From 37ab0592d1ffdd4a72c0d5d3503cea39a9d4ab11 Mon Sep 17 00:00:00 2001
From: zhangxianting <zhangxianting@uniontech.com>
Date: Wed, 16 Oct 2024 17:23:41 +0800
Subject: [PATCH] Update uplot 1.6.31 ,fix CVE-2024-21489

---
 CVE-2024-21489.patch | 45 ++++++++++++++++++++++++++++++++++++++++++++
 grafana.spec         |  8 +++++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-21489.patch

diff --git a/CVE-2024-21489.patch b/CVE-2024-21489.patch
new file mode 100644
index 0000000..e8dd1ef
--- /dev/null
+++ b/CVE-2024-21489.patch
@@ -0,0 +1,45 @@
+From 165ca3b4e8411cebc73dcc8a396836038e3f064c Mon Sep 17 00:00:00 2001
+From: Leon Sorokin <leeoniya@gmail.com>
+Date: Fri, 27 Sep 2024 23:11:05 -0500
+Subject: [PATCH] Chore: uPlot v1.6.31 (#93952)
+
+---
+ packages/grafana-ui/package.json | 2 +-
+ yarn.lock                        | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/packages/grafana-ui/package.json b/packages/grafana-ui/package.json
+index 4148615..7fb2b15 100644
+--- a/packages/grafana-ui/package.json
++++ b/packages/grafana-ui/package.json
+@@ -78,7 +78,7 @@
+     "react-transition-group": "4.4.1",
+     "slate": "0.47.8",
+     "tinycolor2": "1.4.1",
+-    "uplot": "1.6.9"
++    "uplot": "1.6.31"
+   },
+   "devDependencies": {
+     "@rollup/plugin-commonjs": "16.0.0",
+diff --git a/yarn.lock b/yarn.lock
+index a84bfeb..c520da8 100644
+--- a/yarn.lock
++++ b/yarn.lock
+@@ -25326,10 +25326,10 @@ update-notifier@^2.5.0:
+     semver-diff "^2.0.0"
+     xdg-basedir "^3.0.0"
+ 
+-uplot@1.6.9:
+-  version "1.6.9"
+-  resolved "https://registry.yarnpkg.com/uplot/-/uplot-1.6.9.tgz#0f10e10b5882cb80eb58d63f870b8a77e8d95962"
+-  integrity sha512-uWIegRdqbqJwnB5SDBt29lyJIgHLIqt5AnwlLGxuA3gKKXGtY7d68RR6oDF2u5pK9jpIb1djrQnm5n0BiAnUgA==
++uplot@1.6.31:
++  version "1.6.31"
++  resolved "https://registry.yarnpkg.com/uplot/-/uplot-1.6.31.tgz#092a4b586590e9794b679e1df885a15584b03698"
++  integrity sha512-sQZqSwVCbJGnFB4IQjQYopzj5CoTZJ4Br1fG/xdONimqgHmsacvCjNesdGDypNKFbrhLGIeshYhy89FxPF+H+w==
+ 
+ upper-case@^1.1.1:
+   version "1.1.3"
+-- 
+2.43.0
+
diff --git a/grafana.spec b/grafana.spec
index 8fce6bc..dd9d1f8 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -7,7 +7,7 @@
 
 Name:             grafana
 Version:          7.5.15
-Release:          7
+Release:          8
 Summary:          Metrics dashboard and graph editor
 License:          Apache 2.0
 URL:              https://grafana.org
@@ -53,6 +53,8 @@ Patch17:          CVE-2022-31107.patch
 # https://github.com/grafana/grafana-plugin-sdk-go/pull/637
 Patch18:          fix-gtime_test.patch
 Patch19:          CVE-2022-39229.patch
+#https://github.com/grafana/grafana/pull/93952
+Patch20:          CVE-2024-21489.patch
 
 BuildRequires:    git, systemd, golang 
 
@@ -430,6 +432,7 @@ rm -r plugins-bundled
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1
 
 
 # Set up build subdirs and links
@@ -598,6 +601,9 @@ rm -r pkg/macaron
 
 
 %changelog
+* Sat Oct 12 2024 zhangxianting <zhangxianting@uniontech.com> - 7.5.15-8
+- Update uplot 1.6.31 ,fix CVE-2024-21489
+
 * Sat Oct 12 2024 yaoxin <yao_xin001@hoperun.com> - 7.5.15-7
 - Fix CVE-2022-39229
 
-- 
Gitee