Merge branch 'master' into enxdev/fix/custom-tabs

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <claude@anthropic.com>

docs/yarn.lock

@@ -5342,6 +5342,13 @@ address@^1.0.1:
   resolved "https://registry.npmjs.org/address/-/address-1.2.2.tgz"
   integrity sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==
 
+agent-base@6:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77"
+  integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==
+  dependencies:
+    debug "4"
+
 aggregate-error@^3.0.0:
   version "3.1.0"
   resolved "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz"
@@ -5726,12 +5733,13 @@ available-typed-arrays@^1.0.7:
     possible-typed-array-names "^1.0.0"
 
 axios@^1.15.0:
-  version "1.15.0"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.15.0.tgz#0fcee91ef03d386514474904b27863b2c683bf4f"
-  integrity sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==
+  version "1.16.1"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.16.1.tgz#517e29291d19d6e8cf919ff264f4fe157261ba12"
+  integrity sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==
   dependencies:
-    follow-redirects "^1.15.11"
+    follow-redirects "^1.16.0"
     form-data "^4.0.5"
+    https-proxy-agent "^5.0.1"
     proxy-from-env "^2.1.0"
 
 babel-loader@^9.2.1:
@@ -8245,7 +8253,7 @@ flatted@^3.2.9:
   resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.4.2.tgz#f5c23c107f0f37de8dbdf24f13722b3b98d52726"
   integrity sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==
 
-follow-redirects@^1.0.0, follow-redirects@^1.15.11:
+follow-redirects@^1.0.0, follow-redirects@^1.16.0:
   version "1.16.0"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.16.0.tgz#28474a159d3b9d11ef62050a14ed60e4df6d61bc"
   integrity sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==
@@ -8939,6 +8947,14 @@ http2-wrapper@^2.1.10:
     quick-lru "^5.1.1"
     resolve-alpn "^1.2.0"
 
+https-proxy-agent@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz#c59ef224a04fe8b754f3db0063a25ea30d0005d6"
+  integrity sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==
+  dependencies:
+    agent-base "6"
+    debug "4"
+
 human-signals@^2.1.0:
   version "2.1.0"
   resolved "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz"

pyproject.toml

@@ -53,11 +53,11 @@ dependencies = [
     "flask-compress>=1.13, <2.0",
     "flask-talisman>=1.0.0, <2.0",
     "flask-login>=0.6.0, < 1.0",
-    "flask-migrate>=3.1.0, <4.0",
+    "flask-migrate>=3.1.0, <5.0",
     "flask-session>=0.4.0, <1.0",
     "flask-wtf>=1.1.0, <2.0",
     "geopy",
-    "greenlet>=3.0.3, <=3.1.1",
+    "greenlet>=3.0.3, <=3.5.0",
     "gunicorn>=22.0.0; sys_platform != 'win32'",
     "hashids>=1.3.1, <2",
     # holidays>=0.45 required for security fix
@@ -121,7 +121,7 @@ bigquery = [
     "sqlalchemy-bigquery>=1.15.0",
     "google-cloud-bigquery>=3.10.0",
 ]
-clickhouse = ["clickhouse-connect>=0.13.0, <1.0"]
+clickhouse = ["clickhouse-connect>=0.13.0, <2.0"]
 cockroachdb = ["cockroachdb>=0.3.5, <0.4"]
 crate = ["sqlalchemy-cratedb>=0.40.1, <1"]
 d1 = [
@@ -143,7 +143,7 @@ duckdb = ["duckdb>=1.4.2,<2", "duckdb-engine>=0.17.0"]
 dynamodb = ["pydynamodb>=0.4.2"]
 solr = ["sqlalchemy-solr >= 0.2.0"]
 elasticsearch = ["elasticsearch-dbapi>=0.2.13, <0.3.0"]
-exasol = ["sqlalchemy-exasol >= 2.4.0, <3.0"]
+exasol = ["sqlalchemy-exasol >= 2.4.0, < 8.0"]
 excel = ["xlrd>=1.2.0, <1.3"]
 fastmcp = [
     "fastmcp>=3.2.4,<4.0",
@@ -156,7 +156,7 @@ firebird = ["sqlalchemy-firebird>=0.7.0, <2.2"]
 firebolt = ["firebolt-sqlalchemy>=1.0.0, <2"]
 gevent = ["gevent>=23.9.1"]
 gsheets = ["shillelagh[gsheetsapi]>=1.4.4, <2"]
-hana = ["hdbcli==2.4.162", "sqlalchemy_hana==0.4.0"]
+hana = ["hdbcli==2.28.20", "sqlalchemy_hana==0.4.0"]
 hive = [
     "pyhive[hive]>=0.6.5;python_version<'3.11'",
     "pyhive[hive_pure_sasl]>=0.7.0",

