superset2

mirror of https://github.com/apache/superset.git synced 2026-05-25 09:45:18 +00:00

Author	SHA1	Message	Date
Claude Code	dfd3f7b316	ci(lint): enforce no function-body imports (PLC0415) with targeted ignores Follow-up to #40231 (merged), where a reviewer flagged a function-body `from datetime import datetime, timedelta` instead of a top-of-file import. Adds a `ruff-import-placement` pre-commit hook running `ruff check --select PLC0415 --preview --no-fix`. Per @rusackas's pushback on the first cut of this PR — which spammed 2,657 `# noqa: PLC0415` annotations across ~410 files without fixing anything — this revision is a much smaller surface area: 1. Per-file-ignores for whole directories where function-body imports are a deliberate pattern, not an oversight: - `superset/cli/` and `scripts/`: subcommand-deferred imports keep heavy modules out of the CLI startup path. - `superset/tasks/`: Celery task bodies defer imports of the modules they orchestrate. - `superset/migrations/versions/`: Alembic migrations interact with model state at runtime, not at module load. - `superset/mcp_service/`: MCP tools lazy-load resources on invocation so the server can register many tools without paying their import cost at startup. - `superset/db_engine_specs/`: engine specs defer driver imports so optional DB drivers don't have to be installed. - `superset/initialization/__init__.py`, `superset/extensions/__init__.py`, `superset/app.py`: the app-factory and extension wiring are intentionally full of circular-import workarounds. - `tests/`: test files routinely defer imports for fixture isolation; the rule still applies to production code. 2. Per-line `# noqa: PLC0415`** on the 259 remaining genuine circular-import sites (security/manager.py, sql/execution/executor.py, semantic_layers/labels.py, tags/core.py, core_api_injection.py, etc.). These are foundational modules where moving the imports up would actually break things. Net result: ~410 files / 2,657 grandfathered → ~73 files / 259 actual noqa annotations. The rule still catches every new function-body import outside the explicitly-allowed directories. Also: silences a pre-existing C901 on `mcp_service/sql_lab/tool/execute_sql.py` that fires under newer local ruff but not CI's pinned ruff 0.9.7 — blocks the local pre-commit run otherwise. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-20 13:55:14 -07:00
dependabot[bot]	dd4e2e2e44	chore(deps-dev): update sqlalchemy-exasol requirement from <3.0,>=2.4.0 to >=2.4.0,<8.0 (#40182 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:24:53 -07:00
dependabot[bot]	9439d4db09	chore(deps-dev): update clickhouse-connect requirement from <1.0,>=0.13.0 to >=0.13.0,<2.0 (#40184 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:24:10 -07:00
dependabot[bot]	6b425ab559	chore(deps-dev): bump hdbcli from 2.4.162 to 2.28.20 (#40185 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:23:48 -07:00
dependabot[bot]	4ded665495	chore(deps): bump flask-migrate from 3.1.0 to 4.1.0 (#40187 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:23:23 -07:00
dependabot[bot]	37638e750d	chore(deps): bump greenlet from 3.1.1 to 3.5.0 (#40188 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-17 10:23:06 -07:00
dependabot[bot]	1d1a0e6fec	chore(deps-dev): update sqlalchemy-firebird requirement from <0.8,>=0.7.0 to >=0.7.0,<2.2 (#39755 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 09:00:12 -07:00
dependabot[bot]	fcf3f6c0d5	chore(deps-dev): update pinotdb requirement from <6.0.0,>=5.0.0 to >=5.0.0,<10.0.0 (#39985 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 08:58:44 -07:00
dependabot[bot]	14ba666594	chore(deps-dev): update ibm-db-sa requirement from <=0.4.0,>0.3.8 to >0.3.8,<=0.4.4 (#39986 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 08:58:14 -07:00
dependabot[bot]	1c795418d2	chore(deps-dev): bump pyinstrument from 4.4.0 to 5.1.2 (#39987 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 08:57:47 -07:00
dependabot[bot]	6271272e60	chore(deps): bump nh3 from 0.2.21 to 0.3.5 (#39988 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 08:57:05 -07:00
dependabot[bot]	2cf4a2c31f	chore(deps-dev): bump databricks-sql-connector from 4.1.2 to 4.2.6 (#39989 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 08:54:57 -07:00
Amin Ghadersohi	cfb0b6e811	fix(mcp): clarify request wrapper in list_datasets, list_charts, list_dashboards (#39920 )	2026-05-08 16:01:07 -04:00
Vitor Avila	ad5e3170dd	fix: OpenSearch dialect identifier delimiters (#39953 )	2026-05-07 16:19:27 -03:00
Amin Ghadersohi	9b520312a1	fix(mcp): use tiktoken for response-size-guard token estimation (#39912 )	2026-05-07 11:51:31 -04:00
dependabot[bot]	d7663a9a1c	chore(deps-dev): update denodo-sqlalchemy requirement from ~=1.0.6 to >=1.0.6,<2.1.0 (#39832 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 22:17:21 -07:00
dependabot[bot]	7290d3c452	chore(deps-dev): update pyathena requirement from <3,>=2 to >=2,<4 (#39830 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 22:17:00 -07:00
