fix(drill-to-detail): drill to detail by correctly filtering by metric (#39766 )

Co-authored-by: Michael S. Molina <michael.s.molina@gmail.com> (cherry picked from commit df396aa6e9)
fix(cross-filter): correctly cast adhoc column types when cross filtering (#39577 )
2026-05-04 15:34:18 +00:00 · 2026-04-30 08:51:47 -03:00 · 2026-04-24 08:43:46 -03:00 · 2026-04-23 16:21:55 -03:00 · 2026-04-09 17:18:57 -03:00 · 2026-04-08 16:59:14 -03:00
3356 changed files with 109417 additions and 283001 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -17,12 +17,6 @@

 # https://cwiki.apache.org/confluence/display/INFRA/.asf.yaml+features+for+git+repositories
 ---
-notifications:
-  commits: commits@superset.apache.org
-  issues: notifications@superset.apache.org
-  pullrequests: notifications@superset.apache.org
-  discussions: notifications@superset.apache.org
-
 github:
  del_branch_on_merge: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
@@ -54,8 +48,6 @@ github:
    projects: true
    # Enable wiki for documentation
    wiki: true
-    # Enable discussions
-    discussions: true

  enabled_merge_buttons:
    squash: true
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,36 +0,0 @@
-# .coveragerc to control coverage.py
-[run]
-branch = True
-source = superset
-# omit = bad_file.py
-
-[paths]
-source =
-    superset/
-    */site-packages/
-
-[report]
-# Regexes for lines to exclude from consideration
-exclude_lines =
-    # Have to re-enable the standard pragma
-    pragma: no cover
-
-    # Don't complain about missing debug-only code:
-    def __repr__
-    if self\.debug
-
-    # Don't complain if tests don't hit defensive assertion code:
-    raise AssertionError
-    raise NotImplementedError
-
-    # Don't complain if non-runnable code isn't run:
-    if 0:
-    if __name__ == .__main__.:
-
-    # Ignore importlib backport
-    from importlib
-
-    if TYPE_CHECKING:
-
-#fail_under = 100
-show_missing = True
--- a/.cursor/rules/dev-standard.mdc
+++ b/.cursor/rules/dev-standard.mdc
@@ -1,125 +0,0 @@
---
-description: Apache Superset development standards and guidelines for Cursor IDE
-globs: ["**/*.py", "**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.sql", "**/*.md"]
-alwaysApply: true
---
-
-# Apache Superset Development Standards for Cursor IDE
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **NO Enzyme** - Use React Testing Library/Jest (Enzyme fully removed)
- **Use @superset-ui/core** - Don't import Ant Design directly
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over Cypress end-to-end tests
- **Cypress is last resort** - Actively moving away from Cypress
- **Use Jest + React Testing Library** for component testing
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-## Code Standards
-
-### TypeScript Frontend
- **NO `any` types** - Use proper TypeScript
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state, hooks for local
-
-### Python Backend
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like LLMS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-## Key Directory Structure
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Architecture Patterns
-
-### Dataset-Centric Approach
-Charts built from enriched datasets containing:
- Dimension columns with labels/descriptions
- Predefined metrics as SQL expressions
- Self-service analytics within defined contexts
-
-### Security & Features
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# Quick validation (faster than --all-files)
-pre-commit run                    # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-## Development Guidelines
-
- **Documentation**: Update docs/ for any user-facing changes
- **Breaking Changes**: Add to UPDATING.md
- **Docstrings**: Required for new functions/classes
- **Follow existing patterns**: Mimic code style, use existing libraries and utilities
- **Type Safety**: This codebase is actively modernizing toward full TypeScript and type safety
- **Always run `pre-commit run`** to validate changes before committing
-
---
-
-**Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,20 +0,0 @@
-# Keep this in sync with the base image in the main Dockerfile (ARG PY_VER)
-FROM python:3.11.13-trixie AS base
-
-# Install system dependencies that Superset needs
-# This layer will be cached across Codespace sessions
-RUN apt-get update && apt-get install -y \
-    libsasl2-dev \
-    libldap2-dev \
-    libpq-dev \
-    tmux \
-    gh \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install uv for fast Python package management
-# This will also be cached in the image
-RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
-    echo 'export PATH="/root/.cargo/bin:$PATH"' >> /etc/bash.bashrc
-
-# Set the cargo/bin directory in PATH for all users
-ENV PATH="/root/.cargo/bin:${PATH}"
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -1,16 +0,0 @@
-# Superset Development with GitHub Codespaces
-
-For complete documentation on using GitHub Codespaces with Apache Superset, please see:
-
-**[Setting up a Development Environment - GitHub Codespaces](https://superset.apache.org/docs/contributing/development#github-codespaces-cloud-development)**
-
-## Pre-installed Development Environment
-
-When you create a new Codespace from this repository, it automatically:
-
-1. **Creates a Python virtual environment** using `uv venv`
-2. **Installs all development dependencies** via `uv pip install -r requirements/development.txt`
-3. **Sets up pre-commit hooks** with `pre-commit install`
-4. **Activates the virtual environment** automatically in all terminals
-
-The virtual environment is located at `/workspaces/{repository-name}/.venv` and is automatically activated through environment variables set in the devcontainer configuration.
--- a/.devcontainer/bashrc-additions
+++ b/.devcontainer/bashrc-additions
@@ -1,62 +0,0 @@
-# Superset Codespaces environment setup
-# This file is appended to ~/.bashrc during Codespace setup
-
-# Find the workspace directory (handles both 'superset' and 'superset-2' names)
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-
-if [ -n "$WORKSPACE_DIR" ]; then
-    # Check if virtual environment exists
-    if [ -d "$WORKSPACE_DIR/.venv" ]; then
-        # Activate the virtual environment
-        source "$WORKSPACE_DIR/.venv/bin/activate"
-        echo "✅ Python virtual environment activated"
-
-        # Verify pre-commit is installed and set up
-        if command -v pre-commit &> /dev/null; then
-            echo "✅ pre-commit is available ($(pre-commit --version))"
-            # Install git hooks if not already installed
-            if [ -d "$WORKSPACE_DIR/.git" ] && [ ! -f "$WORKSPACE_DIR/.git/hooks/pre-commit" ]; then
-                echo "🪝 Installing pre-commit hooks..."
-                cd "$WORKSPACE_DIR" && pre-commit install
-            fi
-        else
-            echo "⚠️  pre-commit not found. Run: pip install pre-commit"
-        fi
-    else
-        echo "⚠️  Python virtual environment not found at $WORKSPACE_DIR/.venv"
-        echo "   Run: cd $WORKSPACE_DIR && .devcontainer/setup-dev.sh"
-    fi
-
-    # Always cd to the workspace directory for convenience
-    cd "$WORKSPACE_DIR"
-fi
-
-# Add helpful aliases for Superset development
-alias start-superset="$WORKSPACE_DIR/.devcontainer/start-superset.sh"
-alias setup-dev="$WORKSPACE_DIR/.devcontainer/setup-dev.sh"
-
-# Show helpful message on login
-echo ""
-echo "🚀 Superset Codespaces Environment"
-echo "=================================="
-
-# Check if Superset is running
-if docker ps 2>/dev/null | grep -q "superset"; then
-    echo "✅ Superset is running!"
-    echo "   - Check the 'Ports' tab for your live Superset URL"
-    echo "   - Initial startup takes 10-20 minutes"
-    echo "   - Login: admin/admin"
-else
-    echo "⚠️  Superset is not running. Use: start-superset"
-    # Check if there's a startup log
-    if [ -f "/tmp/superset-startup.log" ]; then
-        echo "   📋 Startup log found: cat /tmp/superset-startup.log"
-    fi
-fi
-
-echo ""
-echo "Quick commands:"
-echo "  start-superset - Start Superset with Docker Compose"
-echo "  setup-dev      - Set up Python environment (if not already done)"
-echo "  pre-commit run - Run pre-commit checks on staged files"
-echo ""
--- a/.devcontainer/build-and-push-image.sh
+++ b/.devcontainer/build-and-push-image.sh
@@ -1,20 +0,0 @@
-#!/bin/bash
-# Script to build and push the devcontainer image to GitHub Container Registry
-# This allows caching the image between Codespace sessions
-
-# You'll need to run this with appropriate GitHub permissions
-# gh auth login --scopes write:packages
-
-REGISTRY="ghcr.io"
-OWNER="apache"
-REPO="superset"
-TAG="devcontainer-base"
-
-echo "Building devcontainer image..."
-docker build -t $REGISTRY/$OWNER/$REPO:$TAG .devcontainer/
-
-echo "Pushing to GitHub Container Registry..."
-docker push $REGISTRY/$OWNER/$REPO:$TAG
-
-echo "Done! Update .devcontainer/devcontainer.json to use:"
-echo "  \"image\": \"$REGISTRY/$OWNER/$REPO:$TAG\""
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,66 +0,0 @@
-{
-  "name": "Apache Superset Development",
-  // Option 1: Use pre-built image directly
-  // "image": "ghcr.io/apache/superset:devcontainer-base",
-
-  // Option 2: Build from Dockerfile with cache (current approach)
-  "build": {
-    "dockerfile": "Dockerfile",
-    "context": ".",
-    // Cache from the Apache registry image
-    "cacheFrom": ["ghcr.io/apache/superset:devcontainer-base"]
-  },
-
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "moby": true,
-      "dockerDashComposeVersion": "v2"
-    },
-    "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
-    },
-    "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/common-utils:2": {
-      "configureZshAsDefaultShell": true
-    },
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
-    }
-  },
-
-  // Forward ports for development
-  "forwardPorts": [9001],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    }
-  },
-
-  // Run commands after container is created
-  "postCreateCommand": "bash .devcontainer/setup-dev.sh || echo '⚠️ Setup had issues - run .devcontainer/setup-dev.sh manually'",
-
-  // Auto-start Superset after ensuring Docker is ready
-  // Run in foreground to see any errors, but don't block on failures
-  "postStartCommand": "bash -c 'echo \"Waiting 30s for services to initialize...\"; sleep 30; .devcontainer/start-superset.sh || echo \"⚠️ Auto-start failed - run start-superset manually\"'",
-
-  // Set environment variables
-  "remoteEnv": {
-    // Removed automatic venv activation to prevent startup issues
-    // The setup script will handle this
-  },
-
-  // VS Code customizations
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-python.python",
-        "ms-python.vscode-pylance",
-        "charliermarsh.ruff",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode"
-      ]
-    }
-  }
-}
--- a/.devcontainer/setup-dev.sh
+++ b/.devcontainer/setup-dev.sh
@@ -1,78 +0,0 @@
-#!/bin/bash
-# Setup script for Superset Codespaces development environment
-
-echo "🔧 Setting up Superset development environment..."
-
-# System dependencies and uv are now pre-installed in the Docker image
-# This speeds up Codespace creation significantly!
-
-# Create virtual environment using uv
-echo "🐍 Creating Python virtual environment..."
-if ! uv venv; then
-    echo "❌ Failed to create virtual environment"
-    exit 1
-fi
-
-# Install Python dependencies
-echo "📦 Installing Python dependencies..."
-if ! uv pip install -r requirements/development.txt; then
-    echo "❌ Failed to install Python dependencies"
-    echo "💡 You may need to run this manually after the Codespace starts"
-    exit 1
-fi
-
-# Install pre-commit hooks
-echo "🪝 Installing pre-commit hooks..."
-if source .venv/bin/activate && pre-commit install; then
-    echo "✅ Pre-commit hooks installed"
-else
-    echo "⚠️  Pre-commit hooks installation failed (non-critical)"
-fi
-
-# Install Claude Code CLI via npm
-echo "🤖 Installing Claude Code..."
-if npm install -g @anthropic-ai/claude-code; then
-    echo "✅ Claude Code installed"
-else
-    echo "⚠️  Claude Code installation failed (non-critical)"
-fi
-
-# Make the start script executable
-chmod +x .devcontainer/start-superset.sh
-
-# Add bashrc additions for automatic venv activation
-echo "🔧 Setting up automatic environment activation..."
-if [ -f ~/.bashrc ]; then
-    # Check if we've already added our additions
-    if ! grep -q "Superset Codespaces environment setup" ~/.bashrc; then
-        echo "" >> ~/.bashrc
-        cat .devcontainer/bashrc-additions >> ~/.bashrc
-        echo "✅ Added automatic venv activation to ~/.bashrc"
-    else
-        echo "✅ Bashrc additions already present"
-    fi
-else
-    # Create bashrc if it doesn't exist
-    cat .devcontainer/bashrc-additions > ~/.bashrc
-    echo "✅ Created ~/.bashrc with automatic venv activation"
-fi
-
-# Also add to zshrc since that's the default shell
-if [ -f ~/.zshrc ] || [ -n "$ZSH_VERSION" ]; then
-    if ! grep -q "Superset Codespaces environment setup" ~/.zshrc; then
-        echo "" >> ~/.zshrc
-        cat .devcontainer/bashrc-additions >> ~/.zshrc
-        echo "✅ Added automatic venv activation to ~/.zshrc"
-    fi
-fi
-
-echo "✅ Development environment setup complete!"
-echo ""
-echo "📝 The virtual environment will be automatically activated in new terminals"
-echo ""
-echo "🔄 To activate in this terminal, run:"
-echo "   source ~/.bashrc"
-echo ""
-echo "🚀 To start Superset:"
-echo "   start-superset"
-echo ""
--- a/.devcontainer/start-superset.sh
+++ b/.devcontainer/start-superset.sh
@@ -1,108 +0,0 @@
-#!/bin/bash
-# Startup script for Superset in Codespaces
-
-# Log to a file for debugging
-LOG_FILE="/tmp/superset-startup.log"
-echo "[$(date)] Starting Superset startup script" >> "$LOG_FILE"
-echo "[$(date)] User: $(whoami), PWD: $(pwd)" >> "$LOG_FILE"
-
-echo "🚀 Starting Superset in Codespaces..."
-echo "🌐 Frontend will be available at port 9001"
-
-# Find the workspace directory (Codespaces clones as 'superset', not 'superset-2')
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-if [ -n "$WORKSPACE_DIR" ]; then
-    cd "$WORKSPACE_DIR"
-    echo "📁 Working in: $WORKSPACE_DIR"
-else
-    echo "📁 Using current directory: $(pwd)"
-fi
-
-# Wait for Docker to be available
-echo "⏳ Waiting for Docker to start..."
-echo "[$(date)] Waiting for Docker..." >> "$LOG_FILE"
-max_attempts=30
-attempt=0
-while ! docker info > /dev/null 2>&1; do
-    if [ $attempt -eq $max_attempts ]; then
-        echo "❌ Docker failed to start after $max_attempts attempts"
-        echo "[$(date)] Docker failed to start after $max_attempts attempts" >> "$LOG_FILE"
-        echo "🔄 Please restart the Codespace or run this script manually later"
-        exit 1
-    fi
-    echo "   Attempt $((attempt + 1))/$max_attempts..."
-    echo "[$(date)] Docker check attempt $((attempt + 1))/$max_attempts" >> "$LOG_FILE"
-    sleep 2
-    attempt=$((attempt + 1))
-done
-echo "✅ Docker is ready!"
-echo "[$(date)] Docker is ready" >> "$LOG_FILE"
-
-# Check if Superset containers are already running
-if docker ps | grep -q "superset"; then
-    echo "✅ Superset containers are already running!"
-    echo ""
-    echo "🌐 To access Superset:"
-    echo "   1. Click the 'Ports' tab at the bottom of VS Code"
-    echo "   2. Find port 9001 and click the globe icon to open"
-    echo "   3. Wait 10-20 minutes for initial startup"
-    echo ""
-    echo "📝 Login credentials: admin/admin"
-    exit 0
-fi
-
-# Clean up any existing containers
-echo "🧹 Cleaning up existing containers..."
-docker-compose -f docker-compose-light.yml down
-
-# Start services
-echo "🏗️  Starting Superset in background (daemon mode)..."
-echo ""
-
-# Start in detached mode
-docker-compose -f docker-compose-light.yml up -d
-
-echo ""
-echo "✅ Docker Compose started successfully!"
-echo ""
-echo "📋 Important information:"
-echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-echo "⏱️  Initial startup takes 10-20 minutes"
-echo "🌐 Check the 'Ports' tab for your Superset URL (port 9001)"
-echo "👤 Login: admin / admin"
-echo ""
-echo "📊 Useful commands:"
-echo "   docker-compose -f docker-compose-light.yml logs -f    # Follow logs"
-echo "   docker-compose -f docker-compose-light.yml ps         # Check status"
-echo "   docker-compose -f docker-compose-light.yml down       # Stop services"
-echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-echo ""
-echo "💤 Keeping terminal open for 60 seconds to test persistence..."
-sleep 60
-echo "✅ Test complete - check if this terminal is still visible!"
-
-# Show final status
-docker-compose -f docker-compose-light.yml ps
-EXIT_CODE=$?
-
-# If it failed, provide helpful instructions
-if [ $EXIT_CODE -ne 0 ] && [ $EXIT_CODE -ne 130 ]; then  # 130 is Ctrl+C
-    echo ""
-    echo "❌ Superset startup failed (exit code: $EXIT_CODE)"
-    echo ""
-    echo "🔄 To restart Superset, run:"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "🔧 For troubleshooting:"
-    echo "   # View logs:"
-    echo "   docker-compose -f docker-compose-light.yml logs"
-    echo ""
-    echo "   # Clean restart (removes volumes):"
-    echo "   docker-compose -f docker-compose-light.yml down -v"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "   # Common issues:"
-    echo "   - Network timeouts: Just retry, often transient"
-    echo "   - Port conflicts: Check 'docker ps'"
-    echo "   - Database issues: Try clean restart with -v"
-fi
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,3 @@
 docker/**/*.sh text eol=lf
 *.svg binary
 *.ipynb binary
-*.geojson binary
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@

