed to read a derived key from KDF: %w", err) +- } +- +- return derivedKey, nil ++ panic("hkdf cipher not available") + } - func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) { - switch signingKey := signingKey.(type) { -- case ed25519.PrivateKey: -- return newEd25519Signer(alg, signingKey) - case *rsa.PrivateKey: - return newRSASigner(alg, signingKey) - case *ecdsa.PrivateKey: + func newGCMTransformerWithInfo(key, info []byte) (*transformerWithInfo, error) { diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go -index 4bb18ee8..a3342a76 100644 +index 4bb18ee8b..a3342a767 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go +++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go @@ -23,14 +23,11 @@ import ( @@ -1937,60 +1183,25 @@ index 4bb18ee8..a3342a76 100644 } var _ value.Transformer = &envelopeTransformer{} -diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go -index cf8f3930..de4d145f 100644 ---- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go -+++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go -@@ -20,14 +20,10 @@ import ( - "bytes" - "context" - "crypto/aes" -- "crypto/sha256" - "errors" - "fmt" -- "io" - "time" - -- "golang.org/x/crypto/hkdf" -- - "k8s.io/apiserver/pkg/storage/value" - "k8s.io/utils/clock" - ) -@@ -132,14 +128,7 @@ func (e *extendedNonceGCM) derivedKeyTransformer(info []byte, dataCtx value.Cont - } - - func (e *extendedNonceGCM) sha256KDFExpandOnly(info []byte) ([]byte, error) { -- kdf := hkdf.Expand(sha256.New, e.seed, info) -- -- derivedKey := make([]byte, derivedKeySizeExtendedNonceGCM) -- if _, err := io.ReadFull(kdf, derivedKey); err != nil { -- return nil, fmt.Errorf("failed to read a derived key from KDF: %w", err) -- } -- -- return derivedKey, nil -+ panic("hkdf cipher not available") - } - - func newGCMTransformerWithInfo(key, info []byte) (*transformerWithInfo, error) { - diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go -index 45d5db58..db3bd2f9 100644 +index 4549257a0..16dbd9dd3 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go +++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go -@@ -23,12 +23,10 @@ import ( +@@ -23,13 +23,11 @@ import ( "crypto/cipher" "crypto/sha256" "fmt" - "sort" + "sync" "time" "unsafe" - "github.com/gogo/protobuf/proto" + "go.opentelemetry.io/otel/attribute" - "golang.org/x/crypto/cryptobyte" + "google.golang.org/protobuf/proto" utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/uuid" -@@ -418,41 +416,7 @@ func getRequestInfoFromContext(ctx context.Context) *genericapirequest.RequestIn +@@ -504,41 +502,7 @@ func getRequestInfoFromContext(ctx context.Context) *genericapirequest.RequestIn // a. annotation key // b. annotation value func generateCacheKey(encryptedDEKSourceType kmstypes.EncryptedDEKSourceType, encryptedDEKSource []byte, keyID string, annotations map[string][]byte) ([]byte, error) { @@ -2033,9 +1244,8 @@ index 45d5db58..db3bd2f9 100644 } // toBytes performs unholy acts to avoid allocations - diff --git a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go -index 9aec8acd..d0a19c71 100644 +index 9aec8acd3..d033f2cd8 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go +++ b/vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go @@ -19,10 +19,6 @@ package secretbox @@ -2080,41 +1290,857 @@ index 9aec8acd..d0a19c71 100644 - return secretbox.Seal(nonce[:], data, &nonce, &t.key), nil + panic("nacl cipher not available") } - -diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go -index d678f52d..da4abbae 100644 ---- a/vendor/k8s.io/apiserver/pkg/server/config.go -+++ b/vendor/k8s.io/apiserver/pkg/server/config.go -@@ -18,8 +18,6 @@ package server +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go +index 38afcc7..7aa6c68 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go +@@ -1,14 +1,12 @@ + package x25519 + + import ( +- "crypto/sha256" + "crypto/subtle" + "io" + + "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap" + "github.com/ProtonMail/go-crypto/openpgp/errors" + x25519lib "github.com/cloudflare/circl/dh/x25519" +- "golang.org/x/crypto/hkdf" + ) + + const ( +@@ -134,15 +132,7 @@ func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext [ + } + + func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte { +- inputKey := make([]byte, 3*KeySize) +- // ephemeral public key | recipient public key | shared secret +- subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey) +- subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey) +- subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret) +- hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, []byte(hkdfInfo)) +- encryptionKey := make([]byte, aes128KeySize) +- _, _ = io.ReadFull(hkdfReader, encryptionKey) +- return encryptionKey ++ panic("hkdf not available") + } + + func constantTimeIsZero(bytes []byte) bool { +diff --git a/vendor/github.com/cloudflare/circl/internal/conv/conv.go b/vendor/github.com/cloudflare/circl/internal/conv/conv.go +index 3fd0df4..777da11 100644 +--- a/vendor/github.com/cloudflare/circl/internal/conv/conv.go ++++ b/vendor/github.com/cloudflare/circl/internal/conv/conv.go +@@ -5,8 +5,6 @@ import ( + "fmt" + "math/big" + "strings" +- +- "golang.org/x/crypto/cryptobyte" + ) + + // BytesLe2Hex returns an hexadecimal string of a number stored in a +@@ -141,33 +139,32 @@ func BigInt2Uint64Le(z []uint64, x *big.Int) { + } + } + +-// MarshalBinary encodes a value into a byte array in a format readable by UnmarshalBinary. +-func MarshalBinary(v cryptobyte.MarshalingValue) ([]byte, error) { +- const DefaultSize = 32 +- b := cryptobyte.NewBuilder(make([]byte, 0, DefaultSize)) +- b.AddValue(v) +- return b.Bytes() ++// MarshalingValue is a placeholder interface for types that can marshal themselves. ++// The real implementation requires golang.org/x/crypto/cryptobyte which is not available. ++type MarshalingValue interface { ++ Marshal() error ++} ++ ++// MarshalBinary encodes a value into a byte array. ++// Not available: golang.org/x/crypto/cryptobyte was removed from vendor. ++func MarshalBinary(v MarshalingValue) ([]byte, error) { ++ panic("cryptobyte not available") + } + +-// MarshalBinaryLen encodes a value into an array of n bytes in a format readable by UnmarshalBinary. +-func MarshalBinaryLen(v cryptobyte.MarshalingValue, length uint) ([]byte, error) { +- b := cryptobyte.NewFixedBuilder(make([]byte, 0, length)) +- b.AddValue(v) +- return b.Bytes() ++// MarshalBinaryLen encodes a value into an array of n bytes. ++// Not available: golang.org/x/crypto/cryptobyte was removed from vendor. ++func MarshalBinaryLen(v MarshalingValue, length uint) ([]byte, error) { ++ panic("cryptobyte not available") + } + +-// A UnmarshalingValue decodes itself from a cryptobyte.String and advances the pointer. +-// It reports whether the read was successful. ++// UnmarshalingValue decodes itself from a byte string. ++// The real implementation requires golang.org/x/crypto/cryptobyte which is not available. + type UnmarshalingValue interface { +- Unmarshal(*cryptobyte.String) bool ++ UnmarshalBytes([]byte) bool + } + + // UnmarshalBinary recovers a value from a byte array. +-// It returns an error if the read was unsuccessful. ++// Not available: golang.org/x/crypto/cryptobyte was removed from vendor. + func UnmarshalBinary(v UnmarshalingValue, data []byte) (err error) { +- s := cryptobyte.String(data) +- if data == nil || !v.Unmarshal(&s) || !s.Empty() { +- err = fmt.Errorf("cannot read %T from input string", v) +- } +- return ++ panic("cryptobyte not available") + } +diff --git a/vendor/github.com/grafana/grafana-cloud-migration-snapshot/src/infra/crypto/crypto.go b/vendor/github.com/grafana/grafana-cloud-migration-snapshot/src/infra/crypto/crypto.go +index 580a376..07864b1 100644 +--- a/vendor/github.com/grafana/grafana-cloud-migration-snapshot/src/infra/crypto/crypto.go ++++ b/vendor/github.com/grafana/grafana-cloud-migration-snapshot/src/infra/crypto/crypto.go +@@ -1,14 +1,9 @@ + package crypto + + import ( +- "bytes" +- "fmt" + "io" + +- cryptoRand "crypto/rand" +- + "github.com/grafana/grafana-cloud-migration-snapshot/src/contracts" +- "golang.org/x/crypto/nacl/box" + ) + + type Nacl struct { +@@ -23,35 +18,9 @@ func (nacl Nacl) Algo() string { + } + + func (nacl Nacl) Encrypt(keys contracts.AssymetricKeys, reader io.Reader) (io.Reader, error) { +- var nonce [24]byte +- +- if _, err := io.ReadFull(cryptoRand.Reader, nonce[:]); err != nil { +- return nil, fmt.Errorf("reading random bytes into nonce buffer: %w", err) +- } +- +- msg, err := io.ReadAll(reader) +- if err != nil { +- return nil, fmt.Errorf("reading payload from reader: %w", err) +- } +- +- // This encrypts msg and appends the result to the nonce. +- encrypted := box.Seal(nonce[:], msg, &nonce, (*[32]byte)(keys.Public), (*[32]byte)(keys.Private)) +- +- return bytes.NewReader(encrypted), nil ++ panic("nacl cipher not available") + } + + func (nacl Nacl) Decrypt(keys contracts.AssymetricKeys, reader io.Reader) (io.Reader, error) { +- encryptedPayload, err := io.ReadAll(reader) +- if err != nil { +- return nil, fmt.Errorf("reading from reader: %w", err) +- } +- +- var decryptNonce [24]byte +- copy(decryptNonce[:], encryptedPayload[:24]) +- decrypted, ok := box.Open(nil, encryptedPayload[24:], &decryptNonce, (*[32]byte)(keys.Public), (*[32]byte)(keys.Private)) +- if !ok { +- return nil, fmt.Errorf("decrypting payload failed") +- } +- +- return bytes.NewReader(decrypted), nil ++ panic("nacl cipher not available") + } +diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go +index d1f90c0..7b6ad26 100644 +--- a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go ++++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rfc4757/keyDerivation.go +@@ -1,35 +1,9 @@ + package rfc4757 + +-import ( +- "bytes" +- "encoding/hex" +- "errors" +- "fmt" +- "io" +- +- "golang.org/x/crypto/md4" +-) +- + // StringToKey returns a key derived from the string provided according to the definition in RFC 4757. ++// Not available: golang.org/x/crypto/md4 was removed from vendor. + func StringToKey(secret string) ([]byte, error) { +- b := make([]byte, len(secret)*2, len(secret)*2) +- for i, r := range secret { +- u := fmt.Sprintf("%04x", r) +- c, err := hex.DecodeString(u) +- if err != nil { +- return []byte{}, errors.New("character could not be encoded") +- } +- // Swap round the two bytes to make little endian as we put into byte slice +- b[2*i] = c[1] +- b[2*i+1] = c[0] +- } +- r := bytes.NewReader(b) +- h := md4.New() +- _, err := io.Copy(h, r) +- if err != nil { +- return []byte{}, err +- } +- return h.Sum(nil), nil ++ panic("md4 not available") + } + + func deriveKeys(key, checksum []byte, usage uint32, export bool) (k1, k2, k3 []byte) { +diff --git a/vendor/github.com/openfga/openfga/pkg/storage/sqlite/sqlite.go b/vendor/github.com/openfga/openfga/pkg/storage/sqlite/sqlite.go +index 93ae2cf..d00795c 100644 +--- a/vendor/github.com/openfga/openfga/pkg/storage/sqlite/sqlite.go ++++ b/vendor/github.com/openfga/openfga/pkg/storage/sqlite/sqlite.go +@@ -19,8 +19,6 @@ import ( + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/structpb" + "google.golang.org/protobuf/types/known/timestamppb" +- "modernc.org/sqlite" +- sqlite3 "modernc.org/sqlite/lib" + + openfgav1 "github.com/openfga/api/proto/openfga/v1" + +@@ -101,17 +99,7 @@ func PrepareDSN(uri string) (string, error) { + + // New creates a new [Datastore] storage. + func New(uri string, cfg *sqlcommon.Config) (*Datastore, error) { +- uri, err := PrepareDSN(uri) +- if err != nil { +- return nil, err +- } +- +- db, err := sql.Open("sqlite", uri) +- if err != nil { +- return nil, fmt.Errorf("initialize sqlite connection: %w", err) +- } +- +- return NewWithDB(db, cfg) ++ panic("modernc.org/sqlite not available") + } + + // NewWithDB creates a new [Datastore] storage with the provided database connection. +@@ -1328,23 +1316,12 @@ func (s *Datastore) IsReady(ctx context.Context) (storage.ReadinessStatus, error + + // HandleSQLError processes an SQL error and converts it into a more + // specific error type based on the nature of the SQL error. ++// Note: modernc.org/sqlite error type checking is not available (package removed from vendor). + func HandleSQLError(err error, args ...interface{}) error { + if errors.Is(err, sql.ErrNoRows) { + return storage.ErrNotFound + } + +- var sqliteErr *sqlite.Error +- if errors.As(err, &sqliteErr) { +- if sqliteErr.Code()&0xFF == sqlite3.SQLITE_CONSTRAINT { +- if len(args) > 0 { +- if tk, ok := args[0].