chore: Adds 4.1.0 RC4 data to CHANGELOG.md

fix(plugin-chart-echarts): sort tooltip correctly (#30819 )
(cherry picked from commit b02d18a39e)
2026-05-07 00:44:26 +00:00 · 2024-11-01 16:49:06 -07:00 · 2024-11-01 16:11:26 -07:00 · 2024-11-01 10:25:05 -07:00 · 2024-11-01 10:08:29 -07:00 · 2024-11-01 09:57:26 -07:00
2352 changed files with 147545 additions and 120410 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -18,7 +18,6 @@
 # https://cwiki.apache.org/confluence/display/INFRA/.asf.yaml+features+for+git+repositories
 ---
 github:
-  del_branch_on_merge: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
  homepage: https://superset.apache.org/
  labels:
@@ -54,9 +53,6 @@ github:
    merge: false
    rebase: false

-  ghp_branch:  gh-pages
-  ghp_path: /
-
  protected_branches:
    master:
      required_status_checks:
@@ -73,16 +69,17 @@ github:
          - cypress-matrix (3, chrome)
          - cypress-matrix (4, chrome)
          - cypress-matrix (5, chrome)
-          - dependency-review
          - frontend-build
-          - pre-commit (current)
-          - pre-commit (previous)
+          - pre-commit
+          - python-lint
          - test-mysql
          - test-postgres (current)
+          - test-postgres (next)
          - test-postgres-hive
          - test-postgres-presto
          - test-sqlite
          - unit-tests (current)
+          - unit-tests (next)

      required_pull_request_reviews:
        dismiss_stale_reviews: false
@@ -90,10 +87,3 @@ github:
        required_approving_review_count: 1

      required_signatures: false
-    gh-pages:
-      required_pull_request_reviews:
-        dismiss_stale_reviews: false
-        require_code_owner_reviews: true
-        required_approving_review_count: 1
-
-      required_signatures: false
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,6 +34,7 @@
 **/*.sqllite
 **/*.swp
 **/.terser-plugin-cache/
+**/.storybook/
 **/node_modules/

 tests/
@@ -41,8 +42,6 @@ docs/
 install/
 superset-frontend/cypress-base/
 superset-frontend/coverage/
-superset-frontend/.temp_cache/
 superset/static/assets/
 superset-websocket/dist/
 venv
-.venv
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,2 @@
 docker/**/*.sh text eol=lf
 *.svg binary
-*.ipynb binary
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@

 # https://github.com/apache/superset/issues/13351

-/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho
+/superset/migrations/ @apache/superset-committers

 # Notify some committers of changes in the components

@@ -12,21 +12,21 @@

 # Notify Helm Chart maintainers about changes in it

-/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina @mistercrunch @rusackas @Antonio-RiveroMartnez
+/helm/superset/ @craig-rueda @dpgaspar @villebro

 # Notify E2E test maintainers of changes

-/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida
+/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida

 # Notify PMC members of changes to GitHub Actions

-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

-# Notify PMC members of changes to required GitHub Actions
+# Notify PMC members of changes to required Github Actions

-/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @Antonio-RiveroMartnez
+/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

-# Maps are a finicky contribution process we care about
+# Maps are a finnicky contribution process we care about

 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -15,9 +15,14 @@ body:
    id: bug-description
    attributes:
      label: Bug description
-      description: A clear description of what the bug is, including reproduction steps and expected behavior.
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    id: repro-steps
+    attributes:
+      label: How to reproduce the bug
      placeholder: |
-        The bug is that...
        1. Go to '...'
        2. Click on '....'
        3. Scroll down to '....'
@@ -41,8 +46,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
-        - "4.1.1"
        - "4.0.2"
+        - "3.1.3"
    validations:
      required: true
  - type: dropdown
--- a/.github/actions/change-detector/label-draft-pr.yml
+++ b/.github/actions/change-detector/label-draft-pr.yml
@@ -1,23 +0,0 @@
-name: Label Draft PRs
-on:
-  pull_request:
-    types:
-      - opened
-      - converted_to_draft
-jobs:
-  label-draft:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if the PR is a draft
-        id: check-draft
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const isDraft = context.payload.pull_request.draft;
-            core.setOutput('isDraft', isDraft);
-      - name: Add `review:draft` Label
-        if: steps.check-draft.outputs.isDraft == 'true'
-        uses: actions-ecosystem/action-add-labels@v1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          labels: "review:draft"
--- a/.github/actions/chart-releaser-action
+++ b/.github/actions/chart-releaser-action
--- a/.github/actions/setup-backend/action.yml
+++ b/.github/actions/setup-backend/action.yml
@@ -26,12 +26,11 @@ runs:
      shell: bash
      run: |
        if [ "${{ inputs.python-version }}" = "current" ]; then
-          echo "PYTHON_VERSION=3.11" >> $GITHUB_ENV
-        elif [ "${{ inputs.python-version }}" = "next" ]; then
-          # currently disabled in GHA matrixes because of library compatibility issues
-          echo "PYTHON_VERSION=3.12" >> $GITHUB_ENV
-        elif [ "${{ inputs.python-version }}" = "previous" ]; then
          echo "PYTHON_VERSION=3.10" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "next" ]; then
+          echo "PYTHON_VERSION=3.11" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "previous" ]; then
+          echo "PYTHON_VERSION=3.9" >> $GITHUB_ENV
        else
          echo "PYTHON_VERSION=${{ inputs.python-version }}" >> $GITHUB_ENV
        fi
@@ -44,15 +43,11 @@ runs:
      run: |
        if [ "${{ inputs.install-superset }}" = "true" ]; then
          sudo apt-get update && sudo apt-get -y install libldap2-dev libsasl2-dev
-
-          pip install --upgrade pip setuptools wheel uv
-
+          pip install --upgrade pip setuptools wheel
          if [ "${{ inputs.requirements-type }}" = "dev" ]; then
-            uv pip install --system -r requirements/development.txt
+            pip install -r requirements/development.txt
          elif [ "${{ inputs.requirements-type }}" = "base" ]; then
-            uv pip install --system -r requirements/base.txt
+            pip install -r requirements/base.txt
          fi
-
-          uv pip install --system -e .
        fi
      shell: bash
--- a/.github/actions/setup-docker/action.yml
+++ b/.github/actions/setup-docker/action.yml
@@ -1,69 +0,0 @@
-name: "Setup Docker Environment"
-description: "Reusable steps for setting up QEMU, Docker Buildx, DockerHub login, Supersetbot, and optionally Docker Compose"
-inputs:
-  build:
-    description: "Used for building?"
-    required: false
-    default: "false"
-  dockerhub-user:
-    description: "DockerHub username"
-    required: false
-  dockerhub-token:
-    description: "DockerHub token"
-    required: false
-  install-docker-compose:
-    description: "Flag to install Docker Compose"
-    required: false
-    default: "true"
-  login-to-dockerhub:
-    description: "Whether you want to log into dockerhub"
-    required: false
-    default: "true"
-outputs: {}
-runs:
-  using: "composite"
-  steps:
-
-    - name: Set up QEMU
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-buildx-action@v3
-
-    - name: Try to login to DockerHub
-      if: ${{ inputs.login-to-dockerhub == 'true' }}
-      continue-on-error: true
-      uses: docker/login-action@v3
-      with:
-        username: ${{ inputs.dockerhub-user }}
-        password: ${{ inputs.dockerhub-token }}
-
-    - name: Install Docker Compose
-      if: ${{ inputs.install-docker-compose == 'true' }}
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y ca-certificates curl
-        sudo install -m 0755 -d /etc/apt/keyrings
-
-        # Download and save the Docker GPG key in the correct format
-        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-
-        # Ensure the key file is readable
-        sudo chmod a+r /etc/apt/keyrings/docker.gpg
-
-        # Add the Docker repository using the correct key
-        echo \
-          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-        # Update package lists and install Docker Compose plugin
-        sudo apt update
-        sudo apt install -y docker-compose-plugin
-
-    - name: Docker Version Info
-      shell: bash
-      run: docker info
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,9 +8,8 @@ updates:

  - package-ecosystem: "npm"
    ignore:
-      # not until React >= 18.0.0
-      - dependency-name: "storybook"
-      - dependency-name: "@storybook*"
+      # not until  node >= 18.12.0
+      - dependency-name: "css-minimizer-webpack-plugin"
    directory: "/superset-frontend/"
    schedule:
      interval: "monthly"
@@ -22,7 +21,8 @@ updates:


  # - package-ecosystem: "pip"
-  # NOTE: as dependabot isn't compatible with our usage of `uv pip compile` we're using
+  # NOTE: as dependabot isn't compatible with our python
+  # dependency setup (pip-compile-multi), we'll be using
  # `supersetbot` instead

  - package-ecosystem: "npm"
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -165,7 +165,7 @@ cypress-run-all() {
  # UNCOMMENT the next few commands to monitor memory usage
  # monitor_memory &  # Start memory monitoring in the background
  # memoryMonitorPid=$!
-  python ../../scripts/cypress_run.py --parallelism $PARALLELISM --parallelism-id $PARALLEL_ID --group $PARALLEL_ID --retries 5 $USE_DASHBOARD_FLAG
+  python ../../scripts/cypress_run.py --parallelism $PARALLELISM --parallelism-id $PARALLEL_ID --retries 5 $USE_DASHBOARD_FLAG
  # kill $memoryMonitorPid

  # After job is done, print out Flask log for debugging
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -14,16 +14,10 @@ on:
        required: true
        description: Max number of PRs to open (0 for no limit)
        default: 5
-      extra-flags:
-        required: false
-        default: --only-base
-        description: Additional flags to pass to the bump-python command
-  #schedule:
-  #  - cron: '0 0 * * *'  # Runs daily at midnight UTC

 jobs:
  bump-python-package:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: write
      contents: write
@@ -45,8 +39,8 @@ jobs:
        with:
          python-version: "3.10"

-      - name: Install uv
-        run: pip install uv
+      - name: Install pip-compile-multi
+        run: pip install pip-compile-multi

      - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
        env:
@@ -65,13 +59,10 @@ jobs:
            GROUP_OPT="-g ${{ github.event.inputs.group }}"
          fi

-          EXTRA_FLAGS="${{ github.event.inputs.extra-flags }}"
-
          supersetbot bump-python \
            --verbose \
            --use-current-repo \
            --include-subpackages \
            --limit ${{ github.event.inputs.limit }} \
            $PACKAGE_OPT \
-            $GROUP_OPT \
-            $EXTRA_FLAGS
+            $GROUP_OPT
--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -9,7 +9,7 @@ on:
 jobs:
  cancel-duplicate-runs:
    name: Cancel duplicate workflow runs
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: write
      contents: read
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -1,44 +0,0 @@
-name: Check python dependencies
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  check-python-deps:
-    runs-on: ubuntu-22.04
-    steps:
-
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-          submodules: recursive
-          depth: 1
-
-      - name: Setup Python
-        if: steps.check.outputs.python
-        uses: ./.github/actions/setup-backend/
-
-      - name: Run uv
-        if: steps.check.outputs.python
-        run: ./scripts/uv-pip-compile.sh
-
-      - name: Check for uncommitted changes
-        run: |
-          if [[ -n "$(git diff)" ]]; then
-            echo "ERROR: The pinned dependencies are not up-to-date."
-            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
-            exit 1
-          else
-            echo "Pinned dependencies are up-to-date."
-          fi
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -19,7 +19,7 @@ concurrency:
 jobs:
  check_db_migration_conflict:
    name: Check DB migration conflict
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -17,7 +17,7 @@ concurrency:
 jobs:
  analyze:
    name: Analyze
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -5,32 +5,19 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: "Dependency Review"
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
+on: [pull_request]

 permissions:
  contents: read

 jobs:
  dependency-review:
-    if: github.event_name == 'pull_request'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
        uses: actions/checkout@v4
      - name: "Dependency Review"
        uses: actions/dependency-review-action@v4
-        continue-on-error: true
        with:
          fail-on-severity: critical
          # compatible/incompatible licenses addressed here: https://www.apache.org/legal/resolved.html
@@ -45,25 +32,4 @@ jobs:
          #   license: https://applitools.com/legal/open-source-terms-of-use/
          # pkg:npm/node-forge@1.3.1
          #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
-          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1
-
-  python-dependency-liccheck:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: "Checkout Repository"
-        uses: actions/checkout@v4
-
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        with:
-          requirements-type: base
-
-      - name: "Set up liccheck"
-        run: |
-          uv pip install --system liccheck
-      - name: "Run liccheck"
-        run: |
-          # run the checks
-          liccheck -R output.txt
-          # Print the report
-          cat output.txt
+          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,22 +14,21 @@ concurrency:
  cancel-in-progress: true

 jobs:
-
  setup_matrix:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    outputs:
      matrix_config: ${{ steps.set_matrix.outputs.matrix_config }}
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT

  docker-build:
    name: docker-build
    needs: setup_matrix
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
        build_preset: ${{fromJson(needs.setup_matrix.outputs.matrix_config)}}
@@ -37,7 +36,6 @@ jobs:
    env:
      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-      IMAGE_TAG: apache/superset:GHA-${{ matrix.build_preset }}-${{ github.run_id }}

    steps:

@@ -52,13 +50,21 @@ jobs:
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Setup Docker Environment
+      - name: Set up QEMU
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Try to login to DockerHub
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        continue-on-error: true
+        uses: docker/login-action@v3
        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Setup supersetbot
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
@@ -73,65 +79,12 @@ jobs:
          # Single platform builds in pull_request context to speed things up
          if [ "${{ github.event_name }}" = "push" ]; then
            PLATFORM_ARG="--platform linux/arm64 --platform linux/amd64"
-            # can only --load images in single-platform builds
-            PUSH_OR_LOAD="--push"
          elif [ "${{ github.event_name }}" = "pull_request" ]; then
            PLATFORM_ARG="--platform linux/amd64"
-            PUSH_OR_LOAD="--load"
          fi

          supersetbot docker \
-            $PUSH_OR_LOAD \
            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
-            --extra-flags "--build-arg INCLUDE_CHROMIUM=false --tag $IMAGE_TAG" \
            $PLATFORM_ARG
-
-      # in the context of push (using multi-platform build), we need to pull the image locally
-      - name: Docker pull
-        if: github.event_name == 'push' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker)
-        run:  docker pull $IMAGE_TAG
-
-      - name: Print docker stats
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        run: |
-          echo "SHA: ${{ github.sha }}"
-          echo "IMAGE: $IMAGE_TAG"
-          docker images $IMAGE_TAG
-          docker history $IMAGE_TAG
-
-      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
-        shell: bash
-        run: |
-          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
-          # This should reuse the CACHED image built in the previous steps
-          docker compose build superset-init --build-arg DEV_MODE=false --build-arg INCLUDE_CHROMIUM=false
-          docker compose up superset-init --exit-code-from superset-init
-
-  docker-compose-image-tag:
-    runs-on: ubuntu-24.04
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Docker Environment
-        if: steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "false"
-          install-docker-compose: "true"
-      - name: docker-compose sanity check
-        if: steps.check.outputs.docker
-        shell: bash
-        run: |
-          docker compose -f docker-compose-image-tag.yml up superset-init --exit-code-from superset-init
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -23,7 +23,7 @@ jobs:
  build:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
@@ -31,7 +31,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "18"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm run ci:release
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -13,7 +13,7 @@ concurrency:

 jobs:
  embedded-sdk-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
@@ -21,7 +21,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "18"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm test
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -22,7 +22,7 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Cleanup ephemeral envs
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write
    steps:
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -1,177 +1,132 @@
 name: Ephemeral env workflow

-# Example manual trigger:
-# gh workflow run ephemeral-env.yml --ref fix_ephemerals --field label_name="testenv-up" --field issue_number=666
-
 on:
-  pull_request_target:
-    types:
-      - labeled
-  workflow_dispatch:
-    inputs:
-      label_name:
-        description: 'Label name to simulate label-based /testenv trigger'
-        required: true
-        default: 'testenv-up'
-      issue_number:
-        description: 'Issue or PR number'
-        required: true
+  issue_comment:
+    types: [created]

 jobs:
-  ephemeral-env-label:
+  config:
+    runs-on: "ubuntu-22.04"
+    if: github.event.issue.pull_request
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  ephemeral-env-comment:
    concurrency:
-      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-label
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-comment
      cancel-in-progress: true
-    name: Evaluate ephemeral env label trigger
-    runs-on: ubuntu-24.04
+    needs: config
+    if: needs.config.outputs.has-secrets
+    name: Evaluate ephemeral env comment trigger (/testenv)
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write
    outputs:
-      slash-command: ${{ steps.eval-label.outputs.result }}
+      slash-command: ${{ steps.eval-body.outputs.result }}
      feature-flags: ${{ steps.eval-feature-flags.outputs.result }}
-      sha: ${{ steps.get-sha.outputs.sha }}
-    env:
-      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

    steps:
-      - name: Check for the "testenv-up" label
-        id: eval-label
-        run: |
-          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
-            LABEL_NAME="${{ github.event.inputs.label_name }}"
-          else
-            LABEL_NAME="${{ github.event.label.name }}"
-          fi
+    - name: Debug
+      run: |
+        echo "Comment on PR #${{ github.event.issue.number }} by ${{ github.event.issue.user.login }}, ${{ github.event.comment.author_association }}"

-          echo "Evaluating label: $LABEL_NAME"
+    - name: Eval comment body for /testenv slash command
+      uses: actions/github-script@v7
+      id: eval-body
+      with:
+        result-encoding: string
+        script: |
+          const pattern = /^\/testenv (up|down)/
+          const result = pattern.exec(context.payload.comment.body)
+          return result === null ? 'noop' : result[1]

-          if [[ "$LABEL_NAME" == "testenv-up" ]]; then
-            echo "result=up" >> $GITHUB_OUTPUT
-          else
-            echo "result=noop" >> $GITHUB_OUTPUT
-          fi
+    - name: Eval comment body for feature flags
+      uses: actions/github-script@v7
+      id: eval-feature-flags
+      with:
+        script: |
+          const pattern = /FEATURE_(\w+)=(\w+)/g;
+          let results = [];
+          [...context.payload.comment.body.matchAll(pattern)].forEach(match => {
+            const config = {
+              name: `SUPERSET_FEATURE_${match[1]}`,
+              value: match[2],
+            };
+            results.push(config);
+          });
+          return results;

-      - name: Get event SHA
-        id: get-sha
-        if: steps.eval-label.outputs.result == 'up'
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            let prSha;
-
-            // If event is workflow_dispatch, use the issue_number from inputs
-            if (context.eventName === "workflow_dispatch") {
-              const prNumber = "${{ github.event.inputs.issue_number }}";
-              if (!prNumber) {
-                console.log("No PR number found.");
-                return;
-              }
-
-              // Fetch PR details using the provided issue_number
-              const { data: pr } = await github.rest.pulls.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number: prNumber
-              });
-
-              prSha = pr.head.sha;
-            } else {
-              // If it's not workflow_dispatch, use the PR head sha from the event
-              prSha = context.payload.pull_request.head.sha;
-            }
-
-            console.log(`PR SHA: ${prSha}`);
-            core.setOutput("sha", prSha);
-
-      - name: Looking for feature flags in PR description
-        uses: actions/github-script@v7
-        id: eval-feature-flags
-        if: steps.eval-label.outputs.result == 'up'
-        with:
-          script: |
-            const description = context.payload.pull_request
-              ? context.payload.pull_request.body || ''
-              : context.payload.inputs.pr_description || '';
-
-            const pattern = /FEATURE_(\w+)=(\w+)/g;
-            let results = [];
-            [...description.matchAll(pattern)].forEach(match => {
-              const config = {
-                name: `SUPERSET_FEATURE_${match[1]}`,
-                value: match[2],
-              };
-              results.push(config);
-            });
-
-            return results;
-
-      - name: Reply with confirmation comment
-        uses: actions/github-script@v7
-        if: steps.eval-label.outputs.result == 'up'
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const action = '${{ steps.eval-label.outputs.result }}';
-            const user = context.actor;
-            const runId = context.runId;
-            const workflowUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId}`;
-
-            const issueNumber = context.payload.pull_request
-              ? context.payload.pull_request.number
-              : context.payload.inputs.issue_number;
-
-            if (!issueNumber) {
-              throw new Error("Issue number is not available.");
-            }
-
-            const body = `@${user} Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.`;
-
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: issueNumber,
-              body,
-            });
+    - name: Limit to committers
+      if: >
+        steps.eval-body.outputs.result != 'noop' &&
+        github.event.comment.author_association != 'MEMBER' &&
+        github.event.comment.author_association != 'OWNER'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Ephemeral environment creation is currently limited to committers.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)

  ephemeral-docker-build:
    concurrency:
-      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-build
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-build
      cancel-in-progress: true
-    needs: ephemeral-env-label
-    if: needs.ephemeral-env-label.outputs.slash-command == 'up'
+    needs: ephemeral-env-comment
    name: ephemeral-docker-build
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ needs.ephemeral-env-label.outputs.sha }} : ${{steps.get-sha.outputs.sha}} )"
+      - name: Get Info from comment
+        uses: actions/github-script@v7
+        id: get-pr-info
+        with:
+          script: |
+            const request = {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: ${{ github.event.issue.number }},
+            }
+            core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`)
+            const pr = await github.rest.pulls.get(request);
+            return pr.data;
+
+      - name: Debug
+        id: get-sha
+        run: |
+          echo "sha=${{ fromJSON(steps.get-pr-info.outputs.result).head.sha }}" >> $GITHUB_OUTPUT
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : ${{steps.get-sha.outputs.sha}} )"
        uses: actions/checkout@v4
        with:
-          ref: ${{ needs.ephemeral-env-label.outputs.sha }}
+          ref: ${{ steps.get-sha.outputs.sha }}
          persist-credentials: false

-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
-          install-docker-compose: "false"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3

-      - name: Setup supersetbot
-        uses: ./.github/actions/setup-supersetbot/
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

      - name: Build ephemeral env image
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          supersetbot docker \
-            --push \
-            --load \
-            --preset ci \
-            --platform  linux/amd64 \
-            --context-ref "$RELEASE" \
-            --extra-flags "--build-arg INCLUDE_CHROMIUM=false"
+          ./scripts/build_docker.py \
+            "ci" \
+            "pull_request" \
+            --build_context_ref ${{ github.event.issue.number }}

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
@@ -189,141 +144,140 @@ jobs:
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: superset-ci
-          IMAGE_TAG: apache/superset:${{ needs.ephemeral-env-label.outputs.sha }}-ci
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
+          IMAGE_TAG: apache/superset:${{ steps.get-sha.outputs.sha }}-ci
        run: |
-          docker tag $IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:pr-$PR_NUMBER-ci
+          docker tag $IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:pr-${{ github.event.issue.number }}-ci
          docker push -a $ECR_REGISTRY/$ECR_REPOSITORY

  ephemeral-env-up:
-    needs: [ephemeral-env-label, ephemeral-docker-build]
-    if: needs.ephemeral-env-label.outputs.slash-command == 'up'
+    needs: [ephemeral-env-comment, ephemeral-docker-build]
+    if: needs.ephemeral-env-comment.outputs.slash-command == 'up'
    name: Spin up an ephemeral environment
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write

    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false

-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-west-2

-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2

-      - name: Check target image exists in ECR
-        id: check-image
-        continue-on-error: true
-        env:
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
-        run: |
-          aws ecr describe-images \
-          --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
-          --repository-name superset-ci \
-          --image-ids imageTag=pr-$PR_NUMBER-ci
+    - name: Check target image exists in ECR
+      id: check-image
+      continue-on-error: true
+      run: |
+        aws ecr describe-images \
+        --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
+        --repository-name superset-ci \
+        --image-ids imageTag=pr-${{ github.event.issue.number }}-ci

