CI: Fix drone docker publish (#91204)

* $debug -> $$debug

* use bash instead of sh

* Update publish_images.star

* Install bash in the docker/docker image

* buildifier

(cherry picked from commit bee678da94)

# Conflicts:
#	.drone.yml

.drone.yml

@@ -2672,26 +2672,40 @@ steps:
   - name: docker
     path: /var/run/docker.sock
 - commands:
-  - "\n    debug=\n    if [[ -n $${DRY_RUN} ]];  then debug=echo; fi\n    docker login
-    -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}\n\n    # Push the grafana-image-tags
-    images\n    $debug docker push grafana/grafana-image-tags:$${TAG}-amd64\n    $debug
-    docker push grafana/grafana-image-tags:$${TAG}-arm64\n    $debug docker push grafana/grafana-image-tags:$${TAG}-armv7\n
-    \   $debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64\n    $debug
-    docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64\n    $debug docker
-    push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n    # Create the grafana
-    manifests\n    $debug docker manifest create grafana/grafana:${TAG}       grafana/grafana-image-tags:$${TAG}-amd64
-    \      grafana/grafana-image-tags:$${TAG}-arm64       grafana/grafana-image-tags:$${TAG}-armv7\n\n
-    \   $debug docker manifest create grafana/grafana:${TAG}-ubuntu       grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
-    \      grafana/grafana-image-tags:$${TAG}-ubuntu-arm64       grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n
-    \   # Push the grafana manifests\n    $debug docker manifest push grafana/grafana:$${TAG}\n
-    \   $debug docker manifest push grafana/grafana:$${TAG}-ubuntu\n\n    # if LATEST
-    is set, then also create & push latest\n    if [[ -n $${LATEST} ]]; then\n        $debug
-    docker manifest create grafana/grafana:latest           grafana/grafana-image-tags:$${TAG}-amd64
-    \          grafana/grafana-image-tags:$${TAG}-arm64           grafana/grafana-image-tags:$${TAG}-armv7\n
-    \       $debug docker manifest create grafana/grafana:latest-ubuntu           grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
-    \          grafana/grafana-image-tags:$${TAG}-ubuntu-arm64           grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n
-    \       $debug docker manifest push grafana/grafana:latest\n        $debug docker
-    manifest push grafana/grafana:latest-ubuntu\n\n    fi\n    "
+  - apk add bash
+  - |2-
+
+        bash -c '
+        debug=
+        if [[ -n $${DRY_RUN} ]];  then debug=echo; fi
+        docker login -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}
+
+        # Push the grafana-image-tags images
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-amd64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-arm64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-armv7
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+        # Create the grafana manifests
+        $$debug docker manifest create grafana/grafana:${TAG}       grafana/grafana-image-tags:$${TAG}-amd64       grafana/grafana-image-tags:$${TAG}-arm64       grafana/grafana-image-tags:$${TAG}-armv7
+
+        $$debug docker manifest create grafana/grafana:${TAG}-ubuntu       grafana/grafana-image-tags:$${TAG}-ubuntu-amd64       grafana/grafana-image-tags:$${TAG}-ubuntu-arm64       grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+        # Push the grafana manifests
+        $$debug docker manifest push grafana/grafana:$${TAG}
+        $$debug docker manifest push grafana/grafana:$${TAG}-ubuntu
+
+        # if LATEST is set, then also create & push latest
+        if [[ -n $${LATEST} ]]; then
+            $$debug docker manifest create grafana/grafana:latest           grafana/grafana-image-tags:$${TAG}-amd64           grafana/grafana-image-tags:$${TAG}-arm64           grafana/grafana-image-tags:$${TAG}-armv7
+            $$debug docker manifest create grafana/grafana:latest-ubuntu           grafana/grafana-image-tags:$${TAG}-ubuntu-amd64           grafana/grafana-image-tags:$${TAG}-ubuntu-arm64           grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+            $$debug docker manifest push grafana/grafana:latest
+            $$debug docker manifest push grafana/grafana:latest-ubuntu
+
+        fi'
   depends_on:
   - fetch-images
   environment:
@@ -2789,26 +2803,40 @@ steps:
   - name: docker
     path: /var/run/docker.sock
 - commands:
-  - "\n    debug=\n    if [[ -n $${DRY_RUN} ]];  then debug=echo; fi\n    docker login
-    -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}\n\n    # Push the grafana-image-tags
-    images\n    $debug docker push grafana/grafana-image-tags:$${TAG}-amd64\n    $debug
-    docker push grafana/grafana-image-tags:$${TAG}-arm64\n    $debug docker push grafana/grafana-image-tags:$${TAG}-armv7\n
-    \   $debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64\n    $debug
-    docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64\n    $debug docker
-    push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n    # Create the grafana
-    manifests\n    $debug docker manifest create grafana/grafana:${TAG}       grafana/grafana-image-tags:$${TAG}-amd64
-    \      grafana/grafana-image-tags:$${TAG}-arm64       grafana/grafana-image-tags:$${TAG}-armv7\n\n
-    \   $debug docker manifest create grafana/grafana:${TAG}-ubuntu       grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
-    \      grafana/grafana-image-tags:$${TAG}-ubuntu-arm64       grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n
-    \   # Push the grafana manifests\n    $debug docker manifest push grafana/grafana:$${TAG}\n
-    \   $debug docker manifest push grafana/grafana:$${TAG}-ubuntu\n\n    # if LATEST
-    is set, then also create & push latest\n    if [[ -n $${LATEST} ]]; then\n        $debug
-    docker manifest create grafana/grafana:latest           grafana/grafana-image-tags:$${TAG}-amd64
-    \          grafana/grafana-image-tags:$${TAG}-arm64           grafana/grafana-image-tags:$${TAG}-armv7\n
-    \       $debug docker manifest create grafana/grafana:latest-ubuntu           grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
-    \          grafana/grafana-image-tags:$${TAG}-ubuntu-arm64           grafana/grafana-image-tags:$${TAG}-ubuntu-armv7\n\n
-    \       $debug docker manifest push grafana/grafana:latest\n        $debug docker
-    manifest push grafana/grafana:latest-ubuntu\n\n    fi\n    "
+  - apk add bash
+  - |2-
+
+        bash -c '
+        debug=
+        if [[ -n $${DRY_RUN} ]];  then debug=echo; fi
+        docker login -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}
+
+        # Push the grafana-image-tags images
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-amd64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-arm64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-armv7
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64
+        $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+        # Create the grafana manifests
+        $$debug docker manifest create grafana/grafana:${TAG}       grafana/grafana-image-tags:$${TAG}-amd64       grafana/grafana-image-tags:$${TAG}-arm64       grafana/grafana-image-tags:$${TAG}-armv7
+
+        $$debug docker manifest create grafana/grafana:${TAG}-ubuntu       grafana/grafana-image-tags:$${TAG}-ubuntu-amd64       grafana/grafana-image-tags:$${TAG}-ubuntu-arm64       grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+        # Push the grafana manifests
+        $$debug docker manifest push grafana/grafana:$${TAG}
+        $$debug docker manifest push grafana/grafana:$${TAG}-ubuntu
+
+        # if LATEST is set, then also create & push latest
+        if [[ -n $${LATEST} ]]; then
+            $$debug docker manifest create grafana/grafana:latest           grafana/grafana-image-tags:$${TAG}-amd64           grafana/grafana-image-tags:$${TAG}-arm64           grafana/grafana-image-tags:$${TAG}-armv7
+            $$debug docker manifest create grafana/grafana:latest-ubuntu           grafana/grafana-image-tags:$${TAG}-ubuntu-amd64           grafana/grafana-image-tags:$${TAG}-ubuntu-arm64           grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+
+            $$debug docker manifest push grafana/grafana:latest
+            $$debug docker manifest push grafana/grafana:latest-ubuntu
+
+        fi'
   depends_on:
   - fetch-images
   environment:
@@ -2850,12 +2878,9 @@ steps:
 - commands:
   - apk add perl
   - v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'`
-  - default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target;
-    fi`
-  - backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi`
   - curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr
-  - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${TARGET:-$default_target}
-    -f backport=$${BACKPORT:-$default_backport} --repo=grafana/grafana release-pr.yml
+  - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${v_target}
+    -f latest=$${LATEST} --repo=grafana/grafana release-pr.yml
   depends_on: []
   environment:
     GH_CLI_URL: https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz
@@ -2935,12 +2960,9 @@ steps:
 - commands:
   - apk add perl
   - v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'`
-  - default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target;
-    fi`
-  - backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi`
   - curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr
-  - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${TARGET:-$default_target}
-    -f backport=$${BACKPORT:-$default_backport} --repo=grafana/grafana release-pr.yml
+  - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${v_target}
+    -f latest=$${LATEST} --repo=grafana/grafana release-pr.yml
   depends_on:
   - publish-artifacts
   - publish-static-assets
@@ -3124,7 +3146,7 @@ steps:
   - rpm --import https://rpm.grafana.com/gpg.key
   - 'echo "Step 4: Configuring Grafana repository..."'
   - |-
-    echo '[grafana]
+    echo -e '[grafana]
     name=grafana
     baseurl=https://rpm.grafana.com
     repo_gpgcheck=0
@@ -3302,7 +3324,7 @@ steps:
   - rpm --import https://rpm.grafana.com/gpg.key
   - 'echo "Step 4: Configuring Grafana repository..."'
   - |-
-    echo '[grafana]
+    echo -e '[grafana]
     name=grafana
     baseurl=https://rpm.grafana.com
     repo_gpgcheck=0
@@ -5329,6 +5351,6 @@ kind: secret
 name: gcr_credentials
 ---
 kind: signature
-hmac: 542c04f476c1edd5f3006b10f3b129ab0dcc3cef1688976b474f53c7686812da
+hmac: faa6a717a8a8140633e39cefbd43432d1121392ac118cefb3985395857868889
 
 ...