(*openfgav1.TupleKey); ok { +- return storage.InvalidWriteInputError(tk, openfgav1.TupleOperation_TUPLE_OPERATION_WRITE) +- } +- } +- return storage.ErrCollision +- } +- } +- + return fmt.Errorf("sql error: %w", err) + } + +@@ -1370,21 +1347,8 @@ func busyRetry(fn func() error) error { + } + } + +-var busyErrors = map[int]struct{}{ +- sqlite3.SQLITE_BUSY_RECOVERY: {}, +- sqlite3.SQLITE_BUSY_SNAPSHOT: {}, +- sqlite3.SQLITE_BUSY_TIMEOUT: {}, +- sqlite3.SQLITE_BUSY: {}, +- sqlite3.SQLITE_LOCKED_SHAREDCACHE: {}, +- sqlite3.SQLITE_LOCKED: {}, +-} +- + func isBusyError(err error) bool { +- var sqliteErr *sqlite.Error +- if !errors.As(err, &sqliteErr) { +- return false +- } +- +- _, ok := busyErrors[sqliteErr.Code()] +- return ok ++ // modernc.org/sqlite not available; cannot check for SQLite-specific busy errors. ++ _ = err ++ return false + } +diff --git a/vendor/github.com/youmark/pkcs8/kdf_scrypt.go b/vendor/github.com/youmark/pkcs8/kdf_scrypt.go +index 36c4f4f..4133959 100644 +--- a/vendor/github.com/youmark/pkcs8/kdf_scrypt.go ++++ b/vendor/github.com/youmark/pkcs8/kdf_scrypt.go +@@ -2,8 +2,6 @@ package pkcs8 + + import ( + "encoding/asn1" +- +- "golang.org/x/crypto/scrypt" + ) + + var ( +@@ -24,8 +22,7 @@ type scryptParams struct { + } + + func (p scryptParams) DeriveKey(password []byte, size int) (key []byte, err error) { +- return scrypt.Key(password, p.Salt, p.CostParameter, p.BlockSize, +- p.ParallelizationParameter, size) ++ panic("scrypt cipher not available") + } + + // ScryptOpts contains options for the scrypt key derivation function. +@@ -38,19 +35,7 @@ type ScryptOpts struct { + + func (p ScryptOpts) DeriveKey(password, salt []byte, size int) ( + key []byte, params KDFParameters, err error) { +- +- key, err = scrypt.Key(password, salt, p.CostParameter, p.BlockSize, +- p.ParallelizationParameter, size) +- if err != nil { +- return nil, nil, err +- } +- params = scryptParams{ +- BlockSize: p.BlockSize, +- CostParameter: p.CostParameter, +- ParallelizationParameter: p.ParallelizationParameter, +- Salt: salt, +- } +- return key, params, nil ++ panic("scrypt cipher not available") + } + + func (p ScryptOpts) GetSaltSize() int { +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go +index f04e6c6..29fff01 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go +@@ -11,7 +11,6 @@ import ( + "crypto/dsa" + "crypto/rsa" + "crypto/sha1" +- "crypto/sha256" + "crypto/subtle" + "fmt" + "io" +@@ -30,7 +29,6 @@ import ( + "github.com/ProtonMail/go-crypto/openpgp/s2k" + "github.com/ProtonMail/go-crypto/openpgp/x25519" + "github.com/ProtonMail/go-crypto/openpgp/x448" +- "golang.org/x/crypto/hkdf" + ) + + // PrivateKey represents a possibly encrypted private key. See RFC 4880, +@@ -1108,17 +1106,7 @@ func (pk *PrivateKey) additionalData() ([]byte, error) { + } + + func (pk *PrivateKey) applyHKDF(inputKey []byte) []byte { +- var packetByte byte +- if pk.PublicKey.IsSubkey { +- packetByte = 0xc7 +- } else { +- packetByte = 0xc5 +- } +- associatedData := []byte{packetByte, byte(pk.Version), byte(pk.cipher), byte(pk.aead)} +- hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData) +- encryptionKey := make([]byte, pk.cipher.KeySize()) +- _, _ = readFull(hkdfReader, encryptionKey) +- return encryptionKey ++ panic("hkdf cipher not available") + } + + func validateDSAParameters(priv *dsa.PrivateKey) error { +diff --git a/pkg/services/cloudmigration/gmsclient/inmemory_client.go b/pkg/services/cloudmigration/gmsclient/inmemory_client.go +index 9d72f18..bfdd210 100644 +--- a/pkg/services/cloudmigration/gmsclient/inmemory_client.go ++++ b/pkg/services/cloudmigration/gmsclient/inmemory_client.go +@@ -2,14 +2,8 @@ package gmsclient import ( "context" +- cryptoRand "crypto/rand" +- "encoding/json" +- "fmt" + "sync" + +- "github.com/google/uuid" +- "golang.org/x/crypto/nacl/box" +- + "github.com/grafana/grafana/pkg/services/cloudmigration" + ) + +@@ -31,38 +25,7 @@ func (c *memoryClientImpl) ValidateKey(ctx context.Context, cm cloudmigration.Cl + } + + func (c *memoryClientImpl) StartSnapshot(_ context.Context, sess cloudmigration.CloudMigrationSession) (*cloudmigration.StartSnapshotResponse, error) { +- publicKey, _, err := box.GenerateKey(cryptoRand.Reader) +- if err != nil { +- return nil, fmt.Errorf("nacl: generating public and private key: %w", err) +- } +- +- snapshotUid := uuid.NewString() +- +- metadataBuffer, err := json.Marshal(struct { +- SnapshotID string `json:"snapshotID"` +- StackID string `json:"stackID"` +- Slug string `json:"slug"` +- }{ +- SnapshotID: snapshotUid, +- StackID: fmt.Sprintf("%d", sess.StackID), +- Slug: sess.Slug, +- }) +- +- if err != nil { +- return nil, fmt.Errorf("marshalling metadata: %w", err) +- } +- +- c.mx.Lock() +- c.snapshotInfo[snapshotUid] = cloudmigration.SnapshotStateInitialized +- c.mx.Unlock() +- +- return &cloudmigration.StartSnapshotResponse{ +- GMSPublicKey: publicKey[:], +- SnapshotID: snapshotUid, +- MaxItemsPerPartition: 10, +- Algo: "nacl", +- Metadata: metadataBuffer, +- }, nil ++ panic("nacl cipher not available") + } + + func (c *memoryClientImpl) GetSnapshotStatus(ctx context.Context, session cloudmigration.CloudMigrationSession, snapshot cloudmigration.CloudMigrationSnapshot, offset int) (*cloudmigration.GetSnapshotStatusResponse, error) { +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go +index 65a082d..5b38cf5 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go +@@ -1,14 +1,12 @@ + package x448 + + import ( +- "crypto/sha512" + "crypto/subtle" + "io" + + "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap" + "github.com/ProtonMail/go-crypto/openpgp/errors" + x448lib "github.com/cloudflare/circl/dh/x448" +- "golang.org/x/crypto/hkdf" + ) + + const ( +@@ -140,15 +138,7 @@ func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext [ + } + + func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte { +- inputKey := make([]byte, 3*KeySize) +- // ephemeral public key | recipient public key | shared secret. +- subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey) +- subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey) +- subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret) +- hkdfReader := hkdf.New(sha512.New, inputKey, []byte{}, []byte(hkdfInfo)) +- encryptionKey := make([]byte, aes256KeySize) +- _, _ = io.ReadFull(hkdfReader, encryptionKey) +- return encryptionKey ++ panic("hkdf cipher not available") + } + + func constantTimeIsZero(bytes []byte) bool { +diff --git a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go +index 42f84b8..e933f7d 100644 +--- a/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go ++++ b/vendor/github.com/jcmturner/gokrb5/v8/crypto/rc4-hmac.go +@@ -1,17 +1,14 @@ + package crypto + + import ( +- "bytes" + "crypto/hmac" + "crypto/md5" + "hash" +- "io" + + "github.com/jcmturner/gokrb5/v8/crypto/rfc3961" + "github.com/jcmturner/gokrb5/v8/crypto/rfc4757" + "github.com/jcmturner/gokrb5/v8/iana/chksumtype" + "github.com/jcmturner/gokrb5/v8/iana/etypeID" +- "golang.org/x/crypto/md4" + ) + + // RC4HMAC implements Kerberos encryption type rc4-hmac +@@ -75,10 +72,7 @@ func (e RC4HMAC) StringToKey(secret string, salt string, s2kparams string) ([]by + + // RandomToKey returns a key from the bytes provided. + func (e RC4HMAC) RandomToKey(b []byte) []byte { +- r := bytes.NewReader(b) +- h := md4.New() +- io.Copy(h, r) +- return h.Sum(nil) ++ panic("md4 cipher not available") + } + + // EncryptData encrypts the data provided. +diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation/cache.go b/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation/cache.go +index cf73107..76634c6 100644 +--- a/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation/cache.go ++++ b/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation/cache.go +@@ -17,13 +17,10 @@ limitations under the License. + package impersonation + + import ( - "crypto/sha256" -- "encoding/base32" "fmt" - "net" - "net/http" -@@ -34,7 +32,6 @@ import ( + "hash/fnv" + "time" - jsonpatch "github.com/evanphx/json-patch" - "github.com/google/uuid" - "golang.org/x/crypto/cryptobyte" +- + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/util/cache" +@@ -268,53 +265,30 @@ func addUser(b *cacheKeyBuilder, u user.Info) { + // cacheKeyBuilder adds syntactic sugar on top of cryptobyte.Builder to make it easier to use for complex inputs. + type cacheKeyBuilder struct { + namespace string // in the programming sense, not the Kubernetes concept +- builder *cryptobyte.Builder + } - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -@@ -374,29 +371,7 @@ func NewConfig(codecs serializer.CodecFactory) *Config { - defaultHealthChecks := []healthz.HealthChecker{healthz.PingHealthz, healthz.LogHealthz} - var id string - if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.APIServerIdentity) { -- hostname, err := hostnameFunc() -- if err != nil { -- klog.Fatalf("error getting hostname for apiserver identity: %v", err) + func newCacheKeyBuilder(namespace string) *cacheKeyBuilder { +- // start with a reasonable size to avoid too many allocations +- return &cacheKeyBuilder{namespace: namespace, builder: cryptobyte.NewBuilder(make([]byte, 0, 384))} ++ panic("cryptobyte cipher not available") + } + + func (c *cacheKeyBuilder) addString(value string) *cacheKeyBuilder { +- c.addLengthPrefixed(func(c *cacheKeyBuilder) { +- c.builder.AddBytes([]byte(value)) +- }) +- return c ++ panic("cryptobyte cipher not available") + } + + func (c *cacheKeyBuilder) addStringSlice(values []string) *cacheKeyBuilder { +- c.addLengthPrefixed(func(c *cacheKeyBuilder) { +- for _, v := range values { +- c.addString(v) +- } +- }) +- return c ++ panic("cryptobyte cipher not available") + } + + func (c *cacheKeyBuilder) addBool(value bool) *cacheKeyBuilder { +- var b byte +- if value { +- b = 1 +- } +- c.builder.AddUint8(b) +- return c ++ panic("cryptobyte cipher not available") + } + + type builderContinuation func(child *cacheKeyBuilder) + + func (c *cacheKeyBuilder) addLengthPrefixed(f builderContinuation) { +- c.builder.AddUint32LengthPrefixed(func(b *cryptobyte.Builder) { +- c := &cacheKeyBuilder{namespace: c.namespace, builder: b} +- f(c) +- }) ++ panic("cryptobyte cipher not available") + } + + func (c *cacheKeyBuilder) build() (string, error) { +- key, err := c.builder.Bytes() +- if err != nil { +- return "", err +- } +- hash := sha256.Sum256(key) // reduce the size of the cache key to keep the overall cache size small +- return fmt.Sprintf("%x/%s", hash[:], c.namespace), nil ++ panic("cryptobyte cipher not available") + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go +index 2812a1d..466f447 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go +@@ -7,13 +7,11 @@ package packet + import ( + "bytes" + "crypto/cipher" +- "crypto/sha256" + "io" + "strconv" + + "github.com/ProtonMail/go-crypto/openpgp/errors" + "github.com/ProtonMail/go-crypto/openpgp/s2k" +- "golang.org/x/crypto/hkdf" + ) + + // This is the largest session key that we'll support. Since at most 256-bit cipher +@@ -316,16 +314,5 @@ func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, + } + + func getEncryptedKeyAeadInstance(c CipherFunction, mode AEADMode, inputKey, associatedData []byte, version int) (aead cipher.AEAD) { +- var blockCipher cipher.Block +- if version > 5 { +- hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData) +- +- encryptionKey := make([]byte, c.KeySize()) +- _, _ = readFull(hkdfReader, encryptionKey) +- +- blockCipher = c.new(encryptionKey) +- } else { +- blockCipher = c.new(inputKey) +- } +- return mode.new(blockCipher) ++ panic("hkdf cipher not available") + } +diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go +index 6871b84..062646b 100644 +--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go ++++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go +@@ -15,7 +15,6 @@ import ( + + "github.com/ProtonMail/go-crypto/openpgp/errors" + "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" +- "golang.org/x/crypto/argon2" + ) + + type Mode uint8 +@@ -175,8 +174,7 @@ func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) { + // Argon2 writes to out the key derived from the password (in) with the Argon2 + // function (the crypto refresh, section 3.7.1.4) + func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) { +- key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out))) +- copy(out[:], key) ++ panic("argon2 cipher not available") + } + + // Generate generates valid parameters from given configuration. +diff --git a/pkg/services/cloudmigration/cloudmigrationimpl/snapshot_mgmt.go b/pkg/services/cloudmigration/cloudmigrationimpl/snapshot_mgmt.go +index 7d3cbb0..11fedf8 100644 +--- a/pkg/services/cloudmigration/cloudmigrationimpl/snapshot_mgmt.go ++++ b/pkg/services/cloudmigration/cloudmigrationimpl/snapshot_mgmt.go +@@ -3,7 +3,6 @@ package cloudmigrationimpl + import ( + "bytes" + "context" +- cryptoRand "crypto/rand" + "encoding/json" + "errors" + "fmt" +@@ -14,11 +13,8 @@ import ( + "time" + + "go.opentelemetry.io/otel/codes" +- "golang.org/x/crypto/nacl/box" + + snapshot "github.com/grafana/grafana-cloud-migration-snapshot/src" +- "github.com/grafana/grafana-cloud-migration-snapshot/src/contracts" +- "github.com/grafana/grafana-cloud-migration-snapshot/src/infra/crypto" + "github.com/grafana/grafana/pkg/infra/tracing" + plugins "github.com/grafana/grafana/pkg/plugins" + ac "github.com/grafana/grafana/pkg/services/accesscontrol" +@@ -554,87 +550,7 @@ func (s *Service) buildSnapshot( + s.log.Debug(fmt.Sprintf("buildSnapshot: method completed in %d ms", time.Since(start).Milliseconds())) + }() + +- publicKey, privateKey, err := box.GenerateKey(cryptoRand.Reader) +- if err != nil { +- return fmt.Errorf("nacl: generating public and private key: %w", err) +- } +- +- s.log.Debug(fmt.Sprintf("buildSnapshot: generated keys in %d ms", time.Since(start).Milliseconds())) +- +- // Use GMS public key + the grafana generated private key to encrypt snapshot files. +- snapshotWriter, err := snapshot.NewSnapshotWriter(contracts.AssymetricKeys{ +- Public: snapshotMeta.GMSPublicKey, +- Private: privateKey[:], +- }, +- crypto.NewNacl(), +- snapshotMeta.LocalDir, +- ) +- if err != nil { +- return fmt.Errorf("instantiating snapshot writer: %w", err) +- } +- +- s.log.Debug(fmt.Sprintf("buildSnapshot: created snapshot writing in %d ms", time.Since(start).Milliseconds())) +- +- migrationData, err := s.getMigrationDataJSON(ctx, signedInUser, resourceTypes) +- if err != nil { +- return fmt.Errorf("fetching migration data: %w", err) +- } +- +- s.log.Debug(fmt.Sprintf("buildSnapshot: got migration data json in %d ms", time.Since(start).Milliseconds())) +- +- localSnapshotResource := make([]cloudmigration.CloudMigrationResource, len(migrationData.Items)) +- resourcesGroupedByType := make(map[cloudmigration.MigrateDataType][]snapshot.MigrateDataRequestItemDTO, 0) +- for i, item := range migrationData.Items { +- resourcesGroupedByType[item.Type] = append(resourcesGroupedByType[item.Type], snapshot.MigrateDataRequestItemDTO{ +- Name: item.Name, +- Type: snapshot.MigrateDataType(item.Type), +- RefID: item.RefID, +- Data: item.Data, +- }) +- +- parentName := "" +- if _, exists := migrationData.ItemParentNames[item.Type]; exists { +- parentName = migrationData.ItemParentNames[item.Type][item.RefID] - } - -- // Since the hash needs to be unique across each kube-apiserver and aggregated apiservers, -- // the hash used for the identity should include both the hostname and the identity value. -- // TODO: receive the identity value as a parameter once the apiserver identity lease controller -- // post start hook is moved to generic apiserver. +- localSnapshotResource[i] = cloudmigration.CloudMigrationResource{ +- Name: item.Name, +- Type: item.Type, +- RefID: item.RefID, +- Status: cloudmigration.ItemStatusPending, +- ParentName: parentName, +- } +- } +- +- switch s.cfg.CloudMigration.ResourceStorageType { +- case cloudmigration.ResourceStorageTypeDb: +- if err := s.buildSnapshotWithDBStorage(ctx, snapshotMeta.UID, snapshotWriter, resourcesGroupedByType, maxItemsPerPartition); err != nil { +- return fmt.Errorf("building snapshot with