QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-07 08:54:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,775 Commits 488 Branches 544 Tags
f2d05d10ff5f0c7936d0f5609700b850aa1f2d4b
Commit Graph

19775 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Li
f2d05d10ff fix(embedded-e2e): use route allowlist in static test server 
The test app server only ever serves /, /index.html, and /sdk/index.js,
so replace dynamic path joining with a fixed allowlist. This eliminates
the data flow from req.url to readFileSync that CodeQL flagged as a
path-traversal sink — the previous resolve+startsWith containment check
was correct but not recognized as a sanitizer by the analyzer.
 2026-04-30 19:27:59 -07:00
Joe Li
6669b186d7 ci(embedded-e2e): build SDK and configure test environment 
- Add a build-embedded-sdk step to bashlib.sh and wire it into the
  superset-playwright and superset-e2e workflows so the SDK bundle is
  compiled before Playwright runs.
- Set SUPERSET_FEATURE_EMBEDDED_SUPERSET=true via workflow env so the
  feature flag only affects Playwright jobs. Setting it in the shared
  integration test config breaks unrelated Python tests because the
  security manager's guest-user paths access g.user through paths that
  most tests don't mock.
- Add CORS for localhost:9000 and TALISMAN_ENABLED=False to the
  integration test config. Talisman defaults to X-Frame-Options:
  SAMEORIGIN, which blocks the embedded dashboard from rendering
  inside an iframe hosted on a different port.
 2026-04-30 19:27:47 -07:00
Joe Li
ca9eeec59d feat(embedded-e2e): add Playwright E2E tests for embedded dashboards 
Adds five tests covering the embedded dashboard flow against the
world_health example: render, hideTitle UI config, chart rendering,
allowed_domains referrer check, and guest-token data access. Includes:

- A chromium-embedded Playwright project, excluded from the main
  project via testIgnore so it can be opted into separately.
- An EmbeddedPage page object and API helpers for embedding/guest
  tokens plus dashboard lookup by slug.
- A static test app (embedded-app/index.html) loaded from a minimal
  Node static server. Playwright bridges the guest-token fetch from
  Node into the browser via page.exposeFunction.
- EMBEDDED timeout/config constants.

