Update Perses v0.53.0-beta.3 #49
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
merge branch `main` into `release/v0.52`
Release v0.52.0-beta.2
* Release v0.52.0-beta.0 (perses#3121) Signed-off-by: Augustin Husson <[email protected]> * Release v0.52.0-beta.1 (perses#3155) Signed-off-by: Augustin Husson <[email protected]> * Merge pull request perses#3170 from perses/nexucis/release Release v0.52.0-beta.2 --------- Signed-off-by: Augustin Husson <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ed files (perses#3179) Signed-off-by: Gabriel Bernal <[email protected]>
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.26.0 to 0.27.0. - [Commits](golang/mod@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.27.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps cuelang.org/go from 0.14.0 to 0.14.1. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-version: 0.14.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
Bumps [github.com/perses/plugins/prometheus](https://github.com/perses/plugins) from 0.51.0 to 0.52.1. - [Release notes](https://github.com/perses/plugins/releases) - [Changelog](https://github.com/perses/plugins/blob/main/RELEASE.md) - [Commits](perses/plugins@tempo/v0.51.0...tempo/v0.52.1) --- updated-dependencies: - dependency-name: github.com/perses/plugins/prometheus dependency-version: 0.52.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ses#3194) Signed-off-by: Augustin Husson <[email protected]>
Bumps the k8s-io group with 2 updates in the / directory: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.33.3 to 0.33.4 - [Commits](kubernetes/api@v0.33.3...v0.33.4) Updates `k8s.io/apimachinery` from 0.33.3 to 0.33.4 - [Commits](kubernetes/apimachinery@v0.33.3...v0.33.4) Updates `k8s.io/client-go` from 0.33.3 to 0.33.4 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.33.3...v0.33.4) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-version: 0.33.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/perses/plugins/prometheus](https://github.com/perses/plugins) from 0.51.0 to 0.52.1. - [Release notes](https://github.com/perses/plugins/releases) - [Changelog](https://github.com/perses/plugins/blob/main/RELEASE.md) - [Commits](perses/plugins@tempo/v0.51.0...tempo/v0.52.1) --- updated-dependencies: - dependency-name: github.com/perses/plugins/prometheus dependency-version: 0.52.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s#3192) Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
…#3206) Signed-off-by: Augustin Husson <[email protected]>
This component is useful for panel plugins which add custom panel actions. Signed-off-by: Andreas Gerstmayr <[email protected]>
…modified (perses#3190) * [ENHANCEMENT] CLI/PLUGIN: schema files are watched and reloaded when modified Signed-off-by: Augustin Husson <[email protected]> * fix endpoint & mutex usage Signed-off-by: Augustin Husson <[email protected]> --------- Signed-off-by: Augustin Husson <[email protected]>
Log a warning instead of throwing an exception if <RouterProvider> is not present. Signed-off-by: Andreas Gerstmayr <[email protected]>
perses#3163) * Add LogQuery support and related data structures and queries Signed-off-by: Alexander Belyakin <[email protected]> * fix test to suppor log queries Signed-off-by: Alexander Belyakin <[email protected]> * Update ui/core/src/model/log-data.ts Co-authored-by: Gabriel Bernal <[email protected]> Signed-off-by: Alexander Belyakin <[email protected]> * Remove LogStream interface from log-data Signed-off-by: Alexander Belyakin <[email protected]> --------- Signed-off-by: Alexander Belyakin <[email protected]> Co-authored-by: Gabriel Bernal <[email protected]>
Signed-off-by: Andreas Gerstmayr <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
…erses#3217) * Allow direct datasource queries without trailing path Signed-off-by: RokibulHasan7 <[email protected]> * Fix test Signed-off-by: RokibulHasan7 <[email protected]> --------- Signed-off-by: RokibulHasan7 <[email protected]>
