test: trigger connection failure via engine.connect for SQLAlchemy 2.0

The connection check now uses engine.connect() + connection.execute()
instead of the removed Engine.execute(), so the test must inject the
failure on engine.connect.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

.github/CODEOWNERS

@@ -38,7 +38,7 @@
 
 # Notify translation maintainers of changes to translations
 
-/superset/translations/ @sfirke @rusackas @villebro @sadpandajoe @hainenber
+/superset/translations/ @sfirke @rusackas
 
 # Notify PMC members of changes to extension-related files
 

.github/actions/setup-backend/action.yml

@@ -42,7 +42,7 @@ runs:
         fi
         echo "python-version=$RESOLVED_VERSION" >> "$GITHUB_OUTPUT"
     - name: Set up Python ${{ steps.set-python-version.outputs.python-version }}
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
       with:
         python-version: ${{ steps.set-python-version.outputs.python-version }}
         cache: ${{ inputs.cache }}

.github/workflows/bump-python-package.yml

@@ -31,7 +31,7 @@ jobs:
       checks: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: true
           ref: master
@@ -40,7 +40,7 @@ jobs:
         uses: ./.github/actions/setup-supersetbot/
 
       - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
         with:
           python-version: "3.10"
 

.github/workflows/check-python-deps.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/check_db_migration_confict.yml

@@ -25,7 +25,7 @@ jobs:
       pull-requests: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check and notify

.github/workflows/codeql-analysis.yml

@@ -26,7 +26,7 @@ jobs:
       frontend: ${{ steps.check.outputs.frontend }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -58,7 +58,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

.github/workflows/dependency-review.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: "Dependency Review"
@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

.github/workflows/docker.yml

@@ -30,7 +30,7 @@ jobs:
       docker: ${{ steps.check.outputs.docker }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -71,7 +71,7 @@ jobs:
 
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
@@ -177,7 +177,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Free up disk space

.github/workflows/embedded-sdk-release.yml

@@ -23,7 +23,7 @@ jobs:
       run:
         working-directory: superset-embedded-sdk
     steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       # Note: registry-url is intentionally omitted. When set, actions/setup-node

.github/workflows/embedded-sdk-test.yml

@@ -21,7 +21,7 @@ jobs:
       run:
         working-directory: superset-embedded-sdk
     steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6

.github/workflows/generate-FOSSA-report.yml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/github-action-validator.yml

@@ -27,7 +27,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

.github/workflows/issue_creation.yml

@@ -16,7 +16,7 @@ jobs:
       issues: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

.github/workflows/latest-release-tag.yml

@@ -12,7 +12,7 @@ jobs:
 
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/license-check.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/pr-lint.yml

@@ -21,7 +21,7 @@ jobs:
       pull-requests: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/pre-commit.yml

@@ -28,7 +28,7 @@ jobs:
         python-version: ${{ github.event_name == 'pull_request' && fromJSON('["current"]') || fromJSON('["current", "previous", "next"]') }}
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -63,7 +63,7 @@ jobs:
           yarn install --immutable
 
       - name: Cache pre-commit environments
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: ~/.cache/pre-commit
           key: pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}

.github/workflows/release.yml

@@ -33,7 +33,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           # pulls all commits (needed for lerna / semantic release to correctly version)
@@ -56,7 +56,7 @@ jobs:
 
       - name: Cache npm
         if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         with:
           path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -70,7 +70,7 @@ jobs:
         run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
       - name: Cache npm
         if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
         with:
           path: ${{ steps.npm-cache-dir-path.outputs.dir }}

.github/workflows/scheduled-docker-image-refresh.yml

@@ -1,177 +0,0 @@
-name: Scheduled Docker image refresh
-
-# Re-runs the Docker image build against the latest published release on a
-# weekly cadence. The code being built doesn't change — but the base image
-# layers (python:*-slim-trixie and its OS packages) DO get upstream
-# security patches between Superset releases, and those patches don't
-# reach our published images unless we rebuild.
-#
-# Without this workflow, `apache/superset:<latest>` lags behind upstream
-# Debian/Python base patches by whatever interval falls between Superset
-# releases (typically 3–6 weeks). With it, the lag drops to at most one
-# week regardless of release cadence.
-#
-# This is a security-hygiene cron, not a release. It overwrites the
-# existing tags for the most recent release (e.g. `apache/superset:5.0.0`
-# and `apache/superset:latest`) with bit-for-bit-equivalent contents
-# layered on a refreshed base. Image digests change; everything users
-# actually pin against (image content, code, deps) does not.
-
-on:
-  schedule:
-    # Mondays at 06:00 UTC — gives the weekend for upstream patches to
-    # settle and surfaces failures at the start of the work week so a
-    # human can react.
-    - cron: "0 6 * * 1"
-
-  # Manual trigger so operators can force a refresh on demand (e.g.
-  # immediately after a high-severity base-image CVE drops).
-  workflow_dispatch: {}
-
-permissions:
-  contents: read
-
-# Serialize with itself and with the release publisher (tag-release.yml) —
-# both push to the same Docker Hub tags, so a race could end with stale
-# layers winning. Both workflows must declare this group for the lock to work.
-concurrency:
-  group: docker-publish-latest-release
-  cancel-in-progress: false
-
-jobs:
-  config:
-    runs-on: ubuntu-24.04
-    outputs:
-      has-secrets: ${{ steps.check.outputs.has-secrets }}
-      latest-release: ${{ steps.latest.outputs.tag }}
-      force-latest: ${{ steps.latest.outputs.force-latest }}
-    steps:
-      - name: Check for Docker Hub secrets
-        id: check
-        shell: bash
-        run: |
-          if [ -n "${DOCKERHUB_USER}" ]; then
-            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
-          fi
-        env:
-          DOCKERHUB_USER: ${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}
-
-      - name: Look up latest published release
-        id: latest
-        shell: bash
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REPOSITORY: ${{ github.repository }}
-        run: |
-          # `releases/latest` returns the latest non-prerelease, non-draft
-          # release — which is exactly what `apache/superset:latest`
-          # should reflect.
-          TAG=$(gh api "repos/${REPOSITORY}/releases/latest" --jq .tag_name)
-          if [ -z "$TAG" ] || [ "$TAG" = "null" ]; then
-            echo "::error::Could not determine latest release tag"
-            exit 1
-          fi
-          echo "Latest release: $TAG"
-          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
-
-          # Only move `:latest` when the release flagged "latest" is also the
-          # highest semver release. This guards against a mis-click leaving an
-          # older maintenance release (e.g. a 5.x patch shipped after 6.0 GA)
-          # marked latest, which would otherwise roll `:latest` back a major
-          # version on the next cron run. If it isn't the newest, we still
-          # refresh that release's own version tag but leave `:latest` alone.
-          HIGHEST=$(gh api --paginate "repos/${REPOSITORY}/releases" \
-            --jq '.[] | select(.draft|not) | select(.prerelease|not) | .tag_name' \
-            | sed 's/^v//' | sort -V | tail -n1)
-          if [ "${TAG#v}" = "$HIGHEST" ]; then
-            echo "force-latest=1" >> "$GITHUB_OUTPUT"
-          else
-            echo "::warning::Latest-flagged release $TAG is not the highest semver ($HIGHEST); refreshing its version tag but leaving :latest untouched"
-          fi
-
-  docker-rebuild:
-    needs: config
-    if: needs.config.outputs.has-secrets == '1'
-    name: docker-rebuild
-    runs-on: ubuntu-24.04
-    strategy:
-      # Mirror the same matrix the release publisher uses so every variant
-      # operators consume from Docker Hub gets the refreshed base.
-      matrix:
-        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
-      fail-fast: false
-    steps:
-      - name: "Checkout release tag: ${{ needs.config.outputs.latest-release }}"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-        with:
-          ref: ${{ needs.config.outputs.latest-release }}
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          install-docker-compose: "false"
-          build: "true"
-
-      - name: Use Node.js 20
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version: 20
-
-      - name: Setup supersetbot
-        uses: ./.github/actions/setup-supersetbot/
-
-      - name: Rebuild and push
-        env:
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          BUILD_PRESET: ${{ matrix.build_preset }}
-          LATEST_RELEASE: ${{ needs.config.outputs.latest-release }}
-          FORCE_LATEST_FLAG: ${{ needs.config.outputs.force-latest == '1' && '--force-latest' || '' }}
-        run: |
-          # Reuses the same supersetbot invocation as the release
-          # publisher (`tag-release.yml`), so the resulting tags are
-          # identical to what a manual release dispatch would produce —
-          # just with a freshly-pulled base image layer underneath.
-          # `--force-latest` is only passed when the config job confirmed the
-          # fetched release is the newest one (see FORCE_LATEST_FLAG above).
-          supersetbot docker \
-            --push \
-            --preset "$BUILD_PRESET" \
-            --context release \
-            --context-ref "$LATEST_RELEASE" \
-            $FORCE_LATEST_FLAG \
-            --platform "linux/arm64" \
-            --platform "linux/amd64"
-
-  # The whole point of this cron is catching base-image CVEs, so a silent
-  # failure is the expensive case — a red X in the Actions tab nobody is
-  # watching on a Monday. File a tracked issue when any rebuild leg fails so
-  # a missed security refresh surfaces instead of sitting unnoticed.
-  notify-on-failure:
-    needs: [config, docker-rebuild]
-    if: failure() && needs.config.outputs.has-secrets == '1'
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      issues: write
-    steps:
-      - name: Open a tracking issue
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REPOSITORY: ${{ github.repository }}
-          LATEST_RELEASE: ${{ needs.config.outputs.latest-release }}
-          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-        run: |
-          gh issue create \
-            --repo "$REPOSITORY" \
-            --title "Scheduled Docker image refresh failed for ${LATEST_RELEASE}" \
-            --label "infra:container" \
-            --label "bug" \
-            --body "The weekly Docker base-image refresh failed for release \`${LATEST_RELEASE}\`. Published images may be missing upstream base-layer security patches until this is resolved.
-
-          Failed run: ${RUN_URL}"

.github/workflows/showtime-trigger.yml

@@ -152,7 +152,7 @@ jobs:
 
       - name: Checkout PR code (only if build needed)
         if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ steps.check.outputs.target_sha }}
           persist-credentials: false

.github/workflows/superset-app-cli.yml

@@ -41,7 +41,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-docs-deploy.yml

@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.workflow_run.head_sha || github.sha }}
           persist-credentials: false

.github/workflows/superset-docs-verify.yml

@@ -28,7 +28,7 @@ jobs:
     name: Link Checking
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       # Do not bump this linkinator-action version without opening
@@ -73,7 +73,7 @@ jobs:
         working-directory: docs
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -112,7 +112,7 @@ jobs:
         working-directory: docs
     steps:
       - name: "Checkout PR head: ${{ github.event.workflow_run.head_sha }}"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.workflow_run.head_sha }}
           persist-credentials: false

.github/workflows/superset-e2e.yml

@@ -38,7 +38,7 @@ jobs:
       frontend: ${{ steps.check.outputs.frontend }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -97,21 +97,21 @@ jobs:
       # Conditional checkout based on context
       - name: Checkout for push or pull_request event
         if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
       - name: Checkout using ref (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: ${{ github.event.inputs.ref }}
           submodules: recursive
       - name: Checkout using PR ID (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -207,21 +207,21 @@ jobs:
       # Conditional checkout based on context (same as Cypress workflow)
       - name: Checkout for push or pull_request event
         if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
       - name: Checkout using ref (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: ${{ github.event.inputs.ref }}
           submodules: recursive
       - name: Checkout using PR ID (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: refs/pull/${{ github.event.inputs.pr_id }}/merge

.github/workflows/superset-extensions-cli.yml

@@ -31,7 +31,7 @@ jobs:
         working-directory: superset-extensions-cli
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-frontend.yml

@@ -27,7 +27,7 @@ jobs:
       should-run: ${{ steps.check.outputs.frontend }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -110,7 +110,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0

.github/workflows/superset-helm-lint.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-helm-release.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ inputs.ref || github.ref_name }}
           persist-credentials: true

.github/workflows/superset-playwright.yml

@@ -34,7 +34,7 @@ jobs:
       frontend: ${{ steps.check.outputs.frontend }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -83,21 +83,21 @@ jobs:
       # Conditional checkout based on context (same as Cypress workflow)
       - name: Checkout for push or pull_request event
         if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
       - name: Checkout using ref (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: ${{ github.event.inputs.ref }}
           submodules: recursive
       - name: Checkout using PR ID (workflow_dispatch)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           ref: refs/pull/${{ github.event.inputs.pr_id }}/merge

.github/workflows/superset-python-integrationtest.yml

@@ -29,7 +29,7 @@ jobs:
       python: ${{ steps.check.outputs.python }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -72,7 +72,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -157,7 +157,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -207,7 +207,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-python-presto-hive.yml

@@ -25,7 +25,7 @@ jobs:
       python: ${{ steps.check.outputs.python }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -72,7 +72,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -127,7 +127,7 @@ jobs:
           - 16379:6379
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-python-unittest.yml

@@ -30,7 +30,7 @@ jobs:
       python: ${{ steps.check.outputs.python }}
     steps:
       - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Check for file changes
@@ -55,7 +55,7 @@ jobs:
       PYTHONPATH: ${{ github.workspace }}
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-translations.yml

@@ -25,7 +25,7 @@ jobs:
       pull-requests: read
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive
@@ -61,7 +61,7 @@ jobs:
       pull-requests: read
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/superset-websocket.yml

@@ -25,13 +25,9 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
-      - name: Setup Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version-file: './superset-websocket/.nvmrc'
       - name: Install dependencies
         working-directory: ./superset-websocket
         run: npm ci

.github/workflows/supersetbot.yml

@@ -38,7 +38,7 @@ jobs:
             });
 
       - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

.github/workflows/sync-requirements-for-python-dep-upgrade-pr.yml

@@ -27,7 +27,7 @@ jobs:
       # zizmor: ignore[artipacked] - required persisted credentials to push synced requirement changes back to remote
       - name: Checkout source code
         if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }}
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           persist-credentials: true

.github/workflows/tag-release.yml

@@ -24,12 +24,6 @@ on:
 permissions:
   contents: read
 
-# Serialize with the scheduled Docker image refresh — both workflows push
-# to the same Docker Hub tags and must not race on apache/superset:latest.
-concurrency:
-  group: docker-publish-latest-release
-  cancel-in-progress: false
-
 jobs:
   config:
     runs-on: ubuntu-24.04
@@ -60,7 +54,7 @@ jobs:
       fail-fast: false
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -126,7 +120,7 @@ jobs:
       pull-requests: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0

.github/workflows/tech-debt.yml

@@ -32,7 +32,7 @@ jobs:
     name: Generate Reports
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

UPDATING.md

@@ -24,22 +24,6 @@ assists people when migrating to a new version.
 