.github/workflows/changelog.yml

@@ -3,6 +3,7 @@ on:
   workflow_call:
     inputs:
       version:
+        type: string
         required: true
         description: 'Target release version (semver, git tag, branch or commit)'
       target:
@@ -12,14 +13,21 @@ on:
       dry_run:
         required: false
         default: false
-        type: bool
+        type: boolean
       latest:
         required: false
         default: false
-        type: bool
+        type: boolean
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+
   workflow_dispatch:
     inputs:
       version:
+        type: string
         required: true
         description: 'Target release version (semver, git tag, branch or commit)'
       target:
@@ -29,13 +37,14 @@ on:
       dry_run:
         required: false
         default: false
-        type: bool
+        type: boolean
       latest:
         required: false
         default: false
-        type: bool
+        type: boolean
 
 permissions:
+  contents: write
   pull-requests: write
 
 jobs:
@@ -53,6 +62,7 @@ jobs:
       - name: "Checkout Grafana repo"
         uses: "actions/checkout@v4"
         with:
+          ref: main
           sparse-checkout: |
             .github/workflows
             CHANGELOG.md
@@ -64,7 +74,7 @@ jobs:
           git config --local user.email "github-actions[bot]@users.noreply.github.com"
           git config --local --add --bool push.autoSetupRemote true
       - name: "Create branch"
-        run: git checkout -b "release/${{ github.run_id }}/${{ inputs.version }}"
+        run: git checkout -b "changelog/${{ github.run_id }}/${{ inputs.version }}"
       - name: "Generate changelog"
         id: changelog
         uses: ./.github/workflows/actions/changelog
@@ -108,13 +118,13 @@ jobs:
         if: ${{ inputs.dry_run }} != true
         run: git push
       - name: "Create changelog PR"
-        if: "${{ inputs.backport == '' }}"
         run: >
           gh pr create \
-            $( [ "x${{ inputs.latest }}" == "xtrue" ] && printf %s '-l "release/latest"') \
             --dry-run=${{ inputs.dry_run }} \
+            --label "no-backport" \
+            --label "no-changelog" \
             -B "${{ inputs.target }}" \
-            --title "Release: ${{ inputs.version }}" \
+            --title "Release: update changelog for ${{ inputs.version }}" \
             --body "Changelog changes for release ${{ inputs.version }}"
         env:
           GH_TOKEN: ${{ steps.generate_token.outputs.token }}

.github/workflows/release-comms.yml

@@ -38,8 +38,8 @@ jobs:
         echo "LATEST=${{ inputs.latest }}" >> $GITHUB_ENV
     - if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') }}
       run: |
-        echo "VERSION=$(echo ${{ github.head_ref }} | sed -e 's/release\///g')" >> $GITHUB_ENV
-        echo "DRY_RUN=true" >> $GITHUB_ENV
+        echo "VERSION=$(echo ${{ github.head_ref }} | sed -e 's/release\/.*\///g')" >> $GITHUB_ENV
+        echo "DRY_RUN=${{ contains(github.event.pull_request.labels.*.name, 'release/dry-run') }}" >> $GITHUB_ENV
         echo "LATEST=${{ contains(github.event.pull_request.labels.*.name, 'release/latest') }}" >> $GITHUB_ENV
     - id: output
       run: |
@@ -68,6 +68,7 @@ jobs:
     with:
       version: ${{ needs.setup.outputs.version }}
       dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
+      latest: ${{ needs.setup.outputs.latest }}
   post_on_slack:
     needs: setup
     runs-on: ubuntu-latest

.github/workflows/release-pr.yml

@@ -23,11 +23,11 @@ on:
       dry_run:
         required: false
         default: false
-        type: bool
+        type: boolean
       latest:
         required: false
         default: false
-        type: bool
+        type: boolean
 
 permissions:
   contents: write
@@ -42,6 +42,9 @@ jobs:
       latest: ${{ inputs.latest }}
       dry_run: ${{ inputs.dry_run }}
       target: main
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
   create-prs:
     name: Create Release PR
     runs-on: ubuntu-latest
@@ -53,13 +56,19 @@ jobs:
         with:
           app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
           private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-
       - name: Checkout Grafana
         uses: actions/checkout@v4
         with:
+          ref: ${{ inputs.target }}
           fetch-depth: 0
           fetch-tags: true
-
+      - name: Checkout Grafana (main)
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: '0'
+          fetch-tags: 'false'
+          path: .grafana-main
       - name: Configure git user
         run: |
           git config --local user.name "github-actions[bot]"
@@ -68,15 +77,13 @@ jobs:
 
       - name: Create branch
         run: git checkout -b "release/${{ github.run_id }}/${{ inputs.version }}"
-
       - name: Generate changelog
         id: changelog
-        uses: ./.github/workflows/actions/changelog
+        uses: ./.grafana-main/.github/workflows/actions/changelog
         with:
           github_token: ${{ steps.generate_token.outputs.token }}
           target: v${{ inputs.version }}
           output_file: changelog_items.md
-
       - name: Patch CHANGELOG.md
         run: |
           # Prepare CHANGELOG.md content with version delimiters
@@ -110,27 +117,28 @@ jobs:
           git diff CHANGELOG.md
 
       - name: Commit CHANGELOG.md changes
-        run: git commit --allow-empty -m "Update changelog placeholder" CHANGELOG.md
+        run: git add CHANGELOG.md && git commit --allow-empty -m "Update changelog" CHANGELOG.md
 
       - name: Update package.json versions
-        uses: ./pkg/build/actions/bump-version
+        uses: ./.grafana-main/pkg/build/actions/bump-version
         with:
-          version: ${{ inputs.version }}
+          version: 'patch'
 
       - name: Add package.json changes
         run: |
-          git add .
+          git add package.json lerna.json yarn.lock packages public
           git commit -m "Update version to ${{ inputs.version }}"
 
       - name: Git push
         if: ${{ inputs.dry_run }} != true
-        run: git push
+        run: git push --set-upstream origin release/${{ github.run_id }}/${{ inputs.version }}
 
       - name: Create PR without backports
         if: "${{ inputs.backport == '' }}"
         run: >
           gh pr create \
             $( [ "x${{ inputs.latest }}" == "xtrue" ] && printf %s '-l "release/latest"') \
+            -l "no-changelog" \
             --dry-run=${{ inputs.dry_run }} \
             -B "${{ inputs.target }}" \
             --title "Release: ${{ inputs.version }}" \
@@ -143,8 +151,8 @@ jobs:
         run: >
           gh pr create \
             $( [ "x${{ inputs.latest }}" == "xtrue" ] && printf %s '-l "release/latest"') \
-            -l "backport ${{ inputs.backport }}" \
             -l "product-approved" \
+            -l "no-changelog" \
             --dry-run=${{ inputs.dry_run }} \
             -B "${{ inputs.target }}" \
             --title "Release: ${{ inputs.version }}" \

