Commit Graph

2948 Commits

Author SHA1 Message Date
Hugh A Miles II
5f5595e8df feat(charts): apply active_data_mask in dashboard filter context
Extend get_dashboard_filter_context with an optional active_data_mask kwarg so
callers can resolve each in-scope native filter against live dashboard filter
state instead of saved defaults. A non-empty active extraFormData is applied,
an empty one clears the filter (no fallback to default), and filters absent
from the mask keep their defaults. Backward compatible: omitting the kwarg
reproduces initial-load behavior. Adds unit tests covering override, clear,
fallback, defaultToFirstItem, and out-of-scope cases.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 09:54:38 -07:00
Hugh A Miles II
5421799b68 refactor(charts): extract query-context filter merge helper
Extract the extra_form_data merge block from the chart data GET endpoint
into apply_extra_form_data_to_query_context_json() in dashboard_filter_context,
so it can be reused by the upcoming dashboard Excel export task. No behavior
change; adds unit tests for the extracted helper.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 09:52:46 -07:00
Amin Ghadersohi
2f008afca9 fix(mcp): add dataset_id to update_chart to support rebinding chart datasource (#40853)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-12 10:42:53 -04:00
Evan Rusackas
814b72c6f9 feat(security): force password change on first use (opt-in) (#40669)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 22:23:10 -07:00
Evan Rusackas
663b47aa75 feat: support guest-token revocation per embedded dashboard (#40676)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 19:37:22 -07:00
Evan Rusackas
9938ee273f feat: terminate active sessions when an account is disabled (#40695)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 19:37:13 -07:00
Abdul Rehman
42d0c4436e fix(permalink): accept null entries in activeTabs for v5-imported dashboards (#40969) 2026-06-11 22:03:27 +07:00
Evan Rusackas
6c5ad1e912 fix(sqllab): apply SQL controls (RLS/DML/disallowed) to cost estimation (#40662)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 05:33:42 -07:00
Richard Fogaca Nienkotter
046b1b61b3 fix(maps): preserve OSM styles and configurable renderer defaults (#40804) 2026-06-10 22:26:00 -03:00
Dylan Cavalcante
f79a88c685 test(core): add unit tests for split function (#40819)
Co-authored-by: Đỗ Trọng Hải <41283691+hainenber@users.noreply.github.com>
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 16:12:35 -07:00
Evan Rusackas
5a0e3f15ca feat(embedded): add guest token revocation support (#40671)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-10 09:17:30 -07:00
Evan Rusackas
08b8bdecbd fix(charts): tighten chart schema input validation (query_context JSON, prophet/rolling bounds) (#40634)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-10 08:17:12 -07:00
Evan Rusackas
0a1e51f542 fix(schemas): tighten guest dataset fields, external_url protocols, ssh creds, prophet bounds (#40640)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 18:30:30 -07:00
Elizabeth Thompson
c0e78f39d7 fix: replace deprecated appbuilder.app with current_app (#40876)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 15:01:43 -07:00
dependabot[bot]
543ad04ca0 chore(deps): bump pyarrow from 20.0.0 to 24.0.0 (#39756)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 12:51:33 -07:00
Evan Rusackas
00e3682aaf fix(dashboard): URL-encode native_filters in permalink redirect (#40660)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 11:37:08 -07:00
Evan Rusackas
004101a752 fix(rls): apply standard datasource access checks in RLS rule commands (#40650)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 11:24:12 -07:00
Evan Rusackas
568f34d6d8 fix(mcp): enforce audience, algorithm, issuer binding, and token scopes (strict mode) (#40653)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 11:08:20 -07:00
Evan Rusackas
a0cf798409 fix(embedded): add Sec-Fetch-Dest defense-in-depth check on the embedded view (#40667)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 11:08:08 -07:00
Evan Rusackas
065578e48a fix(commands,api): enforce command validation, sanitize export filename/token, set cache TTLs (#40655)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 10:29:46 -07:00
EMMANUELA OPURUM
6311e2c315 fix: use pd.to_numeric in df_metrics_to_num to handle string-encoded numerics from ClickHouse (#40190)
Co-authored-by: Emmanuela Opurum <youremail@example.com>
Co-authored-by: Đỗ Trọng Hải <41283691+hainenber@users.noreply.github.com>
2026-06-09 10:28:34 -07:00
Evan Rusackas
bf9ad4d2ba fix: set charset via content_type to avoid malformed Content-Type headers (#40658)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 10:17:44 -07:00
Evan Rusackas
0133ebc9f2 feat(mcp): log successful JWT authentication events (#40864)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 09:34:52 -07:00