 # https://github.com/apache/superset/issues/13351

-/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho @sadpandajoe
+/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho

 # Notify some committers of changes in the components

@@ -16,7 +16,7 @@

 # Notify E2E test maintainers of changes

-/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida @mistercrunch
+/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida

 # Notify PMC members of changes to GitHub Actions

@@ -33,10 +33,10 @@

 # Notify PMC members of changes to extension-related files

-/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-extensions-cli/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/packages/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
+/superset-core/ @michael-s-molina @villebro
+/superset-extensions-cli/ @michael-s-molina @villebro
+/superset/core/ @michael-s-molina @villebro
+/superset/extensions/ @michael-s-molina @villebro
+/superset-frontend/src/packages/superset-core/ @michael-s-molina @villebro
+/superset-frontend/src/core/ @michael-s-molina @villebro
+/superset-frontend/src/extensions/ @michael-s-molina @villebro
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -41,8 +41,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
-        - "5.0.0"
-        - "4.1.3"
+        - "4.1.1"
+        - "4.0.2"
    validations:
      required: true
  - type: dropdown
--- a/.github/actions/setup-docker/action.yml
+++ b/.github/actions/setup-docker/action.yml
@@ -26,16 +26,16 @@ runs:

    - name: Set up QEMU
      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

    - name: Set up Docker Buildx
      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

    - name: Try to login to DockerHub
      if: ${{ inputs.login-to-dockerhub == 'true' }}
      continue-on-error: true
-      uses: docker/login-action@v3
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
      with:
        username: ${{ inputs.dockerhub-user }}
        password: ${{ inputs.dockerhub-token }}
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +0,0 @@
-../LLMS.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-enable-beta-ecosystems: true
 updates:

  - package-ecosystem: "github-actions"
@@ -12,10 +11,6 @@ updates:
      # not until React >= 18.0.0
      - dependency-name: "storybook"
      - dependency-name: "@storybook*"
-      # JSDOM v30 doesn't play well with Jest v30
-      # Source: https://jestjs.io/blog#known-issues
-      # GH thread: https://github.com/jsdom/jsdom/issues/3492
-      - dependency-name: "jest-environment-jsdom"
    directory: "/superset-frontend/"
    schedule:
      interval: "monthly"
@@ -26,16 +21,9 @@ updates:
    versioning-strategy: increase


-  # NOTE: `uv` support is in beta, more details here:
-  # https://github.com/dependabot/dependabot-core/pull/10040#issuecomment-2696978430
-  - package-ecosystem: "uv"
-    directory: "requirements/"
-    open-pull-requests-limit: 10
-    schedule:
-      interval: "weekly"
-    labels:
-      - uv
-      - dependabot
+  # - package-ecosystem: "pip"
+  # NOTE: as dependabot isn't compatible with our usage of `uv pip compile` we're using
+  # `supersetbot` instead

  - package-ecosystem: "npm"
    directory: ".github/actions"
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -127,11 +127,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/es/**'

-"i18n:persian":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/fa/**'
-
 ############################################
 # Sub-projects and monorepo packages
 ############################################
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -145,7 +145,6 @@ cypress-install() {

 cypress-run-all() {
  local USE_DASHBOARD=$1
-  local APP_ROOT=$2
  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"

  # Start Flask and run it in background
@@ -153,12 +152,7 @@ cypress-run-all() {
  # so errors can print to stderr.
  local flasklog="${HOME}/flask.log"
  local port=8081
-  CYPRESS_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    CYPRESS_BASE_URL=${CYPRESS_BASE_URL}${APP_ROOT}
-  fi
-  export CYPRESS_BASE_URL
+  export CYPRESS_BASE_URL="http://localhost:${port}"

  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
  local flaskProcessId=$!
@@ -182,76 +176,6 @@ cypress-run-all() {
  kill $flaskProcessId
 }

-playwright-install() {
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Install Playwright browsers"
-  npx playwright install --with-deps chromium
-  # Create output directories for test results and debugging
-  mkdir -p playwright-results
-  mkdir -p test-results
-  say "::endgroup::"
-}
-
-playwright-run() {
-  local APP_ROOT=$1
-
-  # Start Flask from the project root (same as Cypress)
-  cd "$GITHUB_WORKSPACE"
-  local flasklog="${HOME}/flask-playwright.log"
-  local port=8081
-  PLAYWRIGHT_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    PLAYWRIGHT_BASE_URL=${PLAYWRIGHT_BASE_URL}${APP_ROOT}/
-  fi
-  export PLAYWRIGHT_BASE_URL
-
-  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
-  local flaskProcessId=$!
-
-  # Ensure cleanup on exit
-  trap "kill $flaskProcessId 2>/dev/null || true" EXIT
-
-  # Wait for server to be ready with health check
-  local timeout=60
-  say "Waiting for Flask server to start on port $port..."
-  while [ $timeout -gt 0 ]; do
-    if curl -f ${PLAYWRIGHT_BASE_URL}/health >/dev/null 2>&1; then
-      say "Flask server is ready"
-      break
-    fi
-    sleep 1
-    timeout=$((timeout - 1))
-  done
-
-  if [ $timeout -eq 0 ]; then
-    echo "::error::Flask server failed to start within 60 seconds"
-    echo "::group::Flask startup log"
-    cat "$flasklog"
-    echo "::endgroup::"
-    return 1
-  fi
-
-  # Change to frontend directory for Playwright execution
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Run Playwright tests"
-  echo "Running Playwright with baseURL: ${PLAYWRIGHT_BASE_URL}"
-  npx playwright test auth/login --reporter=github --output=playwright-results
-  local status=$?
-  say "::endgroup::"
-
-  # After job is done, print out Flask log for debugging
-  echo "::group::Flask log for Playwright run"
-  cat "$flasklog"
-  echo "::endgroup::"
-  # make sure the program exits
-  kill $flaskProcessId
-
-  return $status
-}
-
 eyes-storybook-dependencies() {
  say "::group::install eyes-storyook dependencies"
  sudo apt-get update -y && sudo apt-get -y install gconf-service ca-certificates libxshmfence-dev fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libgconf-2-4 libglib2.0-0 libgdk-pixbuf2.0-0 libgtk-3-0 libnspr4 libnss3 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 lsb-release xdg-utils libappindicator1
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -30,9 +30,8 @@ jobs:
      pull-requests: write
      checks: write
    steps:
-
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: true
          ref: master
@@ -41,7 +40,7 @@ jobs:
        uses: ./.github/actions/setup-supersetbot/

      - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
        with:
          python-version: "3.10"

--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -31,7 +31,7 @@ jobs:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        if: steps.check_queued.outputs.count >= 20
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Cancel duplicate workflow runs
        if: steps.check_queued.outputs.count >= 20
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -18,17 +18,11 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
-          fetch-depth: 1
-
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          depth: 1

      - name: Setup Python
        if: steps.check.outputs.python
@@ -39,20 +33,10 @@ jobs:
        run: ./scripts/uv-pip-compile.sh

      - name: Check for uncommitted changes
-        if: steps.check.outputs.python
        run: |
-          echo "Full diff (for logging/debugging):"
-          git diff
-
-          echo "Filtered diff (excluding comments and whitespace):"
-          filtered_diff=$(git diff -U0 | grep '^[-+]' | grep -vE '^[-+]{3}' | grep -vE '^[-+][[:space:]]*#' | grep -vE '^[-+][[:space:]]*$' || true)
-          echo "$filtered_diff"
-
-          if [[ -n "$filtered_diff" ]]; then
-            echo
+          if [[ -n "$(git diff)" ]]; then
            echo "ERROR: The pinned dependencies are not up-to-date."
            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
-            echo "More info: https://github.com/apache/superset/tree/master/requirements"
            exit 1
          else
            echo "Pinned dependencies are up-to-date."
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -25,9 +25,9 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      - name: Check and notify
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{ github.token }}
          script: |
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -1,82 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-
-jobs:
-  check-permissions:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
-    runs-on: ubuntu-latest
-    outputs:
-      allowed: ${{ steps.check.outputs.allowed }}
-    steps:
-      - name: Check if user is allowed
-        id: check
-        run: |
-          # List of allowed users
-          ALLOWED_USERS="mistercrunch,rusackas"
-
-          # Get the commenter's username
-          COMMENTER="${{ github.event.comment.user.login }}"
-
-          echo "Checking permissions for user: $COMMENTER"
-
-          # Check if user is in allowed list
-          if [[ ",$ALLOWED_USERS," == *",$COMMENTER,"* ]]; then
-            echo "allowed=true" >> $GITHUB_OUTPUT
-            echo "✅ User $COMMENTER is allowed to use Claude"
-          else
-            echo "allowed=false" >> $GITHUB_OUTPUT
-            echo "❌ User $COMMENTER is not allowed to use Claude"
-          fi
-
-  deny-access:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'false'
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - name: Comment access denied
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const message = `👋 Hi @${{ github.event.comment.user.login || github.event.review.user.login || github.event.issue.user.login }}!
-
-            Thanks for trying to use Claude Code, but currently only certain team members have access to this feature.
-
-            If you believe you should have access, please contact a project maintainer.`;
-
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-              body: message
-            });
-
-  claude-code-action:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'true'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      id-token: write
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
-      with:
-        fetch-depth: 1
-
-    - name: Run Claude PR Action
-      uses: anthropics/claude-code-action@beta
-      with:
-        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-        timeout_minutes: "60"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -31,7 +31,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Check for file changes
        id: check
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -27,9 +27,9 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      - name: "Dependency Review"
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
        continue-on-error: true
        with:
          fail-on-severity: critical
@@ -48,12 +48,10 @@ jobs:
          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1

  python-dependency-liccheck:
-    # NOTE: Configuration for liccheck lives in our pyproject.yml.
-    # You cannot use a liccheck.ini file in this workflow.
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,7 +14,6 @@ concurrency:
  cancel-in-progress: true

 jobs:
-
  setup_matrix:
    runs-on: ubuntu-24.04
    outputs:
@@ -22,7 +21,7 @@ jobs:
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT

@@ -40,9 +39,8 @@ jobs:
      IMAGE_TAG: apache/superset:GHA-${{ matrix.build_preset }}-${{ github.run_id }}

    steps:
-
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

@@ -91,7 +89,7 @@ jobs:
      # in the context of push (using multi-platform build), we need to pull the image locally
      - name: Docker pull
        if: github.event_name == 'push' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker)
-        run:  docker pull $IMAGE_TAG
+        run: docker pull $IMAGE_TAG

      - name: Print docker stats
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
@@ -102,7 +100,7 @@ jobs:
          docker history $IMAGE_TAG

      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'dev'
+        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
        shell: bash
        run: |
          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
@@ -111,13 +109,10 @@ jobs:
          docker compose up superset-init --exit-code-from superset-init

  docker-compose-image-tag:
-    # Run this job only on pushes to master (not for PRs)
-    # goal is to check that building the latest image works, not required for all PR pushes
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -28,11 +28,11 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
      - run: npm ci
      - run: npm run ci:release
        env:
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -18,11 +18,11 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
      - run: npm ci
      - run: npm test
      - run: npm run build
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -1,10 +1,4 @@
-name: Cleanup ephemeral envs (PR close) [DEPRECATED]
-
-# ⚠️  DEPRECATION NOTICE ⚠️
-# This workflow is deprecated and will be removed in a future version.
-# The new Superset Showtime workflow handles cleanup automatically.
-# See .github/workflows/showtime.yml and showtime-cleanup.yml for replacements.
-# Migration guide: https://github.com/mistercrunch/superset-showtime
+name: Cleanup ephemeral envs (PR close)

 on:
  pull_request_target:
@@ -69,7 +63,7 @@ jobs:

