diff --git a/.gitignore b/.gitignore
index 3a3be94..8d9599f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/grafana-7.3.6.tar.gz
-SOURCES/grafana-vendor-7.3.6.tar.xz
-SOURCES/grafana-webpack-7.3.6.tar.gz
+SOURCES/grafana-7.5.9.tar.gz
+SOURCES/grafana-vendor-7.5.9-2.tar.xz
+SOURCES/grafana-webpack-7.5.9-2.tar.gz
diff --git a/.grafana.metadata b/.grafana.metadata
index 084a745..af2fa86 100644
--- a/.grafana.metadata
+++ b/.grafana.metadata
@@ -1,3 +1,3 @@
-6fa572f981e490e06dfdae56256dfbf66a3fb4c9 SOURCES/grafana-7.3.6.tar.gz
-c0658ab63a4d23a5914cf1425f0b568e7b764654 SOURCES/grafana-vendor-7.3.6.tar.xz
-622c6e58ca6dab9efdf784be45315ee8bc72b229 SOURCES/grafana-webpack-7.3.6.tar.gz
+e658bc3706a71a2a77f34755ac362fd506d7b1a0 SOURCES/grafana-7.5.9.tar.gz
+8fc46c12ac1bae0f2e0434e8fdf71e61e922c74a SOURCES/grafana-vendor-7.5.9-2.tar.xz
+28052475c9cb45ac6523479ab9fd3da4ba678400 SOURCES/grafana-webpack-7.5.9-2.tar.gz
diff --git a/SOURCES/001-wrappers-grafana-cli.patch b/SOURCES/001-wrappers-grafana-cli.patch
index 722d61f..01fe90e 100644
--- a/SOURCES/001-wrappers-grafana-cli.patch
+++ b/SOURCES/001-wrappers-grafana-cli.patch
@@ -44,6 +44,6 @@ index 9cad151c0d..a786edc596 100755
 +  cd "${GRAFANA_HOME}"
 +  exec "$EXECUTABLE" "$OPTS" "$@"
 +else
-+  echo "Please run this script as user \"${GRAFANA_USER}\" or root."
++  echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
 +  exit 5
 +fi
diff --git a/SOURCES/002-manpages.patch b/SOURCES/002-manpages.patch
index fa82dc4..ccc1385 100644
--- a/SOURCES/002-manpages.patch
+++ b/SOURCES/002-manpages.patch
@@ -4,7 +4,7 @@ index 0000000000..7ac2af882c
 --- /dev/null
 +++ b/docs/man/man1/grafana-cli.1
 @@ -0,0 +1,60 @@
-+.TH GRAFANA "1" "December 2020" "Grafana cli version 7.3.6" "User Commands"
++.TH GRAFANA "1" "June 2021" "Grafana cli version 7.5.9" "User Commands"
 +.SH NAME
 +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
 +.SH DESCRIPTION
@@ -69,8 +69,8 @@ new file mode 100644
 index 0000000000..c616268b31
 --- /dev/null
 +++ b/docs/man/man1/grafana-server.1
-@@ -0,0 +1,84 @@
-+.TH VERSION "1" "December 2020" "Version 7.3.6" "User Commands"
+@@ -0,0 +1,72 @@
++.TH VERSION "1" "June 2021" "Version 7.5.9" "User Commands"
 +.SH NAME
 +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
 +.SH DESCRIPTION
@@ -106,18 +106,6 @@ index 0000000000..c616268b31
 +.IP
 +path to config file
 +.HP
-+\fB\-convey-json\fR
-+.IP
-+When true, emits results in JSON blocks. Default: 'false'
-+.HP
-+\fB\-convey-silent\fR
-+.IP
-+When true, all output from GoConvey is suppressed.
-+.HP
-+\fB\-convey-story\fR
-+.IP
-+When true, emits story output, otherwise emits dot output. When not provided, this flag mirrors the value of the '-test.v' flag
-+.HP
 +\fB\-homepath\fR string
 +.IP
 +path to grafana install/home path, defaults to working directory
diff --git a/SOURCES/003-fix-dashboard-abspath-test.patch b/SOURCES/003-fix-dashboard-abspath-test.patch
new file mode 100644
index 0000000..ad7e5bf
--- /dev/null
+++ b/SOURCES/003-fix-dashboard-abspath-test.patch
@@ -0,0 +1,24 @@
+diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
+index 3584bbc242..1a89767b69 100644
+--- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go
++++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
+@@ -28,6 +28,7 @@ func TestProvisionedSymlinkedFolder(t *testing.T) {
+ 	}
+ 
+ 	want, err := filepath.Abs(containingID)
++	want, err = filepath.EvalSymlinks(want)
+ 
+ 	if err != nil {
+ 		t.Errorf("expected err to be nil")
+diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go
+index 946d487d5f..2acef40eed 100644
+--- a/pkg/services/provisioning/dashboards/file_reader_test.go
++++ b/pkg/services/provisioning/dashboards/file_reader_test.go
+@@ -318,6 +318,7 @@ func TestDashboardFileReader(t *testing.T) {
+ 			}
+ 
+ 			absPath1, err := filepath.Abs(unprovision + "/dashboard1.json")
++			absPath1, err = filepath.EvalSymlinks(absPath1)
+ 			So(err, ShouldBeNil)
+ 			// This one does not exist on disk, simulating a deleted file
+ 			absPath2, err := filepath.Abs(unprovision + "/dashboard2.json")
diff --git a/SOURCES/003-remove-dashboard-abspath-test.patch b/SOURCES/003-remove-dashboard-abspath-test.patch
deleted file mode 100644
index 2076441..0000000
--- a/SOURCES/003-remove-dashboard-abspath-test.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
-index 3584bbc242..3d37f5e104 100644
---- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go
-+++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
-@@ -33,6 +33,11 @@ func TestProvisionedSymlinkedFolder(t *testing.T) {
- 		t.Errorf("expected err to be nil")
- 	}
- 
-+	want, err = filepath.EvalSymlinks(want)
-+	if err != nil {
-+		t.Errorf("expected err to be nil %v", err)
-+	}
-+
- 	resolvedPath := reader.resolvedPath()
- 	if resolvedPath != want {
- 		t.Errorf("got %s want %s", resolvedPath, want)
-diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go
-index 33fe6a0a68..2c67ebb677 100644
---- a/pkg/services/provisioning/dashboards/file_reader_test.go
-+++ b/pkg/services/provisioning/dashboards/file_reader_test.go
-@@ -340,20 +340,6 @@ func TestDashboardFileReader(t *testing.T) {
- 				So(err, ShouldBeNil)
- 
- 				So(len(fakeService.provisioned["Default"]), ShouldEqual, 1)
--				So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1)
--			})
--
--			Convey("Missing dashboard should be deleted if DisableDeletion = false", func() {
--				reader, err := NewDashboardFileReader(cfg, logger)
--				So(err, ShouldBeNil)
--
--				err = reader.startWalkingDisk()
--				So(err, ShouldBeNil)
--
--				So(len(fakeService.provisioned["Default"]), ShouldEqual, 1)
--				So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1)
--				So(len(fakeService.inserted), ShouldEqual, 1)
--				So(fakeService.inserted[0].Dashboard.Id, ShouldEqual, 1)
- 			})
- 		})
- 
diff --git a/SOURCES/004-skip-x86-goldenfiles-tests.patch b/SOURCES/004-skip-x86-goldenfiles-tests.patch
index 20a50e2..bb61e0b 100644
--- a/SOURCES/004-skip-x86-goldenfiles-tests.patch
+++ b/SOURCES/004-skip-x86-goldenfiles-tests.patch
@@ -12,20 +12,29 @@ index 96efaccfce..bcdd98144f 100644
      const arrow = fs.readFileSync(fullpath);
      const table = Table.from([arrow]);
 diff --git a/packages/grafana-runtime/src/utils/queryResponse.test.ts b/packages/grafana-runtime/src/utils/queryResponse.test.ts
-index 25169669a0..05474366a2 100644
+index 0adb915d2c..8985d7beab 100644
 --- a/packages/grafana-runtime/src/utils/queryResponse.test.ts
 +++ b/packages/grafana-runtime/src/utils/queryResponse.test.ts
-@@ -38,7 +38,7 @@ const emptyResults = {
+@@ -47,7 +47,7 @@ const emptyResults = {
  /* eslint-enable */
  
- describe('GEL Utils', () => {
+ describe('Query Response parser', () => {
 -  test('should parse output with dataframe', () => {
 +  test.skip('should parse output with dataframe', () => {
      const res = toDataQueryResponse(resp);
      const frames = res.data;
-     for (const frame of frames) {
-@@ -106,7 +106,7 @@ describe('GEL Utils', () => {
-     expect(frames.length).toEqual(0);
+     expect(frames).toHaveLength(2);
+@@ -131,7 +131,7 @@ describe('Query Response parser', () => {
+     `);
+   });
+ 
+-  test('should parse output with dataframe in order of queries', () => {
++  test.skip('should parse output with dataframe in order of queries', () => {
+     const queries: DataQuery[] = [{ refId: 'B' }, { refId: 'A' }];
+     const res = toDataQueryResponse(resp, queries);
+     const frames = res.data;
+@@ -250,7 +250,7 @@ describe('Query Response parser', () => {
+     expect(ids).toEqual(['A', 'B', 'X']);
    });
  
