Open
Conversation
merge branch `main` into `release/v0.52`
Release v0.52.0-beta.2
* Release v0.52.0-beta.0 (perses#3121) Signed-off-by: Augustin Husson <husson.augustin@gmail.com> * Release v0.52.0-beta.1 (perses#3155) Signed-off-by: Augustin Husson <husson.augustin@gmail.com> * Merge pull request perses#3170 from perses/nexucis/release Release v0.52.0-beta.2 --------- Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ed files (perses#3179) Signed-off-by: Gabriel Bernal <gbernal@redhat.com>
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.26.0 to 0.27.0. - [Commits](golang/mod@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.27.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps cuelang.org/go from 0.14.0 to 0.14.1. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-version: 0.14.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
Bumps [github.com/perses/plugins/prometheus](https://github.com/perses/plugins) from 0.51.0 to 0.52.1. - [Release notes](https://github.com/perses/plugins/releases) - [Changelog](https://github.com/perses/plugins/blob/main/RELEASE.md) - [Commits](perses/plugins@tempo/v0.51.0...tempo/v0.52.1) --- updated-dependencies: - dependency-name: github.com/perses/plugins/prometheus dependency-version: 0.52.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ses#3194) Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Bumps the k8s-io group with 2 updates in the / directory: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.33.3 to 0.33.4 - [Commits](kubernetes/api@v0.33.3...v0.33.4) Updates `k8s.io/apimachinery` from 0.33.3 to 0.33.4 - [Commits](kubernetes/apimachinery@v0.33.3...v0.33.4) Updates `k8s.io/client-go` from 0.33.3 to 0.33.4 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.33.3...v0.33.4) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/perses/plugins/prometheus](https://github.com/perses/plugins) from 0.51.0 to 0.52.1. - [Release notes](https://github.com/perses/plugins/releases) - [Changelog](https://github.com/perses/plugins/blob/main/RELEASE.md) - [Commits](perses/plugins@tempo/v0.51.0...tempo/v0.52.1) --- updated-dependencies: - dependency-name: github.com/perses/plugins/prometheus dependency-version: 0.52.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s#3192) Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
…#3206) Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
This component is useful for panel plugins which add custom panel actions. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
…modified (perses#3190) * [ENHANCEMENT] CLI/PLUGIN: schema files are watched and reloaded when modified Signed-off-by: Augustin Husson <husson.augustin@gmail.com> * fix endpoint & mutex usage Signed-off-by: Augustin Husson <husson.augustin@gmail.com> --------- Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Log a warning instead of throwing an exception if <RouterProvider> is not present. Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
perses#3163) * Add LogQuery support and related data structures and queries Signed-off-by: Alexander Belyakin <21216343+abelyakin@users.noreply.github.com> * fix test to suppor log queries Signed-off-by: Alexander Belyakin <21216343+abelyakin@users.noreply.github.com> * Update ui/core/src/model/log-data.ts Co-authored-by: Gabriel Bernal <gabrielbernalp@gmail.com> Signed-off-by: Alexander Belyakin <21216343+abelyakin@users.noreply.github.com> * Remove LogStream interface from log-data Signed-off-by: Alexander Belyakin <21216343+abelyakin@users.noreply.github.com> --------- Signed-off-by: Alexander Belyakin <21216343+abelyakin@users.noreply.github.com> Co-authored-by: Gabriel Bernal <gabrielbernalp@gmail.com>
Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
…erses#3217) * Allow direct datasource queries without trailing path Signed-off-by: RokibulHasan7 <mdrokibulhasan@appscode.com> * Fix test Signed-off-by: RokibulHasan7 <mdrokibulhasan@appscode.com> --------- Signed-off-by: RokibulHasan7 <mdrokibulhasan@appscode.com>
* [IGNORE] Remove plugin-specific migration tests Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> * fix e2e test Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> * fix percli test Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> * misc Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> --------- Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr>
… Plugins (perses#3203) Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
* [IGNORE] update CODEOWNERS Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> * update following reviews Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> --------- Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
…gh (perses#3618) * [BUGFIX] Ensure that oauth state in case of oauth / oidc is long enough Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com> Co-authored-by: Augustin Husson <husson.augustin@gmail.com> Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com> * use string formater Signed-off-by: Augustin Husson <husson.augustin@gmail.com> --------- Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com> Signed-off-by: Augustin Husson <husson.augustin@gmail.com> Co-authored-by: Augustin Husson <husson.augustin@gmail.com>
…tant project config (perses#3644) Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
* [FEATURE] Implement OIDC RP initiated logout Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com> * [DOC] Azure AD -> Entra ID and add logout diclaimer Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com> --------- Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com>
Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
… state for oauth/oidc (perses#3652) Signed-off-by: Celian GARCIA <celian.garcia@amadeus.com>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| string(HoursUnit), string(DaysUnit), string(WeeksUnit), string(MonthsUnit), | ||
| string(YearsUnit), string(PercentUnit), string(PercentDecimalUnit), DecimalUnit, string(BinaryBytesUnit), string(DecimalBytesUnit), | ||
| string(BitsPerSecondsUnit), string(BytesPerSecondsUnit), string(BytesDecPerSecondsUnit), string(CountsPerSecondsUnit), string(EventsPerSecondsUnit), | ||
| string(BitsPerSecondsUnit), string(BitsDecPerSecondsUnit), string(BytesPerSecondsUnit), string(BytesDecPerSecondsUnit), string(CountsPerSecondsUnit), string(EventsPerSecondsUnit), |
There was a problem hiding this comment.