-      - name: Fail on missing container image
-        if: steps.check-image.outcome == 'failure'
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.';
-            github.rest.issues.createComment({
-              issue_number: ${{ github.event.inputs.issue_number || github.event.pull_request.number }},
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: errMsg
-            });
-            core.setFailed(errMsg);
+    - name: Fail on missing container image
+      if: steps.check-image.outcome == 'failure'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)

-      - name: Fill in the new image ID in the Amazon ECS task definition
-        id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
-        with:
-          task-definition: .github/workflows/ecs-task-definition.json
-          container-name: superset-ci
-          image: ${{ steps.login-ecr.outputs.registry }}/superset-ci:pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-ci
+    - name: Fill in the new image ID in the Amazon ECS task definition
+      id: task-def
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: .github/workflows/ecs-task-definition.json
+        container-name: superset-ci
+        image: ${{ steps.login-ecr.outputs.registry }}/superset-ci:pr-${{ github.event.issue.number }}-ci

-      - name: Update env vars in the Amazon ECS task definition
-        run: |
-          cat <<< "$(jq '.containerDefinitions[0].environment += ${{ needs.ephemeral-env-label.outputs.feature-flags }}' < ${{ steps.task-def.outputs.task-definition }})" > ${{ steps.task-def.outputs.task-definition }}
+    - name: Update env vars in the Amazon ECS task definition
+      run: |
+        cat <<< "$(jq '.containerDefinitions[0].environment += ${{ needs.ephemeral-env-comment.outputs.feature-flags }}' < ${{ steps.task-def.outputs.task-definition }})" > ${{ steps.task-def.outputs.task-definition }}

-      - name: Describe ECS service
-        id: describe-services
-        run: |
-          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
-      - name: Create ECS service
-        id: create-service
-        if: steps.describe-services.outputs.active != 'true'
-        env:
-          ECR_SUBNETS: subnet-0e15a5034b4121710,subnet-0e8efef4a72224974
-          ECR_SECURITY_GROUP: sg-092ff3a6ae0574d91
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
-        run: |
-          aws ecs create-service \
-          --cluster superset-ci \
-          --service-name pr-$PR_NUMBER-service \
-          --task-definition superset-ci \
-          --launch-type FARGATE \
-          --desired-count 1 \
-          --platform-version LATEST \
-          --network-configuration "awsvpcConfiguration={subnets=[$ECR_SUBNETS],securityGroups=[$ECR_SECURITY_GROUP],assignPublicIp=ENABLED}" \
-          --tags key=pr,value=$PR_NUMBER key=github_user,value=${{ github.actor }}
-      - name: Deploy Amazon ECS task definition
-        id: deploy-task
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
-        with:
-          task-definition: ${{ steps.task-def.outputs.task-definition }}
-          service: pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service
-          cluster: superset-ci
-          wait-for-service-stability: true
-          wait-for-minutes: 10
+    - name: Describe ECS service
+      id: describe-services
+      run: |
+        echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.issue.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
+    - name: Create ECS service
+      if: steps.describe-services.outputs.active != 'true'
+      id: create-service
+      env:
+        ECR_SUBNETS: subnet-0e15a5034b4121710,subnet-0e8efef4a72224974
+        ECR_SECURITY_GROUP: sg-092ff3a6ae0574d91
+      run: |
+        aws ecs create-service \
+        --cluster superset-ci \
+        --service-name pr-${{ github.event.issue.number }}-service \
+        --task-definition superset-ci \
+        --launch-type FARGATE \
+        --desired-count 1 \
+        --platform-version LATEST \
+        --network-configuration "awsvpcConfiguration={subnets=[$ECR_SUBNETS],securityGroups=[$ECR_SECURITY_GROUP],assignPublicIp=ENABLED}" \
+        --tags key=pr,value=${{ github.event.issue.number }} key=github_user,value=${{ github.actor }}

-      - name: List tasks
-        id: list-tasks
-        run: |
-          echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
-      - name: Get network interface
-        id: get-eni
-        run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name==\"networkInterfaceId\"))[0].value')" >> $GITHUB_OUTPUT
-      - name: Get public IP
-        id: get-ip
-        run: |
-          echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
-      - name: Comment (success)
-        if: ${{ success() }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{github.token}}
-          script: |
-            const issue_number = context.payload.inputs?.issue_number || context.issue.number;
-            github.rest.issues.createComment({
-              issue_number: issue_number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `@${{ github.actor }} Ephemeral environment spinning up at http://${{ steps.get-ip.outputs.ip }}:8080. Credentials are 'admin'/'admin'. Please allow several minutes for bootstrapping and startup.`
-            });
-      - name: Comment (failure)
-        if: ${{ failure() }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{github.token}}
-          script: |
-            const issue_number = context.payload.inputs?.issue_number || context.issue.number;
-            github.rest.issues.createComment({
-              issue_number: issue_number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: '@${{ github.event.inputs.user_login || github.event.comment.user.login }} Ephemeral environment creation failed. Please check the Actions logs for details.'
-            })
+    - name: Deploy Amazon ECS task definition
+      id: deploy-task
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def.outputs.task-definition }}
+        service: pr-${{ github.event.issue.number }}-service
+        cluster: superset-ci
+        wait-for-service-stability: true
+        wait-for-minutes: 10
+
+    - name: List tasks
+      id: list-tasks
+      run: |
+        echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.issue.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
+
+    - name: Get network interface
+      id: get-eni
+      run: |
+        echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks | .[0] | .attachments | .[0] | .details | map(select(.name=="networkInterfaceId")) | .[0] | .value')" >> $GITHUB_OUTPUT
+
+    - name: Get public IP
+      id: get-ip
+      run: |
+        echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
+
+    - name: Comment (success)
+      if: ${{ success() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment spinning up at http://${{ steps.get-ip.outputs.ip }}:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.'
+          })
+
+    - name: Comment (failure)
+      if: ${{ failure() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment creation failed. Please check the Actions logs for details.'
+          })
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -24,7 +24,7 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Generate Report
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -11,7 +11,7 @@ on:
 jobs:

  validate-all-ghas:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
@@ -19,7 +19,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: '20'
+          node-version: '18'

      - name: Install Dependencies
        run: npm install -g @action-validator/core @action-validator/cli --save-dev
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -9,7 +9,7 @@ on:

 jobs:
  superbot-orglabel:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,7 +7,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
    - uses: actions/labeler@v5
      with:
--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -6,7 +6,7 @@ on:
 jobs:
  latest-release:
    name: Add/update tag to new release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write

--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
  license_check:
    name: License Check
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -11,7 +11,7 @@ concurrency:

 jobs:
  check-hold-label:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
    - name: Check for 'hold' label
      uses: actions/github-script@v7
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -10,7 +10,7 @@ on:

 jobs:
  lint-check:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -15,10 +15,7 @@ concurrency:

 jobs:
  pre-commit:
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix:
-        python-version: ["current", "previous"]
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -27,8 +24,6 @@ jobs:
          submodules: recursive
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
-        with:
-          python-version: ${{ matrix.python-version }}
      - name: Enable brew and helm-docs
        # Add brew to the path - see https://github.com/actions/runner-images/issues/6283
        run: |
@@ -40,13 +35,8 @@ jobs:
          brew install norwoodj/tap/helm-docs
      - name: pre-commit
        run: |
-          set +e  # Don't exit immediately on failure
-          # Skip eslint as it requires `npm ci` and is executed in another job
-          export SKIP=eslint
-          pre-commit run --all-files
-          if [ $? -ne 0 ] || ! git diff --quiet --exit-code; then
-            echo "❌ Pre-commit check failed."
-            echo "🚒 To prevent/address this CI issue, please install/use pre-commit locally."
-            echo "📖 More details here: https://superset.apache.org/docs/contributing/development#git-hooks"
+          if ! pre-commit run --all-files; then
+            git status
+            git diff
            exit 1
          fi
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -21,7 +21,7 @@ jobs:
  prefer_typescript:
    if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
    name: Prefer TypeScript
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -24,7 +24,13 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
-    runs-on: ubuntu-24.04
+
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        node-version: [18]
+
    steps:
      - uses: actions/checkout@v4
        with:
@@ -40,11 +46,11 @@ jobs:
          git fetch --prune --unshallow
          git tag -d `git tag | grep -E '^trigger-'`

-      - name: Install Node.js
+      - name: Use Node.js ${{ matrix.node-version }}
        if: env.HAS_TAGS
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node-version }}

      - name: Cache npm
        if: env.HAS_TAGS
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -21,11 +21,12 @@ jobs:
  cypress-applitools:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        browser: ["chrome"]
+        node: [18]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -65,7 +66,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -12,7 +12,7 @@ env:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -27,7 +27,10 @@ jobs:
  cron:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        node: [18]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -38,7 +41,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install eyes-storybook dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-cli.yml
+++ b/.github/workflows/superset-cli.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  test-load-examples:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -12,7 +12,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -28,17 +28,17 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Build & Deploy
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
+      - name: Set up Node.js 20
        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
      - uses: actions/setup-java@v4
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -4,7 +4,6 @@ on:
  pull_request:
    paths:
      - "docs/**"
-      - ".github/workflows/superset-docs-verify.yml"
    types: [synchronize, opened, reopened, ready_for_review]

 # cancel previous workflow jobs for PRs
@@ -13,44 +12,9 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  linkinator:
-    # See docs here: https://github.com/marketplace/actions/linkinator
-    name: Link Checking
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # Do not bump this linkinator-action version without opening
-      # an ASF Infra ticket to allow the new verison first!
-      - uses: JustinBeckwith/linkinator-action@v1.11.0
-        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
-        with:
-          paths: "**/*.md, **/*.mdx, !superset-frontend/CHANGELOG.md"
-          linksToSkip: >-
-            ^https://github.com/apache/(superset|incubator-superset)/(pull|issue)/\d+,
-            http://localhost:8088/,
-            http://127.0.0.1:3000/,
-            http://localhost:9001/,
-            https://charts.bitnami.com/bitnami,
-            https://www.li.me/,
-            https://www.fanatics.com/,
-            https://tails.com/gb/,
-            https://www.techaudit.info/,
-            https://avetilearning.com/,
-            https://www.udemy.com/,
-            https://trustmedis.com/,
-            http://theiconic.com.au/,
-            https://dev.mysql.com/doc/refman/5.7/en/innodb-limits.html,
-            ^https://img\.shields\.io/.*,
-            https://vkusvill.ru/
-            https://www.linkedin.com/in/mark-thomas-b16751158/
-            https://theiconic.com.au/
-            https://wattbewerb.de/
-            https://timbr.ai/
-            https://opensource.org/license/apache-2-0
-            https://www.plaidcloud.com/
  build-deploy:
    name: Build & Deploy
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: docs
@@ -60,10 +24,10 @@ jobs:
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
+      - name: Set up Node.js 20
        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: yarn install
        run: |
          yarn install --check-cache
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -28,7 +28,6 @@ concurrency:

 jobs:
  cypress-matrix:
-    # Somehow one test flakes on 24.04 for unknown reasons, this is the only GHA left on 22.04
    runs-on: ubuntu-22.04
    permissions:
      contents: read
@@ -49,8 +48,7 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
-      # use the dashboard feature when running manually OR merging to master
-      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true'|| (github.ref == 'refs/heads/master' && 'true') || 'false' }}
+      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard || (github.ref == 'refs/heads/master' && 'true') || 'false' }}
    services:
      postgres:
        image: postgres:15-alpine
@@ -109,7 +107,7 @@ jobs:
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "18"
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -133,12 +131,11 @@ jobs:
          PARALLEL_ID: ${{ matrix.parallel_id }}
          PARALLELISM: 6
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
-          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
          run: cypress-run-all ${{ env.USE_DASHBOARD }}
      - name: Upload Artifacts
        uses: actions/upload-artifact@v4
-        if: failure()
+        if: github.event_name == 'workflow_dispatch' && (steps.check.outputs.python || steps.check.outputs.frontend)
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
-          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}
+          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -1,4 +1,4 @@
-name: "Frontend Build CI (unit tests, linting & sanity checks)"
+name: Frontend

 on:
  push:
@@ -13,168 +13,73 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

-env:
-  TAG: apache/superset:GHA-${{ github.run_id }}
-
 jobs:
  frontend-build:
-    runs-on: ubuntu-24.04
-    outputs:
-      should-run: ${{ steps.check.outputs.frontend }}
+    runs-on: ubuntu-22.04
    steps:
-      - name: Checkout Code
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
-
-      - name: Check for File Changes
+          submodules: recursive
+      - name: Check npm lock file version
+        run: ./scripts/ci_check_npm_lock_version.sh ./superset-frontend/package-lock.json
+      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Docker Image
+      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker buildx build \
-            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-bookworm \
-            --target superset-node-ci \
-            .
-
-      - name: Save Docker Image as Artifact
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+      - name: Install dependencies
        if: steps.check.outputs.frontend
-        run: |
-          docker save $TAG | gzip > docker-image.tar.gz
-
-      - name: Upload Docker Image Artifact
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: npm-install
+      - name: eslint
        if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@v4
-        with:
-          name: docker-image
-          path: docker-image.tar.gz
-
-  sharded-jest-tests:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    strategy:
-      matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8]
-      fail-fast: false
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: npm run test with coverage
+        working-directory: ./superset-frontend
        run: |
-          mkdir -p ${{ github.workspace }}/superset-frontend/coverage
-          docker run \
-          -v ${{ github.workspace }}/superset-frontend/coverage:/app/superset-frontend/coverage \
-          --rm $TAG \
-          bash -c \
-          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json-summary"
-
-      - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: coverage-artifacts-${{ matrix.shard }}
-          path: superset-frontend/coverage
-
-  report-coverage:
-    needs: [sharded-jest-tests]
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@v4
-        with:
-          pattern: coverage-artifacts-*
-          path: coverage/
-
-      - name: Show Files
-        run: find coverage/
-
-      - name: Merge Code Coverage
-        run: npx nyc merge coverage/ merged-output/coverage-summary.json
-
-      - name: Upload Code Coverage
-        uses: codecov/codecov-action@v5
+          npm run eslint -- . --quiet
+      - name: tsc
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run type
+      - name: prettier
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run prettier-check
+      - name: Build plugins packages
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build
+      - name: Build plugins Storybook
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build-storybook
+      - name: superset-ui/core coverage
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run core:cover
+      - name: unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run test -- --coverage --silent
+      # todo: remove this step when fix generator as a project in root jest.config.js
+      - name: generator-superset unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend/packages/generator-superset
+        run: npm run test
+      - name: Upload code coverage
+        uses: codecov/codecov-action@v4
        with:
          flags: javascript
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          files: merged-output/coverage-summary.json
-          slug: apache/superset
-
-  core-cover:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: superset-ui/core coverage
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run core:cover"
-
-  lint-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: eslint
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm i && npm run eslint -- . --quiet"
-
-      - name: tsc
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run type"
-
-  validate-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: Build Plugins Packages
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run plugins:build"
-
-      - name: Build Plugins Storybook
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run plugins:build-storybook"
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -1,4 +1,4 @@
-name: "Helm: lint and test charts"
+name: Lint and Test Charts

 on:
  pull_request:
@@ -13,7 +13,7 @@ concurrency:

 jobs:
  lint-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -25,7 +25,7 @@ jobs:
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
-          version: v3.16.4
+          version: v3.5.4

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -1,8 +1,4 @@
-# This workflow automates the release process for Helm charts.
-# The workflow creates a new branch for the release and opens a pull request against the 'gh-pages' branch,
-# allowing the changes to be reviewed and merged manually.
-
-name: "Helm: release charts"
+name: Release Charts

 on:
  push:
@@ -11,28 +7,18 @@ on:
      - "[0-9].[0-9]*"
    paths:
      - "helm/**"
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: "The branch, tag, or commit SHA to check out"
-        required: false
-        default: "master"

 jobs:
  release:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write
-      pull-requests: write
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    steps:
-      - name: Checkout code
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.ref || github.ref_name }}
-          persist-credentials: true
+          persist-credentials: false
          submodules: recursive
          fetch-depth: 0

@@ -49,77 +35,11 @@ jobs:
      - name: Add bitnami repo dependency
        run: helm repo add bitnami https://charts.bitnami.com/bitnami

-      - name: Fetch/list all tags
-        run: |
-          # Debugging tags
-          git fetch --tags --force
-          git tag -d superset-helm-chart-0.13.4 || true
-          echo "DEBUG TAGS"
-          git show-ref --tags
-
-      - name: Create unique pages branch name
-        id: vars
-        run: echo "branch_name=helm-publish-${GITHUB_SHA:0:7}" >> $GITHUB_ENV
-
-      - name: Force recreate branch from gh-pages
-        run: |
-          # Ensure a clean working directory
-          git reset --hard
-          git clean -fdx
-          git checkout -b local_gha_temp
-          git submodule update
-
-          # Fetch the latest gh-pages branch
-          git fetch origin gh-pages
-
-          # Check out and reset the target branch based on gh-pages
-          git checkout -B ${{ env.branch_name }} origin/gh-pages
-
-          # Remove submodules from the branch
-          git submodule deinit -f --all
-
-          # Force push to the remote branch
-          git push origin ${{ env.branch_name }} --force
-
-          # Return to the original branch
-          git checkout local_gha_temp
-
-      - name: Fetch/list all tags
-        run: |
-          git submodule update
-          cat .github/actions/chart-releaser-action/action.yml
-
      - name: Run chart-releaser
-        uses: ./.github/actions/chart-releaser-action
+        uses: helm/chart-releaser-action@v1.6.0
        with:
-          version: v1.6.0
          charts_dir: helm
          mark_as_latest: false
-          pages_branch: ${{ env.branch_name }}
        env:
          CR_TOKEN: "${{ github.token }}"
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"
-
-      - name: Open Pull Request
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const branchName = '${{ env.branch_name }}';
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
-
-            if (!branchName) {
-              throw new Error("Branch name is not defined.");
-            }
-
-            const pr = await github.rest.pulls.create({
-              owner,
-              repo,
-              title: `Helm chart release for ${branchName}`,
-              head: branchName,
-              base: "gh-pages", // Adjust if the target branch is different
-              body: `This PR releases Helm charts to the gh-pages branch.`,
-            });
-
-            core.info(`Pull request created: ${pr.data.html_url}`);
-        env:
-          BRANCH_NAME: ${{ env.branch_name }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  test-mysql:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -68,16 +68,16 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,mysql
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
  test-postgres:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["current", "previous"]
+        python-version: ["current", "next", "previous"]
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -129,14 +129,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,postgres
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true

  test-sqlite:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -181,7 +181,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,sqlite
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-misc.yml
+++ b/.github/workflows/superset-python-misc.yml
@@ -0,0 +1,53 @@
+# Python Misc unit tests
+name: Python Misc
+
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  python-lint:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+      - name: Check for file changes
+        id: check
+        uses: ./.github/actions/change-detector/
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Python
+        uses: ./.github/actions/setup-backend/
+        if: steps.check.outputs.python
+
+  babel-extract:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+      - name: Check for file changes
+        id: check
+        uses: ./.github/actions/change-detector/
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Python
+        if: steps.check.outputs.python
+        uses: ./.github/actions/setup-backend/
+      - name: Test babel extraction
+        if: steps.check.outputs.python
+        run: scripts/translations/babel_update.sh
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -16,7 +16,7 @@ concurrency:

 jobs:
  test-postgres-presto:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -77,14 +77,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,presto
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true

  test-postgres-hive:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -142,10 +142,9 @@ jobs:
      - name: Python unit tests (PostgreSQL)
        if: steps.check.outputs.python
        run: |
-          pip install -e .[hive]
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,hive
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -16,10 +16,10 @@ concurrency:

 jobs:
  unit-tests:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["previous", "current"]
+        python-version: ["current", "next"]
    env:
      PYTHONPATH: ${{ github.workspace }}
    steps:
@@ -46,7 +46,7 @@ jobs:
        run: |
          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,unit
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  frontend-check-translations:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -33,7 +33,7 @@ jobs:
        if: steps.check.outputs.frontend
        uses: actions/setup-node@v4
        with:
-          node-version-file:  './superset-frontend/.nvmrc'
+          node-version:  '18'
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -46,7 +46,7 @@ jobs:
          npm run build-translation

  babel-extract:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -18,7 +18,7 @@ concurrency:

 jobs:
  app-checks:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -15,7 +15,7 @@ on:

 jobs:
  supersetbot:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: >
      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot'))
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -23,7 +23,7 @@ on:
          - 'false'
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -39,34 +39,35 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: docker-release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
+          persist-credentials: false
+          tags: true
          fetch-depth: 0

-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          install-docker-compose: "false"
-          build: "true"
-
-      - name: Use Node.js 20
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
      - name: Setup supersetbot
        uses: ./.github/actions/setup-supersetbot/

+      - name: Try to login to DockerHub
+        continue-on-error: true
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Execute custom Node.js script
        env:
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
@@ -87,45 +88,22 @@ jobs:
          fi

          supersetbot docker \
-            --push \
            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
            --platform "linux/arm64" \
            --platform "linux/amd64"

-          # Returning to master to support closing setup-supersetbot
-          git checkout master
-
-  update-prs-with-release-info:
-    needs: config
-    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-
+      # Going back on original branch to allow "post" GHA operations
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
-          fetch-depth: 0
-
-      - name: Use Node.js 20
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
-      - name: Setup supersetbot
-        uses: ./.github/actions/setup-supersetbot/
+          persist-credentials: false

      - name: Label the PRs with the right release-related labels
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          export GITHUB_ACTOR=""
-          git fetch --all --tags
-          git checkout master
          RELEASE="${{ github.event.release.tag_name }}"
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            # in the case of a manually-triggered run, read release from input
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -23,7 +23,7 @@ jobs:
  process-and-upload:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    name: Generate Reports
    steps:
      - name: Checkout Repository
@@ -32,7 +32,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: '18'

      - name: Install Dependencies
        run: npm install
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  welcome:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write

--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@
 *.swp
 __pycache__

-.aider*
 .local
 .cache
 .bento*
@@ -51,6 +50,7 @@ env
 venv*
 env_py3
 envpy3
+env36
 local_config.py
 /superset_config.py
 /superset_text.yml
@@ -66,10 +66,7 @@ superset-websocket/config.json
 *.js.map
 node_modules
 npm-debug.log*
-superset/static/assets/*
-!superset/static/assets/.gitkeep
-superset/static/uploads/*
-!superset/static/uploads/.gitkeep
+superset/static/assets
 superset/static/version_info.json
 superset-frontend/**/esm/*
 superset-frontend/**/lib/*
@@ -124,5 +121,3 @@ docker/*local*

 # Jest test report
 test-report.html
-superset/static/stats/statistics.html
-.aider*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,11 +16,11 @@
 #
 repos:
  - repo: https://github.com/MarcoGorelli/auto-walrus
-    rev: 0.3.4
+    rev: v0.2.2
    hooks:
      - id: auto-walrus
  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.13.0
+    rev: v1.3.0
    hooks:
      - id: mypy
        args: [--check-untyped-defs]
@@ -38,36 +38,28 @@ repos:
            types-paramiko,
            types-Markdown,
          ]
+  - repo: https://github.com/peterdemin/pip-compile-multi
+    rev: v2.6.2
+    hooks:
+      - id: pip-compile-multi-verify
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v4.4.0
    hooks:
      - id: check-docstring-first
      - id: check-added-large-files
-        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$
+        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*
      - id: check-yaml
        exclude: ^helm/superset/templates/
      - id: debug-statements
      - id: end-of-file-fixer
-        exclude: .*/lerna\.json$
      - id: trailing-whitespace
-        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
  - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v4.0.0-alpha.8 # Use the sha or tag you want to point at
+    rev: v3.1.0 # Use the sha or tag you want to point at
    hooks:
      - id: prettier
-        additional_dependencies:
-          - prettier@3.3.3
        args: ["--ignore-path=./superset-frontend/.prettierignore"]
        files: "superset-frontend"
-  - repo: local
-    hooks:
-      - id: eslint
-        name: eslint
-        entry: bash -c 'cd superset-frontend && npm run eslint -- $(echo "$@" | sed "s|superset-frontend/||g")'
-        language: system
-        pass_filenames: true
-        files: \.(js|jsx|ts|tsx)$
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -75,13 +67,27 @@ repos:
      - id: blacklist
        args: ["--blacklisted-names=make_url", "--ignore=tests/"]
  - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.14.2
+    rev: v1.11.0
    hooks:
      - id: helm-docs
        files: helm
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.0
+    rev: v0.4.0
    hooks:
      - id: ruff
        args: [ --fix ]
      - id: ruff-format
+  - repo: local
+    hooks:
+      - id: pylint
+        name: pylint
+        entry: pylint
+        language: system
+        types: [python]
+        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
+        args:
+          [
+            "-rn", # Only display messages
+            "-sn", # Don't display the score
+            "--rcfile=.pylintrc",
+          ]
--- a/.pylintrc
+++ b/.pylintrc
@@ -0,0 +1,380 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[MASTER]
+
+# Specify a configuration file.
+#rcfile=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=CVS,migrations
+
+# Add files or directories matching the regex patterns to the blacklist. The
+# regex matches against base names, not paths.
+ignore-patterns=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=superset.extensions.pylint
+
+# Use multiple processes to speed up Pylint.
+jobs=2
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code
+extension-pkg-whitelist=pyarrow
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=
+    useless-suppression,
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=
+    cyclic-import,  # re-enable once this no longer raises false positives
+    missing-docstring,
+    duplicate-code,
+    line-too-long,
+    unspecified-encoding,
+    too-many-instance-attributes  # re-enable once this no longer raises false positives
+
+[REPORTS]
+
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html. You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages
+reports=yes
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+
+[BASIC]
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=_,df,ex,f,i,id,j,k,l,o,pk,Run,ts,v,x,y
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=bar,baz,db,fd,foo,sesh,session,tata,toto,tutu
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+property-classes=
+    abc.abstractproperty,
+    sqlalchemy.ext.hybrid.hybrid_property
+
+# Regular expression matching correct argument names
+argument-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct method names
+method-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct variable names
+variable-rgx=[a-z_][a-z0-9_]{1,30}$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
+
+# Regular expression matching correct constant names
+const-rgx=(([A-Za-z_][A-Za-z0-9_]*)|(__.*__))$
+
+# Regular expression matching correct class names
+class-rgx=[A-Z_][a-zA-Z0-9]+$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Regular expression matching correct module names
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Regular expression matching correct attribute names
+attr-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct function names
+function-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=10
+
+
+[ELIF]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+
+[FORMAT]
+
+# Maximum number of characters on a single line.
+max-line-length=100
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+# Maximum number of lines in a module
+max-module-lines=1000
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,XXX
+
+
+[SIMILARITIES]
+
+# Minimum lines number of a similarity.
+min-similarity-lines=5
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[TYPECHECK]
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=numpy,pandas,alembic.op,sqlalchemy,alembic.context,flask_appbuilder.security.sqla.PermissionView.role,flask_appbuilder.Model.metadata,flask_appbuilder.Base.metadata
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=contextlib.closing,optparse.Values,thread._local,_thread._local
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+
+[VARIABLES]
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=(_+[a-zA-Z0-9]*?$)|dummy
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,future.builtins
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,__new__,setUp
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,_fields,_replace,_source,_make
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method
+max-args=5
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore
+ignored-argument-names=_.*
+
+# Maximum number of locals for function / method body
+max-locals=15
+
+# Maximum number of return / yield for function / method body
+max-returns=10
+
+# Maximum number of branch for function / method body
+max-branches=15
+
+# Maximum number of statements in function / method body
+max-statements=50
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=8
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of boolean expressions in a if statement
+max-bool-expr=5
+
+
+[IMPORTS]
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=optparse
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=builtins.Exception
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -61,16 +61,12 @@ tsconfig.tsbuildinfo
 generator-superset/*
 temporary_superset_ui/*

-# skip license checks for auto-generated test snapshots
-.*snap
-
 # docs overrides for third party logos we don't have the rights to
 google-big-query.svg
 google-sheets.svg
 ibm-db2.svg
 postgresql.svg
 snowflake.svg
-ydb.svg

 # docs-related
 erd.puml
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -80,9 +80,9 @@ If you believe someone is violating this code of conduct, you may reply to them

 Or one of our volunteers:

-* [Mark Thomas](https://www.linkedin.com/in/mark-thomas-b16751158/)
-* [Joan Touzet](https://www.apache.org/foundation/conduct-team/wohali.html)
-* [Sharan Foga](https://www.linkedin.com/in/sfoga/)
+* [Mark Thomas](http://home.apache.org/~markt/coc.html)
+* [Joan Touzet](http://home.apache.org/~wohali/)
+* [Sharan Foga](http://home.apache.org/~sharan/coc.html)

 If the violation is in documentation or code, for example inappropriate pronoun usage or word choice within official documentation, we ask that people report these privately to the project in question at <private@project.apache.org>, and, if they have sufficient ability within the project, to resolve or remove the concerning material, being mindful of the perspective of the person originally reporting the issue.

@@ -94,9 +94,9 @@ This statement thanks the following, on which it draws for content and inspirati

 * [CouchDB Project Code of conduct](http://couchdb.apache.org/conduct.html)
 * [Fedora Project Code of Conduct](http://fedoraproject.org/code-of-conduct)
-* [Speak Up! Code of Conduct](http://web.archive.org/web/20141109123859/http://speakup.io/coc.html)
+* [Speak Up! Code of Conduct](http://speakup.io/coc.html)
 * [Django Code of Conduct](https://www.djangoproject.com/conduct/)
-* [Debian Code of Conduct](https://www.debian.org/vote/2014/vote_002)
+* [Debian Code of Conduct](http://www.debian.org/vote/2014/vote_002)
 * [Twitter Open Source Code of Conduct](https://github.com/twitter/code-of-conduct/blob/master/code-of-conduct.md)
 * [Mozilla Code of Conduct/Draft](https://wiki.mozilla.org/Code_of_Conduct/Draft#Conflicts_of_Interest)
 * [Python Diversity Appendix](https://www.python.org/community/diversity/)
--- a/330
+++ b/330
@@ -18,246 +18,162 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.11-slim-bookworm
+ARG PY_VER=3.10-slim-bookworm

-# If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
+# if BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
+FROM --platform=${BUILDPLATFORM} node:18-bullseye-slim AS superset-node

-# Include translations in the final build
-ARG BUILD_TRANSLATIONS="false"
-
-######################################################################
-# superset-node-ci used as a base for building frontend assets and CI
-######################################################################
-FROM --platform=${BUILDPLATFORM} node:20-bullseye-slim AS superset-node-ci
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-ARG DEV_MODE="false"           # Skip frontend build in dev mode
-ENV DEV_MODE=${DEV_MODE}
-
-COPY docker/ /app/docker/
-# Arguments for build configuration
 ARG NPM_BUILD_CMD="build"

-# Install system dependencies required for node-gyp
-RUN /app/docker/apt-install.sh build-essential python3 zstd
+# Somehow we need python3 + build-essential on this side of the house to install node-gyp
+RUN apt-get update -qq \
+    && apt-get install \
+        -yqq --no-install-recommends \
+        build-essential \
+        python3

-# Define environment variables for frontend build
 ENV BUILD_CMD=${NPM_BUILD_CMD} \
    PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+# NPM ci first, as to NOT invalidate previous steps except for when package.json changes

-# Run the frontend memory monitoring script
-RUN /app/docker/frontend-mem-nag.sh
+RUN --mount=type=bind,target=/frontend-mem-nag.sh,src=./docker/frontend-mem-nag.sh \
+    /frontend-mem-nag.sh

 WORKDIR /app/superset-frontend
-
-# Create necessary folders to avoid errors in subsequent steps
-RUN mkdir -p /app/superset/static/assets \
-             /app/superset/translations
-
-# Mount package files and install dependencies if not in dev mode
-# NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
-# ideally we'd COPY only their package.json. Here npm ci will be cached as long
-# as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that's it's not possible selectively COPY of mount using blobs.
-RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
-    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
-    --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/root/.npm \
-    if [ "$DEV_MODE" = "false" ]; then \
-        npm ci; \
-    else \
-        echo "Skipping 'npm ci' in dev mode"; \
-    fi
+RUN --mount=type=bind,target=./package.json,src=./superset-frontend/package.json \
+    --mount=type=bind,target=./package-lock.json,src=./superset-frontend/package-lock.json \
+    npm ci

 # Runs the webpack build process
 COPY superset-frontend /app/superset-frontend
+RUN npm run ${BUILD_CMD}

-######################################################################
-# superset-node used for compile frontend assets
-######################################################################
-FROM superset-node-ci AS superset-node
-
-# Build the frontend if not in dev mode
-RUN --mount=type=cache,target=/root/.npm \
-    if [ "$DEV_MODE" = "false" ]; then \
-        echo "Running 'npm run ${BUILD_CMD}'"; \
-        npm run ${BUILD_CMD}; \
-    else \
-        echo "Skipping 'npm run ${BUILD_CMD}' in dev mode"; \
-    fi;
-
-# Copy translation files
+# This copies the .po files needed for translation
+RUN mkdir -p /app/superset/translations
 COPY superset/translations /app/superset/translations
-
-# Build the frontend if not in dev mode
-RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
-        npm run build-translation; \
-    fi; \
-    rm -rf /app/superset/translations/*/*/*.po; \
-    rm -rf /app/superset/translations/*/*/*.mo;
-
-
-######################################################################
-# Base python layer
-######################################################################
-FROM python:${PY_VER} AS python-base
-
-ARG SUPERSET_HOME="/app/superset_home"
-ENV SUPERSET_HOME=${SUPERSET_HOME}
-
-RUN mkdir -p $SUPERSET_HOME
-RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 $SUPERSET_HOME \
-    && chown -R superset:superset $SUPERSET_HOME
-
-# Some bash scripts needed throughout the layers
-COPY --chmod=755 docker/*.sh /app/docker/
-
-RUN pip install --no-cache-dir --upgrade uv
-
-# Using uv as it's faster/simpler than pip
-RUN uv venv /app/.venv
-ENV PATH="/app/.venv/bin:${PATH}"
-
-######################################################################
-# Python translation compiler layer
-######################################################################
-FROM python-base AS python-translation-compiler
-
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-
-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/translations.txt requirements/
-RUN --mount=type=cache,target=/root/.cache/uv \
-    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt
-
-COPY superset/translations/ /app/translations_mo/
-RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
-        pybabel compile -d /app/translations_mo | true; \
-    fi; \
-    rm -f /app/translations_mo/*/*/*.po; \
-    rm -f /app/translations_mo/*/*/*.json;
-
-######################################################################
-# Python APP common layer
-######################################################################
-FROM python-base AS python-common
-
-ENV SUPERSET_HOME="/app/superset_home" \
-    HOME="/app/superset_home" \
-    SUPERSET_ENV="production" \
-    FLASK_APP="superset.app:create_app()" \
-    PYTHONPATH="/app/pythonpath" \
-    SUPERSET_PORT="8088"
-
-# Copy the entrypoints, make them executable in userspace
-COPY --chmod=755 docker/entrypoints /app/docker/entrypoints
-
-WORKDIR /app
-# Set up necessary directories and user
-RUN mkdir -p \
-      ${PYTHONPATH} \
-      superset/static \
-      requirements \
-      superset-frontend \
-      apache_superset.egg-info \
-      requirements \
-    && touch superset/static/version_info.json
-
-# Install Playwright and optionally setup headless browsers
-ARG INCLUDE_CHROMIUM="true"
-ARG INCLUDE_FIREFOX="false"
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "$INCLUDE_CHROMIUM" = "true" ] || [ "$INCLUDE_FIREFOX" = "true" ]; then \
-        uv pip install playwright && \
-        playwright install-deps && \
-        if [ "$INCLUDE_CHROMIUM" = "true" ]; then playwright install chromium; fi && \
-        if [ "$INCLUDE_FIREFOX" = "true" ]; then playwright install firefox; fi; \
-    else \
-        echo "Skipping browser installation"; \
-    fi
-
-# Copy required files for Python build
-COPY pyproject.toml setup.py MANIFEST.in README.md ./
-COPY superset-frontend/package.json superset-frontend/
-COPY scripts/check-env.py scripts/
-
-# keeping for backward compatibility
-COPY --chmod=755 ./docker/entrypoints/run-server.sh /usr/bin/
-
-# Some debian libs
-RUN /app/docker/apt-install.sh \
-      curl \
-      libsasl2-dev \
-      libsasl2-modules-gssapi-mit \
-      libpq-dev \
-      libecpg-dev \
-      libldap2-dev
-
-# Copy compiled things from previous stages
-COPY --from=superset-node /app/superset/static/assets superset/static/assets
-
-# TODO, when the next version comes out, use --exclude superset/translations
-COPY superset superset
-# TODO in the meantime, remove the .po files
-RUN rm superset/translations/*/*/*.po
-
-# Merging translations from backend and frontend stages
-COPY --from=superset-node /app/superset/translations superset/translations
-COPY --from=python-translation-compiler /app/translations_mo superset/translations
-
-HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
-CMD ["/app/docker/entrypoints/run-server.sh"]
-EXPOSE ${SUPERSET_PORT}
+# Compiles .json files from the .po files, then deletes the .po files
+RUN npm run build-translation
+RUN rm /app/superset/translations/*/LC_MESSAGES/*.po
+RUN rm /app/superset/translations/messages.pot

 ######################################################################
 # Final lean image...
 ######################################################################
-FROM python-common AS lean
+FROM python:${PY_VER} AS lean

-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/base.txt requirements/
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install .
-RUN python -m compileall /app/superset
+WORKDIR /app
+ENV LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    SUPERSET_ENV=production \
+    FLASK_APP="superset.app:create_app()" \
+    PYTHONPATH="/app/pythonpath" \
+    SUPERSET_HOME="/app/superset_home" \
+    SUPERSET_PORT=8088

+RUN mkdir -p ${PYTHONPATH} superset/static requirements superset-frontend apache_superset.egg-info requirements \
+    && useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
+    && apt-get update -qq && apt-get install -yqq --no-install-recommends \
+        curl \
+        default-libmysqlclient-dev \
+        libsasl2-dev \
+        libsasl2-modules-gssapi-mit \
+        libpq-dev \
+        libecpg-dev \
+        libldap2-dev \
+    && touch superset/static/version_info.json \
+    && chown -R superset:superset ./* \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --chown=superset:superset pyproject.toml setup.py MANIFEST.in README.md ./
+# setup.py uses the version information in package.json
+COPY --chown=superset:superset superset-frontend/package.json superset-frontend/
+COPY --chown=superset:superset requirements/base.txt requirements/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install --upgrade setuptools pip \
+    && pip install -r requirements/base.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy the compiled frontend assets
+COPY --chown=superset:superset --from=superset-node /app/superset/static/assets superset/static/assets
+
+## Lastly, let's install superset itself
+COPY --chown=superset:superset superset superset
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install -e .
+
+# Copy the .json translations from the frontend layer
+COPY --chown=superset:superset --from=superset-node /app/superset/translations superset/translations
+
+# Compile translations for the backend - this generates .mo files, then deletes the .po files
+COPY ./scripts/translations/generate_mo_files.sh ./scripts/translations/
+RUN ./scripts/translations/generate_mo_files.sh \
+    && chown -R superset:superset superset/translations \
+    && rm superset/translations/messages.pot \
+    && rm superset/translations/*/LC_MESSAGES/*.po
+
+COPY --chmod=755 ./docker/run-server.sh /usr/bin/
 USER superset

+HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
+
+EXPOSE ${SUPERSET_PORT}
+
+CMD ["/usr/bin/run-server.sh"]
+
 ######################################################################
 # Dev image...
 ######################################################################
-FROM python-common AS dev
+FROM lean AS dev

-# Debian libs needed for dev
-RUN /app/docker/apt-install.sh \
-    git \
-    pkg-config \
-    default-libmysqlclient-dev
+USER root
+RUN apt-get update -qq \
+    && apt-get install -yqq --no-install-recommends \
+        libnss3 \
+        libdbus-glib-1-2 \
+        libgtk-3-0 \
+        libx11-xcb1 \
+        libasound2 \
+        libxtst6 \
+        git \
+        pkg-config \
+        && rm -rf /var/lib/apt/lists/*

-# Copy development requirements and install them
-COPY requirements/*.txt requirements/
-# Install Python dependencies using docker/pip-install.sh
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install .
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install playwright
+RUN playwright install-deps
+RUN playwright install chromium

-RUN uv pip install .[postgres]
-RUN python -m compileall /app/superset
+# Install GeckoDriver WebDriver
+ARG GECKODRIVER_VERSION=v0.34.0 \
+    FIREFOX_VERSION=125.0.3
+
+RUN apt-get update -qq \
+    && apt-get install -yqq --no-install-recommends wget bzip2 \
+    && wget -q https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz -O - | tar xfz - -C /usr/local/bin \
+    # Install Firefox
+    && wget -q https://download-installer.cdn.mozilla.net/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/firefox-${FIREFOX_VERSION}.tar.bz2 -O - | tar xfj - -C /opt \
+    && ln -s /opt/firefox/firefox /usr/local/bin/firefox \
+    && apt-get autoremove -yqq --purge wget bzip2 && rm -rf /var/[log,tmp]/* /tmp/* /var/lib/apt/lists/*
+# Cache everything for dev purposes...
+
+COPY --chown=superset:superset requirements/development.txt requirements/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install -r requirements/development.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*

 USER superset
-
 ######################################################################
 # CI image...
 ######################################################################
 FROM lean AS ci
-USER root
-RUN uv pip install .[postgres]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]
+
+COPY --chown=superset:superset --chmod=755 ./docker/*.sh /app/docker/
+
+CMD ["/app/docker/docker-ci.sh"]
--- a/3
+++ b/3
@@ -87,6 +87,9 @@ format: py-format js-format
 py-format: pre-commit
 	pre-commit run black --all-files

+py-lint: pre-commit
+	pylint -j 0 superset
+
 js-format:
 	cd superset-frontend; npm run prettier

--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ under the License.

 # Superset

-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/license/apache-2-0)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/tree/latest)
 [![Build Status](https://github.com/apache/superset/workflows/Python/badge.svg)](https://github.com/apache/superset/actions)
 [![PyPI version](https://badge.fury.io/py/apache-superset.svg)](https://badge.fury.io/py/apache-superset)
@@ -134,10 +134,6 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/doris.png" alt="doris" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="oceanbase" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
 </p>

 **A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
--- a/RELEASING/Dockerfile.from_local_tarball
+++ b/RELEASING/Dockerfile.from_local_tarball
@@ -30,12 +30,12 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y build-essential libssl-dev \
-    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
+    curl -sL https://deb.nodesource.com/setup_18.x | bash -; \
    apt-get install -y nodejs; \
    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi
@@ -64,7 +64,7 @@ RUN pip install --upgrade setuptools pip \
 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-    PYTHONPATH=/home/superset/superset/ \
+    PYTHONPATH=/home/superset/superset/:$PYTHONPATH \
    SUPERSET_TESTENV=true
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.from_svn_tarball
+++ b/RELEASING/Dockerfile.from_svn_tarball
@@ -29,16 +29,13 @@ RUN apt-get install -y apt-transport-https apt-utils

 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
-RUN apt-get install -y subversion build-essential libssl-dev \
-    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+RUN apt-get install -y build-essential libssl-dev \
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
-RUN set -eux; \
-    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-    apt-get install -y nodejs; \
-    node --version;
-RUN if ! which npm; then apt-get install -y npm; fi
+RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - \
+    && apt-get install -y nodejs

 RUN mkdir -p /home/superset
 RUN chown superset /home/superset
@@ -49,12 +46,14 @@ ARG VERSION
 # Can fetch source from svn or copy tarball from local mounted directory
 RUN svn co https://dist.apache.org/repos/dist/dev/superset/$VERSION ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend
+WORKDIR apache-superset-$VERSION

-RUN npm ci \
+RUN cd superset-frontend \
+    && npm ci \
    && npm run build \
    && rm -rf node_modules

+
 WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
    && pip install -r requirements/base.txt \
@@ -63,6 +62,6 @@ RUN pip install --upgrade setuptools pip \
 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-    PYTHONPATH=/home/superset/superset/
+    PYTHONPATH=/home/superset/superset/:$PYTHONPATH
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -437,7 +437,7 @@ cd ${SUPERSET_RELEASE_RC}
 python3 -m venv venv
 source venv/bin/activate
 pip install -r requirements/base.txt
-pip install build twine
+pip install twine
 ```

 Create the distribution
@@ -455,7 +455,7 @@ cd ../
 ./scripts/translations/generate_po_files.sh

 # build the python distribution
-python -m build
+python setup.py sdist
 ```

 Publish to PyPI
@@ -466,7 +466,6 @@ an account first if you don't have one, and reference your username
 while requesting access to push packages.

 ```bash
-twine upload dist/apache_superset-${SUPERSET_VERSION}-py3-none-any.whl
 twine upload dist/apache-superset-${SUPERSET_VERSION}.tar.gz
 ```

@@ -506,7 +505,7 @@ We also need to update the Environment section of [ISSUE_TEMPLATE/bug-report.yml

 Docker release with proper tags should happen automatically as version
 tags get pushed to the `apache/superset` GitHub repository through this
-[GitHub action](https://github.com/apache/superset/blob/master/.github/workflows/docker.yml)
+[GitHub action](https://github.com/apache/superset/blob/master/.github/workflows/docker-release.yml)

 Note that this GH action implements a `workflow_dispatch` trigger,
 meaning that it can be triggered manually from the GitHub UI. If anything
--- a/RELEASING/changelog.py
+++ b/RELEASING/changelog.py
@@ -272,14 +272,14 @@ class GitLogs:

    @staticmethod
    def _git_get_current_head() -> str:
-        output = os.popen("git status | head -1").read()  # noqa: S605, S607
+        output = os.popen("git status | head -1").read()
        match = re.match("(?:HEAD detached at|On branch) (.*)", output)
        if not match:
            return ""
        return match.group(1)

    def _git_checkout(self, git_ref: str) -> None:
-        os.popen(f"git checkout {git_ref}").read()  # noqa: S605
+        os.popen(f"git checkout {git_ref}").read()
        current_head = self._git_get_current_head()
        if current_head != git_ref:
            print(f"Could not checkout {git_ref}")
@@ -290,7 +290,7 @@ class GitLogs:
        current_git_ref = self._git_get_current_head()
        self._git_checkout(self._git_ref)
        output = (
-            os.popen('git --no-pager log --pretty=format:"%h|%an|%ae|%ad|%s|"')  # noqa: S605, S607
+            os.popen('git --no-pager log --pretty=format:"%h|%an|%ae|%ad|%s|"')
            .read()
            .split("\n")
        )
--- a/RELEASING/generate_email.py
+++ b/RELEASING/generate_email.py
@@ -31,7 +31,7 @@ except ModuleNotFoundError:
 RECEIVER_EMAIL = "dev@superset.apache.org"
 PROJECT_NAME = "Superset"
 PROJECT_MODULE = "superset"
-PROJECT_DESCRIPTION = "Apache Superset is a modern, enterprise-ready business intelligence web application."  # noqa: E501
+PROJECT_DESCRIPTION = "Apache Superset is a modern, enterprise-ready business intelligence web application."


 def string_comma_to_list(message: str) -> list[str]:
--- a/RELEASING/release-notes-1-0/README.md
+++ b/RELEASING/release-notes-1-0/README.md
@@ -102,7 +102,7 @@ Some of the new features in this release are disabled by default. Each has a fea
 This release includes **hundreds** of bugfixes and stability enhancements. Future major releases will have a continued emphasis on providing a stable and bug-free experience for the user.