 -  test('resultWithError', () => {
@@ -34,26 +43,27 @@ index 25169669a0..05474366a2 100644
      // qdr.Responses[q.GetRefID()] = backend.DataResponse{
      //   Error: fmt.Errorf("an Error: %w", fmt.Errorf("another error")),
 diff --git a/pkg/tsdb/influxdb/flux/executor_test.go b/pkg/tsdb/influxdb/flux/executor_test.go
-index e053c6c397..fc7685cbab 100644
+index 7cfc8bd20a..add6b5f3b8 100644
 --- a/pkg/tsdb/influxdb/flux/executor_test.go
 +++ b/pkg/tsdb/influxdb/flux/executor_test.go
-@@ -59,6 +59,7 @@ func (r *MockRunner) runQuery(ctx context.Context, q string) (*api.QueryTableRes
+@@ -68,6 +68,7 @@ func executeMockedQuery(t *testing.T, name string, query queryModel) *backend.Da
  }
  
  func verifyGoldenResponse(t *testing.T, name string) *backend.DataResponse {
 +	t.Skip("x86 memory dump is not compatible with other architectures")
- 	runner := &MockRunner{
- 		testDataPath: name + ".csv",
- 	}
+ 	dr := executeMockedQuery(t, name, queryModel{MaxDataPoints: 100})
+ 
+ 	err := experimental.CheckGoldenDataResponse(filepath.Join("testdata", fmt.Sprintf("%s.golden.txt", name)),
 diff --git a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts
-index 94c1991dae..8e5b35eb3b 100644
+index afc8ba357b..587092a58d 100644
 --- a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts
 +++ b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts
-@@ -88,6 +88,7 @@ describe('CloudWatchDatasource', () => {
-     });
+@@ -78,7 +78,7 @@ describe('CloudWatchDatasource', () => {
+   });
  