CHANGELOG.md

@@ -1,3 +1,32 @@
+<!-- 11.1.3 START -->
+
+# 11.1.3 (2024-07-26)
+
+### Bug fixes
+
+- **RBAC**: Allow plugins to use scoped actions [#90946](https://github.com/grafana/grafana/pull/90946), [@gamab](https://github.com/gamab)
+
+<!-- 11.1.3 END -->
+<!-- 11.1.2 START -->
+
+# 11.1.2 (2024-07-26)
+
+<!-- 11.1.2 END -->
+<!-- 11.1.1 START -->
+
+# 11.1.1 (2024-07-25)
+
+### Bug fixes
+
+- **Alerting:** Skip fetching alerts for unsaved dashboards [#90074](https://github.com/grafana/grafana/pull/90074), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Skip loading alert rules for dashboards when disabled [#89905](https://github.com/grafana/grafana/pull/89905), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Support `utf8_strict_mode: false` in Mimir [#90148](https://github.com/grafana/grafana/pull/90148), [@gillesdemey](https://github.com/gillesdemey)
+- **Scenes:** Fixes issue with panel repeat height calculation [#90232](https://github.com/grafana/grafana/pull/90232), [@kaydelaney](https://github.com/kaydelaney)
+- **Table Panel:** Fix Image hover without datalinks [#89922](https://github.com/grafana/grafana/pull/89922), [@codeincarnate](https://github.com/codeincarnate)
+- **Tempo:** Fix grpc streaming support over pdc-agent [#90055](https://github.com/grafana/grafana/pull/90055), [@taylor-s-dean](https://github.com/taylor-s-dean)
+- **RBAC**: Allow plugins to use scoped actions [#90946](https://github.com/grafana/grafana/pull/90946), [@gamab](https://github.com/gamab)
+
+<!-- 11.1.1 END -->
 <!-- 11.1.0 START -->
 
 # 11.1.0 (2024-06-21)

lerna.json

@@ -1,5 +1,5 @@
 {
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
   "npmClient": "yarn",
-  "version": "11.1.1"
+  "version": "11.1.4"
 }

package.json

@@ -3,7 +3,7 @@
   "license": "AGPL-3.0-only",
   "private": true,
   "name": "grafana",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "repository": "github:grafana/grafana",
   "scripts": {
     "build": "NODE_ENV=production nx exec --verbose -- webpack --config scripts/webpack/webpack.prod.js",

packages/grafana-data/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/data",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana Data Library",
   "keywords": [
     "typescript"
@@ -36,7 +36,7 @@
   },
   "dependencies": {
     "@braintree/sanitize-url": "7.0.1",
-    "@grafana/schema": "11.1.1",
+    "@grafana/schema": "11.1.4",
     "@types/d3-interpolate": "^3.0.0",
     "@types/string-hash": "1.1.3",
     "d3-interpolate": "3.0.1",

packages/grafana-e2e-selectors/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/e2e-selectors",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana End-to-End Test Selectors Library",
   "keywords": [
     "cli",

packages/grafana-eslint-rules/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@grafana/eslint-plugin",
   "description": "ESLint rules for use within the Grafana repo. Not suitable (or supported) for external use.",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "main": "./index.cjs",
   "author": "Grafana Labs",
   "license": "Apache-2.0",

packages/grafana-flamegraph/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/flamegraph",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana flamegraph visualization component",
   "keywords": [
     "grafana",
@@ -44,8 +44,8 @@
   ],
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "@leeoniya/ufuzzy": "1.0.14",
     "d3": "^7.8.5",
     "lodash": "4.17.21",

packages/grafana-icons/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@grafana/saga-icons",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "private": true,
   "description": "Icons for Grafana",
   "author": "Grafana Labs",

packages/grafana-o11y-ds-frontend/package.json

@@ -3,7 +3,7 @@
   "license": "AGPL-3.0-only",
   "name": "@grafana/o11y-ds-frontend",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Library to manage traces in Grafana.",
   "sideEffects": false,
   "repository": {
@@ -18,12 +18,12 @@
   },
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
-    "@grafana/e2e-selectors": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/e2e-selectors": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "react-select": "5.8.0",
     "react-use": "17.5.0",
     "rxjs": "7.8.1",

packages/grafana-plugin-configs/package.json

@@ -2,7 +2,7 @@
   "name": "@grafana/plugin-configs",
   "description": "Shared dependencies and files for core plugins",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "tslib": "2.6.3"
   },

packages/grafana-prometheus/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "AGPL-3.0-only",
   "name": "@grafana/prometheus",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana Prometheus Library",
   "keywords": [
     "typescript"
@@ -38,12 +38,12 @@
   "dependencies": {
     "@emotion/css": "11.11.2",
     "@floating-ui/react": "0.26.16",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
     "@grafana/faro-web-sdk": "1.7.3",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "@leeoniya/ufuzzy": "1.0.14",
     "@lezer/common": "1.2.1",
     "@lezer/highlight": "1.2.0",
@@ -76,7 +76,7 @@
   },
   "devDependencies": {
     "@emotion/eslint-plugin": "11.11.0",
-    "@grafana/e2e-selectors": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
     "@grafana/tsconfig": "^1.3.0-rc1",
     "@rollup/plugin-image": "3.0.3",
     "@rollup/plugin-node-resolve": "15.2.3",

packages/grafana-runtime/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/runtime",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana Runtime Library",
   "keywords": [
     "grafana",
@@ -37,11 +37,11 @@
     "postpack": "mv package.json.bak package.json"
   },
   "dependencies": {
-    "@grafana/data": "11.1.1",
-    "@grafana/e2e-selectors": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/e2e-selectors": "11.1.4",
     "@grafana/faro-web-sdk": "^1.3.6",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "history": "4.10.1",
     "lodash": "4.17.21",
     "rxjs": "7.8.1",

packages/grafana-schema/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/schema",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana Schema Library",
   "keywords": [
     "typescript"

packages/grafana-schema/src/raw/composable/annotationslist/panelcfg/x/AnnotationsListPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   limit: number;

packages/grafana-schema/src/raw/composable/barchart/panelcfg/x/BarChartPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.OptionsWithLegend, common.OptionsWithTooltip, common.OptionsWithTextFormatting {
   /**

packages/grafana-schema/src/raw/composable/bargauge/panelcfg/x/BarGaugePanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.SingleStatBaseOptions {
   displayMode: common.BarGaugeDisplayMode;

packages/grafana-schema/src/raw/composable/candlestick/panelcfg/x/CandlestickPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export enum VizDisplayMode {
   Candles = 'candles',

packages/grafana-schema/src/raw/composable/canvas/panelcfg/x/CanvasPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export enum HorizontalConstraint {
   Center = 'center',

packages/grafana-schema/src/raw/composable/cloudwatch/dataquery/x/CloudWatchDataQuery_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface MetricStat {
   /**

packages/grafana-schema/src/raw/composable/dashboardlist/panelcfg/x/DashboardListPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   /**

packages/grafana-schema/src/raw/composable/datagrid/panelcfg/x/DatagridPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   selectedSeries: number;

packages/grafana-schema/src/raw/composable/debug/panelcfg/x/DebugPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export type UpdateConfig = {
   render: boolean,

packages/grafana-schema/src/raw/composable/elasticsearch/dataquery/x/ElasticsearchDataQuery_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export type BucketAggregation = (DateHistogram | Histogram | Terms | Filters | GeoHashGrid | Nested);
 

packages/grafana-schema/src/raw/composable/gauge/panelcfg/x/GaugePanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.SingleStatBaseOptions {
   minVizHeight: number;

packages/grafana-schema/src/raw/composable/geomap/panelcfg/x/GeomapPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   basemap: ui.MapLayerOptions;

packages/grafana-schema/src/raw/composable/heatmap/panelcfg/x/HeatmapPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 /**
  * Controls the color mode of the heatmap

packages/grafana-schema/src/raw/composable/histogram/panelcfg/x/HistogramPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.OptionsWithLegend, common.OptionsWithTooltip {
   /**

packages/grafana-schema/src/raw/composable/logs/panelcfg/x/LogsPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   dedupStrategy: common.LogsDedupStrategy;

packages/grafana-schema/src/raw/composable/loki/dataquery/x/LokiDataQuery_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export enum QueryEditorMode {
   Builder = 'builder',

packages/grafana-schema/src/raw/composable/news/panelcfg/x/NewsPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   /**

packages/grafana-schema/src/raw/composable/nodegraph/panelcfg/x/NodeGraphPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface ArcOption {
   /**

packages/grafana-schema/src/raw/composable/piechart/panelcfg/x/PieChartPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 /**
  * Select the pie chart display style.

packages/grafana-schema/src/raw/composable/stat/panelcfg/x/StatPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.SingleStatBaseOptions {
   colorMode: common.BigValueColorMode;

packages/grafana-schema/src/raw/composable/statetimeline/panelcfg/x/StateTimelinePanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends ui.OptionsWithLegend, ui.OptionsWithTooltip, ui.OptionsWithTimezones {
   /**

packages/grafana-schema/src/raw/composable/statushistory/panelcfg/x/StatusHistoryPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends ui.OptionsWithLegend, ui.OptionsWithTooltip, ui.OptionsWithTimezones {
   /**

packages/grafana-schema/src/raw/composable/table/panelcfg/x/TablePanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as ui from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options {
   /**

packages/grafana-schema/src/raw/composable/text/panelcfg/x/TextPanelCfg_types.gen.ts