 ## Next
 
-### Guest-token RLS rules reject unknown fields
-
-The `rls` rules passed to `POST /api/v1/security/guest_token/` are now validated strictly: a rule may only contain `dataset` and `clause`. Previously unknown fields were silently dropped, so a mistyped or legacy scope key (most commonly `datasource` instead of `dataset`) produced a rule with no `dataset`, which is treated as a *global* rule applied to every dataset the embedded resource can reach. Such a request now returns HTTP 400 identifying the offending field instead of issuing a token with an unintended global rule. Integrators that were sending extra fields in RLS rules must remove them; valid dataset-scoped (`{"dataset": 41, "clause": "..."}`) and global (`{"clause": "..."}`) rules are unaffected.
-
-### MCP service requires `MCP_JWT_AUDIENCE` when JWT auth is enabled
-
-When the MCP service has JWT auth enabled (`MCP_AUTH_ENABLED = True`), an audience must be configured via `MCP_JWT_AUDIENCE` so issued tokens are bound to this service. The service now fails to start with a clear configuration error when the audience is unset, instead of starting with audience validation skipped. Deployments that enable MCP JWT auth must set `MCP_JWT_AUDIENCE` to the audience value their identity provider issues for the MCP service. API-key-only MCP deployments (JWT auth disabled) are unaffected.
-
-### Swagger UI is opt-in (off by default)
-
-`FAB_API_SWAGGER_UI` now defaults to `False` and is driven by the `SUPERSET_ENABLE_SWAGGER_UI` environment variable. The interactive Swagger UI / OpenAPI documentation endpoints (e.g. `/swagger/v1`) are therefore no longer exposed by default. To enable them, set `SUPERSET_ENABLE_SWAGGER_UI=true` (the bundled Docker development environment sets this) or override `FAB_API_SWAGGER_UI = True` in `superset_config.py`.
-
-### Build details (git SHA / build number) are admin-only by default
-
-The git SHA and build number surfaced in the "About" section, the bootstrap payload, and the public `/version` endpoint are now only included for admin users by default; the release version string is still shown to everyone. To expose the build details to all users (the previous behavior), set the `SUPERSET_EXPOSE_BUILD_DETAILS` environment variable (or `EXPOSE_BUILD_DETAILS_TO_USERS = True` in `superset_config.py`).
-
 ### Pivot table First/Last aggregations follow data order
 
 The pivot table chart's `First` and `Last` aggregations now return the first and last value in data (query result) order, instead of effectively returning the minimum and maximum. Existing pivot tables that use these aggregations for totals/subtotals may show different values after upgrading. For deterministic results, ensure the underlying query has a stable sort order.

docker/.env

@@ -70,8 +70,6 @@ SUPERSET_LOG_LEVEL=info
 
 SUPERSET_APP_ROOT="/"
 SUPERSET_ENV=development
-# Swagger UI is opt-in (off by default); enable it for local development.
-SUPERSET_ENABLE_SWAGGER_UI=true
 SUPERSET_LOAD_EXAMPLES=yes
 CYPRESS_CONFIG=false
 SUPERSET_PORT=8088

docs/.nvmrc

@@ -1 +0,0 @@
-../superset-frontend/.nvmrc

docs/.nvmrc

@@ -0,0 +1 @@
+v24.16.0

docs/admin_docs/configuration/alerts-reports.mdx

@@ -160,7 +160,7 @@ When enabled, Superset rejects webhook configurations that use `http://` URLs.
 
 #### Retry Behavior
 
-Superset automatically retries webhook deliveries on `429 Too Many Requests` and `5xx` server errors using exponential backoff. Retries are bounded to roughly 120 seconds of cumulative wall-clock time (worst case ~210 seconds, because the bound is checked against the time elapsed before each attempt, so the final request can begin just under the limit and still run its full request timeout), after which the delivery is abandoned.
+Superset automatically retries webhook deliveries on `429 Too Many Requests` and `5xx` server errors using exponential backoff.
 
 ### Kubernetes-specific
 

docs/admin_docs/installation/docker-compose.mdx

@@ -223,9 +223,8 @@ compose based installation, edit the `x-superset-image:` line in your `docker-co
 `docker-compose-non-dev.yml` files, replacing `apachesuperset.docker.scarf.sh/apache/superset` with
 `apache/superset` to pull the image directly from Docker Hub.
 
-To disable the Scarf telemetry pixel, set the `SCARF_ANALYTICS` environment variable to `false` in
-your `docker/.env` file. This is read at runtime, so it disables the pixel on the pre-built image
-without rebuilding the frontend.
+To disable the Scarf telemetry pixel, set the `SCARF_ANALYTICS` environment variable to `False` in
+your terminal and/or in your `docker/.env` file.
 :::
 
 ## 3. Log in to Superset

docs/admin_docs/installation/kubernetes.mdx

@@ -136,17 +136,7 @@ init:
 :::note
 Superset uses [Scarf Gateway](https://about.scarf.sh/scarf-gateway) to collect telemetry data.  Knowing the installation counts for different Superset versions informs the  project's decisions about patching and long-term support. Scarf purges personally identifiable information (PII) and provides only aggregated statistics.
 
-There are two independent telemetry channels:
-
-- **Image pulls** (Scarf Gateway): to opt out, edit the `repository:` line in your `helm/superset/values.yaml` file, replacing `apachesuperset.docker.scarf.sh/apache/superset` with `apache/superset` to pull the image directly from Docker Hub.
-- **The analytics pixel** rendered in the UI: to opt out, set the `SCARF_ANALYTICS` environment variable to `false` on the Superset containers via `extraEnv` in your `values.yaml`:
-
-  ```yaml
-  extraEnv:
-    SCARF_ANALYTICS: "false"
-  ```
-
-  This is read at runtime, so it takes effect on the pre-built images without rebuilding the frontend.
+To opt-out of this data collection in your Helm-based installation, edit the `repository:` line in your `helm/superset/values.yaml` file, replacing `apachesuperset.docker.scarf.sh/apache/superset` with `apache/superset` to pull the image directly from Docker Hub.
 :::
 
 ### Dependencies

docs/admin_docs/security/securing_superset.mdx

@@ -161,7 +161,6 @@ Here's the documentation section how how to set up Talisman: https://superset.ap
 
   - [ ] Regularly update to the latest major or minor versions of Superset. Those versions receive up-to-date security patches.
   - [ ] Rotate the `SUPERSET_SECRET_KEY` periodically (e.g., quarterly) and after any potential security incident.
-  - [ ] Rotate the other security-critical secrets (guest-token and async-query JWT secrets, SMTP and database credentials) on the cadence in Appendix C, and after any potential security incident.
   - [ ] Conduct quarterly access reviews for all users.
   - [ ] Assuming logging and monitoring is in place, review security monitoring alerts weekly.
 
@@ -174,24 +173,6 @@ Rotating the `SUPERSET_SECRET_KEY` is a critical security procedure. It is manda
 The procedure for safely rotating the SECRET_KEY must be followed precisely to avoid locking yourself out of your instance. The official Apache Superset documentation maintains the correct, up-to-date procedure. Please follow the official guide here:
 https://superset.apache.org/admin-docs/configuration/configuring-superset/#rotating-to-a-newer-secret_key
 
-### **Appendix C: Secrets Register and Rotation Schedule**
-
-`SUPERSET_SECRET_KEY` is not the only security-critical secret in a Superset deployment. Maintain an inventory of all such secrets, store each in a secrets manager (not in `superset_config.py` or version control), assign an owner, and rotate them on a defined cadence as well as after any suspected compromise.
-
-| Secret | Purpose | Risk if leaked | Suggested rotation |
-|---|---|---|---|
-| `SUPERSET_SECRET_KEY` | Signs session cookies; key material for encrypting stored DB credentials (Fernet/AES) | Forged sessions (auth bypass / privilege escalation); decryption of exfiltrated metadata-DB secrets | Quarterly + post-incident |
-| `GUEST_TOKEN_JWT_SECRET` | Signs embedded-dashboard guest tokens | Forged guest tokens → unauthorized dashboard/data access | Quarterly + post-incident |
-| `GLOBAL_ASYNC_QUERIES_JWT_SECRET` | Signs the async-query channel JWT | Forged async-query tokens | Quarterly + post-incident |
-| SMTP password | Outbound email for alerts & reports | Email relay abuse / spoofing | Per organizational policy + post-incident |
-| Database connection passwords | Access to analytical databases and the metadata DB | Direct database access | Per organizational policy + post-incident |
-
-Notes:
-
-- Rotating `GUEST_TOKEN_JWT_SECRET` or `GLOBAL_ASYNC_QUERIES_JWT_SECRET` invalidates outstanding tokens of that type; schedule rotations accordingly.
-- After a suspected compromise, rotate **all** of the above, not only `SUPERSET_SECRET_KEY`.
-- Keep the register under change control so new secrets introduced by future features are added to the rotation schedule.
-
 :::resources
 - [Blog: Running Apache Superset on the Open Internet](https://preset.io/blog/running-apache-superset-on-the-open-internet-a-report-from-the-fireline/)
 - [Blog: How Security Vulnerabilities are Reported & Handled in Apache Superset](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)

docs/developer_docs/extensions/contribution-types.md

@@ -34,14 +34,15 @@ Frontend contribution types allow extensions to extend Superset's user interface
 
 Extensions can add new views or panels to the host application, such as custom SQL Lab panels, dashboards, or other UI components. Contribution areas are uniquely identified (e.g., `sqllab.panels` for SQL Lab panels), enabling seamless integration into specific parts of the application.
 
-```typescript
+```tsx
+import React from 'react';
 import { views } from '@apache-superset/core';
 import MyPanel from './MyPanel';
 