-     it('should return log groups as an array of strings', async () => {
-+      return; // "it.skip" of this test leads to a test failure of the other log group test, because the mock is not active (see beforeEach() above)
-       const logGroups = await ctx.ds.describeLogGroups();
-       const expectedLogGroups = [
-         '/aws/containerinsights/dev303-workshop/application',
+   describe('When getting log groups', () => {
+-    it('should return log groups as an array of strings', async () => {
++    it.skip('should return log groups as an array of strings', async () => {
+       const response = {
+         results: {
+           A: {
diff --git a/SOURCES/005-pin-yarn-version.patch b/SOURCES/005-pin-yarn-version.patch
deleted file mode 100644
index a7dc34d..0000000
--- a/SOURCES/005-pin-yarn-version.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/package.json b/package.json
-index ce11ba6de8..a3210762ed 100644
---- a/package.json
-+++ b/package.json
-@@ -314,6 +314,7 @@
-     "node": ">=12 <13"
-   },
-   "volta": {
--    "node": "12.19.0"
-+    "node": "12.19.0",
-+    "yarn": "1.22.10"
-   }
- }
diff --git a/SOURCES/005-remove-unused-dependencies.patch b/SOURCES/005-remove-unused-dependencies.patch
new file mode 100644
index 0000000..19d72f0
--- /dev/null
+++ b/SOURCES/005-remove-unused-dependencies.patch
@@ -0,0 +1,63 @@
+diff --git a/go.mod b/go.mod
+index 426b70ab7a..dc0c9a61ef 100644
+--- a/go.mod
++++ b/go.mod
+@@ -21,7 +21,6 @@ require (
+ 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
+ 	github.com/centrifugal/centrifuge v0.13.0
+ 	github.com/cortexproject/cortex v1.4.1-0.20201022071705-85942c5703cf
+-	github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce
+ 	github.com/davecgh/go-spew v1.1.1
+ 	github.com/denisenkom/go-mssqldb v0.0.0-20200910202707-1e08a3fab204
+ 	github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect
+@@ -57,7 +56,6 @@ require (
+ 	github.com/jmespath/go-jmespath v0.4.0
+ 	github.com/jonboulle/clockwork v0.2.2 // indirect
+ 	github.com/json-iterator/go v1.1.10
+-	github.com/jung-kurt/gofpdf v1.16.2
+ 	github.com/lib/pq v1.9.0
+ 	github.com/linkedin/goavro/v2 v2.10.0
+ 	github.com/magefile/mage v1.11.0
+diff --git a/go.sum b/go.sum
+index 98874d6a7c..03243066ac 100644
+--- a/go.sum
++++ b/go.sum
+@@ -282,8 +282,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr
+ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+ github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs=
+-github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce h1:pAuTpLhCqC20s2RLhUirfw606jReW+8z2U5EvG+0S7E=
+-github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce/go.mod h1:/gCaeLf13J8/621RNZ6TaExji/8xCWcn6UmdJ57wURQ=
+ github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
+ github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
+ github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
+@@ -914,10 +912,6 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
+ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+-github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+-github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
+-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
+ github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
+ github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM=
+ github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
+diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
+index 24031ace2e..081475fc89 100644
+--- a/pkg/extensions/main.go
++++ b/pkg/extensions/main.go
+@@ -6,14 +6,12 @@ import (
+ 
+ 	_ "github.com/beevik/etree"
+ 	_ "github.com/cortexproject/cortex/pkg/util"
+-	_ "github.com/crewjam/saml"
+ 	_ "github.com/gobwas/glob"
+ 	"github.com/grafana/grafana/pkg/registry"
+ 	"github.com/grafana/grafana/pkg/services/licensing"
+ 	"github.com/grafana/grafana/pkg/services/validations"
+ 	_ "github.com/grafana/loki/pkg/logproto"
+ 	_ "github.com/grpc-ecosystem/go-grpc-middleware"
+-	_ "github.com/jung-kurt/gofpdf"
+ 	_ "github.com/linkedin/goavro/v2"
+ 	_ "github.com/pkg/errors"
+ 	_ "github.com/robfig/cron"
diff --git a/SOURCES/006-fix-gtime-test-32bit.patch b/SOURCES/006-fix-gtime-test-32bit.patch
new file mode 100644
index 0000000..c38a50f
--- /dev/null
+++ b/SOURCES/006-fix-gtime-test-32bit.patch
@@ -0,0 +1,17 @@
+diff --git a/pkg/components/gtime/gtime_test.go b/pkg/components/gtime/gtime_test.go
+index 0b1b23a1db..eb9fe718c7 100644
+--- a/pkg/components/gtime/gtime_test.go
++++ b/pkg/components/gtime/gtime_test.go
+@@ -20,9 +20,9 @@ func TestParseInterval(t *testing.T) {
+ 		{inp: "1d", duration: 24 * time.Hour},
+ 		{inp: "1w", duration: 168 * time.Hour},
+ 		{inp: "2w", duration: 2 * 168 * time.Hour},
+-		{inp: "1M", duration: time.Duration(daysInMonth * 24 * int(time.Hour))},
+-		{inp: "1y", duration: time.Duration(daysInYear * 24 * int(time.Hour))},
+-		{inp: "5y", duration: time.Duration(calculateDays5y() * 24 * int(time.Hour))},
++		{inp: "1M", duration: time.Duration(int64(daysInMonth) * 24 * int64(time.Hour))},
++		{inp: "1y", duration: time.Duration(int64(daysInYear) * 24 * int64(time.Hour))},
++		{inp: "5y", duration: time.Duration(int64(calculateDays5y()) * 24 * int64(time.Hour))},
+ 		{inp: "invalid-duration", err: regexp.MustCompile(`^time: invalid duration "?invalid-duration"?$`)},
+ 	}
+ 	for i, tc := range tcs {
diff --git a/SOURCES/006-remove-saml-dependency.patch b/SOURCES/006-remove-saml-dependency.patch
deleted file mode 100644
index d164b33..0000000
--- a/SOURCES/006-remove-saml-dependency.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff --git a/go.mod b/go.mod
-index bb073996ac..c1b6c3219c 100644
---- a/go.mod
-+++ b/go.mod
-@@ -19,7 +19,6 @@ require (
- 	github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3
- 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
- 	github.com/centrifugal/centrifuge v0.11.0
--	github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e
- 	github.com/davecgh/go-spew v1.1.1
- 	github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec
- 	github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect
-diff --git a/go.sum b/go.sum
-index c79d983b88..f45fa68f41 100644
---- a/go.sum
-+++ b/go.sum
-@@ -228,10 +228,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSY
- github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
- github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
- github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs=
--github.com/crewjam/saml v0.4.1 h1:ZNSRJvdbypQDY2uApMngeIHNcxS6UCRAgiw3S+pmgRU=
--github.com/crewjam/saml v0.4.1/go.mod h1:vHcshzXm2WkPOV1dcToZa99cCB1h3nPiKLtLYK+erBE=
--github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e h1:CFIpybPh+vrxRD6R3t2BCV9hdtlOQudsj1vB1ECXOo4=
--github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S68bk=
- github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
- github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
- github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
-diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
-index 337f6566f8..b15c3f907b 100644
---- a/pkg/extensions/main.go
-+++ b/pkg/extensions/main.go
-@@ -5,7 +5,6 @@ import (
- 	// remove the cron (v1) dependency
- 
- 	_ "github.com/beevik/etree"
--	_ "github.com/crewjam/saml"
- 	_ "github.com/gobwas/glob"
- 	"github.com/grafana/grafana/pkg/registry"
- 	"github.com/grafana/grafana/pkg/services/licensing"
diff --git a/SOURCES/007-CVE-2021-39226.patch b/SOURCES/007-CVE-2021-39226.patch
deleted file mode 100644
index 8202e1a..0000000
--- a/SOURCES/007-CVE-2021-39226.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go
-index d657b98809..a59865cc22 100644
---- a/pkg/api/dashboard_snapshot.go
-+++ b/pkg/api/dashboard_snapshot.go
-@@ -138,6 +138,9 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna
- // GET /api/snapshots/:key
- func GetDashboardSnapshot(c *models.ReqContext) Response {
- 	key := c.Params(":key")
-+	if len(key) == 0 {
-+		return Error(404, "Snapshot not found", nil)
-+	}
- 	query := &models.GetDashboardSnapshotQuery{Key: key}
- 
- 	err := bus.Dispatch(query)
-@@ -202,6 +205,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error {
- // GET /api/snapshots-delete/:deleteKey
- func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response {
- 	key := c.Params(":deleteKey")
-+	if len(key) == 0 {
-+		return Error(404, "Snapshot not found", nil)
-+	}
- 
- 	query := &models.GetDashboardSnapshotQuery{DeleteKey: key}
- 
-@@ -229,6 +235,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response {
- // DELETE /api/snapshots/:key
- func DeleteDashboardSnapshot(c *models.ReqContext) Response {
- 	key := c.Params(":key")
-+	if len(key) == 0 {
-+		return Error(404, "Snapshot not found", nil)
-+	}
- 
- 	query := &models.GetDashboardSnapshotQuery{Key: key}
- 
-diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go
-index df593d669a..46cb0c160f 100644
---- a/vendor/gopkg.in/macaron.v1/router.go
-+++ b/vendor/gopkg.in/macaron.v1/router.go
-@@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) {
- func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
- 	if t, ok := r.routers[req.Method]; ok {
- 		// Fast match for static routes
--		leaf := r.getLeaf(req.Method, req.URL.Path)
--		if leaf != nil {
--			leaf.handle(rw, req, nil)
--			return
-+		if !strings.ContainsAny(req.URL.Path, ":*") {
-+			leaf := r.getLeaf(req.Method, req.URL.Path)
-+			if leaf != nil {
-+				leaf.handle(rw, req, nil)
-+				return
-+			}
- 		}
- 
- 		h, p, ok := t.Match(req.URL.EscapedPath())
diff --git a/SOURCES/008-CVE-2021-27358.patch b/SOURCES/008-CVE-2021-27358.patch
deleted file mode 100644
index 07e9a9f..0000000
--- a/SOURCES/008-CVE-2021-27358.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go
-index c44d7dd9a7..4989ea0e1c 100644
---- a/pkg/middleware/auth.go
-+++ b/pkg/middleware/auth.go
-@@ -141,9 +141,9 @@ func SnapshotPublicModeOrSignedIn() macaron.Handler {
- 			return
- 		}
- 
--		_, err := c.Invoke(ReqSignedIn)
--		if err != nil {
--			c.JsonApiErr(500, "Failed to invoke required signed in middleware", err)
-+		if !c.IsSignedIn {
-+			notAuthorized(c)
-+			return
- 		}
- 	}
- }
diff --git a/SOURCES/008-remove-unused-frontend-crypto.patch b/SOURCES/008-remove-unused-frontend-crypto.patch
new file mode 100644
index 0000000..2409e23
--- /dev/null
+++ b/SOURCES/008-remove-unused-frontend-crypto.patch
@@ -0,0 +1,26 @@
+diff --git a/package.json b/package.json
+index 9c5a2d93e2..7f65949ea4 100644
+--- a/package.json
++++ b/package.json
+@@ -294,6 +294,9 @@
+     "whatwg-fetch": "3.1.0"
+   },
+   "resolutions": {
++    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz",
++    "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz",
++    "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz",
+     "caniuse-db": "1.0.30000772",
+     "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export"
+   },
+diff --git a/scripts/webpack/webpack.common.js b/scripts/webpack/webpack.common.js
+index 3e56d31c37..a03ed1a67a 100644
+--- a/scripts/webpack/webpack.common.js
++++ b/scripts/webpack/webpack.common.js
+@@ -66,6 +66,7 @@ module.exports = {
+   },
+   node: {
+     fs: 'empty',
++    crypto: false,
+   },
+   plugins: [
+     new MonacoWebpackPlugin({
diff --git a/SOURCES/009-patch-unused-backend-crypto.patch b/SOURCES/009-patch-unused-backend-crypto.patch
new file mode 100644
index 0000000..12be571
--- /dev/null
+++ b/SOURCES/009-patch-unused-backend-crypto.patch
@@ -0,0 +1,168 @@
+diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+new file mode 100644
+index 0000000..871e612
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+@@ -0,0 +1,25 @@
++package elgamal
++
++import (
++	"io"
++	"math/big"
++)
++
++// PublicKey represents an ElGamal public key.
++type PublicKey struct {
++	G, P, Y *big.Int
++}
++
++// PrivateKey represents an ElGamal private key.
++type PrivateKey struct {
++	PublicKey
++	X *big.Int
++}
++
++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
++	panic("ElGamal encryption not available")
++}
++
++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
++	panic("ElGamal encryption not available")
++}
+diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+index 9728d61..9f04c2d 100644
+--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
++++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+@@ -16,7 +16,6 @@ import (
+ 	"math/big"
+ 	"math/bits"
+ 
+-	"golang.org/x/crypto/cast5"
+ 	"golang.org/x/crypto/openpgp/errors"
+ )
+ 
+@@ -487,7 +486,7 @@ func (cipher CipherFunction) KeySize() int {
+ 	case Cipher3DES:
+ 		return 24
+ 	case CipherCAST5:
+-		return cast5.KeySize
++		panic("cast5 cipher not available")
+ 	case CipherAES128:
+ 		return 16
+ 	case CipherAES192:
+@@ -517,7 +516,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
+ 	case Cipher3DES:
+ 		block, _ = des.NewTripleDESCipher(key)
+ 	case CipherCAST5:
+-		block, _ = cast5.NewCipher(key)
++		panic("cast5 cipher not available")
+ 	case CipherAES128, CipherAES192, CipherAES256:
+ 		block, _ = aes.NewCipher(key)
+ 	}
+diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+index 6126030..3a54c5f 100644
+--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
++++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+@@ -5,13 +5,12 @@
+ package packet
+ 
+ import (
+-	"crypto/cipher"
+ 	"crypto/sha1"
+ 	"crypto/subtle"
+-	"golang.org/x/crypto/openpgp/errors"
+ 	"hash"
+ 	"io"
+-	"strconv"
++
++	"golang.org/x/crypto/openpgp/errors"
+ )
+ 
+ // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
+@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
+ // packet can be read. An incorrect key can, with high probability, be detected
+ // immediately and this will result in a KeyIncorrect error being returned.
+ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
+-	keySize := c.KeySize()
+-	if keySize == 0 {
+-		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
+-	}
+-	if len(key) != keySize {
+-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
+-	}
+-
+-	if se.prefix == nil {
+-		se.prefix = make([]byte, c.blockSize()+2)
+-		_, err := readFull(se.contents, se.prefix)
+-		if err != nil {
+-			return nil, err
+-		}
+-	} else if len(se.prefix) != c.blockSize()+2 {
+-		return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
+-	}
+-
+-	ocfbResync := OCFBResync
+-	if se.MDC {
+-		// MDC packets use a different form of OCFB mode.
+-		ocfbResync = OCFBNoResync
+-	}
+-
+-	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
+-	if s == nil {
+-		return nil, errors.ErrKeyIncorrect
+-	}
+-
+-	plaintext := cipher.StreamReader{S: s, R: se.contents}
+-
+-	if se.MDC {
+-		// MDC packets have an embedded hash that we need to check.
+-		h := sha1.New()
+-		h.Write(se.prefix)
+-		return &seMDCReader{in: plaintext, h: h}, nil
+-	}
+-
+-	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
+-	return seReader{plaintext}, nil
++	panic("OCFB cipher not available")
+ }
+ 
+ // seReader wraps an io.Reader with a no-op Close method.
+@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
+ // written.
+ // If config is nil, sensible defaults will be used.
+ func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
+-	if c.KeySize() != len(key) {
+-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
+-	}
+-	writeCloser := noOpCloser{w}
+-	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
+-	if err != nil {
+-		return
+-	}
+-
+-	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
+-	if err != nil {
+-		return
+-	}
+-
+-	block := c.new(key)
+-	blockSize := block.BlockSize()
+-	iv := make([]byte, blockSize)
+-	_, err = config.Random().Read(iv)
+-	if err != nil {
+-		return
+-	}
+-	s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
+-	_, err = ciphertext.Write(prefix)
+-	if err != nil {
+-		return
+-	}
+-	plaintext := cipher.StreamWriter{S: s, W: ciphertext}
+-
+-	h := sha1.New()
+-	h.Write(iv)
+-	h.Write(iv[blockSize-2:])
+-	contents = &seMDCWriter{w: plaintext, h: h}
+-	return
++	panic("OCFB cipher not available")
+ }
diff --git a/SOURCES/010-fips.patch b/SOURCES/010-fips.patch
new file mode 100644
index 0000000..f9adee9
--- /dev/null
+++ b/SOURCES/010-fips.patch
@@ -0,0 +1,140 @@
+diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
+new file mode 100644
+index 0000000..a9c550e
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/boring.go
+@@ -0,0 +1,74 @@
++// Copyright 2017 The Go Authors. All rights reserved.
++// Copyright 2021 Red Hat.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// +build linux
++// +build !android
++// +build !no_openssl
++// +build !cmd_go_bootstrap
++// +build !msan
++
++package boring
++
++// #include "openssl_pbkdf2.h"
++// #cgo LDFLAGS: -ldl
++import "C"
++import (
++	"bytes"
++	"crypto/sha1"
++	"crypto/sha256"
++	"hash"
++	"unsafe"
++)
++
++var (
++	emptySha1   = sha1.Sum([]byte{})
++	emptySha256 = sha256.Sum256([]byte{})
++)
++
++func hashToMD(h hash.Hash) *C.GO_EVP_MD {
++	emptyHash := h.Sum([]byte{})
++
++	switch {
++	case bytes.Equal(emptyHash, emptySha1[:]):
++		return C._goboringcrypto_EVP_sha1()
++	case bytes.Equal(emptyHash, emptySha256[:]):
++		return C._goboringcrypto_EVP_sha256()
++	}
++	return nil
++}
++
++// charptr returns the address of the underlying array in b,
++// being careful not to panic when b has zero length.
++func charptr(b []byte) *C.char {
++	if len(b) == 0 {
++		return nil
++	}
++	return (*C.char)(unsafe.Pointer(&b[0]))
++}
++
++// ucharptr returns the address of the underlying array in b,
++// being careful not to panic when b has zero length.
++func ucharptr(b []byte) *C.uchar {
++	if len(b) == 0 {
++		return nil
++	}
++	return (*C.uchar)(unsafe.Pointer(&b[0]))
++}
++
++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	// println("[debug] using pbkdf2 from OpenSSL")
++	ch := h()
++	md := hashToMD(ch)
++	if md == nil {
++		return nil
++	}
++
++	out := make([]byte, keyLen)
++	ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
++	if ok != 1 {
++		panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
++	}
++	return out
++}
+diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go
+new file mode 100644
+index 0000000..e244fb5
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go
+@@ -0,0 +1,16 @@
++// Copyright 2017 The Go Authors. All rights reserved.
++// Copyright 2021 Red Hat.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
++
++package boring
++
++import (
++	"hash"
++)
++
++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	panic("boringcrypto: not available")
++}
+diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
+new file mode 100644
+index 0000000..6dfdf10
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
+@@ -0,0 +1,5 @@
++#include "/usr/lib/golang/src/crypto/internal/boring/goboringcrypto.h"
++
++DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
++    (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
++    (pass, passlen, salt, saltlen, iter, digest, keylen, out))
+diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+index 593f653..799a611 100644
+--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
++++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+@@ -19,8 +19,11 @@ pbkdf2.Key.
+ package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
+ 
+ import (
++	"crypto/boring"
+ 	"crypto/hmac"
+ 	"hash"
++
++	xboring "golang.org/x/crypto/internal/boring"
+ )
+ 
+ // Key derives a key from the password, salt and iteration count, returning a
+@@ -40,6 +43,10 @@ import (
+ // Using a higher iteration count will increase the cost of an exhaustive
+ // search but will also make derivation proportionally slower.
+ func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	if boring.Enabled() {
++		return xboring.Pbkdf2Key(password, salt, iter, keyLen, h)
++	}
++
+ 	prf := hmac.New(h, password)
+ 	hashLen := prf.Size()
+ 	numBlocks := (keyLen + hashLen - 1) / hashLen
diff --git a/SOURCES/011-CVE-2021-39226.patch b/SOURCES/011-CVE-2021-39226.patch
new file mode 100644
index 0000000..a17cd34
--- /dev/null
+++ b/SOURCES/011-CVE-2021-39226.patch
@@ -0,0 +1,55 @@
+diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go
+index 4f7a4b8d09..b500639d15 100644
+--- a/pkg/api/dashboard_snapshot.go
++++ b/pkg/api/dashboard_snapshot.go
+@@ -144,6 +144,9 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna
+ // GET /api/snapshots/:key
+ func GetDashboardSnapshot(c *models.ReqContext) response.Response {
+ 	key := c.Params(":key")
++	if len(key) == 0 {
++		return response.Error(404, "Snapshot not found", nil)
++	}
+ 	query := &models.GetDashboardSnapshotQuery{Key: key}
+ 
+ 	err := bus.Dispatch(query)
+@@ -210,6 +213,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error {
+ // GET /api/snapshots-delete/:deleteKey
+ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) response.Response {
+ 	key := c.Params(":deleteKey")
++	if len(key) == 0 {
++		return response.Error(404, "Snapshot not found", nil)
++	}
+ 
+ 	query := &models.GetDashboardSnapshotQuery{DeleteKey: key}
+ 
+@@ -240,6 +246,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) response.Response
+ // DELETE /api/snapshots/:key
+ func DeleteDashboardSnapshot(c *models.ReqContext) response.Response {
+ 	key := c.Params(":key")
++	if len(key) == 0 {
++		return response.Error(404, "Snapshot not found", nil)
++	}
+ 
+ 	query := &models.GetDashboardSnapshotQuery{Key: key}
+ 
+diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go
+index df593d669a..46cb0c160f 100644
+--- a/vendor/gopkg.in/macaron.v1/router.go
++++ b/vendor/gopkg.in/macaron.v1/router.go
+@@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) {
+ func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+ 	if t, ok := r.routers[req.Method]; ok {
+ 		// Fast match for static routes
+-		leaf := r.getLeaf(req.Method, req.URL.Path)
+-		if leaf != nil {
+-			leaf.handle(rw, req, nil)
+-			return
++		if !strings.ContainsAny(req.URL.Path, ":*") {
++			leaf := r.getLeaf(req.Method, req.URL.Path)
++			if leaf != nil {
++				leaf.handle(rw, req, nil)
++				return
++			}
+ 		}
+ 
+ 		h, p, ok := t.Match(req.URL.EscapedPath())
diff --git a/SOURCES/Makefile b/SOURCES/Makefile
index 0f923ff..acd932c 100644
--- a/SOURCES/Makefile
+++ b/SOURCES/Makefile
@@ -1,17 +1,41 @@
-all: grafana-$(VER).tar.gz \
-	 grafana-vendor-$(VER).tar.xz \
-	 grafana-webpack-$(VER).tar.gz
+ifndef VER
+  $(error VER is undefined)
+endif
+ifndef REL
+  $(error REL is undefined)
+endif
 
