chore(deps): update grafana

[renovate]

This PR contains the following updates:

Package	Update	Change
docker.io/curlimages/curl	minor	8.16.0 -> 8.17.0
docker.io/grafana/grafana	minor	12.2.1 -> 12.3.0
ghcr.io/kiwigrid/k8s-sidecar	major	1.30.10 -> 2.1.4
grafana (source)	minor	10.1.2 -> 10.3.0
quay.io/rfcurated/curl	minor	8.16.0-jammy-scratch-fips-rfcurated -> 8.17.0-jammy-scratch-fips-rfcurated
quay.io/rfcurated/grafana	minor	12.2.1-jammy-scratch-fips-rfcurated -> 12.3.0-jammy-scratch-fips-rfcurated
registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar (source)	patch	1.30.10 -> 1.30.11
registry1.dso.mil/ironbank/opensource/grafana/grafana (source)	minor	12.2.1 -> 12.3.0
registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal (source)	minor	9.6 -> 9.7

---

Release Notes

curl/curl-container (docker.io/curlimages/curl)

v8.17.0

Changed

• bump to curl 8.17.0
• bump to alpine 3.22.2

grafana/grafana (docker.io/grafana/grafana)

v12.3.0

Compare Source

Features and enhancements

• API Clients: Add lazy hooks to clients #​113226, @​tomratcliffe
• API clients: Automatically set PATCH headers #​111879, @​Clarity-89
• API clients: Extract into a package #​111810, @​Clarity-89
• API clients: Extract into a package (Enterprise)
• API clients: Update API clients to include all endpoints & add hooks #​113061, @​tomratcliffe
• AccessControl: Include hidden roles in service account role display #​112924, @​Jguer
• AccessControl: Increase limit of LBAC for Datasources rules #​111560, @​Jguer
• Accessibility: Wrap data source info onto 2 lines at small viewports #​113033, @​ashharrison90
• Alert Enrichment: Add mutator to insert rule UID labels to allow for efficient use of labelSelector (Enterprise)
• Alerting: Add enrichment components to rule view page (Enterprise)
• Alerting: Add enrichment section to rule view page (Enterprise)
• Alerting: Add jitter support for periodic alert state storage to reduce database load spikes #​111357, @​softho0n
• Alerting: Add position-based matching for identical alert rules #​112407, @​konrad147
• Alerting: Create alertingAlertRuleFormSchema in restrictedGrafanaApis #​112794, @​soniaAguilarPeiron
• Alerting: Display error message in central state history view #​111445, @​laurenashleigh
• Alerting: Enrichment per rule wip-2 (Enterprise)
• Alerting: Hide metadata if grouping by folder #​113216, @​laurenashleigh
• Alerting: Improve template ai helper prompt and add some examples (Enterprise)
• Alerting: Move enrichment tab between details and versions #​110886, @​laurenashleigh
• Alerting: Remove ai feedback button from alert form #​112713, @​soniaAguilarPeiron
• Alerting: Remove unused components #​111320, @​laurenashleigh
• Alerting: Remove useRulesSourcesWithRuler for SmartAlertTypeDetector #​111623, @​soniaAguilarPeiron
• Alerting: Surface remote AM silence creation errors properly #​112757, @​moustafab
• Alerting: Triage #​110339, @​gillesdemey
• Alerting: Triage rule details drawer #​112055, @​konrad147
• Alerting: Update prompt examples for template AI Helper (Enterprise)
• Alerting: Update width to instance details drawer in Triage page #​113209, @​soniaAguilarPeiron
• Alerting: Use new enrichment endpoints in FE (Enterprise)
• Alerting: Use ruleUid as a prop instead of extracting it from the rule context (Enterprise)
• Analytics: Aggregate daily summary in datasources analytics (Enterprise)
• Analytics: Apply proper batching to Loki exports and add configurable settings (Enterprise)
• Annotations: Exclude internal dashboard id when saved via UID #​111535, @​ryantxu
• Azure: Use SSO settings in plugin context #​112058, @​aangelisc
• Buttons: Active style for buttons #​111235, @​gtk-grafana
• Caching: Disable cache if datasource has oauthPassThru=true (Enterprise)
• Canvas: Allow non-icon bg image fields #​112308, @​fastfrwrd
• Chore: Add logsdrilldown replace to apps/iam/go.mod #​112581, @​njvrzm
• CloudWatch Logs: Don't add console link to every field in the logs response #​112230, @​idastambuk
• CloudWatch Logs: Support Log Anomalies query type #​113067, @​idastambuk
• CloudWatch: Add syntax highlighting and autocomplete for logs diff command #​111207, @​kevinwcyu
• CloudWatch: Add tracking for logs anomalies #​113181, @​idastambuk
• Dashboard Controls: Add annotations to the dashboard controls menu #​112816, @​leventebalogh