@@ -8,7 +8,7 @@
 //
 // Run 'make gen-cue' from repository root to regenerate.
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export enum TextMode {
   Code = 'code',

packages/grafana-schema/src/raw/composable/timeseries/panelcfg/x/TimeSeriesPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 export interface Options extends common.OptionsWithTimezones {
   legend: common.VizLegendOptions;

packages/grafana-schema/src/raw/composable/trend/panelcfg/x/TrendPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 /**
  * Identical to timeseries... except it does not have timezone settings

packages/grafana-schema/src/raw/composable/xychart/panelcfg/x/XYChartPanelCfg_types.gen.ts

@@ -10,7 +10,7 @@
 
 import * as common from '@grafana/schema';
 
-export const pluginVersion = "11.1.1";
+export const pluginVersion = "11.1.4";
 
 /**
  * Auto is "table" in the UI

packages/grafana-sql/package.json

@@ -3,7 +3,7 @@
   "license": "AGPL-3.0-only",
   "private": true,
   "name": "@grafana/sql",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "repository": {
     "type": "git",
     "url": "http://github.com/grafana/grafana.git",
@@ -15,11 +15,11 @@
   },
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
-    "@grafana/e2e-selectors": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/e2e-selectors": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "@react-awesome-query-builder/ui": "6.5.2",
     "immutable": "4.3.6",
     "lodash": "4.17.21",

packages/grafana-ui/package.json

@@ -2,7 +2,7 @@
   "author": "Grafana Labs",
   "license": "Apache-2.0",
   "name": "@grafana/ui",
-  "version": "11.1.1",
+  "version": "11.1.4",
   "description": "Grafana Components Library",
   "keywords": [
     "grafana",
@@ -50,10 +50,10 @@
     "@emotion/css": "11.11.2",
     "@emotion/react": "11.11.4",
     "@floating-ui/react": "0.26.16",
-    "@grafana/data": "11.1.1",
-    "@grafana/e2e-selectors": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/e2e-selectors": "11.1.4",
     "@grafana/faro-web-sdk": "^1.3.6",
-    "@grafana/schema": "11.1.1",
+    "@grafana/schema": "11.1.4",
     "@leeoniya/ufuzzy": "1.0.14",
     "@monaco-editor/react": "4.6.0",
     "@popperjs/core": "2.11.8",

pkg/api/pluginproxy/ds_proxy.go

@@ -19,11 +19,11 @@ import (
 	glog "github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/plugins"
-	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 	"github.com/grafana/grafana/pkg/services/datasources"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/oauthtoken"
+	pluginac "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util"
 	"github.com/grafana/grafana/pkg/util/proxyutil"
@@ -341,12 +341,12 @@ func (proxy *DataSourceProxy) hasAccessToRoute(route *plugins.Route) bool {
 	ctxLogger := logger.FromContext(proxy.ctx.Req.Context())
 	useRBAC := proxy.features.IsEnabled(proxy.ctx.Req.Context(), featuremgmt.FlagAccessControlOnCall) && route.ReqAction != ""
 	if useRBAC {
-		routeEval := accesscontrol.EvalPermission(route.ReqAction)
-		ok := routeEval.Evaluate(proxy.ctx.GetPermissions())
-		if !ok {
+		routeEval := pluginac.GetDataSourceRouteEvaluator(proxy.ds.UID, route.ReqAction)
+		hasAccess := routeEval.Evaluate(proxy.ctx.GetPermissions())
+		if !hasAccess {
 			ctxLogger.Debug("plugin route is covered by RBAC, user doesn't have access", "route", proxy.ctx.Req.URL.Path, "action", route.ReqAction, "path", route.Path, "method", route.Method)
 		}
-		return ok
+		return hasAccess
 	}
 	if route.ReqRole.IsValid() {
 		if hasUserRole := proxy.ctx.HasUserRole(route.ReqRole); !hasUserRole {

pkg/api/pluginproxy/ds_proxy_test.go

@@ -108,9 +108,18 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
 				Path: "mypath",
 				URL:  "https://example.com/api/v1/",
 			},
+			{
+				Path:      "api/rbac-home",
+				ReqAction: "datasources:read",
+			},
+			{
+				Path:      "api/rbac-restricted",
+				ReqAction: "test-app.settings:read",
+			},
 		}
 
 		ds := &datasources.DataSource{
+			UID: "dsUID",
 			JsonData: simplejson.NewFromAny(map[string]any{
 				"clientId":   "asd",
 				"dynamicUrl": "https://dynamic.grafana.com",
@@ -249,6 +258,51 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
 				require.NoError(t, err)
 			})
 		})
+
+		t.Run("plugin route with RBAC protection user is allowed", func(t *testing.T) {
+			ctx, _ := setUp()
+			ctx.SignedInUser.OrgID = int64(1)
+			ctx.SignedInUser.OrgRole = org.RoleNone
+			ctx.SignedInUser.Permissions = map[int64]map[string][]string{1: {"test-app.settings:read": nil}}
+			proxy, err := setupDSProxyTest(t, ctx, ds, routes, "api/rbac-restricted")
+			require.NoError(t, err)
+			err = proxy.validateRequest()
+			require.NoError(t, err)
+		})
+
+		t.Run("plugin route with RBAC protection user is not allowed", func(t *testing.T) {
+			ctx, _ := setUp()
+			ctx.SignedInUser.OrgID = int64(1)
+			ctx.SignedInUser.OrgRole = org.RoleNone
+			ctx.SignedInUser.Permissions = map[int64]map[string][]string{1: {"test-app:read": nil}}
+			proxy, err := setupDSProxyTest(t, ctx, ds, routes, "api/rbac-restricted")
+			require.NoError(t, err)
+			err = proxy.validateRequest()
+			require.Error(t, err)
+		})
+
+		t.Run("plugin route with dynamic RBAC protection user is allowed", func(t *testing.T) {
+			ctx, _ := setUp()
+			ctx.SignedInUser.OrgID = int64(1)
+			ctx.SignedInUser.OrgRole = org.RoleNone
+			ctx.SignedInUser.Permissions = map[int64]map[string][]string{1: {"datasources:read": {"datasources:uid:dsUID"}}}
+			proxy, err := setupDSProxyTest(t, ctx, ds, routes, "api/rbac-home")
+			require.NoError(t, err)
+			err = proxy.validateRequest()
+			require.NoError(t, err)
+		})
+
+		t.Run("plugin route with dynamic RBAC protection user is not allowed", func(t *testing.T) {
+			ctx, _ := setUp()
+			ctx.SignedInUser.OrgID = int64(1)
+			ctx.SignedInUser.OrgRole = org.RoleNone
+			// Has access but to another app
+			ctx.SignedInUser.Permissions = map[int64]map[string][]string{1: {"datasources:read": {"datasources:uid:notTheDsUID"}}}
+			proxy, err := setupDSProxyTest(t, ctx, ds, routes, "api/rbac-home")
+			require.NoError(t, err)
+			err = proxy.validateRequest()
+			require.Error(t, err)
+		})
 	})
 
 	t.Run("Plugin with multiple routes for token auth", func(t *testing.T) {
@@ -1021,7 +1075,7 @@ func setupDSProxyTest(t *testing.T, ctx *contextmodel.ReqContext, ds *datasource
 	cfg := setting.NewCfg()
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(dbtest.NewFakeDB(), secretsService, log.NewNopLogger())
-	features := featuremgmt.WithFeatures()
+	features := featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
 	dsService, err := datasourceservice.ProvideService(nil, secretsService, secretsStore, cfg, features, acimpl.ProvideAccessControl(features),
 		&actest.FakePermissionsService{}, quotatest.New(false, nil), &pluginstore.FakePluginStore{}, &pluginfakes.FakePluginClient{},
 		plugincontext.ProvideBaseService(cfg, pluginconfig.NewFakePluginRequestConfigProvider()))

pkg/api/pluginproxy/pluginproxy.go

@@ -15,6 +15,7 @@ import (
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
+	pluginac "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol"
 	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings"
 	"github.com/grafana/grafana/pkg/services/secrets"
 	"github.com/grafana/grafana/pkg/setting"
@@ -130,7 +131,8 @@ func (proxy *PluginProxy) HandleRequest() {
 func (proxy *PluginProxy) hasAccessToRoute(route *plugins.Route) bool {
 	useRBAC := proxy.features.IsEnabled(proxy.ctx.Req.Context(), featuremgmt.FlagAccessControlOnCall) && route.ReqAction != ""
 	if useRBAC {
-		hasAccess := ac.HasAccess(proxy.accessControl, proxy.ctx)(ac.EvalPermission(route.ReqAction))
+		routeEval := pluginac.GetPluginRouteEvaluator(proxy.ps.PluginID, route.ReqAction)
+		hasAccess := ac.HasAccess(proxy.accessControl, proxy.ctx)(routeEval)
 		if !hasAccess {
 			proxy.ctx.Logger.Debug("plugin route is covered by RBAC, user doesn't have access", "route", proxy.ctx.Req.URL.Path)
 		}

pkg/api/pluginproxy/pluginproxy_test.go

@@ -454,7 +454,13 @@ func TestPluginProxyRoutesAccessControl(t *testing.T) {
 			Path:      "projects",
 			Method:    "GET",
 			URL:       "http://localhost/api/projects",
-			ReqAction: "plugin-id.projects:read", // Protected by RBAC action
+			ReqAction: "test-app.projects:read", // Protected by RBAC action
+		},
+		{
+			Path:      "home",
+			Method:    "GET",
+			URL:       "http://localhost/api/home",
+			ReqAction: "plugins.app:access", // Protected by RBAC action with plugin scope
 		},
 	}
 