-grafana-$(VER).tar.gz grafana-$(VER)/:
-	wget https://github.com/grafana/grafana/archive/v$(VER)/grafana-$(VER).tar.gz
+NAME       := grafana
+RPM_NAME   := $(NAME)
+SOURCE_DIR := $(NAME)-$(VER)
+SOURCE_TAR := $(NAME)-$(VER).tar.gz
+VENDOR_TAR := $(RPM_NAME)-vendor-$(VER)-$(REL).tar.xz
+WEBPACK_TAR := $(RPM_NAME)-webpack-$(VER)-$(REL).tar.gz
+
+ALL_PATCHES := $(wildcard *.patch)
+PATCHES_TO_APPLY := $(filter-out 009-patch-unused-backend-crypto.patch 010-fips.patch,$(ALL_PATCHES))
+
+all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR)
+
+$(SOURCE_TAR):
+	spectool -g $(RPM_NAME).spec
+
+$(VENDOR_TAR): $(SOURCE_TAR)
 	rm -rf grafana-$(VER)
 	tar xfz grafana-$(VER).tar.gz
-	cd grafana-$(VER) && shopt -s nullglob && \
-		for patch in ../*.patch; do patch -p1 < $$patch; done
 
-grafana-vendor-$(VER).tar.xz: grafana-$(VER)/
+	# patches can affect Go or Node.js dependencies, or the webpack
+	for patch in $(PATCHES_TO_APPLY); do patch -d grafana-$(VER) -p1 --fuzz=0 < $$patch; done
+
 	# Go
 	cd grafana-$(VER) && go mod vendor -v
+	# Remove unused crypto
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/cast5/cast5.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/ed25519.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
 	awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \
 		sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest
 
@@ -19,7 +43,9 @@ grafana-vendor-$(VER).tar.xz: grafana-$(VER)/
 	cd grafana-$(VER) && yarn install --pure-lockfile
 	# Remove files with licensing issues
 	find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \;
-	find grafana-$(VER) -name '*.exe' -delete
+	find grafana-$(VER) -type d -name 'property-information' -prune -exec rm -r {} \;
+	find grafana-$(VER) -type f -name '*.exe' -delete
+	rm -r grafana-$(VER)/node_modules/visjs-network/examples
 	./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest
 
 	# Create tarball
@@ -27,12 +53,11 @@ grafana-vendor-$(VER).tar.xz: grafana-$(VER)/
 		grafana-$(VER)/vendor \
 		$$(find grafana-$(VER) -type d -name "node_modules" -prune)
 
-grafana-webpack-$(VER).tar.gz: grafana-$(VER)/
+$(WEBPACK_TAR): $(VENDOR_TAR)
 	cd grafana-$(VER) && \
-		yarn install --pure-lockfile && \
 		../build_frontend.sh
 
 	tar cfz $@ grafana-$(VER)/public/build grafana-$(VER)/public/views grafana-$(VER)/plugins-bundled
 
 clean:
-	rm -rf *.tar.gz *.tar.xz *.manifest *.rpm grafana-*/
+	rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/
diff --git a/SOURCES/build_frontend.sh b/SOURCES/build_frontend.sh
index a9aa76d..fa0fb8e 100755
--- a/SOURCES/build_frontend.sh
+++ b/SOURCES/build_frontend.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -eu
 
 # Build the frontend
 yarn run build
diff --git a/SOURCES/distro-defaults.ini b/SOURCES/distro-defaults.ini
index d925297..daa0679 100644
--- a/SOURCES/distro-defaults.ini
+++ b/SOURCES/distro-defaults.ini
@@ -66,6 +66,13 @@ cert_key =
 # Unix socket path
 socket = /tmp/grafana.sock
 
