[Snyk] Fix for 1 vulnerabilities

[kevinjm39]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/grafana-toolkit/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: copy-webpack-plugin

The new version differs by 31 commits.

• 64e60c2 chore(release): 6.0.0
• dd9ce50 test: coverage
• 29254e3 feat: implement the `directory` option for the `cacheTransform` option
• bebafcf refactor: code
• e3803ce feat: implement the `noErrorOnMissing` option (Row editing, new panel and other productivity improvements.  grafana/grafana#475)
• 8e5bc1b chore(deps): update (aliasSub + graphite query editor - backslash gets removed grafana/grafana#474)
• 6b85c86 docs: improve (General improvements InfluxDB query editor  grafana/grafana#473)
• 3ef3f25 refactor: drop test option in favor transformPath (Disable drawing all series of a graph in one click (That works on Mac OSX) grafana/grafana#472)
• 045f629 refactor: code (Treat missing values as nulls [InfluxDB] grafana/grafana#471)
• 20c9ae5 docs: import documentation for the `from` option (Add option to hide tags list in annotation popups grafana/grafana#468)
• bfb4f0e docs: improve the description for the `toType` option (Stacked Tooltips Show Cumulative Numbers grafana/grafana#467)
• c0c9fa7 test: transform && transformPath (Update docs to include upgrade info grafana/grafana#470)
• 197b0d8 fix: asset size
• c176d7d feat: concurrency option (adding functions grafana/grafana#466)
• e5e410a refactor: code (Line and area config by metric, on same graph grafana/grafana#465)
• 0be6470 refactor: remove the `ignore` option in favor globOptions.ignore (Changing the format from MiB to MB etc grafana/grafana#463)
• 6b07a63 refactor: code
• 42194f3 refactor: code (keepLastValue has no argument grafana/grafana#459)
• 1e2f3a1 test: refactor (Dashboard: Update url time parameters when changing time range grafana/grafana#458)
• a728675 chore: update globby
• 64b2e1a refactor: remove the global `context` option (Current 'master' does not work with influxdb grafana/grafana#453)
• f6da280 refactor: rename the `cache` option to `cacheTransform` (Logarithmic scale rendering grafana/grafana#452)
• aedd2bd refactor: plugin options (Saving a dashboard as www.example.com breaks dashboard link grafana/grafana#451)
• 383ff9d refactor: 'from' option (Tooltip does not disappear grafana/grafana#450)

See the full diff

Package name: css-loader

The new version differs by 60 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (reports "Dashboard saved" when it could not be saved grafana/grafana#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (InfluxDB alias doesn't support more than 10 segments (0-9) grafana/grafana#1126)
• 791fff3 refactor: named export (How to create elasticsearch index... grafana/grafana#1125)
• 01e8c76 refactor: change function arguments of the `import` option (aliasSub doesn't let me modify the 2nd parameter grafana/grafana#1124)
• c153fe6 refactor: improve schema options ( Input text fields ignore mouse in firefox grafana/grafana#1123)
• 58b4b98 test: unresolved (InfluxDB series alias destroys column value in graph legend  grafana/grafana#1122)
• d2f6bd2 refactor: getLocalIdent function (Annotation does not escape html (markup injection/XSS) grafana/grafana#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (NaN in singlestat when values are null grafana/grafana#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (Theme Light: the 2nd line in the legend always gets a grey background. grafana/grafana#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (timeStack function not available? grafana/grafana#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (Align left or Align center for the title of a Splitstat panel grafana/grafana#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (Play All Saved Dashboards option for Playlist grafana/grafana#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (grafana doesn't handle metrics with '=' in them very well. grafana/grafana#1114)
• 908ecee refactor: `esModule` option is `true` by default (Detailed documentation about Annotation is needed grafana/grafana#1111)
• 7cca035 test: coverange (Using mongoDB as back-end repository grafana/grafana#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader

The new version differs by 9 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update ([Snyk] Security upgrade mysql from latest to 8.4.0-oraclelinux9 #369)
• e1fe27c docs: update README.md ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #368)
• c2aded7 chore(release): 5.1.0
• cd8698b feat: support the `query` template for the `name` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.26-alpine #366)
• 5703c58 chore(deps): update ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.26-alpine #365)
• 521bff2 chore: remove duplicate prettier config file ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #357)
• 5ffac2e refactor: added description on esModule ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #358)
• 190829e docs: fix the description of the `esModule` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #348)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.1-alpine #265)
• 8c73761 feat: `preprocessor` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #260)
• 9835bde feat: supports `link:href` attribute for css ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1-alpine #258)
• 7af2eff refactor: improve schema ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1-alpine #257)
• 98412f9 docs: `filter` sources ([Snyk] Security upgrade optimize-css-assets-webpack-plugin from 5.0.8 to 6.0.0 #256)
• ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Security upgrade optimize-css-assets-webpack-plugin from 5.0.4 to 5.0.5 #255)
• 1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Security upgrade yaml from 1.10.2 to 2.2.2 #254)
• 888b8fe docs: add footnote for `-attributes` ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade yaml from 1.10.2 to 2.2.2 #253)
• 9e5ce56 perf: improve source parse ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #251)
• c9c8dad refactor: improve source parse ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.23.2-alpine #244)
• 24b0427 fix: parser tags and attributes according spec ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.23.2-alpine #243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 74fae99 chore(release): 5.0.0
• 94a20df chore: update to webpack 5.20.0
• c5c8212 feat: add meta attribute for html tags
• d0ab774 feat: provide public path to the alterAssetTagGroups hook
• 5200ae6 feat: provide public path to the alterAssetTags hook
• ccbe93a chore: update examples to latest webpack version
• 33cbd59 fix: generate html files even if no webpack entry exists
• 826739f feat: allow to use the latest loader-utils and tapable version
• 81d7b2c feat: add typings for options and version
• 8d34b81 fix: use correct casing for webpack type import
• 36f9aca chore: upgrade dev dependencies
• 1755962 chore: fix css-loader for unit testing
• a79ab17 chore: drop support for appcache-webpack-plugin as it is not compatible to webpack 5
• 7c3146d feat: allow to set publicPath to empty string ’’
• b109213 docs: update installation instructions for webpack 4
• 833b46b fix: inject javascripts in the <head> tag for inject:true and scriptLoading:'defer'
• 13af0fb feat: add full support for public paths inside templates
• fd5fe58 refactor: move the publicPath generation into a seperate function
• 60a6ef8 test: add test for experiments: { outputModule: true }
• a43ab72 feat: overrule module output
• 10a0c5e fix: adjust tests as webpack 5 will no longer emit files for builds with errors
• 2975a6a feat: process html during the processAssets stage PROCESS_ASSETS_STAGE_OPTIMIZE_INLINE
• 0f9c239 fix: add support for publicPath: 'auto' in combination with type: 'asset/resource'
• ab8b195 fix: support loaders like raw-loader

See the full diff

Package name: less-loader

The new version differs by 30 commits.

• 73740a8 chore(release): 6.0.0
• 4579dfb refactor: code ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #349)
• 1aff534 refactor: code
• 3931470 feat: `paths` now works with webpack resolver
• cecf183 test: appendData prependData, when they are string ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.4-alpine #345)
• a1cf249 refactor: moving processResult in index ([Snyk] Security upgrade @types/puppeteer-core from 1.9.0 to 7.0.4 #344)
• bffbc5e refactor: import from scoped npm packages ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.2-alpine #343)
• b04cb0d test: import through plugin ([Snyk] Security upgrade golang from latest to 1.22rc2-bookworm #341)
• 221714b test: import nested ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #342)
• 443bd5a refactor: first resolve filename in less, then in webpack ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.2-alpine #340)
• 82cb6a7 chore(deps): update
• d7590b5 refactor: deleting a mention about less2 ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #337)
• fb94605 feat: added the `appendData` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #336)
• 24021cd fix: import alias without tilde ([Snyk] Fix for 1 vulnerabilities #335)
• 4604f20 test: import files hosted remotely ([Snyk] Security upgrade axios from 0.21.1 to 1.6.4 #334)
• 8e020e9 fix: import files hosted remotely ([Snyk] Security upgrade axios from 0.21.1 to 1.6.3 #333)
• cfeccd5 chore: drop less@2 ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.2-alpine #331)
• 4f894bc test: fixes ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.25.2-alpine #330)
• 9df8755 feat: allow data to be prepended via `options.prependData` ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #327)
• ce03da9 docs: add example for `lessOptions` using a function ([Snyk] Security upgrade mysql from latest to 8-oraclelinux8 #326)
• a6be94a feat: allow a function to be used for `lessOptions` ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #325)
• cdb611f chore: update README with examples, change lessOptions to only allow objects ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #324)
• 6fc1392 chore: remove `pify` in favour of `util.promisify` ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.24-alpine #323)
• fed50ba chore: remove sync check ([Snyk] Security upgrade jest from 26.6.3 to 28.0.0 #322)

See the full diff

Package name: mini-css-extract-plugin

The new version differs by 51 commits.