      - name: Comment (success)
        if: steps.describe-services.outputs.active == 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{github.token}}
          script: |
@@ -77,5 +71,5 @@ jobs:
              issue_number: ${{ github.event.number }},
              owner: context.repo.owner,
              repo: context.repo.repo,
-              body: '⚠️ **DEPRECATED WORKFLOW** - Ephemeral environment shutdown and build artifacts deleted. Please migrate to the new Superset Showtime system for future PRs.'
+              body: 'Ephemeral environment shutdown and build artifacts deleted.'
            })
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -1,12 +1,4 @@
-name: Ephemeral env workflow [DEPRECATED]
-
-# ⚠️  DEPRECATION NOTICE ⚠️
-# This workflow is deprecated and will be removed in a future version.
-# Please use the new Superset Showtime workflow instead:
-# - Use label "🎪 trigger-start" instead of "testenv-up"
-# - Showtime provides better reliability and easier management
-# - See .github/workflows/showtime.yml for the replacement
-# - Migration guide: https://github.com/mistercrunch/superset-showtime
+name: Ephemeral env workflow

 # Example manual trigger:
 # gh workflow run ephemeral-env.yml --ref fix_ephemerals --field label_name="testenv-up" --field issue_number=666
@@ -18,11 +10,11 @@ on:
  workflow_dispatch:
    inputs:
      label_name:
-        description: 'Label name to simulate label-based /testenv trigger'
+        description: "Label name to simulate label-based /testenv trigger"
        required: true
-        default: 'testenv-up'
+        default: "testenv-up"
      issue_number:
-        description: 'Issue or PR number'
+        description: "Issue or PR number"
        required: true

 jobs:
@@ -63,7 +55,7 @@ jobs:
      - name: Get event SHA
        id: get-sha
        if: steps.eval-label.outputs.result == 'up'
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -94,7 +86,7 @@ jobs:
            core.setOutput("sha", prSha);

      - name: Looking for feature flags in PR description
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        id: eval-feature-flags
        if: steps.eval-label.outputs.result == 'up'
        with:
@@ -116,7 +108,7 @@ jobs:
            return results;

      - name: Reply with confirmation comment
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        if: steps.eval-label.outputs.result == 'up'
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -134,14 +126,7 @@ jobs:
              throw new Error("Issue number is not available.");
            }

-            const body = `⚠️ **DEPRECATED WORKFLOW** ⚠️\n\n@${user} This workflow is deprecated! Please use the new **Superset Showtime** system instead:\n\n` +
-              `- Replace "testenv-up" label with "🎪 trigger-start"\n` +
-              `- Better reliability and easier management\n` +
-              `- See https://github.com/mistercrunch/superset-showtime for details\n\n` +
-              `Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.` +
-              ` More information on [how to use or configure ephemeral environments]` +
-              `(https://superset.apache.org/docs/contributing/howtos/#github-ephemeral-environments)`;
-
+            const body = `@${user} Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.`;

            await github.rest.issues.createComment({
              owner: context.repo.owner,
@@ -160,7 +145,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ needs.ephemeral-env-label.outputs.sha }} : ${{steps.get-sha.outputs.sha}} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ needs.ephemeral-env-label.outputs.sha }}
          persist-credentials: false
@@ -189,7 +174,7 @@ jobs:
            --extra-flags "--build-arg INCLUDE_CHROMIUM=false"

      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -197,7 +182,7 @@ jobs:

      - name: Login to Amazon ECR
        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@c962da2960ed15f492addc26fffa274485265950 # v2

      - name: Load, tag and push image to ECR
        id: push-image
@@ -220,12 +205,12 @@ jobs:
      pull-requests: write

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -233,7 +218,7 @@ jobs:

      - name: Login to Amazon ECR
        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@c962da2960ed15f492addc26fffa274485265950 # v2

      - name: Check target image exists in ECR
        id: check-image
@@ -248,7 +233,7 @@ jobs:

      - name: Fail on missing container image
        if: steps.check-image.outcome == 'failure'
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{ github.token }}
          script: |
@@ -263,7 +248,7 @@ jobs:

      - name: Fill in the new image ID in the Amazon ECS task definition
        id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        uses: aws-actions/amazon-ecs-render-task-definition@77954e213ba1f9f9cb016b86a1d4f6fcdea0d57e # v1
        with:
          task-definition: .github/workflows/ecs-task-definition.json
          container-name: superset-ci
@@ -296,7 +281,7 @@ jobs:
          --tags key=pr,value=$PR_NUMBER key=github_user,value=${{ github.actor }}
      - name: Deploy Amazon ECS task definition
        id: deploy-task
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+        uses: aws-actions/amazon-ecs-deploy-task-definition@cbf54ec46642b86ff78c2f5793da6746954cf8ff # v2
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          service: pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service
@@ -311,14 +296,14 @@ jobs:
      - name: Get network interface
        id: get-eni
        run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
+          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name==\"networkInterfaceId\"))[0].value')" >> $GITHUB_OUTPUT
      - name: Get public IP
        id: get-ip
        run: |
          echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
      - name: Comment (success)
        if: ${{ success() }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{github.token}}
          script: |
@@ -331,7 +316,7 @@ jobs:
            });
      - name: Comment (failure)
        if: ${{ failure() }}
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{github.token}}
          script: |
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -27,12 +27,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
          distribution: "temurin"
          java-version: "11"
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -9,17 +9,16 @@ on:
    types: [synchronize, opened, reopened, ready_for_review]

 jobs:
-
  validate-all-ghas:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version: '20'
+          node-version: "20"

      - name: Install Dependencies
        run: npm install -g @action-validator/core @action-validator/cli --save-dev
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -15,9 +15,8 @@ jobs:
      pull-requests: write
      issues: write
    steps:
-
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -11,27 +11,27 @@ jobs:
      contents: write

    steps:
-    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-      uses: actions/checkout@v5
-      with:
-        persist-credentials: false
-        submodules: recursive
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          persist-credentials: false
+          submodules: recursive

-    - name: Check for latest tag
-      id: latest-tag
-      run: |
-        source ./scripts/tag_latest_release.sh $(echo ${{ github.event.release.tag_name }}) --dry-run
+      - name: Check for latest tag
+        id: latest-tag
+        run: |
+          source ./scripts/tag_latest_release.sh $(echo ${{ github.event.release.tag_name }}) --dry-run

-    - name: Configure Git
-      run: |
-        git config user.name "$GITHUB_ACTOR"
-        git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

-    - name: Run latest-tag
-      uses: ./.github/actions/latest-tag
-      if: (! ${{ steps.latest-tag.outputs.SKIP_TAG }} )
-      with:
-        description: Superset latest release
-        tag-name: latest
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
+      - name: Run latest-tag
+        uses: ./.github/actions/latest-tag
+        if: (! ${{ steps.latest-tag.outputs.SKIP_TAG }} )
+        with:
+          description: Superset latest release
+          tag-name: latest
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -15,14 +15,14 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
-          distribution: 'temurin'
-          java-version: '11'
+          distribution: "temurin"
+          java-version: "11"
      - name: Run license check
        run: ./scripts/check_license.sh
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -13,13 +13,13 @@ jobs:
  check-hold-label:
    runs-on: ubuntu-24.04
    steps:
-    - name: Check for 'hold' label
-      uses: actions/github-script@v7
-      with:
-        github-token: ${{secrets.GITHUB_TOKEN}}
-        script: |
-          const payload = context.payload.pull_request
-          const holdLabelPresent = !!payload.labels.find(label => label.name.includes('hold'))
-          if (holdLabelPresent) {
-            core.setFailed('Hold label is present, merge is blocked.')
-          }
+      - name: Check for 'hold' label
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const payload = context.payload.pull_request
+            const holdLabelPresent = !!payload.labels.find(label => label.name.includes('hold'))
+            if (holdLabelPresent) {
+              core.setFailed('Hold label is present, merge is blocked.')
+            }
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -26,6 +26,5 @@ jobs:
          on-failed-regex-fail-action: true
          on-failed-regex-request-changes: false
          on-failed-regex-create-review: false
-          on-failed-regex-comment:
-            "Please format your PR title to match: `%regex%`!"
+          on-failed-regex-comment: "Please format your PR title to match: `%regex%`!"
          repo-token: "${{ github.token }}"
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -18,10 +18,10 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "previous"]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -38,47 +38,15 @@ jobs:
          echo "HOMEBREW_CELLAR=$HOMEBREW_CELLAR" >>"${GITHUB_ENV}"
          echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
          brew install norwoodj/tap/helm-docs
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Install Frontend Dependencies
-        run: |
-          cd superset-frontend
-          npm ci
-
-      - name: Install Docs Dependencies
-        run: |
-          cd docs
-          yarn install --immutable
-
-      - name: Cache pre-commit environments
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pre-commit
-          key: pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}
-          restore-keys: |
-            pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-

      - name: pre-commit
        run: |
          set +e  # Don't exit immediately on failure
-          export SKIP=eslint-frontend,type-checking-frontend
+          # Skip eslint as it requires `npm ci` and is executed in another job
+          export SKIP=eslint
          pre-commit run --all-files
-          PRE_COMMIT_EXIT_CODE=$?
-          git diff --quiet --exit-code
-          GIT_DIFF_EXIT_CODE=$?
-          if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ] || [ "${GIT_DIFF_EXIT_CODE}" -ne 0 ]; then
-            if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ]; then
-              echo "❌ Pre-commit check failed (exit code: ${EXIT_CODE})."
-            else
-              echo "❌ Git working directory is dirty."
-              echo "📌 This likely means that pre-commit made changes that were not committed."
-              echo "🔍 Modified files:"
-              git diff --name-only
-            fi
-
+          if [ $? -ne 0 ] || ! git diff --quiet --exit-code; then
+            echo "❌ Pre-commit check failed."
            echo "🚒 To prevent/address this CI issue, please install/use pre-commit locally."
            echo "📖 More details here: https://superset.apache.org/docs/contributing/development#git-hooks"
            exit 1
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -27,7 +27,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,9 +24,15 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
+
    runs-on: ubuntu-24.04
+
+    strategy:
+      matrix:
+        node-version: [20]
+
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          # pulls all commits (needed for lerna / semantic release to correctly version)
          fetch-depth: 0
@@ -40,15 +46,15 @@ jobs:
          git fetch --prune --unshallow
          git tag -d `git tag | grep -E '^trigger-'`

-      - name: Install Node.js
+      - name: Use Node.js ${{ matrix.node-version }}
        if: env.HAS_TAGS
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node-version }}

      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@v4
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -62,7 +68,7 @@ jobs:
        run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@v4
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
--- a/.github/workflows/showtime-cleanup.yml
+++ b/.github/workflows/showtime-cleanup.yml
@@ -1,50 +0,0 @@
-name: 🎪 Showtime Cleanup
-
-# Scheduled cleanup of expired environments
-on:
-  schedule:
-    - cron: '0 */6 * * *'  # Every 6 hours
-
-  # Manual trigger for testing
-  workflow_dispatch:
-    inputs:
-      max_age_hours:
-        description: 'Maximum age in hours before cleanup'
-        required: false
-        default: '48'
-        type: string
-
-# Common environment variables
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_REGION: ${{ vars.AWS_REGION || 'us-west-2' }}
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-
-jobs:
-  cleanup-expired:
-    name: Clean up expired showtime environments
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Install Superset Showtime
-        run: pip install superset-showtime
-
-      - name: Cleanup expired environments
-        run: |
-          MAX_AGE="${{ github.event.inputs.max_age_hours || '48' }}"
-
-          # Validate max_age is numeric
-          if [[ ! "$MAX_AGE" =~ ^[0-9]+$ ]]; then
-            echo "❌ Invalid max_age_hours format: $MAX_AGE (must be numeric)"
-            exit 1
-          fi
-
-          echo "Cleaning up environments older than ${MAX_AGE}h"
-          python -m showtime cleanup --older-than "${MAX_AGE}h"
--- a/.github/workflows/showtime-trigger.yml
+++ b/.github/workflows/showtime-trigger.yml
@@ -1,179 +0,0 @@
-name: 🎪 Superset Showtime
-
-# Ultra-simple: just sync on any PR state change
-on:
-  pull_request_target:
-    types: [labeled, unlabeled, synchronize, closed]
-
-  # Manual testing
-  workflow_dispatch:
-    inputs:
-      pr_number:
-        description: 'PR number to sync'
-        required: true
-        type: number
-      sha:
-        description: 'Specific SHA to deploy (optional, defaults to latest)'
-        required: false
-        type: string
-
-# Common environment variables for all jobs (non-sensitive only)
-env:
-  AWS_REGION: us-west-2
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-  GITHUB_ACTOR: ${{ github.actor }}
-
-jobs:
-  sync:
-    name: 🎪 Sync PR to desired state
-    runs-on: ubuntu-latest
-    timeout-minutes: 90
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Security Check - Authorize Maintainers Only
-        id: auth
-        uses: actions/github-script@v7
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          script: |
-            const actor = context.actor;
-            console.log(`🔍 Checking authorization for ${actor}`);
-
-            // Early exit for workflow_dispatch - assume authorized since it's manually triggered
-            if (context.eventName === 'workflow_dispatch') {
-              console.log(`✅ Workflow dispatch event - assuming authorized for ${actor}`);
-              core.setOutput('authorized', 'true');
-              return;
-            }
-
-            const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              username: actor
-            });
-
-            console.log(`📊 Permission level for ${actor}: ${permission.permission}`);
-            const authorized = ['write', 'admin'].includes(permission.permission);
-
-            // If this is a synchronize event from unauthorized user, check if Showtime is active and set blocked label
-            if (!authorized && context.eventName === 'pull_request_target' && context.payload.action === 'synchronize') {
-              console.log(`🔒 Synchronize event detected - checking if Showtime is active`);
-
-              // Check if PR has any circus tent labels (Showtime is in use)
-              const { data: issue } = await github.rest.issues.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number
-              });
-
-              const hasCircusLabels = issue.labels.some(label => label.name.startsWith('🎪 '));
-
-              if (hasCircusLabels) {
-                console.log(`🎪 Circus labels found - setting blocked label to prevent auto-deployment`);
-
-                await github.rest.issues.addLabels({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: context.payload.pull_request.number,
-                  labels: ['🎪 🔒 showtime-blocked']
-                });
-
-                console.log(`✅ Blocked label set - Showtime will detect and skip operations`);
-              } else {
-                console.log(`ℹ️ No circus labels found - Showtime not in use, skipping block`);
-              }
-            }
-
-            if (!authorized) {
-              console.log(`🚨 Unauthorized user ${actor} - skipping all operations`);
-              core.setOutput('authorized', 'false');
-              return;
-            }
-
-            console.log(`✅ Authorized maintainer: ${actor}`);
-            core.setOutput('authorized', 'true');
-
-      - name: Install Superset Showtime
-        if: steps.auth.outputs.authorized == 'true'
-        run: |
-          echo "::notice::Maintainer ${{ github.actor }} triggered deploy for PR ${{ github.event.pull_request.number || github.event.inputs.pr_number }}"
-          pip install --upgrade superset-showtime
-          showtime version
-
-      - name: Check what actions are needed
-        if: steps.auth.outputs.authorized == 'true'
-        id: check
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Bulletproof PR number extraction
-          if [[ -n "${{ github.event.pull_request.number }}" ]]; then
-            PR_NUM="${{ github.event.pull_request.number }}"
-          elif [[ -n "${{ github.event.inputs.pr_number }}" ]]; then
-            PR_NUM="${{ github.event.inputs.pr_number }}"
-          else
-            echo "❌ No PR number found in event or inputs"
-            exit 1
-          fi
-
-          echo "Using PR number: $PR_NUM"
-
-          # Run sync check-only with optional SHA override
-          if [[ -n "${{ github.event.inputs.sha }}" ]]; then
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${{ github.event.inputs.sha }}")
-          else
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only)
-          fi
-          echo "$OUTPUT"
-
-          # Extract the outputs we need for conditional steps
-          BUILD=$(echo "$OUTPUT" | grep "build_needed=" | cut -d'=' -f2)
-          SYNC=$(echo "$OUTPUT" | grep "sync_needed=" | cut -d'=' -f2)
-          PR_NUM_OUT=$(echo "$OUTPUT" | grep "pr_number=" | cut -d'=' -f2)
-          TARGET_SHA=$(echo "$OUTPUT" | grep "target_sha=" | cut -d'=' -f2)
-
-          echo "build_needed=$BUILD" >> $GITHUB_OUTPUT
-          echo "sync_needed=$SYNC" >> $GITHUB_OUTPUT
-          echo "pr_number=$PR_NUM_OUT" >> $GITHUB_OUTPUT
-          echo "target_sha=$TARGET_SHA" >> $GITHUB_OUTPUT
-
-      - name: Checkout PR code (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ steps.check.outputs.target_sha }}
-          persist-credentials: false
-
-      - name: Setup Docker Environment (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
-          install-docker-compose: "false"
-
-      - name: Execute sync (handles everything)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.sync_needed == 'true'
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-        run: |
-          PR_NUM="${{ steps.check.outputs.pr_number }}"
-          TARGET_SHA="${{ steps.check.outputs.target_sha }}"
-          if [[ -n "$TARGET_SHA" ]]; then
-            python -m showtime sync $PR_NUM --sha "$TARGET_SHA"
-          else
-            python -m showtime sync $PR_NUM
-          fi
--- a/.github/workflows/superset-app-cli.yml
+++ b/.github/workflows/superset-app-cli.yml
@@ -37,7 +37,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -26,6 +26,7 @@ jobs:
      fail-fast: false
      matrix:
        browser: ["chrome"]
+        node: [20]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -39,7 +40,7 @@ jobs:
      APPLITOOLS_BATCH_NAME: Superset Cypress
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -51,7 +52,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -65,7 +66,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -28,9 +28,12 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        node: [20]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -38,7 +41,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install eyes-storybook dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -30,21 +30,21 @@ jobs:
    name: Build & Deploy
    runs-on: ubuntu-24.04
    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+      - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: "20"
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
-      - uses: actions/setup-java@v5
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
-          distribution: 'zulu'
-          java-version: '21'
+          distribution: "zulu"
+          java-version: "21"
      - name: Install Graphviz
        run: sudo apt-get install -y graphviz
      - name: Compute Entity Relationship diagram (ERD)
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -18,9 +18,9 @@ jobs:
    name: Link Checking
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      # Do not bump this linkinator-action version without opening
-      # an ASF Infra ticket to allow the new version first!
+      # an ASF Infra ticket to allow the new verison first!
      - uses: JustinBeckwith/linkinator-action@v1.11.0
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
@@ -56,14 +56,14 @@ jobs:
        working-directory: docs
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: "20"
      - name: yarn install
        run: |
          yarn install --check-cache
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -10,17 +10,17 @@ on:
  workflow_dispatch:
    inputs:
      use_dashboard:
-        description: 'Use Cypress Dashboard (true/false) [paid service - trigger manually when needed]. You MUST provide a branch and/or PR number below for this to work.'
+        description: "Use Cypress Dashboard (true/false) [paid service - trigger manually when needed]. You MUST provide a branch and/or PR number below for this to work."
        required: false
-        default: 'false'
+        default: "false"
      ref:
-        description: 'The branch or tag to checkout'
+        description: "The branch or tag to checkout"
        required: false
-        default: ''
+        default: ""
      pr_id:
-        description: 'The pull request ID to checkout'
+        description: "The pull request ID to checkout"
        required: false
-        default: ''
+        default: ""

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -42,7 +42,6 @@ jobs:
      matrix:
        parallel_id: [0, 1, 2, 3, 4, 5]
        browser: ["chrome"]
-        app_root: ["", "/app/prefix"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -50,11 +49,11 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
-      # Only use dashboard when explicitly requested via workflow_dispatch
-      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true' || 'false' }}
+      # use the dashboard feature when running manually OR merging to master
+      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true'|| (github.ref == 'refs/heads/master' && 'true') || 'false' }}
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -69,21 +68,20 @@ jobs:
      # Conditional checkout based on context
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -109,9 +107,9 @@ jobs:
          run: testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "20"
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -137,16 +135,9 @@ jobs:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
-          run: cypress-run-all ${{ env.USE_DASHBOARD }} ${{ matrix.app_root }}
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
+          run: cypress-run-all ${{ env.USE_DASHBOARD }}
      - name: Upload Artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        if: failure()
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
--- a/.github/workflows/superset-extensions-cli.yml
+++ b/.github/workflows/superset-extensions-cli.yml
@@ -18,13 +18,13 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["previous", "current", "next"]
+        python-version: ["previous", "current"]
    defaults:
      run:
        working-directory: superset-extensions-cli
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -49,7 +49,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.check.outputs.superset-extensions-cli
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          file: ./coverage.xml
          flags: superset-extensions-cli
@@ -58,7 +58,7 @@ jobs:

      - name: Upload HTML coverage report
        if: steps.check.outputs.superset-extensions-cli
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
          name: superset-extensions-cli-coverage-html
          path: htmlcov/
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -23,11 +23,9 @@ jobs:
      should-run: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}

      - name: Check for File Changes
        id: check
@@ -41,13 +39,9 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          echo "git rev-parse --short HEAD"
-          git rev-parse --short HEAD
-          echo "git show -s --format=raw HEAD"
-          git show -s --format=raw HEAD
          docker buildx build \
            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-trixie \
+            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-bookworm \
            --target superset-node-ci \
            .

@@ -58,7 +52,7 @@ jobs:

      - name: Upload Docker Image Artifact
        if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
          name: docker-image
          path: docker-image.tar.gz
@@ -73,7 +67,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: docker-image

@@ -90,7 +84,7 @@ jobs:
          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json-summary"

      - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
          name: coverage-artifacts-${{ matrix.shard }}
          path: superset-frontend/coverage
@@ -101,7 +95,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          pattern: coverage-artifacts-*
          path: coverage/
@@ -113,7 +107,7 @@ jobs:
        run: npx nyc merge coverage/ merged-output/coverage-summary.json

      - name: Upload Code Coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: javascript
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -121,19 +115,36 @@ jobs:
          files: merged-output/coverage-summary.json
          slug: apache/superset

+  core-cover:
+    needs: frontend-build
+    if: needs.frontend-build.outputs.should-run == 'true'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Download Docker Image Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-image
+
+      - name: Load Docker Image
+        run: docker load < docker-image.tar.gz
+
+      - name: superset-ui/core coverage
+        run: |
+          docker run --rm $TAG bash -c \
+          "npm run core:cover"
+
  lint-frontend:
    needs: frontend-build
    if: needs.frontend-build.outputs.should-run == 'true'
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: docker-image

      - name: Load Docker Image
-        run: |
-          docker load < docker-image.tar.gz
+        run: docker load < docker-image.tar.gz

      - name: eslint
        run: |
@@ -143,7 +154,7 @@ jobs:
      - name: tsc
        run: |
          docker run --rm $TAG bash -c \
-          "npm run plugins:build && npm run type"
+          "npm run type"

  validate-frontend:
    needs: frontend-build
@@ -151,7 +162,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: docker-image

@@ -162,7 +173,6 @@ jobs:
        run: |
          docker run --rm $TAG bash -c \
          "npm run plugins:build"
-
      - name: Build Plugins Storybook
        run: |
          docker run --rm $TAG bash -c \
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -16,21 +16,21 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          version: v3.16.4

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
        with:
-          install-superset: 'false'
+          install-superset: "false"

      - name: Set up chart-testing
        uses: ./.github/actions/chart-testing-action
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -29,7 +29,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ inputs.ref || github.ref_name }}
          persist-credentials: true
@@ -42,7 +42,7 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          version: v3.5.4

@@ -101,7 +101,7 @@ jobs:
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"

      - name: Open Pull Request
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          script: |
            const branchName = '${{ env.branch_name }}';
--- a/.github/workflows/superset-playwright.yml
+++ b/.github/workflows/superset-playwright.yml
@@ -1,141 +0,0 @@
-name: Playwright E2E Tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: 'The branch or tag to checkout'
-        required: false
-        default: ''
-      pr_id:
-        description: 'The pull request ID to checkout'
-        required: false
-        default: ''
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  playwright-tests:
-    runs-on: ubuntu-22.04
-    # Allow workflow to succeed even if tests fail during shadow mode
-    continue-on-error: true
-    permissions:
-      contents: read
-      pull-requests: read
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: ["chromium"]
-        app_root: ["", "/app/prefix"]
-    env:
-      SUPERSET_ENV: development
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-      PYTHONPATH: ${{ github.workspace }}
-      REDIS_PORT: 16379
-      GITHUB_TOKEN: ${{ github.token }}
-    services:
-      postgres:
-        image: postgres:16-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      # -------------------------------------------------------
-      # Conditional checkout based on context (same as Cypress workflow)
-      - name: Checkout for push or pull_request event
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-      - name: Checkout using ref (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.inputs.ref }}
-          submodules: recursive
-      - name: Checkout using PR ID (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
-          submodules: recursive
-      # -------------------------------------------------------
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-      - name: Setup postgres
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: Import test data
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: testdata
-      - name: Setup Node.js
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: './superset-frontend/.nvmrc'
-      - name: Install npm dependencies
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: npm-install
-      - name: Build javascript packages
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-instrumented-assets
-      - name: Install Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright-install
-      - name: Run Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        with:
-          run: playwright-run ${{ matrix.app_root }}
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
-      - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          path: |
-            ${{ github.workspace }}/superset-frontend/playwright-results/
-            ${{ github.workspace }}/superset-frontend/test-results/
-          name: playwright-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -41,7 +41,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -68,7 +68,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,mysql
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -77,7 +77,7 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "previous"]
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -85,7 +85,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -99,7 +99,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -129,7 +129,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,postgres
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -152,7 +152,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -181,7 +181,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,sqlite
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -25,7 +25,7 @@ jobs:
      SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -48,7 +48,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -77,7 +77,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,presto
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -94,7 +94,7 @@ jobs:
      UPLOAD_FOLDER: /tmp/.superset/uploads/
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -108,7 +108,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -145,7 +145,7 @@ jobs:
          pip install -e .[hive]
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,hive
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -19,12 +19,12 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["previous", "current", "next"]
+        python-version: ["previous", "current"]
    env:
      PYTHONPATH: ${{ github.workspace }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -44,16 +44,9 @@ jobs:
          SUPERSET_TESTENV: true
          SUPERSET_SECRET_KEY: not-a-secret
        run: |
-          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear --maxfail=50
-      - name: Python 100% coverage unit tests
-        if: steps.check.outputs.python
-        env:
-          SUPERSET_TESTENV: true
-          SUPERSET_SECRET_KEY: not-a-secret
-        run: |
-          pytest --durations-min=0.5 --cov=superset/sql/ ./tests/unit_tests/sql/ --cache-clear --cov-fail-under=100
+          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5
        with:
          flags: python,unit
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -31,9 +31,9 @@ jobs:

      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file:  './superset-frontend/.nvmrc'
+          node-version: "18"
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -49,7 +49,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -21,7 +21,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Install dependencies
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -9,7 +9,7 @@ on:
  workflow_dispatch:
    inputs:
      comment_body:
-        description: 'Comment Body'
+        description: "Comment Body"
        required: true
        type: string

@@ -26,7 +26,7 @@ jobs:
    steps:
      - name: Quickly add thumbs up!
        if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot')
-        uses: actions/github-script@v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          script: |
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/')
@@ -38,7 +38,7 @@ jobs:
            });

      - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -16,11 +16,11 @@ on:
      force-latest:
        required: true
        type: choice
-        default: 'false'
+        default: "false"
        description: Whether to force a latest tag on the release
        options:
-          - 'true'
-          - 'false'
+          - "true"
+          - "false"
 jobs:
  config:
    runs-on: ubuntu-24.04
@@ -42,12 +42,12 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
+        build_preset:
+          ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:
-
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

@@ -60,7 +60,7 @@ jobs:
          build: "true"

      - name: Use Node.js 20
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
          node-version: 20

@@ -105,14 +105,13 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: Use Node.js 20
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
          node-version: 20

--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -27,15 +27,15 @@ jobs:
    name: Generate Reports
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "20"

      - name: Install Dependencies
-        run: npm ci
+        run: npm install
        working-directory: ./superset-frontend

      - name: Run Script
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -12,7 +12,7 @@ jobs:

    steps:
      - name: Welcome Message
-        uses: actions/first-interaction@v3
+        uses: actions/first-interaction@v1
        continue-on-error: true
        with:
          repo-token: ${{ github.token }}
--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@
 *.swp
 __pycache__

-.aider*
 .local
 .cache
 .bento*
@@ -92,7 +91,6 @@ scripts/*.zip
 # IntelliJ
 *.iml
 venv
-.venv
@eaDir/

 # PyCharm
@@ -108,7 +106,6 @@ ghostdriver.log
 testCSV.csv
 .terser-plugin-cache/
 apache-superset-*.tar.gz*
-apache_superset-*.tar.gz*
 release.json

 # Translation-related files
@@ -127,10 +124,4 @@ docker/*local*
 # Jest test report
 test-report.html
 superset/static/stats/statistics.html
-
-# LLM-related
-CLAUDE.local.md
-PROJECT.md
 .aider*
-.claude_rc*
-.env.local
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,7 +20,7 @@ repos:
    hooks:
      - id: auto-walrus
  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.15.0
+    rev: v1.13.0
    hooks:
      - id: mypy
        name: mypy (main)
@@ -58,27 +58,22 @@ repos:
      - id: trailing-whitespace
        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v4.0.0-alpha.8 # Use the sha or tag you want to point at
+    hooks:
+      - id: prettier
+        additional_dependencies:
+          - prettier@3.3.3
+        args: ["--ignore-path=./superset-frontend/.prettierignore"]
+        files: "superset-frontend"
  - repo: local
    hooks:
-      - id: eslint-frontend
-        name: eslint (frontend)
-        entry: ./scripts/eslint.sh
+      - id: eslint
+        name: eslint
+        entry: bash -c 'cd superset-frontend && npm run eslint -- $(echo "$@" | sed "s|superset-frontend/||g")'
        language: system
        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-      - id: eslint-docs
-        name: eslint (docs)
-        entry: bash -c 'cd docs && FILES=$(echo "$@" | sed "s|docs/||g") && yarn eslint --fix --ext .js,.jsx,.ts,.tsx --quiet $FILES'
-        language: system
-        pass_filenames: true
-        files: ^docs/.*\.(js|jsx|ts|tsx)$
-      - id: type-checking-frontend
-        name: Type-Checking (Frontend)
-        entry: ./scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base
-        language: system
-        files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
-        exclude: ^superset-frontend/cypress-base\/
-        require_serial: true
+        files: \.(js|jsx|ts|tsx)$
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -90,31 +85,9 @@ repos:
    hooks:
      - id: helm-docs
        files: helm
-        verbose: false
-        args: ["--log-level", "error"]
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.7
+    rev: v0.8.0
    hooks:
-      - id: ruff-format
      - id: ruff
        args: [--fix]
-  - repo: local
-    hooks:
-      - id: pylint
-        name: pylint with custom Superset plugins
-        entry: bash
-        language: system
-        types: [python]
-        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
-        args:
-          - -c
-          - |
-            TARGET_BRANCH=${GITHUB_BASE_REF:-master}
-            git fetch origin "$TARGET_BRANCH"
-            BASE=$(git merge-base origin/"$TARGET_BRANCH" HEAD)
-            files=$(git diff --name-only --diff-filter=ACM "$BASE"..HEAD | grep '^superset/.*\.py$' || true)
-            if [ -n "$files" ]; then
-              pylint --rcfile=.pylintrc --load-plugins=superset.extensions.pylint --reports=no $files
-            else
-              echo "No Python files to lint."
-            fi
+      - id: ruff-format
--- a/.pylintrc
+++ b/.pylintrc
@@ -1,355 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[MASTER]
-
-# Specify a configuration file.
-#rcfile=
-
-# Python code to execute, usually for sys.path manipulation such as
-# pygtk.require().
-#init-hook=
-
-# Add files or directories to the blacklist. They should be base names, not
-# paths.
-ignore=CVS,migrations
-
-# Add files or directories matching the regex patterns to the blacklist. The
-# regex matches against base names, not paths.
-ignore-patterns=
-
-# Pickle collected data for later comparisons.
-persistent=yes
-
-# List of plugins (as comma separated values of python modules names) to load,
-# usually to register additional checkers.
-load-plugins=superset.extensions.pylint
-
-# Use multiple processes to speed up Pylint.
-jobs=2
-
-# Allow loading of arbitrary C extensions. Extensions are imported into the
-# active Python interpreter and may run arbitrary code.
-unsafe-load-any-extension=no
-
-# A comma-separated list of package or module names from where C extensions may
-# be loaded. Extensions are loading into the active Python interpreter and may
-# run arbitrary code
-extension-pkg-whitelist=pyarrow
-
-
-[MESSAGES CONTROL]
-disable=all
-enable=disallowed-json-import,disallowed-sql-import,consider-using-transaction
-
-
-[REPORTS]
-
-# Set the output format. Available formats are text, parseable, colorized, msvs
-# (visual studio) and html. You can also give a reporter class, eg
-# mypackage.mymodule.MyReporterClass.
-output-format=text
-
-# Tells whether to display a full report or only the messages
-reports=yes
-
-# Python expression which should return a note less than 10 (10 is the highest
-# note). You have access to the variables errors warning, statement which
-# respectively contain the number of errors / warnings messages and the total
-# number of statements analyzed. This is used by the global evaluation report
-# (RP0004).
-evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
-
-# Template used to display messages. This is a python new-style format string
-# used to format the message information. See doc for all details
-#msg-template=
-
-
-[BASIC]
-
-# Good variable names which should always be accepted, separated by a comma
-good-names=_,df,ex,f,i,id,j,k,l,o,pk,Run,ts,v,x,y
-
-# Bad variable names which should always be refused, separated by a comma
-bad-names=bar,baz,db,fd,foo,sesh,session,tata,toto,tutu
-
-# Colon-delimited sets of names that determine each other's naming style when
-# the name regexes allow several styles.
-name-group=
-
-# Include a hint for the correct naming format with invalid-name
-include-naming-hint=no
-
-# List of decorators that produce properties, such as abc.abstractproperty. Add
-# to this list to register other decorators that produce valid properties.
-property-classes=
-    abc.abstractproperty,
-    sqlalchemy.ext.hybrid.hybrid_property
-
-# Regular expression matching correct argument names
-argument-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct method names
-method-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct variable names
-variable-rgx=[a-z_][a-z0-9_]{1,30}$
-
-# Regular expression matching correct inline iteration names
-inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
-
-# Regular expression matching correct constant names
-const-rgx=(([A-Za-z_][A-Za-z0-9_]*)|(__.*__))$
-
-# Regular expression matching correct class names
-class-rgx=[A-Z_][a-zA-Z0-9]+$
-
-# Regular expression matching correct class attribute names
-class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
-
-# Regular expression matching correct module names
-module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
-
-# Regular expression matching correct attribute names
-attr-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct function names
-function-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression which should only match function or class names that do
-# not require a docstring.
-no-docstring-rgx=^_
-
-# Minimum line length for functions/classes that require docstrings, shorter
-# ones are exempt.
-docstring-min-length=10
-
-
-[ELIF]
-
-# Maximum number of nested blocks for function / method body
-max-nested-blocks=5
-
-
-[FORMAT]
-
-# Maximum number of characters on a single line.
-max-line-length=100
-
-# Regexp for a line that is allowed to be longer than the limit.
-ignore-long-lines=^\s*(# )?<?https?://\S+>?$
-
-# Allow the body of an if to be on the same line as the test if there is no
-# else.
-single-line-if-stmt=no
-
-# Maximum number of lines in a module
-max-module-lines=1000
-
-# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
-# tab).
-indent-string='    '
-
-# Number of spaces of indent required inside a hanging  or continued line.
-indent-after-paren=4
-
-# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
-expected-line-ending-format=
-
-
-[LOGGING]
-
-# Logging modules to check that the string format arguments are in logging
-# function parameter format
-logging-modules=logging
-
-
-[MISCELLANEOUS]
-
-# List of note tags to take in consideration, separated by a comma.
-notes=FIXME,XXX
-
-
-[SIMILARITIES]
-
-# Minimum lines number of a similarity.
-min-similarity-lines=5
-
-# Ignore comments when computing similarities.
-ignore-comments=yes
-
-# Ignore docstrings when computing similarities.
-ignore-docstrings=yes
-
-# Ignore imports when computing similarities.
-ignore-imports=no
-
-
-[SPELLING]
-
-# Spelling dictionary name. Available dictionaries: none. To make it working
-# install python-enchant package.
-spelling-dict=
-
-# List of comma separated words that should not be checked.
-spelling-ignore-words=
-
-# A path to a file that contains private dictionary; one word per line.
-spelling-private-dict-file=
-
-# Tells whether to store unknown words to indicated private dictionary in
-# --spelling-private-dict-file option instead of raising a message.
-spelling-store-unknown-words=no
-
-
-[TYPECHECK]
-
-# Tells whether missing members accessed in mixin class should be ignored. A
-# mixin class is detected if its name ends with "mixin" (case insensitive).
-ignore-mixin-members=yes
-
-# List of module names for which member attributes should not be checked
-# (useful for modules/projects where namespaces are manipulated during runtime
-# and thus existing member attributes cannot be deduced by static analysis. It
-# supports qualified module names, as well as Unix pattern matching.
-ignored-modules=numpy,pandas,alembic.op,sqlalchemy,alembic.context,flask_appbuilder.security.sqla.PermissionView.role,flask_appbuilder.Model.metadata,flask_appbuilder.Base.metadata
-
-# List of class names for which member attributes should not be checked (useful
-# for classes with dynamically set attributes). This supports the use of
-# qualified names.
-ignored-classes=contextlib.closing,optparse.Values,thread._local,_thread._local
-
-# List of members which are set dynamically and missed by pylint inference
-# system, and so shouldn't trigger E1101 when accessed. Python regular
-# expressions are accepted.
-generated-members=
-
-# List of decorators that produce context managers, such as
-# contextlib.contextmanager. Add to this list to register other decorators that
-# produce valid context managers.
-contextmanager-decorators=contextlib.contextmanager
-
-
-[VARIABLES]
-
-# Tells whether we should check for unused import in __init__ files.
-init-import=no
-
-# A regular expression matching the name of dummy variables (i.e. expectedly
-# not used).
-dummy-variables-rgx=(_+[a-zA-Z0-9]*?$)|dummy
-
-# List of additional names supposed to be defined in builtins. Remember that
-# you should avoid to define new builtins when possible.
-additional-builtins=
-
-# List of strings which can identify a callback function by name. A callback
-# name must start or end with one of those strings.
-callbacks=cb_,_cb
-
-# List of qualified module names which can have objects that can redefine
-# builtins.
-redefining-builtins-modules=six.moves,future.builtins
-
-
-[CLASSES]
-
-# List of method names used to declare (i.e. assign) instance attributes.
-defining-attr-methods=__init__,__new__,setUp
-
-# List of valid names for the first argument in a class method.
-valid-classmethod-first-arg=cls
-
-# List of valid names for the first argument in a metaclass class method.
-valid-metaclass-classmethod-first-arg=mcs
-
-# List of member names, which should be excluded from the protected access
-# warning.
-exclude-protected=_asdict,_fields,_replace,_source,_make
-
-
-[DESIGN]
-
-# Maximum number of arguments for function / method
-max-args=5
-
-# Argument names that match this expression will be ignored. Default to name
-# with leading underscore
-ignored-argument-names=_.*
-
-# Maximum number of locals for function / method body
-max-locals=15
-
-# Maximum number of return / yield for function / method body
-max-returns=10
-
-# Maximum number of branch for function / method body
-max-branches=15
-
-# Maximum number of statements in function / method body
-max-statements=50
-
-# Maximum number of parents for a class (see R0901).
-max-parents=7
-
-# Maximum number of attributes for a class (see R0902).
-max-attributes=8
-
-# Minimum number of public methods for a class (see R0903).
-min-public-methods=2
-
-# Maximum number of public methods for a class (see R0904).
-max-public-methods=20
-
-# Maximum number of boolean expressions in a if statement
-max-bool-expr=5
-
-
-[IMPORTS]
-
-# Deprecated modules which should not be used, separated by a comma
-deprecated-modules=optparse
-
-# Create a graph of every (i.e. internal and external) dependencies in the
-# given file (report RP0402 must not be disabled)
-import-graph=
-
-# Create a graph of external dependencies in the given file (report RP0402 must
-# not be disabled)
-ext-import-graph=
-
-# Create a graph of internal dependencies in the given file (report RP0402 must
-# not be disabled)
-int-import-graph=
-
-# Force import order to recognize a module as part of the standard
-# compatibility libraries.
-known-standard-library=
-
-# Force import order to recognize a module as part of a third party library.
-known-third-party=enchant
-
-# Analyse import fallback blocks. This can be used to support both Python 2 and
-# 3 compatible code, which means that the block might have code that exists
-# only in one or another interpreter, leading to false positives when analysed.
-analyse-fallback-blocks=no
-
-
-[EXCEPTIONS]
-
-# Exceptions that will emit a warning when being caught. Defaults to
-# "Exception"
-overgeneral-exceptions=builtins.Exception
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -73,17 +73,8 @@ ibm-db2.svg
 postgresql.svg
 snowflake.svg
 ydb.svg
-loading.svg

 # docs-related
 erd.puml
 erd.svg
 intro_header.txt
-
-# for LLMs
-llm-context.md
-LLMS.md
-CLAUDE.md
-CURSOR.md
-GEMINI.md
-GPT.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,8 +44,4 @@ under the License.
 - [4.0.1](./CHANGELOG/4.0.1.md)
 - [4.0.2](./CHANGELOG/4.0.2.md)
 - [4.1.0](./CHANGELOG/4.1.0.md)
- [4.1.1](./CHANGELOG/4.1.1.md)
- [4.1.2](./CHANGELOG/4.1.2.md)
- [4.1.3](./CHANGELOG/4.1.3.md)
- [4.1.4](./CHANGELOG/4.1.4.md)
 - [5.0.0](./CHANGELOG/5.0.0.md)
--- a/CHANGELOG/4.1.1.md
+++ b/CHANGELOG/4.1.1.md
@@ -1,50 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1 (Fri Nov 15 22:13:57 2024 +0530)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#30886](https://github.com/apache/superset/pull/30886) fix: blocks UI elements on right side (@samarsrivastav)
- [#30859](https://github.com/apache/superset/pull/30859) fix(package.json): Pin luxon version to unblock master (@geido)
- [#30588](https://github.com/apache/superset/pull/30588) fix(explore): column data type tooltip format (@mistercrunch)
- [#29911](https://github.com/apache/superset/pull/29911) fix: Rename database from 'couchbasedb' to 'couchbase' in documentation and db_engine_specs (@ayush-couchbase)
- [#30828](https://github.com/apache/superset/pull/30828) fix(TimezoneSelector): Failing unit tests due to timezone change (@geido)
- [#30875](https://github.com/apache/superset/pull/30875) fix: don't show metadata for embedded dashboards (@sadpandajoe)
- [#30851](https://github.com/apache/superset/pull/30851) fix: Graph chart colors (@michael-s-molina)
- [#29867](https://github.com/apache/superset/pull/29867) fix(capitalization): Capitalizing a button. (@rusackas)
- [#29782](https://github.com/apache/superset/pull/29782) fix(translations): Translate embedded errors (@rusackas)
- [#29772](https://github.com/apache/superset/pull/29772) fix: Fixing incomplete string escaping. (@rusackas)
- [#29725](https://github.com/apache/superset/pull/29725) fix(frontend/docker, ci): fix borked Docker build due to Lerna v8 uplift (@hainenber)
-
-**Others**
-
- [#30576](https://github.com/apache/superset/pull/30576) chore: add link to Superset when report error (@eschutho)
- [#29786](https://github.com/apache/superset/pull/29786) refactor(Slider): Upgrade Slider to Antd 5 (@geido)
- [#29674](https://github.com/apache/superset/pull/29674) refactor(ChartCreation): Migrate tests to RTL (@rtexelm)
- [#29843](https://github.com/apache/superset/pull/29843) refactor(controls): Migrate AdhocMetricOption.test to RTL (@rtexelm)
- [#29845](https://github.com/apache/superset/pull/29845) refactor(controls): Migrate MetricDefinitionValue.test to RTL (@rtexelm)
- [#28424](https://github.com/apache/superset/pull/28424) docs: Check markdown files for bad links using linkinator (@rusackas)
- [#29768](https://github.com/apache/superset/pull/29768) docs(contributing): fix broken link to translations sub-section (@sfirke)
--- a/CHANGELOG/4.1.2.md
+++ b/CHANGELOG/4.1.2.md
@@ -1,83 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.2 (Fri Mar 7 13:28:05 2025 -0800)
-
-**Database Migrations**
-
- [#32538](https://github.com/apache/superset/pull/32538) fix(migrations): Handle comparator None in old time comparison migration (@Antonio-RiveroMartnez)
- [#32155](https://github.com/apache/superset/pull/32155) fix(migrations): Handle no params in time comparison migration (@Antonio-RiveroMartnez)
- [#31185](https://github.com/apache/superset/pull/31185) fix: check for column before adding in migrations (@betodealmeida)
-
-**Features**
-
- [#29974](https://github.com/apache/superset/pull/29974) feat(sqllab): Adds refresh button to table metadata in SQL Lab (@Usiel)
-
-**Fixes**
-
- [#32515](https://github.com/apache/superset/pull/32515) fix(sqllab): Allow clear on schema and catalog (@justinpark)
- [#32500](https://github.com/apache/superset/pull/32500) fix: dashboard, chart and dataset import validation (@dpgaspar)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31407](https://github.com/apache/superset/pull/31407) fix: Big Number side cut fixed (@fardin-developer)
- [#31480](https://github.com/apache/superset/pull/31480) fix(sunburst): Use metric label from verbose map (@gerbermichi)
- [#31427](https://github.com/apache/superset/pull/31427) fix(tags): clean up bulk create api and schema (@villebro)
- [#31334](https://github.com/apache/superset/pull/31334) fix(docs): add custom editUrl path for intro page (@dwgrossberg)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31323](https://github.com/apache/superset/pull/31323) fix: Use clickhouse sqlglot dialect for YDB (@vgvoleg)
- [#31198](https://github.com/apache/superset/pull/31198) fix: add more clickhouse disallowed functions on config (@dpgaspar)
- [#31194](https://github.com/apache/superset/pull/31194) fix(embedded): Hide anchor links in embedded mode (@Vitor-Avila)
- [#31960](https://github.com/apache/superset/pull/31960) fix(sqllab): Missing allowHTML props in ResultTableExtension (@justinpark)
- [#31332](https://github.com/apache/superset/pull/31332) fix: prevent multiple pvm errors on migration (@eschutho)
- [#31437](https://github.com/apache/superset/pull/31437) fix(database import): Gracefully handle error to get catalog schemas (@Vitor-Avila)
- [#31173](https://github.com/apache/superset/pull/31173) fix: cache-warmup fails (@nsivarajan)
- [#30442](https://github.com/apache/superset/pull/30442) fix(fe/src/dashboard): optional chaining for possibly nullable parent attribute in LayoutItem type (@hainenber)
- [#31639](https://github.com/apache/superset/pull/31639) fix(sqllab): unable to update saved queries (@DamianPendrak)
- [#29898](https://github.com/apache/superset/pull/29898) fix: parse pandas pivot null values (@eschutho)
- [#31414](https://github.com/apache/superset/pull/31414) fix(Pivot Table): Fix column width to respect currency config (@Vitor-Avila)
- [#31335](https://github.com/apache/superset/pull/31335) fix(histogram): axis margin padding consistent with other graphs (@tatiana-cherne)
- [#31301](https://github.com/apache/superset/pull/31301) fix(AllEntitiesTable): show Tags (@alexandrusoare)
- [#31329](https://github.com/apache/superset/pull/31329) fix: pass string to `process_template` (@betodealmeida)
- [#31341](https://github.com/apache/superset/pull/31341) fix(pinot): remove query aliases from SELECT and ORDER BY clauses in Pinot (@yuribogomolov)
- [#31308](https://github.com/apache/superset/pull/31308) fix: annotations on horizontal bar chart (@DamianPendrak)
- [#31294](https://github.com/apache/superset/pull/31294) fix(sqllab): Remove update_saved_query_exec_info to reduce lag (@justinpark)
- [#30897](https://github.com/apache/superset/pull/30897) fix: Exception handling for SQL Lab views (@michael-s-molina)
- [#31199](https://github.com/apache/superset/pull/31199) fix(Databricks): Escape catalog and schema names in pre-queries (@Vitor-Avila)
- [#31265](https://github.com/apache/superset/pull/31265) fix(trino): db session error in handle cursor (@justinpark)
- [#31024](https://github.com/apache/superset/pull/31024) fix(dataset): use sqlglot for DML check (@betodealmeida)
- [#29885](https://github.com/apache/superset/pull/29885) fix: add mutator to get_columns_description (@eschutho)
- [#30821](https://github.com/apache/superset/pull/30821) fix: x axis title disappears when editing bar chart (@DamianPendrak)
- [#31181](https://github.com/apache/superset/pull/31181) fix: Time-series Line Chart Display unnecessary total (@michael-s-molina)
- [#31163](https://github.com/apache/superset/pull/31163) fix(Dashboard): Backward compatible shared_label_colors field (@geido)
- [#31156](https://github.com/apache/superset/pull/31156) fix: check orderby (@betodealmeida)
- [#31154](https://github.com/apache/superset/pull/31154) fix: Remove unwanted commit on Trino's handle_cursor (@michael-s-molina)
- [#31151](https://github.com/apache/superset/pull/31151) fix: Revert "feat(trino): Add functionality to upload data (#29164)" (@michael-s-molina)
- [#31031](https://github.com/apache/superset/pull/31031) fix(Dashboard): Ensure shared label colors are updated (@geido)
- [#30967](https://github.com/apache/superset/pull/30967) fix(release validation): scripts now support RSA and EDDSA keys. (@rusackas)
- [#30881](https://github.com/apache/superset/pull/30881) fix(Dashboard): Native & Cross-Filters Scoping Performance (@geido)
- [#30887](https://github.com/apache/superset/pull/30887) fix(imports): import query_context for imports with charts (@lindenh)
- [#31008](https://github.com/apache/superset/pull/31008) fix(explore): verified props is not updated (@justinpark)
- [#30646](https://github.com/apache/superset/pull/30646) fix(Dashboard): Retain colors when color scheme not set (@geido)
- [#30962](https://github.com/apache/superset/pull/30962) fix(Dashboard): Exclude edit param in async screenshot (@geido)
-
-**Others**
-
- [#32043](https://github.com/apache/superset/pull/32043) chore: Skip the creation of secondary perms during catalog migrations (@Vitor-Avila)
- [#30865](https://github.com/apache/superset/pull/30865) docs: Updating 4.1 Release Notes (@yousoph)
--- a/CHANGELOG/4.1.3.md
+++ b/CHANGELOG/4.1.3.md
@@ -1,58 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.3 (Thu May 29 02:31:07 2025 -0500)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#33522](https://github.com/apache/superset/pull/33522) fix(Sqllab):  Autocomplete got stuck in UI when open it too fast (@rebenitez1802)
- [#33425](https://github.com/apache/superset/pull/33425) fix(table-chart): time shift is not working (@justinpark)
- [#32414](https://github.com/apache/superset/pull/32414) fix(api): Added uuid to list api calls (@withnale)
- [#33354](https://github.com/apache/superset/pull/33354) fix: loading examples from raw.githubusercontent.com fails with 429 errors (@mistercrunch)
- [#32382](https://github.com/apache/superset/pull/32382) fix(pinot): revert join and subquery flags (@yuribogomolov)
- [#32473](https://github.com/apache/superset/pull/32473) fix(plugin-chart-echarts): remove erroneous upper bound value (@villebro)
- [#33048](https://github.com/apache/superset/pull/33048) fix: improve error type on parse error (@justinpark)
- [#32968](https://github.com/apache/superset/pull/32968) fix(pivot-table): Revert "fix(Pivot Table): Fix column width to respect currency config (#31414)" (@justinpark)
- [#32795](https://github.com/apache/superset/pull/32795) fix(log): store navigation path to get correct logging path (@justinpark)
- [#33216](https://github.com/apache/superset/pull/33216) fix: Downgrade to marshmallow<4 (@amotl)
- [#32866](https://github.com/apache/superset/pull/32866) fix: make packages PEP 625 compliant (@sadpandajoe)
- [#32035](https://github.com/apache/superset/pull/32035) fix(fe/dashboard-list): display modifier info for `Last modified` data (@hainenber)
- [#32708](https://github.com/apache/superset/pull/32708) fix(logging): missing path in event data (@justinpark)
- [#32699](https://github.com/apache/superset/pull/32699) fix: Signature of Celery pruner jobs (@michael-s-molina)
- [#32681](https://github.com/apache/superset/pull/32681) fix(log): Update recent_activity by event name (@justinpark)
- [#32608](https://github.com/apache/superset/pull/32608) fix(welcome): perf on distinct recent activities (@justinpark)
- [#32572](https://github.com/apache/superset/pull/32572) fix: Log table retention policy (@michael-s-molina)
- [#32406](https://github.com/apache/superset/pull/32406) fix(model/helper): represent RLS filter clause in proper textual SQL string (@hainenber)
- [#32240](https://github.com/apache/superset/pull/32240) fix: upgrade to 3.11.11-slim-bookworm to address critical vulnerabilities (@gpchandran)
- [#30858](https://github.com/apache/superset/pull/30858) fix(chart data): removing query from /chart/data payload when accessing as guest user (@fisjac)
-
-**Others**
-
- [#33612](https://github.com/apache/superset/pull/33612) chore: update Dockerfile - Upgrade to 3.11.12 (@gpchandran)
- [#33435](https://github.com/apache/superset/pull/33435) docs: CVEs fixed on 4.1.2 (@sha174n)
- [#33339](https://github.com/apache/superset/pull/33339) chore(🦾): bump python h11 0.14.0 -> 0.16.0 (@github-actions[bot])
- [#32745](https://github.com/apache/superset/pull/32745) chore(🦾): bump python sqlglot 26.1.3 -> 26.11.1 (@github-actions[bot])
- [#32782](https://github.com/apache/superset/pull/32782) chore: Revert "chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm`" (@sadpandajoe)
- [#32780](https://github.com/apache/superset/pull/32780) chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm` (@gpchandran)
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +0,0 @@
-LLMS.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
+ with the License.  You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

--- a/70
+++ b/70
@@ -18,7 +18,7 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.13-slim-trixie
+ARG PY_VER=3.11.13-slim-bookworm

 # If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
@@ -29,7 +29,7 @@ ARG BUILD_TRANSLATIONS="false"
 ######################################################################
 # superset-node-ci used as a base for building frontend assets and CI
 ######################################################################
-FROM --platform=${BUILDPLATFORM} node:20-trixie-slim AS superset-node-ci
+FROM --platform=${BUILDPLATFORM} node:20-bookworm-slim AS superset-node-ci
 ARG BUILD_TRANSLATIONS
 ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
 ARG DEV_MODE="false"           # Skip frontend build in dev mode
@@ -59,12 +59,12 @@ RUN mkdir -p /app/superset/static/assets \
 # NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
 # ideally we'd COPY only their package.json. Here npm ci will be cached as long
 # as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that it's not possible to selectively COPY or mount using blobs.
+# Note that's it's not possible selectively COPY of mount using blobs.
 RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
    --mount=type=cache,target=/root/.cache \
    --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        npm ci; \
    else \
        echo "Skipping 'npm ci' in dev mode"; \
@@ -74,13 +74,13 @@ RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.j
 COPY superset-frontend /app/superset-frontend

 ######################################################################
-# superset-node is used for compiling frontend assets
+# superset-node used for compile frontend assets
 ######################################################################
 FROM superset-node-ci AS superset-node

 # Build the frontend if not in dev mode
 RUN --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        echo "Running 'npm run ${BUILD_CMD}'"; \
        npm run ${BUILD_CMD}; \
    else \
@@ -90,11 +90,12 @@ RUN --mount=type=cache,target=/root/.npm \
 # Copy translation files
 COPY superset/translations /app/superset/translations

-# Build translations if enabled, then cleanup localization files
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+# Build the frontend if not in dev mode
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        npm run build-translation; \
    fi; \
-    rm -rf /app/superset/translations/*/*/*.[po,mo];
+    rm -rf /app/superset/translations/*/*/*.po; \
+    rm -rf /app/superset/translations/*/*/*.mo;


 ######################################################################
@@ -105,10 +106,10 @@ FROM python:${PY_VER} AS python-base
 ARG SUPERSET_HOME="/app/superset_home"
 ENV SUPERSET_HOME=${SUPERSET_HOME}

-RUN mkdir -p ${SUPERSET_HOME}
+RUN mkdir -p $SUPERSET_HOME
 RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 ${SUPERSET_HOME} \
-    && chown -R superset:superset ${SUPERSET_HOME}
+    && chmod -R 1777 $SUPERSET_HOME \
+    && chown -R superset:superset $SUPERSET_HOME

 # Some bash scripts needed throughout the layers
 COPY --chmod=755 docker/*.sh /app/docker/
@@ -133,19 +134,17 @@ RUN --mount=type=cache,target=/root/.cache/uv \
    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt

 COPY superset/translations/ /app/translations_mo/
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        pybabel compile -d /app/translations_mo | true; \
    fi; \
-    rm -f /app/translations_mo/*/*/*.[po,json]
+    rm -f /app/translations_mo/*/*/*.po; \
+    rm -f /app/translations_mo/*/*/*.json;

 ######################################################################
 # Python APP common layer
 ######################################################################
 FROM python-base AS python-common

-# Build arg to pre-populate examples DuckDB file
-ARG LOAD_EXAMPLES_DUCKDB="false"
-
 ENV SUPERSET_HOME="/app/superset_home" \
    HOME="/app/superset_home" \
    SUPERSET_ENV="production" \
@@ -168,14 +167,14 @@ RUN mkdir -p \
    && touch superset/static/version_info.json

 # Install Playwright and optionally setup headless browsers
-ARG INCLUDE_CHROMIUM="false"
+ARG INCLUDE_CHROMIUM="true"
 ARG INCLUDE_FIREFOX="false"
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "${INCLUDE_CHROMIUM}" = "true" ] || [ "${INCLUDE_FIREFOX}" = "true" ]; then \
+    if [ "$INCLUDE_CHROMIUM" = "true" ] || [ "$INCLUDE_FIREFOX" = "true" ]; then \
        uv pip install playwright && \
        playwright install-deps && \
-        if [ "${INCLUDE_CHROMIUM}" = "true" ]; then playwright install chromium; fi && \
-        if [ "${INCLUDE_FIREFOX}" = "true" ]; then playwright install firefox; fi; \
+        if [ "$INCLUDE_CHROMIUM" = "true" ]; then playwright install chromium; fi && \
+        if [ "$INCLUDE_FIREFOX" = "true" ]; then playwright install firefox; fi; \
    else \
        echo "Skipping browser installation"; \
    fi
@@ -197,18 +196,6 @@ RUN /app/docker/apt-install.sh \
      libecpg-dev \
      libldap2-dev

-# Pre-load examples DuckDB file if requested
-RUN if [ "$LOAD_EXAMPLES_DUCKDB" = "true" ]; then \
-        mkdir -p /app/data && \
-        echo "Downloading pre-built examples.duckdb..." && \
-        curl -L -o /app/data/examples.duckdb \
-            "https://raw.githubusercontent.com/apache-superset/examples-data/master/examples.duckdb" && \
-        chown -R superset:superset /app/data; \
-    else \
-        mkdir -p /app/data && \
-        chown -R superset:superset /app/data; \
-    fi
-
 # Copy compiled things from previous stages
 COPY --from=superset-node /app/superset/static/assets superset/static/assets

@@ -221,7 +208,7 @@ RUN rm superset/translations/*/*/*.po
 COPY --from=superset-node /app/superset/translations superset/translations
 COPY --from=python-translation-compiler /app/translations_mo superset/translations

-HEALTHCHECK CMD /app/docker/docker-healthcheck.sh
+HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
 CMD ["/app/docker/entrypoints/run-server.sh"]
 EXPOSE ${SUPERSET_PORT}

@@ -240,7 +227,7 @@ RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
 # Install the superset package
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
+    uv pip install .
 RUN python -m compileall /app/superset

 USER superset
@@ -268,7 +255,7 @@ RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
 # Install the superset package
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
+    uv pip install .