+# CDN Url
+cdn_url =
+
+# Sets the maximum time in minutes before timing out read of an incoming request and closing idle connections.
+# `0` means there is no timeout for reading the request.
+read_timeout = 0
+
 #################################### Database ############################
 [database]
 # You can configure the database connection by specifying type, host, name, user and password
@@ -98,6 +105,12 @@ log_queries =
 # For "mysql", use either "true", "false", or "skip-verify".
 ssl_mode = disable
 
+# Database drivers may support different transaction isolation levels.
+# Currently, only "mysql" driver supports isolation levels.
+# If the value is empty - driver's default isolation level is applied.
+# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE".
+isolation_level =
+
 ca_cert_path =
 client_key_path =
 client_cert_path =
@@ -142,9 +155,17 @@ tls_handshake_timeout_seconds = 10
 # waiting for the server to approve.
 expect_continue_timeout_seconds = 1
 
+# Optionally limits the total number of connections per host, including connections in the dialing,
+# active, and idle states. On limit violation, dials will block.
+# A value of zero (0) means no limit.
+max_conns_per_host = 0
+
 # The maximum number of idle connections that Grafana will keep alive.
 max_idle_connections = 100
 
+# The maximum number of idle connections per host that Grafana will keep alive.
+max_idle_connections_per_host = 2
+
 # How many seconds the data proxy keeps an idle connection open before timing out.
 idle_conn_timeout_seconds = 90
 
@@ -159,6 +180,9 @@ send_user_header = false
 # Change this option to false to disable reporting.
 reporting_enabled = false
 
+# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
+reporting_distributor = grafana-labs
+
 # Set to false to disable all checks to https://grafana.com
 # for new versions (grafana itself and plugins), check is used
 # in some UI views to notify that grafana or plugin update exists
@@ -227,6 +251,13 @@ x_content_type_options = true
 # when they detect reflected cross-site scripting (XSS) attacks.
 x_xss_protection = true
 
+# Enable adding the Content-Security-Policy header to your requests.
+# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
+content_security_policy = false
+
+# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
+# $NONCE in the template includes a random nonce.
+content_security_policy_template = """script-src 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
 
 #################################### Snapshots ###########################
 [snapshots]
@@ -255,6 +286,11 @@ min_refresh_interval = 1s
 # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
 default_home_dashboard_path =
 
+################################### Data sources #########################
+[datasources]
+# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
+datasource_limit = 5000
+
 #################################### Users ###############################
 [users]
 # disable user signup / registration
@@ -282,6 +318,9 @@ password_hint = password
 # Default UI theme ("dark" or "light")
 default_theme = dark
 
+# Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash.
+home_page =
+
 # External user management
 external_manage_link_url =
 external_manage_link_name =
@@ -296,6 +335,9 @@ editors_can_admin = false
 # The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes).
 user_invite_max_lifetime_duration = 24h
 
+# Enter a comma-separated list of usernames to hide them in the Grafana UI. These users are shown to Grafana admins and to themselves.
+hidden_users =
+
 [auth]
 # Login cookie name
 login_cookie_name = grafana_session
@@ -442,6 +484,7 @@ scopes = user:email
 email_attribute_name = email:primary
 email_attribute_path =
 login_attribute_path =
+name_attribute_path =
 role_attribute_path =
 id_token_attribute_name =
 auth_url =
@@ -478,11 +521,24 @@ enabled = false
 config_file = /etc/grafana/ldap.toml
 allow_sign_up = true
 
-# LDAP backround sync (Enterprise only)
+# LDAP background sync (Enterprise only)
 # At 1 am every day
 sync_cron = "0 0 1 * * *"
 active_sync_enabled = true
 
+#################################### AWS ###########################
+[aws]
+# Enter a comma-separated list of allowed AWS authentication providers.
+# Options are: default (AWS SDK Default), keys (Access && secret key), credentials (Credentials field), ec2_iam_role (EC2 IAM Role)
+allowed_auth_providers = default,keys,credentials
+
+# Allow AWS users to assume a role using temporary security credentials.
+# If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers
+assume_role_enabled = true
+
+# Specify max no of pages to be returned by the ListMetricPages API
+list_metrics_page_limit = 500
+
 #################################### SMTP / Emailing #####################
 [smtp]
 enabled = false
@@ -559,6 +615,25 @@ facility =
 # Syslog tag. By default, the process' argv[0] is used.
 tag =
 
+[log.frontend]
+# Should Sentry javascript agent be initialized
+enabled = false
+
+# Sentry DSN if you want to send events to Sentry.
+sentry_dsn =
+
+# Custom HTTP endpoint to send events captured by the Sentry agent to. Default will log the events to stdout.
+custom_endpoint = /log
+
+# Rate of events to be reported between 0 (none) and 1 (all), float
+sample_rate = 1.0
+
+# Requests per second limit enforced per an extended period, for Grafana backend log ingestion endpoint (/log).
+log_endpoint_requests_per_second_limit = 3
+
+# Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log)
+log_endpoint_burst_limit = 15
+
 #################################### Usage Quotas ########################
 [quota]
 enabled = false
@@ -631,6 +706,9 @@ max_annotation_age =
 max_annotations_to_keep =
 
 #################################### Annotations #########################
+[annotations]
+# Configures the batch size for the annotation clean-up job. This setting is used for dashboard, API, and alert annotations.
+cleanupjob_batchsize = 100
 
 [annotations.dashboard]
 # Dashboard annotations means that annotations are associated with the dashboard they are created on.
@@ -858,3 +936,7 @@ use_browser_locale = false
 
 # Default timezone for user preferences. Options are 'browser' for the browser local timezone or a timezone name from IANA Time Zone database, e.g. 'UTC' or 'Europe/Amsterdam' etc.
 default_timezone = browser
+
+[expressions]
+# Enable or disable the expressions functionality.
+enabled = true
diff --git a/SOURCES/list_bundled_nodejs_packages.py b/SOURCES/list_bundled_nodejs_packages.py
index a7c5e22..3158c2c 100755
--- a/SOURCES/list_bundled_nodejs_packages.py
+++ b/SOURCES/list_bundled_nodejs_packages.py
@@ -1,4 +1,7 @@
 #!/usr/bin/env python3
+#
+# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
+#
 import sys
 import json
 import re
diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index 0acde69..ada6d1f 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -1,7 +1,3 @@
-# https://bugzilla.redhat.com/show_bug.cgi?id=1752991
-# unfortunately the go_arches macro doesn't reflect that change yet
-ExcludeArch:      i686
-
 %global grafana_arches %{lua: go_arches = {}
   for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do
     go_arches[arch] = 1
@@ -12,22 +8,19 @@ ExcludeArch:      i686
   end
 end}
 
-# gobuild and gotest macros are defined in go-rpm-macros, which is not available on RHEL
-# definitions lifted from Fedora 34 podman.spec
-%if ! 0%{?gobuild:1}
-%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
-%endif
-%if ! 0%{?gotest:1}
-%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**};
-%endif
-
 # Specify if the frontend will be compiled as part of the build or
 # is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system)
 %define compile_frontend 0
 
+%if 0%{?rhel}
+%define enable_fips_mode 1
+%else
+%define enable_fips_mode 0
+%endif
+
 Name:             grafana
-Version:          7.3.6
-Release:          3%{?dist}
+Version:          7.5.9
+Release:          4%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
 URL:              https://grafana.org
@@ -36,11 +29,15 @@ URL:              https://grafana.org
 Source0:          https://github.com/grafana/grafana/archive/v%{version}/%{name}-%{version}.tar.gz
 
 # Source1 contains the bundled Go and Node.js dependencies
-Source1:          grafana-vendor-%{version}.tar.xz
+# Note: In case there were no changes to this tarball, the NVR of this tarball
+# lags behind the NVR of the Grafana package.
+Source1:          grafana-vendor-%{version}-2.tar.xz
 
 %if %{compile_frontend} == 0
 # Source2 contains the precompiled frontend
-Source2:          grafana-webpack-%{version}.tar.gz
+# Note: In case there were no changes to this tarball, the NVR of this tarball
+# lags behind the NVR of the Grafana package.
+Source2:          grafana-webpack-%{version}-2.tar.gz
 %endif
 
 # Source3 contains Grafana configuration defaults for distributions
@@ -59,9 +56,9 @@ Source6:          list_bundled_nodejs_packages.py
 Patch1:           001-wrappers-grafana-cli.patch
 Patch2:           002-manpages.patch
 
-# remove failing assertions due to a symlink
+# resolve symlinks before comparing paths
 # BUILD/src/github.com/grafana/grafana -> BUILD/grafana-X.Y.Z
-Patch3:           003-remove-dashboard-abspath-test.patch
+Patch3:           003-fix-dashboard-abspath-test.patch
 
 # Required for s390x
 # the golden files include memory dumps from a x86 machine
@@ -69,20 +66,38 @@ Patch3:           003-remove-dashboard-abspath-test.patch
 # therefore loading this memory dump fails on s390x
 Patch4:           004-skip-x86-goldenfiles-tests.patch
 
-Patch5:           005-pin-yarn-version.patch
-Patch6:           006-remove-saml-dependency.patch
-Patch7:           007-CVE-2021-39226.patch
-Patch8:           008-CVE-2021-27358.patch
+Patch5:           005-remove-unused-dependencies.patch
+
+Patch6:           006-fix-gtime-test-32bit.patch
+
+Patch8:           008-remove-unused-frontend-crypto.patch
+
+# The Makefile removes a few files with crypto implementations
+# from the vendor tarball, which are not used in Grafana.
+# This patch removes all references to the deleted files.
+Patch9:           009-patch-unused-backend-crypto.patch
+
+# This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
+# if FIPS mode is enabled.
+Patch10:          010-fips.patch
+
+# Patch for CVE-2021-39226
+Patch11:          011-CVE-2021-39226.patch
 