* [IGNORE] Remove plugin-specific migration tests Signed-off-by: Antoine THEBAUD <[email protected]> * fix e2e test Signed-off-by: Antoine THEBAUD <[email protected]> * fix percli test Signed-off-by: Antoine THEBAUD <[email protected]> * misc Signed-off-by: Antoine THEBAUD <[email protected]> --------- Signed-off-by: Antoine THEBAUD <[email protected]>
… Plugins (perses#3203) Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
* [IGNORE] update CODEOWNERS Signed-off-by: Antoine THEBAUD <[email protected]> * update following reviews Signed-off-by: Antoine THEBAUD <[email protected]> --------- Signed-off-by: Antoine THEBAUD <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
…gh (perses#3618) * [BUGFIX] Ensure that oauth state in case of oauth / oidc is long enough Signed-off-by: Celian GARCIA <[email protected]> Co-authored-by: Augustin Husson <[email protected]> Signed-off-by: Celian GARCIA <[email protected]> * use string formater Signed-off-by: Augustin Husson <[email protected]> --------- Signed-off-by: Celian GARCIA <[email protected]> Signed-off-by: Augustin Husson <[email protected]> Co-authored-by: Augustin Husson <[email protected]>
…tant project config (perses#3644) Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
* [FEATURE] Implement OIDC RP initiated logout Signed-off-by: Celian GARCIA <[email protected]> * [DOC] Azure AD -> Entra ID and add logout diclaimer Signed-off-by: Celian GARCIA <[email protected]> --------- Signed-off-by: Celian GARCIA <[email protected]>
Signed-off-by: Celian GARCIA <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
… state for oauth/oidc (perses#3652) Signed-off-by: Celian GARCIA <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| string(HoursUnit), string(DaysUnit), string(WeeksUnit), string(MonthsUnit), | ||
| string(YearsUnit), string(PercentUnit), string(PercentDecimalUnit), DecimalUnit, string(BinaryBytesUnit), string(DecimalBytesUnit), | ||
| string(BitsPerSecondsUnit), string(BytesPerSecondsUnit), string(BytesDecPerSecondsUnit), string(CountsPerSecondsUnit), string(EventsPerSecondsUnit), | ||
| string(BitsPerSecondsUnit), string(BitsDecPerSecondsUnit), string(BytesPerSecondsUnit), string(BytesDecPerSecondsUnit), string(CountsPerSecondsUnit), string(EventsPerSecondsUnit), |
There was a problem hiding this comment.
Bug: New bits format units missing from validation switch
The newly added BinaryBitsUnit ("bits") and DecimalBitsUnit ("decbits") constants are defined but not included in the validate() function's switch case. When users attempt to use these new format units, validation will incorrectly fail with "unknown format" error even though the units are valid and defined in the constants. The BitsDecPerSecondsUnit throughput unit was added to validation, but the corresponding bits format units were overlooked.
| if err != nil { | ||
| logrus.WithError(err).Error("Failed to parse end session endpoint") | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
Bug: Missing check for empty OIDC end session endpoint
When provider.Logout.Enabled is true but the OIDC provider doesn't expose an end_session_endpoint in its discovery document, rp.GetEndSessionEndpoint() returns an empty string. The call to url.Parse("") succeeds without error, causing the handler to be created. At logout time, this results in a redirect to a URL like ?post_logout_redirect_uri=... without a host or scheme, causing unexpected behavior. There's no validation that the endpoint URL is non-empty before creating the logout handler.
OrReuben
approved these changes
Dec 4, 2025
OrReuben
left a comment
OrReuben
left a comment
There was a problem hiding this comment.
LGTM, in Gaia Hermes repo please also update all of the plugins from their versions on the file I commented on.
Also, make sure the PR passes their pipeline
| @@ -1,48 +1,48 @@ | |||
| - name: "BarChart" | |||
| version: "0.10.0" | |||
| version: "0.10.1" | |||
There was a problem hiding this comment.
We will need to also upgrade all of those..
