Evan Rusackas
|
80ea36c852
|
fix(db_engine_specs): escape schema name in regex; document safe filter pattern (#40642)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-03 11:56:51 -07:00 |
|
Evan Rusackas
|
6ea4e22785
|
refactor(nvd3): extract testable generateAnnotationTooltipContent helper (#40620)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-03 11:56:07 -07:00 |
|
Evan Rusackas
|
fcb1e299ac
|
fix(nvd3): sanitize generateMultiLineTooltipContent output (#40612)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-03 11:55:55 -07:00 |
|
Amin Ghadersohi
|
f4dfb7f026
|
fix(mcp): fall back to form_data spatial query for Deck.gl charts (#40339)
|
2026-06-03 13:30:52 -04:00 |
|
Amin Ghadersohi
|
001834470b
|
fix(mcp): escape LIKE wildcards in MCP list tool search filters (#40682)
|
2026-06-03 13:30:05 -04:00 |
|
Evan Rusackas
|
e5c7200551
|
ci: gate expensive test workflows at the job level (#40718)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-03 10:04:10 -07:00 |
|
Evan Rusackas
|
cb2a56d16e
|
chore: guard recursive merge keys and invoke subprocess without a shell (#40558)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-03 22:18:05 +07:00 |
|
Burhanuddin Mundrawala
|
e5ff6de790
|
chore: correct typos in config.py and models_test.py comments (#40706)
|
2026-06-03 21:58:29 +07:00 |
|
faisal2901
|
accc94da51
|
fix(users): show 0 for null login_count and fail_login_count (#40281)
|
2026-06-03 10:14:46 -04:00 |
|
Evan Rusackas
|
c914df5a67
|
ci: harden CI against Docker Hub registry flakes (retries + auth) (#40700)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-03 19:53:24 +07:00 |
|
Shaitan
|
e3ba85b1a5
|
fix(redirect): normalize browser-stripped whitespace before protocol-relative check (#40566)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-03 12:56:10 +01:00 |
|
Shaitan
|
b8a2f925ee
|
fix(views): enforce per-chart access check in legacy form_data endpoint (#40497)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-03 12:56:03 +01:00 |
|
Shaitan
|
77c2bed5f7
|
fix(dashboards): narrow datasets payload to callers with read access (#40396)
Co-authored-by: Claude Sonnet 4 <noreply@anthropic.com>
|
2026-06-03 12:55:57 +01:00 |
|
Shaitan
|
56fd991efd
|
fix(dataset): unify validation for stored and adhoc SQL expressions (#40392)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-03 12:55:50 +01:00 |
|
Shaitan
|
61b32d1b7d
|
fix(chart): standardize dashboard validation across chart create/update (#40336)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:44 +01:00 |
|
Shaitan
|
3191b0fdcd
|
fix: apply dashboard access check in related_objects endpoints (#40333)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:38 +01:00 |
|
Shaitan
|
cf08a5ebf7
|
feat(docker): add environment-based debugger control (#40327)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Mehmet Salih Yavuz <salih.yavuz@proton.me>
Co-authored-by: Beto Dealmeida <roberto@dealmeida.net>
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Jay Masiwal <masiwaljay.02@gmail.com>
Co-authored-by: JUST.in DO IT <justin.park@airbnb.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: chaselynisabella <chaselynisabella@gmail.com>
|
2026-06-03 12:55:31 +01:00 |
|
Shaitan
|
f7f50a7977
|
fix(sqllab): quote CTAS target identifiers and validate tmp_table_name format (#40245)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:25 +01:00 |
|
Shaitan
|
725f5ed2a9
|
fix(api): enforce per-object ownership validation in chart, dataset, and report commands (#39303)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:15 +01:00 |
|
Shaitan
|
faa76f6741
|
fix(embedding): add optional dataset allowlist to guest tokens (#39302)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-03 12:55:09 +01:00 |
|
Shaitan
|
8e4a460cc7
|
fix(charts): apply DISALLOWED_SQL_FUNCTIONS gate to adhoc expressions (#40568)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-03 12:52:22 +01:00 |
|
Evan Rusackas
|
b9dc9d722e
|
fix(export): sanitize user-supplied CSV export filename (charts + SQL Lab) (#40632)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-03 00:14:48 -07:00 |
|
Evan Rusackas
|
fa41769a08
|
fix(embedded): enforce configured allowed domains for postMessage origin (#40629)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 22:58:30 -07:00 |
|
Evan Rusackas
|
df21fe6571
|
chore(mcp): return a generic error from the webdriver pool-stats endpoint (#40559)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 21:51:32 -07:00 |
|
Evan Rusackas
|
12bef03f4a
|
fix(jinja): apply consistent escaping to url_param values from request args (#40633)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 21:23:48 -07:00 |
|
Evan Rusackas
|
0b9764aed5
|
fix(mcp): honor AUTH_ROLE_ADMIN and warn on permission-less protected tools (#40659)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 21:20:11 -07:00 |
|
Evan Rusackas
|
ac522ded1c
|
fix(ssh-tunnel): validate server_address format (SSRF defense-in-depth) (#40665)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 21:19:24 -07:00 |
|
Evan Rusackas
|
c54990c861
|
fix(plugin-chart-ag-grid-table): validate filter values/operators in state converter (#40623)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 18:44:29 -07:00 |
|
Evan Rusackas
|
3bbb35e8a3
|
ci(bashlib): drop the dead bc-based NONCE (perf + reliability) (#40691)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-02 16:49:49 -07:00 |
|
Shaitan
|
a2a369cb5c
|
fix(charts): sanitize tooltip HTML across nvd3, rose and partition plugins (#40502)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Evan Rusackas <evan@preset.io>
|
2026-06-02 16:45:38 -07:00 |
|
Evan Rusackas
|
9af6746dbe
|
fix(models): HTML-escape data-controlled values in dashboard_link and Slice.icons (#40639)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 16:15:11 -07:00 |
|
Evan Rusackas
|
6abee0289b
|
fix(reports): guard SUCCESS-state report execution against duplicate sends and stuck WORKING state (#40657)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 15:09:14 -07:00 |
|
Evan Rusackas
|
8c62f533d7
|
fix(core): restrict allowed CSS properties in sanitized HTML (#40627)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 14:24:00 -07:00 |
|
Oleg Ovcharuk
|
17d1a45bc9
|
feat(ydb): switch to native YDB sqlglot dialect (#40170)
|
2026-06-02 17:13:41 -04:00 |
|
Shaitan
|
6eaee211aa
|
fix(sqllab): require dataset match for raw query access (#40409)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-06-02 21:50:27 +01:00 |
|
Evan Rusackas
|
3e589436fa
|
fix(reports): sanitize error text in email notification template (#40641)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 13:40:10 -07:00 |
|
Evan Rusackas
|
a9df2c7e5e
|
fix(mcp): address post-approval review feedback on auth logging PR #40646 (#40684)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-02 13:39:23 -07:00 |
|
Evan Rusackas
|
8508af3201
|
chore(key_value): prune expired entries from the key-value store (#40663)
Co-authored-by: Claude Code <noreply@anthropic.com>
Co-authored-by: Ville Brofeldt <ville.v.brofeldt@gmail.com>
|
2026-06-02 12:36:32 -07:00 |
|
Evan Rusackas
|
49f3dbba73
|
fix(dashboard): address post-approval review feedback on #40528 (#40685)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
2026-06-02 12:16:15 -07:00 |
|
Amin Ghadersohi
|
616c243278
|
fix(deps): revert joserfc JWT error migration — fastmcp still uses authlib (#40688)
|
2026-06-02 12:02:17 -07:00 |
|
Evan Rusackas
|
00dd31494d
|
fix: sanitize URL sinks and trim sensitive log fields (#40546)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 11:52:02 -07:00 |
|
Evan Rusackas
|
b97d3ef520
|
fix(api,sql): use json_response in Api.query and log dialect fallback (#40644)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 11:48:46 -07:00 |
|
Evan Rusackas
|
4d2b10d916
|
chore(excel): strip document metadata from Excel exports (#40661)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 11:48:36 -07:00 |
|
SBIN2010
|
86fa5bb46f
|
feat(table v2): agGridTableChart add row numer column (#39284)
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: codeant-ai-for-open-source[bot] <244253245+codeant-ai-for-open-source[bot]@users.noreply.github.com>
|
2026-06-02 11:37:26 -07:00 |
|
Evan Rusackas
|
19c2b67d09
|
fix(websocket): validate last_id query param format (#40626)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 11:36:33 -07:00 |
|
Jean Massucatto
|
d2d46169bf
|
fix(explore): tighten popover title-to-tabs spacing to 12px (#40410)
|
2026-06-02 11:30:27 -07:00 |
|
Jean Massucatto
|
1b8099811b
|
fix(chart-list): sort by changed_on instead of last_saved_at (#39984)
|
2026-06-02 10:58:23 -07:00 |
|
Evan Rusackas
|
242c27a974
|
test(presto): 401 Unauthorized must surface as CONNECTION_ACCESS_DENIED_ERROR (#33554) (#40618)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-02 10:49:58 -07:00 |
|
Evan Rusackas
|
24422c8311
|
test(histogram): metric filters require aggregation in buildQuery (#30330) (#40617)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-02 10:49:43 -07:00 |
|
Evan Rusackas
|
1632b235ae
|
fix(sqllab): surface stacktrace in SQL Lab error responses (#28248) (#40585)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-02 10:41:39 -07:00 |
|