• Dashboard Picker: Update to use correct search + dashboards APIs #​112341, @​tomratcliffe
• Dashboard: Backend always set metricEditorMode: 0 regardless metricQueryType and expression #​111613, @​ivanortegaalba
• Dashboards: Add a new variable type called "Switch" #​111366, @​leventebalogh
• Dashboards: Hide error notifications in kiosk mode on dashboards #​112390, @​ivanortegaalba
• Dynamic Dashboards: Expand dashboards_init_dashboard_completed tracking info #​111102, @​idastambuk
• ErrorBoundary: Report specific boundary type to Faro #​112071, @​tskarhed
• Explore: Use compact mode only when targeting Tempo #​113037, @​ifrost
• FeatureToggles: Remove deprecated experimental apiserver #​111617, @​ryantxu
• Fields Selector: Add component and integrate with Logs and Logs table visualization #​112534, @​matyax
• Flame Graph: Anchor exact match when clicking a table symbol in search #​111101, @​samarthbagga-meesho
• FlameGraph: Improve prompt for open assistant to analyze flamegraph #​113071, @​simonswine
• FolderPicker: Don't show expand button for empty folders and move search icon #​111872, @​aocenas
• FolderPicker: Show parent folder when searching #​111026, @​aocenas
• Geomap: Add a MapLibre style base layer #​109841, @​remogeissbuehler
• Geomap: Move beta layers to GA #​113186, @​drew08t
• Go: Update to 1.25.2 + golangci-lint v2.5.0 + golang.org/x/net v0.45.0 #​112149, @​macabu
• Go: Update to 1.25.3 #​112359, @​macabu
• Grafana Advisor: Prometheus Type Migration check #​110853, @​bossinc
• Grafana Data Source: Add random walk configuration options #​113009, @​nmarrs
• IAM: Add uid column in team_member DB table #​112439, @​dmihai
• Jaeger: Migrate API calls to gRPC endpoint #​113297, @​jcolladokuri
• LBAC for data sources: Provide user feedback of potential performance loss from LBAC rules (Enterprise)
• Library Panels: Remove direct use of legacy search #​112231, @​tomratcliffe
• Logs panel: Respect selected fields for downloading logs #​111753, @​matyax
• Nav: Render menu items as p tags so truncation logic can work #​113248, @​tomratcliffe
• Navigation: Move Cost management and billing plugin to root #​111739, @​gubjanos
• PanelTimeCompare: Support saving time compare window #​113150, @​torkelo
• PanelTimeSettings: Support panel time range settings changes from dashboard in view mode #​113027, @​torkelo
• Plugins: Install Grafana Pathfinder behind a feature flag #​109909, @​Jayclifford345
• PostgreSQL: Support PGPASSFILE by making password optional #​108856, @​taraspos
• Provisioning: Watch file system for changes #​112184, @​ryantxu
• Reporting: Add support for schema v2 dashboards (Enterprise)
• Reporting: Wait for streaming to end before exporting CSVs (Enterprise)
• SQL Expressions: Add Functions to Allow list #​113291, @​kylebrandt
• Snapshots: Use appSubUrl for View all snapshots #​111652, @​Clarity-89
• Span Details: Bring back span id to span details #​112411, @​ifrost
• Span Details: Wrap label values #​112413, @​ifrost
• Stars: Refactor StarsToolbarButton and unify nav update logic #​112582, @​tomratcliffe
• Stat/BarGauge: Border radius tweak #​112562, @​torkelo
• Table: Add some error-case handling to ImageCell #​110461, @​fastfrwrd
• Table: Allow FieldType.other containing arrays to use Pills #​111205, @​fastfrwrd
• Table: Disable virtualization, hover overflow, and scrollbar width resizing on Safari 26 #​111834, @​fastfrwrd
• Table: Pill and JSON Cells should allow formatting #​111951, @​fastfrwrd
• Table: Support DataLinks and Actions in SparklineCell #​112244, @​fastfrwrd
• Table: Update ad-hoc filter to use name instead of displayName #​112815, @​fastfrwrd
• Tempo: Migrates tags and tag values to datasource backend CallResource requests (Enterprise)
• Theme: Changes light theme canvas color a more white shade #​111318, @​torkelo
• Themes: Update themes border radius #​111478, @​torkelo
• TimeComparison: Automatically show/hide menu on hover #​112750, @​jesdavpet
• TimeSeries: Allow custom time units on x-axis #​112913, @​leeoniya
• Timeseries: Numeric duration values could render as NaN (#​73795) #​112076, @​fastfrwrd
• Transformations: Hide "Match all/any" conditions for less than two filters #​109754, @​sudoice
• UI Extensions: Remove path validation from link extensions #​112259, @​leventebalogh