 RUN uv pip install .[postgres]
 RUN python -m compileall /app/superset
@@ -280,15 +267,6 @@ USER superset
 ######################################################################
 FROM lean AS ci
 USER root
-RUN uv pip install .[postgres,duckdb]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]
-
-######################################################################
-# Showtime image - lean + DuckDB for examples database
-######################################################################
-FROM lean AS showtime
-USER root
-RUN uv pip install .[duckdb]
+RUN uv pip install .[postgres]
 USER superset
 CMD ["/app/docker/entrypoints/docker-ci.sh"]
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +0,0 @@
-LLMS.md
--- a/GPT.md
+++ b/GPT.md
@@ -1 +0,0 @@
-LLMS.md
--- a/LLMS.md
+++ b/LLMS.md
@@ -1,220 +0,0 @@
-# LLM Context Guide for Apache Superset
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **Use @superset-ui/core** - Don't import Ant Design directly, prefer Ant Design component wrappers from @superset-ui/core/components
- **Use antd theming tokens** - Prefer antd tokens over legacy theming tokens
- **Avoid custom css and styles** - Follow antd best practices and avoid styling and custom CSS whenever possible
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over end-to-end tests
- **Use Playwright for E2E tests** - Migrating from Cypress
- **Cypress is deprecated** - Will be removed once migration is completed
- **Use Jest + React Testing Library** for component testing
- **Use `test()` instead of `describe()`** - Follow [avoid nesting when testing](https://kentcdodds.com/blog/avoid-nesting-when-youre-testing) principles
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-### UUID Migration
- **Prefer UUIDs over auto-incrementing IDs** - New models should use UUID primary keys
- **External API exposure** - Use UUIDs in public APIs instead of internal integer IDs
- **Existing models** - Add UUID fields alongside integer IDs for gradual migration
-
-## Key Directories
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Code Standards
-
-### TypeScript Frontend
- **Avoid `any` types** - Use proper TypeScript, reuse existing types
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state where it exists, hooks for local
-
-### Python Backend  
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like LLMS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-## Documentation Requirements
-
- **docs/**: Update for any user-facing changes
- **UPDATING.md**: Add breaking changes here
- **Docstrings**: Required for new functions/classes
-
-## Architecture Patterns
-
-### Security & Features
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-### Test Database Patterns
- **Mock patterns**: Use `MagicMock()` for config objects, avoid `AsyncMock` for synchronous code
- **API tests**: Update expected columns when adding new model fields
-
-### Running Tests
-```bash
-# Frontend
-npm run test                           # All tests
-npm run test -- filename.test.tsx     # Single file
-
-# E2E Tests (Playwright - NEW)
-npm run playwright:test                # All Playwright tests
-npm run playwright:ui                  # Interactive UI mode
-npm run playwright:headed              # See browser during tests
-npx playwright test tests/auth/login.spec.ts  # Single file
-npm run playwright:debug tests/auth/login.spec.ts  # Debug specific file
-
-# E2E Tests (Cypress - DEPRECATED)
-cd superset-frontend/cypress-base
-npm run cypress-run-chrome             # All Cypress tests (headless)
-npm run cypress-debug                  # Interactive Cypress UI
-
-# Backend  
-pytest                                 # All tests
-pytest tests/unit_tests/specific_test.py  # Single file
-pytest tests/unit_tests/               # Directory
-
-# If pytest fails with database/setup issues, ask the user to run test environment setup
-```
-
-## Environment Validation
-
-**Quick Setup Check (run this first):**
-
-```bash
-# Verify Superset is running
-curl -f http://localhost:8088/health || echo "❌ Setup required - see https://superset.apache.org/docs/contributing/development#working-with-llms"
-```
-
-**If health checks fail:**
-"It appears you aren't set up properly. Please refer to the [Working with LLMs](https://superset.apache.org/docs/contributing/development#working-with-llms) section in the development docs for setup instructions."
-
-**Key Project Files:**
- `superset-frontend/package.json` - Frontend build scripts (`npm run dev` on port 9000, `npm run test`, `npm run lint`)
- `pyproject.toml` - Python tooling (ruff, mypy configs)
- `requirements/` folder - Python dependencies (base.txt, development.txt)
-
-## SQLAlchemy Query Best Practices  
- **Use negation operator**: `~Model.field` instead of `== False` to avoid ruff E712 errors
- **Example**: `~Model.is_active` instead of `Model.is_active == False`
-
-## Pull Request Guidelines
-
-**When creating pull requests:**
-
-1. **Read the current PR template**: Always check `.github/PULL_REQUEST_TEMPLATE.md` for the latest format
-2. **Use the template sections**: Include all sections from the template (SUMMARY, BEFORE/AFTER, TESTING INSTRUCTIONS, ADDITIONAL INFORMATION)
-3. **Follow PR title conventions**: Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
-   - Format: `type(scope): description`
-   - Example: `fix(dashboard): load charts correctly`
-   - Types: `fix`, `feat`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`
-
-**Important**: Always reference the actual template file at `.github/PULL_REQUEST_TEMPLATE.md` instead of using cached content, as the template may be updated over time.
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# IMPORTANT: Stage your changes first!
-git add .                        # Pre-commit only checks staged files
-
-# Quick validation (faster than --all-files)
-pre-commit run                   # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-**Important pre-commit usage notes:**
- **Stage files first**: Run `git add .` before `pre-commit run` to check only changed files (much faster)
- **Virtual environment**: Activate your Python virtual environment before running pre-commit
-  ```bash
-  # Common virtual environment locations (yours may differ):
-  source .venv/bin/activate      # if using .venv
-  source venv/bin/activate       # if using venv
-  source ~/venvs/superset/bin/activate  # if using a central location
-  ```
-  If you get a "command not found" error, ask the user which virtual environment to activate
- **Auto-fixes**: Some hooks auto-fix issues (e.g., trailing whitespace). Re-run after fixes are applied
-
-## Common File Patterns
-
-### API Structure
- **`/api.py`** - REST endpoints with decorators and OpenAPI docstrings
- **`/schemas.py`** - Marshmallow validation schemas for OpenAPI spec
- **`/commands/`** - Business logic classes with @transaction() decorators
- **`/models/`** - SQLAlchemy database models
- **OpenAPI docs**: Auto-generated at `/swagger/v1` from docstrings and schemas
-
-### Migration Files
- **Location**: `superset/migrations/versions/`
- **Naming**: `YYYY-MM-DD_HH-MM_hash_description.py`
- **Utilities**: Use helpers from `superset.migrations.shared.utils` for database compatibility
- **Pattern**: Import utilities instead of raw SQLAlchemy operations
-
-## Platform-Specific Instructions
-
- **[CLAUDE.md](CLAUDE.md)** - For Claude/Anthropic tools
- **[.github/copilot-instructions.md](.github/copilot-instructions.md)** - For GitHub Copilot  
- **[GEMINI.md](GEMINI.md)** - For Google Gemini tools
- **[GPT.md](GPT.md)** - For OpenAI/ChatGPT tools
- **[.cursor/rules/dev-standard.mdc](.cursor/rules/dev-standard.mdc)** - For Cursor editor
-
---
-
-**LLM Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/2
+++ b/2
@@ -91,7 +91,7 @@ js-format:
 	cd superset-frontend; npm run prettier

 flask-app:
-	flask run -p 8088 --reload --debugger
+	flask run -p 8088 --with-threads --reload --debugger

 node-app:
 	cd superset-frontend; npm run dev-server
--- a/README.md
+++ b/README.md
@@ -20,11 +20,11 @@ under the License.
 # Superset

 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/license/apache-2-0)
-[![Latest Release on Github](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/releases/latest)
-[![Build Status](https://github.com/apache/superset/actions/workflows/superset-python-unittest.yml/badge.svg)](https://github.com/apache/superset/actions)
-[![PyPI version](https://badge.fury.io/py/apache_superset.svg)](https://badge.fury.io/py/apache_superset)
+[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/tree/latest)
+[![Build Status](https://github.com/apache/superset/workflows/Python/badge.svg)](https://github.com/apache/superset/actions)
+[![PyPI version](https://badge.fury.io/py/apache-superset.svg)](https://badge.fury.io/py/apache-superset)
 [![Coverage Status](https://codecov.io/github/apache/superset/coverage.svg?branch=master)](https://codecov.io/github/apache/superset)
-[![PyPI](https://img.shields.io/pypi/pyversions/apache_superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache_superset)
+[![PyPI](https://img.shields.io/pypi/pyversions/apache-superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache-superset)
 [![Get on Slack](https://img.shields.io/badge/slack-join-orange.svg)](http://bit.ly/join-superset-slack)
 [![Documentation](https://img.shields.io/badge/docs-apache.org-blue.svg)](https://superset.apache.org)

@@ -72,10 +72,8 @@ Superset provides:
 ## Screenshots & Gifs

 **Video Overview**
-
 <!-- File hosted here https://github.com/apache/superset-site/raw/lfs/superset-video-4k.mp4 -->
-
-[superset-video-1080p.webm](https://github.com/user-attachments/assets/b37388f7-a971-409c-96a7-90c4e31322e6)
+[superset-video-4k.webm](https://github.com/apache/superset/assets/812905/da036bc2-150c-4ee7-80f9-75e63210ff76)

 <br/>

@@ -103,7 +101,7 @@ Here are some of the major database solutions that are supported:

 <p align="center">
  <img src="https://superset.apache.org/img/databases/redshift.png" alt="redshift" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-bigquery" border="0" width="200"/>
+  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-biquery" border="0" width="200"/>
  <img src="https://superset.apache.org/img/databases/snowflake.png" alt="snowflake" border="0" width="200"/>
  <img src="https://superset.apache.org/img/databases/trino.png" alt="trino" border="0" width="150" />
  <img src="https://superset.apache.org/img/databases/presto.png" alt="presto" border="0" width="200"/>
@@ -111,6 +109,7 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/druid.png" alt="druid" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/firebolt.png" alt="firebolt" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/timescale.png" alt="timescale" border="0" width="200" />
+  <img src="https://superset.apache.org/img/databases/rockset.png" alt="rockset" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/postgresql.png" alt="postgresql" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/mysql.png" alt="mysql" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/mssql-server.png" alt="mssql-server" border="0" width="200" />
@@ -135,10 +134,9 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/doris.png" alt="doris" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="sap-hana" border="0" width="220" />
+  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="oceanbase" border="0" width="220" />
  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
 </p>

 **A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
@@ -147,7 +145,7 @@ Want to add support for your datastore or data engine? Read more [here](https://

 ## Installation and Configuration

-Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) guide or learn about [the options for production deployments](https://superset.apache.org/docs/installation/architecture/).
+[Extended documentation for Superset](https://superset.apache.org/docs/installation/docker-compose)

 ## Get Involved

@@ -156,7 +154,7 @@ Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) gu
  and please read our [Slack Community Guidelines](https://github.com/apache/superset/blob/master/CODE_OF_CONDUCT.md#slack-community-guidelines)
 - [Join our dev@superset.apache.org Mailing list](https://lists.apache.org/list.html?dev@superset.apache.org). To join, simply send an email to [dev-subscribe@superset.apache.org](mailto:dev-subscribe@superset.apache.org)
 - If you want to help troubleshoot GitHub Issues involving the numerous database drivers that Superset supports, please consider adding your name and the databases you have access to on the [Superset Database Familiarity Rolodex](https://docs.google.com/spreadsheets/d/1U1qxiLvOX0kBTUGME1AHHi6Ywel6ECF8xk_Qy-V9R8c/edit#gid=0)
- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings. Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)
+- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings.  Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)

 ## Contributor Guide

@@ -184,16 +182,14 @@ Understanding the Superset Points of View
  - [Building New Database Connectors](https://preset.io/blog/building-database-connector/)
  - [Create Your First Dashboard](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/)
  - [Comprehensive Tutorial for Contributing Code to Apache Superset
-    ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
+  ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
 - [Resources to master Superset by Preset](https://preset.io/resources/)

 - Deploying Superset
-
  - [Official Docker image](https://hub.docker.com/r/apache/superset)
  - [Helm Chart](https://github.com/apache/superset/tree/master/helm/superset)

 - Recordings of Past [Superset Community Events](https://preset.io/events)
-
  - [Mixed Time Series Charts](https://preset.io/events/mixed-time-series-visualization-in-superset-workshop/)
  - [How the Bing Team Customized Superset for the Internal Self-Serve Data & Analytics Platform](https://preset.io/events/how-the-bing-team-heavily-customized-superset-for-their-internal-data/)
  - [Live Demo: Visualizing MongoDB and Pinot Data using Trino](https://preset.io/events/2021-04-13-visualizing-mongodb-and-pinot-data-using-trino/)
@@ -201,7 +197,6 @@ Understanding the Superset Points of View
  - [Building a Database Connector for Superset](https://preset.io/events/2021-02-16-building-a-database-connector-for-superset/)