 # PR Highlights
-Below is a highlight of the PRs included in this update. The full list is much longer, and can be found [here](https://github.com/apache/superset/blob/master/CHANGELOG.md).
+Below is a highlight of the PRs included in this update. The full list is much longer, and can be found [here](apache/incubator-superset/CHANGELOG.md).

 ## User Experience
 - Revert "refactor: Remove usages of reactable from TimeTable (#11046)" (#[11150](https://github.com/apache/incubator-superset/pull/11150))
@@ -222,4 +222,4 @@ Below is a highlight of the PRs included in this update. The full list is much l
 ## Complete Changelog
 Backwards incompatible changes and can be found [here](../../UPDATING.md).

-To see the complete changelog, see [apache/superset/CHANGELOG.md](https://github.com/apache/superset/blob/master/CHANGELOG.md)
+To see the complete changelog, see [apache/incubator-superset/CHANGELOG.md](https://github.com/apache/superset/blob/master/CHANGELOG.md)
--- a/RELEASING/release-notes-1-5/README.md
+++ b/RELEASING/release-notes-1-5/README.md
@@ -137,6 +137,6 @@ when available.
 **Changelog**

 To see the complete changelog in this release, head to
-[CHANGELOG.MD](https://github.com/apache/superset/blob/master/CHANGELOG/1.5.0.md).
+[CHANGELOG.MD](https://github.com/apache/superset/blob/1.5/CHANGELOG/1.5.0.md).
 As mentioned earlier, this release has a MASSIVE amount of bug fixes. The full
 changelog lists all of them!
--- a/RELEASING/release-notes-4-1/README.md
+++ b/RELEASING/release-notes-4-1/README.md
@@ -34,7 +34,7 @@ We released a [Big Number with Time Period Comparison](https://github.com/apache
 </div>

 ### Table with Time Comparison
-Added functionality to do [table time comparisons](https://github.com/apache/superset/pull/28057). This will help improve and facilitate efficient data analysis.
+Added functionality to do [table time comparisons](https://github.com/apache/superset/pull/28057) behind the `CHART_PLUGINS_EXPERIMENTAL` feature flag. This will help improve and facilitate efficient data analysis.

 <div>
    <image src="media/table_with_time.png" alt="Image" width="100%">
@@ -137,4 +137,4 @@ There is now a [metadata bar](https://github.com/apache/superset/pull/27857) add

 ## Change to Docker image builds

-Starting in 4.1.0, the release's docker image does not ship with drivers needed to operate Superset. Users may need to install a driver for their metadata database (MySQL or Postgres) as well as the driver for their data warehouse. This is a result of changes to the `lean` docker image that official releases come from; see [Docker Build Presets](/docs/docs/installation/docker-builds.mdx#build-presets) for more details.
+Starting in 4.1.0, the release's docker image does not ship with drivers needed to operate Superset. Users may need to install a driver for their metadata database (MySQL or Postgres) as well as the driver for their data warehouse. This is a result of changes to the `lean` docker image that official releases come from; see [Docker Build Presets](/docs/installation/docker-builds#build-presets) for more details.
--- a/RELEASING/verify_release.py
+++ b/RELEASING/verify_release.py
@@ -23,12 +23,12 @@ from typing import Optional

 import requests

-# Part 1: Verify SHA512 hash - this is the same as running `shasum -a 512 {release}` and comparing it against `{release}.sha512`  # noqa: E501
+# Part 1: Verify SHA512 hash - this is the same as running `shasum -a 512 {release}` and comparing it against `{release}.sha512`


 def get_sha512_hash(filename: str) -> str:
    """Run the shasum command on the file and return the SHA512 hash."""
-    result = subprocess.run(["shasum", "-a", "512", filename], stdout=subprocess.PIPE)  # noqa: S603, S607
+    result = subprocess.run(["shasum", "-a", "512", filename], stdout=subprocess.PIPE)
    sha512_hash = result.stdout.decode().split()[0]
    return sha512_hash

@@ -43,7 +43,7 @@ def read_sha512_file(filename: str) -> str:


 def verify_sha512(filename: str) -> str:
-    """Verify if the SHA512 hash of the file matches with the hash in the .sha512 file."""  # noqa: E501
+    """Verify if the SHA512 hash of the file matches with the hash in the .sha512 file."""
    sha512_hash = get_sha512_hash(filename)
    sha512_file_content = read_sha512_file(filename)

@@ -53,56 +53,47 @@ def verify_sha512(filename: str) -> str:
        return "SHA failed"


-# Part 2: Verify RSA key - this is the same as running `gpg --verify {release}.asc {release}` and comparing the RSA key and email address against the KEYS file  # noqa: E501
+# Part 2: Verify RSA key - this is the same as running `gpg --verify {release}.asc {release}` and comparing the RSA key and email address against the KEYS file


 def get_gpg_info(filename: str) -> tuple[Optional[str], Optional[str]]:
    """Run the GPG verify command and extract RSA key and email address."""
    asc_filename = filename + ".asc"
-    result = subprocess.run(  # noqa: S603
-        ["gpg", "--verify", asc_filename, filename],  # noqa: S607
-        capture_output=True,  # noqa: S607
+    result = subprocess.run(
+        ["gpg", "--verify", asc_filename, filename], capture_output=True
    )
    output = result.stderr.decode()

    rsa_key = re.search(r"RSA key ([0-9A-F]+)", output)
-    eddsa_key = re.search(r"EDDSA key ([0-9A-F]+)", output)
    email = re.search(r'issuer "([^"]+)"', output)

    rsa_key_result = rsa_key.group(1) if rsa_key else None
-    eddsa_key_result = eddsa_key.group(1) if eddsa_key else None
    email_result = email.group(1) if email else None

-    key_result = rsa_key_result or eddsa_key_result
-
-    # Debugging:
-    if key_result:
-        print("RSA or EDDSA Key found")
-    else:
-        print("Warning: No RSA or EDDSA key found in GPG verification output.")
-    if email_result:
-        print("email found")
-    else:
+    # Debugging: print warnings if rsa_key or email is not found
+    if rsa_key_result is None:
+        print("Warning: No RSA key found in GPG verification output.")
+    if email_result is None:
        print("Warning: No email address found in GPG verification output.")

-    return key_result, email_result
+    return rsa_key_result, email_result


-def verify_key(key: str, email: Optional[str]) -> str:
-    """Fetch the KEYS file and verify if the RSA/EDDSA key and email match."""
+def verify_rsa_key(rsa_key: str, email: Optional[str]) -> str:
+    """Fetch the KEYS file and verify if the RSA key and email match."""
    url = "https://downloads.apache.org/superset/KEYS"
-    response = requests.get(url)  # noqa: S113
+    response = requests.get(url)
    if response.status_code == 200:
-        if key not in response.text:
-            return "RSA/EDDSA key not found on KEYS page"
+        if rsa_key not in response.text:
+            return "RSA key not found on KEYS page"

        # Check if email is None or not in response.text
        if email and email in response.text:
-            return "RSA/EDDSA key and email verified against Apache KEYS file"
+            return "RSA key and email verified against Apache KEYS file"
        elif email:
-            return "RSA/EDDSA key verified, but Email not found on KEYS page"
+            return "RSA key verified, but Email not found on KEYS page"
        else:
-            return "RSA/EDDSA key verified, but Email not available for verification"
+            return "RSA key verified, but Email not available for verification"
    else:
        return "Failed to fetch KEYS file"

@@ -112,9 +103,9 @@ def verify_sha512_and_rsa(filename: str) -> None:
    sha_result = verify_sha512(filename)
    print(sha_result)

-    key, email = get_gpg_info(filename)
-    if key:
-        rsa_result = verify_key(key, email)
+    rsa_key, email = get_gpg_info(filename)
+    if rsa_key:
+        rsa_result = verify_rsa_key(rsa_key, email)
        print(rsa_result)
    else:
        print("GPG verification failed: RSA key or email not found")
--- a/RESOURCES/FEATURE_FLAGS.md
+++ b/RESOURCES/FEATURE_FLAGS.md
@@ -44,8 +44,8 @@ These features are **finished** but currently being tested. They are usable, but
 - ALLOW_FULL_CSV_EXPORT
 - CACHE_IMPERSONATION
 - CONFIRM_DASHBOARD_DIFF
- DYNAMIC_PLUGINS
- DATE_FORMAT_IN_EMAIL_SUBJECT: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports#commons)
+- DRILL_TO_DETAIL
+- DYNAMIC_PLUGINS: [(docs)](https://superset.apache.org/docs/configuration/running-on-kubernetes)
 - ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
 - ESTIMATE_QUERY_COST
 - GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
@@ -63,8 +63,9 @@ These features flags are **safe for production**. They have been tested and will
 [//]: # "PLEASE KEEP THESE LISTS SORTED ALPHABETICALLY"

 ### Flags on the path to feature launch and flag deprecation/removal
-
 - DASHBOARD_VIRTUALIZATION
+- DRILL_BY
+- DISABLE_LEGACY_DATASOURCE_EDITOR

 ### Flags retained for runtime configuration

@@ -76,9 +77,8 @@ independently. This new framework will also allow for non-boolean configurations

 - ALERTS_ATTACH_REPORTS
 - ALLOW_ADHOC_SUBQUERY
- DASHBOARD_RBAC [(docs)](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard#manage-access-to-dashboards)
+- DASHBOARD_RBAC [(docs)](https://superset.apache.org/docs/using-superset/first-dashboard#manage-access-to-dashboards)
 - DATAPANEL_CLOSED_BY_DEFAULT
- DRILL_BY
 - DRUID_JOINS
 - EMBEDDABLE_CHARTS
 - EMBEDDED_SUPERSET
@@ -98,6 +98,6 @@ These features flags currently default to True and **will be removed in a future
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"

 - AVOID_COLORS_COLLISION
- DRILL_TO_DETAIL
+- DASHBOARD_CROSS_FILTERS
 - ENABLE_JAVASCRIPT_CONTROLS
 - KV_STORE
--- a/RESOURCES/INTHEWILD.md
+++ b/RESOURCES/INTHEWILD.md
@@ -28,29 +28,26 @@ Join our growing community!

 ### Sharing Economy
 - [Airbnb](https://github.com/airbnb)
- [Faasos](https://faasos.com/) [@shashanksingh]
- [Free2Move](https://www.free2move.com/) [@PaoloTerzi]
+- [Faasos](http://faasos.com/) [@shashanksingh]
 - [Hostnfly](https://www.hostnfly.com/) [@alexisrosuel]
- [Lime](https://www.li.me/) [@cxmcc]
+- [Lime](https://www.limebike.com/) [@cxmcc]
 - [Lyft](https://www.lyft.com/)
 - [Ontruck](https://www.ontruck.com/)

 ### Financial Services
- [Aktia Bank plc](https://www.aktia.com)
+- [Aktia Bank plc](https://www.aktia.com) [@villebro]
 - [American Express](https://www.americanexpress.com) [@TheLastSultan]
- [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]
 - [Cape Crypto](https://capecrypto.com)
- [Capital Service S.A.](https://capitalservice.pl) [@pkonarzewski]
- [Clark.de](https://clark.de/)
+- [Capital Service S.A.](http://capitalservice.pl) [@pkonarzewski]
+- [Clark.de](http://clark.de/)
 - [KarrotPay](https://www.daangnpay.com/)
- [Remita](https://remita.net) [@mujibishola]
 - [Taveo](https://www.taveo.com) [@codek]
- [Unit](https://www.unit.co/about-us) [@amitmiran137]
 - [Wise](https://wise.com) [@koszti]
- [Xendit](https://xendit.co/) [@LieAlbertTriAdrian]
- [Cover Genius](https://covergenius.com/)
+- [Xendit](http://xendit.co/) [@LieAlbertTriAdrian]
+- [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]

 ### Gaming
+- [Digit Game Studios](https://www.digitgaming.com/)
 - [Popoko VM Games Studio](https://popoko.live)

 ### E-Commerce
@@ -58,25 +55,21 @@ Join our growing community!
 - [Bazaar Technologies](https://www.bazaartech.com) [@umair-abro]
 - [Dragonpass](https://www.dragonpass.com.cn/) [@zhxjdwh]
 - [Dropit Shopping](https://www.dropit.shop/) [@dropit-dev]
- [Fanatics](https://www.fanatics.com/) [@coderfender]
- [Fordeal](https://www.fordeal.com) [@Renkai]
- [Fynd](https://www.fynd.com/) [@darpanjain07]
+- [Fanatics](https://www.fanatics.com) [@coderfender]
+- [Fordeal](http://www.fordeal.com) [@Renkai]
 - [GFG - Global Fashion Group](https://global-fashion-group.com) [@ksaagariconic]
- [GoTo/Gojek](https://www.gojek.io/) [@gwthm-in]
- [HuiShouBao](https://www.huishoubao.com/) [@Yukinoshita-Yukino]
+- [HuiShouBao](http://www.huishoubao.com/) [@Yukinoshita-Yukino]
 - [Now](https://www.now.vn/) [@davidkohcw]
 - [Qunar](https://www.qunar.com/) [@flametest]
 - [Rakuten Viki](https://www.viki.com)
 - [Shopee](https://shopee.sg) [@xiaohanyu]
 - [Shopkick](https://www.shopkick.com) [@LAlbertalli]
- [ShopUp](https://www.shopup.org/) [@gwthm-in]
- [Tails.com](https://tails.com/gb/) [@alanmcruickshank]
- [THE ICONIC](https://theiconic.com.au/) [@ksaagariconic]
+- [Tails.com](https://tails.com) [@alanmcruickshank]
+- [THE ICONIC](http://theiconic.com.au/) [@ksaagariconic]
 - [Utair](https://www.utair.ru) [@utair-digital]
- [VkusVill](https://vkusvill.ru/) [@ETselikov]
+- [VkusVill](https://www.vkusvill.ru) [@ETselikov]
 - [Zalando](https://www.zalando.com) [@dmigo]
 - [Zalora](https://www.zalora.com) [@ksaagariconic]
- [Zepto](https://www.zeptonow.com/) [@gwthm-in]

 ### Enterprise Technology
 - [A3Data](https://a3data.com.br) [@neylsoncrepalde]
@@ -85,48 +78,48 @@ Join our growing community!
 - [Astronomer](https://www.astronomer.io) [@ryw]
 - [Avesta Technologies](https://avestatechnologies.com/) [@TheRum]
 - [Caizin](https://caizin.com/) [@tejaskatariya]
- [Careem](https://www.careem.com/) [@samraHanif0340]
+- [Careem](https://www.careem.com/) [@SamraHanifCareem]
 - [Cloudsmith](https://cloudsmith.io) [@alancarson]
 - [Cyberhaven](https://www.cyberhaven.com/) [@toliver-ch]
 - [Deepomatic](https://deepomatic.com/) [@Zanoellia]
 - [Dial Once](https://www.dial-once.com/)
 - [Dremio](https://dremio.com) [@narendrans]
- [EFinance](https://www.efinance.com.eg) [@habeeb556]
- [Elestio](https://elest.io/) [@kaiwalyakoparkar]
 - [ELMO Cloud HR & Payroll](https://elmosoftware.com.au/)
- [Endress+Hauser](https://www.endress.com/) [@rumbin]
- [FBK - ICT center](https://ict.fbk.eu)
+- [Endress+Hauser](http://www.endress.com/) [@rumbin]
+- [FBK - ICT center](http://ict.fbk.eu)
 - [Gavagai](https://gavagai.io) [@gavagai-corp]
- [GfK Data Lab](https://www.gfk.com/home) [@mherr]
+- [GfK Data Lab](http://datalab.gfk.com) [@mherr]
+- [GrowthSimple](https://growthsimple.ai/)
 - [Hydrolix](https://www.hydrolix.io/)
 - [Intercom](https://www.intercom.com/) [@kate-gallo]
 - [jampp](https://jampp.com/)
- [Konfío](https://konfio.mx) [@uis-rodriguez]
+- [Konfío](http://konfio.mx) [@uis-rodriguez]
 - [Mainstrat](https://mainstrat.com/)
- [mishmash io](https://mishmash.io/) [@mishmash-io]
- [Myra Labs](https://www.myralabs.com/) [@viksit]
- [Nielsen](https://www.nielsen.com/) [@amitNielsen]
+- [mishmash io](https://mishmash.io/)[@mishmash-io]
+- [Myra Labs](http://www.myralabs.com/) [@viksit]
+- [Nielsen](http://www.nielsen.com/) [@amitNielsen]
 - [Ona](https://ona.io) [@pld]
 - [Orange](https://www.orange.com) [@icsu]
 - [Oslandia](https://oslandia.com)
 - [Peak AI](https://www.peak.ai/) [@azhar22k]
 - [PeopleDoc](https://www.people-doc.com) [@rodo]
- [PlaidCloud](https://www.plaidcloud.com)
 - [Preset, Inc.](https://preset.io)
+- [Pronto Tools](http://www.prontotools.io) [@zkan]
 - [PubNub](https://pubnub.com) [@jzucker2]
 - [ReadyTech](https://www.readytech.io)
 - [Reward Gateway](https://www.rewardgateway.com)
 - [ScopeAI](https://www.getscopeai.com) [@iloveluce]
- [Showmax](https://showmax.com) [@bobek]
+- [Showmax](https://tech.showmax.com) [@bobek]
+- [source{d}](https://www.sourced.tech) [@marnovo]
+- [Steamroot](https://streamroot.io/)
 - [TechAudit](https://www.techaudit.info) [@ETselikov]
 - [Tenable](https://www.tenable.com) [@dflionis]
- [Tentacle](https://www.linkedin.com/company/tentacle-cmi/) [@jdclarke5]
+- [Tentacle](https://public.tentaclecmi.com) [@jdclarke5]
 - [timbr.ai](https://timbr.ai/) [@semantiDan]
- [Tobii](https://www.tobii.com/) [@dwa]
+- [Tobii](http://www.tobii.com/) [@dwa]
 - [Tooploox](https://www.tooploox.com/) [@jakubczaplicki]
- [Unvired](https://unvired.com) [@srinisubramanian]
- [Virtuoso QA](https://www.virtuosoqa.com)
- [Whale](https://whale.im)
+- [Unvired](https://unvired.com)[@srinisubramanian]
+- [Whale](http://whale.im)
 - [Windsor.ai](https://www.windsor.ai/) [@octaviancorlade]
 - [Zeta](https://www.zeta.tech/) [@shaikidris]

@@ -138,17 +131,16 @@ Join our growing community!
 - [Kuaishou](https://www.kuaishou.com/) [@zhaoyu89730105]
 - [Netflix](https://www.netflix.com/)
 - [Prensa Iberica](https://www.prensaiberica.es/) [@zamar-roura]
- [TME QQMUSIC/WESING](https://www.tencentmusic.com/) [@shenyuanli,@marklaw]
+- [TME QQMUSIC/WESING](https://www.tencentmusic.com/)[@shenyuanli,@marklaw]
 - [Xite](https://xite.com/) [@shashankkoppar]
- [Zaihang](https://www.zaih.com/)
+- [Zaihang](http://www.zaih.com/)

 ### Education
 - [Aveti Learning](https://avetilearning.com/) [@TheShubhendra]
 - [Brilliant.org](https://brilliant.org/)
- [Open edX](https://openedx.org/)
 - [Platzi.com](https://platzi.com/)
 - [Sunbird](https://www.sunbird.org/) [@eksteporg]
- [The GRAPH Network](https://thegraphnetwork.org/) [@fccoelho]
+- [The GRAPH Network](https://thegraphnetwork.org/)[@fccoelho]
 - [Udemy](https://www.udemy.com/) [@sungjuly]
 - [VIPKID](https://www.vipkid.com.cn/) [@illpanda]
 - [WikiMedia Foundation](https://wikimediafoundation.org) [@vg]
@@ -162,25 +154,24 @@ Join our growing community!

 ### Healthcare
 - [Amino](https://amino.com) [@shkr]
+- [Beans](https://www.beans.fi) [@kakoni]
 - [Bluesquare](https://www.bluesquarehub.com/) [@madewulf]
- [Care](https://www.getcare.io/) [@alandao2021]
+- [Care](https://www.getcare.io/)[@alandao2021]
 - [Living Goods](https://www.livinggoods.org) [@chelule]
 - [Maieutical Labs](https://maieuticallabs.it) [@xrmx]
- [Medic](https://medic.org) [@1yuv]
+- [QPID Health](http://www.qpidhealth.com/)
 - [REDCap Cloud](https://www.redcapcloud.com/)
- [TrustMedis](https://trustmedis.com/) [@famasya]
+- [TrustMedis](https://trustmedis.com) [@famasya]
 - [WeSure](https://www.wesure.cn/)
- [2070Health](https://2070health.com/)

 ### HR / Staffing
 - [Swile](https://www.swile.co/) [@PaoloTerzi]
 - [Symmetrics](https://www.symmetrics.fyi)
 - [bluquist](https://bluquist.com/)

-### Government / Non-Profit
+### Government
 - [City of Ann Arbor, MI](https://www.a2gov.org/) [@sfirke]
 - [RIS3 Strategy of CZ, MIT CR](https://www.ris3.cz/) [@RIS3CZ]
- [NRLM - Sarathi, India](https://pib.gov.in/PressReleasePage.aspx?PRID=1999586)

 ### Travel
 - [Agoda](https://www.agoda.com/) [@lostseaway, @maiake, @obombayo]
@@ -197,6 +188,6 @@ Join our growing community!
 - [komoot](https://www.komoot.com/) [@christophlingg]
 - [Let's Roam](https://www.letsroam.com/)
 - [Onebeat](https://1beat.com/) [@GuyAttia]
- [X](https://x.com/)
+- [Twitter](https://twitter.com/)
 - [VLMedia](https://www.vlmedia.com.tr/) [@ibotheperfect]
 - [Yahoo!](https://yahoo.com/)
--- a/RESOURCES/STANDARD_ROLES.md
+++ b/RESOURCES/STANDARD_ROLES.md
@@ -43,8 +43,8 @@ under the License.
 | can this form post on ResetPasswordView          |:heavy_check_mark:|O|O|O|
 | can this form get on ResetMyPasswordView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ResetMyPasswordView        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form get on UserInfoEditView            |:heavy_check_mark:|O|O|O|
-| can this form post on UserInfoEditView           |:heavy_check_mark:|O|O|O|
+| can this form get on UserInfoEditView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can this form post on UserInfoEditView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can show on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can edit on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can delete on UserDBModelView                    |:heavy_check_mark:|O|O|O|
@@ -65,6 +65,7 @@ under the License.
 | can get on MenuApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can list on AsyncEventsRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can invalidate on CacheRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can function names on Database                   |:heavy_check_mark:|O|O|O|
 | can csv upload on Database                       |:heavy_check_mark:|O|O|O|
 | can excel upload on Database                     |:heavy_check_mark:|O|O|O|
 | can query form data on Api                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -75,6 +76,7 @@ under the License.
 | can get on Datasource                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can my queries on SqlLab                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
 | can log on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can schemas access for csv upload on Superset    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can import dashboards on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can schemas on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can sqllab history on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
@@ -116,6 +118,8 @@ under the License.
 | menu access on Data                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Databases                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Datasets                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a CSV                      |:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Upload Excel                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Charts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Dashboards                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on SQL Lab                           |:heavy_check_mark:|O|O|:heavy_check_mark:|
@@ -125,6 +129,13 @@ under the License.
 | all datasource access on all_datasource_access   |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all database access on all_database_access       |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all query access on all_query_access             |:heavy_check_mark:|O|O|O|
+| can edit on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can list on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can show on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can userinfo on UserOAuthModelView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can add on UserOAuthModelView                    |:heavy_check_mark:|O|O|O|
+| can delete on UserOAuthModelView                 |:heavy_check_mark:|O|O|O|
+| userinfoedit on UserOAuthModelView               |:heavy_check_mark:|O|O|O|
 | can write on DynamicPlugin                       |:heavy_check_mark:|O|O|O|
 | can edit on DynamicPlugin                        |:heavy_check_mark:|O|O|O|
 | can list on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -181,6 +192,7 @@ under the License.
 | can share chart on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form get on ColumnarToDatabaseView      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ColumnarToDatabaseView     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a Columnar file            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can export on Chart                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can write on DashboardFilterStateRestApi         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can read on DashboardFilterStateRestApi          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -22,34 +22,6 @@ under the License.
 This file documents any backwards-incompatible changes in Superset and
 assists people when migrating to a new version.