• 315bbac chore(release): 1.0.0
• 2a3b4a8 refactor: next
• b935f26 chore(release): 0.12.0
• bc0ca2c test: improve (Support for more conditions in the where clause in queries grafana/grafana#601)
• 5fafdf8 feat opt-in to transitive only side effects (webpack@5) (Label for right Y Axis grafana/grafana#599)
• ef4bd79 test: empty chunk
• 0494230 chore(release): 0.11.3
• 6e09a51 fix: better support for webpack 5 (number in hover is not what one expects grafana/grafana#595)
• bb09d75 chore(release): 0.11.2
• e4ddf29 test: cache (alerting with grafana grafana/grafana#588)
• 6a27b30 fix: cache for webpack@5
• 1565706 chore(release): 0.11.1
• 3a61586 test: cache (Allow to display row title even when the row is visible grafana/grafana#583)
• d09693e feat: added cache serializer for webpack@5 (Add continuous query in series results. grafana/grafana#581)
• 84933cc refactor: code
• 265fc59 fix: broken release
• 4220c4f chore(release): 0.11.0
• 41e9eb7 refactor: code (Permalinks to individual graphs grafana/grafana#576)
• 1ea4b7f feat: named export
• ff4bfbe fix: compatibility with webpack@5
• ca8c327 chore: update deps
• 21832c7 fix: compatibility with webpack@5 (dashboard + filter set to single values + influxdb breaks query grafana/grafana#571)
• 25b0ecd test: add some es-modules concatenation cases (multiple metrics show the same legend name grafana/grafana#566)
• e6e07bb build(deps-dev): bump standard-version from 7.1.0 to 8.0.1 (Grafana renders wrong series data based on the enabled series grafana/grafana#547)

See the full diff

Package name: postcss-loader

The new version differs by 39 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Update docs to include upgrade info grafana/grafana#470)
• 77449e1 test: union (Made axis label for flot graphs configurable. grafana/grafana#469)
• 9b75888 feat: reuse AST from other loaders (Add option to hide tags list in annotation popups grafana/grafana#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (Stacked Tooltips Show Cumulative Numbers grafana/grafana#467)
• 225b2e5 refactor: do not validate `postcss` options (adding functions grafana/grafana#466)
• 3d32c35 fix: `default` export for plugins (Line and area config by metric, on same graph grafana/grafana#465)
• 38ebe08 refactor: `execute` option (Shortening the metric names in the legend? grafana/grafana#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (current value legend empty when value is 0.00 grafana/grafana#460)
• 475278c chore: move `postcss` to `peerDependencies` (keepLastValue has no argument grafana/grafana#459)
• 98441ff fix: respect the `map` option and source maps (Dashboard: Update url time parameters when changing time range grafana/grafana#458)
• ba88040 refactor: do not pass meta from other loaders (Grafana discussion group/forum grafana/grafana#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Add URL hashing balancing grafana/grafana#454)
• d8d84f7 refactor: code (Current 'master' does not work with influxdb grafana/grafana#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (Saving a dashboard as www.example.com breaks dashboard link grafana/grafana#451)
• 60e4f12 docs: addDependency ([Snyk] Security upgrade mysql from latest to 9.2.0-oraclelinux9 #448)

See the full diff

Package name: sass-loader

The new version differs by 35 commits.

• 45bd865 chore(release): 9.0.0
• 0629915 refactor: code before release
• c11478d test: ambiguous imports (When editing Display Style for a graph you cannot scroll. grafana/grafana#855)
• 73009fd docs: yarn pnp + using `dart-sass` by default (I want to use template variables to affect display styles, display styles overrides and/or metric visibility grafana/grafana#854)
• d487683 feat: pass the loader context to custom importers under `this.webpackLoaderContext` property (Graphite import dashboard modal doesn't scroll grafana/grafana#853)
• b3ffd5b test: resolution logic (1.8.0 Light Theme: Very low contrast in toggling annotations or individual metrics grafana/grafana#852)
• 3abe3f5 fix: resolution logic
• 20b7a11 docs: fix link for prependData (Bad reordering of series when displayed as stacked after hide/unhide some of them. grafana/grafana#847)
• 006c02e refactor: code
• 2a18d5b ci: node@14 (Hide / Show (series) buttons are not saved grafana/grafana#842)
• 17832fd fix: resolution for `file` scheme
• 744112d fix: perf (Variables don't get updated after an import grafana/grafana#840)
• aeb86f0 fix: resolution logic (Cannot save dashboard to ES grafana/grafana#839)
• 7380b7b fix: resolution logic (Grafana without Elasticsearch grafana/grafana#838)
• 0c8d3b3 feat: support `process.cwd()` resolution (Init editable setting when loading dashboard grafana/grafana#837)
• 8376179 feat: support SASS-PATH env variable (Hide open dashboard view when clicking it again grafana/grafana#836)
• ddeff88 test: refactor (Rendering with more than one graph on dashboard does not look right grafana/grafana#835)
• 24c852a docs: options table (There are no dependencies? grafana/grafana#834)
• f892eba refactor: code (1.8.0-rc1 default install issue (TypeError) grafana/grafana#833)
• 68dd278 fix: avoid different content on different os (Upper and lower thresholds grafana/grafana#832)
• 1655baf fix: resolution logic (Config.js spelling grafana/grafana#831)
• fe3b33b fix: resolution logic (Fix Graphana not able to use fields from nested objects with annotations pulled from Elasticsearch grafana/grafana#830)
• 41e0e45 test: foundation-sites (Annotations from Elasticsearch/Logstash cannot use fields whose name include a dot like 'fields.foo' grafana/grafana#829)
• a3dec34 chore: minimum supported Nodejs version is `10.13` (grafana deletes dashboard from elasticsearch just after save grafana/grafana#828)