 # Intersection of go_arches and nodejs_arches
 ExclusiveArch:    %{grafana_arches}
 
-BuildRequires:    git, systemd, golang, go-srpm-macros
+BuildRequires:    systemd, golang, go-srpm-macros
 %if 0%{?fedora} >= 31
 BuildRequires:    go-rpm-macros
 %endif
+
 %if %{compile_frontend}
-BuildRequires:    nodejs >= 1:12, nodejs < 1:13, yarnpkg
+BuildRequires:    nodejs >= 1:14, yarnpkg
+%endif
+
+%if %{enable_fips_mode}
+BuildRequires:    openssl-devel
 %endif
 
 # omit golang debugsource, see BZ995136 and related
@@ -130,95 +145,110 @@ Provides:         grafana-stackdriver = 7.3.6-1
 # this is for security purposes, if nodejs-foo ever needs an update,
 # affected packages can be easily identified.
 # Note: generated by the Makefile (see README.md)
-Provides: bundled(golang(cloud.google.com/go/storage)) = 1.10.0
+Provides: bundled(golang(cloud.google.com/go/storage)) = 1.13.0
 Provides: bundled(golang(github.com/BurntSushi/toml)) = 0.3.1
 Provides: bundled(golang(github.com/VividCortex/mysqlerr)) = 0.0.0-20170204212430.6c6b55f8796f
-Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.33.12
+Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.37.20
 Provides: bundled(golang(github.com/beevik/etree)) = 1.1.0
 Provides: bundled(golang(github.com/benbjohnson/clock)) = 0.0.0-20161215174838.7dc76406b6d3
 Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20190913173617.a41fca850d0b
-Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.11.0
+Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.13.0
+Provides: bundled(golang(github.com/cortexproject/cortex)) = 1.4.1-0.20201022071705.85942c5703cf
 Provides: bundled(golang(github.com/davecgh/go-spew)) = 1.1.1
-Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.0.0-20200620013148.b91950f658ec
+Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.0.0-20200910202707.1e08a3fab204
 Provides: bundled(golang(github.com/facebookgo/inject)) = 0.0.0-20180706035515.f23751cae28b
-Provides: bundled(golang(github.com/fatih/color)) = 1.9.0
+Provides: bundled(golang(github.com/fatih/color)) = 1.10.0
 Provides: bundled(golang(github.com/gchaincl/sqlhooks)) = 1.3.0
+Provides: bundled(golang(github.com/getsentry/sentry-go)) = 0.10.0
 Provides: bundled(golang(github.com/go-macaron/binding)) = 0.0.0-20190806013118.0b4f37bab25b
 Provides: bundled(golang(github.com/go-macaron/gzip)) = 0.0.0-20160222043647.cad1c6580a07
-Provides: bundled(golang(github.com/go-macaron/session)) = 0.0.0-20190805070824.1a3cdc6f5659
+Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.3+incompatible
 Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.5.0
 Provides: bundled(golang(github.com/go-stack/stack)) = 1.8.0
 Provides: bundled(golang(github.com/gobwas/glob)) = 0.2.3
+Provides: bundled(golang(github.com/golang/mock)) = 1.5.0
 Provides: bundled(golang(github.com/golang/protobuf)) = 1.4.3
-Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.2
-Provides: bundled(golang(github.com/gosimple/slug)) = 1.4.2
+Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.4
+Provides: bundled(golang(github.com/google/uuid)) = 1.2.0
+Provides: bundled(golang(github.com/gosimple/slug)) = 1.9.0
+Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.4.0
 Provides: bundled(golang(github.com/grafana/grafana-plugin-model)) = 0.0.0-20190930120109.1fc953a61fb4
-Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.79.0
-Provides: bundled(golang(github.com/grafana/loki)) = 1.6.0
-Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.2.1
-Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 0.12.2
-Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.2.2
-Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.2.0
+Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.88.0
+Provides: bundled(golang(github.com/grafana/loki)) = 1.6.2-0.20201026154740.6978ee5d7387
+Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.2.2
+Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 0.15.0
+Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.4.0
+Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.2.1
 Provides: bundled(golang(github.com/inconshreveable/log15)) = 0.0.0-20180818164646.67afb5ed74ec
 Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.2.0
-Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.3.0
-Provides: bundled(golang(github.com/jung-kurt/gofpdf)) = 1.10.1
-Provides: bundled(golang(github.com/lib/pq)) = 1.3.0
-Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.9.7
-Provides: bundled(golang(github.com/magefile/mage)) = 1.9.0
+Provides: bundled(golang(github.com/jaegertracing/jaeger)) = 1.22.1-0.20210304164023.2fff3ca58910
+Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.4.0
+Provides: bundled(golang(github.com/json-iterator/go)) = 1.1.10
+Provides: bundled(golang(github.com/lib/pq)) = 1.9.0
+Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.10.0
+Provides: bundled(golang(github.com/magefile/mage)) = 1.11.0
 Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.12
-Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.11.0
+Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.6
+Provides: bundled(golang(github.com/mwitkow/go-conntrack)) = 0.0.0-20190716064945.2f068394615f
 Provides: bundled(golang(github.com/opentracing/opentracing-go)) = 1.2.0
 Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible
 Provides: bundled(golang(github.com/pkg/errors)) = 0.9.1
-Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.8.0
+Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.9.0
 Provides: bundled(golang(github.com/prometheus/client_model)) = 0.2.0
-Provides: bundled(golang(github.com/prometheus/common)) = 0.14.0
+Provides: bundled(golang(github.com/prometheus/common)) = 0.18.0
 Provides: bundled(golang(github.com/robfig/cron)) = 0.0.0-20180505203441.b41be1df6967
-Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.0
+Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1
 Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.1.0
 Provides: bundled(golang(github.com/smartystreets/goconvey)) = 1.6.4
-Provides: bundled(golang(github.com/stretchr/testify)) = 1.6.1
+Provides: bundled(golang(github.com/stretchr/testify)) = 1.7.0
 Provides: bundled(golang(github.com/teris-io/shortid)) = 0.0.0-20171029131806.771a37caa5cf
 Provides: bundled(golang(github.com/timberio/go-datemath)) = 0.1.1-0.20200323150745.74ddef604fff
 Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20190826212731.daf92ba38329
 Provides: bundled(golang(github.com/uber/jaeger-client-go)) = 2.25.0+incompatible
 Provides: bundled(golang(github.com/unknwon/com)) = 1.0.1
-Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.1.1
+Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.3.0
 Provides: bundled(golang(github.com/weaveworks/common)) = 0.0.0-20201119133501.0619918236ec
 Provides: bundled(golang(github.com/xorcare/pointer)) = 1.1.0
 Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0
-Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20201208171446.5f87f3452ae9
-Provides: bundled(golang(golang.org/x/net)) = 0.0.0-20201022231255.08b38378de70
-Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20200902213428.5d25da1a8d43
-Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20201020160332.67f06af15bc9
+Provides: bundled(golang(go.opentelemetry.io/collector)) = 0.21.0
+Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20201221181555.eec23a3978ad
+Provides: bundled(golang(golang.org/x/net)) = 0.0.0-20210119194325.5f4716e94777
+Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20210113205817.d3ed898aa8a3
+Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20201207232520.09787c993a3a
 Provides: bundled(golang(golang.org/x/time)) = 0.0.0-20200630173020.3af7569d3a1e
-Provides: bundled(golang(google.golang.org/grpc)) = 1.33.1
-Provides: bundled(golang(gopkg.in/ini.v1)) = 1.51.0
+Provides: bundled(golang(gonum.org/v1/gonum)) = 0.8.2
+Provides: bundled(golang(google.golang.org/api)) = 0.40.0
+Provides: bundled(golang(google.golang.org/grpc)) = 1.36.0
+Provides: bundled(golang(gopkg.in/ini.v1)) = 1.62.0
 Provides: bundled(golang(gopkg.in/ldap.v3)) = 3.0.2
-Provides: bundled(golang(gopkg.in/macaron.v1)) = 1.3.9
+Provides: bundled(golang(gopkg.in/macaron.v1)) = 1.4.0
 Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1
 Provides: bundled(golang(gopkg.in/redis.v5)) = 5.2.9
-Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.4.1
-Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.3.0
+Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.5.1
+Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.4.0
 Provides: bundled(golang(xorm.io/core)) = 0.7.3
-Provides: bundled(golang(xorm.io/xorm)) = 0.8.1
-Provides: bundled(npm(@babel/core)) = 7.6.2
+Provides: bundled(golang(xorm.io/xorm)) = 0.8.2
+Provides: bundled(npm(@babel/core)) = 7.6.4
 Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.8.3
 Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.8.3
-Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.2.0
-Provides: bundled(npm(@babel/preset-env)) = 7.6.3
-Provides: bundled(npm(@babel/preset-react)) = 7.6.3
+Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.7.4
+Provides: bundled(npm(@babel/preset-env)) = 7.7.4
+Provides: bundled(npm(@babel/preset-react)) = 7.8.3
 Provides: bundled(npm(@babel/preset-typescript)) = 7.8.3
 Provides: bundled(npm(@emotion/core)) = 10.0.21
-Provides: bundled(npm(@grafana/api-documenter)) = 0.9.3
+Provides: bundled(npm(@grafana/api-documenter)) = 7.11.2
 Provides: bundled(npm(@grafana/api-extractor)) = 7.10.1
-Provides: bundled(npm(@grafana/eslint-config)) = 2.0.3
+Provides: bundled(npm(@grafana/aws-sdk)) = 0.0.3
+Provides: bundled(npm(@grafana/eslint-config)) = 2.3.0
 Provides: bundled(npm(@grafana/slate-react)) = 0.22.9-grafana
-Provides: bundled(npm(@reduxjs/toolkit)) = 1.3.4
+Provides: bundled(npm(@popperjs/core)) = 2.5.4
+Provides: bundled(npm(@reduxjs/toolkit)) = 1.5.0
 Provides: bundled(npm(@rtsao/plugin-proposal-class-properties)) = 7.0.1-patch.1
-Provides: bundled(npm(@testing-library/jest-dom)) = 5.11.3
-Provides: bundled(npm(@testing-library/react)) = 10.4.8
+Provides: bundled(npm(@sentry/browser)) = 5.25.0
+Provides: bundled(npm(@sentry/types)) = 5.24.2
+Provides: bundled(npm(@sentry/utils)) = 5.24.2
+Provides: bundled(npm(@testing-library/jest-dom)) = 5.11.5
+Provides: bundled(npm(@testing-library/react)) = 11.1.2
 Provides: bundled(npm(@testing-library/react-hooks)) = 3.2.1
 Provides: bundled(npm(@testing-library/user-event)) = 12.1.3
 Provides: bundled(npm(@torkelo/react-select)) = 3.0.8
@@ -230,28 +260,29 @@ Provides: bundled(npm(@types/classnames)) = 2.2.7
 Provides: bundled(npm(@types/clipboard)) = 2.0.1
 Provides: bundled(npm(@types/common-tags)) = 1.8.0
 Provides: bundled(npm(@types/d3)) = 5.7.2
+Provides: bundled(npm(@types/d3-force)) = 1.2.1
 Provides: bundled(npm(@types/d3-scale-chromatic)) = 1.3.1
+Provides: bundled(npm(@types/debounce-promise)) = 3.1.3
 Provides: bundled(npm(@types/enzyme)) = 3.10.3
 Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6
 Provides: bundled(npm(@types/file-saver)) = 2.0.1
 Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1