-## Next
-
- [31976](https://github.com/apache/superset/pull/31976) Removed the `DISABLE_LEGACY_DATASOURCE_EDITOR` feature flag. The previous value of the feature flag was `True` and now the feature is permanently removed.
- [31959](https://github.com/apache/superset/pull/32000) Removes CSV_UPLOAD_MAX_SIZE config, use your web server to control file upload size.
- [31959](https://github.com/apache/superset/pull/31959) Removes the following endpoints from data uploads: `/api/v1/database/<id>/<file type>_upload` and `/api/v1/database/<file type>_metadata`, in favour of new one (Details on the PR). And simplifies permissions.
- [31844](https://github.com/apache/superset/pull/31844) The `ALERT_REPORTS_EXECUTE_AS` and `THUMBNAILS_EXECUTE_AS` config parameters have been renamed to `ALERT_REPORTS_EXECUTORS` and `THUMBNAILS_EXECUTORS` respectively. A new config flag `CACHE_WARMUP_EXECUTORS` has also been introduced to be able to control which user is used to execute cache warmup tasks. Finally, the config flag `THUMBNAILS_SELENIUM_USER` has been removed. To use a fixed executor for async tasks, use the new `FixedExecutor` class. See the config and docs for more info on setting up different executor profiles.
- [31894](https://github.com/apache/superset/pull/31894) Domain sharding is deprecated in favor of HTTP2. The `SUPERSET_WEBSERVER_DOMAINS` configuration will be removed in the next major version (6.0)
- [31794](https://github.com/apache/superset/pull/31794) Removed the previously deprecated `DASHBOARD_CROSS_FILTERS` feature flag
- [31774](https://github.com/apache/superset/pull/31774): Fixes the spelling of the `USE-ANALAGOUS-COLORS` feature flag. Please update any scripts/configuration item to use the new/corrected `USE-ANALOGOUS-COLORS` flag spelling.
- [31582](https://github.com/apache/superset/pull/31582) Removed the legacy Area, Bar, Event Flow, Heatmap, Histogram, Line, Sankey, and Sankey Loop charts. They were all automatically migrated to their ECharts counterparts with the exception of the Event Flow and Sankey Loop charts which were removed as they were not actively maintained and not widely used. If you were using the Event Flow or Sankey Loop charts, you will need to find an alternative solution.
- [31198](https://github.com/apache/superset/pull/31198) Disallows by default the use of the following ClickHouse functions: "version", "currentDatabase", "hostName".
- [29798](https://github.com/apache/superset/pull/29798) Since 3.1.0, the intial schedule for an alert or report was mistakenly offset by the specified timezone's relation to UTC. The initial schedule should now begin at the correct time.
- [30021](https://github.com/apache/superset/pull/30021) The `dev` layer in our Dockerfile no long includes firefox binaries, only Chromium to reduce bloat/docker-build-time.
- [30099](https://github.com/apache/superset/pull/30099) Translations are no longer included in the default docker image builds. If your environment requires translations, you'll want to set the docker build arg `BUILD_TRANSACTION=true`.
- [31262](https://github.com/apache/superset/pull/31262) NOTE: deprecated `pylint` in favor of `ruff` as our only python linter. Only affect development workflows positively (not the release itself). It should cover most important rules, be much faster, but some things linting rules that were enforced before may not be enforce in the exact same way as before.
- [31173](https://github.com/apache/superset/pull/31173) Modified `fetch_csrf_token` to align with HTTP standards, particularly regarding how cookies are handled. If you encounter any issues related to CSRF functionality, please report them as a new issue and reference this PR for context.
- [31413](https://github.com/apache/superset/pull/31413) Enable the DATE_FORMAT_IN_EMAIL_SUBJECT feature flag to allow users to specify a date format for the email subject, which will then be replaced with the actual date.
- [31385](https://github.com/apache/superset/pull/31385) Significant docker refactor, reducing access levels for the `superset` user, streamlining layer building, ...
- [31503](https://github.com/apache/superset/pull/31503) Deprecating python 3.9.x support, 3.11 is now the recommended version and 3.10 is still supported over the Superset 5.0 lifecycle.
- [29121](https://github.com/apache/superset/pull/29121) Removed the `css`, `position_json`, and `json_metadata` from the payload of the dashboard list endpoint (`GET api/v1/dashboard`) for performance reasons.
- [29163](https://github.com/apache/superset/pull/29163) Removed the `SHARE_QUERIES_VIA_KV_STORE` and `KV_STORE` feature flags and changed the way Superset shares SQL Lab queries to use permalinks. The legacy `/kv` API was removed but we still support legacy links in 5.0. In 6.0, only permalinks will be supported.
- [25166](https://github.com/apache/superset/pull/25166) Changed the default configuration of `UPLOAD_FOLDER` from `/app/static/uploads/` to `/static/uploads/`. It also removed the unused `IMG_UPLOAD_FOLDER` and `IMG_UPLOAD_URL` configuration options.
- [30284](https://github.com/apache/superset/pull/30284) Deprecated GLOBAL_ASYNC_QUERIES_REDIS_CONFIG in favor of the new GLOBAL_ASYNC_QUERIES_CACHE_BACKEND configuration. To leverage Redis Sentinel, set CACHE_TYPE to RedisSentinelCache, or use RedisCache for standalone Redis
- [31961](https://github.com/apache/superset/pull/31961) Upgraded React from version 16.13.1 to 17.0.2. If you are using custom frontend extensions or plugins, you may need to update them to be compatible with React 17.
- [31260](https://github.com/apache/superset/pull/31260) Docker images now use `uv pip install` instead of `pip install` to manage the python envrionment. Most docker-based deployments will be affected, whether you derive one of the published images, or have custom bootstrap script that install python libraries (drivers)
-
-### Potential Downtime
-
 ## 4.1.0

 - [29274](https://github.com/apache/superset/pull/29274): We made it easier to trigger CI on your
@@ -60,9 +32,9 @@ assists people when migrating to a new version.
  `requirements/` folder. If you use these files for your builds you may want to double
  check that your builds are not affected. `base.txt` should be the same as before, though
  `development.txt` becomes a bigger set, incorporating the now defunct local,testing,integration, and docker
- [27434](https://github.com/apache/superset/pull/27434/files): DO NOT USE our docker compose.\*
+- [27434](https://github.com/apache/superset/pull/27434/files): DO NOT USE our docker-compose.\*
  files for production use cases! While we never really supported
-  or should have tried to support docker compose for production use cases, we now actively
+  or should have tried to support docker-compose for production use cases, we now actively
  have taken a stance against supporting it. See the PR for details.
 - [24112](https://github.com/apache/superset/pull/24112): Python 3.10 is now the recommended python version to use, 3.9 still
  supported but getting deprecated in the nearish future. CI/CD runs on py310 so you probably want to align. If you
@@ -86,7 +58,7 @@ assists people when migrating to a new version.
  backend, as well as the .json files used by the frontend. If you were doing anything before
  as part of your bundling to expose translation packages, it's probably not needed anymore.
 - [29264](https://github.com/apache/superset/pull/29264) Slack has updated its file upload api, and we are now supporting this new api in Superset, although the Slack api is not backward compatible. The original Slack integration is deprecated and we will require a new Slack scope `channels:read` to be added to Slack workspaces in order to use this new api. In an upcoming release, we will make this new Slack scope mandatory and remove the old Slack functionality.
- [30274](https://github.com/apache/superset/pull/30274) Moved SLACK_ENABLE_AVATAR from config.py to the feature flag framework, please adapt your configs.
+- [30274](https://github.com/apache/superset/pull/30274) Moved SLACK_ENABLE_AVATAR from config.py to the feature flag framework, please adapt your configs

 ### Potential Downtime

@@ -144,7 +116,7 @@ assists people when migrating to a new version.
 - [24911](https://github.com/apache/superset/pull/24911): Changes the column type from `TEXT` to `MediumText` in table `logs`, potentially requiring a table lock on MySQL dbs or taking some time to complete on large deployments.
 - [24939](https://github.com/apache/superset/pull/24939): Augments the foreign key constraints for the `embedded_dashboards` table to include an explicit CASCADE ON DELETE to ensure the relevant records are deleted when a dashboard is deleted. Scheduled downtime may be advised.
 - [24938](https://github.com/apache/superset/pull/24938): Augments the foreign key constraints for the `dashboard_slices` table to include an explicit CASCADE ON DELETE to ensure the relevant records are deleted when a dashboard or slice is deleted. Scheduled downtime may be advised.
- [24628](https://github.com/apache/superset/pull/24628): Augments the foreign key constraints for the `dashboard_owner`, `report_schedule_owner`, and `slice_owner` tables to include an explicit CASCADE ON DELETE to ensure the relevant ownership records are deleted when a dataset is deleted. Scheduled downtime may be advised.
+- [24628]https://github.com/apache/superset/pull/24628): Augments the foreign key constraints for the `dashboard_owner`, `report_schedule_owner`, and `slice_owner` tables to include an explicit CASCADE ON DELETE to ensure the relevant ownership records are deleted when a dataset is deleted. Scheduled downtime may be advised.
 - [24488](https://github.com/apache/superset/pull/24488): Augments the foreign key constraints for the `sql_metrics`, `sqlatable_user`, and `table_columns` tables which reference the `tables` table to include an explicit CASCADE ON DELETE to ensure the relevant records are deleted when a dataset is deleted. Scheduled downtime may be advised.
 - [24232](https://github.com/apache/superset/pull/24232): Enables ENABLE_TEMPLATE_REMOVE_FILTERS, DRILL_TO_DETAIL, DASHBOARD_CROSS_FILTERS by default, marks VERSIONED_EXPORT and ENABLE_TEMPLATE_REMOVE_FILTERS as deprecated.
 - [23652](https://github.com/apache/superset/pull/23652): Enables GENERIC_CHART_AXES feature flag by default.
@@ -160,7 +132,7 @@ assists people when migrating to a new version.

 ### Breaking Changes

- [24686](https://github.com/apache/superset/pull/24686): All dataset's custom explore_url are handled as relative URLs on the frontend, behaviour controlled by PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET.
+- [24686]https://github.com/apache/superset/pull/24686): All dataset's custom explore_url are handled as relative URLs on the frontend, behaviour controlled by PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET.
 - [24262](https://github.com/apache/superset/pull/24262): Enabled `TALISMAN_ENABLED` flag by default and provided stricter default Content Security Policy
 - [24415](https://github.com/apache/superset/pull/24415): Removed the obsolete Druid NoSQL REGEX operator.
 - [24423](https://github.com/apache/superset/pull/24423): Removed deprecated APIs `/superset/slice_json/...`, `/superset/annotation_json/...`
@@ -256,8 +228,7 @@ assists people when migrating to a new version.
 - [19273](https://github.com/apache/superset/pull/19273): The `SUPERSET_CELERY_WORKERS` and `SUPERSET_WORKERS` config keys has been removed. Configure Celery directly using `CELERY_CONFIG` on Superset.
 - [19231](https://github.com/apache/superset/pull/19231): The `ENABLE_REACT_CRUD_VIEWS` feature flag has been removed (permanently enabled). Any deployments which had set this flag to false will need to verify that the React views support their use case.
 - [19230](https://github.com/apache/superset/pull/19230): The `ROW_LEVEL_SECURITY` feature flag has been removed (permanently enabled). Any deployments which had set this flag to false will need to verify that the presence of the Row Level Security feature does not interfere with their use case.
- [19168](https://github.com/apache/superset/pull/19168): Celery upgrade to 5.X resulted in breaking changes to its command line invocation.
-  html#step-1-adjust-your-command-line-invocation) instructions for adjustments. Also consider migrating you Celery config per [here](https://docs.celeryq.dev/en/stable/userguide/configuration.html#conf-old-settings-map).
+- [19168](https://github.com/apache/superset/pull/19168): Celery upgrade to 5.X resulted in breaking changes to its command line invocation. Please follow [these](https://docs.celeryq.dev/en/stable/whatsnew-5.2.html#step-1-adjust-your-command-line-invocation) instructions for adjustments. Also consider migrating you Celery config per [here](https://docs.celeryq.dev/en/stable/userguide/configuration.html#conf-old-settings-map).
 - [19142](https://github.com/apache/superset/pull/19142): The `VERSIONED_EXPORT` config key is now `True` by default.
 - [19113](https://github.com/apache/superset/pull/19113): The `ENABLE_JAVASCRIPT_CONTROLS` config key has moved from an app config to a feature flag. Any deployments who overrode this setting will now need to override the feature flag from here onward.
 - [19107](https://github.com/apache/superset/pull/19107): The `SQLLAB_BACKEND_PERSISTENCE` feature flag is now `True` by default, which enables persisting SQL Lab tabs in the backend instead of the browser's `localStorage`.
@@ -345,7 +316,8 @@ assists people when migrating to a new version.
 ### Potential Downtime

 - [14234](https://github.com/apache/superset/pull/14234): Adds the `limiting_factor` column to the `query` table. Give the migration includes a DDL operation on a heavily trafficked table, potential service downtime may be required.
- [16454](https://github.com/apache/superset/pull/16454): Adds the `extra` column to the `table_columns` table. Users using MySQL will either need to schedule downtime or use the percona toolkit (or similar) to perform the migration.
+
+-[16454](https://github.com/apache/superset/pull/16454): Adds the `extra` column to the `table_columns` table. Users using MySQL will either need to schedule downtime or use the percona toolkit (or similar) to perform the migration.

 ## 1.2.0

@@ -567,7 +539,7 @@ assists people when migrating to a new version.
 - [8117](https://github.com/apache/superset/pull/8117): If you are
  using `ENABLE_PROXY_FIX = True`, review the newly-introduced variable,
  `PROXY_FIX_CONFIG`, which changes the proxy behavior in accordance with
-  Werkzeug.
+  [Werkzeug](https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/)

 - [8069](https://github.com/apache/superset/pull/8069): introduces
  [MessagePack](https://github.com/msgpack/msgpack-python) and
--- a/docker-compose-image-tag.yml
+++ b/docker-compose-image-tag.yml
@@ -16,12 +16,15 @@
 #

 # -----------------------------------------------------------------------
-# We don't support docker compose for production environments.
+# We don't support docker-compose for production environments.
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
 x-superset-image: &superset-image apachesuperset.docker.scarf.sh/apache/superset:${TAG:-latest-dev}
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
 x-superset-volumes:
  &superset-volumes # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -61,12 +64,8 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    image: *superset-image
@@ -77,18 +76,11 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    image: *superset-image
@@ -100,9 +92,7 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
@@ -111,8 +101,6 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    image: *superset-image
@@ -124,15 +112,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose-non-dev.yml
+++ b/docker-compose-non-dev.yml
@@ -16,11 +16,14 @@
 #

 # -----------------------------------------------------------------------
-# We don't support docker compose for production environments.
+# We don't support docker-compose for production environments.
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
 x-superset-volumes:
  &superset-volumes # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -67,12 +70,8 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    container_name: superset_init
@@ -84,18 +83,11 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    build:
@@ -108,9 +100,7 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
@@ -119,8 +109,6 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    build:
@@ -133,15 +121,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,12 +16,15 @@
 #

 # -----------------------------------------------------------------------
-# We don't support docker compose for production environments.
+# We don't support docker-compose for production environments.
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
 x-superset-user: &superset-user root
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
 x-superset-volumes: &superset-volumes
  # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -32,14 +35,9 @@ x-superset-volumes: &superset-volumes

 x-common-build: &common-build
  context: .
-  target: ${SUPERSET_BUILD_TARGET:-dev} # can use `dev` (default) or `lean`
+  target: dev
  cache_from:
    - apache/superset-cache:3.10-slim-bookworm
-  args:
-    DEV_MODE: "true"
-    INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
-    INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
-    BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}

 services:
  nginx:
@@ -89,18 +87,13 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-      # When in cypress-mode ->
-      - 8081:8081
    extra_hosts:
      - "host.docker.internal:host-gateway"
    user: *superset-user
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
    environment:
      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-websocket:
    container_name: superset_websocket
@@ -127,7 +120,7 @@ services:
      - /home/superset-websocket/dist

      # Mounting a config file that contains a dummy secret required to boot up.
-      # do not use this docker compose in production
+      # do not use this docker-compose in production
      - ./docker/superset-websocket/config.json:/home/superset-websocket/config.json
    environment:
      - PORT=8080
@@ -145,40 +138,20 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    environment:
      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    healthcheck:
      disable: true

  superset-node:
-    build:
-      context: .
-      target: superset-node
-      args:
-        # This prevents building the frontend bundle since we'll mount local folder
-        # and build it on startup while firing docker-frontend.sh in dev mode, where
-        # it'll mount and watch local files and rebuild as you update them
-        DEV_MODE: "true"
-        BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
+    image: node:18
    environment:
      # set this to false if you have perf issues running the npm i; npm run dev in-docker
      # if you do so, you have to run this manually on the host, which should perform better!
-      BUILD_SUPERSET_FRONTEND_IN_DOCKER: true
-      NPM_RUN_PRUNE: false
      SCARF_ANALYTICS: "${SCARF_ANALYTICS:-}"
-      # configuring the dev-server to use the host.docker.internal to connect to the backend
-      superset: "http://host.docker.internal:8088"
-    ports:
-      - "127.0.0.1:9000:9000"  # exposing the dynamic webpack dev server
    container_name: superset_node
    command: ["/app/docker/docker-frontend.sh"]
    env_file:
@@ -186,6 +159,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
+    depends_on: *superset-depends-on
    volumes: *superset-volumes

  superset-worker:
@@ -200,12 +174,8 @@ services:
        required: false
    environment:
      CELERYD_CONCURRENCY: 2
-      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    extra_hosts:
@@ -227,15 +197,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      - superset-worker
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-tests-worker:
    build:
@@ -256,11 +222,8 @@ services:
      REDIS_RESULTS_DB: 3
      REDIS_HOST: localhost
      CELERYD_CONCURRENCY: 8
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    network_mode: host
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    healthcheck:
--- a/docker/.env
+++ b/docker/.env
@@ -15,11 +15,8 @@
 # limitations under the License.
 #

-# Allowing python to print() in docker
-PYTHONUNBUFFERED=1

 COMPOSE_PROJECT_NAME=superset
-DEV_MODE=true

 # database configurations (do not modify)
 DATABASE_DB=superset
@@ -66,4 +63,3 @@ SUPERSET_SECRET_KEY=TEST_NON_DEV_SECRET
 ENABLE_PLAYWRIGHT=false
 PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
 BUILD_SUPERSET_FRONTEND_IN_DOCKER=true
-SUPERSET_LOG_LEVEL=info
--- a/docker/README.md
+++ b/docker/README.md
@@ -68,7 +68,7 @@ Don't forget to reload the page to take the new frontend into account though.

 ## Production

-It is possible to run Superset in non-development mode by using [`docker-compose-non-dev.yml`](../docker-compose-non-dev.yml). This file excludes the volumes needed for development.
+It is possible to run Superset in non-development mode by using [`docker-compose-non-dev.yml`](../docker-compose-non-dev.yml). This file excludes the volumes needed for development and uses [`./docker/.env-non-dev`](./.env-non-dev) which sets the variable `SUPERSET_ENV` to `production`.