@@ -479,7 +485,7 @@ func TestPluginProxyRoutesAccessControl(t *testing.T) {
 		},
 		{
 			proxyPath:       "/projects",
-			usrPerms:        map[string][]string{"plugin-id.projects:read": {}},
+			usrPerms:        map[string][]string{"test-app.projects:read": {}},
 			expectedURLPath: "/api/projects",
 			expectedStatus:  http.StatusOK,
 		},
@@ -489,6 +495,18 @@ func TestPluginProxyRoutesAccessControl(t *testing.T) {
 			expectedURLPath: "/api/projects",
 			expectedStatus:  http.StatusForbidden,
 		},
+		{
+			proxyPath:       "/home",
+			usrPerms:        map[string][]string{"plugins.app:access": {"plugins:id:not-the-test-app"}},
+			expectedURLPath: "/api/home",
+			expectedStatus:  http.StatusForbidden,
+		},
+		{
+			proxyPath:       "/home",
+			usrPerms:        map[string][]string{"plugins.app:access": {"plugins:id:test-app"}},
+			expectedURLPath: "/api/home",
+			expectedStatus:  http.StatusOK,
+		},
 	}
 
 	for _, tc := range tcs {
@@ -533,6 +551,7 @@ func TestPluginProxyRoutesAccessControl(t *testing.T) {
 				},
 			}
 			ps := &pluginsettings.DTO{
+				PluginID:       "test-app",
 				SecureJSONData: map[string][]byte{},
 			}
 			cfg := &setting.Cfg{}

pkg/build/actions/bump-version/action.yml

@@ -7,21 +7,6 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions-ecosystem/action-regex-match@v2.0.2
-      if: ${{ github.event.inputs.version != '' }}
-      id: regex-match
-      with:
-        text: ${{ github.event.inputs.version }}
-        # https://semver.org/
-        regex: '^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$'
-    - name: Validate input version
-      if: ${{ steps.regex-match.outputs.match == '' && github.event.inputs.version != '' }}
-      shell: bash
-      run: |
-        echo "The input version format is not correct, please respect:\
-        major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. \
-        example: 7.4.3, 7.4.3-preview or 7.4.3-preview1"
-        exit 1
     - uses: actions/setup-go@v4
       with:
         go-version-file: go.mod

pkg/middleware/auth.go

@@ -127,7 +127,7 @@ func RoleAppPluginAuth(accessControl ac.AccessControl, ps pluginstore.Store, fea
 
 			if normalizeIncludePath(u.Path) == path {
 				useRBAC := features.IsEnabledGlobally(featuremgmt.FlagAccessControlOnCall) && i.RequiresRBACAction()
-				if useRBAC && !hasAccess(ac.EvalPermission(i.Action)) {
+				if useRBAC && !hasAccess(pluginaccesscontrol.GetPluginRouteEvaluator(pluginID, i.Action)) {
 					logger.Debug("Plugin include is covered by RBAC, user doesn't have access", "plugin", pluginID, "include", i.Name)
 					permitted = false
 					break

pkg/services/navtree/navtreeimpl/applinks.go

@@ -269,7 +269,7 @@ func (s *ServiceImpl) hasAccessToInclude(c *contextmodel.ReqContext, pluginID st
 	hasAccess := ac.HasAccess(s.accessControl, c)
 	return func(include *plugins.Includes) bool {
 		useRBAC := s.features.IsEnabledGlobally(featuremgmt.FlagAccessControlOnCall) && include.RequiresRBACAction()
-		if useRBAC && !hasAccess(ac.EvalPermission(include.Action)) {
+		if useRBAC && !hasAccess(pluginaccesscontrol.GetPluginRouteEvaluator(pluginID, include.Action)) {
 			s.log.Debug("plugin include is covered by RBAC, user doesn't have access",
 				"plugin", pluginID,
 				"include", include.Name)

pkg/services/navtree/navtreeimpl/applinks_test.go

@@ -406,20 +406,28 @@ func TestAddAppLinksAccessControl(t *testing.T) {
 			ID: "test-app1", Name: "Test app1 name", Type: plugins.TypeApp,
 			Includes: []*plugins.Includes{
 				{
-					Name:       "Catalog",
-					Path:       "/a/test-app1/catalog",
+					Name:       "Home",
+					Path:       "/a/test-app1/home",
 					Type:       "page",
 					AddToNav:   true,
 					DefaultNav: true,
-					Role:       roletype.RoleEditor,
-					Action:     catalogReadAction,
+					Role:       roletype.RoleViewer,
 				},
 				{
-					Name:     "Page2",
-					Path:     "/a/test-app1/page2",
+					Name:     "Catalog",
+					Path:     "/a/test-app1/catalog",
+					Type:     "page",
+					AddToNav: true,
+					Role:     roletype.RoleEditor,
+					Action:   catalogReadAction,
+				},
+				{
+					Name:     "Announcements",
+					Path:     "/a/test-app1/announcements",
 					Type:     "page",
 					AddToNav: true,
 					Role:     roletype.RoleViewer,
+					Action:   pluginaccesscontrol.ActionAppAccess,
 				},
 			},
 		},
@@ -442,77 +450,114 @@ func TestAddAppLinksAccessControl(t *testing.T) {
 		},
 	}
 
-	t.Run("Should not add app links when the user cannot access app plugins", func(t *testing.T) {
-		treeRoot := navtree.NavTreeRoot{}
-		user.Permissions = map[int64]map[string][]string{}
-		user.OrgRole = roletype.RoleAdmin
+	t.Run("Without plugin RBAC - Enforce role", func(t *testing.T) {
+		t.Run("Should not add app links when the user cannot access app plugins", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{}
+			user.OrgRole = roletype.RoleAdmin
 
-		err := service.addAppLinks(&treeRoot, reqCtx)
-		require.NoError(t, err)
-		require.Len(t, treeRoot.Children, 0)
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			require.Len(t, treeRoot.Children, 0)
+		})
+		t.Run(" Should add all includes when the user is an editor", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
+			}
+			user.OrgRole = roletype.RoleEditor
+
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			appsNode := treeRoot.FindById(navtree.NavIDApps)
+			require.Len(t, appsNode.Children, 1)
+			require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
+			require.Equal(t, "/a/test-app1/home", appsNode.Children[0].Url)
+			require.Len(t, appsNode.Children[0].Children, 2)
+			require.Equal(t, "/a/test-app1/catalog", appsNode.Children[0].Children[0].Url)
+			require.Equal(t, "/a/test-app1/announcements", appsNode.Children[0].Children[1].Url)
+		})
+		t.Run("Should add two includes when the user is a viewer", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
+			}
+			user.OrgRole = roletype.RoleViewer
+
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			appsNode := treeRoot.FindById(navtree.NavIDApps)
+			require.Len(t, appsNode.Children, 1)
+			require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
+			require.Equal(t, "/a/test-app1/home", appsNode.Children[0].Url)
+			require.Len(t, appsNode.Children[0].Children, 1)
+			require.Equal(t, "/a/test-app1/announcements", appsNode.Children[0].Children[0].Url)
+		})
 	})
-	t.Run("Should add both includes when the user is an editor", func(t *testing.T) {
-		treeRoot := navtree.NavTreeRoot{}
-		user.Permissions = map[int64]map[string][]string{
-			1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
-		}
-		user.OrgRole = roletype.RoleEditor
 
-		err := service.addAppLinks(&treeRoot, reqCtx)
-		require.NoError(t, err)
-		appsNode := treeRoot.FindById(navtree.NavIDApps)
-		require.Len(t, appsNode.Children, 1)
-		require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
-		require.Equal(t, "/a/test-app1/catalog", appsNode.Children[0].Url)
-		require.Len(t, appsNode.Children[0].Children, 1)
-		require.Equal(t, "/a/test-app1/page2", appsNode.Children[0].Children[0].Url)
-	})
-	t.Run("Should add one include when the user is a viewer", func(t *testing.T) {
-		treeRoot := navtree.NavTreeRoot{}
-		user.Permissions = map[int64]map[string][]string{
-			1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
-		}
-		user.OrgRole = roletype.RoleViewer
+	t.Run("With plugin RBAC - Enforce action first", func(t *testing.T) {
+		t.Run("Should not see any includes with no app access", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"plugins:id:not-the-test-app1"}},
+			}
+			user.OrgRole = roletype.RoleNone
+			service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
 