 Provides: bundled(npm(@types/is-hotkey)) = 0.1.1
-Provides: bundled(npm(@types/jest)) = 23.3.14
+Provides: bundled(npm(@types/jest)) = 26.0.12
 Provides: bundled(npm(@types/jquery)) = 3.3.38
 Provides: bundled(npm(@types/jsurl)) = 1.2.28
 Provides: bundled(npm(@types/lodash)) = 4.14.123
 Provides: bundled(npm(@types/lru-cache)) = 5.1.0
-Provides: bundled(npm(@types/marked)) = 1.1.0
 Provides: bundled(npm(@types/md5)) = 2.1.33
 Provides: bundled(npm(@types/moment-timezone)) = 0.5.13
 Provides: bundled(npm(@types/mousetrap)) = 1.6.3
 Provides: bundled(npm(@types/node)) = 10.14.1
 Provides: bundled(npm(@types/papaparse)) = 5.2.0
 Provides: bundled(npm(@types/prismjs)) = 1.16.0
-Provides: bundled(npm(@types/react)) = 16.8.16
+Provides: bundled(npm(@types/react)) = 16.9.9
 Provides: bundled(npm(@types/react-beautiful-dnd)) = 12.1.2
-Provides: bundled(npm(@types/react-dom)) = 16.8.4
-Provides: bundled(npm(@types/react-grid-layout)) = 0.16.7
+Provides: bundled(npm(@types/react-dom)) = 16.9.2
+Provides: bundled(npm(@types/react-grid-layout)) = 1.1.1
 Provides: bundled(npm(@types/react-loadable)) = 5.5.2
 Provides: bundled(npm(@types/react-redux)) = 7.1.7
 Provides: bundled(npm(@types/react-select)) = 3.0.8
@@ -265,26 +296,25 @@ Provides: bundled(npm(@types/reselect)) = 2.2.0
 Provides: bundled(npm(@types/slate)) = 0.47.1
 Provides: bundled(npm(@types/slate-plain-serializer)) = 0.6.1
 Provides: bundled(npm(@types/slate-react)) = 0.22.5
-Provides: bundled(npm(@types/sockjs-client)) = 1.1.1
-Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.9.2
+Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.9.5
 Provides: bundled(npm(@types/testing-library__react-hooks)) = 3.1.0
 Provides: bundled(npm(@types/tinycolor2)) = 1.4.1
 Provides: bundled(npm(@types/uuid)) = 8.3.0
-Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 4.0.1
-Provides: bundled(npm(@typescript-eslint/parser)) = 4.0.1
+Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 4.15.0
+Provides: bundled(npm(@typescript-eslint/parser)) = 4.15.0
 Provides: bundled(npm(@welldone-software/why-did-you-render)) = 4.0.6
+Provides: bundled(npm(@wojtekmaj/enzyme-adapter-react-17)) = 0.3.1
 Provides: bundled(npm(abortcontroller-polyfill)) = 1.4.0
-Provides: bundled(npm(angular)) = 1.6.9
+Provides: bundled(npm(angular)) = 1.8.2
 Provides: bundled(npm(angular-bindonce)) = 0.3.1
 Provides: bundled(npm(angular-mocks)) = 1.6.6
-Provides: bundled(npm(angular-native-dragdrop)) = 1.2.2
-Provides: bundled(npm(angular-route)) = 1.6.6
-Provides: bundled(npm(angular-sanitize)) = 1.6.6
+Provides: bundled(npm(angular-route)) = 1.8.2
+Provides: bundled(npm(angular-sanitize)) = 1.8.2
 Provides: bundled(npm(antlr4)) = 4.8.0
 Provides: bundled(npm(autoprefixer)) = 9.7.4
-Provides: bundled(npm(axios)) = 0.19.0
+Provides: bundled(npm(axios)) = 0.21.1
 Provides: bundled(npm(babel-core)) = 7.0.0-bridge.0
-Provides: bundled(npm(babel-jest)) = 24.8.0
+Provides: bundled(npm(babel-jest)) = 26.6.3
 Provides: bundled(npm(babel-loader)) = 8.0.6
 Provides: bundled(npm(babel-plugin-angularjs-annotate)) = 0.10.0
 Provides: bundled(npm(baron)) = 3.0.3
@@ -296,43 +326,34 @@ Provides: bundled(npm(clean-webpack-plugin)) = 3.0.0
 Provides: bundled(npm(clipboard)) = 2.0.4
 Provides: bundled(npm(common-tags)) = 1.8.0
 Provides: bundled(npm(core-js)) = 1.2.7
-Provides: bundled(npm(css-loader)) = 3.2.0
+Provides: bundled(npm(css-loader)) = 3.4.2
 Provides: bundled(npm(d3)) = 5.15.0
+Provides: bundled(npm(d3-force)) = 1.2.1
 Provides: bundled(npm(d3-scale-chromatic)) = 1.5.0
 Provides: bundled(npm(dangerously-set-html-content)) = 1.0.6
+Provides: bundled(npm(debounce-promise)) = 3.1.2
 Provides: bundled(npm(emotion)) = 10.0.27
 Provides: bundled(npm(enzyme)) = 3.11.0
-Provides: bundled(npm(enzyme-adapter-react-16)) = 1.15.2
 Provides: bundled(npm(enzyme-to-json)) = 3.4.4
+Provides: bundled(npm(es-abstract)) = 1.18.0-next.1
 Provides: bundled(npm(es6-promise)) = 4.2.8
 Provides: bundled(npm(es6-shim)) = 0.35.5
 Provides: bundled(npm(eslint)) = 2.13.1
-Provides: bundled(npm(eslint-config-prettier)) = 6.11.0
-Provides: bundled(npm(eslint-plugin-jsdoc)) = 28.6.1
-Provides: bundled(npm(eslint-plugin-prettier)) = 3.1.4
-Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.0.5
+Provides: bundled(npm(eslint-config-prettier)) = 7.2.0
+Provides: bundled(npm(eslint-plugin-jsdoc)) = 31.6.1
+Provides: bundled(npm(eslint-plugin-no-only-tests)) = 2.4.0
+Provides: bundled(npm(eslint-plugin-prettier)) = 3.3.1
+Provides: bundled(npm(eslint-plugin-react)) = 7.22.0
+Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.2.0
 Provides: bundled(npm(eventemitter3)) = 3.1.2
 Provides: bundled(npm(expect.js)) = 0.3.1
 Provides: bundled(npm(expose-loader)) = 0.7.5
 Provides: bundled(npm(fast-text-encoding)) = 1.0.0
-Provides: bundled(npm(file-loader)) = 4.3.0
+Provides: bundled(npm(file-loader)) = 5.0.2
 Provides: bundled(npm(file-saver)) = 2.0.2
 Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 1.0.0
 Provides: bundled(npm(gaze)) = 1.1.3
-Provides: bundled(npm(glob)) = 5.0.15
-Provides: bundled(npm(grunt)) = 1.0.4
-Provides: bundled(npm(grunt-angular-templates)) = 1.1.0
-Provides: bundled(npm(grunt-cli)) = 1.2.0
-Provides: bundled(npm(grunt-contrib-clean)) = 2.0.0
-Provides: bundled(npm(grunt-contrib-compress)) = 1.6.0
-Provides: bundled(npm(grunt-contrib-copy)) = 1.0.0
-Provides: bundled(npm(grunt-exec)) = 3.0.0
-Provides: bundled(npm(grunt-newer)) = 1.3.0
-Provides: bundled(npm(grunt-notify)) = 0.4.5
-Provides: bundled(npm(grunt-postcss)) = 0.9.0
-Provides: bundled(npm(grunt-sass-lint)) = 0.2.4
-Provides: bundled(npm(grunt-usemin)) = 3.1.1
-Provides: bundled(npm(grunt-webpack)) = 3.1.3
+Provides: bundled(npm(glob)) = 7.1.3
 Provides: bundled(npm(hoist-non-react-statics)) = 2.5.5
 Provides: bundled(npm(html-loader)) = 0.5.5
 Provides: bundled(npm(html-webpack-harddisk-plugin)) = 1.0.1
@@ -340,17 +361,17 @@ Provides: bundled(npm(html-webpack-plugin)) = 3.2.0
 Provides: bundled(npm(husky)) = 4.2.1
 Provides: bundled(npm(immutable)) = 3.8.2
 Provides: bundled(npm(is-hotkey)) = 0.1.4
-Provides: bundled(npm(jest)) = 25.5.4
-Provides: bundled(npm(jest-canvas-mock)) = 2.1.2
+Provides: bundled(npm(jest)) = 26.6.3
+Provides: bundled(npm(jest-canvas-mock)) = 2.3.0
 Provides: bundled(npm(jest-date-mock)) = 1.0.8
-Provides: bundled(npm(jquery)) = 3.4.1
+Provides: bundled(npm(jest-matcher-utils)) = 26.0.0
+Provides: bundled(npm(jquery)) = 3.5.1
 Provides: bundled(npm(jsurl)) = 0.1.5
-Provides: bundled(npm(lerna)) = 3.20.2
+Provides: bundled(npm(lerna)) = 3.22.1
 Provides: bundled(npm(lint-staged)) = 10.0.7
 Provides: bundled(npm(load-grunt-tasks)) = 5.1.0
-Provides: bundled(npm(lodash)) = 3.10.1
+Provides: bundled(npm(lodash)) = 4.17.21
 Provides: bundled(npm(lru-cache)) = 4.1.5
-Provides: bundled(npm(marked)) = 0.3.19
 Provides: bundled(npm(md5)) = 2.2.1
 Provides: bundled(npm(memoize-one)) = 4.1.0
 Provides: bundled(npm(mini-css-extract-plugin)) = 0.7.0
@@ -364,31 +385,32 @@ Provides: bundled(npm(mousetrap)) = 1.6.5
 Provides: bundled(npm(mousetrap-global-bind)) = 1.1.0
 Provides: bundled(npm(mutationobserver-shim)) = 0.3.3
 Provides: bundled(npm(ngtemplate-loader)) = 2.0.1
-Provides: bundled(npm(node-sass)) = 4.13.1
 Provides: bundled(npm(nodemon)) = 2.0.2
-Provides: bundled(npm(optimize-css-assets-webpack-plugin)) = 5.0.3
-Provides: bundled(npm(papaparse)) = 4.6.3
+Provides: bundled(npm(optimize-css-assets-webpack-plugin)) = 5.0.4
+Provides: bundled(npm(papaparse)) = 5.3.0
 Provides: bundled(npm(postcss-browser-reporter)) = 0.6.0
 Provides: bundled(npm(postcss-loader)) = 3.0.0
 Provides: bundled(npm(postcss-reporter)) = 6.0.1
-Provides: bundled(npm(prettier)) = 1.18.2
-Provides: bundled(npm(prismjs)) = 1.17.1
+Provides: bundled(npm(prettier)) = 2.0.5
+Provides: bundled(npm(prismjs)) = 1.21.0
 Provides: bundled(npm(prop-types)) = 15.7.2
 Provides: bundled(npm(rc-cascader)) = 1.0.1
 Provides: bundled(npm(re-resizable)) = 6.2.0
-Provides: bundled(npm(react)) = 16.10.2
-Provides: bundled(npm(react-dom)) = 16.10.2
-Provides: bundled(npm(react-grid-layout)) = 0.17.1
+Provides: bundled(npm(react)) = 16.13.1
+Provides: bundled(npm(react-beautiful-dnd)) = 13.0.0
+Provides: bundled(npm(react-dom)) = 17.0.1
+Provides: bundled(npm(react-grid-layout)) = 1.2.0
 Provides: bundled(npm(react-highlight-words)) = 0.16.0
 Provides: bundled(npm(react-hot-loader)) = 4.8.0
 Provides: bundled(npm(react-loadable)) = 5.5.0
-Provides: bundled(npm(react-popper)) = 1.3.3
+Provides: bundled(npm(react-popper)) = 2.2.4
 Provides: bundled(npm(react-redux)) = 7.2.0
 Provides: bundled(npm(react-reverse-portal)) = 2.0.1
-Provides: bundled(npm(react-sizeme)) = 2.6.8
+Provides: bundled(npm(react-select-event)) = 5.1.0
+Provides: bundled(npm(react-sizeme)) = 2.6.12
 Provides: bundled(npm(react-split-pane)) = 0.1.89
 Provides: bundled(npm(react-test-renderer)) = 16.10.2
-Provides: bundled(npm(react-transition-group)) = 2.9.0
+Provides: bundled(npm(react-transition-group)) = 4.3.0
 Provides: bundled(npm(react-use)) = 13.27.0
 Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.2
 Provides: bundled(npm(react-window)) = 1.8.5
@@ -403,29 +425,30 @@ Provides: bundled(npm(rimraf)) = 2.6.3
 Provides: bundled(npm(rst2html)) = 1.0.4
 Provides: bundled(npm(rxjs)) = 6.5.5
 Provides: bundled(npm(rxjs-spy)) = 7.5.1
+Provides: bundled(npm(sass)) = 1.27.0
 Provides: bundled(npm(sass-lint)) = 1.12.1
 Provides: bundled(npm(sass-loader)) = 8.0.2
 Provides: bundled(npm(search-query-parser)) = 1.5.4
 Provides: bundled(npm(sinon)) = 8.1.1
 Provides: bundled(npm(slate)) = 0.47.8
 Provides: bundled(npm(slate-plain-serializer)) = 0.7.10
-Provides: bundled(npm(sockjs-client)) = 1.4.0
 Provides: bundled(npm(style-loader)) = 1.1.3
-Provides: bundled(npm(terser-webpack-plugin)) = 1.4.1
+Provides: bundled(npm(terser-webpack-plugin)) = 1.4.5
 Provides: bundled(npm(tether)) = 1.4.7
 Provides: bundled(npm(tether-drop)) = 1.5.0
 Provides: bundled(npm(tinycolor2)) = 1.4.1
-Provides: bundled(npm(ts-jest)) = 26.3.0
-Provides: bundled(npm(ts-node)) = 8.8.1
+Provides: bundled(npm(ts-jest)) = 26.4.4
+Provides: bundled(npm(ts-node)) = 9.0.0
 Provides: bundled(npm(tslib)) = 1.10.0
 Provides: bundled(npm(tti-polyfill)) = 0.2.2
-Provides: bundled(npm(typescript)) = 3.7.5
+Provides: bundled(npm(typescript)) = 3.9.7
 Provides: bundled(npm(uuid)) = 3.3.3
-Provides: bundled(npm(webpack)) = 4.41.2
+Provides: bundled(npm(visjs-network)) = 4.25.0
+Provides: bundled(npm(webpack)) = 4.41.5
 Provides: bundled(npm(webpack-bundle-analyzer)) = 3.6.0
 Provides: bundled(npm(webpack-cleanup-plugin)) = 0.5.1
 Provides: bundled(npm(webpack-cli)) = 3.3.10
-Provides: bundled(npm(webpack-dev-server)) = 3.10.3
+Provides: bundled(npm(webpack-dev-server)) = 3.11.1
 Provides: bundled(npm(webpack-merge)) = 4.2.2
 Provides: bundled(npm(whatwg-fetch)) = 3.0.0
 Provides: bundled(npm(zone.js)) = 0.7.8
@@ -454,8 +477,12 @@ rm -r plugins-bundled
 %endif
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 %patch8 -p1
+%patch9 -p1
+%if %{enable_fips_mode}
+%patch10 -p1
+%endif
+%patch11 -p1
 