database storage: %w", err) +- } +- s.log.Debug(fmt.Sprintf("buildSnapshot: wrote data partitions with database storage in %d ms", time.Since(start).Milliseconds())) +- +- case cloudmigration.ResourceStorageTypeFs: +- if err := s.buildSnapshotWithFSStorage(publicKey[:], metadata, snapshotWriter, resourcesGroupedByType, maxItemsPerPartition); err != nil { +- return fmt.Errorf("building snapshot with file system storage: %w", err) +- } +- s.log.Debug(fmt.Sprintf("buildSnapshot: wrote data partitions with file system storage in %d ms", time.Since(start).Milliseconds())) +- +- default: +- return fmt.Errorf("unknown resource storage type, check your configuration and try again: %q", s.cfg.CloudMigration.ResourceStorageType) +- } +- +- // update snapshot status to pending upload with retries +- if err := s.updateSnapshotWithRetries(ctx, cloudmigration.UpdateSnapshotCmd{ +- UID: snapshotMeta.UID, +- SessionID: snapshotMeta.SessionUID, +- Status: cloudmigration.SnapshotStatusPendingUpload, +- LocalResourcesToCreate: localSnapshotResource, +- PublicKey: publicKey[:], +- }); err != nil { +- return err +- } +- +- return nil ++ panic("nacl cipher not available") + } + + func (s *Service) buildSnapshotWithDBStorage(ctx context.Context, snapshotUID string, snapshotWriter *snapshot.SnapshotWriter, resourcesGroupedByType map[cloudmigration.MigrateDataType][]snapshot.MigrateDataRequestItemDTO, maxItemsPerPartition uint32) error { +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +index 0a2718d..1eda111 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +@@ -23,7 +23,6 @@ import ( + "strings" + "sync" + +- "golang.org/x/crypto/bcrypt" + "golang.org/x/time/rate" + ) + +@@ -44,11 +43,8 @@ func validateUsers(configPath string) error { + return err + } + +- for _, p := range c.Users { +- _, err = bcrypt.Cost([]byte(p)) +- if err != nil { +- return err +- } ++ for range c.Users { ++ panic("bcrypt cipher not available") + } + + return nil +@@ -132,11 +128,7 @@ func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if !ok { + // This user, hashedPassword, password is not cached. + u.bcryptMtx.Lock() +- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) +- u.bcryptMtx.Unlock() +- +- authOk = validUser && err == nil +- u.cache.set(cacheKey, authOk) ++ panic("bcrypt cipher not available") + } + + if authOk && validUser { +diff --git a/vendor/github.com/crewjam/saml/xmlenc/digest.go b/vendor/github.com/crewjam/saml/xmlenc/digest.go +index 3eaaf7b..b2a5f3a 100644 +--- a/vendor/github.com/crewjam/saml/xmlenc/digest.go ++++ b/vendor/github.com/crewjam/saml/xmlenc/digest.go +@@ -6,8 +6,6 @@ import ( + "crypto/sha512" + "hash" + +- //nolint:staticcheck // We should support this for legacy reasons. +- "golang.org/x/crypto/ripemd160" + ) + + type digestMethod struct { +@@ -42,16 +40,10 @@ var ( + hash: sha512.New, + } + +- // RIPEMD160 implements the RIPEMD160 digest method +- RIPEMD160 = digestMethod{ +- algorithm: "http://www.w3.org/2000/09/xmldsig#ripemd160", +- hash: ripemd160.New, +- } + ) + + func init() { + RegisterDigestMethod(SHA1) + RegisterDigestMethod(SHA256) + RegisterDigestMethod(SHA512) +- RegisterDigestMethod(RIPEMD160) + } +diff --git a/vendor/github.com/mithrandie/csvq/lib/query/session.go b/vendor/github.com/mithrandie/csvq/lib/query/session.go +--- a/vendor/github.com/mithrandie/csvq/lib/query/session.go ++++ b/vendor/github.com/mithrandie/csvq/lib/query/session.go +@@ -12,8 +12,6 @@ + "github.com/mithrandie/csvq/lib/file" + "github.com/mithrandie/csvq/lib/option" + "github.com/mithrandie/csvq/lib/parser" +- +- "golang.org/x/crypto/ssh/terminal" + ) + + var ( +@@ -241,10 +239,6 @@ + if termw, _, err := sess.Terminal().GetSize(); err == nil { + width = termw + } +- } else { +- if w, _, err := terminal.GetSize(int(sess.ScreenFd())); err == nil { +- width = w +- } + } + return width + } +diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go +--- a/vendor/k8s.io/apiserver/pkg/server/config.go ++++ b/vendor/k8s.io/apiserver/pkg/server/config.go +@@ -33,7 +33,6 @@ + "time" + + "github.com/google/uuid" +- "golang.org/x/crypto/cryptobyte" + jsonpatch "gopkg.in/evanphx/json-patch.v4" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +@@ -407,17 +406,19 @@ + // the hash used for the identity should include both the hostname and the identity value. + // TODO: receive the identity value as a parameter once the apiserver identity lease controller + // post start hook is moved to generic apiserver. - b := cryptobyte.NewBuilder(nil) - b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { - b.AddBytes([]byte(hostname)) @@ -2126,9 +2152,19 @@ index d678f52d..da4abbae 100644 - if err != nil { - klog.Fatalf("error building hash data for apiserver identity: %v", err) - } -- -- hash := sha256.Sum256(hashData) -- id = "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16])) -+ panic("cryptobyte cipher not available") - } - lifecycleSignals := newLifecycleSignals() ++ // golang.org/x/crypto/cryptobyte is removed from vendor for FIPS compliance. ++ // Replicate the original AddUint16LengthPrefixed encoding (2-byte big-endian ++ // length prefix followed by data) using standard-library byte manipulation so ++ // the resulting SHA-256 hash is identical to the upstream implementation. ++ hn := []byte(hostname) ++ id2 := []byte("kube-apiserver") ++ hashData := make([]byte, 2+len(hn)+2+len(id2)) ++ hashData[0] = byte(len(hn) >> 8) ++ hashData[1] = byte(len(hn)) ++ copy(hashData[2:], hn) ++ hashData[2+len(hn)] = byte(len(id2) >> 8) ++ hashData[2+len(hn)+1] = byte(len(id2)) ++ copy(hashData[2+len(hn)+2:], id2) + + hash := sha256.Sum256(hashData) + id = "apiserver-" + strings.ToLower(base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(hash[:16])) diff --git a/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch index ad92fb1..f02355c 100644 --- a/1002-vendor-use-pbkdf2-from-OpenSSL.patch +++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -4,6 +4,13 @@ This patch modifies the x/crypto/pbkdf2 function to use OpenSSL if FIPS mode is enabled. DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h +diff --git a/vendor/modules.txt b/vendor/modules.txt +--- a/vendor/modules.txt ++++ b/vendor/modules.txt +@@ -1,2 +1,3 @@ + golang.org/x/crypto/internal/alias ++golang.org/x/crypto/internal/boring + golang.org/x/crypto/internal/poly1305 diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go new file mode 100644 index 0000000000..5a06918832 @@ -111,7 +118,7 @@ index 593f653008..799a611f94 100644 --- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go @@ -19,8 +19,11 @@ pbkdf2.Key. - package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + package pbkdf2 import ( + "crypto/boring" diff --git a/1004-vendor-Redacted-Url-in-logs.patch b/1004-vendor-Redacted-Url-in-logs.patch deleted file mode 100644 index 9ac5827..0000000 --- a/1004-vendor-Redacted-Url-in-logs.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go -index f40d241..765a828 100644 ---- a/vendor/github.com/hashicorp/go-retryablehttp/client.go -+++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go -@@ -584,9 +584,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) { - if logger != nil { - switch v := logger.(type) { - case LeveledLogger: -- v.Debug("performing request", "method", req.Method, "url", req.URL) -+ v.Debug("performing request", "method", req.Method, "url", req.URL.Redacted()) - case Logger: -- v.Printf("[DEBUG] %s %s", req.Method, req.URL) -+ v.Printf("[DEBUG] %s %s", req.Method, req.URL.Redacted()) - } - } - -@@ -641,9 +641,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) { - if err != nil { - switch v := logger.(type) { - case LeveledLogger: -- v.Error("request failed", "error", err, "method", req.Method, "url", req.URL) -+ v.Error("request failed", "error", err, "method", req.Method, "url", req.URL.Redacted()) - case Logger: -- v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err) -+ v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL.Redacted(), err) - } - } else { - // Call this here to maintain the behavior of logging all requests, -@@ -679,7 +679,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) { - - wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp) - if logger != nil { -- desc := fmt.Sprintf("%s %s", req.Method, req.URL) -+ desc := fmt.Sprintf("%s %s", req.Method, req.URL.Redacted()) - if resp != nil { - desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode) - } -@@ -735,11 +735,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) { - // communicate why - if err == nil { - return nil, fmt.Errorf("%s %s giving up after %d attempt(s)", -- req.Method, req.URL, attempt) -+ req.Method, req.URL.Redacted(), attempt) - } - - return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w", -- req.Method, req.URL, attempt, err) -+ req.Method, req.URL.Redacted(), attempt, err) - } - - // Try to read the response body so we can reuse this connection. diff --git a/README.md b/README.md index cc610eb..b282f27 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ The grafana package ## Upgrade instructions * follow the Setup instructions above * rebase to the new version: `git fetch && git rebase --onto ` - * rebasing `remove-unused-backend-dependencies.patch`: only apply the patch to `pkg/extensions/main.go` and run `go mod tidy`, then `go.mod` and `go.sum` will get updated automatically * rebasing `remove-unused-frontend-crypto.patch`: only apply the patch to `package.json` and run `yarn install`, then `yarn.lock` will get updated automatically * create new patches from the modified git commits: `git format-patch -N --no-stat --no-signature && mv *.patch ..` * update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile diff --git a/build_frontend.sh b/build_frontend.sh index 1117e80..1180e93 100755 --- a/build_frontend.sh +++ b/build_frontend.sh @@ -6,15 +6,5 @@ export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144" # Build the frontend yarn run build -# Build the bundled plugins -mkdir plugins-bundled/external -yarn run plugins:build-bundled -for plugin in plugins-bundled/internal/input-datasource; do - mv $plugin $plugin.tmp - mv $plugin.tmp/dist $plugin - rm -rf $plugin.tmp -done -rm plugins-bundled/README.md plugins-bundled/.gitignore plugins-bundled/external.json - # Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics)) -chmod -R g-w,o-w public/build plugins-bundled +chmod -R g-w,o-w public/build diff --git a/create_bundles.sh b/create_bundles.sh index f4105d0..44f2a13 100755 --- a/create_bundles.sh +++ b/create_bundles.sh @@ -20,9 +20,7 @@ tar xf "${SOURCE_TAR}" pushd "${SOURCE_DIR}" # Vendor Go dependencies -patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch -patch -p1 --fuzz=0 < ../0012-fix-jwt-CVE.patch -go mod vendor +go work vendor # Generate Go files make gen-go @@ -31,42 +29,43 @@ make gen-go rm -r vendor/golang.org/x/crypto/bcrypt rm -r vendor/golang.org/x/crypto/blowfish rm -r vendor/golang.org/x/crypto/cast5 -rm -r vendor/golang.org/x/crypto/acme rm -r vendor/golang.org/x/crypto/argon2 rm -r vendor/golang.org/x/crypto/blake2b rm -r vendor/golang.org/x/crypto/chacha20 rm -r vendor/golang.org/x/crypto/chacha20poly1305 rm -r vendor/golang.org/x/crypto/cryptobyte rm -r vendor/golang.org/x/crypto/curve25519 -rm -r vendor/golang.org/x/crypto/ed25519 rm -r vendor/golang.org/x/crypto/hkdf rm -r vendor/golang.org/x/crypto/internal rm -r vendor/golang.org/x/crypto/md4 rm -r vendor/golang.org/x/crypto/nacl -rm -r vendor/golang.org/x/crypto/openpgp rm -r vendor/golang.org/x/crypto/pkcs12 -rm -r vendor/golang.org/x/crypto/poly1305 rm -r vendor/golang.org/x/crypto/salsa20 rm -r vendor/golang.org/x/crypto/scrypt +rm -r vendor/golang.org/x/crypto/ripemd160 rm -r vendor/golang.org/x/crypto/sha3 +rm -r vendor/golang.org/x/crypto/ssh # Remove unused code under apsl licenses rm -r vendor/modernc.org/libc rm -r vendor/modernc.org/sqlite # List bundled dependencies -awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \ +awk '$1 !~ /^\/\// && $2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \ sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest" # Vendor Node.js dependencies -patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch -patch -p1 --fuzz=0 < ../0011-fix-dompurify-CVE.patch +patch -p1 --fuzz=0 < ../0004-remove-unused-frontend-crypto.patch export HUSKY=0 yarn install --frozen-lockfile # Remove files with licensing issues find .yarn -name 'node-notifier' -prune -exec rm -r {} \; find .yarn -name 'nodemon' -prune -exec rm -r {} \; +rm -rf node_modules/node-notifier node_modules/nodemon + +# Remove forbidden Unicode code point +sed -i "s/$(printf '\xe2\x80\xac')//g" node_modules/http2-client/LICENSE # List bundled dependencies ../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest" @@ -82,25 +81,28 @@ XZ_OPT=-9 tar \ -cJf "${VENDOR_TAR}" \ "${SOURCE_DIR}/vendor" \ $(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \ - "${SOURCE_DIR}/.pnp.cjs" \ "${SOURCE_DIR}/.yarn/cache" \ - "${SOURCE_DIR}/.yarn/unplugged" + "${SOURCE_DIR}/node_modules" ## Create webpack pushd "${SOURCE_DIR}" +# Apply frontend source patches before compiling +patch -p1 --fuzz=0 < ../0008-fix-plugin-details-for-versions-not-in-GCOM-registry.patch +patch -p1 --fuzz=0 < ../0009-suppress-signature-warning-for-pcp-plugin.patch ../build_frontend.sh popd # Create tarball +# shellcheck disable=SC2046 tar \ --sort=name \ --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ --owner=0 --group=0 --numeric-owner \ -czf "${WEBPACK_TAR}" \ - "${SOURCE_DIR}/plugins-bundled" \ "${SOURCE_DIR}/public/build" \ "${SOURCE_DIR}/public/img" \ "${SOURCE_DIR}/public/lib" \ "${SOURCE_DIR}/public/locales" \ - "${SOURCE_DIR}/public/views" + "${SOURCE_DIR}/public/views" \ + $(find "${SOURCE_DIR}/public/app/plugins" -type d -name "dist" | LC_ALL=C sort) diff --git a/create_bundles_in_container.sh b/create_bundles_in_container.sh index 216efab..7ffd3b2 100755 --- a/create_bundles_in_container.sh +++ b/create_bundles_in_container.sh @@ -6,7 +6,7 @@ # cat <= 45 || 0%{?rhel} >= 10 +ExcludeArch: %{ix86} +%endif # Intersection of go_arches and nodejs_arches ExclusiveArch: %{grafana_arches} @@ -159,582 +156,716 @@ Provides: grafana-stackdriver = 7.3.6-1 # this is for security purposes, if nodejs-foo ever needs an update, # affected packages can be easily identified. # Note: generated