* [ignore] use local prom instance for e2e tests Signed-off-by: Augustin Husson <[email protected]> * remove any reference to prometheus demo Signed-off-by: Augustin Husson <[email protected]> * putting back the prometheus demo datasource Signed-off-by: Augustin Husson <[email protected]> --------- Signed-off-by: Augustin Husson <[email protected]>
The dev dockerfile downloads the plugins, but it doesn't use the download directory as a COPY source. This commit fixes that. Signed-off-by: runiq <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 9.1.0 to 9.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v9.1.0...v9.2.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [BUGFIX] Use nonroot instead of nobody Running a process like Perses -- which does not require privileges -- as `nobody` is strictly better than running as root. The Prometheus Dockerfile does the same [1]. However, the original purpose of the `nobody` user was in the context of NFS [2]: Files that were created by `root` on the NFS client are owned by `nobody` on the NFS server. For that reason, running a process (such as Perses) as `nobody` might be dangerous if the host is also an NFS server: If Perses somehow manages to access an NFS export, it can access all remote files owned by the NFS clients' `root` user [3]. The distroless images, which Perses uses, have a dedicated user for running unprivileged services: The nonroot user. This commit switches to distroless images which have that user as a default. [1]: https://github.com/prometheus/prometheus/blob/f6ca7145ca2ffe8bdd81e373657c740544abc5ac/Dockerfile [2]: https://0xjet.github.io/3OHA/2022/06/01/post.html [3]: https://unix.stackexchange.com/q/9840/55203 Signed-off-by: runiq <[email protected]> * [BUGFIX] Fix file ownership in Dockerfiles Only Perses' working directory and the plugin directory need to be owned by Perses, the rest can be readonly. Signed-off-by: runiq <[email protected]> --------- Signed-off-by: runiq <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
Signed-off-by: Antoine THEBAUD <[email protected]>
Signed-off-by: Seyed Mahmoud SHAHROKNI <[email protected]>
* [ENHANCEMENT] CUE SDK: allow undefined unit Signed-off-by: Antoine THEBAUD <[email protected]> * fix validate-cue.go not returning error Signed-off-by: Antoine THEBAUD <[email protected]> --------- Signed-off-by: Antoine THEBAUD <[email protected]>
Signed-off-by: Augustin Husson <[email protected]>
…onfiguration (perses#3673) Signed-off-by: Augustin Husson <[email protected]>
vicmiletsky
force-pushed
the
main-logzio-53-beta-3
branch
from
ccb580c to
e89c8d4
Compare
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| && make build-cli | ||
|
|
||
| FROM gcr.io/distroless/static-debian12 | ||
| FROM gcr.io/distroless/static-debian12:nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
| RUN mkdir /plugins | ||
|
|
||
| FROM gcr.io/distroless/static-debian12 | ||
| FROM gcr.io/distroless/static-debian12:nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
| RUN mkdir /plugins | ||
|
|
||
| FROM gcr.io/distroless/static-debian12:debug | ||
| FROM gcr.io/distroless/static-debian12:debug-nonroot |
There was a problem hiding this comment.
❗Cycode: Infrastructure configuration issue: 'Specific user should be defined'.
Severity: High
Description
The image will run as root unless a lesser privileged user is defined
Cycode Remediation Guideline
Ensure that at least one USER instruction is defined before or in any none 'FROM scratch' build stage)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
Bumps to v0.53.0-beta.3 with CI upgrades, nonroot images, provider-aware auth/logout and JWT, new bits/throughput units, stabilized query runtime, UI/editor/search improvements, and e2e/dev env additions.
GetProviderInfo, support provider-specific logout redirects; refresh/login flows use encoded state and API prefix; tokens now signed with provider context.Authorizationheader overrides; set viaSecretonly.bits/decbitsanddecbits/sec; mapping updated; add generated CUE files.decbits/sec; dependency bumps (CUE, k8s, oauth2, etc.).staleTime: Infinity; add abort support; trace/profile/log/time-series queries stabilized.LinkEditorForm; refactor LinksEditor; panel/query editors propagateonRunQuery; HTTP settings headings tweaked; remove deprecatedDatasourceSelect.actions/checkout@v6,[email protected]); CUE v0.15.0.:nonrootvariants; adjust COPY ownership.scripts/validate-cue: usecue vet -cand aggregate failures.0.53.0-beta.3; CHANGELOG updated; CODEOWNERS added; README badges tweaked; Snyk excludes extended.Written by Cursor Bugbot for commit e89c8d4. This will update automatically on new commits. Configure here.