QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-21 15:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,047 Commits 472 Branches 545 Tags
2ccb099450c8a07d1aa8a47660f7600b34e273e4
Commit Graph

20047 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Amin Ghadersohi
2ccb099450 fix(mcp): hide write tools from users without write permissions 
Phase 1: MCPPermissionDeniedError falls through to GlobalErrorHandlerMiddleware's
generic "Internal error" branch (500-style response) because it doesn't subclass
PermissionError. Fixed by adding it to _USER_ERROR_TYPES and an explicit elif
branch in _handle_error() that converts it to a clean ToolError.

Phase 2: Add RBACToolVisibilityMiddleware that intercepts tools/list and removes
tools the calling user lacks permission to execute. Add
is_tool_visible_to_current_user() to auth.py as the single source of truth for
tool visibility, shared by both the new middleware and the existing tool-search
transform. Register the middleware inside StructuredContentStripperMiddleware so
it filters full tool objects before outputSchema stripping. Fail open: if user
resolution fails, all tools are returned (call-time RBAC still enforces).

Also update server instructions to note write tools require write permissions.
 2026-05-19 13:57:47 +00:00
dependabot[bot]
ac5e8f1308 chore(deps): bump swagger-ui-react from 5.32.5 to 5.32.6 in /docs (#40056) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 21:51:35 -07:00
Evan Rusackas
f98edc351e chore(deps): coordinated bump jest 30.3→30.4 + jest-environment-jsdom 29→30 (#40206) 
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-19 11:35:19 +07:00
dependabot[bot]
4ceefb7e40 chore(deps): bump fs-extra from 11.3.2 to 11.3.5 in /superset-frontend (#39936) 
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: hainenber <dotronghai96@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: hainenber <dotronghai96@gmail.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
 2026-05-18 20:38:57 -07:00
dependabot[bot]
1b9f06c840 chore(deps-dev): bump eslint-plugin-react-you-might-not-need-an-effect from 0.10.0 to 0.10.1 in /superset-frontend (#39902) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
 2026-05-18 16:28:05 -07:00
Evan Rusackas
9bfa0642a1 test(sql-parser): pin quoted identifiers with spaces are not subqueries (#32541, #32684) (#40143) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-18 14:21:59 -07:00
Beto Dealmeida
e874e5cbaf fix: OAuth2 trigger (#40097) 2026-05-18 17:00:06 -04:00
Elizabeth Thompson
ef0efb7493 fix(mcp): exclude self-referencing filter columns from get_schema output (#39826) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
 2026-05-18 13:51:25 -07:00
alex
0e46d21205 fix(deckgl): emit usable cross-filter values from polygon and geojson clicks (#39906) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-18 22:07:05 +02:00
Evan Rusackas
6fa0b48752 docs: cut 6.1.0 versions for user_docs, admin_docs, developer_docs, components (#40126) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-18 12:59:39 -07:00
dependabot[bot]
43231d56df chore(deps): update dompurify requirement from ^3.4.3 to ^3.4.5 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (#40213) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 12:03:03 -07:00
dependabot[bot]
9d8293f815 chore(deps): update reselect requirement from ^5.1.1 to ^5.2.0 in /superset-frontend/packages/superset-ui-core (#40214) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 12:02:52 -07:00
dependabot[bot]
b7f125e48d chore(deps): update dompurify requirement from ^3.4.2 to ^3.4.5 in /superset-frontend/packages/superset-ui-core (#40216) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 12:02:39 -07:00
dependabot[bot]
522b6a2296 chore(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /docs (#40227) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 12:01:08 -07:00
dependabot[bot]
00d3a7dd1e chore(deps-dev): bump oxlint from 1.63.0 to 1.64.0 in /superset-frontend (#40160) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 10:28:13 -07:00
jesperct
5393fdfabf fix(echarts): suppress phantom x-axis label at axis edge when no time grain (#39972) 2026-05-18 09:52:48 -07:00
Jean Massucatto
054aeb3bae fix(explore): prevent unnecessary scrollbars during chart rendering (#39291) 2026-05-18 09:51:06 -07:00
Richard Fogaca Nienkotter
47bc1a3b4b fix(deckgl): render all MultiPolygon parts in Polygon chart (#40100) 2026-05-18 13:46:58 -03:00
Vitor Avila
d40a5cad5d fix(OAuth2): Re-query the OAuth2 token to avoid stale reference (#40071) 2026-05-18 13:07:54 -03:00
Evan Rusackas
38546d7a3d chore(deps): coordinated bump ag-grid-community + ag-grid-react 35.2.1→35.3.0 (#40205) 
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 22:18:37 +07:00
dependabot[bot]
6e5dfa0dd4 chore(deps): bump baseline-browser-mapping from 2.10.29 to 2.10.30 in /docs (#40211) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 22:14:27 +07:00
SkinnyPigeon
70419e9d8f feat: Allow specific mcp tools to be disabled (#39835) 2026-05-18 07:22:02 -07:00
Evan Rusackas