by the Makefile (see README.md) -Provides: bundled(golang(cloud.google.com/go/storage)) = 1.30.1 -Provides: bundled(golang(cuelang.org/go)) = 0.6.0-0.dev -Provides: bundled(golang(github.com/Azure/azure-sdk-for-go)) = 65.0.0+incompatible -Provides: bundled(golang(github.com/Azure/go-autorest/autorest)) = 0.11.28 -Provides: bundled(golang(github.com/BurntSushi/toml)) = 1.3.2 +Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/connectrpc/go)) = 1.18.1-20250703125925.3f0fcf4bff96.1 +Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/protocolbuffers/go)) = 1.36.2-20250703125925.3f0fcf4bff96.1 +Provides: bundled(golang(cloud.google.com/go/kms)) = 1.22.0 +Provides: bundled(golang(cloud.google.com/go/storage)) = 1.55.0 +Provides: bundled(golang(connectrpc.com/connect)) = 1.19.1 +Provides: bundled(golang(cuelang.org/go)) = 0.11.1 +Provides: bundled(golang(dario.cat/mergo)) = 1.0.2 +Provides: bundled(golang(filippo.io/age)) = 1.2.1 +Provides: bundled(golang(github.com/1NCE-GmbH/grpc-go-pool)) = 0.0.0-20231117122434.2a5bb974daa2 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go)) = 68.0.0+incompatible +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azcore)) = 1.19.1 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 1.12.0 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) = 0.10.0 +Provides: bundled(golang(github.com/Azure/azure-storage-blob-go)) = 0.15.0 +Provides: bundled(golang(github.com/Azure/go-autorest/autorest)) = 0.11.29 +Provides: bundled(golang(github.com/Azure/go-autorest/autorest/adal)) = 0.9.24 +Provides: bundled(golang(github.com/Bose/minisentinel)) = 0.0.0-20200130220412.917c5a9223bb +Provides: bundled(golang(github.com/BurntSushi/toml)) = 1.5.0 +Provides: bundled(golang(github.com/DATA-DOG/go-sqlmock)) = 1.5.2 Provides: bundled(golang(github.com/Masterminds/semver)) = 1.5.0 +Provides: bundled(golang(github.com/Masterminds/semver/v3)) = 3.4.0 +Provides: bundled(golang(github.com/Masterminds/sprig/v3)) = 3.3.0 Provides: bundled(golang(github.com/VividCortex/mysqlerr)) = 0.0.0-20170204212430.6c6b55f8796f -Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.44.325 -Provides: bundled(golang(github.com/beevik/etree)) = 1.2.0 +Provides: bundled(golang(github.com/alicebob/miniredis/v2)) = 2.34.0 +Provides: bundled(golang(github.com/andybalholm/brotli)) = 1.2.0 +Provides: bundled(golang(github.com/apache/arrow-go/v18)) = 18.5.1 +Provides: bundled(golang(github.com/armon/go-radix)) = 1.0.0 +Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.55.7 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2)) = 1.41.1 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/credentials)) = 1.19.7 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/cloudwatch)) = 1.45.3 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs)) = 1.51.0 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/ec2)) = 1.225.2 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/oam)) = 1.18.3 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi)) = 1.26.6 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/secretsmanager)) = 1.40.1 +Provides: bundled(golang(github.com/aws/aws-sdk-go-v2/service/sts)) = 1.41.6 +Provides: bundled(golang(github.com/aws/smithy-go)) = 1.24.0 +Provides: bundled(golang(github.com/beevik/etree)) = 1.6.0 Provides: bundled(golang(github.com/benbjohnson/clock)) = 1.3.5 Provides: bundled(golang(github.com/blang/semver/v4)) = 4.0.0 -Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20190913173617.a41fca850d0b -Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.30.2 -Provides: bundled(golang(github.com/fatih/color)) = 1.15.0 +Provides: bundled(golang(github.com/blevesearch/bleve/v2)) = 2.5.7 +Provides: bundled(golang(github.com/blevesearch/bleve_index_api)) = 1.3.0 +Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20250403215159.8d39553ac7cf +Provides: bundled(golang(github.com/bwmarrin/snowflake)) = 0.3.0 +Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.38.0 +Provides: bundled(golang(github.com/crewjam/saml)) = 0.4.14 +Provides: bundled(golang(github.com/dgraph-io/badger/v4)) = 4.7.0 +Provides: bundled(golang(github.com/dlmiddlecote/sqlstats)) = 1.0.2 +Provides: bundled(golang(github.com/docker/go-connections)) = 0.6.0 +Provides: bundled(golang(github.com/dolthub/go-mysql-server)) = 0.19.1-0.20250410182021.5632d67cd46e +Provides: bundled(golang(github.com/dolthub/vitess)) = 0.0.0-20260225173707.20566e4abe9e +Provides: bundled(golang(github.com/dustin/go-humanize)) = 1.0.1 +Provides: bundled(golang(github.com/emicklei/go-restful/v3)) = 3.13.0 +Provides: bundled(golang(github.com/fatih/color)) = 1.18.0 +Provides: bundled(golang(github.com/fullstorydev/grpchan)) = 1.1.1 Provides: bundled(golang(github.com/gchaincl/sqlhooks)) = 1.3.0 +Provides: bundled(golang(github.com/getkin/kin-openapi)) = 0.133.0 +Provides: bundled(golang(github.com/go-jose/go-jose/v4)) = 4.1.3 +Provides: bundled(golang(github.com/go-kit/log)) = 0.2.1 Provides: bundled(golang(github.com/go-ldap/ldap/v3)) = 3.4.4 -Provides: bundled(golang(github.com/go-openapi/strfmt)) = 0.21.7 +Provides: bundled(golang(github.com/go-logfmt/logfmt)) = 0.6.1 +Provides: bundled(golang(github.com/go-openapi/loads)) = 0.23.2 +Provides: bundled(golang(github.com/go-openapi/runtime)) = 0.28.0 +Provides: bundled(golang(github.com/go-openapi/strfmt)) = 0.25.0 Provides: bundled(golang(github.com/go-redis/redis/v8)) = 8.11.5 -Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.3+incompatible -Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.7.1 +Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.4+incompatible +Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.9.3 Provides: bundled(golang(github.com/go-stack/stack)) = 1.8.1 Provides: bundled(golang(github.com/gobwas/glob)) = 0.2.3 Provides: bundled(golang(github.com/gogo/protobuf)) = 1.3.2 -Provides: bundled(golang(github.com/golang/mock)) = 1.6.0 -Provides: bundled(golang(github.com/golang/snappy)) = 0.0.4 -Provides: bundled(golang(github.com/google/go-cmp)) = 0.6.0 -Provides: bundled(golang(github.com/google/uuid)) = 1.4.0 -Provides: bundled(golang(github.com/google/wire)) = 0.5.0 -Provides: bundled(golang(github.com/gorilla/websocket)) = 1.5.0 -Provides: bundled(golang(github.com/grafana/alerting)) = 0.0.0-20231101090315.bf12694896a8 -Provides: bundled(golang(github.com/grafana/cuetsy)) = 0.1.11 -Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.19.1 -Provides: bundled(golang(github.com/grafana/grafana-azure-sdk-go)) = 1.9.0 -Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.196.0 +Provides: bundled(golang(github.com/golang-jwt/jwt/v4)) = 4.5.2 +Provides: bundled(golang(github.com/golang-migrate/migrate/v4)) = 4.7.0 +Provides: bundled(golang(github.com/golang/mock)) = 1.7.0-rc.1 +Provides: bundled(golang(github.com/golang/protobuf)) = 1.5.4 +Provides: bundled(golang(github.com/golang/snappy)) = 1.0.0 +Provides: bundled(golang(github.com/google/go-cmp)) = 0.7.0 +Provides: bundled(golang(github.com/google/go-github/v82)) = 82.0.0 +Provides: bundled(golang(github.com/google/go-querystring)) = 1.2.0 +Provides: bundled(golang(github.com/google/uuid)) = 1.6.0 +Provides: bundled(golang(github.com/google/wire)) = 0.7.0 +Provides: bundled(golang(github.com/googleapis/gax-go/v2)) = 2.15.0 +Provides: bundled(golang(github.com/gorilla/mux)) = 1.8.1 +Provides: bundled(golang(github.com/gorilla/websocket)) = 1.5.4-0.20250319132907.e064f32e3674 +Provides: bundled(golang(github.com/grafana/alerting)) = 0.0.0-20260206150146.b5f69c55f91a +Provides: bundled(golang(github.com/grafana/authlib)) = 0.0.0-20260203153107.16a114a99f67 +Provides: bundled(golang(github.com/grafana/authlib/types)) = 0.0.0-20260203131350.b83e80394acc +Provides: bundled(golang(github.com/grafana/dataplane/examples)) = 0.0.1 +Provides: bundled(golang(github.com/grafana/dataplane/sdata)) = 0.0.9 +Provides: bundled(golang(github.com/grafana/dskit)) = 0.0.0-20260108123158.1a1acfb6ef2e +Provides: bundled(golang(github.com/grafana/e2e)) = 0.1.1 +Provides: bundled(golang(github.com/grafana/gofpdf)) = 0.0.0-20250307124105.3b9c5d35577f +Provides: bundled(golang(github.com/grafana/gomemcache)) = 0.0.0-20251127154401.74f93547077b +Provides: bundled(golang(github.com/grafana/grafana-api-golang-client)) = 0.27.0 +Provides: bundled(golang(github.com/grafana/grafana-app-sdk)) = 0.50.2 +Provides: bundled(golang(github.com/grafana/grafana-app-sdk/logging)) = 0.50.2 +Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 1.4.3 +Provides: bundled(golang(github.com/grafana/grafana-azure-sdk-go/v2)) = 2.3.1 +Provides: bundled(golang(github.com/grafana/grafana-cloud-migration-snapshot)) = 1.9.0 +Provides: bundled(golang(github.com/grafana/grafana-google-sdk-go)) = 0.4.2 +Provides: bundled(golang(github.com/grafana/grafana-openapi-client-go)) = 0.0.0-20231213163343.bd475d63fb79 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.287.0 +Provides: bundled(golang(github.com/grafana/loki/pkg/push)) = 0.0.0-20250823105456.332df2b20000 +Provides: bundled(golang(github.com/grafana/loki/v3)) = 3.2.1 +Provides: bundled(golang(github.com/grafana/nanogit)) = 0.3.0 +Provides: bundled(golang(github.com/grafana/otel-profiling-go)) = 0.5.1 +Provides: bundled(golang(github.com/grafana/pyroscope-go/godeltaprof)) = 0.1.9 +Provides: bundled(golang(github.com/grafana/pyroscope/api)) = 1.2.1-0.20251118081820.ace37f973a0f +Provides: bundled(golang(github.com/grafana/tempo)) = 1.5.1-0.20250529124718.87c2dc380cec Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.4.0 -Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 1.5.0 -Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.6.0 -Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.6.0 -Provides: bundled(golang(github.com/hashicorp/hcl/v2)) = 2.17.0 -Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.12.3 -Provides: bundled(golang(github.com/influxdata/line-protocol)) = 0.0.0-20210311194329.9aa0e372d097 +Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus)) = 1.1.0 +Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware/v2)) = 2.3.3 +Provides: bundled(golang(github.com/grpc-ecosystem/grpc-gateway/v2)) = 2.27.7 +Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 1.6.3 +Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 1.1.1 +Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.7.0 +Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.7.0 +Provides: bundled(golang(github.com/hashicorp/golang-lru/v2)) = 2.0.7 +Provides: bundled(golang(github.com/hashicorp/hcl/v2)) = 2.24.0 +Provides: bundled(golang(github.com/huandu/xstrings)) = 1.5.0 +Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.13.0 +Provides: bundled(golang(github.com/influxdata/influxql)) = 1.4.0 +Provides: bundled(golang(github.com/influxdata/line-protocol)) = 0.0.0-20210922203350.b1ad95c89adf +Provides: bundled(golang(github.com/jackc/pgx/v5)) = 5.8.0 +Provides: bundled(golang(github.com/jmespath-community/go-jmespath)) = 1.1.1 Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.4.0 +Provides: bundled(golang(github.com/jmoiron/sqlx)) = 1.4.0 Provides: bundled(golang(github.com/json-iterator/go)) = 1.1.12 Provides: bundled(golang(github.com/lib/pq)) = 1.10.9 -Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.10.0 Provides: bundled(golang(github.com/m3db/prometheus_remote_client_golang)) = 0.4.4 -Provides: bundled(golang(github.com/magefile/mage)) = 1.15.0 -Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.18 -Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.19 +Provides: bundled(golang(github.com/madflojo/testcerts)) = 1.4.0 +Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.20 +Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.32 Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = 1.0.4 +Provides: bundled(golang(github.com/microsoft/go-mssqldb)) = 1.9.2 +Provides: bundled(golang(github.com/migueleliasweb/go-github-mock)) = 1.5.0 +Provides: bundled(golang(github.com/mitchellh/mapstructure)) = 1.5.1-0.20231216201459.8508981c8b6c +Provides: bundled(golang(github.com/mocktools/go-smtp-mock/v2)) = 2.5.1 +Provides: bundled(golang(github.com/modern-go/reflect2)) = 1.0.3-0.20250322232337.35a7c28c31ee Provides: bundled(golang(github.com/mwitkow/go-conntrack)) = 0.0.0-20190716064945.2f068394615f -Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible -Provides: bundled(golang(github.com/prometheus/alertmanager)) = 0.25.0 -Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.17.0 -Provides: bundled(golang(github.com/prometheus/client_model)) = 0.5.0 -Provides: bundled(golang(github.com/prometheus/common)) = 0.45.0 -Provides: bundled(golang(github.com/prometheus/prometheus)) = 1.8.2-0.20221021121301.51a44e6657c3 -Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1 -Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.4.0 -Provides: bundled(golang(github.com/stretchr/testify)) = 1.8.4 -Provides: bundled(golang(github.com/teris-io/shortid)) = 0.0.0-20171029131806.771a37caa5cf -Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20211112212520.00c877edfe0f -Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.25.0 -Provides: bundled(golang(github.com/vectordotdev/go-datemath)) = 0.1.1-0.20220323213446.f3954d0b18ae -Provides: bundled(golang(github.com/yalue/merged_fs)) = 1.2.2 -Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0 -Provides: bundled(golang(go.opentelemetry.io/collector/pdata)) = 1.0.0-rc8 -Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace)) = 0.46.1 -Provides: bundled(golang(go.opentelemetry.io/otel/exporters/jaeger)) = 1.10.0 -Provides: bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.21.0 -Provides: bundled(golang(go.opentelemetry.io/otel/trace)) = 1.21.0 -Provides: bundled(golang(golang.org/x/crypto)) = 0.17.0 -Provides: bundled(golang(golang.org/x/exp)) = 0.0.0-20230321023759.10a507213a29 -Provides: bundled(golang(golang.org/x/net)) = 0.19.0 -Provides: bundled(golang(golang.org/x/oauth2)) = 0.15.0 -Provides: bundled(golang(golang.org/x/sync)) = 0.4.0 -Provides: bundled(golang(golang.org/x/time)) = 0.3.0 -Provides: bundled(golang(golang.org/x/tools)) = 0.13.0 -Provides: bundled(golang(gonum.org/v1/gonum)) = 0.12.0 -Provides: bundled(golang(google.golang.org/api)) = 0.148.0 -Provides: bundled(golang(google.golang.org/grpc)) = 1.59.0 -Provides: bundled(golang(google.golang.org/protobuf)) = 1.31.0 -Provides: bundled(golang(gopkg.in/ini.v1)) = 1.67.0 -Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1 -Provides: bundled(golang(gopkg.in/yaml.v3)) = 3.0.1 -Provides: bundled(golang(xorm.io/builder)) = 0.3.6 -Provides: bundled(golang(xorm.io/core)) = 0.7.3 -Provides: bundled(golang(xorm.io/xorm)) = 0.8.2 -Provides: bundled(golang(github.com/andybalholm/brotli)) = 1.0.4 -Provides: bundled(golang(github.com/go-kit/log)) = 0.2.1 -Provides: bundled(golang(github.com/go-openapi/loads)) = 0.21.2 -Provides: bundled(golang(github.com/go-openapi/runtime)) = 0.26.0 -Provides: bundled(golang(github.com/golang-jwt/jwt/v4)) = 4.5.2 -Provides: bundled(golang(github.com/golang/protobuf)) = 1.5.3 -Provides: bundled(golang(github.com/googleapis/gax-go/v2)) = 2.12.0 -Provides: bundled(golang(github.com/gorilla/mux)) = 1.8.0 -Provides: bundled(golang(github.com/grafana/grafana-google-sdk-go)) = 0.1.0 -Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 1.1.1 -Provides: bundled(golang(github.com/modern-go/reflect2)) = 1.0.2 Provides: bundled(golang(github.com/olekukonko/tablewriter)) = 0.0.5 -Provides: bundled(golang(go.uber.org/atomic)) = 1.11.0 -Provides: bundled(golang(golang.org/x/text)) = 0.14.0 -Provides: bundled(golang(google.golang.org/genproto)) = 0.0.0-20231012201019.e917dd12ba7a -Provides: bundled(golang(cloud.google.com/go/kms)) = 1.15.2 -Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 1.3.0 -Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) = 0.9.0 -Provides: bundled(golang(github.com/Azure/azure-storage-blob-go)) = 0.15.0 -Provides: bundled(golang(github.com/Azure/go-autorest/autorest/adal)) = 0.9.22 -Provides: bundled(golang(github.com/armon/go-radix)) = 1.0.0 -Provides: bundled(golang(github.com/blugelabs/bluge)) = 0.1.9 -Provides: bundled(golang(github.com/blugelabs/bluge_segment_api)) = 0.2.0 -Provides: bundled(golang(github.com/bufbuild/connect-go)) = 1.10.0 -Provides: bundled(golang(github.com/dlmiddlecote/sqlstats)) = 1.0.2 -Provides: bundled(golang(github.com/drone/drone-cli)) = 1.6.1 -Provides: bundled(golang(github.com/getkin/kin-openapi)) = 0.120.0 -Provides: bundled(golang(github.com/golang-migrate/migrate/v4)) = 4.7.0 -Provides: bundled(golang(github.com/google/go-github)) = 17.0.0+incompatible -Provides: bundled(golang(github.com/google/go-github/v45)) = 45.2.0 -Provides: bundled(golang(github.com/grafana/codejen)) = 0.0.3 -Provides: bundled(golang(github.com/grafana/dskit)) = 0.0.0-20230706162620.5081d8ed53e6 -Provides: bundled(golang(github.com/huandu/xstrings)) = 1.3.1 -Provides: bundled(golang(github.com/jmoiron/sqlx)) = 1.3.5 -Provides: bundled(golang(github.com/matryer/is)) = 1.4.0 -Provides: bundled(golang(github.com/urfave/cli)) = 1.22.14 -Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc)) = 0.46.1 -Provides: bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.21.1 -Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.21.0 -Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.21.0 -Provides: bundled(golang(gocloud.dev)) = 0.25.0 -Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/bufbuild/connect-go)) = 1.4.1-20221222094228.8b1d3d0f62e6.1 -Provides: bundled(golang(buf.build/gen/go/parca-dev/parca/protocolbuffers/go)) = 1.28.1-20221222094228.8b1d3d0f62e6.4 -Provides: bundled(golang(github.com/Masterminds/semver/v3)) = 3.1.1 -Provides: bundled(golang(github.com/alicebob/miniredis/v2)) = 2.30.1 -Provides: bundled(golang(github.com/dave/dst)) = 0.27.2 -Provides: bundled(golang(github.com/go-jose/go-jose/v3)) = 3.0.1 -Provides: bundled(golang(github.com/grafana/dataplane/examples)) = 0.0.1 -Provides: bundled(golang(github.com/grafana/dataplane/sdata)) = 0.0.6 -Provides: bundled(golang(github.com/grafana/kindsys)) = 0.0.0-20230508162304.452481b63482 -Provides: bundled(golang(github.com/grafana/tempo)) = 1.5.1-0.20230524121406.1dc1bfe7085b -Provides: bundled(golang(github.com/grafana/thema)) = 0.0.0-20230712153715.375c1b45f3ed -Provides: bundled(golang(github.com/microsoft/go-mssqldb)) = 1.5.0 -Provides: bundled(golang(github.com/ory/fosite)) = 0.44.1-0.20230317114349.45a6785cc54f -Provides: bundled(golang(github.com/redis/go-redis/v9)) = 9.0.2 -Provides: bundled(golang(github.com/weaveworks/common)) = 0.0.0-20230511094633.334485600903 -Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = 0.0.0-20180127040702.4e3ac2762d5f -Provides: bundled(golang(go.opentelemetry.io/contrib/samplers/jaegerremote)) = 0.15.1 -Provides: bundled(golang(golang.org/x/mod)) = 0.12.0 -Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.6.0 -Provides: bundled(golang(k8s.io/utils)) = 0.0.0-20230406110748.d93618cff8a2 -Provides: bundled(golang(github.com/spf13/cobra)) = 1.7.0 -Provides: bundled(golang(go.opentelemetry.io/otel)) = 1.21.0 -Provides: bundled(golang(k8s.io/apimachinery)) = 0.28.3 -Provides: bundled(golang(k8s.io/apiserver)) = 0.28.3 -Provides: bundled(golang(k8s.io/client-go)) = 0.28.3 -Provides: bundled(golang(k8s.io/component-base)) = 0.28.3 -Provides: bundled(golang(k8s.io/klog/v2)) = 2.100.1 -Provides: bundled(golang(k8s.io/kube-openapi)) = 0.0.0-20230717233707.2695361300d9 -Provides: bundled(golang(github.com/bwmarrin/snowflake)) = 0.3.0 -Provides: bundled(golang(github.com/mitchellh/mapstructure)) = 1.5.0 -Provides: bundled(golang(sigs.k8s.io/yaml)) = 1.3.0 -Provides: bundled(golang(filippo.io/age)) = 1.1.1 -Provides: bundled(golang(github.com/Masterminds/sprig/v3)) = 3.2.2 -Provides: bundled(golang(github.com/ProtonMail/go-crypto)) = 0.0.0-20230828082145.3c4c8a2d2371 -Provides: bundled(golang(github.com/docker/docker)) = 23.0.4+incompatible -Provides: bundled(golang(github.com/go-logr/logr)) = 1.3.0 -Provides: bundled(golang(github.com/hmarr/codeowners)) = 1.1.2 +Provides: bundled(golang(github.com/open-feature/go-sdk)) = 1.17.0 +Provides: bundled(golang(github.com/open-feature/go-sdk-contrib/providers/go-feature-flag)) = 0.2.6 +Provides: bundled(golang(github.com/open-feature/go-sdk-contrib/providers/ofrep)) = 0.1.7 +Provides: bundled(golang(github.com/openfga/api/proto)) = 0.0.0-20260122164422.25e22cb1875b +Provides: bundled(golang(github.com/openfga/language/pkg/go)) = 0.2.0-beta.2.0.20251027165255.0f8f255e5f6c +Provides: bundled(golang(github.com/openfga/openfga)) = 1.11.3 +Provides: bundled(golang(github.com/opentracing-contrib/go-grpc)) = 0.1.2 +Provides: bundled(golang(github.com/opentracing/opentracing-go)) = 1.2.0 +Provides: bundled(golang(github.com/openzipkin/zipkin-go)) = 0.4.3 +Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible +Provides: bundled(golang(github.com/phpdave11/gofpdi)) = 1.0.14 +Provides: bundled(golang(github.com/pressly/goose/v3)) = 3.26.0 +Provides: bundled(golang(github.com/prometheus/alertmanager)) = 0.28.2 +Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.23.2 +Provides: bundled(golang(github.com/prometheus/client_model)) = 0.6.2 +Provides: bundled(golang(github.com/prometheus/common)) = 0.67.5 +Provides: bundled(golang(github.com/prometheus/prometheus)) = 0.303.1 +Provides: bundled(golang(github.com/prometheus/sigv4)) = 0.1.2 +Provides: bundled(golang(github.com/puzpuzpuz/xsync/v4)) = 4.2.0 +Provides: bundled(golang(github.com/redis/go-redis/v9)) = 9.14.0 +Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1 +Provides: bundled(golang(github.com/rs/cors)) = 1.11.1 +Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.6.0 +Provides: bundled(golang(github.com/shopspring/decimal)) = 1.4.0 +Provides: bundled(golang(github.com/spf13/cobra)) = 1.10.2 +Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.10 +Provides: bundled(golang(github.com/spyzhov/ajson)) = 0.9.6 +Provides: bundled(golang(github.com/stretchr/testify)) = 1.11.1 +Provides: bundled(golang(github.com/testcontainers/testcontainers-go)) = 0.36.0 +Provides: bundled(golang(github.com/thomaspoignant/go-feature-flag)) = 1.42.0 +Provides: bundled(golang(github.com/tjhop/slog-gokit)) = 0.1.5 +Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20250213224047.9c035f085b90 +Provides: bundled(golang(github.com/urfave/cli)) = 1.22.17 +Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.27.7 +Provides: bundled(golang(github.com/urfave/cli/v3)) = 3.5.0 Provides: bundled(golang(github.com/wk8/go-ordered-map)) = 1.0.0 Provides: bundled(golang(github.com/xlab/treeprint)) = 1.2.0 -Provides: bundled(npm(@babel/core)) = 7.23.2 -Provides: bundled(npm(@babel/plugin-proposal-class-properties)) = 7.18.6 -Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.18.6 -Provides: bundled(npm(@babel/plugin-proposal-object-rest-spread)) = 7.20.7 -Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.21.0 -Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.8.3 -Provides: bundled(npm(@babel/plugin-transform-react-constant-elements)) = 7.22.5 -Provides: bundled(npm(@babel/plugin-transform-runtime)) = 7.23.2 -Provides: bundled(npm(@babel/plugin-transform-typescript)) = 7.22.9 -Provides: bundled(npm(@babel/preset-env)) = 7.23.2 -Provides: bundled(npm(@babel/preset-react)) = 7.22.5 -Provides: bundled(npm(@babel/preset-typescript)) = 7.23.2 -Provides: bundled(npm(@babel/runtime)) = 7.23.2 -Provides: bundled(npm(@betterer/betterer)) = 5.4.0 -Provides: bundled(npm(@betterer/cli)) = 5.4.0 -Provides: bundled(npm(@betterer/eslint)) = 5.4.0 -Provides: bundled(npm(@betterer/regexp)) = 5.4.0 -Provides: bundled(npm(@braintree/sanitize-url)) = 6.0.2 -Provides: bundled(npm(@cypress/webpack-preprocessor)) = 5.17.1 -Provides: bundled(npm(@daybrush/utils)) = 1.13.0 +Provides: bundled(golang(github.com/youmark/pkcs8)) = 0.0.0-20240726163527.a2c0da244d78 +Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0 +Provides: bundled(golang(go.etcd.io/bbolt)) = 1.4.3 +Provides: bundled(golang(go.opentelemetry.io/collector/pdata)) = 1.44.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc)) = 0.64.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace)) = 0.64.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp)) = 0.64.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/samplers/jaegerremote)) = 0.33.0 +Provides: bundled(golang(go.opentelemetry.io/otel)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/jaeger)) = 1.17.0 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc)) = 0.15.0 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/otel/log)) = 0.15.0 +Provides: bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/otel/sdk/log)) = 0.15.0 +Provides: bundled(golang(go.opentelemetry.io/otel/trace)) = 1.39.0 +Provides: bundled(golang(go.opentelemetry.io/proto/otlp)) = 1.9.0 +Provides: bundled(golang(go.uber.org/atomic)) = 1.11.0 +Provides: bundled(golang(go.uber.org/goleak)) = 1.3.0 +Provides: bundled(golang(go.uber.org/mock)) = 0.6.0 +Provides: bundled(golang(go.uber.org/multierr)) = 1.11.0 +Provides: bundled(golang(go.uber.org/zap)) = 1.27.1 +Provides: bundled(golang(go.yaml.in/yaml/v3)) = 3.0.4 +Provides: bundled(golang(gocloud.dev)) = 0.43.0 +Provides: bundled(golang(gocloud.dev/secrets/hashivault)) = 0.43.0 +Provides: bundled(golang(golang.org/x/crypto)) = 0.47.0 +Provides: bundled(golang(golang.org/x/exp)) = 0.0.0-20260112195511.716be5621a96 +Provides: bundled(golang(golang.org/x/mod)) = 0.32.0 +Provides: bundled(golang(golang.org/x/net)) = 0.49.0 +Provides: bundled(golang(golang.org/x/oauth2)) = 0.34.0 +Provides: bundled(golang(golang.org/x/sync)) = 0.19.0 +Provides: bundled(golang(golang.org/x/text)) = 0.33.0 +Provides: bundled(golang(golang.org/x/time)) = 0.14.0 +Provides: bundled(golang(golang.org/x/tools)) = 0.41.0 +Provides: bundled(golang(gonum.org/v1/gonum)) = 0.17.0 +Provides: bundled(golang(google.golang.org/api)) = 0.242.0 +Provides: bundled(golang(google.golang.org/grpc)) = 1.79.3 +Provides: bundled(golang(google.golang.org/protobuf)) = 1.36.11 +Provides: bundled(golang(gopkg.in/ini.v1)) = 1.67.0 +Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1 +Provides: bundled(golang(k8s.io/api)) = 0.35.0 +Provides: bundled(golang(k8s.io/apiextensions-apiserver)) = 0.35.0 +Provides: bundled(golang(k8s.io/apimachinery)) = 0.35.0 +Provides: bundled(golang(k8s.io/apiserver)) = 0.35.0 +Provides: bundled(golang(k8s.io/client-go)) = 0.35.0 +Provides: bundled(golang(k8s.io/component-base)) = 0.35.0 +Provides: bundled(golang(k8s.io/klog/v2)) = 2.130.1 +Provides: bundled(golang(k8s.io/kube-aggregator)) = 0.35.0 +Provides: bundled(golang(k8s.io/kube-openapi)) = 0.0.0-20260127142750.a19766b6e2d4 +Provides: bundled(golang(k8s.io/utils)) = 0.0.0-20251002143259.bc988d571ff4 +Provides: bundled(golang(modernc.org/sqlite)) = 1.44.3 +Provides: bundled(golang(pgregory.net/rapid)) = 1.2.0 +Provides: bundled(golang(sigs.k8s.io/randfill)) = 1.0.0 +Provides: bundled(golang(sigs.k8s.io/structured-merge-diff/v6)) = 6.3.1 +Provides: bundled(golang(xorm.io/builder)) = 0.3.13 +Provides: bundled(golang(github.com/grafana/grafana/apps/example)) = 0.0.0-20260119093047.426e55f358f5 +Provides: bundled(golang(github.com/grafana/grafana/apps/quotas)) = 0.0.0-20251209183543.1013d74f13f2 +Provides: bundled(golang(github.com/grafana/grafana/apps/scope)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/aggregator)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/apimachinery)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/apiserver)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/plugins)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/promlib)) = 0.0.8 +Provides: bundled(golang(github.com/grafana/grafana/pkg/semconv)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/pkg/storage/unified/resource/kv)) = 0.0.0 +Provides: bundled(golang(github.com/cenkalti/backoff/v4)) = 4.3.