 views.registerView(
   { id: 'my-extension.main', name: 'My Panel Name' },
   'sqllab.panels',
-  MyPanel,
+  () => <MyPanel />,
 );
 ```
 
@@ -111,24 +112,6 @@ editors.registerEditor(
 
 See [Editors Extension Point](./extension-points/editors.md) for implementation details.
 
-### Chat
-
-Extensions can add a chat interface to Superset by registering a trigger component and a panel component. The host owns the layout, open/close state, and display mode — the extension only provides the UI. The panel can be displayed as a floating overlay or docked as a resizable sidebar beside the page content, and the user's preference is persisted across reloads.
-
-```tsx
-import { chat } from '@apache-superset/core';
-import ChatTrigger from './ChatTrigger';
-import ChatPanel from './ChatPanel';
-
-chat.registerChat(
-  { id: 'my-org.my-chat', name: 'My Chat' },
-  ChatTrigger,
-  ChatPanel,
-);
-```
-
-See [Chat](./extension-points/chat.md) for implementation details.
-
 ## Backend
 
 Backend contribution types allow extensions to extend Superset's server-side capabilities. Backend contributions are registered at startup via classes and functions imported from the auto-discovered `entrypoint.py` file.

docs/developer_docs/extensions/extension-points/chat.md

@@ -1,141 +0,0 @@
----
-title: Chat
-sidebar_position: 3
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-# Chat Contributions
-
-Extensions can add a chat interface to Superset by registering a trigger and a panel. The host owns the layout, open/close state, and display mode — the extension only needs to provide the UI components.
-
-## Overview
-
-A chat registration consists of two React components:
-
-| Component | Role |
-|-----------|------|
-| **Trigger** | Always-visible entry point (e.g., a floating button). Rendered in the bottom-right corner in floating mode, or as a fixed overlay in panel mode. |
-| **Panel** | The chat UI itself (message list, input, etc.). Mounted by the host in the active display mode. |
-
-## Display Modes
-
-The host supports two display modes, switchable by the user or the extension at runtime:
-
-| Mode | Behavior |
-|------|----------|
-| `floating` | Panel floats above page content, anchored to the bottom-right corner. |
-| `panel` | Panel is docked to the right side of the application as a resizable sidebar, sitting beside the page content. |
-
-The user's last selected mode and open/closed state are persisted across page reloads.
-
-## Registering a Chat
-
-Call `chat.registerChat` from your extension's entry point with a descriptor, a trigger factory, and a panel factory:
-
-```tsx
-import { chat } from '@apache-superset/core';
-import ChatTrigger from './ChatTrigger';
-import ChatPanel from './ChatPanel';
-
-chat.registerChat(
-  { id: 'my-org.my-chat', name: 'My Chat' },
-  ChatTrigger,
-  ChatPanel,
-);
-```
-
-Only one chat registration is active at a time. If a second extension calls `registerChat`, it replaces the first and a warning is logged.
-
-## Opening and Closing the Chat
-
-The trigger component is responsible for toggling the panel. Use `chat.isOpen()`, `chat.open()`, and `chat.close()` to control visibility:
-
-```tsx
-import { chat } from '@apache-superset/core';
-
-export default function ChatTrigger() {
-  return (
-    <button onClick={() => (chat.isOpen() ? chat.close() : chat.open())}>
-      💬
-    </button>
-  );
-}
-```
-
-You can also subscribe to open/close events from any component:
-
-```tsx
-useEffect(() => {
-  const { dispose } = chat.onDidOpen(() => console.log('chat opened'));
-  return dispose;
-}, []);
-```
-
-## Changing the Display Mode
-
-Call `chat.setDisplayMode` to switch between `'floating'` and `'panel'` modes. In your panel component, subscribe to `onDidChangeDisplayMode` to react to changes (including those triggered by the user):
-
-```tsx
-import { useState, useEffect } from 'react';
-import { chat } from '@apache-superset/core';
-
-export default function ChatPanel() {
-  const [mode, setMode] = useState(chat.getDisplayMode());
-
-  useEffect(() => {
-    const { dispose } = chat.onDidChangeDisplayMode(m => setMode(m));
-    return dispose;
-  }, []);
-
-  return (
-    <div style={{ height: mode === 'panel' ? '100%' : '80vh' }}>
-      <button onClick={() => chat.setDisplayMode(mode === 'panel' ? 'floating' : 'panel')}>
-        {mode === 'panel' ? 'Float' : 'Dock'}
-      </button>
-      {/* message list and input */}
-    </div>
-  );
-}
-```
-
-## Chat API Reference
-
-All methods are available on the `chat` namespace from `@apache-superset/core`:
-
-| Method / Event | Description |
-|----------------|-------------|
-| `registerChat(descriptor, trigger, panel)` | Register a chat extension. Returns a `Disposable` to unregister. |
-| `open()` | Open the chat panel. No-op if already open or no registration. |
-| `close()` | Close the chat panel. |
-| `isOpen()` | Returns `true` if the panel is currently open. |
-| `getDisplayMode()` | Returns the current display mode (`'floating'` or `'panel'`). |
-| `setDisplayMode(mode)` | Switch between `'floating'` and `'panel'` mode. |
-| `onDidOpen(listener)` | Subscribe to panel open events. Returns a `Disposable`. |
-| `onDidClose(listener)` | Subscribe to panel close events. Returns a `Disposable`. |
-| `onDidChangeDisplayMode(listener)` | Subscribe to display mode changes. Returns a `Disposable`. |
-| `onDidRegisterChat(listener)` | Subscribe to registration events. |
-| `onDidUnregisterChat(listener)` | Subscribe to unregistration events. |
-| `onDidResizePanel(listener)` | Subscribe to panel resize events (panel mode only). Not all hosts provide a resizer — do not rely on this firing. Returns a `Disposable`. |
-
-## Next Steps
-
-- **[Contribution Types](../contribution-types.md)** — Explore other contribution types
-- **[Development](../development.md)** — Set up your development environment

docs/developer_docs/sidebars.js

@@ -47,8 +47,6 @@ module.exports = {
           collapsed: true,
           items: [
             'extensions/extension-points/sqllab',
-            'extensions/extension-points/editors',
-            'extensions/extension-points/chat',
           ],
         },
         'extensions/development',

docs/docs/faq.mdx

@@ -321,8 +321,8 @@ This can be used, for example, to convert UTC time to local time.
 Superset uses [Scarf](https://about.scarf.sh/) by default to collect basic telemetry data upon installing and/or running Superset. This data helps the maintainers of Superset better understand which versions of Superset are being used, in order to prioritize patch/minor releases and security fixes.
 We use the [Scarf Gateway](https://docs.scarf.sh/gateway/) to sit in front of container registries, the [scarf-js](https://about.scarf.sh/package-sdks) package to track `npm` installations, and a Scarf pixel to gather anonymous analytics on Superset page views.
 Scarf purges PII and provides aggregated statistics. Superset users can easily opt out of analytics in various ways documented [here](https://docs.scarf.sh/gateway/#do-not-track) and [here](https://docs.scarf.sh/package-analytics/#as-a-user-of-a-package-using-scarf-js-how-can-i-opt-out-of-analytics).
-You can also opt out of the analytics pixel by setting the `SCARF_ANALYTICS` environment variable to `false`. This is read at runtime, so setting it on the Superset container (for example via `extraEnv` in the Helm chart, or `docker/.env` for Docker Compose) disables the pixel on the pre-built images without rebuilding the frontend. Note that this only disables the page-view pixel; the Scarf Gateway (container registry) and `scarf-js` (`npm`) channels are opted out separately, as described above.
-Additional opt-out instructions are available on the [Docker Compose](/admin-docs/installation/docker-compose) and [Kubernetes](/admin-docs/installation/kubernetes) installation pages.
+Superset maintainers can also opt out of telemetry data collection by setting the `SCARF_ANALYTICS` environment variable to `false` in the Superset container (or anywhere Superset/webpack are run).
+Additional opt-out instructions for Docker users are available on the [Docker Installation](/admin-docs/installation/docker-compose) page.
 
 ## Does Superset have an archive panel or trash bin from which a user can recover deleted assets?
 

docs/package.json

@@ -72,7 +72,7 @@
     "@superset-ui/core": "^0.20.4",
     "@swc/core": "^1.15.41",
     "antd": "^6.4.4",
-    "baseline-browser-mapping": "^2.10.38",
+    "baseline-browser-mapping": "^2.10.37",
     "caniuse-lite": "^1.0.30001799",
     "docusaurus-plugin-openapi-docs": "^5.0.2",
     "docusaurus-theme-openapi-docs": "^5.0.2",
@@ -134,8 +134,7 @@
     "yaml": "1.10.3",
     "uuid": "11.1.1",
     "serialize-javascript": "7.0.5",
-    "d3-color": "3.1.0",
-    "ws": "^8.21.0"
+    "d3-color": "3.1.0"
   },
   "packageManager": "yarn@1.22.22+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610"
 }

docs/yarn.lock

@@ -5698,10 +5698,10 @@ base64-js@^1.3.1, base64-js@^1.5.1:
   resolved "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz"
   integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
 
-baseline-browser-mapping@^2.10.38, baseline-browser-mapping@^2.9.0, baseline-browser-mapping@^2.9.19:
-  version "2.10.38"
-  resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.10.38.tgz#c84d093c4bf7325c5053c279d90f153c66526042"
-  integrity sha512-31/02mVB4yuQU6adKk5SlY6m+mxDwUq5KZkyYgnLrrKl7TEm1+3PyDtDBz2kOv/wxZz41GHsvV1A/u6RmiyBvw==
+baseline-browser-mapping@^2.10.37, baseline-browser-mapping@^2.9.0, baseline-browser-mapping@^2.9.19:
+  version "2.10.37"
+  resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.10.37.tgz#3e636475b6b293244e2b23e2c71a2ab9d9e6ba7d"
+  integrity sha512-girxaJ7WZssDOFhzCGZTDKoTa1gk6A1TbflaYTpykLJ4UU9Fz9kx1aREM8JCuoVHbL8X8T/mJg7w2oYSq72Oig==
 
 batch@0.6.1:
   version "0.6.1"
@@ -15246,10 +15246,15 @@ write-file-atomic@^3.0.3:
     signal-exit "^3.0.2"
     typedarray-to-buffer "^3.1.5"
 
-ws@^7.3.1, ws@^8.18.0, ws@^8.2.3, ws@^8.21.0:
-  version "8.21.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.21.0.tgz#012e413fc07429945121b0c153158c4343086951"
-  integrity sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==
+ws@^7.3.1:
+  version "7.5.10"
+  resolved "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz"
+  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
+
+ws@^8.18.0, ws@^8.2.3:
+  version "8.20.1"
+  resolved "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz"
+  integrity sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==
 
 wsl-utils@^0.1.0:
   version "0.1.0"

helm/superset/Chart.yaml

@@ -29,7 +29,7 @@ maintainers:
   - name: craig-rueda
     email: craig@craigrueda.com
     url: https://github.com/craig-rueda
-version: 0.18.0 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
+version: 0.17.2 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
 dependencies:
   - name: postgresql
     version: 16.7.27

helm/superset/README.md

@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
 
 # superset
 
-![Version: 0.18.0](https://img.shields.io/badge/Version-0.18.0-informational?style=flat-square)
+![Version: 0.17.2](https://img.shields.io/badge/Version-0.17.2-informational?style=flat-square)
 
 Apache Superset is a modern, enterprise-ready business intelligence web application
 
@@ -88,7 +88,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | ingress.path | string | `"/"` |  |
 | ingress.pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
-| init.additionalPodSpec | object | `{}` | Custom pod spec to be added to init job |
 | init.adminUser.email | string | `"admin@superset.com"` |  |
 | init.adminUser.firstname | string | `"Superset"` |  |
 | init.adminUser.lastname | string | `"Admin"` |  |
@@ -132,7 +131,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | supersetCeleryBeat.affinity | object | `{}` | Affinity to be added to supersetCeleryBeat deployment |
 | supersetCeleryBeat.command | list | a `celery beat` command | Command |
 | supersetCeleryBeat.containerSecurityContext | object | `{}` |  |
-| supersetCeleryBeat.deploymentAdditionalPodSpec | object | `{}` | Custom pod spec to be added to supersetCeleryBeat deployment |
 | supersetCeleryBeat.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryBeat deployment |
 | supersetCeleryBeat.enabled | bool | `false` | This is only required if you intend to use alerts and reports |
 | supersetCeleryBeat.extraContainers | list | `[]` | Launch additional containers into supersetCeleryBeat pods |
@@ -151,7 +149,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | supersetCeleryFlower.affinity | object | `{}` | Affinity to be added to supersetCeleryFlower deployment |
 | supersetCeleryFlower.command | list | a `celery flower` command | Command |
 | supersetCeleryFlower.containerSecurityContext | object | `{}` |  |
-| supersetCeleryFlower.deploymentAdditionalPodSpec | object | `{}` | Custom pod spec to be added to supersetCeleryFlower deployment |
 | supersetCeleryFlower.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryFlower deployment |
 | supersetCeleryFlower.enabled | bool | `false` | Enables a Celery flower deployment (management UI to monitor celery jobs) WARNING: on superset 1.x, this requires a Superset image that has `flower<1.0.0` installed (which is NOT the case of the default images) flower>=1.0.0 requires Celery 5+ which Superset 1.5 does not support |
 | supersetCeleryFlower.extraContainers | list | `[]` | Launch additional containers into supersetCeleryFlower pods |
@@ -207,14 +204,12 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | supersetNode.connections.db_user | string | `"superset"` |  |
 | supersetNode.connections.redis_cache_db | string | `"1"` |  |
 | supersetNode.connections.redis_celery_db | string | `"0"` |  |
-| supersetNode.connections.redis_driver | string | `""` |  |
 | supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false |
 | supersetNode.connections.redis_port | string | `"6379"` |  |
 | supersetNode.connections.redis_ssl.enabled | bool | `false` |  |
 | supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` |  |
 | supersetNode.connections.redis_user | string | `""` |  |
 | supersetNode.containerSecurityContext | object | `{}` |  |
-| supersetNode.deploymentAdditionalPodSpec | object | `{}` | Custom pod spec to be added to supersetNode deployment |
 | supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment |
 | supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment |
 | supersetNode.env | object | `{}` |  |
@@ -260,7 +255,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | supersetWebsockets.command | list | `[]` |  |
 | supersetWebsockets.config | object | see `values.yaml` | The config.json to pass to the server, see https://github.com/apache/superset/tree/master/superset-websocket Note that the configuration can also read from environment variables (which will have priority), see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts for a list of supported variables |
 | supersetWebsockets.containerSecurityContext | object | `{}` |  |
-| supersetWebsockets.deploymentAdditionalPodSpec | object | `{}` | Custom pod spec to be added to supersetWebsockets deployment |
 | supersetWebsockets.deploymentAnnotations | object | `{}` |  |
 | supersetWebsockets.enabled | bool | `false` | This is only required if you intend to use `GLOBAL_ASYNC_QUERIES` in `ws` mode see https://superset.apache.org/docs/contributing/misc#async-chart-queries |
 | supersetWebsockets.extraContainers | list | `[]` | Launch additional containers into supersetWebsockets pods |
@@ -314,7 +308,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | supersetWorker.autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | supersetWorker.command | list | a `celery worker` command | Worker startup command |
 | supersetWorker.containerSecurityContext | object | `{}` |  |
-| supersetWorker.deploymentAdditionalPodSpec | object | `{}` | Custom pod spec to be added to supersetWorker deployment |
 | supersetWorker.deploymentAnnotations | object | `{}` | Annotations to be added to supersetWorker deployment |
 | supersetWorker.deploymentLabels | object | `{}` | Labels to be added to supersetWorker deployment |
 | supersetWorker.extraContainers | list | `[]` | Launch additional containers into supersetWorker pod |

helm/superset/templates/_helpers.tpl

@@ -71,9 +71,9 @@ def env(key, default=None):
 
 # Redis Base URL
 {{- if .Values.supersetNode.connections.redis_password }}
-REDIS_BASE_URL=f"{env('REDIS_DRIVER') or env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}"
 {{- else }}
-REDIS_BASE_URL=f"{env('REDIS_DRIVER') or env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}"
 {{- end }}
 
 # Redis URL Params
@@ -108,6 +108,8 @@ else:
     {{ fail (printf "Unsupported database type: %s. Please use 'postgresql' or 'mysql'." .Values.supersetNode.connections.db_type) }}
     {{- end }}
 
+SQLALCHEMY_TRACK_MODIFICATIONS = True
+
 class CeleryConfig:
   imports  = ("superset.sql_lab", )
   broker_url = CELERY_REDIS_URL

helm/superset/templates/deployment-beat.yaml

@@ -68,9 +68,6 @@ spec:
           {{- toYaml .Values.supersetCeleryBeat.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.supersetCeleryBeat.deploymentAdditionalPodSpec }}
-      {{- tpl (toYaml .Values.supersetCeleryBeat.deploymentAdditionalPodSpec) . | nindent 6 }}
-      {{- end }}
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/deployment-flower.yaml

@@ -57,9 +57,6 @@ spec:
           {{- toYaml .Values.supersetCeleryFlower.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.supersetCeleryFlower.deploymentAdditionalPodSpec }}
-      {{- tpl (toYaml .Values.supersetCeleryFlower.deploymentAdditionalPodSpec) . | nindent 6 }}
-      {{- end }}
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/deployment-worker.yaml

@@ -74,9 +74,6 @@ spec:
           {{- toYaml .Values.supersetWorker.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.supersetWorker.deploymentAdditionalPodSpec }}
-      {{- tpl (toYaml .Values.supersetWorker.deploymentAdditionalPodSpec) . | nindent 6 }}
-      {{- end }}
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/deployment-ws.yaml

@@ -60,9 +60,6 @@ spec:
           {{- toYaml .Values.supersetWebsockets.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.supersetWebsockets.deploymentAdditionalPodSpec }}
-      {{- tpl (toYaml .Values.supersetWebsockets.deploymentAdditionalPodSpec) . | nindent 6 }}
-      {{- end }}
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/deployment.yaml

@@ -76,9 +76,6 @@ spec:
           {{- toYaml .Values.supersetNode.podLabels | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.supersetNode.deploymentAdditionalPodSpec }}
-      {{- tpl (toYaml .Values.supersetNode.deploymentAdditionalPodSpec) . | nindent 6 }}
-      {{- end }}
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/init-job.yaml

@@ -41,21 +41,16 @@ spec:
       {{- if .Values.init.podAnnotations }}
       annotations: {{- toYaml .Values.init.podAnnotations | nindent 8 }}
       {{- end }}
+      {{- if or .Values.extraLabels .Values.init.podLabels }}
       labels:
-        app: {{ template "superset.name" . }}
-        chart: {{ template "superset.chart" . }}
-        release: {{ .Release.Name }}
-        job: {{ template "superset.fullname" . }}-init-db
         {{- if .Values.extraLabels }}
           {{- toYaml .Values.extraLabels | nindent 8 }}
         {{- end }}
         {{- if .Values.init.podLabels }}
           {{- toYaml .Values.init.podLabels | nindent 8 }}
         {{- end }}
-    spec:
-      {{- if .Values.init.additionalPodSpec }}
-      {{- tpl (toYaml .Values.init.additionalPodSpec) . | nindent 6 }}
       {{- end }}
+    spec:
       {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
       serviceAccountName: {{ template "superset.serviceAccountName" . }}
       {{- end }}

helm/superset/templates/secret-env.yaml

@@ -39,7 +39,6 @@ stringData:
     {{- end }}
     REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }}
     REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }}
-    REDIS_DRIVER: {{ .Values.supersetNode.connections.redis_driver | quote }}
     REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }}
     REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }}
     {{- if .Values.supersetNode.connections.redis_ssl.enabled }}

helm/superset/values.yaml

@@ -283,7 +283,6 @@ supersetNode:
     redis_ssl:
       enabled: false
       ssl_cert_reqs: CERT_NONE
-    redis_driver: ""
     # You need to change below configuration incase bringing own PostgresSQL instance and also set postgresql.enabled:false
     # -- Database type for Superset metadata (Supported types: "postgresql", "mysql")
     db_type: "postgresql"
@@ -335,8 +334,6 @@ supersetNode:
   deploymentAnnotations: {}
   # -- Labels to be added to supersetNode deployment
   deploymentLabels: {}
-  # -- Custom pod spec to be added to supersetNode deployment
-  deploymentAdditionalPodSpec: {}
   # -- Affinity to be added to supersetNode deployment
   affinity: {}
   # -- TopologySpreadConstrains to be added to supersetNode deployments
@@ -462,8 +459,6 @@ supersetWorker:
   deploymentAnnotations: {}
   # -- Labels to be added to supersetWorker deployment
   deploymentLabels: {}
-  # -- Custom pod spec to be added to supersetWorker deployment
-  deploymentAdditionalPodSpec: {}
   # -- Affinity to be added to supersetWorker deployment
   affinity: {}
   # -- TopologySpreadConstrains to be added to supersetWorker deployments
@@ -570,8 +565,6 @@ supersetCeleryBeat:
   extraContainers: []
   # -- Annotations to be added to supersetCeleryBeat deployment
   deploymentAnnotations: {}
-  # -- Custom pod spec to be added to supersetCeleryBeat deployment
-  deploymentAdditionalPodSpec: {}
   # -- Affinity to be added to supersetCeleryBeat deployment
   affinity: {}
   # -- TopologySpreadConstrains to be added to supersetCeleryBeat deployments
@@ -687,8 +680,6 @@ supersetCeleryFlower:
   extraContainers: []
   # -- Annotations to be added to supersetCeleryFlower deployment
   deploymentAnnotations: {}
-  # -- Custom pod spec to be added to supersetCeleryFlower deployment
-  deploymentAdditionalPodSpec: {}
   # -- Affinity to be added to supersetCeleryFlower deployment
   affinity: {}
   # -- TopologySpreadConstrains to be added to supersetCeleryFlower deployments
@@ -766,8 +757,6 @@ supersetWebsockets:
   # -- Launch additional containers into supersetWebsockets pods
   extraContainers: []
   deploymentAnnotations: {}
-  # -- Custom pod spec to be added to supersetWebsockets deployment
-  deploymentAdditionalPodSpec: {}
   # -- Affinity to be added to supersetWebsockets deployment
   affinity: {}
   # -- TopologySpreadConstrains to be added to supersetWebsockets deployments
@@ -830,8 +819,6 @@ init:
   jobAnnotations:
     "helm.sh/hook": post-install,post-upgrade
     "helm.sh/hook-delete-policy": "before-hook-creation"
-  # -- Custom pod spec to be added to init job
-  additionalPodSpec: {}
   loadExamples: false
   createAdmin: true
   adminUser:

pyproject.toml

@@ -107,8 +107,8 @@ dependencies = [
     "sshtunnel>=0.4.0, <0.5",
     "simplejson>=4.1.1",
     "slack_sdk>=3.19.0, <4",
-    "sqlalchemy>=1.4.43, <2", # 1.4.43 adds the python-oracledb (oracle+oracledb) dialect
-    "sqlalchemy-utils>=0.42.1, <0.43", # expanding lowerbound to work with pydoris
+    "sqlalchemy>=1.4, <2",
+    "sqlalchemy-utils>=0.38.0, <0.43", # expanding lowerbound to work with pydoris
     "sqlglot>=30.8.0, <31",
     # newer pandas needs 0.9+
     "tabulate>=0.10.0, <1.0",
@@ -147,7 +147,7 @@ denodo = ["denodo-sqlalchemy>=2.0.5,<2.1.0"]
 dremio = ["sqlalchemy-dremio>=1.2.1, <4"]
 drill = ["sqlalchemy-drill>=1.1.10, <2"]
 druid = ["pydruid>=0.6.5,<0.7"]
-duckdb = ["duckdb>=1.5.4,<2", "duckdb-engine>=0.17.0"]
+duckdb = ["duckdb>=1.5.2,<2", "duckdb-engine>=0.17.0"]
 dynamodb = ["pydynamodb>=0.4.2"]
 solr = ["sqlalchemy-solr >= 0.2.4.3"]
 elasticsearch = ["elasticsearch-dbapi>=0.2.13, <0.3.0"]
@@ -206,7 +206,7 @@ spark = [
     "thrift>=0.23.0, <1",
 ]
 tdengine = [
-    "taospy>=2.8.9",
+    "taospy>=2.7.21",
     "taos-ws-py>=0.6.9"
 ]
 teradata = ["teradatasql>=16.20.0.23"]

pytest.ini

@@ -43,5 +43,5 @@ filterwarnings =
 #    error:The ``declarative_base\(\)`` function is now available:sqlalchemy.exc.RemovedIn20Warning
 #    error:The Engine.execute\(\) method is considered legacy:sqlalchemy.exc.RemovedIn20Warning
     error:The legacy calling style of select\(\) is deprecated:sqlalchemy.exc.RemovedIn20Warning
-    error:The "whens" argument to case:sqlalchemy.exc.RemovedIn20Warning
+#    error:The "whens" argument to case:sqlalchemy.exc.RemovedIn20Warning
 #    error:"User" object is being merged into a Session:sqlalchemy.exc.RemovedIn20Warning

requirements/base.txt

@@ -315,7 +315,7 @@ pygeohash==3.2.2
     # via apache-superset (pyproject.toml)
 pygments==2.20.0
     # via rich
-pyjwt==2.13.0
+pyjwt==2.12.0
     # via
     #   apache-superset (pyproject.toml)
     #   flask-appbuilder
@@ -405,7 +405,7 @@ sqlalchemy==1.4.54
     #   marshmallow-sqlalchemy
     #   shillelagh
     #   sqlalchemy-utils
-sqlalchemy-utils==0.42.1
+sqlalchemy-utils==0.42.0
     # via
     #   apache-superset (pyproject.toml)
     #   apache-superset-core

requirements/development.txt

@@ -220,7 +220,7 @@ docstring-parser==0.17.0
     # via cyclopts
 docutils==0.22.2
     # via rich-rst
-duckdb==1.5.4
+duckdb==1.5.3
     # via
     #   apache-superset
     #   duckdb-engine
@@ -769,7 +769,7 @@ pyhive==0.7.0
     # via apache-superset
 pyinstrument==5.1.2
     # via apache-superset
-pyjwt==2.13.0
+pyjwt==2.12.0
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset
@@ -976,7 +976,7 @@ sqlalchemy==1.4.54
     #   sqlalchemy-utils
 sqlalchemy-bigquery==1.17.0
     # via apache-superset
-sqlalchemy-utils==0.42.1
+sqlalchemy-utils==0.42.0
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset

superset-embedded-sdk/.nvmrc

@@ -1 +0,0 @@
-../superset-frontend/.nvmrc

superset-embedded-sdk/.nvmrc

@@ -0,0 +1 @@
+v24.16.0

superset-embedded-sdk/CONTRIBUTING.md

@@ -32,7 +32,6 @@ and therefore are not easily unit-testable. We have instead opted to test the sd
 This way, the tests can assert that the sdk actually mounts the iframe and communicates with it correctly.
 
 At time of writing, these tests are not written yet, because we haven't yet put together the demo app that they will leverage.
-
 ### Things to e2e test once we have a demo app:
 
 **happy path:**

superset-embedded-sdk/README.md

@@ -41,12 +41,12 @@ npm install --save @superset-ui/embedded-sdk
 ```
 
 ```js
-import { embedDashboard } from "@superset-ui/embedded-sdk";
+import { embedDashboard } from '@superset-ui/embedded-sdk';
 
 embedDashboard({
-  id: "abc123", // given by the Superset embedding UI
-  supersetDomain: "https://superset.example.com",
-  mountPoint: document.getElementById("my-superset-container"), // any html element that can contain an iframe
+  id: 'abc123', // given by the Superset embedding UI
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('my-superset-container'), // any html element that can contain an iframe
   fetchGuestToken: () => fetchGuestTokenFromBackend(),
   dashboardUiConfig: {
     // dashboard UI config: hideTitle, hideTab, hideChartControls, filters.visible, filters.expanded (optional), urlParams (optional)
@@ -55,21 +55,21 @@ embedDashboard({
       expanded: true,
     },
     urlParams: {
-      foo: "value1",
-      bar: "value2",
+      foo: 'value1',
+      bar: 'value2',
       // themeMode: 'dark', // set the initial theme: 'dark' | 'system' | 'default' (default: 'default')
       // ...
     },
   },
   // optional additional iframe sandbox attributes
   iframeSandboxExtras: [
-    "allow-top-navigation",
-    "allow-popups-to-escape-sandbox",
+    'allow-top-navigation',
+    'allow-popups-to-escape-sandbox',
   ],
   // optional Permissions Policy features
-  iframeAllowExtras: ["clipboard-write", "fullscreen"],
+  iframeAllowExtras: ['clipboard-write', 'fullscreen'],
   // optional config to enforce a particular referrerPolicy
-  referrerPolicy: "same-origin",
+  referrerPolicy: 'same-origin',
   // optional callback to customize permalink URLs
   resolvePermalinkUrl: ({ key }) => `https://my-app.com/analytics/share/${key}`,
 });
@@ -163,13 +163,13 @@ Use the `themeMode` URL parameter to control the embedded dashboard's initial co
 