 ## Resource Constraints

--- a/docker/apt-install.sh
+++ b/docker/apt-install.sh
@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-set -euo pipefail
-
-# Ensure this script is run as root
-if [[ $EUID -ne 0 ]]; then
-  echo "This script must be run as root" >&2
-  exit 1
-fi
-
-# Check for required arguments
-if [[ $# -lt 1 ]]; then
-  echo "Usage: $0 <package1> [<package2> ...]" >&2
-  exit 1
-fi
-
-# Colors for better logging (optional)
-GREEN='\033[0;32m'
-RED='\033[0;31m'
-RESET='\033[0m'
-
-# Install packages with clean-up
-echo -e "${GREEN}Updating package lists...${RESET}"
-apt-get update -qq
-
-echo -e "${GREEN}Installing packages: $@${RESET}"
-apt-get install -yqq --no-install-recommends "$@"
-
-echo -e "${GREEN}Autoremoving unnecessary packages...${RESET}"
-apt-get autoremove -y
-
-echo -e "${GREEN}Cleaning up package cache and metadata...${RESET}"
-apt-get clean
-rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* /tmp/* /var/tmp/*
-
-echo -e "${GREEN}Installation and cleanup complete.${RESET}"
--- a/docker/docker-bootstrap.sh
+++ b/docker/docker-bootstrap.sh
@@ -18,39 +18,19 @@

 set -eo pipefail

-# Make python interactive
-if [ "$DEV_MODE" == "true" ]; then
-    if [ "$(whoami)" = "root" ] && command -v uv > /dev/null 2>&1; then
-      echo "Reinstalling the app in editable mode"
-      uv pip install -e .
-    fi
-fi
 REQUIREMENTS_LOCAL="/app/docker/requirements-local.txt"
-PORT=${PORT:-8088}
 # If Cypress run – overwrite the password for admin and export env variables
 if [ "$CYPRESS_CONFIG" == "true" ]; then
+    export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
    export SUPERSET_TESTENV=true
-    export POSTGRES_DB=superset_cypress
-    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset_cypress
-    PORT=8081
-fi
-if [[ "$DATABASE_DIALECT" == postgres* ]] && [ "$(whoami)" = "root" ]; then
-    # older images may not have the postgres dev requirements installed
-    echo "Installing postgres requirements"
-    if command -v uv > /dev/null 2>&1; then
-        # Use uv in newer images
-        uv pip install -e .[postgres]
-    else
-        # Use pip in older images
-        pip install -e .[postgres]
-    fi
+    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset
 fi
 #
 # Make sure we have dev requirements installed
 #
 if [ -f "${REQUIREMENTS_LOCAL}" ]; then
  echo "Installing local overrides at ${REQUIREMENTS_LOCAL}"
-  uv pip install --no-cache-dir -r "${REQUIREMENTS_LOCAL}"
+  pip install --no-cache-dir -r "${REQUIREMENTS_LOCAL}"
 else
  echo "Skipping local overrides"
 fi
@@ -68,7 +48,7 @@ case "${1}" in
    ;;
  app)
    echo "Starting web app (using development server)..."
-    flask run -p $PORT --with-threads --reload --debugger --host=0.0.0.0
+    flask run -p 8088 --with-threads --reload --debugger --host=0.0.0.0
    ;;
  app-gunicorn)
    echo "Starting web app..."
--- a/docker/entrypoints/docker-ci.sh
+++ b/docker/entrypoints/docker-ci.sh
@@ -23,4 +23,4 @@
 export SERVER_THREADS_AMOUNT=8
 # start up the web server

-/app/docker/entrypoints/run-server.sh
+/usr/bin/run-server.sh
--- a/docker/docker-entrypoint-initdb.d/cypress-init.sh
+++ b/docker/docker-entrypoint-initdb.d/cypress-init.sh
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# ------------------------------------------------------------------------
-# Creates the examples database and respective user. This database location
-# and access credentials are defined on the environment variables
-# ------------------------------------------------------------------------
-set -e
-
-psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" <<-EOSQL
-  CREATE DATABASE superset_cypress;
-EOSQL
--- a/docker/docker-frontend.sh
+++ b/docker/docker-frontend.sh
@@ -24,23 +24,12 @@ if [ "$PUPPETEER_SKIP_CHROMIUM_DOWNLOAD" = "false" ]; then
 fi

 if [ "$BUILD_SUPERSET_FRONTEND_IN_DOCKER" = "true" ]; then
-    echo "Building Superset frontend in dev mode inside docker container"
    cd /app/superset-frontend
+    npm install -f --no-optional --global webpack webpack-cli
+    npm install -f --no-optional

-    if [ "$NPM_RUN_PRUNE" = "true" ]; then
-        echo "Running `npm run prune`"
-        npm run prune
-    fi
-
-    echo "Running `npm install`"
-    npm install
-
-    echo "Start webpack dev server"
-    # start the webpack dev server, serving dynamically at http://localhost:9000
-    # it proxies to the backend served at http://localhost:8088
-    npm run dev-server
-
+    echo "Running frontend"
+    npm run dev
 else
-    echo "Skipping frontend build steps - YOU NEED TO RUN IT MANUALLY ON THE HOST!"
-    echo "https://superset.apache.org/docs/contributing/development/#webpack-dev-server"
+    echo "Skipping frontend build steps - YOU RUN IT MANUALLY ON THE HOST!"
 fi
--- a/docker/docker-init.sh
+++ b/docker/docker-init.sh
@@ -22,26 +22,28 @@ set -e
 #
 /app/docker/docker-bootstrap.sh

-if [ "$SUPERSET_LOAD_EXAMPLES" = "yes" ]; then
-    STEP_CNT=4
-else
-    STEP_CNT=3
-fi
+STEP_CNT=4

 echo_step() {
 cat <<EOF
+
 ######################################################################
+
+
 Init Step ${1}/${STEP_CNT} [${2}] -- ${3}
+
+
 ######################################################################
+
 EOF
 }
 ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin}"
 # If Cypress run – overwrite the password for admin and export env variables
 if [ "$CYPRESS_CONFIG" == "true" ]; then
    ADMIN_PASSWORD="general"
+    export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
    export SUPERSET_TESTENV=true
-    export POSTGRES_DB=superset_cypress
-    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset_cypress
+    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset
 fi
 # Initialize the database
 echo_step "1" "Starting" "Applying DB migrations"
@@ -50,16 +52,12 @@ echo_step "1" "Complete" "Applying DB migrations"

 # Create an admin user
 echo_step "2" "Starting" "Setting up admin user ( admin / $ADMIN_PASSWORD )"
-if [ "$CYPRESS_CONFIG" == "true" ]; then
-    superset load_test_users
-else
-    superset fab create-admin \
-        --username admin \
-        --email admin@superset.com \
-        --password "$ADMIN_PASSWORD" \
-        --firstname Superset \
-        --lastname Admin
-fi
+superset fab create-admin \
+              --username admin \
+              --firstname Superset \
+              --lastname Admin \
+              --email admin@superset.com \
+              --password "$ADMIN_PASSWORD"
 echo_step "2" "Complete" "Setting up admin user"
 # Create default roles and permissions
 echo_step "3" "Starting" "Setting up roles and perms"
@@ -71,9 +69,10 @@ if [ "$SUPERSET_LOAD_EXAMPLES" = "yes" ]; then
    echo_step "4" "Starting" "Loading examples"
    # If Cypress run which consumes superset_test_config – load required data for tests
    if [ "$CYPRESS_CONFIG" == "true" ]; then
+        superset load_test_users
        superset load_examples --load-test-data
    else
-        superset load_examples
+        superset load_examples --force
    fi
    echo_step "4" "Complete" "Loading examples"
 fi
--- a/docker/pip-install.sh
+++ b/docker/pip-install.sh
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-set -euo pipefail
-
-# Default flag
-REQUIRES_BUILD_ESSENTIAL=false
-USE_CACHE=true
-
-# Filter arguments
-ARGS=()
-for arg in "$@"; do
-  case "$arg" in
-    --requires-build-essential)
-      REQUIRES_BUILD_ESSENTIAL=true
-      ;;
-    --no-cache)
-      USE_CACHE=false
-      ;;
-    *)
-      ARGS+=("$arg")
-      ;;
-  esac
-done
-
-# Install build-essential if required
-if $REQUIRES_BUILD_ESSENTIAL; then
-  echo "Installing build-essential for package builds..."
-  apt-get update -qq \
-    && apt-get install -yqq --no-install-recommends build-essential
-fi
-
-# Choose whether to use pip cache
-if $USE_CACHE; then
-  echo "Using pip cache..."
-  uv pip install "${ARGS[@]}"
-else
-  echo "Disabling pip cache..."
-  uv pip install --no-cache-dir "${ARGS[@]}"
-fi
-
-# Remove build-essential if it was installed
-if $REQUIRES_BUILD_ESSENTIAL; then
-  echo "Removing build-essential to keep the image lean..."
-  apt-get autoremove -yqq --purge build-essential \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
-fi
-
-echo "Python packages installed successfully."
--- a/docker/pythonpath_dev/superset_config.py
+++ b/docker/pythonpath_dev/superset_config.py
@@ -22,7 +22,6 @@
 #
 import logging
 import os
-import sys

 from celery.schedules import crontab
 from flask_caching.backends.filesystemcache import FileSystemCache
@@ -100,26 +99,11 @@ CELERY_CONFIG = CeleryConfig

 FEATURE_FLAGS = {"ALERT_REPORTS": True}
 ALERT_REPORTS_NOTIFICATION_DRY_RUN = True
-WEBDRIVER_BASEURL = "http://superset:8088/"  # When using docker compose baseurl should be http://superset_app:8088/  # noqa: E501
+WEBDRIVER_BASEURL = "http://superset:8088/"  # When using docker compose baseurl should be http://superset_app:8088/
 # The base URL for the email report hyperlinks.
 WEBDRIVER_BASEURL_USER_FRIENDLY = WEBDRIVER_BASEURL
 SQLLAB_CTAS_NO_LIMIT = True

-log_level_text = os.getenv("SUPERSET_LOG_LEVEL", "INFO")
-LOG_LEVEL = getattr(logging, log_level_text.upper(), logging.INFO)
-
-if os.getenv("CYPRESS_CONFIG") == "true":
-    # When running the service as a cypress backend, we need to import the config
-    # located @ tests/integration_tests/superset_test_config.py
-    base_dir = os.path.dirname(__file__)
-    module_folder = os.path.abspath(
-        os.path.join(base_dir, "../../tests/integration_tests/")
-    )
-    sys.path.insert(0, module_folder)
-    from superset_test_config import *  # noqa
-
-    sys.path.pop(0)
-
 #
 # Optionally import superset_config_docker.py (which will have been included on
 # the PYTHONPATH) in order to allow for local settings to be overridden
--- a/docker/entrypoints/run-server.sh
+++ b/docker/entrypoints/run-server.sh
@@ -26,7 +26,6 @@ gunicorn \
    --workers ${SERVER_WORKER_AMOUNT:-1} \
    --worker-class ${SERVER_WORKER_CLASS:-gthread} \
    --threads ${SERVER_THREADS_AMOUNT:-20} \
-    --log-level "${GUNICORN_LOGLEVEL:info}" \
    --timeout ${GUNICORN_TIMEOUT:-60} \
    --keep-alive ${GUNICORN_KEEPALIVE:-2} \
    --max-requests ${WORKER_MAX_REQUESTS:-0} \
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-v20.16.0
+v20.12.2
--- a/docs/README.md
+++ b/docs/README.md
@@ -16,7 +16,6 @@ KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
-
 This is the public documentation site for Superset, built using
 [Docusaurus 2](https://docusaurus.io/). See
 [CONTRIBUTING.md](../CONTRIBUTING.md#documentation) for documentation on
--- a/docs/data/countries.json
+++ b/docs/data/countries.json
@@ -63,7 +63,6 @@
    "Fiji",
    "Finland",
    "France",
-    "France (with overseas)",
    "France (regions)",
    "French Polynesia",
    "Gabon",
@@ -78,7 +77,6 @@
    "Guyana",
    "Haiti",
    "Honduras",
-    "Hungary",
    "Iceland",
    "India",
    "Indonesia",
--- a/docs/docs/configuration/alerts-reports.mdx
+++ b/docs/docs/configuration/alerts-reports.mdx
@@ -25,9 +25,6 @@ Alerts and reports are disabled by default. To turn them on, you need to do some
 - At least one of those must be configured, depending on what you want to use:
  - emails: `SMTP_*` settings
  - Slack messages: `SLACK_API_TOKEN`
- Users can customize the email subject by including date code placeholders, which will automatically be replaced with the corresponding UTC date when the email is sent. To enable this functionality, activate the `"DATE_FORMAT_IN_EMAIL_SUBJECT"` [feature flag](/docs/configuration/configuring-superset#feature-flags). This enables date formatting in email subjects, preventing all reporting emails from being grouped into the same thread (optional for the reporting feature).
-    - Use date codes from [strftime.org](https://strftime.org/) to create the email subject.
-    - If no date code is provided, the original string will be used as the email subject.

 ##### Disable dry-run mode

@@ -56,14 +53,11 @@ To send alerts and reports to Slack channels, you need to create a new Slack App
   - `incoming-webhook`
   - `files:write`
   - `chat:write`
-   - `channels:read`
-   - `groups:read`
 4. At the top of the "OAuth and Permissions" section, click "install to workspace".
 5. Select a default channel for your app and continue.
   (You can post to any channel by inviting your Superset app into that channel).
 6. The app should now be installed in your workspace, and a "Bot User OAuth Access Token" should have been created. Copy that token in the `SLACK_API_TOKEN` variable of your `superset_config.py`.
-7. Ensure the feature flag `ALERT_REPORT_SLACK_V2` is set to True in `superset_config.py`
-8. Restart the service (or run `superset init`) to pull in the new configuration.
+7. Restart the service (or run `superset init`) to pull in the new configuration.

 Note: when you configure an alert or a report, the Slack channel list takes channel names without the leading '#' e.g. use `alerts` instead of `#alerts`.

@@ -180,9 +174,10 @@ By default, Alerts and Reports are executed as the owner of the alert/report obj
 just change the config as follows (`admin` in this example):

 ```python
-from superset.tasks.types import FixedExecutor
+from superset.tasks.types import ExecutorType

-ALERT_REPORTS_EXECUTORS = [FixedExecutor("admin")]
+THUMBNAIL_SELENIUM_USER = 'admin'
+ALERT_REPORTS_EXECUTE_AS = [ExecutorType.SELENIUM]
 ```

 Please refer to `ExecutorType` in the codebase for other executor types.
@@ -256,18 +251,15 @@ FROM apache/superset:3.1.0
 USER root

 RUN apt-get update && \
-    apt-get install -y wget zip libaio1
-
-RUN export CHROMEDRIVER_VERSION=$(curl --silent https://googlechromelabs.github.io/chrome-for-testing/LATEST_RELEASE_116) && \
-    wget -O google-chrome-stable_current_amd64.deb -q http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROMEDRIVER_VERSION}-1_amd64.deb && \
+    wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \
    apt-get install -y --no-install-recommends ./google-chrome-stable_current_amd64.deb && \
    rm -f google-chrome-stable_current_amd64.deb

-RUN export CHROMEDRIVER_VERSION=$(curl --silent https://googlechromelabs.github.io/chrome-for-testing/LATEST_RELEASE_116) && \
-    wget -q https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_VERSION}/linux64/chromedriver-linux64.zip && \
-    unzip -j chromedriver-linux64.zip -d /usr/bin && \
+RUN export CHROMEDRIVER_VERSION=$(curl --silent https://chromedriver.storage.googleapis.com/LATEST_RELEASE_102) && \
+    wget -q https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_VERSION}/chromedriver_linux64.zip && \
+    unzip chromedriver_linux64.zip -d /usr/bin && \
    chmod 755 /usr/bin/chromedriver && \
-    rm -f chromedriver-linux64.zip
+    rm -f chromedriver_linux64.zip

 RUN pip install --no-cache gevent psycopg2 redis

--- a/docs/docs/configuration/cache.mdx
+++ b/docs/docs/configuration/cache.mdx
@@ -13,8 +13,8 @@ SimpleCache (in-memory), or the local filesystem.
 [Custom cache backends](https://flask-caching.readthedocs.io/en/latest/#custom-cache-backends)
 are also supported.

-Caching can be configured by providing dictionaries in
-`superset_config.py` that comply with [the Flask-Caching config specifications](https://flask-caching.readthedocs.io/en/latest/#configuring-flask-caching).
+Caching can be configured by providing a dictionaries in
+`superset_config.py` that comply with[the Flask-Caching config specifications](https://flask-caching.readthedocs.io/en/latest/#configuring-flask-caching).

 The following cache configurations can be customized in this way:
 - Dashboard filter state (required): `FILTER_STATE_CACHE_CONFIG`.
@@ -22,7 +22,7 @@ The following cache configurations can be customized in this way:
 - Metadata cache (optional): `CACHE_CONFIG`
 - Charting data queried from datasets (optional): `DATA_CACHE_CONFIG`

-For example, to configure the filter state cache using Redis:
+For example, to configure the filter state cache using redis:

 ```python
 FILTER_STATE_CACHE_CONFIG = {
@@ -94,9 +94,10 @@ By default thumbnails are rendered per user, and will fall back to the Selenium
 To always render thumbnails as a fixed user (`admin` in this example), use the following configuration:

 ```python
-from superset.tasks.types import FixedExecutor
+from superset.tasks.types import ExecutorType

-THUMBNAIL_EXECUTORS = [FixedExecutor("admin")]
+THUMBNAIL_SELENIUM_USER = "admin"
+THUMBNAIL_EXECUTE_AS = [ExecutorType.SELENIUM]
 ```


@@ -129,6 +130,8 @@ def init_thumbnail_cache(app: Flask) -> S3Cache:


 THUMBNAIL_CACHE_CONFIG = init_thumbnail_cache
+# Async selenium thumbnail task will use the following user
+THUMBNAIL_SELENIUM_USER = "Admin"
 ```

 Using the above example cache keys for dashboards will be `superset_thumb__dashboard__{ID}`. You can
--- a/docs/docs/configuration/configuring-superset.mdx
+++ b/docs/docs/configuration/configuring-superset.mdx
@@ -37,7 +37,7 @@ ENV SUPERSET_CONFIG_PATH /app/superset_config.py
 ```

 Docker compose deployments handle application configuration differently using specific conventions.
-Refer to the [docker compose tips & configuration](/docs/installation/docker-compose#docker-compose-tips--configuration)
+Refer to the [docker-compose tips & configuration](/docs/installation/docker-compose#docker-compose-tips--configuration)
 for details.

 The following is an example of just a few of the parameters you can set in your `superset_config.py` file:
@@ -314,9 +314,9 @@ CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
  ]
  ```
 ### Keycloak-Specific Configuration using Flask-OIDC
-If you are using Keycloak as OpenID Connect 1.0 Provider, the above configuration based on [`Authlib`](https://authlib.org/) might not work. In this case using [`Flask-OIDC`](https://pypi.org/project/flask-oidc/) is a viable option.
+If you are using Keycloak as OpenID Connect 1.0 Provider, the above configuration based on [`Authlib`](https://authlib.org/) might not work. In this case using [`Flask-OIDC`](https://https://pypi.org/project/flask-oidc/) is a viable option.

-Make sure the pip package [`Flask-OIDC`](https://pypi.org/project/flask-oidc/) is installed on the webserver. This was succesfully tested using version 2.2.0. This package requires [`Flask-OpenID`](https://pypi.org/project/Flask-OpenID/) as a dependency.
+Make sure the pip package [`Flask-OIDC`](https://https://pypi.org/project/flask-oidc/) is installed on the webserver. This was succesfully tested using version 2.2.0. This package requires [`Flask-OpenID`](https://pypi.org/project/Flask-OpenID/) as a dependency.

 The following code defines a new security manager.  Add it to a new file named `keycloak_security_manager.py`, placed in the same directory as your `superset_config.py` file.
 ```python
--- a/docs/docs/configuration/databases.mdx
+++ b/docs/docs/configuration/databases.mdx
@@ -54,10 +54,8 @@ are compatible with Superset.
 | [Azure MS SQL](/docs/configuration/databases#sql-server)                | `pip install pymssql`                                                              | `mssql+pymssql://UserName@presetSQL:TestPassword@presetSQL.database.windows.net:1433/TestSchema`                                                       |
 | [ClickHouse](/docs/configuration/databases#clickhouse)                  | `pip install clickhouse-connect`                                                   | `clickhousedb://{username}:{password}@{hostname}:{port}/{database}`                                                                                    |
 | [CockroachDB](/docs/configuration/databases#cockroachdb)                | `pip install cockroachdb`                                                          | `cockroachdb://root@{hostname}:{port}/{database}?sslmode=disable`                                                                                      |
-| [Couchbase](/docs/configuration/databases#couchbase)                | `pip install couchbase-sqlalchemy`                                                          | `couchbase://{username}:{password}@{hostname}:{port}?truststorepath={ssl certificate path}`                                                                                      |
-| [CrateDB](/docs/configuration/databases#cratedb)                        | `pip install sqlalchemy-cratedb`                                                   | `crate://{username}:{password}@{hostname}:{port}`, often useful: `?ssl=true/false` or `?schema=testdrive`.                                             |
-| [Denodo](/docs/configuration/databases#denodo)                          | `pip install denodo-sqlalchemy`                                                    | `denodo://{username}:{password}@{hostname}:{port}/{database}`                                                                                          |
-| [Dremio](/docs/configuration/databases#dremio)                          | `pip install sqlalchemy_dremio`                                                    |`dremio+flight://{username}:{password}@{host}:32010`, often useful: `?UseEncryption=true/false`. For Legacy ODBC: `dremio+pyodbc://{username}:{password}@{host}:31010`                                                                                                                           |
+| [CouchbaseDB](/docs/configuration/databases#couchbaseDB)                | `pip install couchbase-sqlalchemy`                                                          | `couchbasedb://{username}:{password}@{hostname}:{port}?truststorepath={ssl certificate path}`                                                                                      |
+| [Dremio](/docs/configuration/databases#dremio)                          | `pip install sqlalchemy_dremio`                                                    | `dremio://user:pwd@host:31010/`                                                                                                                        |
 | [Elasticsearch](/docs/configuration/databases#elasticsearch)            | `pip install elasticsearch-dbapi`                                                  | `elasticsearch+http://{user}:{password}@{host}:9200/`                                                                                                  |
 | [Exasol](/docs/configuration/databases#exasol)                          | `pip install sqlalchemy-exasol`                                                    | `exa+pyodbc://{username}:{password}@{hostname}:{port}/my_schema?CONNECTIONLCALL=en_US.UTF-8&driver=EXAODBC`                                            |
 | [Google BigQuery](/docs/configuration/databases#google-bigquery)                     | `pip install sqlalchemy-bigquery`                                                  | `bigquery://{project_id}`                                                                                                                              |
@@ -69,7 +67,6 @@ are compatible with Superset.
 | [MySQL](/docs/configuration/databases#mysql)                            | `pip install mysqlclient`                                                          | `mysql://<UserName>:<DBPassword>@<Database Host>/<Database Name>`                                                                                      |
 | [OceanBase](/docs/configuration/databases#oceanbase)                    | `pip install oceanbase_py`                                                         | `oceanbase://<UserName>:<DBPassword>@<Database Host>/<Database Name>`                                                                                      |
 | [Oracle](/docs/configuration/databases#oracle)                          | `pip install cx_Oracle`                                                            | `oracle://`                                                                                                                                            |
-| [Parseable](/docs/configuration/databases#parseable)                    | `pip install sqlalchemy-parseable`                                                 | `parseable://<UserName>:<DBPassword>@<Database Host>/<Stream Name>`                                                                                    |
 | [PostgreSQL](/docs/configuration/databases#postgres)                    | `pip install psycopg2`                                                             | `postgresql://<UserName>:<DBPassword>@<Database Host>/<Database Name>`                                                                                 |
 | [Presto](/docs/configuration/databases#presto)                          | `pip install pyhive`                                                               | `presto://`                                                                                                                                            |
 | [Rockset](/docs/configuration/databases#rockset)                        | `pip install rockset-sqlalchemy`                                                   | `rockset://<api_key>:@<api_server>`                                                                                                                    |
@@ -78,12 +75,10 @@ are compatible with Superset.
 | [Snowflake](/docs/configuration/databases#snowflake)                    | `pip install snowflake-sqlalchemy`                                                 | `snowflake://{user}:{password}@{account}.{region}/{database}?role={role}&warehouse={warehouse}`                                                        |
 | SQLite                                                    | No additional library needed                                                       | `sqlite://path/to/file.db?check_same_thread=false`                                                                                                     |
 | [SQL Server](/docs/configuration/databases#sql-server)                  | `pip install pymssql`                                                              | `mssql+pymssql://`                                                                                                                                     |
-| [TDengine](/docs/configuration/databases#tdengine)                      | `pip install taospy`  `pip install taos-ws-py`                                     | `taosws://<user>:<password>@<host>:<port>`                                                                                                             |
 | [Teradata](/docs/configuration/databases#teradata)                      | `pip install teradatasqlalchemy`                                                   | `teradatasql://{user}:{password}@{host}`                                                                                                               |
 | [TimescaleDB](/docs/configuration/databases#timescaledb)                | `pip install psycopg2`                                                             | `postgresql://<UserName>:<DBPassword>@<Database Host>:<Port>/<Database Name>`                                                                          |
 | [Trino](/docs/configuration/databases#trino)                            | `pip install trino`                                                                | `trino://{username}:{password}@{hostname}:{port}/{catalog}`                                                                                            |
 | [Vertica](/docs/configuration/databases#vertica)                        | `pip install sqlalchemy-vertica-python`                                            | `vertica+vertica_python://<UserName>:<DBPassword>@<Database Host>/<Database Name>`                                                                     |
-| [YDB](/docs/configuration/databases#ydb)                                | `pip install ydb-sqlalchemy`                                                       | `ydb://{host}:{port}/{database_name}`                                                                                                                  |
 | [YugabyteDB](/docs/configuration/databases#yugabytedb)                  | `pip install psycopg2`                                                             | `postgresql://<UserName>:<DBPassword>@<Database Host>/<Database Name>`                                                                                 |
 ---

@@ -380,10 +375,9 @@ cockroachdb://root@{hostname}:{port}/{database}?sslmode=disable



-#### Couchbase
+#### CouchbaseDB

-The Couchbase's Superset connection is designed to support two services: Couchbase Analytics and Couchbase Columnar.
-The recommended connector library for couchbase is
+The recommended connector library for CouchbaseDB is
 [couchbase-sqlalchemy](https://github.com/couchbase/couchbase-sqlalchemy).
 ```
 pip install couchbase-sqlalchemy
@@ -392,39 +386,27 @@ pip install couchbase-sqlalchemy
 The expected connection string is formatted as follows:

 ```
-couchbase://{username}:{password}@{hostname}:{port}?truststorepath={certificate path}?ssl={true/false}
+couchbasedb://{username}:{password}@{hostname}:{port}?truststorepath={certificate path}?ssl={true/false}
 ```