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/advisor)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/alerting/alertenrichment)) = 0.0.0-00010101000000.000000000000 +Provides: bundled(golang(github.com/grafana/grafana/apps/alerting/historian)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/alerting/notifications)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/alerting/rules)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/annotation)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/collections)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/correlations)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/dashboard)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/dashvalidator)) = 0.0.0-20260127080522.461c3f3f9fb6 +Provides: bundled(golang(github.com/grafana/grafana/apps/folder)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/iam)) = 0.0.0-00010101000000.000000000000 +Provides: bundled(golang(github.com/grafana/grafana/apps/live)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/logsdrilldown)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/playlist)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/plugins)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/preferences)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/provisioning)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/secret)) = 0.0.0 +Provides: bundled(golang(github.com/grafana/grafana/apps/shorturl)) = 0.0.0 +Provides: bundled(golang(github.com/RoaringBitmap/real-roaring-datasets)) = 0.0.0-20190726190000.eb7c87156f76 +Provides: bundled(golang(github.com/grafana/gomemcache)) = 0.0.0-20250828162811.a96f6acee2fe +Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 2.0.3+incompatible +Provides: bundled(golang(github.com/prometheus/prometheus)) = 1.8.2-0.20221021121301.51a44e6657c3 +Provides: bundled(golang(github.com/testcontainers/testcontainers-go)) = 0.38.0 +Provides: bundled(golang(k8s.io/client-go)) = 12.0.0+incompatible +Provides: bundled(npm(@arethetypeswrong/cli)) = 0.18.2 +Provides: bundled(npm(@babel/core)) = 7.28.0 +Provides: bundled(npm(@babel/preset-env)) = 7.28.0 +Provides: bundled(npm(@babel/preset-react)) = 7.27.1 +Provides: bundled(npm(@babel/runtime)) = 7.28.2 +Provides: bundled(npm(@braintree/sanitize-url)) = 7.0.1 +Provides: bundled(npm(@bsull/augurs)) = 0.10.1 +Provides: bundled(npm(@crowdin/crowdin-api-client)) = 1.46.0 +Provides: bundled(npm(@cypress/webpack-preprocessor)) = 6.0.4 Provides: bundled(npm(@emotion/css)) = 11.11.2 -Provides: bundled(npm(@emotion/eslint-plugin)) = 11.11.0 -Provides: bundled(npm(@emotion/react)) = 11.11.1 +Provides: bundled(npm(@emotion/eslint-plugin)) = 11.12.0 +Provides: bundled(npm(@emotion/react)) = 11.14.0 +Provides: bundled(npm(@emotion/serialize)) = 1.3.3 +Provides: bundled(npm(@faker-js/faker)) = 9.9.0 Provides: bundled(npm(@fingerprintjs/fingerprintjs)) = 3.4.2 -Provides: bundled(npm(@glideapps/glide-data-grid)) = 5.2.1 -Provides: bundled(npm(@grafana/aws-sdk)) = 0.3.1 -Provides: bundled(npm(@grafana/e2e-selectors)) = 10.0.2 -Provides: bundled(npm(@grafana/eslint-config)) = 6.0.1 -Provides: bundled(npm(@grafana/experimental)) = 1.7.0 -Provides: bundled(npm(@grafana/faro-core)) = 1.2.1 -Provides: bundled(npm(@grafana/faro-web-sdk)) = 1.2.1 -Provides: bundled(npm(@grafana/google-sdk)) = 0.1.1 -Provides: bundled(npm(@grafana/lezer-logql)) = 0.2.2 -Provides: bundled(npm(@grafana/lezer-traceql)) = 0.0.11 -Provides: bundled(npm(@grafana/monaco-logql)) = 0.0.7 -Provides: bundled(npm(@grafana/scenes)) = 1.27.0 -Provides: bundled(npm(@grafana/tsconfig)) = 1.2.0rc1 -Provides: bundled(npm(@kusto/monaco-kusto)) = 7.7.0 -Provides: bundled(npm(@leeoniya/ufuzzy)) = 1.0.8 -Provides: bundled(npm(@lezer/common)) = 1.0.2 -Provides: bundled(npm(@lezer/highlight)) = 1.1.3 -Provides: bundled(npm(@lezer/lr)) = 1.3.3 -Provides: bundled(npm(@locker/near-membrane-dom)) = 0.13.3 -Provides: bundled(npm(@locker/near-membrane-shared)) = 0.13.3 -Provides: bundled(npm(@locker/near-membrane-shared-dom)) = 0.13.3 -Provides: bundled(npm(@mochajs/json-file-reporter)) = 1.3.0 -Provides: bundled(npm(@monaco-editor/react)) = 4.6.0 -Provides: bundled(npm(@opentelemetry/api)) = 1.6.0 +Provides: bundled(npm(@floating-ui/react)) = 0.26.28 +Provides: bundled(npm(@formatjs/intl-durationformat)) = 0.7.6 +Provides: bundled(npm(@glideapps/glide-data-grid)) = 6.0.3 +Provides: bundled(npm(@grafana/assistant)) = 0.1.13 +Provides: bundled(npm(@grafana/aws-sdk)) = 0.8.3 +Provides: bundled(npm(@grafana/azure-sdk)) = 0.0.8 +Provides: bundled(npm(@grafana/eslint-config)) = 8.2.0 +Provides: bundled(npm(@grafana/faro-core)) = 1.19.0 +Provides: bundled(npm(@grafana/faro-instrumentation-replay)) = 2.2.3 +Provides: bundled(npm(@grafana/faro-web-sdk)) = 1.19.0 +Provides: bundled(npm(@grafana/faro-web-tracing)) = 2.2.3 +Provides: bundled(npm(@grafana/google-sdk)) = 0.3.5 +Provides: bundled(npm(@grafana/lezer-logql)) = 0.2.9 +Provides: bundled(npm(@grafana/lezer-traceql)) = 0.0.25 +Provides: bundled(npm(@grafana/llm)) = 1.0.3 +Provides: bundled(npm(@grafana/monaco-logql)) = 0.0.8 +Provides: bundled(npm(@grafana/plugin-e2e)) = 3.2.0 +Provides: bundled(npm(@grafana/plugin-ui)) = 0.11.1 +Provides: bundled(npm(@grafana/scenes)) = 6.38.0 +Provides: bundled(npm(@grafana/scenes-react)) = 6.52.13 +Provides: bundled(npm(@grafana/tsconfig)) = 2.0.0 +Provides: bundled(npm(@hello-pangea/dnd)) = 17.0.0 +Provides: bundled(npm(@kusto/monaco-kusto)) = 10.0.22 +Provides: bundled(npm(@leeoniya/ufuzzy)) = 1.0.19 +Provides: bundled(npm(@lezer/common)) = 1.3.0 +Provides: bundled(npm(@lezer/highlight)) = 1.2.3 +Provides: bundled(npm(@lezer/lr)) = 1.4.3 +Provides: bundled(npm(@locker/near-membrane-dom)) = 0.14.0 +Provides: bundled(npm(@locker/near-membrane-shared)) = 0.14.0 +Provides: bundled(npm(@locker/near-membrane-shared-dom)) = 0.14.0 +Provides: bundled(npm(@manypkg/get-packages)) = 3.1.0 +Provides: bundled(npm(@monaco-editor/react)) = 4.7.0 +Provides: bundled(npm(@msagl/core)) = 1.1.23 +Provides: bundled(npm(@msagl/parser)) = 1.1.23 +Provides: bundled(npm(@npmcli/package-json)) = 6.2.0 +Provides: bundled(npm(@openfeature/core)) = 1.9.1 +Provides: bundled(npm(@openfeature/ofrep-web-provider)) = 0.3.5 +Provides: bundled(npm(@openfeature/react-sdk)) = 1.2.0 +Provides: bundled(npm(@openfeature/web-sdk)) = 1.7.2 +Provides: bundled(npm(@opentelemetry/api)) = 1.9.0 Provides: bundled(npm(@opentelemetry/exporter-collector)) = 0.25.0 Provides: bundled(npm(@opentelemetry/semantic-conventions)) = 0.25.0 -Provides: bundled(npm(@pmmmwh/react-refresh-webpack-plugin)) = 0.5.10 +Provides: bundled(npm(@playwright/test)) = 1.56.1 +Provides: bundled(npm(@pmmmwh/react-refresh-webpack-plugin)) = 0.6.1 Provides: bundled(npm(@popperjs/core)) = 2.11.8 -Provides: bundled(npm(@prometheus-io/lezer-promql)) = 0.37.0 -Provides: bundled(npm(@react-aria/button)) = 3.8.0 -Provides: bundled(npm(@react-aria/dialog)) = 3.5.3 -Provides: bundled(npm(@react-aria/focus)) = 3.13.0 -Provides: bundled(npm(@react-aria/interactions)) = 3.16.0 -Provides: bundled(npm(@react-aria/menu)) = 3.10.0 -Provides: bundled(npm(@react-aria/overlays)) = 3.15.0 -Provides: bundled(npm(@react-aria/utils)) = 3.18.0 -Provides: bundled(npm(@react-awesome-query-builder/core)) = 6.4.1 -Provides: bundled(npm(@react-awesome-query-builder/ui)) = 6.4.1 -Provides: bundled(npm(@react-stately/collections)) = 3.9.0 -Provides: bundled(npm(@react-stately/menu)) = 3.5.3 -Provides: bundled(npm(@react-stately/tree)) = 3.7.0 -Provides: bundled(npm(@react-types/button)) = 3.9.0 -Provides: bundled(npm(@react-types/menu)) = 3.9.2 -Provides: bundled(npm(@react-types/overlays)) = 3.8.0 -Provides: bundled(npm(@react-types/shared)) = 3.21.0 -Provides: bundled(npm(@reduxjs/toolkit)) = 1.9.5 -Provides: bundled(npm(@remix-run/router)) = 1.5.0 -Provides: bundled(npm(@rollup/plugin-commonjs)) = 25.0.2 -Provides: bundled(npm(@rollup/plugin-json)) = 6.0.0 -Provides: bundled(npm(@rollup/plugin-node-resolve)) = 15.2.3 -Provides: bundled(npm(@storybook/addon-a11y)) = 7.4.5 -Provides: bundled(npm(@storybook/addon-actions)) = 7.4.5 -Provides: bundled(npm(@storybook/addon-docs)) = 7.4.5 -Provides: bundled(npm(@storybook/addon-essentials)) = 7.4.5 -Provides: bundled(npm(@storybook/addon-storysource)) = 7.4.5 -Provides: bundled(npm(@storybook/api)) = 7.4.5 -Provides: bundled(npm(@storybook/blocks)) = 7.4.5 -Provides: bundled(npm(@storybook/client-api)) = 7.4.5 -Provides: bundled(npm(@storybook/components)) = 7.4.5 -Provides: bundled(npm(@storybook/core-events)) = 7.4.5 +Provides: bundled(npm(@prometheus-io/lezer-promql)) = 0.307.3 +Provides: bundled(npm(@rc-component/cascader)) = 1.9.0 +Provides: bundled(npm(@rc-component/drawer)) = 1.3.0 +Provides: bundled(npm(@rc-component/picker)) = 1.7.1 +Provides: bundled(npm(@rc-component/slider)) = 1.0.1 +Provides: bundled(npm(@rc-component/tooltip)) = 1.4.0 +Provides: bundled(npm(@rc-component/tree)) = 1.1.0 +Provides: bundled(npm(@react-aria/dialog)) = 3.5.31 +Provides: bundled(npm(@react-aria/focus)) = 3.21.2 +Provides: bundled(npm(@react-aria/overlays)) = 3.30.0 +Provides: bundled(npm(@react-aria/utils)) = 3.31.0 +Provides: bundled(npm(@react-awesome-query-builder/ui)) = 6.6.15 +Provides: bundled(npm(@react-types/button)) = 3.13.0 +Provides: bundled(npm(@react-types/menu)) = 3.10.3 +Provides: bundled(npm(@react-types/overlays)) = 3.9.0 +Provides: bundled(npm(@react-types/shared)) = 3.31.0 +Provides: bundled(npm(@reduxjs/toolkit)) = 2.10.1 +Provides: bundled(npm(@rollup/plugin-dynamic-import-vars)) = 2.1.5 +Provides: bundled(npm(@rollup/plugin-image)) = 3.0.3 +Provides: bundled(npm(@rollup/plugin-json)) = 6.1.0 +Provides: bundled(npm(@rollup/plugin-node-resolve)) = 16.0.1 +Provides: bundled(npm(@rollup/plugin-terser)) = 1.0.0 +Provides: bundled(npm(@rsdoctor/webpack-plugin)) = 1.1.10 +Provides: bundled(npm(@rtk-query/codegen-openapi)) = 2.0.0 +Provides: bundled(npm(@storybook/addon-a11y)) = 8.6.18 +Provides: bundled(npm(@storybook/addon-actions)) = 8.6.18 +Provides: bundled(npm(@storybook/addon-docs)) = 8.6.18 +Provides: bundled(npm(@storybook/addon-essentials)) = 8.6.18 +Provides: bundled(npm(@storybook/addon-storysource)) = 8.6.18 +Provides: bundled(npm(@storybook/addon-webpack5-compiler-swc)) = 2.1.0 +Provides: bundled(npm(@storybook/blocks)) = 8.6.18 +Provides: bundled(npm(@storybook/components)) = 8.6.18 +Provides: bundled(npm(@storybook/core-events)) = 8.6.18 +Provides: bundled(npm(@storybook/manager-api)) = 8.6.18 Provides: bundled(npm(@storybook/mdx2-csf)) = 1.1.0 Provides: bundled(npm(@storybook/preset-scss)) = 1.0.3 -Provides: bundled(npm(@storybook/react)) = 7.4.5 -Provides: bundled(npm(@storybook/react-webpack5)) = 7.4.5 -Provides: bundled(npm(@storybook/theming)) = 7.4.5 -Provides: bundled(npm(@swc/core)) = 1.3.38 -Provides: bundled(npm(@swc/helpers)) = 0.4.14 -Provides: bundled(npm(@testing-library/dom)) = 9.3.3 -Provides: bundled(npm(@testing-library/jest-dom)) = 6.1.2 -Provides: bundled(npm(@testing-library/react)) = 14.0.0 -Provides: bundled(npm(@testing-library/react-hooks)) = 8.0.1 -Provides: bundled(npm(@testing-library/user-event)) = 14.5.1 -Provides: bundled(npm(@types/angular)) = 1.8.5 -Provides: bundled(npm(@types/angular-route)) = 1.7.3 -Provides: bundled(npm(@types/chance)) = 1.1.3 -Provides: bundled(npm(@types/chrome-remote-interface)) = 0.31.10 -Provides: bundled(npm(@types/common-tags)) = 1.8.1 -Provides: bundled(npm(@types/d3)) = 7.4.0 -Provides: bundled(npm(@types/d3-force)) = 3.0.4 +Provides: bundled(npm(@storybook/preview-api)) = 8.6.18 +Provides: bundled(npm(@storybook/react)) = 8.6.18 +Provides: bundled(npm(@storybook/react-webpack5)) = 8.6.18 +Provides: bundled(npm(@storybook/test-runner)) = 0.23.0 +Provides: bundled(npm(@storybook/theming)) = 8.6.18 +Provides: bundled(npm(@stylistic/eslint-plugin-ts)) = 4.4.1 +Provides: bundled(npm(@swc/core)) = 1.13.3 +Provides: bundled(npm(@swc/helpers)) = 0.5.17 +Provides: bundled(npm(@swc/jest)) = 0.2.39 +Provides: bundled(npm(@tanstack/react-virtual)) = 3.10.9 +Provides: bundled(npm(@testing-library/dom)) = 10.4.0 +Provides: bundled(npm(@testing-library/jest-dom)) = 6.5.0 +Provides: bundled(npm(@testing-library/react)) = 16.3.0 +Provides: bundled(npm(@testing-library/user-event)) = 14.5.2 +Provides: bundled(npm(@types/babel__core)) = 7.20.5 +Provides: bundled(npm(@types/babel__preset-env)) = 7.10.0 +Provides: bundled(npm(@types/chance)) = 1.1.7 +Provides: bundled(npm(@types/common-tags)) = 1.8.4 +Provides: bundled(npm(@types/confusing-browser-globals)) = 1.0.3 +Provides: bundled(npm(@types/d3)) = 7.4.3 +Provides: bundled(npm(@types/d3-force)) = 3.0.10 Provides: bundled(npm(@types/d3-interpolate)) = 3.0.1 -Provides: bundled(npm(@types/d3-scale-chromatic)) = 3.0.0 -Provides: bundled(npm(@types/debounce-promise)) = 3.1.6 -Provides: bundled(npm(@types/diff)) = 5.0.5 -Provides: bundled(npm(@types/dompurify)) = 2.4.0 -Provides: bundled(npm(@types/eslint)) = 8.44.0 -Provides: bundled(npm(@types/file-saver)) = 2.0.5 -Provides: bundled(npm(@types/glob)) = 7.2.0 -Provides: bundled(npm(@types/google.analytics)) = 0.0.42 -Provides: bundled(npm(@types/gtag.js)) = 0.0.12 +Provides: bundled(npm(@types/d3-random)) = 3.0.3 +Provides: bundled(npm(@types/d3-scale-chromatic)) = 3.1.0 +Provides: bundled(npm(@types/debounce-promise)) = 3.1.9 +Provides: bundled(npm(@types/eslint)) = 9.6.1 +Provides: bundled(npm(@types/eslint-scope)) = 3.7.7 +Provides: bundled(npm(@types/file-saver)) = 2.0.7 +Provides: bundled(npm(@types/fs-extra)) = 8.1.3 +Provides: bundled(npm(@types/google.analytics)) = 0.0.46 +Provides: bundled(npm(@types/gtag.js)) = 0.0.20 Provides: bundled(npm(@types/history)) = 4.7.11 -Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1 -Provides: bundled(npm(@types/is-hotkey)) = 0.1.7 -Provides: bundled(npm(@types/jest)) = 26.0.15 -Provides: bundled(npm(@types/jquery)) = 3.5.16 -Provides: bundled(npm(@types/js-yaml)) = 4.0.5 +Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.7 +Provides: bundled(npm(@types/ini)) = 4.1.1 +Provides: bundled(npm(@types/is-hotkey)) = 0.1.10 +Provides: bundled(npm(@types/jest)) = 29.5.14 +Provides: bundled(npm(@types/jquery)) = 3.5.33 +Provides: bundled(npm(@types/js-yaml)) = 4.0.9 Provides: bundled(npm(@types/jsurl)) = 1.2.30 -Provides: bundled(npm(@types/lodash)) = 4.14.195 -Provides: bundled(npm(@types/logfmt)) = 1.2.3 -Provides: bundled(npm(@types/lucene)) = 2.1.4 -Provides: bundled(npm(@types/marked)) = 5.0.1 -Provides: bundled(npm(@types/mock-raf)) = 1.0.3 -Provides: bundled(npm(@types/mousetrap)) = 1.6.11 -Provides: bundled(npm(@types/node)) = 14.18.36 -Provides: bundled(npm(@types/node-forge)) = 1.3.2 -Provides: bundled(npm(@types/ol-ext)) = 3.2.0 -Provides: bundled(npm(@types/papaparse)) = 5.3.7 -Provides: bundled(npm(@types/pluralize)) = 0.0.30 -Provides: bundled(npm(@types/prismjs)) = 1.26.0 -Provides: bundled(npm(@types/react)) = 18.0.28 -Provides: bundled(npm(@types/react-beautiful-dnd)) = 13.1.4 -Provides: bundled(npm(@types/react-calendar)) = 3.9.0 -Provides: bundled(npm(@types/react-color)) = 3.0.6 -Provides: bundled(npm(@types/react-dom)) = 18.2.7 -Provides: bundled(npm(@types/react-grid-layout)) = 1.3.2 -Provides: bundled(npm(@types/react-highlight-words)) = 0.16.4 -Provides: bundled(npm(@types/react-resizable)) = 3.0.4 +Provides: bundled(npm(@types/lodash)) = 4.17.7 +Provides: bundled(npm(@types/logfmt)) = 1.2.6 +Provides: bundled(npm(@types/lucene)) = 2.1.7 +Provides: bundled(npm(@types/mock-raf)) = 1.0.6 +Provides: bundled(npm(@types/node)) = 16.9.1 +Provides: bundled(npm(@types/node-forge)) = 1.3.13 +Provides: bundled(npm(@types/ol-ext)) = 3.3.0 +Provides: bundled(npm(@types/papaparse)) = 5.3.16 +Provides: bundled(npm(@types/pluralize)) = 0.0.33 +Provides: bundled(npm(@types/prismjs)) = 1.26.4 +Provides: bundled(npm(@types/react)) = 18.3.18 +Provides: bundled(npm(@types/react-color)) = 3.0.13 +Provides: bundled(npm(@types/react-dom)) = 18.3.5 +Provides: bundled(npm(@types/react-grid-layout)) = 1.3.5 +Provides: bundled(npm(@types/react-highlight-words)) = 0.20.0 +Provides: bundled(npm(@types/react-resizable)) = 3.0.8 +Provides: bundled(npm(@types/react-router)) = 5.1.20 Provides: bundled(npm(@types/react-router-dom)) = 5.3.3 -Provides: bundled(npm(@types/react-table)) = 7.7.14 -Provides: bundled(npm(@types/react-test-renderer)) = 18.0.0 -Provides: bundled(npm(@types/react-transition-group)) = 4.4.6 -Provides: bundled(npm(@types/react-virtualized-auto-sizer)) = 1.0.1 -Provides: bundled(npm(@types/react-window)) = 1.8.5 -Provides: bundled(npm(@types/react-window-infinite-loader)) = 1.0.6 -Provides: bundled(npm(@types/redux-mock-store)) = 1.0.3 -Provides: bundled(npm(@types/semver)) = 7.5.0 +Provides: bundled(npm(@types/react-table)) = 7.7.20 +Provides: bundled(npm(@types/react-transition-group)) = 4.4.12 +Provides: bundled(npm(@types/react-virtualized-auto-sizer)) = 1.0.8 +Provides: bundled(npm(@types/react-window)) = 1.8.8 +Provides: bundled(npm(@types/react-window-infinite-loader)) = 1.0.9 +Provides: bundled(npm(@types/redux-mock-store)) = 1.5.0 +Provides: bundled(npm(@types/semver)) = 7.5.8 Provides: bundled(npm(@types/slate)) = 0.47.11 -Provides: bundled(npm(@types/slate-plain-serializer)) = 0.7.2 +Provides: bundled(npm(@types/slate-plain-serializer)) = 0.7.5 Provides: bundled(npm(@types/slate-react)) = 0.22.9 -Provides: bundled(npm(@types/string-hash)) = 1.1.1 -Provides: bundled(npm(@types/systemjs)) = 6.13.1 -Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.14.8 -Provides: bundled(npm(@types/tinycolor2)) = 1.4.3 -Provides: bundled(npm(@types/trusted-types)) = 2.0.3 -Provides: bundled(npm(@types/uuid)) = 8.3.4 +Provides: bundled(npm(@types/string-hash)) = 1.1.3 +Provides: bundled(npm(@types/swagger-ui-react)) = 5.18.0 +Provides: bundled(npm(@types/systemjs)) = 6.15.3 +Provides: bundled(npm(@types/tinycolor2)) = 1.4.6 +Provides: bundled(npm(@types/uuid)) = 9.0.8 Provides: bundled(npm(@types/webpack-assets-manifest)) = 5.1.4 -Provides: bundled(npm(@types/webpack-env)) = 1.18.1 -Provides: bundled(npm(@types/yargs)) = 15.0.14 -Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 5.42.0 -Provides: bundled(npm(@typescript-eslint/parser)) = 5.42.0 -Provides: bundled(npm(@typescript-eslint/types)) = 5.42.0 -Provides: bundled(npm(@typescript-eslint/utils)) = 5.42.0 -Provides: bundled(npm(@visx/event)) = 3.3.0 -Provides: bundled(npm(@visx/gradient)) = 3.3.0 -Provides: bundled(npm(@visx/group)) = 3.3.0 -Provides: bundled(npm(@visx/scale)) = 3.3.0 -Provides: bundled(npm(@visx/shape)) = 3.3.0 -Provides: bundled(npm(@visx/tooltip)) = 3.3.0 -Provides: bundled(npm(@welldone-software/why-did-you-render)) = 7.0.1 -Provides: bundled(npm(angular)) = 1.8.3 -Provides: bundled(npm(angular-bindonce)) = 0.3.1 -Provides: bundled(npm(angular-route)) = 1.8.3 -Provides: bundled(npm(angular-sanitize)) = 1.8.3 -Provides: bundled(npm(ansicolor)) = 1.1.100 -Provides: bundled(npm(autoprefixer)) = 10.4.14 -Provides: bundled(npm(babel-jest)) = 29.6.4 -Provides: bundled(npm(babel-loader)) = 9.1.3 -Provides: bundled(npm(babel-plugin-angularjs-annotate)) = 0.10.0 -Provides: bundled(npm(babel-plugin-macros)) = 2.8.0 +Provides: bundled(npm(@types/webpack-bundle-analyzer)) = 4.7.0 +Provides: bundled(npm(@types/webpack-env)) = 1.18.8 +Provides: bundled(npm(@types/yargs)) = 17.0.33 +Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 8.38.0 +Provides: bundled(npm(@typescript-eslint/parser)) = 8.38.0 +Provides: bundled(npm(@typescript-eslint/types)) = 5.62.0 +Provides: bundled(npm(@typescript-eslint/utils)) = 5.62.0 +Provides: bundled(npm(@visx/event)) = 3.12.0 +Provides: bundled(npm(@visx/gradient)) = 3.12.0 +Provides: bundled(npm(@visx/group)) = 3.12.0 +Provides: bundled(npm(@visx/shape)) = 3.12.0 +Provides: bundled(npm(@visx/tooltip)) = 3.12.0 +Provides: bundled(npm(@welldone-software/why-did-you-render)) = 8.0.3 +Provides: bundled(npm(ansicolor)) = 2.0.3 +Provides: bundled(npm(autoprefixer)) = 10.4.21 +Provides: bundled(npm(babel-jest)) = 29.7.0 +Provides: bundled(npm(babel-loader)) = 10.0.0 Provides: bundled(npm(baron)) = 3.0.3 -Provides: bundled(npm(blink-diff)) = 1.0.13 -Provides: bundled(npm(blob-polyfill)) = 7.0.20220408 +Provides: bundled(npm(blob-polyfill)) = 9.0.20240710 Provides: bundled(npm(brace)) = 0.11.1 -Provides: bundled(npm(browserslist)) = 4.22.0 +Provides: bundled(npm(browserslist)) = 4.25.1 +Provides: bundled(npm(buffer)) = 5.7.1 Provides: bundled(npm(calculate-size)) = 1.1.1 -Provides: bundled(npm(centrifuge)) = 4.0.1 -Provides: bundled(npm(chance)) = 1.1.11 -Provides: bundled(npm(chrome-remote-interface)) = 0.33.0 -Provides: bundled(npm(classnames)) = 2.3.2 +Provides: bundled(npm(centrifuge)) = 5.5.2 +Provides: bundled(npm(chance)) = 1.1.13 +Provides: bundled(npm(chrome-remote-interface)) = 0.33.3 +Provides: bundled(npm(classnames)) = 2.5.1 +Provides: bundled(npm(clsx)) = 2.1.1 Provides: bundled(npm(codeowners)) = 5.1.1 Provides: bundled(npm(combokeys)) = 3.0.1 -Provides: bundled(npm(comlink)) = 4.4.1 -Provides: bundled(npm(commander)) = 2.11.0 +Provides: bundled(npm(comlink)) = 4.4.2 Provides: bundled(npm(common-tags)) = 1.8.2 -Provides: bundled(npm(copy-webpack-plugin)) = 11.0.0 +Provides: bundled(npm(confusing-browser-globals)) = 1.0.11 +Provides: bundled(npm(copy-webpack-plugin)) = 14.0.0 Provides: bundled(npm(core-js)) = 2.6.12 -Provides: bundled(npm(css-loader)) = 6.8.1 -Provides: bundled(npm(css-minimizer-webpack-plugin)) = 5.0.1 -Provides: bundled(npm(csstype)) = 2.6.18 -Provides: bundled(npm(cypress)) = 9.5.1 +Provides: bundled(npm(crashme)) = 0.0.15 +Provides: bundled(npm(croner)) = 9.1.0 +Provides: bundled(npm(css-loader)) = 6.10.0 +Provides: bundled(npm(css-minimizer-webpack-plugin)) = 8.0.0 +Provides: bundled(npm(csstype)) = 3.1.3 +Provides: bundled(npm(cypress)) = 14.3.2 Provides: bundled(npm(cypress-file-upload)) = 5.0.8 -Provides: bundled(npm(d3)) = 7.8.5 +Provides: bundled(npm(cypress-recurse)) = 1.37.1 +Provides: bundled(npm(d3)) = 7.9.0 Provides: bundled(npm(d3-force)) = 3.0.0 Provides: bundled(npm(d3-interpolate)) = 3.0.1 -Provides: bundled(npm(d3-scale-chromatic)) = 3.0.0 -Provides: bundled(npm(dangerously-set-html-content)) = 1.0.9 -Provides: bundled(npm(date-fns)) = 2.30.0 +Provides: bundled(npm(d3-random)) = 3.0.1 +Provides: bundled(npm(d3-scale-chromatic)) = 3.1.0 +Provides: bundled(npm(dangerously-set-html-content)) = 1.1.0 +Provides: bundled(npm(date-fns)) = 4.1.0 Provides: bundled(npm(debounce-promise)) = 3.1.2 -Provides: bundled(npm(devtools-protocol)) = 0.0.927104 -Provides: bundled(npm(diff)) = 4.0.2 -Provides: bundled(npm(dompurify)) = 2.5.7 -Provides: bundled(npm(emotion)) = 10.0.27 -Provides: bundled(npm(esbuild)) = 0.17.19 -Provides: bundled(npm(esbuild-loader)) = 3.0.1 -Provides: bundled(npm(esbuild-plugin-browserslist)) = 0.8.1 -Provides: bundled(npm(eslint)) = 8.42.0 -Provides: bundled(npm(eslint-config-prettier)) = 8.8.0 -Provides: bundled(npm(eslint-plugin-import)) = 2.27.5 -Provides: bundled(npm(eslint-plugin-jest)) = 27.6.0 -Provides: bundled(npm(eslint-plugin-jsdoc)) = 46.2.6 -Provides: bundled(npm(eslint-plugin-jsx-a11y)) = 6.7.1 -Provides: bundled(npm(eslint-plugin-lodash)) = 7.4.0 -Provides: bundled(npm(eslint-plugin-react)) = 7.32.2 -Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.0 -Provides: bundled(npm(eslint-webpack-plugin)) = 4.0.0 +Provides: bundled(npm(diff)) = 4.0.4 +Provides: bundled(npm(dompurify)) = 3.3.0 +Provides: bundled(npm(downsample)) = 1.4.0 +Provides: bundled(npm(downshift)) = 9.0.13 +Provides: bundled(npm(enquirer)) = 2.3.6 +Provides: bundled(npm(esbuild)) = 0.25.8 +Provides: bundled(npm(esbuild-loader)) = 4.3.0 +Provides: bundled(npm(esbuild-plugin-browserslist)) = 1.0.1 +Provides: bundled(npm(eslint)) = 9.32.0 +Provides: bundled(npm(eslint-config-prettier)) = 10.1.8 +Provides: bundled(npm(eslint-plugin-import)) = 2.32.0 +Provides: bundled(npm(eslint-plugin-jest)) = 29.0.1 +Provides: bundled(npm(eslint-plugin-jest-dom)) = 5.5.0 +Provides: bundled(npm(eslint-plugin-jsdoc)) = 52.0.2 +Provides: bundled(npm(eslint-plugin-jsx-a11y)) = 6.10.2 +Provides: bundled(npm(eslint-plugin-lodash)) = 8.0.0 +Provides: bundled(npm(eslint-plugin-no-barrel-files)) = 1.2.2 +Provides: bundled(npm(eslint-plugin-react)) = 7.37.5 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 5.2.0 +Provides: bundled(npm(eslint-plugin-react-prefer-function-component)) = 4.0.1 +Provides: bundled(npm(eslint-plugin-testing-library)) = 7.1.1 +Provides: bundled(npm(eslint-plugin-unicorn)) = 56.0.1 +Provides: bundled(npm(eslint-scope)) = 5.1.1 +Provides: bundled(npm(eslint-webpack-plugin)) = 5.0.2 Provides: bundled(npm(eventemitter3)) = 4.0.7 -Provides: bundled(npm(execa)) = 4.1.0 -Provides: bundled(npm(expose-loader)) = 4.1.0 +Provides: bundled(npm(events)) = 3.3.0 +Provides: bundled(npm(expose-loader)) = 5.0.1 Provides: bundled(npm(fast-deep-equal)) = 3.1.3 Provides: bundled(npm(fast-json-patch)) = 3.1.1 Provides: bundled(npm(fast_array_intersect)) = 1.1.0 Provides: bundled(npm(file-saver)) = 2.0.5 +Provides: bundled(npm(fishery)) = 2.3.1 Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 8.0.0 -Provides: bundled(npm(framework-utils)) = 1.1.0 -Provides: bundled(npm(glob)) = 7.1.4 +Provides: bundled(npm(fs-extra)) = 8.1.0 +Provides: bundled(npm(github-codeowners)) = 0.2.1 +Provides: bundled(npm(glob)) = 7.2.3 Provides: bundled(npm(history)) = 4.10.1 Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 -Provides: bundled(npm(html-loader)) = 4.2.0 -Provides: bundled(npm(html-webpack-plugin)) = 5.5.3 +Provides: bundled(npm(html-loader)) = 5.1.0 +Provides: bundled(npm(html-webpack-plugin)) = 5.6.3 Provides: bundled(npm(http-server)) = 14.1.1 -Provides: bundled(npm(i18next)) = 21.9.2 -Provides: bundled(npm(i18next-browser-languagedetector)) = 7.0.2 -Provides: bundled(npm(i18next-parser)) = 6.6.0 -Provides: bundled(npm(immer)) = 9.0.21 +Provides: bundled(npm(i18next)) = 19.9.2 +Provides: bundled(npm(i18next-browser-languagedetector)) = 8.2.0 +Provides: bundled(npm(i18next-cli)) = 1.24.22 +Provides: bundled(npm(i18next-pseudo)) = 2.2.1 +Provides: bundled(npm(identity-obj-proxy)) = 3.0.0 +Provides: bundled(npm(immer)) = 10.2.0 Provides: bundled(npm(immutable)) = 3.8.2 +Provides: bundled(npm(imports-loader)) = 5.0.0 +Provides: bundled(npm(infinite-viewer)) = 0.29.1 +Provides: bundled(npm(ini)) = 1.3.8 Provides: bundled(npm(is-hotkey)) = 0.1.4 -Provides: bundled(npm(jest)) = 29.3.1 +Provides: bundled(npm(ix)) = 7.0.0 +Provides: bundled(npm(jest)) = 29.7.0 Provides: bundled(npm(jest-canvas-mock)) = 2.5.2 -Provides: bundled(npm(jest-date-mock)) = 1.0.8 -Provides: bundled(npm(jest-environment-jsdom)) = 29.3.1 -Provides: bundled(npm(jest-fail-on-console)) = 3.1.1 +Provides: bundled(npm(jest-date-mock)) = 1.0.10 +Provides: bundled(npm(jest-environment-jsdom)) = 29.7.0 +Provides: bundled(npm(jest-fail-on-console)) = 3.3.1 Provides: bundled(npm(jest-junit)) = 16.0.0 -Provides: bundled(npm(jest-matcher-utils)) = 29.6.4 -Provides: bundled(npm(jquery)) = 3.7.0 -Provides: bundled(npm(js-yaml)) = 3.14.1 +Provides: bundled(npm(jest-matcher-utils)) = 29.7.0 +Provides: bundled(npm(jest-monocart-coverage)) = 1.1.1 +Provides: bundled(npm(jest-watch-typeahead)) = 2.2.2 +Provides: bundled(npm(jimp)) = 1.6.0 +Provides: bundled(npm(jquery)) = 3.7.1 +Provides: bundled(npm(js-yaml)) = 3.14.2 +Provides: bundled(npm(jsdom-testing-mocks)) = 1.15.2 Provides: bundled(npm(json-markup)) = 1.1.4 Provides: bundled(npm(json-source-map)) = 0.6.1 Provides: bundled(npm(jsurl)) = 0.1.5 -Provides: bundled(npm(kbar)) = 0.1.0b44 -Provides: bundled(npm(lerna)) = 7.4.1 -Provides: bundled(npm(lodash)) = 4.17.21 -Provides: bundled(npm(logfmt)) = 1.3.2 +Provides: bundled(npm(kbar)) = 0.1.0b48 +Provides: bundled(npm(lerna)) = 9.0.3 +Provides: bundled(npm(leven)) = 3.1.0 +Provides: bundled(npm(lodash)) = 4.17.23 +Provides: bundled(npm(logfmt)) = 1.4.0 +Provides: bundled(npm(lossless-json)) = 4.3.0 Provides: bundled(npm(lru-cache)) = 5.1.1 Provides: bundled(npm(lru-memoize)) = 1.1.0 Provides: bundled(npm(lucene)) = 2.1.1 -Provides: bundled(npm(marked)) = 5.1.1 -Provides: bundled(npm(marked-mangle)) = 1.1.0 +Provides: bundled(npm(madge)) = 8.0.0 +Provides: bundled(npm(marked)) = 9.1.6 +Provides: bundled(npm(marked-mangle)) = 1.1.12 Provides: bundled(npm(memoize-one)) = 4.0.3 -Provides: bundled(npm(micro-memoize)) = 4.1.2 -Provides: bundled(npm(mini-css-extract-plugin)) = 2.7.6 -Provides: bundled(npm(ml-regression-polynomial)) = 3.0.0 -Provides: bundled(npm(ml-regression-simple-linear)) = 3.0.0 -Provides: bundled(npm(mocha)) = 10.2.0 +Provides: bundled(npm(micro-memoize)) = 4.2.0 +Provides: bundled(npm(mini-css-extract-plugin)) = 2.9.2 +Provides: bundled(npm(ml-regression-polynomial)) = 3.0.2 +Provides: bundled(npm(ml-regression-simple-linear)) = 3.0.1 Provides: bundled(npm(mock-raf)) = 1.0.1 -Provides: bundled(npm(moment)) = 2.29.4 -Provides: bundled(npm(moment-timezone)) = 0.5.43 -Provides: bundled(npm(monaco-editor)) = 0.34.0 -Provides: bundled(npm(monaco-promql)) = 1.7.4 -Provides: bundled(npm(mousetrap)) = 1.6.5 -Provides: bundled(npm(mousetrap-global-bind)) = 1.1.0 -Provides: bundled(npm(moveable)) = 0.43.1 -Provides: bundled(npm(msw)) = 1.3.2 +Provides: bundled(npm(moment)) = 2.30.1 +Provides: bundled(npm(moment-timezone)) = 0.5.47 +Provides: bundled(npm(monaco-editor)) = 0.34.1 +Provides: bundled(npm(monaco-promql)) = 1.8.0 +Provides: bundled(npm(moveable)) = 0.53.0 +Provides: bundled(npm(msw)) = 2.10.4 +Provides: bundled(npm(msw-storybook-addon)) = 