 ```js
 embedDashboard({
-  id: "abc123",
-  supersetDomain: "https://superset.example.com",
-  mountPoint: document.getElementById("my-superset-container"),
+  id: 'abc123',
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('my-superset-container'),
   fetchGuestToken: () => fetchGuestTokenFromBackend(),
   dashboardUiConfig: {
     urlParams: {
-      themeMode: "dark", // 'dark' | 'system' | 'default' (default: 'default')
+      themeMode: 'dark', // 'dark' | 'system' | 'default' (default: 'default')
     },
   },
 });
@@ -193,7 +193,7 @@ To pass additional sandbox attributes you can use `iframeSandboxExtras`:
 
 ```js
 // optional additional iframe sandbox attributes
-iframeSandboxExtras: ["allow-top-navigation", "allow-popups-to-escape-sandbox"];
+iframeSandboxExtras: ['allow-top-navigation', 'allow-popups-to-escape-sandbox'];
 ```
 
 ### Permissions Policy
@@ -202,7 +202,7 @@ To enable specific browser features within the embedded iframe, use `iframeAllow
 
 ```js
 // optional Permissions Policy features
-iframeAllowExtras: ["clipboard-write", "fullscreen"];
+iframeAllowExtras: ['clipboard-write', 'fullscreen'];
 ```
 
 Common permissions you might need:
@@ -225,9 +225,9 @@ When users click share buttons inside an embedded dashboard, Superset generates
 
 ```js
 embedDashboard({
-  id: "abc123",
-  supersetDomain: "https://superset.example.com",
-  mountPoint: document.getElementById("my-superset-container"),
+  id: 'abc123',
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('my-superset-container'),
   fetchGuestToken: () => fetchGuestTokenFromBackend(),
 
   // Customize permalink URLs
@@ -245,9 +245,9 @@ To restore the dashboard state from a permalink in your app:
 const permalinkKey = routeParams.key;
 
 embedDashboard({
-  id: "abc123",
-  supersetDomain: "https://superset.example.com",
-  mountPoint: document.getElementById("my-superset-container"),
+  id: 'abc123',
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('my-superset-container'),
   fetchGuestToken: () => fetchGuestTokenFromBackend(),
   resolvePermalinkUrl: ({ key }) => `https://my-app.com/analytics/share/${key}`,
   dashboardUiConfig: {

superset-embedded-sdk/babel.config.js

@@ -18,6 +18,9 @@
  */
 
 module.exports = {
-  presets: ["@babel/preset-typescript", "@babel/preset-env"],
+  presets: [
+    "@babel/preset-typescript",
+    "@babel/preset-env"
+  ],
   sourceMaps: true,
 };

superset-embedded-sdk/package.json

@@ -24,7 +24,7 @@
   "scripts": {
     "build": "tsc && babel src --out-dir lib --extensions '.ts,.tsx' && webpack --mode production",
     "ci:release": "node ./release-if-necessary.js",
-    "test": "vitest --run --dir src"
+    "test": "jest"
   },
   "browserslist": [
     "last 3 chrome versions",
@@ -41,11 +41,12 @@
     "@babel/core": "^7.25.2",
     "@babel/preset-env": "^7.25.4",
     "@babel/preset-typescript": "^7.24.7",
-    "@types/node": "^25.4.0",
+    "@types/jest": "^29.5.12",
+    "@types/node": "^22.5.4",
     "babel-loader": "^9.1.3",
+    "jest": "^29.7.0",
     "tscw-config": "^1.1.2",
-    "typescript": "^5.9.3",
-    "vitest": "^4.0.18",
+    "typescript": "^5.6.2",
     "webpack": "^5.94.0",
     "webpack-cli": "^5.1.4"
   },

superset-embedded-sdk/release-if-necessary.js

@@ -17,15 +17,15 @@
  * under the License.
  */
 
-const { execSync } = require("child_process");
-const { name, version } = require("./package.json");
+const { execSync } = require('child_process');
+const { name, version } = require('./package.json');
 
 function log(...args) {
-  console.log("[embedded-sdk-release]", ...args);
+  console.log('[embedded-sdk-release]', ...args);
 }
 
 function logError(...args) {
-  console.error("[embedded-sdk-release]", ...args);
+  console.error('[embedded-sdk-release]', ...args);
 }
 
 (async () => {
@@ -38,13 +38,13 @@ function logError(...args) {
   const { status } = await fetch(packageUrl);
 
   if (status === 200) {
-    log("version already exists on npm, exiting");
+    log('version already exists on npm, exiting');
   } else if (status === 404) {
-    log("release required, building");
+    log('release required, building');
     try {
-      execSync("npm run build", { stdio: "pipe" });
-      log("build successful, publishing");
-      execSync("npm publish --access public", { stdio: "pipe" });
+      execSync('npm run build', { stdio: 'pipe' });
+      log('build successful, publishing')
+      execSync('npm publish --access public', { stdio: 'pipe' });
       log(`published ${version} to npm`);
     } catch (err) {
       // npm writes failure details to stderr (auth/permission/registry
@@ -52,7 +52,7 @@ function logError(...args) {
       // the real cause in CI logs.
       if (err.stdout) console.error(String(err.stdout));
       if (err.stderr) console.error(String(err.stderr));
-      logError("Encountered an error, details should be above");
+      logError('Encountered an error, details should be above');
       process.exitCode = 1;
     }
   } else {

superset-embedded-sdk/src/const.ts

@@ -18,9 +18,7 @@
  */
 
 export const IFRAME_COMMS_MESSAGE_TYPE = "__embedded_comms__";
-export const DASHBOARD_UI_FILTER_CONFIG_URL_PARAM_KEY: {
-  [index: string]: any;
-} = {
+export const DASHBOARD_UI_FILTER_CONFIG_URL_PARAM_KEY: { [index: string]: any } = {
   visible: "show_filters",
   expanded: "expand_filters",
-};
+}

superset-embedded-sdk/src/guestTokenRefresh.test.ts

@@ -24,23 +24,22 @@ import {
   DEFAULT_TOKEN_EXP_MS,
   DEFAULT_TOKEN_REFRESH_RETRY_MS,
 } from "./guestTokenRefresh";
-import { afterAll, beforeAll, it, expect, describe, vi } from "vitest";
 
 describe("guest token refresh", () => {
   beforeAll(() => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date("2022-03-03 01:00"));
-    vi.spyOn(globalThis, "setTimeout");
+    jest.useFakeTimers();
+    jest.setSystemTime(new Date("2022-03-03 01:00"));
+    jest.spyOn(global, "setTimeout");
   });
 
   afterAll(() => {
-    vi.useRealTimers();
+    jest.useRealTimers();
   });
 
   function makeFakeJWT(claims: any) {
     // not a valid jwt, but close enough for this code
     const tokenifiedClaims = Buffer.from(JSON.stringify(claims)).toString(
-      "base64",
+      "base64"
     );
     return `abc.${tokenifiedClaims}.xyz`;
   }

superset-embedded-sdk/src/guestTokenRefresh.ts

@@ -18,23 +18,17 @@
  */
 import { jwtDecode } from "jwt-decode";
 
-export const REFRESH_TIMING_BUFFER_MS = 5000; // refresh guest token early to avoid failed superset requests
-export const MIN_REFRESH_WAIT_MS = 10000; // avoid blasting requests as fast as the cpu can handle
-export const DEFAULT_TOKEN_EXP_MS = 300000; // (5 min) used only when parsing guest token exp fails
-export const DEFAULT_TOKEN_REFRESH_RETRY_MS = 10000; // wait before retrying a failed/timed-out token refresh
+export const REFRESH_TIMING_BUFFER_MS = 5000 // refresh guest token early to avoid failed superset requests
+export const MIN_REFRESH_WAIT_MS = 10000 // avoid blasting requests as fast as the cpu can handle
+export const DEFAULT_TOKEN_EXP_MS = 300000 // (5 min) used only when parsing guest token exp fails
+export const DEFAULT_TOKEN_REFRESH_RETRY_MS = 10000 // wait before retrying a failed/timed-out token refresh
 
 // when do we refresh the guest token?
 export function getGuestTokenRefreshTiming(currentGuestToken: string) {
   const parsedJwt = jwtDecode<Record<string, any>>(currentGuestToken);
   // if exp is int, it is in seconds, but Date() takes milliseconds
-  const exp = new Date(
-    /[^0-9\.]/g.test(parsedJwt.exp)
-      ? parsedJwt.exp
-      : parseFloat(parsedJwt.exp) * 1000,
-  );
-  const isValidDate = exp.toString() !== "Invalid Date";
-  const ttl = isValidDate
-    ? Math.max(MIN_REFRESH_WAIT_MS, exp.getTime() - Date.now())
-    : DEFAULT_TOKEN_EXP_MS;
+  const exp = new Date(/[^0-9\.]/g.test(parsedJwt.exp) ? parsedJwt.exp : parseFloat(parsedJwt.exp) * 1000);
+  const isValidDate = exp.toString() !== 'Invalid Date';
+  const ttl = isValidDate ? Math.max(MIN_REFRESH_WAIT_MS, exp.getTime() - Date.now()) : DEFAULT_TOKEN_EXP_MS;
   return ttl - REFRESH_TIMING_BUFFER_MS;
 }

superset-embedded-sdk/src/index.ts

@@ -20,15 +20,15 @@
 import {
   DASHBOARD_UI_FILTER_CONFIG_URL_PARAM_KEY,
   IFRAME_COMMS_MESSAGE_TYPE,
-} from "./const";
+} from './const';
 
 // We can swap this out for the actual switchboard package once it gets published
-import { Switchboard } from "@superset-ui/switchboard";
+import { Switchboard } from '@superset-ui/switchboard';
 import {
   getGuestTokenRefreshTiming,
   DEFAULT_TOKEN_REFRESH_RETRY_MS,
-} from "./guestTokenRefresh";
-import { withTimeout } from "./withTimeout";
+} from './guestTokenRefresh';
+import { withTimeout } from './withTimeout';
 
 /**
  * The function to fetch a guest token from your Host App's backend server.
@@ -97,7 +97,7 @@ export type ObserveDataMaskCallbackFn = (
     nativeFiltersChanged: boolean;
   },
 ) => void;
-export type ThemeMode = "default" | "dark" | "system";
+export type ThemeMode = 'default' | 'dark' | 'system';
 
 /**
  * Callback to resolve permalink URLs.
@@ -113,12 +113,12 @@ export type EmbeddedDashboard = {
   unmount: () => void;
   getDashboardPermalink: (anchor: string) => Promise<string>;
   getActiveTabs: () => Promise<string[]>;
-  observeDataMask: (callbackFn: ObserveDataMaskCallbackFn) => void;
+  observeDataMask: (
+    callbackFn: ObserveDataMaskCallbackFn,
+  ) => void;
   getDataMask: () => Promise<Record<string, any>>;
   getChartStates: () => Promise<Record<string, any>>;
-  getChartDataPayloads: (params?: {
-    chartId?: number;
-  }) => Promise<Record<string, any>>;
+  getChartDataPayloads: (params?: { chartId?: number }) => Promise<Record<string, any>>;
   setThemeConfig: (themeConfig: Record<string, any>) => void;
   setThemeMode: (mode: ThemeMode) => void;
 };
@@ -133,7 +133,7 @@ export async function embedDashboard({
   fetchGuestToken,
   dashboardUiConfig,
   debug = false,
-  iframeTitle = "Embedded Dashboard",
+  iframeTitle = 'Embedded Dashboard',
   iframeSandboxExtras = [],
   iframeAllowExtras = [],
   referrerPolicy,
@@ -152,13 +152,13 @@ export async function embedDashboard({
     return withTimeout(
       fetchGuestToken(),
       guestTokenFetchTimeoutMs,
-      "fetchGuestToken",
+      'fetchGuestToken',
     );
   }
 
-  log("embedding");
+  log('embedding');
 
-  if (supersetDomain.endsWith("/")) {
+  if (supersetDomain.endsWith('/')) {
     supersetDomain = supersetDomain.slice(0, -1);
   }
 
@@ -185,15 +185,15 @@ export async function embedDashboard({
   }
 
   async function mountIframe(): Promise<Switchboard> {
-    return new Promise((resolve) => {
-      const iframe = document.createElement("iframe");
+    return new Promise(resolve => {
+      const iframe = document.createElement('iframe');
       const dashboardConfigUrlParams = dashboardUiConfig
         ? { uiConfig: `${calculateConfig()}` }
         : undefined;
       const filterConfig = dashboardUiConfig?.filters || {};
       const filterConfigKeys = Object.keys(filterConfig);
       const filterConfigUrlParams = Object.fromEntries(
-        filterConfigKeys.map((key) => [
+        filterConfigKeys.map(key => [
           DASHBOARD_UI_FILTER_CONFIG_URL_PARAM_KEY[key],
           filterConfig[key],
         ]),
@@ -206,16 +206,16 @@ export async function embedDashboard({
         ...dashboardUiConfig?.urlParams,
       };
       const urlParamsString = Object.keys(urlParams).length
-        ? "?" + new URLSearchParams(urlParams).toString()
-        : "";
+        ? '?' + new URLSearchParams(urlParams).toString()
+        : '';
 
       // set up the iframe's sandbox configuration
-      iframe.sandbox.add("allow-same-origin"); // needed for postMessage to work
-      iframe.sandbox.add("allow-scripts"); // obviously the iframe needs scripts
-      iframe.sandbox.add("allow-presentation"); // for fullscreen charts
-      iframe.sandbox.add("allow-downloads"); // for downloading charts as image
-      iframe.sandbox.add("allow-forms"); // for forms to submit
-      iframe.sandbox.add("allow-popups"); // for exporting charts as csv
+      iframe.sandbox.add('allow-same-origin'); // needed for postMessage to work
+      iframe.sandbox.add('allow-scripts'); // obviously the iframe needs scripts
+      iframe.sandbox.add('allow-presentation'); // for fullscreen charts
+      iframe.sandbox.add('allow-downloads'); // for downloading charts as image
+      iframe.sandbox.add('allow-forms'); // for forms to submit
+      iframe.sandbox.add('allow-popups'); // for exporting charts as csv
       // additional sandbox props
       iframeSandboxExtras.forEach((key: string) => {
         iframe.sandbox.add(key);
@@ -226,7 +226,7 @@ export async function embedDashboard({
       }
 
       // add the event listener before setting src, to be 100% sure that we capture the load event
-      iframe.addEventListener("load", () => {
+      iframe.addEventListener('load', () => {
         // MessageChannel allows us to send and receive messages smoothly between our window and the iframe
         // See https://developer.mozilla.org/en-US/docs/Web/API/Channel_Messaging_API
         const commsChannel = new MessageChannel();
@@ -237,35 +237,35 @@ export async function embedDashboard({
         // See https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
         // we know the content window isn't null because we are in the load event handler.
         iframe.contentWindow!.postMessage(
-          { type: IFRAME_COMMS_MESSAGE_TYPE, handshake: "port transfer" },
+          { type: IFRAME_COMMS_MESSAGE_TYPE, handshake: 'port transfer' },
           supersetDomain,
           [theirPort],
         );
-        log("sent message channel to the iframe");
+        log('sent message channel to the iframe');
 
         // return our port from the promise
         resolve(
           new Switchboard({
             port: ourPort,
-            name: "superset-embedded-sdk",
+            name: 'superset-embedded-sdk',
             debug,
           }),
         );
       });
       iframe.src = `${supersetDomain}/embedded/${id}${urlParamsString}`;
       iframe.title = iframeTitle;
-      iframe.style.background = "transparent";
+      iframe.style.background = 'transparent';
       // Permissions Policy features the embedded dashboard relies on. Modern
       // browsers gate these APIs on the iframe's `allow` attribute regardless
       // of sandbox flags, so we include them by default. Host apps can extend
       // the list via `iframeAllowExtras`.
       const allowFeatures = Array.from(
-        new Set(["fullscreen", "clipboard-write", ...iframeAllowExtras]),
+        new Set(['fullscreen', 'clipboard-write', ...iframeAllowExtras]),
       );
-      iframe.setAttribute("allow", allowFeatures.join("; "));
+      iframe.setAttribute('allow', allowFeatures.join('; '));
       //@ts-ignore
       mountPoint.replaceChildren(iframe);
-      log("placed the iframe");
+      log('placed the iframe');
     });
   }
 
@@ -285,8 +285,8 @@ export async function embedDashboard({
     throw err;
   }
 
-  ourPort.emit("guestToken", { guestToken });
-  log("sent guest token");
+  ourPort.emit('guestToken', { guestToken });
+  log('sent guest token');
 
   // Track the pending refresh timer so it can be cancelled on unmount, and
   // stop the cycle once unmounted so it cannot leak across mount/unmount cycles.
@@ -298,7 +298,7 @@ export async function embedDashboard({
     try {
       const newGuestToken = await fetchGuestTokenWithTimeout();
       if (unmounted) return;
-      ourPort.emit("guestToken", { guestToken: newGuestToken });
+      ourPort.emit('guestToken', { guestToken: newGuestToken });
       refreshTimer = setTimeout(
         refreshGuestToken,
         getGuestTokenRefreshTiming(newGuestToken),
@@ -307,7 +307,7 @@ export async function embedDashboard({
       // A transient fetch failure or timeout must not permanently stop the
       // refresh cycle. Log it and retry so the session can recover once the
       // host callback succeeds again.
-      log("failed to refresh guest token, will retry:", err);
+      log('failed to refresh guest token, will retry:', err);
       if (unmounted) return;
       refreshTimer = setTimeout(
         refreshGuestToken,
@@ -325,7 +325,7 @@ export async function embedDashboard({
   // Returns null if no callback provided or on error, allowing iframe to use default URL
   ourPort.start();
   ourPort.defineMethod(
-    "resolvePermalinkUrl",
+    'resolvePermalinkUrl',
     async ({ key }: { key: string }): Promise<string | null> => {
       if (!resolvePermalinkUrl) {
         return null;
@@ -333,14 +333,14 @@ export async function embedDashboard({
       try {
         return await resolvePermalinkUrl({ key });
       } catch (error) {
-        log("Error in resolvePermalinkUrl callback:", error);
+        log('Error in resolvePermalinkUrl callback:', error);
         return null;
       }
     },
   );
 
   function unmount() {
-    log("unmounting");
+    log('unmounting');
     unmounted = true;
     if (refreshTimer !== undefined) {
       clearTimeout(refreshTimer);
@@ -350,25 +350,24 @@ export async function embedDashboard({
     mountPoint.replaceChildren();
   }
 
-  const getScrollSize = () => ourPort.get<Size>("getScrollSize");
+  const getScrollSize = () => ourPort.get<Size>('getScrollSize');
   const getDashboardPermalink = (anchor: string) =>
-    ourPort.get<string>("getDashboardPermalink", { anchor });
-  const getActiveTabs = () => ourPort.get<string[]>("getActiveTabs");
-  const getDataMask = () => ourPort.get<Record<string, any>>("getDataMask");
-  const getChartStates = () =>
-    ourPort.get<Record<string, any>>("getChartStates");
+    ourPort.get<string>('getDashboardPermalink', { anchor });
+  const getActiveTabs = () => ourPort.get<string[]>('getActiveTabs');
+  const getDataMask = () => ourPort.get<Record<string, any>>('getDataMask');
+  const getChartStates = () => ourPort.get<Record<string, any>>('getChartStates');
   const getChartDataPayloads = (params?: { chartId?: number }) =>
-    ourPort.get<Record<string, any>>("getChartDataPayloads", params);
-  const observeDataMask = (callbackFn: ObserveDataMaskCallbackFn) => {
-    ourPort.defineMethod("observeDataMask", callbackFn);
+    ourPort.get<Record<string, any>>('getChartDataPayloads', params);
+  const observeDataMask = (
+    callbackFn: ObserveDataMaskCallbackFn,
+  ) => {
+    ourPort.defineMethod('observeDataMask', callbackFn);
   };
   // TODO: Add proper types once theming branch is merged
-  const setThemeConfig = async (
-    themeConfig: Record<string, any>,
-  ): Promise<void> => {
+  const setThemeConfig = async (themeConfig: Record<string, any>): Promise<void> => {
     try {
-      ourPort.emit("setThemeConfig", { themeConfig });
-      log("Theme config sent successfully (or at least message dispatched)");
+      ourPort.emit('setThemeConfig', { themeConfig });
+      log('Theme config sent successfully (or at least message dispatched)');
     } catch (error) {
       log(
         'Error sending theme config. Ensure the iframe side implements the "setThemeConfig" method.',
@@ -379,7 +378,7 @@ export async function embedDashboard({
 
   const setThemeMode = (mode: ThemeMode): void => {
     try {
-      ourPort.emit("setThemeMode", { mode });
+      ourPort.emit('setThemeMode', { mode });
       log(`Theme mode set to: ${mode}`);
     } catch (error) {
       log(

superset-embedded-sdk/src/withTimeout.test.ts

@@ -18,23 +18,22 @@
  */
 
 import { withTimeout } from "./withTimeout";
-import { test, expect } from "vitest";
 
 test("resolves with the value when the promise settles in time", async () => {
   await expect(withTimeout(Promise.resolve("ok"), 1000, "fetch")).resolves.toBe(
-    "ok",
+    "ok"
   );
 });
 
 test("rejects when the promise does not settle within the timeout", async () => {
   const never = new Promise<string>(() => {});
   await expect(withTimeout(never, 10, "fetch")).rejects.toThrow(
-    /fetch did not resolve within 10ms/,
+    /fetch did not resolve within 10ms/
   );
 });
 
 test("passes the promise through unchanged when the timeout is disabled", async () => {
   await expect(withTimeout(Promise.resolve("ok"), 0, "fetch")).resolves.toBe(
-    "ok",
+    "ok"
   );
 });

superset-embedded-sdk/tsconfig.json

@@ -3,7 +3,7 @@
     // syntax rules
     "strict": true,
 
-    "moduleResolution": "bundler",
+    "moduleResolution": "node",
 
     // environment
     "target": "es6",
@@ -13,9 +13,7 @@
     // output
     "outDir": "./dist",
     "emitDeclarationOnly": true,
-    "declaration": true,
-
-    "types": ["node"]
+    "declaration": true
   },
 
   "include": [
@@ -23,6 +21,7 @@
   ],
 
   "exclude": [
+    "tests",
     "dist",
     "lib",
     "node_modules"

superset-embedded-sdk/webpack.config.js

@@ -17,19 +17,19 @@
  * under the License.
  */
 
-const path = require("path");
+const path = require('path');
 
 module.exports = {
-  entry: "./src/index.ts",
+  entry: './src/index.ts',
   output: {
-    filename: "index.js",
-    path: path.resolve(__dirname, "bundle"),
+    filename: 'index.js',
+    path: path.resolve(__dirname, 'bundle'),
 
     // this exposes the library's exports under a global variable
     library: {
       name: "supersetEmbeddedSdk",
-      type: "umd",
-    },
+      type: "umd"
+    }
   },
   devtool: "source-map",
   module: {
@@ -38,12 +38,12 @@ module.exports = {
         test: /\.[tj]s$/,
         // babel-loader is faster than ts-loader because it ignores types.
         // We do type checking in a separate process, so that's fine.
-        use: "babel-loader",
+        use: 'babel-loader',
         exclude: /node_modules/,
       },
     ],
   },
   resolve: {
-    extensions: [".ts", ".js"],
+    extensions: ['.ts', '.js'],
   },
 };

superset-frontend/cypress-base/cypress/e2e/database/modal.test.ts

@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { DATABASE_LIST } from 'cypress/utils/urls';
+
+function closeModal() {
+  cy.get('body').then($body => {
+    if ($body.find('[data-test="database-modal"]').length) {
+      cy.get('[aria-label="Close"]').eq(1).click();
+    }
+  });
+}
+
+describe('Add database', () => {
+  before(() => {
+    cy.visit(DATABASE_LIST);
+  });
+
+  beforeEach(() => {
+    cy.intercept('POST', '**/api/v1/database/validate_parameters/**').as(
+      'validateParams',
+    );
+    cy.intercept('POST', '**/api/v1/database/').as('createDb');
+
+    closeModal();
+    cy.getBySel('btn-create-database').click();
+  });
+
+  it('should open dynamic form', () => {
+    cy.get('.preferred > :nth-child(1)').click();
+
+    cy.get('input[name="host"]').should('have.value', '');
+    cy.get('input[name="port"]').should('have.value', '');
+    cy.get('input[name="database"]').should('have.value', '');
+    cy.get('input[name="username"]').should('have.value', '');
+    cy.get('input[name="password"]').should('have.value', '');
+    cy.get('input[name="database_name"]').should('have.value', '');
+  });
+
+  it('should open sqlalchemy form', () => {
+    cy.get('.preferred > :nth-child(1)').click();
+    cy.getBySel('sqla-connect-btn').click();
+
+    cy.getBySel('database-name-input').should('be.visible');
+    cy.getBySel('sqlalchemy-uri-input').should('be.visible');
+  });
+
+  it('show error alerts on dynamic form for bad host', () => {
+    cy.get('.preferred > :nth-child(1)').click();
+
+    cy.get('input[name="host"]').type('badhost', { force: true });
+    cy.get('input[name="port"]').type('5432', { force: true });
+    cy.get('input[name="username"]').type('testusername', { force: true });
+    cy.get('input[name="database"]').type('testdb', { force: true });
+    cy.get('input[name="password"]').type('testpass', { force: true });
+
+    cy.get('body').click(0, 0);
+
+    cy.wait('@validateParams', { timeout: 30000 });
+
+    cy.getBySel('btn-submit-connection').should('not.be.disabled');
+    cy.getBySel('btn-submit-connection').click({ force: true });
+
+    cy.wait('@validateParams', { timeout: 30000 }).then(() => {
+      cy.wait('@createDb', { timeout: 60000 }).then(() => {
+        cy.contains(
+          '.ant-form-item-explain-error',
+          "The hostname provided can't be resolved",
+        ).should('exist');
+      });
+    });
+  });
+
+  it('show error alerts on dynamic form for bad port', () => {
+    cy.get('.preferred > :nth-child(1)').click();
+
+    cy.get('input[name="host"]').type('localhost', { force: true });
+    cy.get('body').click(0, 0);
+    cy.wait('@validateParams', { timeout: 30000 });
+
+    cy.get('input[name="port"]').type('5430', { force: true });
+    cy.get('input[name="database"]').type('testdb', { force: true });
+    cy.get('input[name="username"]').type('testusername', { force: true });
+
+    cy.wait('@validateParams', { timeout: 30000 });
+
+    cy.get('input[name="password"]').type('testpass', { force: true });
+    cy.wait('@validateParams');
+
+    cy.getBySel('btn-submit-connection').should('not.be.disabled');
+    cy.getBySel('btn-submit-connection').click({ force: true });
+    cy.wait('@validateParams', { timeout: 30000 }).then(() => {
+      cy.get('body').click(0, 0);
+      cy.getBySel('btn-submit-connection').click({ force: true });
+      cy.wait('@createDb', { timeout: 60000 }).then(() => {
+        cy.contains(
+          '.ant-form-item-explain-error',
+          'The port is closed',
+        ).should('exist');
+      });
+    });
+  });
+});

superset-frontend/cypress-base/package-lock.json

@@ -27,6 +27,17 @@
         "tscw-config": "^1.1.2"
       }
     },
+    "node_modules/@ampproject/remapping": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.1.2.tgz",
+      "integrity": "sha512-hoyByceqwKirw7w3Z7gnIIZC3Wx3J484Y3L/cMpXFbr7d9ZQj2mODrirNzcJa+SM3UlpWXYvKV4RlRpFXlWgXg==",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.0"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/@babel/code-frame": {
       "version": "7.12.11",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz",
@@ -37,35 +48,33 @@
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
-      "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
-      "license": "MIT",
+      "version": "7.21.4",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.21.4.tgz",
+      "integrity": "sha512-/DYyDpeCfaVinT40FPGdkkb+lYSKvsVuMjDAG7jPOWWiM1ibOaB9CXJAlc4d1QpP/U2q2P9jbrSlClKSErd55g==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
-      "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
-      "license": "MIT",
+      "version": "7.17.5",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.17.5.tgz",
+      "integrity": "sha512-/BBMw4EvjmyquN5O+t5eh0+YqB3XXJkYD2cjKpYtWOfFy4lQ4UozNSmxAcWT8r2XtZs0ewG+zrfsqeR15i1ajA==",
       "dependencies": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/generator": "^7.29.7",
-        "@babel/helper-compilation-targets": "^7.29.7",
-        "@babel/helper-module-transforms": "^7.29.7",
-        "@babel/helpers": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/template": "^7.29.7",
-        "@babel/traverse": "^7.29.7",
-        "@babel/types": "^7.29.7",
-        "@jridgewell/remapping": "^2.3.5",
-        "convert-source-map": "^2.0.0",
+        "@ampproject/remapping": "^2.1.0",
+        "@babel/code-frame": "^7.16.7",
+        "@babel/generator": "^7.17.3",
+        "@babel/helper-compilation-targets": "^7.16.7",
+        "@babel/helper-module-transforms": "^7.16.7",
+        "@babel/helpers": "^7.17.2",
+        "@babel/parser": "^7.17.3",
+        "@babel/template": "^7.16.7",
+        "@babel/traverse": "^7.17.3",
+        "@babel/types": "^7.17.0",
+        "convert-source-map": "^1.7.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
-        "json5": "^2.2.3",
-        "semver": "^6.3.1"
+        "json5": "^2.1.2",
+        "semver": "^6.3.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -76,94 +85,23 @@
       }
     },
     "node_modules/@babel/core/node_modules/@babel/code-frame": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-      "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
-      "license": "MIT",
+      "version": "7.16.7",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz",
+      "integrity": "sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.29.7",
-        "js-tokens": "^4.0.0",
-        "picocolors": "^1.1.1"
+        "@babel/highlight": "^7.16.7"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/core/node_modules/@babel/helper-compilation-targets": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
-      "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
-      "license": "MIT",
-      "dependencies": {
-        "@babel/compat-data": "^7.29.7",
-        "@babel/helper-validator-option": "^7.29.7",
-        "browserslist": "^4.24.0",
-        "lru-cache": "^5.1.1",
-        "semver": "^6.3.1"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/core/node_modules/@babel/helper-module-imports": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
-      "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
-      "license": "MIT",
-      "dependencies": {
-        "@babel/traverse": "^7.29.7",
-        "@babel/types": "^7.29.7"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/core/node_modules/@babel/helper-module-transforms": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
-      "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
-      "license": "MIT",
-      "dependencies": {
-        "@babel/helper-module-imports": "^7.29.7",
-        "@babel/helper-validator-identifier": "^7.29.7",
-        "@babel/traverse": "^7.29.7"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0"
-      }
-    },
-    "node_modules/@babel/core/node_modules/convert-source-map": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
-      "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
-      "license": "MIT"
-    },
-    "node_modules/@babel/core/node_modules/lru-cache": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
-      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
-      "license": "ISC",
-      "dependencies": {
-        "yallist": "^3.0.2"
-      }
-    },
-    "node_modules/@babel/core/node_modules/yallist": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
-      "license": "ISC"
-    },
     "node_modules/@babel/generator": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
-      "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
-      "license": "MIT",
+      "version": "7.29.1",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+      "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
       "dependencies": {
-        "@babel/parser": "^7.29.7",
-        "@babel/types": "^7.29.7",
+        "@babel/parser": "^7.29.0",
+        "@babel/types": "^7.29.0",
         "@jridgewell/gen-mapping": "^0.3.12",
         "@jridgewell/trace-mapping": "^0.3.28",
         "jsesc": "^3.0.2"
@@ -201,7 +139,6 @@
       "version": "7.21.4",
       "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.21.4.tgz",
       "integrity": "sha512-Fa0tTuOXZ1iL8IeDFUWCzjZcn+sJGd9RZdH9esYVjEejGmzf+FFYQpMi/kZUk2kPy/q1H3/GPw7np8qar/stfg==",
-      "peer": true,
       "dependencies": {
         "@babel/compat-data": "^7.21.4",
         "@babel/helper-validator-option": "^7.21.0",
@@ -220,7 +157,6 @@
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
       "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
-      "peer": true,
       "dependencies": {
         "yallist": "^3.0.2"
       }
@@ -228,8 +164,7 @@
     "node_modules/@babel/helper-compilation-targets/node_modules/yallist": {
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
-      "peer": true
+      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
     },
     "node_modules/@babel/helper-create-class-features-plugin": {
       "version": "7.21.4",
@@ -321,10 +256,9 @@
       }
     },
     "node_modules/@babel/helper-globals": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
-      "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
-      "license": "MIT",
+      "version": "7.28.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+      "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
       "engines": {
         "node": ">=6.9.0"
       }
@@ -345,7 +279,6 @@
       "version": "7.28.6",
       "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
       "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
-      "peer": true,
       "dependencies": {
         "@babel/traverse": "^7.28.6",
         "@babel/types": "^7.28.6"
@@ -358,7 +291,6 @@
       "version": "7.28.6",
       "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
       "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
-      "peer": true,
       "dependencies": {
         "@babel/helper-module-imports": "^7.28.6",
         "@babel/helper-validator-identifier": "^7.28.5",
@@ -464,28 +396,25 @@
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
-      "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
-      "license": "MIT",
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
-      "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
-      "license": "MIT",
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-option": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
-      "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
-      "license": "MIT",
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.21.0.tgz",
+      "integrity": "sha512-rmL/B8/f0mKS2baE9ZpyTcTavvEuWhTTW8amjzXNvYG4AwBsqTLikfXsEofsJEfKHf+HQVQbFOHy6o+4cnC/fQ==",
       "engines": {
         "node": ">=6.9.0"
       }
@@ -506,13 +435,13 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
-      "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