Bug fixes

• Access Control: Fix the permission checks for saving/updating/deleting annotations #​112953, @​IevaVasiljeva
• Accessibility: Improve no-unreduced-motion rule and fix violations #​110304, @​tomratcliffe
• Alerting Provisioning: Don't error on recording rules without conditions #​109410, @​djpnicholls
• Alerting: Clear outdated settings when switching contact point type #​111869, @​konrad147
• Alerting: Fix enrichment tab to be rendered only for grafana alerting rules #​113030, @​soniaAguilarPeiron
• Alerting: Fix instances matching in notification policies #​112326, @​konrad147
• Alerting: Fix threshold params #​111645, @​soniaAguilarPeiron
• Alerting: Fix unmarshalling of GettableStatus to include time intervals #​112602, @​yuri-tceretian
• Alerting: Migrate spec.title and spec.name fieldSelectors #​111993, @​gillesdemey
• Alerting: Normalize health when filtering rules #​113087, @​gillesdemey
• Alerting: Prohibit receivers with empty name #​113064, @​yuri-tceretian
• Alerting: Provisioning to fix contact point type on save #​112246, @​yuri-tceretian
• Alerting: Remove __grafana_origin when duplicating rule #​112396, @​soniaAguilarPeiron
• AnnoList: Fix annotations not loading when in a repeated row #​111540, @​joshhunt
• Annotations: Fix issue with transformation logic in scenes #​112288, @​fastfrwrd
• Auth: Fix render user OAuth passthrough #​111636, @​charandas
• ComboBox: Add loading state to dropdown and prefixIcon #​112967, @​tomratcliffe
• Connections: Fix connections home page on enterprise #​111751, @​oshirohugo
• Dashboard: Fix editor specific permissions in /api #​113292, @​stephaniehingtgen
• Dashboards: Fix bug with anon users with editor permissions creating dashboards #​113260, @​stephaniehingtgen
• Dashboards: Fix missing Ctrl+O keyboard shortcut for crosshair toggle #​111310, @​ivanortegaalba
• Dashboards: Fix moving to root folder #​111515, @​stephaniehingtgen
• Dashboards: Fix preload field not being persisted via /v1beta1 #​112475, @​ivanortegaalba
• Flame Graph: Use suffix for values formatted with a short formatter #​110999, @​ifrost
• FlameGraph: Ensure total is only counted once for recursive function calls #​111548, @​simonswine
• FolderPermissions: Return 404 error when folder does not exist instead of 500 #​112919, @​Jguer
• FolderPicker: Fix expand toggle also selecting folder #​111755, @​aocenas
• Graphite: Fix legacy response unmarshalling #​112968, @​aangelisc
• Histogram: Properly handle sparse heatmap-cells frames #​112907, @​leeoniya
• LDAP Authentication: Fix URL to propagate username context as parameter #​111723, @​bradleypettit
• Node graph: Fix context menu position after scrolling #​112374, @​adrapereira
• Playlist: Fix navigation issues with emoji-titled dashboards during dual-write migration #​111659, @​axelavargas
• Plugin Details Page: Fix tabs not loading on hard refresh #​112915, @​sunker
• Plugin navigation: Fix active nav item selection when there are more than 10 items in a group #​112886, @​aocenas
• Plugins: Dependencies do not inherit parent URL for preinstall #​111762, @​wbrowne
• Plugins: Set isProvisioned for local plugins without remote counterpart #​111268, @​oshirohugo
• Prometheus: Fix incremental querying logic for public dashboards #​111642, @​jcolladokuri
• Prometheus: Fix parsing logic of prometheus expressions to honor the order of binary operations #​112220, @​jcolladokuri
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)
• SoloPanel: Fixes issue with solo route and scopes variable #​112769, @​torkelo
• Stars: Fix starred state not being updated #​111936, @​Clarity-89
• Stat: Fix math for percent change value heights when sparkline is not rendered #​112599, @​fastfrwrd
• StateTimeline: Fix color display in tooltip #​112878, @​fastfrwrd
• Table: Fix cell inspect for Sparkline and inferred JSON cells #​113059, @​fastfrwrd
• TextPanel: Fix CodeEditor not appearing properly #​111937, @​ashharrison90
• UnitPicker/Cascader: Fixes type to search for unit feature #​112614, @​torkelo
• VizTooltip: Better overflow handling on long series names #​112240, @​fastfrwrd

