Skip to content

[release-11.6.7] URLParams: Stringify true values as key=true always (fixes issues with variables with true value) #112045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 6, 2025
Merged

[release-11.6.7] URLParams: Stringify true values as key=true always (fixes issues with variables with true value) #112045

merged 3 commits into from
Oct 6, 2025
+23 −22

Conversation

@oscarkilhed
Copy link
Contributor

@oscarkilhed oscarkilhed commented Oct 6, 2025

Backport 1564e1b from #106440

Restore some of the changes from #97346 (some made no sense), and fix the issues that the changes caused

Fixes #97290
Fixes #106366

@torkelo @oscarkilhed
URLParams: Stringify true values as key=true always (fixes issues wit…
b07709e 
…h variables with true value) (#106440)

* Restore prev fix

* added one more test

* Fix linkUrl issue

(cherry picked from commit 1564e1b)
@oscarkilhed oscarkilhed requested review from a team as code owners October 6, 2025 09:05
@oscarkilhed oscarkilhed requested review from evictorero and juanicabanas and removed request for a team October 6, 2025 09:05
@oscarkilhed oscarkilhed added the backport A backport PR label Oct 6, 2025
@oscarkilhed oscarkilhed requested review from eledobleefe, grafakus, harisrozajac, joshhunt and oshirohugo and removed request for a team October 6, 2025 09:05
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link
Contributor

github-actions bot commented Oct 6, 2025

😢 zizmor failed with exit code 14.

Expand for full output 
error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/backend-code-checks.yml:32:9
   |
 3 | / on:
 4 | |   pull_request:
 5 | |     paths-ignore:
 6 | |       - '*.md'
...  |
15 | |       - 'docs/**'
16 | |       - 'latest.json'
   | |_____________________- generally used when publishing artifacts generated at runtime
...
32 | /         with:
33 | |           # Explicitly set Go version to 1.24.1 to ensure consistent OpenAPI spec generation
34 | |           # The crypto/x509 package has additional fields in Go 1.24.1 that affect the generated specs
35 | |           # This ensures the GHAs environment matches what we use in the Drone pipeline
36 | |           go-version: 1.24.1
37 | |           cache: true
   | |_____________________^ opt-in for caching here
   |
   = note: audit confidence → Low
   = note: this finding has an auto-fix

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/go-lint.yml:23:9
   |
 2 | / on:
 3 | |   push:
 4 | |     paths:
 5 | |       - pkg/**
...  |
10 | |       - release-*.*.*
11 | |   pull_request:
   | |_______________- generally used when publishing artifacts generated at runtime
...
23 |         - uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low
   = note: this finding has an auto-fix

error[bot-conditions]: spoofable bot actor check
  --> ./.github/workflows/pr-dependabot-update-go-workspace.yml:20:13
   |
18 | /   update:
19 | |     runs-on: "ubuntu-latest"
20 | |     if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository }}
   | |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actor context may be spoofable
21 | |     continue-on-error: true
...  |
68 | |           git push origin "$BRANCH_NAME"
69 | |         fi
   | |___________- this job
   |
   = note: audit confidence → Medium
   = note: this finding has an auto-fix

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:26:9
   |
 3 | / on:
 4 | |   push:
 5 | |     branches:
 6 | |       - main
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________- generally used when publishing artifacts generated at runtime
...
26 |           uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low
   = note: this finding has an auto-fix

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:31:9
   |
 3 | / on:
 4 | |   push:
 5 | |     branches:
 6 | |       - main
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________- generally used when publishing artifacts generated at runtime
...
31 | /         with:
32 | |           node-version-file: '.nvmrc'
33 | |           cache: 'yarn'
   | |_______________________^ opt-in for caching here
   |
   = note: audit confidence → Low

262 findings (65 ignored, 192 suppressed, 4 fixable): 0 informational, 0 low, 0 medium, 5 high

@oscarkilhed oscarkilhed merged commit c2410c1 into release-11.6.7 Oct 6, 2025
82 of 86 checks passed
@oscarkilhed oscarkilhed deleted the backport-106440-to-release-11.6.7 branch October 6, 2025 10:58
@grafana-delivery-bot
Copy link
Contributor

grafana-delivery-bot bot commented Oct 6, 2025

🚀 Your submission is now being built and packaged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ivanortegaalba ivanortegaalba ivanortegaalba approved these changes

@juanicabanas juanicabanas Awaiting requested review from juanicabanas juanicabanas is a code owner automatically assigned from grafana/sharing-squad

@evictorero evictorero Awaiting requested review from evictorero evictorero is a code owner automatically assigned from grafana/sharing-squad

@harisrozajac harisrozajac Awaiting requested review from harisrozajac harisrozajac is a code owner automatically assigned from grafana/dashboards-squad

@grafakus grafakus Awaiting requested review from grafakus grafakus is a code owner automatically assigned from grafana/dashboards-squad

@joshhunt joshhunt Awaiting requested review from joshhunt joshhunt is a code owner automatically assigned from grafana/grafana-frontend-platform

@eledobleefe eledobleefe Awaiting requested review from eledobleefe eledobleefe is a code owner automatically assigned from grafana/grafana-frontend-platform

@oshirohugo oshirohugo Awaiting requested review from oshirohugo oshirohugo is a code owner automatically assigned from grafana/plugins-platform-frontend

Assignees

No one assigned

Labels

add to changelog area/frontend backport A backport PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@oscarkilhed @ivanortegaalba @torkelo