Workflow integration and test-environment configuration land in a
follow-up commit.
 2026-04-30 19:27:33 -07:00
Vitor Avila
86eb6176d1 fix: Enforce per-user caching on legacy API endpoint (#39789) 2026-04-30 18:04:33 -03:00
Joe Li
4244ae87bf fix(deps): regenerate pinned requirements for psycopg2-binary 2.9.12 (#39790) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-30 17:46:23 -03:00
Jakub Hrubý
512ba43e76 feat(i18n): add Czech translations (#36153) 
Co-authored-by: Jakub Hrubý <jakub.hruby@orgis.cz>
Co-authored-by: Jezevec <panjzvc@gmail.com>
Co-authored-by: David Kopelent <david.kopelent@saltpay.co>
Co-authored-by: David Kopelent <66686489+davidkopelent@users.noreply.github.com>
 2026-04-30 11:14:58 -04:00
xavier-GitHub76
f57ba7645d fix(CountryMap): ISO updated for France overseas (complete run) (#36055) 2026-04-30 11:13:51 -04:00
marun
12f69760f9 fix(table): conditionally render search dropdown only when search input is enabled (#35204) 
Co-authored-by: Claude <noreply@anthropic.com>
 2026-04-30 11:08:01 -04:00
Geidō
4fcb3144ff fix(dashboard): prevent duplicate screenshot downloads (#39525) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-30 18:04:24 +03:00
dependabot[bot]
3f68104007 chore(deps-dev): bump @swc/plugin-emotion from 14.8.0 to 14.9.0 in /superset-frontend (#39715) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 10:55:08 -04:00
dependabot[bot]
9faeda5723 chore(deps): bump @ant-design/icons from 6.2.0 to 6.2.2 in /docs (#39691) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 10:54:04 -04:00
dependabot[bot]
c15b208fda chore(deps): bump react-map-gl from 8.1.0 to 8.1.1 in /superset-frontend (#39745) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 10:34:21 -04:00
dependabot[bot]
6ad503201b chore(deps): bump zod from 4.3.6 to 4.4.1 in /superset-frontend (#39770) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 20:58:22 +07:00
Hardik Thaker
56e9331dad chore: add Aadhar Housing Finance Limited to INTHEWILD (#38366) 
Co-authored-by: Evan Rusackas <evan@preset.io>
 2026-04-30 06:57:49 -07:00
mapledan
a135e29035 fix(time-format): handle string input in TimeFormatter to fix pivot table NaN dates (#38949) 
Co-authored-by: RD-Dan <mapledan@staff.ruten.com.tw>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: codeant-ai-for-open-source[bot] <244253245+codeant-ai-for-open-source[bot]@users.noreply.github.com>
 2026-04-30 09:51:37 -04:00
EPoikans
bc875aa3e3 feat: Latvian localization (#38965) 
Co-authored-by: Đỗ Trọng Hải <41283691+hainenber@users.noreply.github.com>
 2026-04-30 06:19:42 -07:00
Joe Li
7842a9b05d fix(playwright): remove Google Sheets dependency from dataset tests (#39143) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-30 06:18:50 -07:00
dependabot[bot]
1061b0612c chore(deps-dev): bump eslint-plugin-no-only-tests from 3.3.0 to 3.4.0 in /superset-frontend (#39768) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:16:27 -07:00
dependabot[bot]
bfacc3b5ac chore(deps): bump xlsxwriter from 3.0.9 to 3.2.9 (#39757) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:15:12 -07:00
dependabot[bot]
9001e7dcf2 chore(deps): bump pandas from 2.1.4 to 2.3.3 (#39754) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:14:20 -07:00
dependabot[bot]
a4532844f4 chore(deps): bump msgpack from 1.0.8 to 1.1.2 (#39752) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:12:33 -07:00
dependabot[bot]
43a2cd3660 chore(deps-dev): bump psycopg2-binary from 2.9.9 to 2.9.12 (#39749) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:11:29 -07:00
dependabot[bot]
c895c4ffa9 chore(deps): bump yeoman-generator from 8.1.2 to 8.2.2 in /superset-frontend (#39744) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:11:10 -07:00
dependabot[bot]
ce3f19d373 chore(deps): bump swagger-ui-react from 5.32.4 to 5.32.5 in /docs (#39693) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:10:49 -07:00
dependabot[bot]
2c26914c2e chore(deps-dev): bump typescript-eslint from 8.59.0 to 8.59.1 in /docs (#39694) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 06:08:58 -07:00
innovark
f7c955f81a feat: provide full endpoint URL construction for plugin developers (#37360) 
Co-authored-by: Evan Rusackas <evan@preset.io>
 2026-04-30 05:59:11 -07:00
Jean Massucatto
9c3c8dcc0b fix(table): restore dropdown arrow visibility on paginated table page… (#39305) 2026-04-30 05:56:51 -07:00
Luiz Otavio
df396aa6e9 fix(drill-to-detail): drill to detail by correctly filtering by metric (#39766) 
Co-authored-by: Michael S. Molina <michael.s.molina@gmail.com>
 2026-04-30 08:40:16 -03:00
Enzo Martellucci
e4fe08ab9e feat(mcp): add generate_bug_report tool with PII sanitization (#39595) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-30 12:47:14 +02:00
Dhananjay Mohan
ae4c765d7d fix(docs): fix embedding page frontmatter and title capitalization (#39765) 2026-04-29 21:01:53 -04:00
Declan Zhao
49c249c7a9 fix(cache-warmup): add missing dashboard context in DashboardTagsStrategy (#39531) 2026-04-29 21:18:47 -03:00
Richard Fogaca Nienkotter
c2b9272f4c fix(mcp): sanitize read path output for LLM context (#39738) 2026-04-29 19:06:19 -03:00
Amin Ghadersohi
81a08f0a0e chore(deps): bump fastmcp from 3.1.0 to 3.2.4 (#39349) 2026-04-29 17:39:48 -04:00
Enzo Martellucci
e3e834bbf7 fix(mcp): fall back to title match when dashboard slug lookup misses (#39567) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-29 23:03:16 +02:00
dependabot[bot]
ebb43404c8 chore(deps): bump baseline-browser-mapping from 2.10.23 to 2.10.24 in /docs (#39741) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 16:01:44 -04:00
dependabot[bot]
4c4f3341de chore(deps): bump dawidd6/action-download-artifact from 20 to 21 (#39742) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 16:01:28 -04:00
Evan Rusackas
979f60a6d4 docs: Superset 6.1 documentation catch-up — batch 4 (#39446) 
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Michael S. Molina <70410625+michael-s-molina@users.noreply.github.com>
 2026-04-29 15:26:09 -03:00
Michael S. Molina
6ce3885f2e chore(build): remove thread-loader from webpack build (#39763) 2026-04-29 15:04:34 -03:00
Elizabeth Thompson
8d17c34068 feat(mcp): restore self-lookup via created_by_me flag (#39638) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-29 11:03:28 -07:00
Evan Rusackas
b4f595953e docs: Superset 6.1 documentation catch-up — batch 3 (#39445) 
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Michael S. Molina <70410625+michael-s-molina@users.noreply.github.com>
 2026-04-29 15:00:29 -03:00
Evan Rusackas
2b623fd09a docs: Superset 6.1 documentation catch-up — batch 2 (#39441) 
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-29 14:43:37 -03:00
Evan Rusackas
fe074c0d76 docs(mcp): update MCP server docs for 6.1 (#39422) 
Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-29 14:42:55 -03:00
Richard Fogaca Nienkotter
549aff7cf9 fix(mcp): clarify chart preview URL metadata (#39731) 2026-04-29 12:37:40 -03:00
Daniel Vaz Gaspar
c7c9a17d6b fix(mysql): fallback to pymysql when MySQLdb is not installed in get_datatype() (#39729) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 14:40:39 +01:00
JUST.in DO IT
54f1e32763 fix(dashboard): escape emoji in position_json before saving to prevent truncation (#39737) 
Co-authored-by: Michael S. Molina <michael.s.molina@gmail.com>
 2026-04-29 10:08:50 -03:00
dependabot[bot]
2a884e8456 chore(deps-dev): bump @swc/core from 1.15.30 to 1.15.32 in /superset-frontend (#39692) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 09:03:54 -04:00
dependabot[bot]
7b02c21bff chore(deps): bump @ant-design/icons from 6.1.1 to 6.2.2 in /superset-frontend (#39697) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 09:03:32 -04:00
dependabot[bot]
1dd28c6fcd chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.0 to 8.59.1 in /superset-frontend (#39696) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 09:03:16 -04:00
Daniel Vaz Gaspar
eba08ae52a fix(ci): switch Dependabot Python ecosystem from uv to pip (#39726) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 12:30:38 +01:00
Jean Massucatto
171414f165 fix(chart): use categorical axis for bar charts with numeric x-axis (#39141) 
Co-authored-by: Enzo Martellucci <52219496+EnxDev@users.noreply.github.com>
 2026-04-29 09:41:19 +02:00