-		err := service.addAppLinks(&treeRoot, reqCtx)
-		require.NoError(t, err)
-		appsNode := treeRoot.FindById(navtree.NavIDApps)
-		require.Len(t, appsNode.Children, 1)
-		require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
-		require.Len(t, appsNode.Children[0].Children, 1)
-		require.Equal(t, "/a/test-app1/page2", appsNode.Children[0].Children[0].Url)
-	})
-	t.Run("Should add both includes when the user is a viewer with catalog read", func(t *testing.T) {
-		treeRoot := navtree.NavTreeRoot{}
-		user.Permissions = map[int64]map[string][]string{
-			1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}, catalogReadAction: []string{}},
-		}
-		user.OrgRole = roletype.RoleViewer
-		service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			require.Len(t, treeRoot.Children, 0)
+		})
+		t.Run("Should only see the announcements as a none role user with app access", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"plugins:id:test-app1"}},
+			}
+			user.OrgRole = roletype.RoleNone
+			service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
 
-		err := service.addAppLinks(&treeRoot, reqCtx)
-		require.NoError(t, err)
-		appsNode := treeRoot.FindById(navtree.NavIDApps)
-		require.Len(t, appsNode.Children, 1)
-		require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
-		require.Equal(t, "/a/test-app1/catalog", appsNode.Children[0].Url)
-		require.Len(t, appsNode.Children[0].Children, 1)
-		require.Equal(t, "/a/test-app1/page2", appsNode.Children[0].Children[0].Url)
-	})
-	t.Run("Should add one include when the user is an editor without catalog read", func(t *testing.T) {
-		treeRoot := navtree.NavTreeRoot{}
-		user.Permissions = map[int64]map[string][]string{
-			1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
-		}
-		user.OrgRole = roletype.RoleEditor
-		service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			appsNode := treeRoot.FindById(navtree.NavIDApps)
+			require.Len(t, appsNode.Children, 1)
+			require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
+			require.Len(t, appsNode.Children[0].Children, 1)
+			require.Equal(t, "/a/test-app1/announcements", appsNode.Children[0].Children[0].Url)
+		})
+		t.Run("Should now see the catalog as a viewer with catalog read", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"plugins:id:test-app1"}, catalogReadAction: []string{}},
+			}
+			user.OrgRole = roletype.RoleViewer
+			service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
 
-		err := service.addAppLinks(&treeRoot, reqCtx)
-		require.NoError(t, err)
-		appsNode := treeRoot.FindById(navtree.NavIDApps)
-		require.Len(t, appsNode.Children, 1)
-		require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
-		require.Len(t, appsNode.Children[0].Children, 1)
-		require.Equal(t, "/a/test-app1/page2", appsNode.Children[0].Children[0].Url)
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			appsNode := treeRoot.FindById(navtree.NavIDApps)
+			require.Len(t, appsNode.Children, 1)
+			require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
+			require.Equal(t, "/a/test-app1/home", appsNode.Children[0].Url)
+			require.Len(t, appsNode.Children[0].Children, 2)
+			require.Equal(t, "/a/test-app1/catalog", appsNode.Children[0].Children[0].Url)
+			require.Equal(t, "/a/test-app1/announcements", appsNode.Children[0].Children[1].Url)
+		})
+		t.Run("Should not see the catalog include as an editor without catalog read", func(t *testing.T) {
+			treeRoot := navtree.NavTreeRoot{}
+			user.Permissions = map[int64]map[string][]string{
+				1: {pluginaccesscontrol.ActionAppAccess: []string{"*"}},
+			}
+			user.OrgRole = roletype.RoleEditor
+			service.features = featuremgmt.WithFeatures(featuremgmt.FlagAccessControlOnCall)
+
+			err := service.addAppLinks(&treeRoot, reqCtx)
+			require.NoError(t, err)
+			appsNode := treeRoot.FindById(navtree.NavIDApps)
+			require.Len(t, appsNode.Children, 1)
+			require.Equal(t, "Test app1 name", appsNode.Children[0].Text)
+			require.Equal(t, "/a/test-app1/home", appsNode.Children[0].Url)
+			require.Len(t, appsNode.Children[0].Children, 1)
+			require.Equal(t, "/a/test-app1/announcements", appsNode.Children[0].Children[0].Url)
+		})
 	})
 }

pkg/services/pluginsintegration/pluginaccesscontrol/accesscontrol.go

@@ -3,6 +3,7 @@ package pluginaccesscontrol
 import (
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
+	"github.com/grafana/grafana/pkg/services/datasources"
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/setting"
@@ -75,3 +76,42 @@ func DeclareRBACRoles(service ac.Service, cfg *setting.Cfg, features featuremgmt
 
 	return service.DeclareFixedRoles(AppPluginsReader, PluginsWriter, PluginsMaintainer)
 }
+
+var datasourcesActions = map[string]bool{
+	datasources.ActionIDRead:                    true,
+	datasources.ActionQuery:                     true,
+	datasources.ActionRead:                      true,
+	datasources.ActionWrite:                     true,
+	datasources.ActionDelete:                    true,
+	datasources.ActionPermissionsRead:           true,
+	datasources.ActionPermissionsWrite:          true,
+	"datasources.caching:read":                  true,
+	"datasources.caching:write":                 true,
+	ac.ActionAlertingRuleExternalRead:           true,
+	ac.ActionAlertingRuleExternalWrite:          true,
+	ac.ActionAlertingInstancesExternalRead:      true,
+	ac.ActionAlertingInstancesExternalWrite:     true,
+	ac.ActionAlertingNotificationsExternalRead:  true,
+	ac.ActionAlertingNotificationsExternalWrite: true,
+}
+
+// GetDataSourceRouteEvaluator returns an evaluator for the given data source UID and action.
+func GetDataSourceRouteEvaluator(dsUID, action string) ac.Evaluator {
+	if datasourcesActions[action] {
+		return ac.EvalPermission(action, "datasources:uid:"+dsUID)
+	}
+	return ac.EvalPermission(action)
+}
+
+var pluginsActions = map[string]bool{
+	ActionWrite:     true,
+	ActionAppAccess: true,
+}
+
+// GetPluginRouteEvaluator returns an evaluator for the given plugin ID and action.
+func GetPluginRouteEvaluator(pluginID, action string) ac.Evaluator {
+	if pluginsActions[action] {
+		return ac.EvalPermission(action, "plugins:id:"+pluginID)
+	}
+	return ac.EvalPermission(action)
+}

public/app/plugins/datasource/azuremonitor/package.json

@@ -2,14 +2,14 @@
   "name": "@grafana-plugins/grafana-azure-monitor-datasource",
   "description": "Grafana data source for Azure Monitor",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "@kusto/monaco-kusto": "^10.0.0",
     "fast-deep-equal": "^3.1.3",
     "i18next": "^23.0.0",
@@ -25,8 +25,8 @@
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/e2e-selectors": "11.1.1",
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",

public/app/plugins/datasource/cloud-monitoring/package.json

@@ -2,15 +2,15 @@
   "name": "@grafana-plugins/stackdriver",
   "description": "Grafana data source for Google Cloud Monitoring",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
     "@grafana/google-sdk": "0.1.2",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "debounce-promise": "3.1.2",
     "fast-deep-equal": "^3.1.3",
     "i18next": "^23.0.0",
@@ -26,8 +26,8 @@
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/e2e-selectors": "11.1.1",
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",

public/app/plugins/datasource/grafana-postgresql-datasource/package.json

@@ -2,22 +2,22 @@
   "name": "@grafana-plugins/grafana-postgresql-datasource",
   "description": "PostgreSQL data source plugin",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/sql": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/sql": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "lodash": "4.17.21",
     "react": "18.2.0",
     "rxjs": "7.8.1",
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/e2e-selectors": "11.1.1",
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",
     "@types/jest": "29.5.12",

public/app/plugins/datasource/grafana-pyroscope-datasource/package.json

@@ -2,13 +2,13 @@
   "name": "@grafana-plugins/grafana-pyroscope-datasource",
   "description": "Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time. Saving infrastructure cost, improving performance, and increasing reliability.",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "fast-deep-equal": "^3.1.3",
     "lodash": "4.17.21",
     "monaco-editor": "0.34.1",
@@ -20,7 +20,7 @@
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/jest-dom": "6.4.2",
     "@testing-library/react": "15.0.2",

public/app/plugins/datasource/grafana-testdata-datasource/package.json

@@ -2,14 +2,14 @@
   "name": "@grafana-plugins/grafana-testdata-datasource",
   "description": "Generates test data in different forms",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "d3-random": "^3.0.1",
     "lodash": "4.17.21",
     "micro-memoize": "^4.1.2",
@@ -22,8 +22,8 @@
     "uuid": "9.0.1"
   },
   "devDependencies": {
-    "@grafana/e2e-selectors": "11.1.1",
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",