34281f54a6 test(prophet): pin yhat_lower can be negative for negative series (#21734) (#40141) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-18 07:21:04 -07:00
Evan Rusackas
53d5c41a72 test(security): regression test for session cookie after logout (#24713) (#40201) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-18 07:20:51 -07:00
Evan Rusackas
453f49ce33 test(api): regression test for Admin empty dashboard/chart list (#25890) (#40202) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-18 07:20:37 -07:00
Mafi
b66c104fde fix(sqllab): execute prequeries on streaming connection to fix PostgreSQL CSV export (#40194) 
Co-authored-by: Matt Fitzgerald <matt.fitzgerald@preset.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-18 09:43:06 -04:00
dependabot[bot]
61b77fa35d chore(deps-dev): bump ip-address from 10.1.0 to 10.2.0 in /superset-frontend (#40199) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-18 06:29:05 -07:00
dependabot[bot]
0da0767780 chore(deps-dev): bump eslint from 10.3.0 to 10.4.0 in /superset-websocket (#40208) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:28:43 -07:00
dependabot[bot]
e2ff2d5d41 chore(deps): bump reselect from 5.1.1 to 5.2.0 in /docs (#40209) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:28:25 -07:00
dependabot[bot]
6a6be4c385 chore(deps): bump antd from 6.4.2 to 6.4.3 in /docs (#40210) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:28:00 -07:00
dependabot[bot]
cf831388d8 chore(deps): bump caniuse-lite from 1.0.30001792 to 1.0.30001793 in /docs (#40212) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:27:36 -07:00
dependabot[bot]
684a66aee6 chore(deps): update zod requirement from ^4.4.1 to ^4.4.3 in /superset-frontend/plugins/plugin-chart-echarts (#40215) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:27:09 -07:00
dependabot[bot]
80a200820c chore(deps): bump react-map-gl from 8.1.0 to 8.1.1 in /superset-frontend (#40217) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:26:50 -07:00
dependabot[bot]
f47300102c chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#40218) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-18 06:26:20 -07:00
Alejandro Solares
dd523c1a7b fix(deps): patch fast-xml-parser CVE-2026-33036 and CVE-2026-33349 (#40118) 2026-05-18 08:30:17 +01:00
dependabot[bot]
02a8196a6d chore(deps): update dompurify requirement from ^3.4.1 to ^3.4.2 in /superset-frontend/packages/superset-ui-core (#39808) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-17 20:16:45 -07:00
dependabot[bot]
4e13512ed8 chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/plugins/plugin-chart-handlebars (#40015) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-17 20:16:14 -07:00
dependabot[bot]
268dadbb5b chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/plugins/plugin-chart-pivot-table (#40018) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-17 20:15:58 -07:00
dependabot[bot]
427e7e53cd chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/packages/generator-superset (#40019) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-17 20:15:44 -07:00
dependabot[bot]
78f54b68ac chore(deps): update dompurify requirement from ^3.4.1 to ^3.4.3 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (#40106) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-17 20:15:07 -07:00
dependabot[bot]
6c4c3dc71c chore(deps): bump serialize-javascript and terser-webpack-plugin in /superset-frontend/cypress-base (#40174) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 20:13:36 -07:00
dependabot[bot]
26925af9ed chore(deps): bump minimatch from 3.1.3 to 3.1.5 in /superset-frontend/cypress-base (#40198) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 19:59:44 -07:00
dependabot[bot]
fdb62d8f35 chore(deps): bump yeoman-generator from 8.1.2 to 8.2.2 in /superset-frontend (#40154) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-05-17 19:59:29 -07:00
Evan Rusackas
3a9c54a672 fix(date_parser): suppress noisy parsedatetime DEBUG logs (#33365) (#40144) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-17 19:58:08 -07:00
Evan Rusackas
e6755d508d fix(rls): align view permission name with REST API canonical name (#33744) (#40145) 
Co-authored-by: Claude Code <noreply@anthropic.com>
 2026-05-17 19:57:57 -07:00
dependabot[bot]
b09ef7a406 chore(deps): bump minimatch from 3.1.2 to 3.1.5 in /superset-embedded-sdk (#40176) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 10:27:28 -07:00
dependabot[bot]
9eecc5a2a6 chore(deps): bump axios from 1.15.0 to 1.16.1 in /docs (#40177) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 10:26:44 -07:00
dependabot[bot]
d308649a65 chore(deps-dev): bump @types/node from 25.7.0 to 25.8.0 in /superset-frontend (#40157) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 10:25:08 -07:00
dependabot[bot]
dd4e2e2e44 chore(deps-dev): update sqlalchemy-exasol requirement from <3.0,>=2.4.0 to >=2.4.0,<8.0 (#40182) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 10:24:53 -07:00
dependabot[bot]
6165a2531f chore(deps): bump fast-uri from 3.0.6 to 3.1.2 in /superset-frontend (#40175) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-17 10:24:24 -07:00