superset-embedded-sdk/package-lock.json

@@ -6756,9 +6756,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "dependencies": {
         "brace-expansion": "^1.1.7"
@@ -12811,9 +12811,9 @@
       "dev": true
     },
     "minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "requires": {
         "brace-expansion": "^1.1.7"

superset-frontend/cypress-base/package-lock.json

@@ -6523,9 +6523,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-      "integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dependencies": {
         "brace-expansion": "^1.1.7"
       },
@@ -7076,15 +7076,6 @@
         }
       ]
     },
-    "node_modules/randombytes": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
-      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
-      "peer": true,
-      "dependencies": {
-        "safe-buffer": "^5.1.0"
-      }
-    },
     "node_modules/react": {
       "version": "16.14.0",
       "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz",
@@ -7554,15 +7545,6 @@
         "semver": "bin/semver.js"
       }
     },
-    "node_modules/serialize-javascript": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
-      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
-      "peer": true,
-      "dependencies": {
-        "randombytes": "^2.1.0"
-      }
-    },
     "node_modules/set-blocking": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -7924,15 +7906,14 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.16",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz",
-      "integrity": "sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.6.0.tgz",
+      "integrity": "sha512-Eum+5ajkaOhf5KbM26osvv21kLD7BaGqQ1UA4Ami4arYwylmGUQTgHFpHDdmJod1q4QXa66p0to/FBKID+J1vA==",
       "peer": true,
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.25",
         "jest-worker": "^27.4.5",
         "schema-utils": "^4.3.0",
-        "serialize-javascript": "^6.0.2",
         "terser": "^5.31.1"
       },
       "engines": {
@@ -7946,12 +7927,39 @@
         "webpack": "^5.1.0"
       },
       "peerDependenciesMeta": {
+        "@minify-html/node": {
+          "optional": true
+        },
         "@swc/core": {
           "optional": true
         },
+        "@swc/css": {
+          "optional": true
+        },
+        "@swc/html": {
+          "optional": true
+        },
+        "clean-css": {
+          "optional": true
+        },
+        "cssnano": {
+          "optional": true
+        },
+        "csso": {
+          "optional": true
+        },
         "esbuild": {
           "optional": true
         },
+        "html-minifier-terser": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "postcss": {
+          "optional": true
+        },
         "uglify-js": {
           "optional": true
         }
@@ -13499,9 +13507,9 @@
       "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg=="
     },
     "minimatch": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-      "integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "requires": {
         "brace-expansion": "^1.1.7"
       }
@@ -13902,15 +13910,6 @@
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
       "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="
     },
-    "randombytes": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
-      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
-      "peer": true,
-      "requires": {
-        "safe-buffer": "^5.1.0"
-      }
-    },
     "react": {
       "version": "16.14.0",
       "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz",
@@ -14273,15 +14272,6 @@
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
       "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="
     },
-    "serialize-javascript": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
-      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
-      "peer": true,
-      "requires": {
-        "randombytes": "^2.1.0"
-      }
-    },
     "set-blocking": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -14566,15 +14556,14 @@
       }
     },
     "terser-webpack-plugin": {
-      "version": "5.3.16",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz",
-      "integrity": "sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.6.0.tgz",
+      "integrity": "sha512-Eum+5ajkaOhf5KbM26osvv21kLD7BaGqQ1UA4Ami4arYwylmGUQTgHFpHDdmJod1q4QXa66p0to/FBKID+J1vA==",
       "peer": true,
       "requires": {
         "@jridgewell/trace-mapping": "^0.3.25",
         "jest-worker": "^27.4.5",
         "schema-utils": "^4.3.0",
-        "serialize-javascript": "^6.0.2",
         "terser": "^5.31.1"
       }
     },

superset-frontend/package.json

@@ -289,7 +289,7 @@
     "@types/js-levenshtein": "^1.1.3",
     "@types/json-bigint": "^1.0.4",
     "@types/mousetrap": "^1.6.15",
-    "@types/node": "^25.6.0",
+    "@types/node": "^25.8.0",
     "@types/react": "^18.2.0",
     "@types/react-dom": "^18.2.0",
     "@types/react-loadable": "^5.5.11",
@@ -411,7 +411,8 @@
     "@luma.gl/engine": "~9.2.5",
     "@luma.gl/gltf": "~9.2.5",
     "@luma.gl/shadertools": "~9.2.5",
-    "@luma.gl/webgl": "~9.2.5"
+    "@luma.gl/webgl": "~9.2.5",
+    "fast-xml-parser": "^5.8.0"
   },
   "readme": "ERROR: No README data found!",
   "scarfSettings": {