 # Set up build subdirs and links
 mkdir -p %{_builddir}/src/github.com/grafana
@@ -571,7 +598,7 @@ chmod 640 %{_sysconfdir}/%{name}/ldap.toml
 %check
 # Test frontend
 %if %{compile_frontend}
-yarn test
+node_modules/.bin/jest
 %endif
 
 # Test backend
@@ -585,6 +612,9 @@ export TZ=GMT
 
 %gotest ./pkg/...
 
+%if %{enable_fips_mode}
+GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption
+%endif
 
 %files
 # binaries and wrappers
@@ -631,9 +661,29 @@ export TZ=GMT
 
 
 %changelog
-* Wed Oct 06 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-3
+* Wed Oct 06 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-4
 - resolve CVE-2021-39226
-- resolve CVE-2021-27358
+
+* Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-3
+- rebuild to resolve CVE-2021-34558
+
+* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2
+- remove unused dependency property-information
+- always include FIPS patch in SRPM
+
+* Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1
+- update to 7.5.9 tagged upstream community sources, see CHANGELOG
+
+* Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1
+- update to 7.5.8 tagged upstream community sources, see CHANGELOG
+- remove unused dependencies selfsigned, http-signature and gofpdf
+
+* Fri Jun 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-2
+- remove unused cryptographic implementations
+- use cryptographic functions from OpenSSL if FIPS mode is enabled
+
+* Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1
+- update to 7.5.7 tagged upstream community sources, see CHANGELOG
 
 * Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-2
 - change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083)