Bug: New bits format units missing from validation switch
The newly added BinaryBitsUnit ("bits") and DecimalBitsUnit ("decbits") constants are defined but not included in the validate() function's switch case. When users attempt to use these new format units, validation will incorrectly fail with "unknown format" error even though the units are valid and defined in the constants. The BitsDecPerSecondsUnit throughput unit was added to validation, but the corresponding bits format units were overlooked.
| if err != nil { | ||
| logrus.WithError(err).Error("Failed to parse end session endpoint") | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
Bug: Missing check for empty OIDC end session endpoint
When provider.Logout.Enabled is true but the OIDC provider doesn't expose an end_session_endpoint in its discovery document, rp.GetEndSessionEndpoint() returns an empty string. The call to url.Parse("") succeeds without error, causing the handler to be created. At logout time, this results in a redirect to a URL like ?post_logout_redirect_uri=... without a host or scheme, causing unexpected behavior. There's no validation that the endpoint URL is non-empty before creating the logout handler.
OrReuben
approved these changes
Dec 4, 2025
OrReuben
left a comment
OrReuben
left a comment
There was a problem hiding this comment.
LGTM, in Gaia Hermes repo please also update all of the plugins from their versions on the file I commented on.
Also, make sure the PR passes their pipeline
| @@ -1,48 +1,48 @@ | |||
| - name: "BarChart" | |||
| version: "0.10.0" | |||
| version: "0.10.1" | |||
There was a problem hiding this comment.
We will need to also upgrade all of those..
* [ignore] use local prom instance for e2e tests Signed-off-by: Augustin Husson <husson.augustin@gmail.com> * remove any reference to prometheus demo Signed-off-by: Augustin Husson <husson.augustin@gmail.com> * putting back the prometheus demo datasource Signed-off-by: Augustin Husson <husson.augustin@gmail.com> --------- Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
The dev dockerfile downloads the plugins, but it doesn't use the download directory as a COPY source. This commit fixes that. Signed-off-by: runiq <hey@runiq.de>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 9.1.0 to 9.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v9.1.0...v9.2.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [BUGFIX] Use nonroot instead of nobody Running a process like Perses -- which does not require privileges -- as `nobody` is strictly better than running as root. The Prometheus Dockerfile does the same [1]. However, the original purpose of the `nobody` user was in the context of NFS [2]: Files that were created by `root` on the NFS client are owned by `nobody` on the NFS server. For that reason, running a process (such as Perses) as `nobody` might be dangerous if the host is also an NFS server: If Perses somehow manages to access an NFS export, it can access all remote files owned by the NFS clients' `root` user [3]. The distroless images, which Perses uses, have a dedicated user for running unprivileged services: The nonroot user. This commit switches to distroless images which have that user as a default. [1]: https://github.com/prometheus/prometheus/blob/f6ca7145ca2ffe8bdd81e373657c740544abc5ac/Dockerfile [2]: https://0xjet.github.io/3OHA/2022/06/01/post.html [3]: https://unix.stackexchange.com/q/9840/55203 Signed-off-by: runiq <hey@runiq.de> * [BUGFIX] Fix file ownership in Dockerfiles Only Perses' working directory and the plugin directory need to be owned by Perses, the rest can be readonly. Signed-off-by: runiq <hey@runiq.de> --------- Signed-off-by: runiq <hey@runiq.de>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr>
Signed-off-by: Seyed Mahmoud SHAHROKNI <seyedmahmoud.shahrokni@amadeus.com>
* [ENHANCEMENT] CUE SDK: allow undefined unit Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> * fix validate-cue.go not returning error Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr> --------- Signed-off-by: Antoine THEBAUD <antoine.thebaud@yahoo.fr>
Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
…onfiguration (perses#3673) Signed-off-by: Augustin Husson <husson.augustin@gmail.com>
vicmiletsky
force-pushed
the
main-logzio-53-beta-3
branch
from
ccb580c to
e89c8d4
Compare
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| && make build-cli | ||
|
|
||
| FROM gcr.io/distroless/static-debian12 | ||
| FROM gcr.io/distroless/static-debian12:nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
| RUN mkdir /plugins | ||
|
|
||
| FROM gcr.io/distroless/static-debian12 | ||
| FROM gcr.io/distroless/static-debian12:nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
| RUN mkdir /plugins | ||
|
|
||
| FROM gcr.io/distroless/static-debian12:debug | ||
| FROM gcr.io/distroless/static-debian12:debug-nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Bumps to v0.53.0-beta.3 with CI upgrades, nonroot images, provider-aware auth/logout and JWT, new bits/throughput units, stabilized query runtime, UI/editor/search improvements, and e2e/dev env additions.
GetProviderInfo, support provider-specific logout redirects; refresh/login flows use encoded state and API prefix; tokens now signed with provider context.Authorizationheader overrides; set viaSecretonly.bits/decbitsanddecbits/sec; mapping updated; add generated CUE files.decbits/sec; dependency bumps (CUE, k8s, oauth2, etc.).staleTime: Infinity; add abort support; trace/profile/log/time-series queries stabilized.LinkEditorForm; refactor LinksEditor; panel/query editors propagateonRunQuery; HTTP settings headings tweaked; remove deprecatedDatasourceSelect.actions/checkout@v6,golangci-lint-action@v9.2.0); CUE v0.15.0.:nonrootvariants; adjust COPY ownership.scripts/validate-cue: usecue vet -cand aggregate failures.0.53.0-beta.3; CHANGELOG updated; CODEOWNERS added; README badges tweaked; Snyk excludes extended.Written by Cursor Bugbot for commit e89c8d4. This will update automatically on new commits. Configure here.