Breaking changes

• Faro: Update configuration with best practices #​112108, @​joshhunt
• LibraryPanels: Remove unique name constraints #​113077, @​ryantxu
• RBAC: Only write action sets #​112429, @​IevaVasiljeva

Plugin development fixes & changes

• Checkbox: Improve accessibility of the indeterminate state #​112388, @​ashharrison90
• Collapse: Improve layout and deprecate collapsible prop #​113164, @​ashharrison90
• Docs: Add storybook links to components #​113102, @​samsch
• Modal: Fix button focus being clipped #​112867, @​ashharrison90
• Slider: Expose prop to control visibility of input #​113084, @​ashharrison90
• Slider: Make inputId a required param and fix minor a11y violations #​112006, @​ashharrison90

v12.2.2

Compare Source

Features and enhancements

• Access control: Reduce memory usage when fetching user's permissions #​113414, @​hairyhenderson
• Table: Pill and JSON Cells should allow formatting #​113130, @​fastfrwrd

Bug fixes

• AnalyticsSummaries: Fix dashboard rollup not resetting "last X days" metrics to zero (Enterprise)
• AnalyticsSummaries: Fix dashboard rollup totals resetting incorrectly (Enterprise)
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

kiwigrid/k8s-sidecar (ghcr.io/kiwigrid/k8s-sidecar)

v2.1.4

Compare Source

📦 Dependencies

• Bump actions/checkout from 5.0.1 to 6.0.0
  • PR: #​472
• Bump actions/upload-artifact from 4.6.2 to 5.0.0
  • PR: #​459
• Bump actions/download-artifact from 5.0.0 to 6.0.0
  • PR: #​456
• Bump fastapi from 0.121.0 to 0.122.0 in /src
  • PR: #​470

v2.1.3

Compare Source

📦 Dependencies

• Bump github/codeql-action from 4.31.2 to 4.31.3
  • PR: #​466
• Bump actions/checkout from 5.0.0 to 5.0.1
  • PR: #​467
• Bump softprops/action-gh-release from 2.4.1 to 2.4.2
  • PR: #​463
• Bump github/codeql-action from 4.31.3 to 4.31.5
  • PR: #​471

v2.1.2

Compare Source

📦 Dependencies

• Bump mikepenz/release-changelog-builder-action from 6.0.0 to 6.0.1
  • PR: #​458
• Bump docker/setup-qemu-action from 3.6.0 to 3.7.0
  • PR: #​457
• Bump fastapi from 0.115.2 to 0.121.0 in /src
  • PR: #​452

v2.1.1

Compare Source

📦 Dependencies

• Bump mikepenz/release-changelog-builder-action from 6.0.0 to 6.0.1
  • PR: #​458
• Bump docker/setup-qemu-action from 3.6.0 to 3.7.0
  • PR: #​457
• Bump fastapi from 0.115.2 to 0.121.0 in /src
  • PR: #​452

v2.1.0

Compare Source

🚀 Features

• wyn_skip_init: - add flag to skip initial request to REQ_URL when using WATCH
  • PR: #​433