 #### CrateDB

-The connector library for CrateDB is [sqlalchemy-cratedb].
-We recommend to add the following item to your `requirements.txt` file:
+The recommended connector library for CrateDB is
+[crate](https://pypi.org/project/crate/).
+You need to install the extras as well for this library.
+We recommend adding something like the following
+text to your requirements file:
+
 ```
-sqlalchemy-cratedb>=0.40.1,<1
+crate[sqlalchemy]==0.26.0
 ```

-An SQLAlchemy connection string for [CrateDB Self-Managed] on localhost,
-for evaluation purposes, looks like this:
+The expected connection string is formatted as follows:
+
 ```
 crate://crate@127.0.0.1:4200
 ```
-An SQLAlchemy connection string for connecting to [CrateDB Cloud] looks like
-this:
-```
-crate://<username>:<password>@<clustername>.cratedb.net:4200/?ssl=true
-```
-
-Follow the steps [here](/docs/configuration/databases#installing-database-drivers)
-to install the CrateDB connector package when setting up Superset locally using
-Docker Compose.
-```
-echo "sqlalchemy-cratedb" >> ./docker/requirements-local.txt
-```
-
-[CrateDB Cloud]: https://cratedb.com/product/cloud
-[CrateDB Self-Managed]: https://cratedb.com/product/self-managed
-[sqlalchemy-cratedb]: https://pypi.org/project/sqlalchemy-cratedb/


 #### Databend
@@ -529,16 +511,6 @@ For a connection to a SQL endpoint you need to use the HTTP path from the endpoi
 ```


-#### Denodo
-
-The recommended connector library for Denodo is
-[denodo-sqlalchemy](https://pypi.org/project/denodo-sqlalchemy/).
-
-The expected connection string is formatted as follows (default port is 9996):
-
-```
-denodo://{username}:{password}@{hostname}:{port}/{database}
-```


 #### Dremio
@@ -549,7 +521,7 @@ The recommended connector library for Dremio is
 The expected connection string for ODBC (Default port is 31010) is formatted as follows:

 ```
-dremio+pyodbc://{username}:{password}@{host}:{port}/{database_name}/dremio?SSL=1
+dremio://{username}:{password}@{host}:{port}/{database_name}/dremio?SSL=1
 ```

 The expected connection string for Arrow Flight (Dremio 4.9.1+. Default port is 32010) is formatted as follows:
@@ -1076,23 +1048,6 @@ The connection string is formatted as follows:
 oracle://<username>:<password>@<hostname>:<port>
 ```

-#### Parseable
-
-[Parseable](https://www.parseable.io) is a distributed log analytics database that provides SQL-like query interface for log data. The recommended connector library is [sqlalchemy-parseable](https://github.com/parseablehq/sqlalchemy-parseable).
-
-The connection string is formatted as follows:
-
-```
-parseable://<username>:<password>@<hostname>:<port>/<stream_name>
-```
-
-For example:
-
-```
-parseable://admin:admin@demo.parseable.com:443/ingress-nginx
-```
-
-Note: The stream_name in the URI represents the Parseable logstream you want to query. You can use both HTTP (port 80) and HTTPS (port 443) connections.


 #### Apache Pinot
@@ -1351,28 +1306,6 @@ Here's what the connection string looks like:
 starrocks://<User>:<Password>@<Host>:<Port>/<Catalog>.<Database>
 ```

-:::note
-StarRocks maintains their Superset docuementation [here](https://docs.starrocks.io/docs/integrations/BI_integrations/Superset/).
-:::
-
-#### TDengine
-
-[TDengine](https://www.tdengine.com) is a High-Performance, Scalable Time-Series Database for Industrial IoT and provides SQL-like query interface.
-
-The recommended connector library for TDengine is [taospy](https://pypi.org/project/taospy/) and [taos-ws-py](https://pypi.org/project/taos-ws-py/)
-
-The expected connection string is formatted as follows:
-
-```
-taosws://<user>:<password>@<host>:<port>
-```
-
-For example:
-
-```
-taosws://root:taosdata@127.0.0.1:6041
-```
-
 #### Teradata

 The recommended connector library is
@@ -1575,78 +1508,6 @@ Other parameters:
 - Load Balancer - Backup Host


-
-#### YDB
-
-The recommended connector library for [YDB](https://ydb.tech/) is
-[ydb-sqlalchemy](https://pypi.org/project/ydb-sqlalchemy/).
-
-##### Connection String
-
-The connection string for YDB looks like this:
-
-```
-ydb://{host}:{port}/{database_name}
-```
-
-##### Protocol
-You can specify `protocol` in the `Secure Extra` field at `Advanced / Security`:
-
-```
-{
-    "protocol": "grpcs"
-}
-```
-
-Default is `grpc`.
-
-
-##### Authentication Methods
-###### Static Credentials
-To use `Static Credentials` you should provide `username`/`password` in the `Secure Extra` field at `Advanced / Security`:
-
-```
-{
-    "credentials": {
-        "username": "...",
-        "password": "..."
-    }
-}
-```
-
-
-###### Access Token Credentials
-To use `Access Token Credentials` you should provide `token` in the `Secure Extra` field at `Advanced / Security`:
-
-```
-{
-    "credentials": {
-        "token": "...",
-    }
-}
-```
-
-
-##### Service Account Credentials
-To use Service Account Credentials, you should provide `service_account_json` in the `Secure Extra` field at `Advanced / Security`:
-
-```
-{
-    "credentials": {
-        "service_account_json": {
-            "id": "...",
-            "service_account_id": "...",
-            "created_at": "...",
-            "key_algorithm": "...",
-            "public_key": "...",
-            "private_key": "..."
-        }
-    }
-}
-```
-
-
-
 #### YugabyteDB

 [YugabyteDB](https://www.yugabyte.com/) is a distributed SQL database built on top of PostgreSQL.
--- a/docs/docs/configuration/networking-settings.mdx
+++ b/docs/docs/configuration/networking-settings.mdx
@@ -18,71 +18,15 @@ The following keys in `superset_config.py` can be specified to configure CORS:

 - `ENABLE_CORS`: Must be set to `True` in order to enable CORS
 - `CORS_OPTIONS`: options passed to Flask-CORS
-  ([documentation](https://flask-cors.readthedocs.io/en/latest/api.html#extension))
+  ([documentation](https://flask-cors.corydolphin.com/en/latest/api.html#extension))


 ## HTTP headers

 Note that Superset bundles [flask-talisman](https://pypi.org/project/talisman/)
-Self-described as a small Flask extension that handles setting HTTP headers that can help
+Self-descried as a small Flask extension that handles setting HTTP headers that can help
 protect against a few common web application security issues.

-
-## HTML Embedding of Dashboards and Charts
-
-There are two ways to embed a dashboard: Using the [SDK](https://www.npmjs.com/package/@superset-ui/embedded-sdk) or embedding a direct link. Note that in the latter case everybody who knows the link is able to access the dashboard.
-
-### Embedding a Public Direct Link to a Dashboard
-
-This works by first changing the content security policy (CSP) of [flask-talisman](https://github.com/GoogleCloudPlatform/flask-talisman) to allow for certain domains to display Superset content. Then a dashboard can be made publicly accessible, i.e. **bypassing authentication**. Once made public, the dashboard's URL can be added to an iframe in another website's HTML code.
-
-#### Changing flask-talisman CSP
-
-Add to `superset_config.py` the entire `TALISMAN_CONFIG` section from `config.py` and include a `frame-ancestors` section:
-```python
-TALISMAN_ENABLED = True
-TALISMAN_CONFIG = {
-    "content_security_policy": {
-    ...
-	"frame-ancestors": ["*.my-domain.com", "*.another-domain.com"],
-    ...
-```
-Restart Superset for this configuration change to take effect.
-
-#### Making a Dashboard Public
-
-1. Add the `'DASHBOARD_RBAC': True` [Feature Flag](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md) to `superset_config.py`
-2. Add the `Public` role to your dashboard as described [here](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/#manage-access-to-dashboards)
-
-#### Embedding a Public Dashboard
-
-Now anybody can directly access the dashboard's URL. You can embed it in an iframe like so:
-
-```html
-<iframe
-  width="600"
-  height="400"
-  seamless
-  frameBorder="0"
-  scrolling="no"
-  src="https://superset.my-domain.com/superset/dashboard/10/?standalone=1&height=400"
->
-</iframe>
-```
-#### Embedding a Chart
-
-A chart's embed code can be generated by going to a chart's edit view and then clicking at the top right on `...` > `Share` > `Embed code`
-
-### Enabling Embedding via the SDK
-
-Clicking on `...` next to `EDIT DASHBOARD` on the top right of the dashboard's overview page should yield a drop-down menu including the entry "Embed dashboard".
-
-To enable this entry, add the following line to the `.env` file:
-
-```text
-SUPERSET_FEATURE_EMBEDDED_SUPERSET=true
-```
-
 ## CSRF settings

 Similarly, [flask-wtf](https://flask-wtf.readthedocs.io/en/0.15.x/config/) is used manage
@@ -108,10 +52,6 @@ running a custom auth postback endpoint), you can add the endpoints to `WTF_CSRF

 ## Domain Sharding

-:::note
-Domain Sharding is deprecated as of Superset 5.0.0, and will be removed in Superset 6.0.0. Please Enable HTTP2 to keep more open connections per domain.
-:::
-
 Chrome allows up to 6 open connections per domain at a time. When there are more than 6 slices in
 dashboard, a lot of time fetch requests are queued up and wait for next available socket.
 [PR 5039](https://github.com/apache/superset/pull/5039) adds domain sharding to Superset,
--- a/docs/docs/configuration/sql-templating.mdx
+++ b/docs/docs/configuration/sql-templating.mdx
@@ -17,8 +17,8 @@ made available in the Jinja context:

 - `columns`: columns which to group by in the query
 - `filter`: filters applied in the query
- `from_dttm`: start `datetime` value from the selected time range (`None` if undefined) (deprecated beginning in version 5.0, use `get_time_filter` instead)
- `to_dttm`: end `datetime` value from the selected time range (`None` if undefined). (deprecated beginning in version 5.0, use `get_time_filter` instead)
+- `from_dttm`: start `datetime` value from the selected time range (`None` if undefined)
+- `to_dttm`: end `datetime` value from the selected time range (`None` if undefined)
 - `groupby`: columns which to group by in the query (deprecated)
 - `metrics`: aggregate expressions in the query
 - `row_limit`: row limit of the query
@@ -48,15 +48,12 @@ WHERE (
    {% if to_dttm is not none %}
        dttm_col < '{{ to_dttm }}' AND
    {% endif %}
-    1 = 1
+    true
 )
 ```

-The `1 = 1` at the end ensures a value is present for the `WHERE` clause even when
-the time filter is not set. For many database engines, this could be replaced with `true`.
-
-Note that the Jinja parameters are called within _double_ brackets in the query and with
-_single_ brackets in the logic blocks.
+Note how the Jinja parameters are called within double brackets in the query, and without in the
+logic blocks.

 To add custom functionality to the Jinja context, you need to overload the default Jinja
 context in your environment by defining the `JINJA_CONTEXT_ADDONS` in your superset configuration
@@ -97,7 +94,7 @@ There is a special ``_filters`` parameter which can be used to test filters used
 ```sql
 SELECT action, count(*) as times
 FROM logs
-WHERE action in {{ filter_values('action_type')|where_in }}
+WHERE action in {{ filter_values('action_type'))|where_in }}
 GROUP BY action
 ```

@@ -349,78 +346,6 @@ Here's a concrete example:
    order by lineage, level
 ```

-**Time Filter**
-
-The `{{ get_time_filter() }}` macro returns the time filter applied to a specific column. This is useful if you want
-to handle time filters inside the virtual dataset, as by default the time filter is placed on the outer query. This can
-considerably improve performance, as many databases and query engines are able to optimize the query better
-if the temporal filter is placed on the inner query, as opposed to the outer query.
-
-The macro takes the following parameters:
- `column`: Name of the temporal column. Leave undefined to reference the time range from a Dashboard Native Time Range
-  filter (when present).
- `default`: The default value to fall back to if the time filter is not present, or has the value `No filter`
- `target_type`: The target temporal type as recognized by the target  database (e.g. `TIMESTAMP`, `DATE` or
-  `DATETIME`). If `column` is defined, the format will default to the type of the column. This is used to produce
-  the format of the `from_expr` and `to_expr` properties of the returned `TimeFilter` object.
- `strftime`: format using the `strftime` method of `datetime` for custom time formatting.
-  ([see docs for valid format codes](https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes)).
-  When defined `target_type` will be ignored.
- `remove_filter`: When set to true, mark the filter as processed, removing it from the outer query. Useful when a
-  filter should only apply to the inner query.
-
-The return type has the following properties:
- `from_expr`: the start of the time filter (if any)
- `to_expr`: the end of the time filter (if any)
- `time_range`: The applied time range
-
-Here's a concrete example using the `logs` table from the Superset metastore:
-
-```
-{% set time_filter = get_time_filter("dttm", remove_filter=True) %}
-{% set from_expr = time_filter.from_expr %}
-{% set to_expr = time_filter.to_expr %}
-{% set time_range = time_filter.time_range %}
-SELECT
-  *,
-  '{{ time_range }}' as time_range
-FROM logs
-{% if from_expr or to_expr %}WHERE 1 = 1
-{% if from_expr %}AND dttm >= {{ from_expr }}{% endif %}
-{% if to_expr %}AND dttm < {{ to_expr }}{% endif %}
-{% endif %}
-```
-
-Assuming we are creating a table chart with a simple `COUNT(*)` as the metric with a time filter `Last week` on the
-`dttm` column, this would render the following query on Postgres (note the formatting of the temporal filters, and
-the absence of time filters on the outer query):
-
-```
-SELECT COUNT(*) AS count
-FROM
-  (SELECT *,
-          'Last week' AS time_range
-   FROM public.logs
-   WHERE 1 = 1
-     AND dttm >= TO_TIMESTAMP('2024-08-27 00:00:00.000000', 'YYYY-MM-DD HH24:MI:SS.US')
-     AND dttm < TO_TIMESTAMP('2024-09-03 00:00:00.000000', 'YYYY-MM-DD HH24:MI:SS.US')) AS virtual_table
-ORDER BY count DESC
-LIMIT 1000;
-```
-
-When using the `default` parameter, the templated query can be simplified, as the endpoints will always be defined
-(to use a fixed time range, you can also use something like `default="2024-08-27 : 2024-09-03"`)
-```
-{% set time_filter = get_time_filter("dttm", default="Last week", remove_filter=True) %}
-SELECT
-  *,
-  '{{ time_filter.time_range }}' as time_range
-FROM logs
-WHERE
-  dttm >= {{ time_filter.from_expr }}
-  AND dttm < {{ time_filter.to_expr }}
-```
-
 **Datasets**

 It's possible to query physical and virtual datasets using the `dataset` macro. This is useful if you've defined computed columns and metrics on your datasets, and want to reuse the definition in adhoc SQL Lab queries.
--- a/docs/docs/contributing/contributing.mdx
+++ b/docs/docs/contributing/contributing.mdx
@@ -86,7 +86,7 @@ text strings from Superset's UI. You can jump into the existing
 language dictionaries at
 `superset/translations/<language_code>/LC_MESSAGES/messages.po`, or
 even create a dictionary for a new language altogether.
-See [Translating](howtos#contributing-translations) for more details.
+See [Translating](howtos#contribute-translations) for more details.

 ### Ask Questions

--- a/docs/docs/contributing/development.mdx
+++ b/docs/docs/contributing/development.mdx
@@ -6,13 +6,13 @@ version: 1
 # Setting up a Development Environment

 The documentation in this section is a bit of a patchwork of knowledge representing the
-multitude of ways that exist to run Superset (`docker compose`, just "docker", on "metal", using
+multitude of ways that exist to run Superset (`docker-compose`, just "docker", on "metal", using
 a Makefile).

 :::note
-Now we have evolved to recommend and support `docker compose` more actively as the main way
+Now we have evolved to recommend and support `docker-compose` more actively as the main way
 to run Superset for development and preserve your sanity. **Most people should stick to
-the first few sections - ("Fork & Clone", "docker compose" and "Installing Dev Tools")**
+the first few sections - ("Fork & Clone", "docker-compose" and "Installing Dev Tools")**
 :::

 ## Fork and Clone
@@ -27,14 +27,12 @@ git clone git@github.com:your-username/superset.git
 cd superset
 ```

-## docker compose (recommended!)
+## docker-compose (recommended!)

-Setting things up to squeeze a "hello world" into any part of Superset should be as simple as
+Setting things up to squeeze an "hello world" into any part of Superset should be as simple as

 ```bash
-# getting docker compose to fire up services, and rebuilding if some docker layers have changed
-# using the `--build` suffix may be slower and optional if layers like py dependencies haven't changed
-docker compose up --build
+docker-compose up
 ```

 Note that:
@@ -47,7 +45,7 @@ Note that:
  - **Postgres** as the metadata database and to store example datasets, charts and dashboards which
    should be populated upon startup
  - **Redis** as the message queue for our async backend and caching backend
- It'll load up examples into the database upon the first startup
+- It'll load up examples into the database upon first startup
 - all other details and pointers available in
  [docker-compose.yml](https://github.com/apache/superset/blob/master/docker-compose.yml)
 - The local repository is mounted within the services, meaning updating
@@ -55,77 +53,23 @@ Note that:
 - Superset is served at localhost:8088/
 - You can login with admin/admin

-:::note
-Installing and building Node modules for Apache Superset inside `superset-node` can take a
-significant amount of time. This is normal due to the size of the dependencies. Please be
-patient while the process completes, as long wait times do not indicate an issue with your setup.
-If delays seem excessive, check your internet connection or system resources.
-:::
-
 :::caution
-Since `docker compose` is primarily designed to run a set of containers on **a single host**
+Since `docker-compose` is primarily designed to run a set of containers on **a single host**
 and can't credibly support **high availability** as a result, we do not support nor recommend
-using our `docker compose` constructs to support production-type use-cases. For single host
+using our `docker-compose` constructs to support production-type use-cases. For single host
 environments, we recommend using [minikube](https://minikube.sigs.k8s.io/docs/start/) along
 our [installing on k8s](https://superset.apache.org/docs/installation/running-on-kubernetes)
 documentation.
 configured to be secure.
 :::

-
-### Supported environment variables
-
-Affecting the Docker build process:
- **SUPERSET_BUILD_TARGET (default=dev):** which --target to build, either `lean` or `dev` are commonly used
- **INCLUDE_FIREFOX (default=false):** whether to include the Firefox headless browser in the build
- **INCLUDE_CHROMIUM (default=false):** whether to include the Firefox headless browser in the build
- **BUILD_TRANSLATIONS(default=false):** whether to compile the translations from the .po files available
- **SUPERSET_LOAD_EXAMPLES (default=yes):** whether to load the examples into the database upon startup,
-  save some precious time on startup by `SUPERSET_LOAD_EXAMPLES=no docker compose up`
- **SUPERSET_LOG_LEVEL (default=info)**: Can be set to debug, info, warning, error, critical
-  for more verbose logging
-
-For more env vars that affect your configuration, see this
-[superset_config.py](https://github.com/apache/superset/blob/master/docker/pythonpath_dev/superset_config.py)
-used in the `docker compose` context to assign env vars to the superset configuration.
-
-### Accessing the postgres database
-Sometimes it's useful to access the database in the docker container directly.
-You can enter a `psql` shell (the official Postgres client) by running the following command:
-
-```bash
-docker compose exec db psql -U superset
-```
-
-Also note that the database is exposed on port 5432, so you can connect to it using your favorite
-Postgres client or even SQL Lab itselft directly in Superset by creating a new database connection
-to `localhost:5432`.
-
-### Nuking the postgres database
-
-At times, it's possible to end up with your development database in a bad state, it's
-common while switching branches that contain migrations for instance, where the database
-version stamp that `alembic` manages is no longer available after switching branch.
-
-In that case, the easy solution is to nuke the postgres db and start fresh. Note that the full
-state of the database will be gone after doing this, so be cautious.
-
-```bash
-# first stop docker-compose if it's running
-docker-compose down
-# delete the volume containing the database
-docker volume rm superset_db_home
-# restart docker-compose, which will init a fresh database and load examples
-docker-compose up
-```
-
 ## Installing Development Tools

 :::note
-While `docker compose` simplifies a lot of the setup, there are still
+While docker-compose simplifies a lot of the setup, there are still
 many things you'll want to set up locally to power your IDE, and things like
 **commit hooks**, **linters**, and **test-runners**. Note that you can do these
-things inside docker images with commands like `docker compose exec superset_app bash` for
+things inside docker images with commands like `docker-compose exec superset_app bash` for
 instance, but many people like to run that tooling from their host.
 :::

@@ -133,8 +77,7 @@ instance, but many people like to run that tooling from their host.

 Assuming you already have a way to setup your python environments
 like `pyenv`, `virtualenv` or something else, all you should have to
-do is to install our dev, pinned python requirements bundle, after installing
-the prerequisites mentioned in [OS Dependencies](https://superset.apache.org/docs/installation/pypi/#os-dependencies)
+do is to install our dev, pinned python requirements bundle

 ```bash
 pip install -r requirements/development.txt
@@ -149,55 +92,13 @@ To install run the following:
 pre-commit install
 ```

-This will install the hooks in your local repository. From now on, a series of checks will
-automatically run whenever you make a Git commit.
+A series of checks will now run when you make a git commit.