public/app/plugins/datasource/jaeger/package.json

@@ -2,7 +2,7 @@
   "name": "@grafana-plugins/jaeger",
   "description": "Jaeger plugin for Grafana",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
     "@grafana/data": "workspace:*",

public/app/plugins/datasource/mysql/package.json

@@ -2,22 +2,22 @@
   "name": "@grafana-plugins/mysql",
   "description": "MySQL data source plugin",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
+    "@grafana/data": "11.1.4",
     "@grafana/experimental": "1.7.11",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/sql": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/sql": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "lodash": "4.17.21",
     "react": "18.2.0",
     "rxjs": "7.8.1",
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/e2e-selectors": "11.1.1",
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/e2e-selectors": "11.1.4",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",
     "@types/jest": "29.5.12",

public/app/plugins/datasource/parca/package.json

@@ -2,13 +2,13 @@
   "name": "@grafana-plugins/parca",
   "description": "Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time. Saving infrastructure cost, improving performance, and increasing reliability.",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
-    "@grafana/data": "11.1.1",
-    "@grafana/runtime": "11.1.1",
-    "@grafana/schema": "11.1.1",
-    "@grafana/ui": "11.1.1",
+    "@grafana/data": "11.1.4",
+    "@grafana/runtime": "11.1.4",
+    "@grafana/schema": "11.1.4",
+    "@grafana/ui": "11.1.4",
     "lodash": "4.17.21",
     "monaco-editor": "0.34.1",
     "react": "18.2.0",
@@ -18,7 +18,7 @@
     "tslib": "2.6.3"
   },
   "devDependencies": {
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/react": "15.0.2",
     "@testing-library/user-event": "14.5.2",

public/app/plugins/datasource/tempo/package.json

@@ -2,7 +2,7 @@
   "name": "@grafana-plugins/tempo",
   "description": "Grafana plugin for the Tempo data source.",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
     "@grafana/data": "workspace:*",
@@ -39,7 +39,7 @@
     "uuid": "9.0.1"
   },
   "devDependencies": {
-    "@grafana/plugin-configs": "11.1.1",
+    "@grafana/plugin-configs": "11.1.4",
     "@testing-library/dom": "10.0.0",
     "@testing-library/jest-dom": "6.4.2",
     "@testing-library/react": "15.0.2",

public/app/plugins/datasource/zipkin/package.json

@@ -2,7 +2,7 @@
   "name": "@grafana-plugins/zipkin",
   "description": "Zipkin plugin for Grafana",
   "private": true,
-  "version": "11.1.1",
+  "version": "11.1.4",
   "dependencies": {
     "@emotion/css": "11.11.2",
     "@grafana/data": "workspace:*",

public/views/swagger.html

@@ -98,7 +98,7 @@
           filter: true,
           tagsSorter: 'alpha',
           tryItOutEnabled: true,
-          queryConfigEnabled: true, // keeps the selected ?urls.primaryName=...
+          queryConfigEnabled: false,
         });
 
         window.ui = ui;

scripts/drone/events/release.star

@@ -75,8 +75,6 @@ def release_pr_step(depends_on = []):
         "commands": [
             "apk add perl",
             "v_target=`echo $${{TAG}} | perl -pe 's/{}/v\\1.\\2.x/'`".format(semver_regex),
-            "default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target; fi`",
-            "backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi`",
             # Install gh CLI
             "curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr",
             # Run the release-pr workflow
@@ -84,9 +82,8 @@ def release_pr_step(depends_on = []):
             "-f dry_run=$${DRY_RUN} " +
             "-f version=$${TAG} " +
             # If the submitter has set a target branch, then use that, otherwise use the default
-            "-f target=$${TARGET:-$default_target} " +
-            # If the submitter has set a backport branch, then use that, otherwise use the default
-            "-f backport=$${BACKPORT:-$default_backport} " +
+            "-f target=$${v_target} " +
+            "-f latest=$${LATEST} " +
             "--repo=grafana/grafana release-pr.yml",
         ],
     }

scripts/drone/pipelines/publish_images.star

@@ -30,49 +30,49 @@ def publish_image_public_step():
       A drone step which publishes Docker images for a public release.
     """
     command = """
+    bash -c '
     debug=
     if [[ -n $${DRY_RUN} ]];  then debug=echo; fi
     docker login -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}
 
     # Push the grafana-image-tags images
-    $debug docker push grafana/grafana-image-tags:$${TAG}-amd64
-    $debug docker push grafana/grafana-image-tags:$${TAG}-arm64
-    $debug docker push grafana/grafana-image-tags:$${TAG}-armv7
-    $debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
-    $debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64
-    $debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-amd64
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-arm64
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-armv7
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-amd64
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-arm64
+    $$debug docker push grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
 
     # Create the grafana manifests
-    $debug docker manifest create grafana/grafana:${TAG} \
+    $$debug docker manifest create grafana/grafana:${TAG} \
       grafana/grafana-image-tags:$${TAG}-amd64 \
       grafana/grafana-image-tags:$${TAG}-arm64 \
       grafana/grafana-image-tags:$${TAG}-armv7
 
-    $debug docker manifest create grafana/grafana:${TAG}-ubuntu \
+    $$debug docker manifest create grafana/grafana:${TAG}-ubuntu \
       grafana/grafana-image-tags:$${TAG}-ubuntu-amd64 \
       grafana/grafana-image-tags:$${TAG}-ubuntu-arm64 \
       grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
 
     # Push the grafana manifests
-    $debug docker manifest push grafana/grafana:$${TAG}
-    $debug docker manifest push grafana/grafana:$${TAG}-ubuntu
+    $$debug docker manifest push grafana/grafana:$${TAG}
+    $$debug docker manifest push grafana/grafana:$${TAG}-ubuntu
 
     # if LATEST is set, then also create & push latest
     if [[ -n $${LATEST} ]]; then
-        $debug docker manifest create grafana/grafana:latest \
+        $$debug docker manifest create grafana/grafana:latest \
           grafana/grafana-image-tags:$${TAG}-amd64 \
           grafana/grafana-image-tags:$${TAG}-arm64 \
           grafana/grafana-image-tags:$${TAG}-armv7
-        $debug docker manifest create grafana/grafana:latest-ubuntu \
+        $$debug docker manifest create grafana/grafana:latest-ubuntu \
           grafana/grafana-image-tags:$${TAG}-ubuntu-amd64 \
           grafana/grafana-image-tags:$${TAG}-ubuntu-arm64 \
           grafana/grafana-image-tags:$${TAG}-ubuntu-armv7
 
-        $debug docker manifest push grafana/grafana:latest
-        $debug docker manifest push grafana/grafana:latest-ubuntu
+        $$debug docker manifest push grafana/grafana:latest
+        $$debug docker manifest push grafana/grafana:latest-ubuntu
 
-    fi
-    """
+    fi'"""
     return {
         "environment": {
             "DOCKER_USER": from_secret("docker_username"),
@@ -81,7 +81,10 @@ def publish_image_public_step():
         "name": "publish-images-grafana",
         "image": images["docker"],
         "depends_on": ["fetch-images"],
-        "commands": [command],
+        "commands": [
+            "apk add bash",
+            command,
+        ],
         "volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
     }
 

scripts/drone/steps/lib.star

@@ -1279,7 +1279,7 @@ def verify_linux_RPM_packages_step(depends_on = []):
             'echo "Step 3: Adding Grafana GPG key..."',
             "rpm --import https://rpm.grafana.com/gpg.key",
             'echo "Step 4: Configuring Grafana repository..."',
-            "echo '" + repo_config + "' > /etc/yum.repos.d/grafana.repo",
+            "echo -e '" + repo_config + "' > /etc/yum.repos.d/grafana.repo",
             'echo "Step 5: Checking RPM repository..."',
             "dnf list available grafana-${TAG}",
             "if [ $? -eq 0 ]; then",

yarn.lock

@@ -2571,13 +2571,13 @@ __metadata:
   resolution: "@grafana-plugins/grafana-azure-monitor-datasource@workspace:public/app/plugins/datasource/azuremonitor"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@kusto/monaco-kusto": "npm:^10.0.0"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/react": "npm:15.0.2"
@@ -2615,13 +2615,13 @@ __metadata:
   resolution: "@grafana-plugins/grafana-postgresql-datasource@workspace:public/app/plugins/datasource/grafana-postgresql-datasource"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/sql": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/sql": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/react": "npm:15.0.2"
     "@testing-library/user-event": "npm:14.5.2"
     "@types/jest": "npm:29.5.12"
@@ -2646,11 +2646,11 @@ __metadata:
   resolution: "@grafana-plugins/grafana-pyroscope-datasource@workspace:public/app/plugins/datasource/grafana-pyroscope-datasource"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/jest-dom": "npm:6.4.2"
     "@testing-library/react": "npm:15.0.2"
@@ -2687,13 +2687,13 @@ __metadata:
   resolution: "@grafana-plugins/grafana-testdata-datasource@workspace:public/app/plugins/datasource/grafana-testdata-datasource"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/react": "npm:15.0.2"
     "@testing-library/user-event": "npm:14.5.2"
@@ -2770,13 +2770,13 @@ __metadata:
   resolution: "@grafana-plugins/mysql@workspace:public/app/plugins/datasource/mysql"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/sql": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/sql": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/react": "npm:15.0.2"
     "@testing-library/user-event": "npm:14.5.2"
     "@types/jest": "npm:29.5.12"
@@ -2801,11 +2801,11 @@ __metadata:
   resolution: "@grafana-plugins/parca@workspace:public/app/plugins/datasource/parca"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/react": "npm:15.0.2"
     "@testing-library/user-event": "npm:14.5.2"
@@ -2833,14 +2833,14 @@ __metadata:
   resolution: "@grafana-plugins/stackdriver@workspace:public/app/plugins/datasource/cloud-monitoring"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
     "@grafana/google-sdk": "npm:0.1.2"
-    "@grafana/plugin-configs": "npm:11.1.1"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/react": "npm:15.0.2"
     "@testing-library/user-event": "npm:14.5.2"
@@ -2888,7 +2888,7 @@ __metadata:
     "@grafana/lezer-traceql": "npm:0.0.17"
     "@grafana/monaco-logql": "npm:^0.0.7"
     "@grafana/o11y-ds-frontend": "workspace:*"
-    "@grafana/plugin-configs": "npm:11.1.1"
+    "@grafana/plugin-configs": "npm:11.1.4"
     "@grafana/runtime": "workspace:*"
     "@grafana/schema": "workspace:*"
     "@grafana/ui": "workspace:*"
@@ -2998,12 +2998,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@grafana/data@npm:11.1.1, @grafana/data@workspace:*, @grafana/data@workspace:packages/grafana-data":
+"@grafana/data@npm:11.1.4, @grafana/data@workspace:*, @grafana/data@workspace:packages/grafana-data":
   version: 0.0.0-use.local
   resolution: "@grafana/data@workspace:packages/grafana-data"
   dependencies:
     "@braintree/sanitize-url": "npm:7.0.1"
-    "@grafana/schema": "npm:11.1.1"
+    "@grafana/schema": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
     "@rollup/plugin-node-resolve": "npm:15.2.3"
     "@types/d3-interpolate": "npm:^3.0.0"
@@ -3051,7 +3051,7 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@grafana/e2e-selectors@npm:11.1.1, @grafana/e2e-selectors@npm:^11.0.0, @grafana/e2e-selectors@workspace:*, @grafana/e2e-selectors@workspace:packages/grafana-e2e-selectors":
+"@grafana/e2e-selectors@npm:11.1.4, @grafana/e2e-selectors@npm:^11.0.0, @grafana/e2e-selectors@workspace:*, @grafana/e2e-selectors@workspace:packages/grafana-e2e-selectors":
   version: 0.0.0-use.local
   resolution: "@grafana/e2e-selectors@workspace:packages/grafana-e2e-selectors"
   dependencies:
@@ -3176,9 +3176,9 @@ __metadata:
     "@babel/preset-env": "npm:7.24.7"
     "@babel/preset-react": "npm:7.24.7"
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/ui": "npm:11.1.4"
     "@leeoniya/ufuzzy": "npm:1.0.14"
     "@rollup/plugin-node-resolve": "npm:15.2.3"
     "@testing-library/dom": "npm:10.0.0"
@@ -3260,13 +3260,13 @@ __metadata:
   resolution: "@grafana/o11y-ds-frontend@workspace:packages/grafana-o11y-ds-frontend"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/ui": "npm:11.1.4"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/jest-dom": "npm:^6.1.2"
     "@testing-library/react": "npm:15.0.2"
@@ -3291,7 +3291,7 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@grafana/plugin-configs@npm:11.1.1, @grafana/plugin-configs@workspace:*, @grafana/plugin-configs@workspace:packages/grafana-plugin-configs":
+"@grafana/plugin-configs@npm:11.1.4, @grafana/plugin-configs@workspace:*, @grafana/plugin-configs@workspace:packages/grafana-plugin-configs":
   version: 0.0.0-use.local
   resolution: "@grafana/plugin-configs@workspace:packages/grafana-plugin-configs"
   dependencies:
@@ -3331,14 +3331,14 @@ __metadata:
     "@emotion/css": "npm:11.11.2"
     "@emotion/eslint-plugin": "npm:11.11.0"
     "@floating-ui/react": "npm:0.26.16"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
     "@grafana/faro-web-sdk": "npm:1.7.3"
-    "@grafana/runtime": "npm:11.1.1"
-    "@grafana/schema": "npm:11.1.1"
+    "@grafana/runtime": "npm:11.1.4"
+    "@grafana/schema": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/ui": "npm:11.1.4"
     "@leeoniya/ufuzzy": "npm:1.0.14"
     "@lezer/common": "npm:1.2.1"
     "@lezer/highlight": "npm:1.2.0"
@@ -3436,16 +3436,16 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@grafana/runtime@npm:11.1.1, @grafana/runtime@workspace:*, @grafana/runtime@workspace:packages/grafana-runtime":
+"@grafana/runtime@npm:11.1.4, @grafana/runtime@workspace:*, @grafana/runtime@workspace:packages/grafana-runtime":
   version: 0.0.0-use.local
   resolution: "@grafana/runtime@workspace:packages/grafana-runtime"
   dependencies:
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/faro-web-sdk": "npm:^1.3.6"
-    "@grafana/schema": "npm:11.1.1"
+    "@grafana/schema": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/ui": "npm:11.1.4"
     "@rollup/plugin-node-resolve": "npm:15.2.3"
     "@rollup/plugin-terser": "npm:0.4.4"
     "@testing-library/dom": "npm:10.0.0"
@@ -3534,7 +3534,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@grafana/schema@npm:11.1.1, @grafana/schema@workspace:*, @grafana/schema@workspace:packages/grafana-schema":
+"@grafana/schema@npm:11.1.4, @grafana/schema@workspace:*, @grafana/schema@workspace:packages/grafana-schema":
   version: 0.0.0-use.local
   resolution: "@grafana/schema@workspace:packages/grafana-schema"
   dependencies:
@@ -3552,17 +3552,17 @@ __metadata:
   languageName: unknown
   linkType: soft
 
-"@grafana/sql@npm:11.1.1, @grafana/sql@workspace:*, @grafana/sql@workspace:packages/grafana-sql":
+"@grafana/sql@npm:11.1.4, @grafana/sql@workspace:*, @grafana/sql@workspace:packages/grafana-sql":
   version: 0.0.0-use.local
   resolution: "@grafana/sql@workspace:packages/grafana-sql"
   dependencies:
     "@emotion/css": "npm:11.11.2"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/experimental": "npm:1.7.11"
-    "@grafana/runtime": "npm:11.1.1"
+    "@grafana/runtime": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
-    "@grafana/ui": "npm:11.1.1"
+    "@grafana/ui": "npm:11.1.4"
     "@react-awesome-query-builder/ui": "npm:6.5.2"
     "@testing-library/dom": "npm:10.0.0"
     "@testing-library/jest-dom": "npm:^6.1.2"
@@ -3605,7 +3605,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@grafana/ui@npm:11.1.1, @grafana/ui@workspace:*, @grafana/ui@workspace:packages/grafana-ui":
+"@grafana/ui@npm:11.1.4, @grafana/ui@workspace:*, @grafana/ui@workspace:packages/grafana-ui":
   version: 0.0.0-use.local
   resolution: "@grafana/ui@workspace:packages/grafana-ui"
   dependencies:
@@ -3614,10 +3614,10 @@ __metadata:
     "@emotion/react": "npm:11.11.4"
     "@faker-js/faker": "npm:^8.4.1"
     "@floating-ui/react": "npm:0.26.16"
-    "@grafana/data": "npm:11.1.1"
-    "@grafana/e2e-selectors": "npm:11.1.1"
+    "@grafana/data": "npm:11.1.4"
+    "@grafana/e2e-selectors": "npm:11.1.4"
     "@grafana/faro-web-sdk": "npm:^1.3.6"
-    "@grafana/schema": "npm:11.1.1"
+    "@grafana/schema": "npm:11.1.4"
     "@grafana/tsconfig": "npm:^1.3.0-rc1"
     "@leeoniya/ufuzzy": "npm:1.0.14"
     "@monaco-editor/react": "npm:4.6.0"