dependabot[bot]	f018b67895	chore(deps-dev): update sqlalchemy-vertica-python requirement from <0.6,>=0.5.9 to >=0.5.9,<0.7 (#39831 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 22:14:08 -07:00
dependabot[bot]	b305c8681c	chore(deps-dev): update impyla requirement from <0.17,>0.16.2 to >0.16.2,<0.23 (#39833 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 22:09:37 -07:00
dependabot[bot]	14d28c34fd	chore(deps-dev): update cx-oracle requirement from <8.1,>8.0.0 to >8.0.0,<8.4 (#39753 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 22:05:54 -07:00
Beto Dealmeida	cb53745d43	feat: semantic layer extension (#37815 )	2026-05-05 12:07:46 -04:00
Beto Dealmeida	76955017eb	chore: bump shillelagh to 1.4.4 (#39870 )	2026-05-04 19:39:38 -04:00
dependabot[bot]	bfacc3b5ac	chore(deps): bump xlsxwriter from 3.0.9 to 3.2.9 (#39757 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-30 06:15:12 -07:00
dependabot[bot]	9001e7dcf2	chore(deps): bump pandas from 2.1.4 to 2.3.3 (#39754 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-30 06:14:20 -07:00
dependabot[bot]	a4532844f4	chore(deps): bump msgpack from 1.0.8 to 1.1.2 (#39752 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-30 06:12:33 -07:00
dependabot[bot]	43a2cd3660	chore(deps-dev): bump psycopg2-binary from 2.9.9 to 2.9.12 (#39749 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-30 06:11:29 -07:00
Amin Ghadersohi	81a08f0a0e	chore(deps): bump fastmcp from 3.1.0 to 3.2.4 (#39349 )	2026-04-29 17:39:48 -04:00
Beto Dealmeida	edf4d03218	chore: bump rison to 2.0.0 (#39529 )	2026-04-24 15:52:42 -04:00
Alejandro Solares	a9761932bc	fix(security): patch CVEs in cryptography, mako, pyarrow, pyopenssl, requests (#39523 )	2026-04-21 16:35:04 +01:00
Beto Dealmeida	11607dde04	feat(sqllab): syntax validation for sqlite-based DB engine specs (#38698 ) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-04-20 18:29:51 -04:00
Amin Ghadersohi	838ee870d0	fix(mcp): update instructions to use correct request wrapper and identifier params (#39392 )	2026-04-15 20:17:07 -04:00
Daniel Vaz Gaspar	5815665cc6	feat: role/user CRUD events and login/logout tracking in the action log (#39121 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-09 15:55:25 +01:00
Amin Ghadersohi	97a66f7a64	feat(mcp): add BM25 tool search transform to reduce initial context size (#38562 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-13 18:06:11 +01:00
dependabot[bot]	8f28a8734a	chore(deps): bump flask from 2.3.3 to 3.1.3 (#38168 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-04 11:28:23 -08:00
dependabot[bot]	dc995328a8	chore(deps): bump cryptography from 44.0.3 to 46.0.5 (#37912 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-04 11:27:57 -08:00
Đỗ Trọng Hải	27d54f8421	fix(build/backend): migrate to deps-free `pygeohash` with pre-built wheels at runtime (#37524 ) Signed-off-by: hainenber <dotronghai96@gmail.com>	2026-03-04 11:24:43 -08:00
Joe Spadola	bb6ee9e722	fix(clickhouse): remove _mutate_label workaround and bump clickhouse-connect to >=0.13.0 (#38280 )	2026-02-26 16:12:54 -08:00
dependabot[bot]	097f474f24	chore(deps): bump pillow from 11.3.0 to 12.1.1 (#37935 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-13 16:00:47 -08:00
Joe Li	73adff55ee	chore(deps): Relax sqlalchemy-utils lower bound for pydoris compatibility (#37949 )	2026-02-13 14:55:54 -08:00
Pat Buxton	58d245c6b0	chore(deps): Update sqlachemy-utils to 0.42.0 (#36240 )	2026-02-12 12:39:06 -08:00
Michael S. Molina	c41942a38a	chore(deps): Upgrade sqlglot from 27.15.2 to 28.10.0 (#37841 )	2026-02-10 13:13:11 -03:00
Daniel Vaz Gaspar	ec6eaf4898	fix(deps): bump elasticsearch-dbapi to 0.2.12 for urllib3 2.x compatibility (#37758 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-06 16:03:04 +00:00
alok kumar priyadarshi	70b95ca1b9	fix(build): eliminate PostgreSQL extra installation on Python 3.12-based Superset Docker images (#37587 )	2026-01-31 15:54:19 +07:00
Beto Dealmeida	05c2354997	feat: AWS Cross-Account IAM Authentication for Aurora (#37585 )	2026-01-30 19:18:34 -05:00
Alejandro Solares	d6029f5c8a	chore(deps): bump dependencies to address security vulnerabilities (#37552 )	2026-01-30 10:19:43 +07:00
Amin Ghadersohi	0ecc69d2f1	chore(deps): bump fastmcp from 2.14.0 to 2.14.3 (#37410 )	2026-01-24 07:03:00 -08:00
Elena Felder	d54e227e25	chore: update old MotherDuck duckdb version to follow the official duckdb one (#36834 )	2026-01-23 16:25:17 -05:00
Evan Rusackas	b460ca94c6	feat(docs): auto-generate database documentation from lib.py (#36805 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-21 10:54:01 -08:00
Amin Ghadersohi	f895250cf9	fix(mypy): add overrides for superset-core local dev consistency (#36907 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 10:27:16 -08:00
Daniel Vaz Gaspar	f48322c17d	chore: bump flask-cors to 6.0.2 (#36640 )	2026-01-09 16:13:22 +00:00

1 2 3 4

164 Commits