Evan Rusackas
b64dd4af4a fix(mcp): handle JWKS fetch network errors during token verification (#40869)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 09:34:33 -07:00
Evan Rusackas
7b1e1e5668 fix(charts): route CSV result format through the escaping CSV writer (#40859)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 09:33:46 -07:00
Evan Rusackas
9105adc67b fix(mcp): return a generic message when a request is unauthenticated (#40861)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-09 09:19:15 -07:00
Sebastian Mohr
443fd7bcee fix(assets): Support uploading tags using the assets import endpoint (#38343)
Co-authored-by: Sam Firke <sfirke@users.noreply.github.com>
2026-06-09 10:13:28 -04:00
Daniel Vaz Gaspar
2f71771b56 fix(sqllab): prevent corrupted query state from blocking SQL Lab access (#40580)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Joe Li <joe@preset.io>
2026-06-09 10:51:45 +01:00
Evan Rusackas
3afbb48188 fix(uploads,dao): add zip-safety check to columnar reader and cap DAO page size (#40637)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 17:07:57 -07:00
Evan Rusackas
837f41986d fix: reject default guest/async JWT secrets at startup (#40649)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 16:53:37 -07:00
Evan Rusackas
8eda626466 fix: raise random_key entropy and add expiry to async query tokens (#40638)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 16:24:06 -07:00
Evan Rusackas
fe9818226d fix(viz): gate stacktrace behind SHOW_STACKTRACE and allowlist resample method (#40636)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 16:09:59 -07:00
Evan Rusackas
911bb9dcda fix: harden ZIP safety checks (total-size cap, zero-division guard) and extension path matching (#40664)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 14:14:53 -07:00
Evan Rusackas
507cf93687 test(dashboard): API-created dashboards should link charts from position_json (#32966) (#40816)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-08 10:51:25 -07:00
Amin Ghadersohi
ef7379c47e chore(mcp): remove low-value list/info tools that fail agent-native policy (#40690) 2026-06-06 14:57:41 -04:00
Amin Ghadersohi
84aaaaa6b0 fix(mcp): filter sensitive database columns from list_databases loaded-metadata (#40771) 2026-06-06 14:57:21 -04:00
Evan Rusackas
b85a2cdab1 fix: ODPS (MaxCompute) data source table preview failed (#38174)
Co-authored-by: zhutong6688 <zhutong66@163.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-05 17:57:44 -07:00
Evan Rusackas
381b99ae84 fix(csv): respect CSV_EXPORT config for decimal separator and delimiter (#38170)
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-05 17:57:21 -07:00
Evan Rusackas
6b0d747939 fix: cache warmup using WebDriver for reliable authentication (#38449)
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 16:36:30 -07:00
Evan Rusackas
19d01521bf fix(dashboard): replace chartsInScope references at import time (#38171)
Co-authored-by: Rémy Dubois <remy.dubois@komodohealth.com>
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-05 11:42:24 -07:00
Evan Rusackas
1623ceda73 fix(result_set): preserve JSON/JSONB data as objects instead of strings (#38172)
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-05 11:41:40 -07:00
madhushreeag
fa42b13eb8 fix(dataset): preserve numeric column types when pydruid infers STRING from first-row value (#40677)
Co-authored-by: madhushree agarwal <madhushree_agarwal@apple.com>
2026-06-05 09:25:57 -07:00
Amin Ghadersohi
aa4092ba68 fix(mcp): add select_columns lean defaults to get_dashboard_info, get_chart_info, get_dataset_info (#40473)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Richard Fogaça <richardfogaca@gmail.com>
2026-06-05 11:10:13 -03:00
Elizabeth Thompson
42367afb25 fix(reports): add per-tile animation wait to prevent partial ECharts renders in tiled screenshots (#40694)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-04 16:43:34 -07:00
Vitor Avila
7406098708 fix(dashboard-filter): Consider dashboard filters to charts not declared in the dashboard position (#40774) 2026-06-04 16:43:38 -03:00
Evan Rusackas
0d1b702ce8 feat(extensions): static supply-chain controls — denylist + version policy (#40668)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-04 12:29:03 -07:00
Amin Ghadersohi
7d69f76127 fix(mcp): API key authentication for MCP — transport, validation, and RBAC (#39604) 2026-06-04 15:04:43 -04:00
Evan Rusackas
9a31362fa5 fix(reports): stamp email subject date at send time, not import time (#40693)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 12:03:28 -07:00
Evan Rusackas
23d18743bd fix(deck.gl): strip all JS-executed form_data keys when JavaScript controls are disabled (#40602)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-04 10:14:33 -07:00
Shaitan
41572dbf9d fix(chart): restrict owner lookup to users with write access (#39304)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 23:00:31 +01:00