See the full diff

Package name: style-loader

The new version differs by 3 commits.

• 171a747 chore(release): 1.1.4
• af1b4a9 chore(deps): update
• a003f05 docs: add links for the options table (current value legend empty when value is 0.00 grafana/grafana#460)

See the full diff

Package name: ts-loader

The new version differs by 56 commits.

• 268bc69 chore(deps): upgrade most production deps (Added dashboard and panel descriptions grafana/grafana#1237)
• e160564 Add a cache to file path mapping (Tooltip units incorrect when using stacked, percentage graphs grafana/grafana#1228)
• 14fa3f8 Add documentation about performance profiling (grafana returns stars when empty metric directory grafana/grafana#1230)
• 3cc78b8 Fix typo in README.md (Dynamic dashboards grafana/grafana#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (What does InfluxDB datasource.listSeries() return? grafana/grafana#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (Assistance in writing an custom module grafana/grafana#1217)
• 172ebeb Feature/typescript 4 1 (Can't select text in legend grafana/grafana#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (add option to open drill down link in new tab grafana/grafana#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 (allow manual refresh even with auto-refresh enabled grafana/grafana#1208)
• 3f73e98 Fix failed builds when using thread-loader (movingAverage / movingMedian parameter type grafana/grafana#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (fix #1204: add separate datasource parameter withCredentials grafana/grafana#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (Ability to specify date in Elasticsearch index name grafana/grafana#1202)
• f99c7c4 doc: escape pipe in table (reusing search widget? grafana/grafana#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (Should be able to set time correction default (and override) in config grafana/grafana#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. (Panel with just table, no graph grafana/grafana#1195)
• cafc933 Fix installation link on README.md (singlestats background color is not changing grafana/grafana#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (how to you put avg, max, min etc next to legends grafana/grafana#1182)
• 0767bce add github action status badge (Table series sortable by name grafana/grafana#1190)
• db5ea55 Feature/upgrade testpack to ts4 (Sorted all series value tooltip grafana/grafana#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution (Enhancement: Limit Tags by Metric grafana/grafana#1177)
• b38678a Update minimum compiler version to 3.6.3 (Wrong all series tooltip values grafana/grafana#1188)
• f8eba53 Add documentation and example code for projectReferences (Feature request: Some button to export graphs to image formats, PDF grafana/grafana#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references ("All Series" Tooltip with "Percent" for Multi Series grafana/grafana#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. (Adding queries for custom datasources not possible grafana/grafana#1170)

See the full diff

Package name: url-loader

The new version differs by 6 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (Bump actions/cache from 2.1.5 to 3.2.0 #209)
• f13757a chore(deps): update ([Snyk] Security upgrade node from 12.19.0-buster-slim to 12-buster-slim #208)
• a2f127d fix: description on the `esModule` option ([Snyk] Security upgrade nginx from 1.19.3-alpine to mainline-alpine #204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next ([Snyk] Security upgrade nginx from 1.19.3-alpine to 1.23.2-alpine #198)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request Add version sort for variables grafana/grafana#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request [Feature request] Focus to the row with the same timestamp on a table when hovering on a data point on a graph grafana/grafana#11603 from MayaWolf/master
• 76e8cbd Merge pull request Revert "removes codecov from frontend tests" grafana/grafana#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request Alerting(RED) line should only there in grafana's graph. There should not be OK alert(GREEN line) grafana/grafana#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request Addressing dashboards by uid: Request for raising the maximum length of 40 characters grafana/grafana#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request MSSQL: Improve $__timeFilter macro grafana/grafana#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Unable to save playlist, Permission Denied grafana/grafana#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request Elasticsearch and InfluxDB docs for group by time interval option grafana/grafana#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request add codespell to CircleCI grafana/grafana#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Duplicating panels shifts existing panels in unexpected ways grafana/grafana#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request Make temp file time to live configurable grafana/grafana#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution