superset2

mirror of https://github.com/apache/superset.git synced 2026-06-01 13:49:21 +00:00

Author	SHA1	Message	Date
Joe Li	8082013e2e	fix(embedded-e2e): use route allowlist in static test server The test app server only ever serves /, /index.html, and /sdk/index.js, so replace dynamic path joining with a fixed allowlist. This eliminates the data flow from req.url to readFileSync that CodeQL flagged as a path-traversal sink — the previous resolve+startsWith containment check was correct but not recognized as a sanitizer by the analyzer.	2026-05-19 14:10:30 -07:00
Joe Li	cc08a4be01	ci(embedded-e2e): build SDK and configure test environment - Add a build-embedded-sdk step to bashlib.sh and wire it into the superset-playwright and superset-e2e workflows so the SDK bundle is compiled before Playwright runs. - Set SUPERSET_FEATURE_EMBEDDED_SUPERSET=true via workflow env so the feature flag only affects Playwright jobs. Setting it in the shared integration test config breaks unrelated Python tests because the security manager's guest-user paths access g.user through paths that most tests don't mock. - Add CORS for localhost:9000 and TALISMAN_ENABLED=False to the integration test config. Talisman defaults to X-Frame-Options: SAMEORIGIN, which blocks the embedded dashboard from rendering inside an iframe hosted on a different port.	2026-05-19 14:10:30 -07:00
Joe Li	b2955fbb4a	feat(embedded-e2e): add Playwright E2E tests for embedded dashboards Adds five tests covering the embedded dashboard flow against the world_health example: render, hideTitle UI config, chart rendering, allowed_domains referrer check, and guest-token data access. Includes: - A chromium-embedded Playwright project, excluded from the main project via testIgnore so it can be opted into separately. - An EmbeddedPage page object and API helpers for embedding/guest tokens plus dashboard lookup by slug. - A static test app (embedded-app/index.html) loaded from a minimal Node static server. Playwright bridges the guest-token fetch from Node into the browser via page.exposeFunction. - EMBEDDED timeout/config constants. Workflow integration and test-environment configuration land in a follow-up commit.	2026-05-19 14:10:30 -07:00
Evan Rusackas	1230b9091b	docs: hide Component Playground top-level nav item (#40247 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-19 09:32:53 -07:00
madhushreeag	852d0182b5	fix(roles): prevent 404 and silent user removal on large role edits (#40178 ) Co-authored-by: madhushree agarwal <madhushree_agarwal@apple.com>	2026-05-19 09:13:43 -07:00
dependabot[bot]	ac5e8f1308	chore(deps): bump swagger-ui-react from 5.32.5 to 5.32.6 in /docs (#40056 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 21:51:35 -07:00
Evan Rusackas	f98edc351e	chore(deps): coordinated bump jest 30.3→30.4 + jest-environment-jsdom 29→30 (#40206 ) Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-19 11:35:19 +07:00
dependabot[bot]	4ceefb7e40	chore(deps): bump fs-extra from 11.3.2 to 11.3.5 in /superset-frontend (#39936 ) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: hainenber <dotronghai96@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: hainenber <dotronghai96@gmail.com> Co-authored-by: Evan Rusackas <evan@preset.io>	2026-05-18 20:38:57 -07:00
dependabot[bot]	1b9f06c840	chore(deps-dev): bump eslint-plugin-react-you-might-not-need-an-effect from 0.10.0 to 0.10.1 in /superset-frontend (#39902 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Evan Rusackas <evan@preset.io>	2026-05-18 16:28:05 -07:00
Evan Rusackas	9bfa0642a1	test(sql-parser): pin quoted identifiers with spaces are not subqueries (#32541 , #32684 ) (#40143 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-18 14:21:59 -07:00
Beto Dealmeida	e874e5cbaf	fix: OAuth2 trigger (#40097 )	2026-05-18 17:00:06 -04:00
Elizabeth Thompson	ef0efb7493	fix(mcp): exclude self-referencing filter columns from get_schema output (#39826 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>	2026-05-18 13:51:25 -07:00
alex	0e46d21205	fix(deckgl): emit usable cross-filter values from polygon and geojson clicks (#39906 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-18 22:07:05 +02:00
Evan Rusackas	6fa0b48752	docs: cut 6.1.0 versions for user_docs, admin_docs, developer_docs, components (#40126 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-18 12:59:39 -07:00
dependabot[bot]	43231d56df	chore(deps): update dompurify requirement from ^3.4.3 to ^3.4.5 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (#40213 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 12:03:03 -07:00
dependabot[bot]	9d8293f815	chore(deps): update reselect requirement from ^5.1.1 to ^5.2.0 in /superset-frontend/packages/superset-ui-core (#40214 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 12:02:52 -07:00
dependabot[bot]	b7f125e48d	chore(deps): update dompurify requirement from ^3.4.2 to ^3.4.5 in /superset-frontend/packages/superset-ui-core (#40216 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 12:02:39 -07:00
dependabot[bot]	522b6a2296	chore(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /docs (#40227 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 12:01:08 -07:00
dependabot[bot]	00d3a7dd1e	chore(deps-dev): bump oxlint from 1.63.0 to 1.64.0 in /superset-frontend (#40160 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 10:28:13 -07:00
jesperct	5393fdfabf	fix(echarts): suppress phantom x-axis label at axis edge when no time grain (#39972 )	2026-05-18 09:52:48 -07:00
Jean Massucatto	054aeb3bae	fix(explore): prevent unnecessary scrollbars during chart rendering (#39291 )	2026-05-18 09:51:06 -07:00
Richard Fogaca Nienkotter	47bc1a3b4b	fix(deckgl): render all MultiPolygon parts in Polygon chart (#40100 )	2026-05-18 13:46:58 -03:00
Vitor Avila	d40a5cad5d	fix(OAuth2): Re-query the OAuth2 token to avoid stale reference (#40071 )	2026-05-18 13:07:54 -03:00
Evan Rusackas	38546d7a3d	chore(deps): coordinated bump ag-grid-community + ag-grid-react 35.2.1→35.3.0 (#40205 ) Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 22:18:37 +07:00
dependabot[bot]	6e5dfa0dd4	chore(deps): bump baseline-browser-mapping from 2.10.29 to 2.10.30 in /docs (#40211 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 22:14:27 +07:00
SkinnyPigeon	70419e9d8f	feat: Allow specific mcp tools to be disabled (#39835 )	2026-05-18 07:22:02 -07:00
Evan Rusackas	34281f54a6	test(prophet): pin yhat_lower can be negative for negative series (#21734 ) (#40141 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-18 07:21:04 -07:00
Evan Rusackas	53d5c41a72	test(security): regression test for session cookie after logout (#24713 ) (#40201 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-18 07:20:51 -07:00
Evan Rusackas	453f49ce33	test(api): regression test for Admin empty dashboard/chart list (#25890 ) (#40202 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-18 07:20:37 -07:00
Mafi	b66c104fde	fix(sqllab): execute prequeries on streaming connection to fix PostgreSQL CSV export (#40194 ) Co-authored-by: Matt Fitzgerald <matt.fitzgerald@preset.io> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-18 09:43:06 -04:00
dependabot[bot]	61b77fa35d	chore(deps-dev): bump ip-address from 10.1.0 to 10.2.0 in /superset-frontend (#40199 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-18 06:29:05 -07:00
dependabot[bot]	0da0767780	chore(deps-dev): bump eslint from 10.3.0 to 10.4.0 in /superset-websocket (#40208 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:28:43 -07:00
dependabot[bot]	e2ff2d5d41	chore(deps): bump reselect from 5.1.1 to 5.2.0 in /docs (#40209 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:28:25 -07:00
dependabot[bot]	6a6be4c385	chore(deps): bump antd from 6.4.2 to 6.4.3 in /docs (#40210 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:28:00 -07:00
dependabot[bot]	cf831388d8	chore(deps): bump caniuse-lite from 1.0.30001792 to 1.0.30001793 in /docs (#40212 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:27:36 -07:00
dependabot[bot]	684a66aee6	chore(deps): update zod requirement from ^4.4.1 to ^4.4.3 in /superset-frontend/plugins/plugin-chart-echarts (#40215 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:27:09 -07:00
dependabot[bot]	80a200820c	chore(deps): bump react-map-gl from 8.1.0 to 8.1.1 in /superset-frontend (#40217 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:26:50 -07:00
dependabot[bot]	f47300102c	chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#40218 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 06:26:20 -07:00
Alejandro Solares	dd523c1a7b	fix(deps): patch fast-xml-parser CVE-2026-33036 and CVE-2026-33349 (#40118 )	2026-05-18 08:30:17 +01:00
dependabot[bot]	02a8196a6d	chore(deps): update dompurify requirement from ^3.4.1 to ^3.4.2 in /superset-frontend/packages/superset-ui-core (#39808 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-17 20:16:45 -07:00
dependabot[bot]	4e13512ed8	chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/plugins/plugin-chart-handlebars (#40015 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 20:16:14 -07:00
dependabot[bot]	268dadbb5b	chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/plugins/plugin-chart-pivot-table (#40018 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 20:15:58 -07:00
dependabot[bot]	427e7e53cd	chore(deps-dev): update jest requirement from ^30.3.0 to ^30.4.2 in /superset-frontend/packages/generator-superset (#40019 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 20:15:44 -07:00
dependabot[bot]	78f54b68ac	chore(deps): update dompurify requirement from ^3.4.1 to ^3.4.3 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (#40106 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-17 20:15:07 -07:00
dependabot[bot]	6c4c3dc71c	chore(deps): bump serialize-javascript and terser-webpack-plugin in /superset-frontend/cypress-base (#40174 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 20:13:36 -07:00
dependabot[bot]	26925af9ed	chore(deps): bump minimatch from 3.1.3 to 3.1.5 in /superset-frontend/cypress-base (#40198 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 19:59:44 -07:00
dependabot[bot]	fdb62d8f35	chore(deps): bump yeoman-generator from 8.1.2 to 8.2.2 in /superset-frontend (#40154 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <claude@anthropic.com>	2026-05-17 19:59:29 -07:00
Evan Rusackas	3a9c54a672	fix(date_parser): suppress noisy parsedatetime DEBUG logs (#33365 ) (#40144 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-17 19:58:08 -07:00
Evan Rusackas	e6755d508d	fix(rls): align view permission name with REST API canonical name (#33744 ) (#40145 ) Co-authored-by: Claude Code <noreply@anthropic.com>	2026-05-17 19:57:57 -07:00
dependabot[bot]	b09ef7a406	chore(deps): bump minimatch from 3.1.2 to 3.1.5 in /superset-embedded-sdk (#40176 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:27:28 -07:00

1 2 3 4 5 ...

20051 Commits