+      "version": "7.26.10",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz",
+      "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.29.7",
-        "@babel/types": "^7.29.7"
+        "@babel/template": "^7.26.9",
+        "@babel/types": "^7.26.10"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -522,7 +451,6 @@
       "version": "7.22.20",
       "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz",
       "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==",
-      "peer": true,
       "dependencies": {
         "@babel/helper-validator-identifier": "^7.22.20",
         "chalk": "^2.4.2",
@@ -533,12 +461,11 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
-      "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
-      "license": "MIT",
+      "version": "7.29.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+      "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
       "dependencies": {
-        "@babel/types": "^7.29.7"
+        "@babel/types": "^7.29.0"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -1666,26 +1593,24 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
-      "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
-      "license": "MIT",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+      "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
       "dependencies": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/types": "^7.29.7"
+        "@babel/code-frame": "^7.28.6",
+        "@babel/parser": "^7.28.6",
+        "@babel/types": "^7.28.6"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/template/node_modules/@babel/code-frame": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-      "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
-      "license": "MIT",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+      "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.29.7",
+        "@babel/helper-validator-identifier": "^7.28.5",
         "js-tokens": "^4.0.0",
         "picocolors": "^1.1.1"
       },
@@ -1694,17 +1619,16 @@
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
-      "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
-      "license": "MIT",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+      "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
       "dependencies": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/generator": "^7.29.7",
-        "@babel/helper-globals": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/template": "^7.29.7",
-        "@babel/types": "^7.29.7",
+        "@babel/code-frame": "^7.29.0",
+        "@babel/generator": "^7.29.0",
+        "@babel/helper-globals": "^7.28.0",
+        "@babel/parser": "^7.29.0",
+        "@babel/template": "^7.28.6",
+        "@babel/types": "^7.29.0",
         "debug": "^4.3.1"
       },
       "engines": {
@@ -1712,12 +1636,11 @@
       }
     },
     "node_modules/@babel/traverse/node_modules/@babel/code-frame": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-      "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
-      "license": "MIT",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+      "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.29.7",
+        "@babel/helper-validator-identifier": "^7.28.5",
         "js-tokens": "^4.0.0",
         "picocolors": "^1.1.1"
       },
@@ -1726,13 +1649,12 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
-      "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
-      "license": "MIT",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+      "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.29.7",
-        "@babel/helper-validator-identifier": "^7.29.7"
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2171,16 +2093,6 @@
         "@jridgewell/trace-mapping": "^0.3.24"
       }
     },
-    "node_modules/@jridgewell/remapping": {
-      "version": "2.3.5",
-      "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
-      "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@jridgewell/gen-mapping": "^0.3.5",
-        "@jridgewell/trace-mapping": "^0.3.24"
-      }
-    },
     "node_modules/@jridgewell/resolve-uri": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
@@ -3441,7 +3353,6 @@
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
       "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "peer": true,
       "dependencies": {
         "ansi-styles": "^3.2.1",
         "escape-string-regexp": "^1.0.5",
@@ -3455,7 +3366,6 @@
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
       "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "peer": true,
       "dependencies": {
         "color-convert": "^1.9.0"
       },
@@ -3581,7 +3491,6 @@
       "version": "1.9.3",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "peer": true,
       "dependencies": {
         "color-name": "1.1.3"
       }
@@ -3589,8 +3498,7 @@
     "node_modules/color-name": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
-      "peer": true
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
     },
     "node_modules/colorette": {
       "version": "1.4.0",
@@ -5076,7 +4984,6 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
       "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
-      "peer": true,
       "engines": {
         "node": ">=4"
       }
@@ -7971,7 +7878,6 @@
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
       "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "peer": true,
       "dependencies": {
         "has-flag": "^3.0.0"
       },
@@ -8864,6 +8770,14 @@
     }
   },
   "dependencies": {
+    "@ampproject/remapping": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.1.2.tgz",
+      "integrity": "sha512-hoyByceqwKirw7w3Z7gnIIZC3Wx3J484Y3L/cMpXFbr7d9ZQj2mODrirNzcJa+SM3UlpWXYvKV4RlRpFXlWgXg==",
+      "requires": {
+        "@jridgewell/trace-mapping": "^0.3.0"
+      }
+    },
     "@babel/code-frame": {
       "version": "7.12.11",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz",
@@ -8874,100 +8788,49 @@
       }
     },
     "@babel/compat-data": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
-      "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg=="
+      "version": "7.21.4",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.21.4.tgz",
+      "integrity": "sha512-/DYyDpeCfaVinT40FPGdkkb+lYSKvsVuMjDAG7jPOWWiM1ibOaB9CXJAlc4d1QpP/U2q2P9jbrSlClKSErd55g=="
     },
     "@babel/core": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
-      "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+      "version": "7.17.5",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.17.5.tgz",
+      "integrity": "sha512-/BBMw4EvjmyquN5O+t5eh0+YqB3XXJkYD2cjKpYtWOfFy4lQ4UozNSmxAcWT8r2XtZs0ewG+zrfsqeR15i1ajA==",
       "requires": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/generator": "^7.29.7",
-        "@babel/helper-compilation-targets": "^7.29.7",
-        "@babel/helper-module-transforms": "^7.29.7",
-        "@babel/helpers": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/template": "^7.29.7",
-        "@babel/traverse": "^7.29.7",
-        "@babel/types": "^7.29.7",
-        "@jridgewell/remapping": "^2.3.5",
-        "convert-source-map": "^2.0.0",
+        "@ampproject/remapping": "^2.1.0",
+        "@babel/code-frame": "^7.16.7",
+        "@babel/generator": "^7.17.3",
+        "@babel/helper-compilation-targets": "^7.16.7",
+        "@babel/helper-module-transforms": "^7.16.7",
+        "@babel/helpers": "^7.17.2",
+        "@babel/parser": "^7.17.3",
+        "@babel/template": "^7.16.7",
+        "@babel/traverse": "^7.17.3",
+        "@babel/types": "^7.17.0",
+        "convert-source-map": "^1.7.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
-        "json5": "^2.2.3",
-        "semver": "^6.3.1"
+        "json5": "^2.1.2",
+        "semver": "^6.3.0"
       },
       "dependencies": {
         "@babel/code-frame": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-          "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
+          "version": "7.16.7",
+          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz",
+          "integrity": "sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==",
           "requires": {
-            "@babel/helper-validator-identifier": "^7.29.7",
-            "js-tokens": "^4.0.0",
-            "picocolors": "^1.1.1"
+            "@babel/highlight": "^7.16.7"
           }
-        },
-        "@babel/helper-compilation-targets": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
-          "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
-          "requires": {
-            "@babel/compat-data": "^7.29.7",
-            "@babel/helper-validator-option": "^7.29.7",
-            "browserslist": "^4.24.0",
-            "lru-cache": "^5.1.1",
-            "semver": "^6.3.1"
-          }
-        },
-        "@babel/helper-module-imports": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
-          "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
-          "requires": {
-            "@babel/traverse": "^7.29.7",
-            "@babel/types": "^7.29.7"
-          }
-        },
-        "@babel/helper-module-transforms": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
-          "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
-          "requires": {
-            "@babel/helper-module-imports": "^7.29.7",
-            "@babel/helper-validator-identifier": "^7.29.7",
-            "@babel/traverse": "^7.29.7"
-          }
-        },
-        "convert-source-map": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
-          "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg=="
-        },
-        "lru-cache": {
-          "version": "5.1.1",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
-          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
-          "requires": {
-            "yallist": "^3.0.2"
-          }
-        },
-        "yallist": {
-          "version": "3.1.1",
-          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
         }
       }
     },
     "@babel/generator": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
-      "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
+      "version": "7.29.1",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+      "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
       "requires": {
-        "@babel/parser": "^7.29.7",
-        "@babel/types": "^7.29.7",
+        "@babel/parser": "^7.29.0",
+        "@babel/types": "^7.29.0",
         "@jridgewell/gen-mapping": "^0.3.12",
         "@jridgewell/trace-mapping": "^0.3.28",
         "jsesc": "^3.0.2"
@@ -8996,7 +8859,6 @@
       "version": "7.21.4",
       "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.21.4.tgz",
       "integrity": "sha512-Fa0tTuOXZ1iL8IeDFUWCzjZcn+sJGd9RZdH9esYVjEejGmzf+FFYQpMi/kZUk2kPy/q1H3/GPw7np8qar/stfg==",
-      "peer": true,
       "requires": {
         "@babel/compat-data": "^7.21.4",
         "@babel/helper-validator-option": "^7.21.0",
@@ -9009,7 +8871,6 @@
           "version": "5.1.1",
           "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
           "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
-          "peer": true,
           "requires": {
             "yallist": "^3.0.2"
           }
@@ -9017,8 +8878,7 @@
         "yallist": {
           "version": "3.1.1",
           "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
-          "peer": true
+          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
         }
       }
     },
@@ -9088,9 +8948,9 @@
       }
     },
     "@babel/helper-globals": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
-      "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA=="
+      "version": "7.28.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+      "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw=="
     },
     "@babel/helper-member-expression-to-functions": {
       "version": "7.21.0",
@@ -9105,7 +8965,6 @@
       "version": "7.28.6",
       "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
       "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
-      "peer": true,
       "requires": {
         "@babel/traverse": "^7.28.6",
         "@babel/types": "^7.28.6"
@@ -9115,7 +8974,6 @@
       "version": "7.28.6",
       "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
       "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
-      "peer": true,
       "requires": {
         "@babel/helper-module-imports": "^7.28.6",
         "@babel/helper-validator-identifier": "^7.28.5",
@@ -9191,19 +9049,19 @@
       }
     },
     "@babel/helper-string-parser": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
-      "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw=="
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA=="
     },
     "@babel/helper-validator-identifier": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
-      "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg=="
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q=="
     },
     "@babel/helper-validator-option": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
-      "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw=="
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.21.0.tgz",
+      "integrity": "sha512-rmL/B8/f0mKS2baE9ZpyTcTavvEuWhTTW8amjzXNvYG4AwBsqTLikfXsEofsJEfKHf+HQVQbFOHy6o+4cnC/fQ=="
     },
     "@babel/helper-wrap-function": {
       "version": "7.20.5",
@@ -9218,19 +9076,18 @@
       }
     },
     "@babel/helpers": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
-      "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
+      "version": "7.26.10",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz",
+      "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==",
       "requires": {
-        "@babel/template": "^7.29.7",
-        "@babel/types": "^7.29.7"
+        "@babel/template": "^7.26.9",
+        "@babel/types": "^7.26.10"
       }
     },
     "@babel/highlight": {
       "version": "7.22.20",
       "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz",
       "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==",
-      "peer": true,
       "requires": {
         "@babel/helper-validator-identifier": "^7.22.20",
         "chalk": "^2.4.2",
@@ -9238,11 +9095,11 @@
       }
     },
     "@babel/parser": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
-      "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
+      "version": "7.29.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+      "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
       "requires": {
-        "@babel/types": "^7.29.7"
+        "@babel/types": "^7.29.0"
       }
     },
     "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
@@ -9994,21 +9851,21 @@
       }
     },
     "@babel/template": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
-      "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+      "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
       "requires": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/types": "^7.29.7"
+        "@babel/code-frame": "^7.28.6",
+        "@babel/parser": "^7.28.6",
+        "@babel/types": "^7.28.6"
       },
       "dependencies": {
         "@babel/code-frame": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-          "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
+          "version": "7.29.0",
+          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+          "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
           "requires": {
-            "@babel/helper-validator-identifier": "^7.29.7",
+            "@babel/helper-validator-identifier": "^7.28.5",
             "js-tokens": "^4.0.0",
             "picocolors": "^1.1.1"
           }
@@ -10016,25 +9873,25 @@
       }
     },
     "@babel/traverse": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
-      "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+      "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
       "requires": {
-        "@babel/code-frame": "^7.29.7",
-        "@babel/generator": "^7.29.7",
-        "@babel/helper-globals": "^7.29.7",
-        "@babel/parser": "^7.29.7",
-        "@babel/template": "^7.29.7",
-        "@babel/types": "^7.29.7",
+        "@babel/code-frame": "^7.29.0",
+        "@babel/generator": "^7.29.0",
+        "@babel/helper-globals": "^7.28.0",
+        "@babel/parser": "^7.29.0",
+        "@babel/template": "^7.28.6",
+        "@babel/types": "^7.29.0",
         "debug": "^4.3.1"
       },
       "dependencies": {
         "@babel/code-frame": {
-          "version": "7.29.7",
-          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
-          "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
+          "version": "7.29.0",
+          "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+          "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
           "requires": {
-            "@babel/helper-validator-identifier": "^7.29.7",
+            "@babel/helper-validator-identifier": "^7.28.5",
             "js-tokens": "^4.0.0",
             "picocolors": "^1.1.1"
           }
@@ -10042,12 +9899,12 @@
       }
     },
     "@babel/types": {
-      "version": "7.29.7",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
-      "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+      "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
       "requires": {
-        "@babel/helper-string-parser": "^7.29.7",
-        "@babel/helper-validator-identifier": "^7.29.7"
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
       }
     },
     "@colors/colors": {
@@ -10369,7 +10226,7 @@
         "camelcase": "^5.3.1",
         "find-up": "^4.1.0",
         "get-package-type": "^0.1.0",
-        "js-yaml": "4.1.1",
+        "js-yaml": "^3.13.1",
         "resolve-from": "^5.0.0"
       },
       "dependencies": {
@@ -10379,8 +10236,7 @@
           "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
         },
         "js-yaml": {
-          "version": "4.1.1",
-          "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+          "version": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
           "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
           "requires": {
             "argparse": "^2.0.1"
@@ -10402,15 +10258,6 @@
         "@jridgewell/trace-mapping": "^0.3.24"
       }
     },
-    "@jridgewell/remapping": {
-      "version": "2.3.5",
-      "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
-      "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
-      "requires": {
-        "@jridgewell/gen-mapping": "^0.3.5",
-        "@jridgewell/trace-mapping": "^0.3.24"
-      }
-    },
     "@jridgewell/resolve-uri": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
@@ -11470,7 +11317,6 @@
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
       "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "peer": true,
       "requires": {
         "ansi-styles": "^3.2.1",
         "escape-string-regexp": "^1.0.5",
@@ -11481,7 +11327,6 @@
           "version": "3.2.1",
           "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
           "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-          "peer": true,
           "requires": {
             "color-convert": "^1.9.0"
           }
@@ -11574,7 +11419,6 @@
       "version": "1.9.3",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "peer": true,
       "requires": {
         "color-name": "1.1.3"
       }
@@ -11582,8 +11426,7 @@
     "color-name": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
-      "peer": true
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
     },
     "colorette": {
       "version": "1.4.0",
@@ -12703,8 +12546,7 @@
     "has-flag": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
-      "peer": true
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
     },
     "has-symbols": {
       "version": "1.1.0",
@@ -13030,7 +12872,7 @@
       "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz",
       "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==",
       "requires": {
-        "@babel/core": "^7.29.6",
+        "@babel/core": "^7.7.5",
         "@istanbuljs/schema": "^0.1.2",
         "istanbul-lib-coverage": "^3.0.0",
         "semver": "^6.3.0"
@@ -14738,7 +14580,6 @@
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
       "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "peer": true,
       "requires": {
         "has-flag": "^3.0.0"
       }

superset-frontend/cypress-base/package.json

@@ -34,7 +34,6 @@
     "tscw-config": "^1.1.2"
   },
   "overrides": {
-    "@babel/core": "^7.29.6",
     "cypress": {
       "form-data": "^2.3.4"
     },

superset-frontend/package.json

@@ -119,7 +119,7 @@
     "@great-expectations/jsonforms-antd-renderers": "^2.2.10",
     "@jsonforms/core": "^3.7.0",
     "@jsonforms/react": "^3.7.0",
-    "@jsonforms/vanilla-renderers": "^3.8.0",
+    "@jsonforms/vanilla-renderers": "^3.7.0",
     "@luma.gl/constants": "~9.2.5",
     "@luma.gl/core": "~9.2.5",
     "@luma.gl/engine": "~9.2.5",
@@ -192,13 +192,13 @@
     "json-bigint": "^1.0.0",
     "json-stringify-pretty-compact": "^4.0.0",
     "lodash": "^4.18.1",
-    "mapbox-gl": "^3.25.0",
+    "mapbox-gl": "^3.24.1",
     "markdown-to-jsx": "^9.8.2",
     "match-sorter": "^8.3.0",
     "memoize-one": "^6.0.0",
     "mousetrap": "^1.6.5",
     "mustache": "^4.2.0",
-    "nanoid": "^5.1.14",
+    "nanoid": "^5.1.11",
     "ol": "^10.9.0",
     "query-string": "9.4.0",
     "re-resizable": "^6.11.2",
@@ -270,7 +270,7 @@
     "@storybook/test-runner": "0.24.4",
     "@svgr/webpack": "^8.1.0",
     "@swc/core": "^1.15.41",
-    "@swc/plugin-emotion": "^14.13.0",
+    "@swc/plugin-emotion": "^14.12.0",
     "@swc/plugin-transform-imports": "^12.5.0",
     "@testing-library/dom": "^9.3.4",
     "@testing-library/jest-dom": "^6.9.1",
@@ -283,7 +283,7 @@
     "@types/js-levenshtein": "^1.1.3",
     "@types/json-bigint": "^1.0.4",
     "@types/mousetrap": "^1.6.15",
-    "@types/node": "^26.0.0",
+    "@types/node": "^25.9.3",
     "@types/react": "^18.3.0",
     "@types/react-dom": "^18.3.0",
     "@types/react-loadable": "^5.5.11",
@@ -303,7 +303,7 @@
     "babel-plugin-dynamic-import-node": "^2.3.3",
     "babel-plugin-jsx-remove-data-test-id": "^3.0.0",
     "babel-plugin-lodash": "^3.3.4",
-    "baseline-browser-mapping": "^2.10.38",
+    "baseline-browser-mapping": "^2.10.37",
     "cheerio": "1.2.0",
     "concurrently": "^10.0.3",
     "copy-webpack-plugin": "^14.0.0",
@@ -350,12 +350,12 @@
     "process": "^0.11.10",
     "react-dnd-test-backend": "^16.0.1",
     "react-refresh": "^0.18.0",
-    "react-resizable": "^4.0.2",
+    "react-resizable": "^4.0.1",
     "redux-mock-store": "^1.5.4",
     "source-map": "^0.7.6",
     "source-map-support": "^0.5.21",
     "speed-measure-webpack-plugin": "^1.6.0",
-    "storybook": "10.4.6",
+    "storybook": "10.4.5",
     "style-loader": "^4.0.0",
     "swc-loader": "^0.2.7",
     "terser-webpack-plugin": "^5.6.1",
@@ -388,10 +388,6 @@
   "overrides": {
     "uuid": "$uuid",
     "core-js": "^3.38.1",
-    "dompurify": "^3.4.11",
-    "esbuild": "^0.28.1",
-    "http-proxy-middleware": "^2.0.10",
-    "tar": "^7.5.16",
     "puppeteer": "^22.4.1",
     "remark-gfm": "^3.0.1",
     "underscore": "^1.13.7",

superset-frontend/packages/superset-core/package.json

@@ -18,14 +18,6 @@
       "types": "./lib/authentication/index.d.ts",
       "default": "./lib/authentication/index.js"
     },
-    "./chat": {
-      "types": "./lib/chat/index.d.ts",
-      "default": "./lib/chat/index.js"
-    },
-    "./navigation": {
-      "types": "./lib/navigation/index.d.ts",
-      "default": "./lib/navigation/index.js"
-    },
     "./commands": {
       "types": "./lib/commands/index.d.ts",
       "default": "./lib/commands/index.js"

superset-frontend/packages/superset-core/src/chat/index.ts

@@ -1,156 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * @fileoverview Chat contribution API for Superset extensions.
- *
- * Chat is a dedicated contribution type: an extension registers
- * a chat via {@link registerChat} and the host owns where and how it is
- * mounted. The host applies singleton resolution — multiple chat extensions
- * may register, but exactly one is active at a time.
- *
- * @example
- * ```typescript
- * import { chat } from '@apache-superset/core';
- *
- * chat.registerChat(
- *   { id: 'acme.chat', name: 'Acme Chat' },
- *   AcmeTrigger,
- *   AcmePanel,
- * );
- * ```
- */
-
-import { ComponentType } from 'react';
-import type { Disposable, Event } from '../common';
-
-export interface Chat {
-  /** The unique identifier for the chat. */
-  id: string;
-  /** The display name of the chat. */
-  name: string;
-  /** Optional description of the chat. */
-  description?: string;
-}
-
-export type DisplayMode = 'floating' | 'panel';
-
-/**
- * Registers a chat provider. Only one chat is active at a time; the most
- * recently registered chat wins. Disposing the returned Disposable unregisters
- * the chat.
- *
- * @param chat The chat descriptor (id, name).
- * @param trigger The trigger component — the collapsed bubble entry point.
- *   Owns dynamic state such as unread counts.
- * @param panel The panel component, rendered in either display mode. In
- *   'floating' mode it appears as an overlay; in 'panel' mode it is docked
- *   alongside the main content.
- * @returns A Disposable that unregisters the chat when disposed.
- *
- * @example
- * ```typescript
- * chat.registerChat(
- *   { id: 'acme.chat', name: 'Acme Chat' },
- *   AcmeTrigger,
- *   AcmePanel,
- * );
- * ```
- */
-export declare function registerChat(
-  chat: Chat,
-  trigger: ComponentType,
-  panel: ComponentType,
-): Disposable;
-
-/**
- * Returns the active chat descriptor, or undefined if none is registered.
- */
-export declare function getChat(): Chat | undefined;
-
-/**
- * Event fired when a chat is registered.
- */
-export declare const onDidRegisterChat: Event<Chat>;
-
-/**
- * Event fired when a chat is unregistered.
- */
-export declare const onDidUnregisterChat: Event<Chat>;
-
-/**
- * Opens the active chat's panel.
- *
- * Acts on whichever chat is active, regardless of which extension calls it.
- * No-op when no chat is registered or the panel is already open.
- */
-export declare function open(): void;
-
-/**
- * Closes the active chat's panel.
- *
- * Acts on whichever chat is active, regardless of which extension calls it.
- * No-op when the panel is not open.
- */
-export declare function close(): void;
-
-/**
- * Returns whether the active chat's panel is currently open.
- */
-export declare function isOpen(): boolean;
-
-/**
- * Event fired when the chat panel opens. Also fired by the host's own
- * controls, not only by an extension's open() call.
- */
-export declare const onDidOpen: Event<void>;
-
-/**
- * Event fired when the chat panel closes, whether triggered by an extension
- * or by the host.
- */
-export declare const onDidClose: Event<void>;
-
-/**
- * Returns the current display mode.
- */
-export declare function getDisplayMode(): DisplayMode;
-
-/**
- * Sets the display mode. The mode is host-global and applies to whichever
- * chat is active. Use {@link onDidChangeDisplayMode} to observe all changes,
- * including those triggered by the host.
- */
-export declare function setDisplayMode(displayMode: DisplayMode): void;
-
-/**
- * Event fired when the display mode changes, whether triggered by an
- * extension via setDisplayMode() or by host-provided controls.
- */
-export declare const onDidChangeDisplayMode: Event<DisplayMode>;
-
-/**
- * Event fired when the panel is resized in panel mode. Not all hosts provide
- * a resizer — do not rely on this event firing.
- */
-export declare const onDidResizePanel: Event<{ width: number }>;
-
-// TODO: client actions API — tool availability functions will be added here
-// once the client_actions SIP is finalized. The chat namespace is the
-// intended integration point between the two SIPs.

superset-frontend/packages/superset-core/src/common/index.ts

@@ -223,6 +223,8 @@ export interface Extension {
   dependencies: string[];
   /** Human-readable description of the extension */
   description: string;
+  /** List of other extensions that this extension depends on */
+  extensionDependencies: string[];
   /** Unique identifier for the extension */
   id: string;
   /** Human-readable name of the extension */

superset-frontend/packages/superset-core/src/contributions/index.ts

@@ -23,10 +23,9 @@
  * This module defines the aggregate interfaces used by the extension.json
  * manifest and the `superset-extensions` build command. Individual metadata
  * types are defined in their respective namespace modules (commands, views,
- * menus, editors, chat) and re-exported here for the manifest schema.
+ * menus, editors) and re-exported here for the manifest schema.
  */
 
-import { Chat } from '../chat';
 import { Command } from '../commands';
 import { View } from '../views';
 import { Menu } from '../menus';
@@ -72,8 +71,7 @@ export interface MenuContributions {
 }
 
 /**
- * Aggregates all contributions (commands, menus, views, editors, and chat)
- * provided by an extension or module.
+ * Aggregates all contributions (commands, menus, views, and editors) provided by an extension or module.
  */
 export interface Contributions {
   /** List of commands. */
@@ -84,10 +82,4 @@ export interface Contributions {
   views: ViewContributions;
   /** List of editors. */
   editors?: Editor[];
-  /**
-   * The chat contributed by the extension — at most one per extension, since
-   * the host applies singleton resolution and renders exactly one active
-   * chat at a time.
-   */
-  chat?: Chat;
 }

superset-frontend/packages/superset-core/src/index.ts

@@ -18,12 +18,10 @@
  */
 export * as common from './common';
 export * as authentication from './authentication';
-export * as chat from './chat';
 export * as commands from './commands';
 export * as editors from './editors';
 export * as extensions from './extensions';
 export * as menus from './menus';
-export * as navigation from './navigation';
 export * as sqlLab from './sqlLab';
 export * as views from './views';
 export * as contributions from './contributions';

superset-frontend/packages/superset-core/src/navigation/index.ts

@@ -1,81 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * @fileoverview Navigation namespace for Superset extensions.
- *
- * Exposes the current application surface so extensions can react to route
- * changes without polling. Entity-level context (chart, dashboard, dataset)
- * is intentionally not included here — surface-specific namespaces that
- * resolve entity payloads are introduced in later phases.
- */
-
-import { Event } from '../common';
-
-/**
- * The set of top-level application surfaces.
- *
- * `'explore'`, `'dashboard'` and `'dataset'` are the single-entity
- * editing/viewing surfaces. `'chart_list'`, `'dashboard_list'` and
- * `'dataset_list'` are the browse/list surfaces, distinct from those because no
- * single entity is active. `'sqllab'` is the SQL editor where
- * `sqlLab.getCurrentTab()` resolves; `'query_history'` and `'saved_queries'`
- * are the related SQL Lab browse pages, which are not the editor. `'home'` is
- * the welcome surface and the fallback for any route not explicitly enumerated.
- */
-export type Page =
-  | 'dashboard'
-  | 'dashboard_list'
-  | 'explore'
-  | 'chart_list'
-  | 'sqllab'
-  | 'query_history'
-  | 'saved_queries'
-  | 'dataset'
-  | 'dataset_list'
-  | 'home';
-
-/**
- * Returns the current page surface.
- *
- * @example
- * ```typescript
- * const page = navigation.getPage();
- * if (page === 'dashboard') {
- *   // react to being on a dashboard surface
- * }
- * ```
- */
-export declare function getPage(): Page;
-
-/**
- * Event fired whenever the user navigates to a different surface.
- *
- * @example
- * ```typescript
- * const sub = navigation.onDidChangePage(page => {
- *   if (page === 'dashboard') {
- *     // react to navigating onto a dashboard surface
- *   }
- * });
- * // later:
- * sub.dispose();
- * ```
- */
-export declare const onDidChangePage: Event<Page>;

superset-frontend/packages/superset-core/src/views/index.ts

@@ -30,12 +30,12 @@
  *
  * views.registerView(
  *   { id: 'my_ext.result_stats', name: 'Result Stats', location: 'sqllab.panels' },
- *   ResultStatsPanel,
+ *   () => <ResultStatsPanel />,
  * );
  * ```
  */
 