-#### Running Pre-commit Manually
-
-You can also run the pre-commit checks manually in various ways:
-
- **Run pre-commit on all files (same as CI):**
-
-  To run the pre-commit checks across all files in your repository, use the following command:
-
-  ```bash
-  pre-commit run --all-files
-  ```
-
-  This is the same set of checks that will run during CI, ensuring your changes meet the project's standards.
-
- **Run pre-commit on a specific file:**
-
-  If you want to check or fix a specific file, you can do so by specifying the file path:
-
-  ```bash
-  pre-commit run --files path/to/your/file.py
-  ```
-
-  This will only run the checks on the file(s) you specify.
-
- **Run a specific pre-commit check:**
-
-  To run a specific check (hook) across all files or a particular file, use the following command:
-
-  ```bash
-  pre-commit run <hook_id> --all-files
-  ```
-
-  Or for a specific file:
-
-  ```bash
-  pre-commit run <hook_id> --files path/to/your/file.py
-  ```
-
-  Replace `<hook_id>` with the ID of the specific hook you want to run. You can find the list
-  of available hooks in the `.pre-commit-config.yaml` file.
-
-## Alternatives to `docker compose`
+## Alternatives to docker-compose

 :::caution
 This part of the documentation is a patchwork of information related to setting up
-development environments without `docker compose` and is documented/supported to varying
+development environments without `docker-compose` and are documented/supported to varying
 degrees. It's been difficult to maintain this wide array of methods and insure they're
 functioning across environments.
 :::
@@ -207,7 +108,7 @@ functioning across environments.
 #### OS Dependencies

 Make sure your machine meets the [OS dependencies](https://superset.apache.org/docs/installation/pypi#os-dependencies) before following these steps.
-You also need to install MySQL.
+You also need to install MySQL or [MariaDB](https://mariadb.com/downloads).

 Ensure that you are using Python version 3.9, 3.10 or 3.11, then proceed with:

@@ -237,11 +138,11 @@ superset load-examples

 # Start the Flask dev web server from inside your virtualenv.
 # Note that your page may not have CSS at this point.
-# See instructions below on how to build the front-end assets.
+# See instructions below how to build the front-end assets.
 superset run -p 8088 --with-threads --reload --debugger --debug
 ```

-Or you can install it via our Makefile
+Or you can install via our Makefile

 ```bash
 # Create a virtual environment and activate it (recommended)
@@ -259,7 +160,7 @@ $ make pre-commit
 ```

 **Note: the FLASK_APP env var should not need to be set, as it's currently controlled
-via `.flaskenv`, however, if needed, it should be set to `superset.app:create_app()`**
+via `.flaskenv`, however if needed, it should be set to `superset.app:create_app()`**

 If you have made changes to the FAB-managed templates, which are not built the same way as the newer, React-powered front-end assets, you need to start the app without the `--with-threads` argument like so:
 `superset run -p 8088 --reload --debugger --debug`
@@ -272,19 +173,19 @@ If you add a new requirement or update an existing requirement (per the `install
 $ python3 -m venv venv
 $ source venv/bin/activate
 $ python3 -m pip install -r requirements/development.txt
-$ ./scripts/uv-pip-compile.sh
+$ pip-compile-multi --no-upgrade
 ```

-When upgrading the version number of a single package, you should run `./scripts/uv-pip-compile.sh` with the `-P` flag:
+When upgrading the version number of a single package, you should run `pip-compile-multi` with the `-P` flag:

 ```bash
-$ ./scripts/uv-pip-compile.sh -P some-package-to-upgrade
+$ pip-compile-multi -P my-package
 ```

-To bring all dependencies up to date as per the restrictions defined in `setup.py` and `requirements/*.in`, run `./scripts/uv-pip-compile.sh --upgrade`
+To bring all dependencies up to date as per the restrictions defined in `setup.py` and `requirements/*.in`, run pip-compile-multi` without any flags:

 ```bash
-$ ./scripts/uv-pip-compile.sh --upgrade
+$ pip-compile-multi
 ```

 This should be done periodically, but it is recommended to do thorough manual testing of the application to ensure no breaking changes have been introduced that aren't caught by the unit and integration tests.
@@ -324,7 +225,7 @@ Frontend assets (TypeScript, JavaScript, CSS, and images) must be compiled in or

 First, be sure you are using the following versions of Node.js and npm:

- `Node.js`: Version 20
+- `Node.js`: Version 18
 - `npm`: Version 10

 We recommend using [nvm](https://github.com/nvm-sh/nvm) to manage your node environment:
@@ -362,7 +263,7 @@ cd superset-frontend
 npm ci
 ```

-Note that Superset uses [Scarf](https://docs.scarf.sh) to capture telemetry/analytics about versions being installed, including the `scarf-js` npm package and an analytics pixel. As noted elsewhere in this documentation, Scarf gathers aggregated stats for the sake of security/release strategy and does not capture/retain PII. [You can read here](https://docs.scarf.sh/package-analytics/) about the `scarf-js` package, and various means to opt out of it, but you can opt out of the npm package _and_ the pixel by setting the `SCARF_ANALYTICS` environment variable to `false` or opt out of the pixel by adding this setting in `superset-frontent/package.json`:
+Note that Superset uses [Scarf](https://docs.scarf.sh) to capture telemetry/analytics about versions being installed, including the `scarf-js` npm package and an analytics pixel. As noted elsewhere in this documentation, Scarf gathers aggregated stats for the sake of security/release strategy, and does not capture/retain PII. [You can read here](https://docs.scarf.sh/package-analytics/) about the `scarf-js` package, and various means to opt out of it, but you can opt out of the npm package _and_ the pixel by setting the `SCARF_ANALYTICS` environment variable to `false` or opt out of the pixel by adding this setting in `superset-frontent/package.json`:

 ```json
 // your-package/package.json
@@ -390,7 +291,7 @@ Error: ENOSPC: System limit for number of file watchers reached
 ```

 The error is thrown because the number of files monitored by the system has reached the limit.
-You can address this error by increasing the number of inotify watchers.
+You can address this this error by increasing the number of inotify watchers.

 The current value of max watches can be checked with:

@@ -401,13 +302,13 @@ cat /proc/sys/fs/inotify/max_user_watches
 Edit the file `/etc/sysctl.conf` to increase this value.
 The value needs to be decided based on the system memory [(see this StackOverflow answer for more context)](https://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux).

-Open the file in an editor and add a line at the bottom specifying the max watches values.
+Open the file in editor and add a line at the bottom specifying the max watches values.

 ```bash
 fs.inotify.max_user_watches=524288
 ```

-Save the file and exit the editor.
+Save the file and exit editor.
 To confirm that the change succeeded, run the following command to load the updated value of max_user_watches from `sysctl.conf`:

 ```bash
@@ -505,124 +406,97 @@ pre-commit install

 A series of checks will now run when you make a git commit.

+Alternatively it is possible to run pre-commit via tox:
+
+```bash
+tox -e pre-commit
+```
+
+Or by running pre-commit manually:
+
+```bash
+pre-commit run --all-files
+```

 ## Linting

-See [how tos](/docs/contributing/howtos#linting)
+### Python

-
-## GitHub Actions and `act`
-
-:::tip
-`act` compatibility of Superset's GHAs is not fully tested. Running `act` locally may or may not
-work for different actions, and may require fine tunning and local secret-handling.
-For those more intricate GHAs that are tricky to run locally, we recommend iterating
-directly on GHA's infrastructure, by pushing directly on a branch and monitoring GHA logs.
-For more targetted iteration, see the `gh workflow run --ref {BRANCH}` subcommand of the GitHub CLI.
-:::
-
-For automation and CI/CD, Superset makes extensive use of GitHub Actions (GHA). You
-can find all of the workflows and other assets under the `.github/` folder. This includes:
- running the backend unit test suites (`tests/`)
- running the frontend test suites (`superset-frontend/src/**.*.test.*`)
- running our Cypress end-to-end tests (`superset-frontend/cypress-base/`)
- linting the codebase, including all Python, Typescript and Javascript, yaml and beyond
- checking for all sorts of other rules conventions
-
-When you open a pull request (PR), the appropriate GitHub Actions (GHA) workflows will
-automatically run depending on the changes in your branch. It's perfectly reasonable
-(and required!) to rely on this automation. However, the downside is that it's mostly an
-all-or-nothing approach and doesn't provide much control to target specific tests or
-iterate quickly.
-
-At times, it may be more convenient to run GHA workflows locally. For that purpose
-we use [act](https://github.com/nektos/act), a tool that allows you to run GitHub Actions (GHA)
-workflows locally. It simulates the GitHub Actions environment, enabling developers to
-test and debug workflows on their local machines before pushing changes to the repository. More
-on how to use it in the next section.
-
-:::note
-In both GHA and `act`, we can run a more complex matrix for our tests, executing against different
-database engines (PostgreSQL, MySQL, SQLite) and different versions of Python.
-This enables us to ensure compatibility and stability across various environments.
-:::
-
-### Using `act`
-
-First, install `act` -> https://nektosact.com/
-
-To list the workflows, simply:
+We use [Pylint](https://pylint.org/) for linting which can be invoked via:

 ```bash
-act --list
+# for python
+tox -e pylint
 ```

-To run a specific workflow:
+In terms of best practices please avoid blanket disabling of Pylint messages globally (via `.pylintrc`) or top-level within the file header, albeit there being a few exceptions. Disabling should occur inline as it prevents masking issues and provides context as to why said message is disabled.
+
+Additionally, the Python code is auto-formatted using [Black](https://github.com/python/black) which
+is configured as a pre-commit hook. There are also numerous [editor integrations](https://black.readthedocs.io/en/stable/integrations/editors.html)
+
+### TypeScript

 ```bash
-act pull_request --job {workflow_name} --secret GITHUB_TOKEN=$GITHUB_TOKEN --container-architecture linux/amd64
+cd superset-frontend
+npm ci
+# run eslint checks
+npm run eslint -- .
+# run tsc (typescript) checks
+npm run type
 ```

-In the example above, notice that:
- we target a specific workflow, using `--job`
- we pass a secret using `--secret`, as many jobs require read access (public) to the repo
- we simulate a `pull_request` event by specifying it as the first arg,
-  similarly, we could simulate a `push` event or something else
- we specify `--container-architecture`, which tends to emulate GHA more reliably
+If using the eslint extension with vscode, put the following in your workspace `settings.json` file:

-:::note
-`act` is a rich tool that offers all sorts of features, allowing you to simulate different
-events (pull_request, push, ...), semantics around passing secrets where required and much
-more. For more information, refer to [act's documentation](https://nektosact.com/)
-:::
-
-:::note
-Some jobs require secrets to interact with external systems and accounts that you may
-not have in your possession. In those cases you may have to rely on remote CI or parameterize the
-job further to target a different environment/sandbox or your own alongside the related
-secrets.
-:::
-
---
+```json
+"eslint.workingDirectories": [
+  "superset-frontend"
+]
+```

 ## Testing

 ### Python Testing

-#### Unit Tests
-
-For unit tests located in `tests/unit_tests/`, it's usually easy to simply run the script locally using:
+All python tests are carried out in [tox](https://tox.readthedocs.io/en/latest/index.html)
+a standardized testing framework.
+All python tests can be run with any of the tox [environments](https://tox.readthedocs.io/en/latest/example/basic.html#a-simple-tox-ini-default-environments), via,

 ```bash
-pytest tests/unit_tests/*
+tox -e <environment>
 ```

-#### Integration Tests
-
-For more complex pytest-defined integration tests (not to be confused with our end-to-end Cypress tests), many tests will require having a working test environment. Some tests require a database, Celery, and potentially other services or libraries installed.
-
-### Running Tests with `act`
-
-To run integration tests locally using `act`, ensure you have followed the setup instructions from the [GitHub Actions and `act`](#github-actions-and-act) section. You can run specific workflows or jobs that include integration tests. For example:
+For example,

 ```bash
-act --job test-python-38 --secret GITHUB_TOKEN=$GITHUB_TOKEN --event pull_request --container-architecture linux/amd64
+tox -e py38
 ```

-#### Running locally using a test script
+Alternatively, you can run all tests in a single file via,

-There is also a utility script included in the Superset codebase to run Python integration tests. The [readme can be found here](https://github.com/apache/superset/tree/master/scripts/tests).
+```bash
+tox -e <environment> -- tests/test_file.py
+```
+
+or for a specific test via,
+
+```bash
+tox -e <environment> -- tests/test_file.py::TestClassName::test_method_name
+```
+
+Note that the test environment uses a temporary directory for defining the
+SQLite databases which will be cleared each time before the group of test
+commands are invoked.

 There is also a utility script included in the Superset codebase to run python integration tests. The [readme can be
 found here](https://github.com/apache/superset/tree/master/scripts/tests)

-To run all integration tests, for example, run this script from the root directory:
+To run all integration tests for example, run this script from the root directory:

 ```bash
 scripts/tests/run.sh
 ```

-You can run unit tests found in `./tests/unit_tests` with pytest. It is a simple way to run an isolated test that doesn't need any database setup:
+You can run unit tests found in './tests/unit_tests' for example with pytest. It is a simple way to run an isolated test that doesn't need any database setup

 ```bash
 pytest ./link_to_test.py
@@ -643,6 +517,71 @@ To run a single test file:
 npm run test -- path/to/file.js
 ```

+### Integration Testing
+
+We use [Cypress](https://www.cypress.io/) for integration tests. Tests can be run by `tox -e cypress`. To open Cypress and explore tests first setup and run test server:
+
+```bash
+export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
+export SUPERSET_TESTENV=true
+export CYPRESS_BASE_URL="http://localhost:8081"
+superset db upgrade
+superset load_test_users
+superset load-examples --load-test-data
+superset init
+superset run --port 8081
+```
+
+Run Cypress tests:
+
+```bash
+cd superset-frontend
+npm run build-instrumented
+
+cd cypress-base
+npm install
+
+# run tests via headless Chrome browser (requires Chrome 64+)
+npm run cypress-run-chrome
+
+# run tests from a specific file
+npm run cypress-run-chrome -- --spec cypress/e2e/explore/link.test.ts
+
+# run specific file with video capture
+npm run cypress-run-chrome -- --spec cypress/e2e/dashboard/index.test.js --config video=true
+
+# to open the cypress ui
+npm run cypress-debug
+
+# to point cypress to a url other than the default (http://localhost:8088) set the environment variable before running the script
+# e.g., CYPRESS_BASE_URL="http://localhost:9000"
+CYPRESS_BASE_URL=<your url> npm run cypress open
+```
+
+See [`superset-frontend/cypress_build.sh`](https://github.com/apache/superset/blob/master/superset-frontend/cypress_build.sh).
+
+As an alternative you can use docker compose environment for testing:
+
+Make sure you have added below line to your /etc/hosts file:
+`127.0.0.1 db`
+
+If you already have launched Docker environment please use the following command to assure a fresh database instance:
+`docker compose down -v`
+
+Launch environment:
+
+`CYPRESS_CONFIG=true docker compose up`
+
+It will serve backend and frontend on port 8088.
+
+Run Cypress tests:
+
+```bash
+cd cypress-base
+npm install
+npm run cypress open
+```
+
 ### Debugging Server App

 #### Local
@@ -670,12 +609,12 @@ For debugging locally using VSCode, you can configure a launch configuration fil
 }
 ```

-#### Raw Docker (without `docker compose`)
+#### Raw Docker (without docker-compose)

 Follow these instructions to debug the Flask app running inside a docker container. Note that
 this will run a barebones Superset web server,

-First, add the following to the ./docker-compose.yaml file
+First add the following to the ./docker-compose.yaml file

 ```diff
 superset:
@@ -699,7 +638,7 @@ superset:
 Start Superset as usual

 ```bash
-docker compose up --build
+docker compose up
 ```

 Install the required libraries and packages to the docker container
@@ -789,7 +728,7 @@ See (set capabilities for a container)[https://kubernetes.io/docs/tasks/configur

 Once the pod is running as root and has the SYS_PTRACE capability it will be able to debug the Flask app.

-You can follow the same instructions as in `docker compose`. Enter the pod and install the required library and packages; gdb, netstat and debugpy.
+You can follow the same instructions as in the docker-compose. Enter the pod and install the required library and packages; gdb, netstat and debugpy.

 Often in a Kubernetes environment nodes are not addressable from outside the cluster. VSCode will thus be unable to remotely connect to port 5678 on a Kubernetes node. In order to do this you need to create a tunnel that port forwards 5678 to your local machine.

@@ -797,11 +736,11 @@ Often in a Kubernetes environment nodes are not addressable from outside the clu
 kubectl port-forward  pod/superset-<some random id> 5678:5678
 ```

-You can now launch your VSCode debugger with the same config as above. VSCode will connect to 127.0.0.1:5678 which is forwarded by kubectl to your remote kubernetes POD.
+You can now launch your VSCode debugger with the same config as above. VSCode will connect to to 127.0.0.1:5678 which is forwarded by kubectl to your remote kubernetes POD.

 ### Storybook

-Superset includes a [Storybook](https://storybook.js.org/) to preview the layout/styling of various Superset components and variations thereof. To open and view the Storybook:
+Superset includes a [Storybook](https://storybook.js.org/) to preview the layout/styling of various Superset components, and variations thereof. To open and view the Storybook:

 ```bash
 cd superset-frontend
@@ -951,7 +890,7 @@ To fix it:
   from alembic import op
   ```

-   Alternatively, you may also run `superset db merge` to create a migration script
+   Alternatively you may also run `superset db merge` to create a migration script
   just for merging the heads.

   ```bash
--- a/docs/docs/contributing/guidelines.mdx
+++ b/docs/docs/contributing/guidelines.mdx
@@ -12,7 +12,7 @@ A philosophy we would like to strongly encourage is

 The purpose is to separate problem from possible solutions.

-**Bug fixes:** If you’re only fixing a small bug, it’s fine to submit a pull request right away but we highly recommend filing an issue detailing what you’re fixing. This is helpful in case we don’t accept that specific fix but want to keep track of the issue. Please keep in mind that the project maintainers reserve the rights to accept or reject incoming PRs, so it is better to separate the issue and the code to fix it from each other. In some cases, project maintainers may request you to create a separate issue from PR before proceeding.
+**Bug fixes:** If you’re only fixing a small bug, it’s fine to submit a pull request right away but we highly recommend to file an issue detailing what you’re fixing. This is helpful in case we don’t accept that specific fix but want to keep track of the issue. Please keep in mind that the project maintainers reserve the rights to accept or reject incoming PRs, so it is better to separate the issue and the code to fix it from each other. In some cases, project maintainers may request you to create a separate issue from PR before proceeding.

 **Refactor:** For small refactors, it can be a standalone PR itself detailing what you are refactoring and why. If there are concerns, project maintainers may request you to create a `#SIP` for the PR before proceeding.

--- a/docs/docs/contributing/howtos.mdx
+++ b/docs/docs/contributing/howtos.mdx
@@ -170,10 +170,31 @@ npm run dev-server

 ### Python Testing

-`pytest`, backend by docker-compose is how we recommend running tests locally.
+All python tests are carried out in [tox](https://tox.readthedocs.io/en/latest/index.html)
+a standardized testing framework.
+All python tests can be run with any of the tox [environments](https://tox.readthedocs.io/en/latest/example/basic.html#a-simple-tox-ini-default-environments), via,

-For a more complex test matrix (against different database backends, python versions, ...) you
-can rely on our GitHub Actions by simply opening a draft pull request.
+```bash
+tox -e <environment>
+```
+
+For example,
+
+```bash
+tox -e py38
+```
+
+Alternatively, you can run all tests in a single file via,
+
+```bash
+tox -e <environment> -- tests/test_file.py
+```
+
+or for a specific test via,
+
+```bash
+tox -e <environment> -- tests/test_file.py::TestClassName::test_method_name
+```

 Note that the test environment uses a temporary directory for defining the
 SQLite databases which will be cleared each time before the group of test
@@ -225,37 +246,40 @@ npm run test -- path/to/file.js

 ### e2e Integration Testing

-For e2e testing, we recommend that you use a `docker compose` backend
+We use [Cypress](https://www.cypress.io/) for end-to-end integration
+tests. One easy option to get started quickly is to leverage `tox` to
+run the whole suite in an isolated environment.

 ```bash
-CYPRESS_CONFIG=true docker compose up --build
+tox -e cypress
 ```
-`docker compose` will get to work and expose a Cypress-ready Superset app.
-This app uses a different database schema (`superset_cypress`) to keep it isolated from
-your other dev environmen(s)t, a specific set of examples, and a set of configurations that
-aligns with the expectations within the end-to-end tests.  Also note that it's served on a
-different port than the default port for the backend (`8088`).

-Now in another terminal, let's get ready to execute some Cypress commands. First, tell cypress
-to connect to the Cypress-ready Superset backend.
+Alternatively, you can go lower level and set things up in your
+development environment by following these steps:

-```
-CYPRESS_BASE_URL=http://localhost:8081
-```
+First set up a python/flask backend:

 ```bash
-# superset-frontend/cypress-base is the base folder for everything Cypress-related
-# It's essentially its own npm app, with its own dependencies, configurations and utilities
-cd superset-frontend/cypress-base
+export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
+export SUPERSET_TESTENV=true
+export CYPRESS_BASE_URL="http://localhost:8081"
+superset db upgrade
+superset load_test_users
+superset init
+superset load-examples --load-test-data
+superset run --port 8081
+```
+
+In another terminal, prepare the frontend and run Cypress tests:
+
+```bash
+cd superset-frontend
+npm run build-instrumented
+
+cd cypress-base
 npm install

-# use interactive mode to run tests, while keeping memory usage contained
-# this will fire up an interactive Cypress UI
-# as you alter the code, the tests will re-run automatically, and you can visualize each
-# and every step for debugging purposes
-npx cypress open --config numTestsKeptInMemory=5
-
-# to run the test suite on the command line using chrome (same as CI)
+# run tests via headless Chrome browser (requires Chrome 64+)
 npm run cypress-run-chrome

 # run tests from a specific file
@@ -267,6 +291,9 @@ npm run cypress-run-chrome -- --spec cypress/e2e/dashboard/index.test.js --confi
 # to open the cypress ui
 npm run cypress-debug

+# to point cypress to a url other than the default (http://localhost:8088) set the environment variable before running the script
+# e.g., CYPRESS_BASE_URL="http://localhost:9000"
+CYPRESS_BASE_URL=<your url> npm run cypress open
 ```

 See [`superset-frontend/cypress_build.sh`](https://github.com/apache/superset/blob/master/superset-frontend/cypress_build.sh).
@@ -411,7 +438,7 @@ See [set capabilities for a container](https://kubernetes.io/docs/tasks/configur

 Once the pod is running as root and has the `SYS_PTRACE` capability it will be able to debug the Flask app.

-You can follow the same instructions as in `docker compose`. Enter the pod and install the required library and packages; gdb, netstat and debugpy.
+You can follow the same instructions as in the docker-compose. Enter the pod and install the required library and packages; gdb, netstat and debugpy.

 Often in a Kubernetes environment nodes are not addressable from outside the cluster. VSCode will thus be unable to remotely connect to port 5678 on a Kubernetes node. In order to do this you need to create a tunnel that port forwards 5678 to your local machine.

@@ -571,24 +598,17 @@ pybabel compile -d superset/translations

 ### Python

-We use [ruff](https://github.com/astral-sh/ruff) for linting which can be invoked via:
+We use [Pylint](https://pylint.org/) for linting which can be invoked via:

-```
-# auto-reformat using ruff
-ruff format
-
-# lint check with ruff
-ruff check
-
-# lint fix with ruff
-ruff check --fix
+```bash
+# for python
+tox -e pylint
 ```

-Ruff configuration is located in our
-(pyproject.toml)[https://github.com/apache/superset/blob/master/pyproject.toml] file
+In terms of best practices please avoid blanket disabling of Pylint messages globally (via `.pylintrc`) or top-level within the file header, albeit there being a few exceptions. Disabling should occur inline as it prevents masking issues and provides context as to why said message is disabled.

-All this is configured to run in pre-commit hooks, which we encourage you to setup
-with `pre-commit install`
+Additionally, the Python code is auto-formatted using [Black](https://github.com/python/black) which
+is configured as a pre-commit hook. There are also numerous [editor integrations](https://black.readthedocs.io/en/stable/integrations/editors.html)

 ### TypeScript

--- a/Show More
+++ b/Show More