superset-frontend/packages/generator-superset/package.json

@@ -30,13 +30,13 @@
   "dependencies": {
     "chalk": "^5.6.2",
     "lodash-es": "^4.18.1",
-    "yeoman-generator": "^8.2.2",
+    "yeoman-generator": "^8.1.2",
     "yosay": "^3.0.0"
   },
   "devDependencies": {
     "cross-env": "^10.1.0",
     "fs-extra": "^11.3.5",
-    "jest": "^30.3.0",
+    "jest": "^30.4.2",
     "yeoman-test": "^11.5.2"
   },
   "engines": {

superset-frontend/packages/superset-ui-core/package.json

@@ -42,7 +42,7 @@
     "d3-time": "^3.1.0",
     "d3-time-format": "^4.1.0",
     "dayjs": "^1.11.20",
-    "dompurify": "^3.4.1",
+    "dompurify": "^3.4.2",
     "fetch-retry": "^6.0.0",
     "handlebars": "^4.7.9",
     "jed": "^1.1.1",
@@ -76,7 +76,7 @@
     "@types/d3-time-format": "^4.0.3",
     "@types/jquery": "^4.0.0",
     "@types/lodash": "^4.17.24",
-    "@types/node": "^25.7.0",
+    "@types/node": "^25.8.0",
     "@types/prop-types": "^15.7.15",
     "@types/react-syntax-highlighter": "^15.5.13",
     "@types/react-table": "^7.7.20",

superset-frontend/plugins/legacy-preset-chart-nvd3/package.json

@@ -34,7 +34,7 @@
     "fast-safe-stringify": "^2.1.1",
     "lodash": "^4.18.1",
     "nvd3-fork": "^2.0.5",
-    "dompurify": "^3.4.1",
+    "dompurify": "^3.4.3",
     "prop-types": "^15.8.1",
     "urijs": "^1.19.11"
   },

superset-frontend/plugins/plugin-chart-handlebars/package.json

@@ -46,6 +46,6 @@
   "devDependencies": {
     "@types/jest": "^30.0.0",
     "@types/lodash": "^4.17.24",
-    "jest": "^30.3.0"
+    "jest": "^30.4.2"
   }
 }

superset-frontend/plugins/plugin-chart-pivot-table/package.json

@@ -39,6 +39,6 @@
   "devDependencies": {
     "@babel/types": "^7.29.0",
     "@types/jest": "^30.0.0",
-    "jest": "^30.3.0"
+    "jest": "^30.4.2"
   }
 }

superset-frontend/src/dashboard/components/gridComponents/TabsRenderer/TabsRenderer.tsx

@@ -46,6 +46,35 @@ import HoverMenu from '../../menu/HoverMenu';
 import DragHandle from '../../dnd/DragHandle';
 import DeleteComponentButton from '../../DeleteComponentButton';
 
+const isInteractiveElement = (element: HTMLElement | null): boolean => {
+  if (!element) return false;
+  const tagName = element.tagName.toUpperCase();
+  if (
+    tagName === 'INPUT' ||
+    tagName === 'TEXTAREA' ||
+    element.isContentEditable
+  ) {
+    return true;
+  }
+  return isInteractiveElement(element.parentElement);
+};
+
+PointerSensor.activators = [
+  {
+    eventName: 'onPointerDown' as const,
+    handler: ({ nativeEvent: event }, { onActivation }) => {
+      if (
+        event.button !== 0 ||
+        isInteractiveElement(event.target as HTMLElement)
+      ) {
+        return false;
+      }
+      onActivation?.({ event });
+      return true;
+    },
+  },
+];
+
 const StyledTabsContainer = styled.div<{ isDragging?: boolean }>`
   width: 100%;
   background-color: ${({ theme }) => theme.colorBgContainer};
@@ -235,7 +264,6 @@ const TabsRenderer = memo<TabsRendererProps>(
           type={editMode ? 'editable-card' : 'card'}
           items={tabItems}
           tabBarStyle={{ paddingLeft: tabBarPaddingLeft }}
-          fullHeight
           {...(editMode && {
             renderTabBar: (tabBarProps, DefaultTabBar) => (
               <DndContext

superset/utils/date_parser.py

@@ -51,6 +51,13 @@ from superset.constants import InstantTimeComparison, LRU_CACHE_MAX_SIZE, NO_TIM
 
 ParserElement.enable_packrat()
 
+# parsedatetime emits a noisy DEBUG record ("eval now with context - False, False")
+# on every relative-date evaluation. Superset has no actionable use for that
+# internal trace, and it floods production logs whenever the root logger is at
+# DEBUG. Suppress the library's own logger to WARNING; real failures still
+# surface, just not the per-call chatter.
+logging.getLogger("parsedatetime").setLevel(logging.WARNING)
+
 logger = logging.getLogger(__name__)
 
 # Mapping of ordinal words to their numeric values for date expressions

superset/views/sqla.py

@@ -29,7 +29,12 @@ from superset.views.base import BaseSupersetView
 
 class RowLevelSecurityView(BaseSupersetView):
     route_base = "/rowlevelsecurity"
-    class_permission_name = "RowLevelSecurity"
+    # Use the canonical, spaced form used by the REST API and the security
+    # manager allow-list (see SupersetSecurityManager.ADMIN_ONLY_VIEW_MENUS).
+    # Prior to this, the view's class-derived name "RowLevelSecurity"
+    # produced a second, duplicate permission alongside "Row Level Security"
+    # in the admin UI — operators had to grant both for a role to work.
+    class_permission_name = "Row Level Security"
 
     @expose("/list/")
     @has_access

tests/unit_tests/utils/date_parser_tests.py

@@ -722,3 +722,41 @@ def test_time_range_bounded_whitespace_regex_invalid(time_range: str) -> None:
     """Reject expressions with 0 or 6+ spaces (fall back to DATETIME wrapping)."""
     result = get_since_until(time_range)
     assert result[0] is None, f"Expected '{time_range}' to NOT match bounded regex"
+
+
+def test_datetime_eval_does_not_emit_parsedatetime_debug_logs(
+    caplog: pytest.LogCaptureFixture,
+) -> None:
+    """
+    Regression for #33365: ``parsedatetime`` emits a noisy DEBUG record
+    (``parsedatetime:eval now with context - False, False``) every time
+    ``datetime_eval`` runs against a relative expression. In production
+    deployments running at DEBUG level this floods the logs — the user
+    report notes "this appears frequently" and a search of the issue
+    tracker turns up "dozens of places where people have posted a log
+    with that in it."
+
+    The fix is to silence the ``parsedatetime`` logger at module load
+    in ``superset/utils/date_parser.py`` (e.g.
+    ``logging.getLogger("parsedatetime").setLevel(logging.WARNING)``).
+    Their own DEBUG output is internal library chatter that Superset
+    does not surface to operators in any actionable way.
+
+    This test captures all log records at DEBUG level during a single
+    ``datetime_eval`` call and asserts that none of them come from the
+    ``parsedatetime`` logger. If the suppression is removed or bypassed,
+    the test fails immediately.
+    """
+    import logging
+
+    with caplog.at_level(logging.DEBUG):
+        datetime_eval("datetime('now')")
+
+    parsedatetime_records = [
+        r for r in caplog.records if r.name.startswith("parsedatetime")
+    ]
+    assert not parsedatetime_records, (
+        "parsedatetime emitted DEBUG records during datetime_eval — these "
+        "flood production logs. Records: "
+        + repr([(r.levelname, r.getMessage()) for r in parsedatetime_records])
+    )

tests/unit_tests/views/test_sqla.py

@@ -0,0 +1,54 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Tests for ``superset/views/sqla.py``."""
+
+
+def test_row_level_security_view_uses_canonical_permission_name() -> None:
+    """
+    Regression for #33744: the RLS view's ``class_permission_name`` must
+    match the user-facing model name ("Row Level Security") so that only
+    one permission is registered.
+
+    Today the view sets ``class_permission_name = "RowLevelSecurity"``
+    (no spaces, derived from the Python class name), while the REST API
+    and the security manager allow-list use the spaced form
+    ("Row Level Security"). This produces two effectively identical
+    permissions in the admin UI:
+
+        - can read on Row Level Security
+        - can read on RowLevelSecurity
+
+    Operators have to grant both for a role to actually work, which is
+    confusing and error-prone (the second one looks like an
+    implementation detail leaking into the UI).
+
+    The fix is a one-line change in ``superset/views/sqla.py`` to align
+    ``class_permission_name`` with the canonical name used elsewhere in
+    the codebase. This test pins that contract.
+    """
+    # Cross-check: the security manager's allow-list (the canonical
+    # source of truth for RLS view-menu naming) uses the spaced form.
+    from superset.security.manager import SupersetSecurityManager
+    from superset.views.sqla import RowLevelSecurityView
+
+    assert "Row Level Security" in SupersetSecurityManager.ADMIN_ONLY_VIEW_MENUS
+    assert RowLevelSecurityView.class_permission_name == "Row Level Security", (
+        "RLS view's class_permission_name diverges from the canonical "
+        '"Row Level Security" used by the API and security manager — '
+        "produces a duplicate `can read on RowLevelSecurity` permission "
+        "alongside `can read on Row Level Security` in the admin UI."
+    )