📦 Dependencies

• Bump actions/upload-artifact from 4 to 5
  • PR: #​439
• Bump actions/download-artifact from 5 to 6
  • PR: #​440

v2.0.3

Compare Source

Build

• Drop support for ppc64le (#​445)
• Drop support for s390x (#​444)

Enhancements

• Add health endpoint with readiness and liveness probes (#​416)

• New /healthz Endpoint: A new HTTP endpoint is available on port 8080 (configurable via the HEALTH_PORT environment variable)

  • Readiness Probe:

    • The sidecar now reports as "ready" (HTTP 200) only after the initial synchronization of all configured resources is complete
    • This prevents the main application container from starting or receiving traffic prematurely, ensuring all configuration files are present at startup

  • Liveness Probe:

    • The probe continuously monitors the sidecar's health by checking two critical conditions:
      • Kubernetes API Contact: Verifies that the sidecar has had successful contact with the Kubernetes API within the last 60 seconds
      • Watcher Process Health: Ensures that all internal watcher subprocesses are running correctly
    • If any check fails, the probe fails, signaling Kubernetes to restart the container

• Reduced Log Noise: Access logs for frequent /healthz requests are automatically filtered out to keep application logs clean and focused

• Fail-Fast on Process Death: The main process now exits immediately if a critical watcher subprocess dies, ensuring a prompt restart by Kubernetes

Testing

• The CI pipeline has been enhanced with new tests to validate this functionality:
  • A test to confirm the Uvicorn health server starts successfully
  • A liveness test that simulates a watcher process failure and asserts that Kubernetes restarts the pod as expected
  • A Kubernetes Config load test for Sleep and Watch based sidecar

v1.30.11

Compare Source

⚠️ YANKED/UNSTABLE ⚠️: Do not use 1.30.11 due to #​431
Use 1.30.9 as latest stable

📦 Dependencies

• Bump python-json-logger from 3.3.0 to 4.0.0 in /src
  • PR: #​424

grafana/helm-charts (grafana)

v10.3.0

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

• [grafana] Add support for native sidecars by @​sthomson-wyn in #​3949

Full Changelog: grafana/helm-charts@tempo-distributed-1.57.0...grafana-10.3.0

v10.2.0

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

• [grafana] Fix datasources initContainer sidecar and add dashboards initContainer sidecar by @​sthomson-wyn in #​4011

New Contributors

• @​sthomson-wyn made their first contribution in #​4011

Full Changelog: grafana/helm-charts@grafana-10.1.5...grafana-10.2.0

v10.1.5

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

• [grafana] Update Grafana to 12.3.0 by @​Footur in #​4012

Full Changelog: grafana/helm-charts@helm-k6-operator-4.1.1...grafana-10.1.5

v10.1.4

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

• [grafana] Fix using GF_SECURITY_ADMIN_USER__FILE by @​dguendisch in #​3962

New Contributors

• @​dguendisch made their first contribution in #​3962

Full Changelog: grafana/helm-charts@grafana-10.1.3...grafana-10.1.4

v10.1.3

Compare Source

The leading tool for querying and visualizing time series and metrics.

What's Changed

• [grafana] Update Grafana to 12.2.1 by @​terop in #​3964

Full Changelog: grafana/helm-charts@tempo-distributed-1.52.3...grafana-10.1.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[mjnagel]

Rebased to make sure this pulls in the other updates automatically but this image was renamed upstream and will need to be modified to:

    repository: rfcurated/kiwigrid/k8s-sidecar
    tag: 2.1.4-jammy-scratch-fips-rfcurated-rfhardened

Along with the same change for zarf.yaml.