-import { ComponentType } from 'react';
+import { ReactElement } from 'react';
 import { Disposable, Event } from '../common';
 
 /**
@@ -58,7 +58,7 @@ export interface View {
  *
  * @param view The view descriptor (id and name).
  * @param location The location where this view should appear (e.g. "sqllab.panels").
- * @param component The React component to render at that location.
+ * @param provider A function that returns the React element to render.
  * @returns A Disposable that unregisters the view when disposed.
  *
  * @example
@@ -66,14 +66,14 @@ export interface View {
  * views.registerView(
  *   { id: 'my_ext.result_stats', name: 'Result Stats' },
  *   'sqllab.panels',
- *   ResultStatsPanel,
+ *   () => <ResultStatsPanel />,
  * );
  * ```
  */
 export declare function registerView(
   view: View,
   location: string,
-  component: ComponentType,
+  provider: () => ReactElement,
 ): Disposable;
 
 /**

superset-frontend/packages/superset-ui-chart-controls/src/sections/advancedAnalytics.tsx

@@ -132,26 +132,6 @@ export const advancedAnalyticsControls: ControlPanelSectionConfig = {
         },
       },
     ],
-    [
-      {
-        name: 'time_compare_full_range',
-        config: {
-          type: 'CheckboxControl',
-          label: t('Show full range for time shift'),
-          default: false,
-          description: t(
-            'Plot each time-shifted series across its full time range instead ' +
-              'of truncating it to the main series. Useful for comparing a ' +
-              'partial current period (e.g. today so far) against complete ' +
-              'prior periods (e.g. all of yesterday).',
-          ),
-          visibility: ({ controls }) =>
-            Boolean(controls?.time_compare?.value) &&
-            (!Array.isArray(controls?.time_compare?.value) ||
-              controls.time_compare.value.length > 0),
-        },
-      },
-    ],
     [
       {
         name: 'comparison_type',

superset-frontend/packages/superset-ui-chart-controls/src/shared-controls/components/RadioButtonControl.tsx

@@ -60,7 +60,7 @@ export default function RadioButtonControl({
   ...props
 }: RadioButtonControlProps) {
   const normalizedOptions = options.map(normalizeOption);
-  const currentValue = initialValue ?? normalizedOptions[0]?.value;
+  const currentValue = initialValue || normalizedOptions[0].value;
 
   return (
     <div>

superset-frontend/packages/superset-ui-chart-controls/test/shared-controls/components/RadioButtonControl.test.tsx

@@ -359,51 +359,6 @@ test('handles empty options array gracefully', () => {
   expect(container.querySelector('[role="tablist"]')).toBeInTheDocument();
 });
 
-test('currentValue is undefined when options are empty and no value is provided', () => {
-  expect(() => setup({ options: [] })).not.toThrow();
-  const { container } = setup({ options: [] });
-  expect(container.querySelectorAll('[id^="tab-"]').length).toBe(0);
-});
-
-test('preserves falsy numeric value 0 instead of falling back to first option', () => {
-  const { container } = setup({
-    options: [
-      [0, 'Zero'],
-      [1, 'One'],
-      [2, 'Two'],
-    ],
-    value: 0,
-  });
-
-  expect(container.querySelector('#tab-0')).toHaveAttribute(
-    'aria-selected',
-    'true',
-  );
-  expect(container.querySelector('#tab-1')).toHaveAttribute(
-    'aria-selected',
-    'false',
-  );
-});
-
-test('preserves falsy boolean value false instead of falling back to first option', () => {
-  const { container } = setup({
-    options: [
-      [true, 'True'],
-      [false, 'False'],
-    ],
-    value: false,
-  });
-
-  expect(container.querySelector('#tab-true')).toHaveAttribute(
-    'aria-selected',
-    'false',
-  );
-  expect(container.querySelector('#tab-false')).toHaveAttribute(
-    'aria-selected',
-    'true',
-  );
-});
-
 test('renders with hovered prop', () => {
   const { container } = setup({
     label: 'Test',

superset-frontend/packages/superset-ui-core/README.md

@@ -22,50 +22,21 @@ under the License.
 [![Version](https://img.shields.io/npm/v/@superset-ui/core.svg?style=flat)](https://www.npmjs.com/package/@superset-ui/core)
 [![Libraries.io](https://img.shields.io/librariesio/release/npm/%40superset-ui%2Fcore?style=flat)](https://libraries.io/npm/@superset-ui%2Fcore)
 
-The core package for Apache Superset's frontend. It provides shared utilities,
-types, and abstractions used across all Superset chart plugins and UI components.
-
-Key modules include:
-
-- **query** — Utilities for building queries and calling the Superset API
-  (including `makeApi`)
-- **number-format** — Number formatting helpers powered by d3-format
-- **time-format** — Time/date formatting helpers powered by d3-time-format
-- **connection** — `SupersetClient`, the HTTP client for the Superset REST API
-- **chart** — Base classes and types for building chart plugins
-
-> **Note:** i18n utilities (`t`, `tn`, etc.) are no longer part of this package.
-> They now live in `@apache-superset/core`, imported from
-> `@apache-superset/core/translation`.
+Description
 
 #### Example usage
 