2.0.5 Provides: bundled(npm(mutationobserver-shim)) = 0.3.7 -Provides: bundled(npm(ngtemplate-loader)) = 2.1.0 -Provides: bundled(npm(node-forge)) = 1.3.1 +Provides: bundled(npm(nanoid)) = 3.3.11 +Provides: bundled(npm(node-forge)) = 1.3.3 Provides: bundled(npm(node-notifier)) = 10.0.1 -Provides: bundled(npm(ol)) = 7.4.0 -Provides: bundled(npm(ol-ext)) = 4.0.10 -Provides: bundled(npm(papaparse)) = 5.4.1 +Provides: bundled(npm(nx)) = 21.3.11 +Provides: bundled(npm(ol)) = 10.7.0 +Provides: bundled(npm(ol-ext)) = 4.0.36 +Provides: bundled(npm(ol-mapbox-style)) = 13.1.1 +Provides: bundled(npm(open)) = 8.4.2 +Provides: bundled(npm(openapi-types)) = 12.1.3 +Provides: bundled(npm(ora)) = 5.3.0 +Provides: bundled(npm(pa11y-ci)) = 4.0.0 +Provides: bundled(npm(papaparse)) = 5.5.3 +Provides: bundled(npm(pdf-parse)) = 1.1.1 +Provides: bundled(npm(plop)) = 4.0.1 Provides: bundled(npm(pluralize)) = 8.0.0 -Provides: bundled(npm(postcss)) = 8.4.31 -Provides: bundled(npm(postcss-loader)) = 7.3.3 -Provides: bundled(npm(postcss-reporter)) = 7.0.5 -Provides: bundled(npm(postcss-scss)) = 4.0.6 -Provides: bundled(npm(prettier)) = 2.8.7 -Provides: bundled(npm(prismjs)) = 1.27.0 +Provides: bundled(npm(postcss)) = 8.5.6 +Provides: bundled(npm(postcss-loader)) = 8.1.1 +Provides: bundled(npm(postcss-reporter)) = 7.1.0 +Provides: bundled(npm(postcss-scss)) = 4.0.9 +Provides: bundled(npm(prettier)) = 3.6.2 +Provides: bundled(npm(prismjs)) = 1.30.0 Provides: bundled(npm(process)) = 0.11.10 -Provides: bundled(npm(prop-types)) = 15.8.1 -Provides: bundled(npm(pseudoizer)) = 0.1.0 -Provides: bundled(npm(rc-cascader)) = 3.20.0 -Provides: bundled(npm(rc-drawer)) = 6.5.2 -Provides: bundled(npm(rc-slider)) = 10.3.1 -Provides: bundled(npm(rc-time-picker)) = 3.7.3 -Provides: bundled(npm(rc-tooltip)) = 6.1.1 -Provides: bundled(npm(rc-tree)) = 5.8.0 -Provides: bundled(npm(re-resizable)) = 6.9.9 -Provides: bundled(npm(react)) = 18.2.0 -Provides: bundled(npm(react-beautiful-dnd)) = 13.1.1 -Provides: bundled(npm(react-calendar)) = 4.6.0 +Provides: bundled(npm(prom-client)) = 15.1.3 +Provides: bundled(npm(publint)) = 0.3.12 +Provides: bundled(npm(re-resizable)) = 6.11.2 +Provides: bundled(npm(react)) = 18.3.1 +Provides: bundled(npm(react-calendar)) = 4.8.0 Provides: bundled(npm(react-colorful)) = 5.6.1 Provides: bundled(npm(react-custom-scrollbars-2)) = 4.5.0 -Provides: bundled(npm(react-diff-viewer)) = 3.1.1 -Provides: bundled(npm(react-dom)) = 18.2.0 -Provides: bundled(npm(react-draggable)) = 4.4.5 -Provides: bundled(npm(react-dropzone)) = 14.2.3 -Provides: bundled(npm(react-grid-layout)) = 1.3.4 -Provides: bundled(npm(react-highlight-words)) = 0.20.0 -Provides: bundled(npm(react-hook-form)) = 7.5.3 -Provides: bundled(npm(react-i18next)) = 12.0.0 -Provides: bundled(npm(react-inlinesvg)) = 3.0.2 -Provides: bundled(npm(react-loading-skeleton)) = 3.3.1 -Provides: bundled(npm(react-moveable)) = 0.46.1 -Provides: bundled(npm(react-popper)) = 2.3.0 -Provides: bundled(npm(react-popper-tooltip)) = 4.4.2 -Provides: bundled(npm(react-redux)) = 7.2.8 -Provides: bundled(npm(react-refresh)) = 0.11.0 +Provides: bundled(npm(react-diff-viewer-continued)) = 3.4.0 +Provides: bundled(npm(react-dom)) = 18.3.1 +Provides: bundled(npm(react-draggable)) = 4.5.0 +Provides: bundled(npm(react-dropzone)) = 14.3.8 +Provides: bundled(npm(react-grid-layout)) = 1.4.4 +Provides: bundled(npm(react-highlight-words)) = 0.21.0 +Provides: bundled(npm(react-hook-form)) = 7.62.0 +Provides: bundled(npm(react-i18next)) = 15.6.1 +Provides: bundled(npm(react-inlinesvg)) = 4.2.0 +Provides: bundled(npm(react-loading-skeleton)) = 3.5.0 +Provides: bundled(npm(react-moveable)) = 0.56.0 +Provides: bundled(npm(react-redux)) = 8.1.3 +Provides: bundled(npm(react-refresh)) = 0.14.0 Provides: bundled(npm(react-resizable)) = 3.0.5 Provides: bundled(npm(react-responsive-carousel)) = 3.2.23 -Provides: bundled(npm(react-router-dom)) = 5.3.3 -Provides: bundled(npm(react-router-dom-v5-compat)) = 6.10.0 -Provides: bundled(npm(react-select)) = 5.7.4 +Provides: bundled(npm(react-router)) = 5.3.4 +Provides: bundled(npm(react-router-dom)) = 5.3.4 +Provides: bundled(npm(react-router-dom-v5-compat)) = 6.30.3 +Provides: bundled(npm(react-select)) = 5.10.2 Provides: bundled(npm(react-select-event)) = 5.5.1 -Provides: bundled(npm(react-simple-compat)) = 1.2.3 Provides: bundled(npm(react-split-pane)) = 0.1.92 Provides: bundled(npm(react-table)) = 7.8.0 -Provides: bundled(npm(react-test-renderer)) = 18.2.0 Provides: bundled(npm(react-transition-group)) = 4.4.5 -Provides: bundled(npm(react-use)) = 17.4.0 +Provides: bundled(npm(react-use)) = 17.5.0 Provides: bundled(npm(react-virtual)) = 2.10.4 -Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.7 -Provides: bundled(npm(react-window)) = 1.8.9 -Provides: bundled(npm(react-window-infinite-loader)) = 1.0.9 -Provides: bundled(npm(redux)) = 4.2.1 -Provides: bundled(npm(redux-mock-store)) = 1.5.4 -Provides: bundled(npm(redux-thunk)) = 2.4.2 -Provides: bundled(npm(regenerator-runtime)) = 0.11.1 +Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.24 +Provides: bundled(npm(react-window)) = 1.8.11 +Provides: bundled(npm(react-window-infinite-loader)) = 1.0.10 +Provides: bundled(npm(reduce-reducers)) = 1.0.4 +Provides: bundled(npm(redux)) = 5.0.1 +Provides: bundled(npm(redux-mock-store)) = 1.5.5 +Provides: bundled(npm(redux-thunk)) = 3.1.0 +Provides: bundled(npm(regenerator-runtime)) = 0.13.11 Provides: bundled(npm(replace-in-file-webpack-plugin)) = 1.0.6 -Provides: bundled(npm(reselect)) = 4.1.8 -Provides: bundled(npm(resolve-bin)) = 1.0.1 -Provides: bundled(npm(rimraf)) = 2.6.3 -Provides: bundled(npm(rollup)) = 2.79.1 +Provides: bundled(npm(reselect)) = 5.1.1 +Provides: bundled(npm(rimraf)) = 2.7.1 +Provides: bundled(npm(rollup)) = 4.46.1 Provides: bundled(npm(rollup-plugin-copy)) = 3.5.0 -Provides: bundled(npm(rollup-plugin-dts)) = 5.3.0 -Provides: bundled(npm(rollup-plugin-esbuild)) = 5.0.0 -Provides: bundled(npm(rollup-plugin-node-externals)) = 5.0.2 +Provides: bundled(npm(rollup-plugin-esbuild)) = 6.2.1 +Provides: bundled(npm(rollup-plugin-node-externals)) = 8.0.1 Provides: bundled(npm(rollup-plugin-sourcemaps)) = 0.6.3 -Provides: bundled(npm(rollup-plugin-terser)) = 7.0.2 -Provides: bundled(npm(rudder-sdk-js)) = 2.43.0 +Provides: bundled(npm(rollup-plugin-svg-import)) = 3.0.0 Provides: bundled(npm(rxjs)) = 7.8.1 -Provides: bundled(npm(sass)) = 1.69.4 -Provides: bundled(npm(sass-loader)) = 13.3.2 -Provides: bundled(npm(selecto)) = 1.26.0 +Provides: bundled(npm(sass)) = 1.89.2 +Provides: bundled(npm(sass-loader)) = 16.0.5 +Provides: bundled(npm(selecto)) = 1.26.3 Provides: bundled(npm(semver)) = 5.7.2 Provides: bundled(npm(slate)) = 0.47.9 Provides: bundled(npm(slate-plain-serializer)) = 0.7.13 Provides: bundled(npm(slate-react)) = 0.22.10 +Provides: bundled(npm(smtp-tester)) = 2.1.0 Provides: bundled(npm(sql-formatter-plus)) = 1.3.6 -Provides: bundled(npm(storybook)) = 7.4.5 -Provides: bundled(npm(storybook-addon-turbo-build)) = 2.0.1 -Provides: bundled(npm(storybook-dark-mode)) = 3.0.1 +Provides: bundled(npm(storybook)) = 8.6.18 +Provides: bundled(npm(stream-browserify)) = 3.0.0 Provides: bundled(npm(string-hash)) = 1.1.3 -Provides: bundled(npm(style-loader)) = 3.3.3 -Provides: bundled(npm(stylelint)) = 15.11.0 -Provides: bundled(npm(stylelint-config-prettier)) = 9.0.5 -Provides: bundled(npm(stylelint-config-sass-guidelines)) = 10.0.0 -Provides: bundled(npm(swc-loader)) = 0.2.3 +Provides: bundled(npm(string_decoder)) = 0.10.31 +Provides: bundled(npm(style-loader)) = 3.3.4 +Provides: bundled(npm(stylelint)) = 16.23.0 +Provides: bundled(npm(stylelint-config-sass-guidelines)) = 12.1.0 +Provides: bundled(npm(swagger-ui-react)) = 5.30.3 +Provides: bundled(npm(swc-loader)) = 0.2.6 Provides: bundled(npm(symbol-observable)) = 4.0.0 -Provides: bundled(npm(systemjs)) = 6.14.2 -Provides: bundled(npm(systemjs-cjs-extra)) = 0.2.0 -Provides: bundled(npm(terser-webpack-plugin)) = 5.3.9 +Provides: bundled(npm(systemjs)) = 6.15.1 +Provides: bundled(npm(terser-webpack-plugin)) = 5.4.0 Provides: bundled(npm(testing-library-selector)) = 0.3.1 -Provides: bundled(npm(tether-drop)) = 1.5.0 Provides: bundled(npm(tinycolor2)) = 1.6.0 Provides: bundled(npm(tracelib)) = 1.0.1 -Provides: bundled(npm(ts-jest)) = 29.0.5 -Provides: bundled(npm(ts-loader)) = 8.4.0 -Provides: bundled(npm(ts-node)) = 10.9.1 +Provides: bundled(npm(ts-jest)) = 29.4.0 +Provides: bundled(npm(ts-node)) = 10.9.2 Provides: bundled(npm(tslib)) = 1.14.1 +Provides: bundled(npm(tsx)) = 4.21.0 Provides: bundled(npm(tween-functions)) = 1.2.0 -Provides: bundled(npm(typescript)) = 4.8.4 -Provides: bundled(npm(uplot)) = 1.6.27 -Provides: bundled(npm(uuid)) = 3.4.0 -Provides: bundled(npm(visjs-network)) = 4.25.0 -Provides: bundled(npm(webpack)) = 5.76.0 -Provides: bundled(npm(webpack-assets-manifest)) = 5.1.0 -Provides: bundled(npm(webpack-bundle-analyzer)) = 4.9.0 -Provides: bundled(npm(webpack-cli)) = 5.1.4 -Provides: bundled(npm(webpack-dev-server)) = 4.15.1 -Provides: bundled(npm(webpack-manifest-plugin)) = 5.0.0 -Provides: bundled(npm(webpack-merge)) = 5.9.0 -Provides: bundled(npm(whatwg-fetch)) = 3.6.2 -Provides: bundled(npm(xlsx)) = 0.19.1 -Provides: bundled(npm(xss)) = 1.0.14 +Provides: bundled(npm(type-fest)) = 0.4.1 +Provides: bundled(npm(typescript)) = 5.5.4 +Provides: bundled(npm(uplot)) = 1.6.32 +Provides: bundled(npm(uuid)) = 8.3.2 +Provides: bundled(npm(uwrap)) = 0.1.2 +Provides: bundled(npm(vis-data)) = 8.0.3 +Provides: bundled(npm(vis-network)) = 10.0.2 +Provides: bundled(npm(webpack)) = 5.101.0 +Provides: bundled(npm(webpack-assets-manifest)) = 5.2.1 +Provides: bundled(npm(webpack-bundle-analyzer)) = 4.10.2 +Provides: bundled(npm(webpack-cli)) = 6.0.1 +Provides: bundled(npm(webpack-livereload-plugin)) = 3.0.2 +Provides: bundled(npm(webpack-manifest-plugin)) = 5.0.1 +Provides: bundled(npm(webpack-merge)) = 5.10.0 +Provides: bundled(npm(webpack-subresource-integrity)) = 5.2.0rc1 +Provides: bundled(npm(webpack-virtual-modules)) = 0.5.0 +Provides: bundled(npm(webpackbar)) = 7.0.0 +Provides: bundled(npm(whatwg-fetch)) = 3.6.20 +Provides: bundled(npm(xss)) = 1.0.15 Provides: bundled(npm(yaml)) = 1.10.2 -Provides: bundled(npm(yargs)) = 16.2.0 +Provides: bundled(npm(yargs)) = 15.4.1 +Provides: bundled(npm(zod)) = 3.25.76 %description @@ -756,9 +887,6 @@ SELinux policy module supporting grafana %setup -q -T -D -b 0 %setup -q -T -D -b 1 %if %{compile_frontend} == 0 -# remove bundled plugins source, otherwise they'll get merged -# with the compiled bundled plugins when extracting the webpack -rm -r plugins-bundled %setup -q -T -D -b 2 %endif @@ -771,12 +899,6 @@ rm -r plugins-bundled %patch -P 7 -p1 %patch -P 8 -p1 %patch -P 9 -p1 -%patch -P 10 -p1 -%patch -P 11 -p1 -%patch -P 12 -p1 -%patch -P 13 -p1 -%patch -P 14 -p1 -%patch -P 15 -p1 %patch -P 1001 -p1 %if %{enable_fips_mode} @@ -785,7 +907,6 @@ rm -r plugins-bundled %ifarch s390x i686 armv7hl %patch -P 1003 -p1 %endif -%patch -P 1004 -p1 %build @@ -817,9 +938,10 @@ bzip2 -9 grafana.pp install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_datadir}/%{name} install -d %{buildroot}%{_libexecdir}/%{name} -cp -a conf public plugins-bundled %{buildroot}%{_datadir}/%{name} +cp -a conf public %{buildroot}%{_datadir}/%{name} rm -f %{buildroot}%{_datadir}/%{name}/public/img/icons/.gitignore rm -f %{buildroot}%{_datadir}/%{name}/public/lib/.gitignore +find %{buildroot}%{_datadir}/%{name}/public -name "*.svg" -exec chmod 0644 {} + # wrappers install -p -m 755 packaging/wrappers/grafana-cli %{buildroot}%{_sbindir}/%{name}-cli @@ -969,6 +1091,7 @@ export GOEXPERIMENT=boringcrypto # Grafana configuration to dynamically create /run/grafana/grafana.pid on tmpfs %{_tmpfilesdir}/%{name}.conf +%ghost %attr(0755, %{GRAFANA_USER}, %{GRAFANA_GROUP}) %dir /run/grafana # systemd-sysusers configuration file %{_sysusersdir}/%{name}.conf @@ -977,13 +1100,14 @@ export GOEXPERIMENT=boringcrypto %attr(0755, %{GRAFANA_USER}, %{GRAFANA_GROUP}) %dir %{_localstatedir}/log/%{name} # man pages for grafana binaries +%{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-server.1* %{_mandir}/man1/%{name}-cli.1* # other docs and license %license LICENSE LICENSING.md NOTICE.md -%doc CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md ISSUE_TRIAGE.md MAINTAINERS.md -%doc README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md +%doc AGENTS.md CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md MAINTAINERS.md +%doc README.md ROADMAP.md SUPPORT.md WORKFLOW.md # SELinux policy %pre selinux @@ -1021,6 +1145,9 @@ done %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/*/active/modules/200/grafana %changelog +* Fri May 29 2026 Sam Feifer 12.4.3-1 +- Resolves RHEL-171604: Rebase to upstream version 12.4.3 + * Tue Apr 21 2026 Sam Feifer 10.2.6-26 - Resolves RHEL-161792: CVE-2026-27877 - Resolves RHEL-166318: CVE-2026-33810 diff --git a/grafana.te b/grafana.te index a536e21..604354d 100644 --- a/grafana.te +++ b/grafana.te @@ -157,8 +157,10 @@ optional_policy(` require { type proc_net_t; class lnk_file { read }; + class file { read open }; } allow grafana_t proc_net_t:lnk_file read; + allow grafana_t proc_net_t:file { read open }; ') optional_policy(` diff --git a/sources b/sources index 34d1b22..b971475 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (grafana-10.2.6.tar.gz) = 7244f4cb6572fe0403e6224f7247fbb273bbd1f359ee706a82001f0d409fb375d113f1cb24a657e845b93eb55ee98e1d7ae713e767c219f4d3b00eaf5c73d28e -SHA512 (grafana-webpack-10.2.6-15.tar.gz) = 7e4a0f962bc0dbf0fffbc31599870c4099e421d4505644be0a412b26043dc7adb37e81f7b24621731f96d3c8a652009a9eef8cf68dd03e1351dc309fd87a1e6f -SHA512 (grafana-vendor-10.2.6-15.tar.xz) = 1db5bedbbc84fecad9d07f9a44db0c17c9472387bdd0d58877415c756015dc579f109c1ae43a21ae97da5625806747ddd00b5f31be7965adabd316b1d6e943e1 +SHA512 (grafana-12.4.3.tar.gz) = 0843827a6b1d959ad71018d04b6939dc63f604121988a9054a24d26756b18e1ef623feb5e11440290b686e5a0303545d89711793a957db77affd34843dd22036 +SHA512 (grafana-vendor-12.4.3-1.tar.xz) = 8894bb10ce438aa747249addacc831330975b95081f46cbb7f0c270f7b43daa788fd498be51538b07f494d035d35d91a0418a53e6c610f110da45c8bc71d7176 +SHA512 (grafana-webpack-12.4.3-1.tar.gz) = 938b23ad8c0a5fa640f7aaffdfba667930a9713a518bf5935e0bf6092ae8c4fa5378808899a9f1af503c88e8805d228956996df32795fa41d2fdba46038fb26d