Add support for skipping TLS verification to Harper

[cap10morgan]

This is useful for dev against hostname-based clusters which require an HTTPS connection but typically use self-signed certs.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​grafana/​plugin-ui@​0.12.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Deprecated by its maintainer: npm @babel/polyfill Reason: 🚨 This package has been deprecated in favor of separate inclusion of a polyfill and regenerator-runtime (when needed). See the @babel/polyfill docs (https://babeljs.io/docs/en/babel-polyfill) for more information. From: package-lock.json → npm/@grafana/plugin-ui@0.12.1 → npm/@babel/polyfill@7.12.1 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/polyfill@7.12.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm core-js Reason: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. From: package-lock.json → npm/@grafana/plugin-ui@0.12.1 → npm/core-js@2.6.12 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/core-js@2.6.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

Bundle Size Changes

Hello! 👋 This comment was generated by a Github Action to help you and reviewers understand the impact of your PR on frontend bundle sizes.

Whenever this PR is updated, this comment will update to reflect the latest changes.

EntryPoint	Size	% Diff
module	17.19 KB (+3.04 KB)	+21.50%

Files	Total bundle size	% Diff
9	1000.34 KB (+3.04 KB)	+0.31%

View detailed bundle information

Added

No assets were added

Removed

No assets were removed

Bigger

Name	Size	% Diff
module.js	17.19 KB (+3.04 KB)	+21.50%

Smaller

No assets were smaller

View module information

Added

Name	Size	% Diff
@grafana/plugin-ui	3.67 KB (+3.67 KB)	-
react	1.05 KB (+1.05 KB)	-

Removed

No modules were removed

Bigger

Name	Size	% Diff
./components/ConfigEditor.tsx	5.74 KB (+1.06 KB)	+22.53%

Smaller

No modules were smaller

[cap10morgan]

Re: the Socket warnings, the dependencies in here are mostly defined by the Grafana plugin template. But changes to it do get synced up here eventually. So if they decide to drop those deprecated dependencies, that change should make its way here. But I don't think we want to preemptively remove them.