 ```js
-import { getNumberFormatter, makeApi } from '@superset-ui/core';
-import { t } from '@apache-superset/core/translation';
-
-// Format a number
-const formatter = getNumberFormatter('.2f');
-console.log(formatter(1234.5)); // "1234.50"
-
-// Translate a string
-console.log(t('Hello %s', 'world'));
-
-// Call a Superset API endpoint
-const fetchDashboards = makeApi({
-  method: 'GET',
-  endpoint: '/api/v1/dashboard',
-});
+import { xxx } from '@superset-ui/core';
 ```
 
+#### API
+
+`fn(args)`
+
+- TBD
+
 ### Development
 
-`@data-ui/build-config` is used to manage the build configuration for this package
-including babel builds, jest testing, eslint, and prettier.
-
-Run tests:
-
-```bash
-cd superset-frontend
-npx jest packages/superset-ui-core
-```
+`@data-ui/build-config` is used to manage the build configuration for this package including babel
+builds, jest testing, eslint, and prettier.

superset-frontend/packages/superset-ui-core/package.json

@@ -52,7 +52,7 @@
     "parse-ms": "^4.0.0",
     "re-resizable": "^6.11.2",
     "react-ace": "^14.0.1",
-    "react-draggable": "^4.7.0",
+    "react-draggable": "^4.6.0",
     "react-error-boundary": "6.0.0",
     "react-js-cron": "^5.2.0",
     "react-markdown": "^8.0.7",
@@ -77,7 +77,7 @@
     "@types/d3-time-format": "^4.0.3",
     "@types/jquery": "^4.0.1",
     "@types/lodash": "^4.17.24",
-    "@types/node": "^26.0.0",
+    "@types/node": "^25.9.3",
     "@types/prop-types": "^15.7.15",
     "@types/react-syntax-highlighter": "^15.5.13",
     "@types/react-table": "^7.7.20",

superset-frontend/packages/superset-ui-core/src/components/IconTooltip/index.tsx

@@ -45,7 +45,6 @@ export const IconTooltip = forwardRef<HTMLElement, IconTooltipProps>(
         }}
         buttonStyle="link"
         className={`IconTooltip ${className}`}
-        aria-label={tooltip ?? undefined}
       >
         {children}
       </Button>