 - Visualizations
-
  - [Creating Viz Plugins](https://superset.apache.org/docs/contributing/creating-viz-plugins/)
  - [Managing and Deploying Custom Viz Plugins](https://medium.com/nmc-techblog/apache-superset-manage-custom-viz-plugins-in-production-9fde1a708e55)
  - [Why Apache Superset is Betting on Apache ECharts](https://preset.io/blog/2021-4-1-why-echarts/)
--- a/RELEASING/Dockerfile.from_local_tarball
+++ b/RELEASING/Dockerfile.from_local_tarball
@@ -14,13 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -30,14 +30,14 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
+    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
+    apt-get install -y nodejs; \
+    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi

 RUN mkdir -p /home/superset
@@ -50,21 +50,21 @@ ARG SUPERSET_RELEASE_RC_TARBALL
 # Can fetch source from svn or copy tarball from local mounted directory
 COPY $SUPERSET_RELEASE_RC_TARBALL ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend

 RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/ \
-  SUPERSET_TESTENV=true
+    PYTHONPATH=/home/superset/superset/ \
+    SUPERSET_TESTENV=true
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.from_svn_tarball
+++ b/RELEASING/Dockerfile.from_svn_tarball
@@ -14,13 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -30,14 +30,14 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y subversion build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
+    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
+    apt-get install -y nodejs; \
+    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi

 RUN mkdir -p /home/superset
@@ -49,20 +49,20 @@ ARG VERSION
 # Can fetch source from svn or copy tarball from local mounted directory
 RUN svn co https://dist.apache.org/repos/dist/dev/superset/$VERSION ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend

 RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/
+    PYTHONPATH=/home/superset/superset/
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.make_docs
+++ b/RELEASING/Dockerfile.make_docs
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 ARG VERSION

 RUN git clone --depth 1 --branch ${VERSION} https://github.com/apache/superset.git /superset
--- a/RELEASING/Dockerfile.make_tarball
+++ b/RELEASING/Dockerfile.make_tarball
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN apt-get update -y
 RUN apt-get install -y \
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -123,10 +123,10 @@ SUPERSET_RC=1
 SUPERSET_GITHUB_BRANCH=1.5
 SUPERSET_PGP_FULLNAME=villebro@apache.org
 SUPERSET_VERSION_RC=1.5.1rc1
-SUPERSET_RELEASE=apache_superset-1.5.1
-SUPERSET_RELEASE_RC=apache_superset-1.5.1rc1
-SUPERSET_RELEASE_TARBALL=apache_superset-1.5.1-source.tar.gz
-SUPERSET_RELEASE_RC_TARBALL=apache_superset-1.5.1rc1-source.tar.gz
+SUPERSET_RELEASE=apache-superset-1.5.1
+SUPERSET_RELEASE_RC=apache-superset-1.5.1rc1
+SUPERSET_RELEASE_TARBALL=apache-superset-1.5.1-source.tar.gz
+SUPERSET_RELEASE_RC_TARBALL=apache-superset-1.5.1rc1-source.tar.gz
 SUPERSET_TMP_ASF_SITE_PATH=/tmp/incubator-superset-site-1.5.1
 -------------------------------
 ```
@@ -380,7 +380,7 @@ Official instructions:
 https://www.apache.org/info/verification.html

 We now have a handy script for anyone validating a release to use. The core of it is in this very folder, `verify_release.py`. Just make sure you have all three release files in the same directory (`{some version}.tar.gz`, `{some version}.tar.gz.asc` and `{some version}tar.gz.sha512`). Then you can pass this script the path to the `.gz` file like so:
-`python verify_release.py ~/path/tp/apache_superset-{version/candidate}-source.tar.gz`
+`python verify_release.py ~/path/tp/apache-superset-{version/candidate}-source.tar.gz`

 If all goes well, you will see this result in your terminal:

@@ -454,11 +454,8 @@ cd ../
 # Compile translations for the backend
 ./scripts/translations/generate_mo_files.sh

-# update build version number
-sed -i '' "s/version_string = .*/version_string = \"$SUPERSET_VERSION\"/" setup.py
-
 # build the python distribution
-python setup.py sdist
+python -m build
 ```

 Publish to PyPI
@@ -469,11 +466,8 @@ an account first if you don't have one, and reference your username
 while requesting access to push packages.

 ```bash
-# Run this first to make sure you are uploading the right version.
-# Pypi does not allow you to delete or retract once uplaoded.
-twine check dist/*
-
-twine upload dist/*
+twine upload dist/apache_superset-${SUPERSET_VERSION}-py3-none-any.whl
+twine upload dist/apache-superset-${SUPERSET_VERSION}.tar.gz
 ```

 Set your username to `__token__`
@@ -522,8 +516,6 @@ takes the version (ie `3.1.1`), the git reference (any SHA, tag or branch
 reference), and whether to force the `latest` Docker tag on the
 generated images.

-**NOTE:** If the docker image isn't built, you'll need to run this [GH action](https://github.com/apache/superset/actions/workflows/tag-release.yml) where you provide it the tag sha.
-
 ### Npm Release

 You might want to publish the latest @superset-ui release to npm
--- a/RELEASING/changelog.py
+++ b/RELEASING/changelog.py
@@ -232,7 +232,8 @@ class GitChangeLog:
        for log in self._logs:
            yield {
                "pr_number": log.pr_number,
-                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/{log.pr_number}",
+                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/"
+                f"{log.pr_number}",
                "message": log.message,
                "time": log.time,
                "author": log.author,
@@ -322,9 +323,9 @@ class BaseParameters:


 def print_title(message: str) -> None:
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")
    print(message)
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")


@click.group()
@@ -348,14 +349,14 @@ def compare(base_parameters: BaseParameters) -> None:
    previous_logs = base_parameters.previous_logs
    current_logs = base_parameters.current_logs
    print_title(
-        f"Pull requests from {current_logs.git_ref} not in {previous_logs.git_ref}"
+        f"Pull requests from " f"{current_logs.git_ref} not in {previous_logs.git_ref}"
    )
    previous_diff_logs = previous_logs.diff(current_logs)
    for diff_log in previous_diff_logs:
        print(f"{diff_log}")

    print_title(
-        f"Pull requests from {previous_logs.git_ref} not in {current_logs.git_ref}"
+        f"Pull requests from " f"{previous_logs.git_ref} not in {current_logs.git_ref}"
    )
    current_diff_logs = current_logs.diff(previous_logs)
    for diff_log in current_diff_logs:
--- a/RELEASING/email_templates/announce.j2
+++ b/RELEASING/email_templates/announce.j2
@@ -31,7 +31,7 @@ The official source release:
 https://downloads.apache.org/{{ project_module }}/{{ version }}

 The PyPI package:
-https://pypi.org/project/apache_superset/{{ version }}
+https://pypi.org/project/apache-superset/{{ version }}

 The CHANGELOG for the release:
 https://github.com/apache/{{ project_module }}/blob/{{ version }}/CHANGELOG/{{ version }}.md
--- a/RELEASING/make_tarball.sh
+++ b/RELEASING/make_tarball.sh
@@ -32,10 +32,11 @@ else
  SUPERSET_VERSION="${1}"
  SUPERSET_RC="${2}"
  SUPERSET_PGP_FULLNAME="${3}"
-  SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
-  SUPERSET_RELEASE_RC_TARBALL="apache_superset-${SUPERSET_VERSION_RC}-source.tar.gz"
+  SUPERSET_RELEASE_RC_TARBALL="apache-superset-${SUPERSET_VERSION_RC}-source.tar.gz"
 fi

+SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
+
 if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
  SUPERSET_SVN_DEV_PATH="$HOME/svn/superset_dev"
 fi
--- a/RELEASING/make_tarball_entrypoint.sh
+++ b/RELEASING/make_tarball_entrypoint.sh
@@ -22,7 +22,7 @@ if [ -z "${SUPERSET_VERSION_RC}" ] || [ -z "${SUPERSET_SVN_DEV_PATH}" ] || [ -z
  exit 1
 fi

-SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
 SUPERSET_RELEASE_RC_BASE_PATH="${SUPERSET_SVN_DEV_PATH}"/"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL_PATH="${SUPERSET_RELEASE_RC_BASE_PATH}"/"${SUPERSET_RELEASE_RC_TARBALL}"
--- a/RELEASING/set_release_env.sh
+++ b/RELEASING/set_release_env.sh
@@ -50,8 +50,8 @@ else
  export SUPERSET_GITHUB_BRANCH="${VERSION_MAJOR}.${VERSION_MINOR}"
  export SUPERSET_PGP_FULLNAME="${2}"
  export SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${VERSION_RC}"
-  export SUPERSET_RELEASE=apache_superset-"${SUPERSET_VERSION}"
-  export SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  export SUPERSET_RELEASE=apache-superset-"${SUPERSET_VERSION}"
+  export SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  export SUPERSET_RELEASE_TARBALL="${SUPERSET_RELEASE}"-source.tar.gz
  export SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  export SUPERSET_TMP_ASF_SITE_PATH="/tmp/incubator-superset-site-${SUPERSET_VERSION}"
--- a/RELEASING/test_run_tarball.sh
+++ b/RELEASING/test_run_tarball.sh
@@ -27,7 +27,7 @@ if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
 fi

 if [[ -n ${1} ]] && [[ ${1} == "local" ]]; then
-  SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  SUPERSET_TARBALL_PATH="${SUPERSET_SVN_DEV_PATH}"/${SUPERSET_VERSION_RC}/${SUPERSET_RELEASE_RC_TARBALL}
  SUPERSET_TMP_TARBALL_FILENAME=_tmp_"${SUPERSET_VERSION_RC}".tar.gz
--- a/RELEASING/validate_this_release.sh
+++ b/RELEASING/validate_this_release.sh
@@ -38,7 +38,7 @@ get_pip_command() {
 PYTHON=$(get_python_command)
 PIP=$(get_pip_command)

-# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache_superset-x.x.xrcx-source.tar.gz`
+# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache-superset-x.x.xrcx-source.tar.gz`
 RELEASE_ZIP_PATH="../../$(basename "$(dirname "$(pwd)")")-source.tar.gz"

 # Install dependencies from requirements.txt if the file exists
--- a/RESOURCES/FEATURE_FLAGS.md
+++ b/RESOURCES/FEATURE_FLAGS.md
@@ -28,7 +28,6 @@ These features are considered **unfinished** and should only be used on developm
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"

 - ALERT_REPORT_TABS
- DATE_RANGE_TIMESHIFTS_ENABLED
 - ENABLE_ADVANCED_DATA_TYPES
 - PRESTO_EXPAND_DATA
 - SHARE_QUERIES_VIA_KV_STORE
@@ -50,6 +49,7 @@ These features are **finished** but currently being tested. They are usable, but
 - ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
 - ESTIMATE_QUERY_COST
 - GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
+- HORIZONTAL_FILTER_BAR
 - IMPERSONATE_WITH_EMAIL_PREFIX
 - PLAYWRIGHT_REPORTS_AND_THUMBNAILS
 - RLS_IN_SQLLAB
--- a/RESOURCES/INTHEWILD.md
+++ b/RESOURCES/INTHEWILD.md
@@ -25,8 +25,8 @@ all you have to do is file a simple PR [like this one](https://github.com/apache
 the categorization is inaccurate, please file a PR with your correction as well.
 Join our growing community!

-### Sharing Economy

+### Sharing Economy
 - [Airbnb](https://github.com/airbnb)
 - [Faasos](https://faasos.com/) [@shashanksingh]
 - [Free2Move](https://www.free2move.com/) [@PaoloTerzi]
@@ -36,14 +36,12 @@ Join our growing community!
 - [Ontruck](https://www.ontruck.com/)

 ### Financial Services
-
 - [Aktia Bank plc](https://www.aktia.com)
 - [American Express](https://www.americanexpress.com) [@TheLastSultan]
 - [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]
 - [Cape Crypto](https://capecrypto.com)
 - [Capital Service S.A.](https://capitalservice.pl) [@pkonarzewski]
 - [Clark.de](https://clark.de/)
- [Europace](https://europace.de)
 - [KarrotPay](https://www.daangnpay.com/)
 - [Remita](https://remita.net) [@mujibishola]
 - [Taveo](https://www.taveo.com) [@codek]
@@ -53,11 +51,9 @@ Join our growing community!
 - [Cover Genius](https://covergenius.com/)

 ### Gaming
-
 - [Popoko VM Games Studio](https://popoko.live)

 ### E-Commerce
-
 - [AiHello](https://www.aihello.com) [@ganeshkrishnan1]
 - [Bazaar Technologies](https://www.bazaartech.com) [@umair-abro]
 - [Dragonpass](https://www.dragonpass.com.cn/) [@zhxjdwh]
@@ -83,14 +79,12 @@ Join our growing community!
 - [Zepto](https://www.zeptonow.com/) [@gwthm-in]

 ### Enterprise Technology
-
 - [A3Data](https://a3data.com.br) [@neylsoncrepalde]
 - [Analytics Aura](https://analyticsaura.com/) [@Analytics-Aura]
 - [Apollo GraphQL](https://www.apollographql.com/) [@evans]
 - [Astronomer](https://www.astronomer.io) [@ryw]
 - [Avesta Technologies](https://avestatechnologies.com/) [@TheRum]
 - [Caizin](https://caizin.com/) [@tejaskatariya]
- [Canonical](https://canonical.com)
 - [Careem](https://www.careem.com/) [@samraHanif0340]
 - [Cloudsmith](https://cloudsmith.io) [@alancarson]
 - [Cyberhaven](https://www.cyberhaven.com/) [@toliver-ch]
@@ -102,10 +96,8 @@ Join our growing community!
 - [ELMO Cloud HR & Payroll](https://elmosoftware.com.au/)
 - [Endress+Hauser](https://www.endress.com/) [@rumbin]
 - [FBK - ICT center](https://ict.fbk.eu)
- [Formbricks](https://formbricks.com)
 - [Gavagai](https://gavagai.io) [@gavagai-corp]
 - [GfK Data Lab](https://www.gfk.com/home) [@mherr]
- [HPE](https://www.hpe.com/in/en/home.html) [@anmol-hpe]
 - [Hydrolix](https://www.hydrolix.io/)
 - [Intercom](https://www.intercom.com/) [@kate-gallo]
 - [jampp](https://jampp.com/)
@@ -117,7 +109,6 @@ Join our growing community!
 - [Ona](https://ona.io) [@pld]
 - [Orange](https://www.orange.com) [@icsu]
 - [Oslandia](https://oslandia.com)
- [Oxylabs](https://oxylabs.io/) [@rytis-ulys]
 - [Peak AI](https://www.peak.ai/) [@azhar22k]
 - [PeopleDoc](https://www.people-doc.com) [@rodo]
 - [PlaidCloud](https://www.plaidcloud.com)
@@ -125,11 +116,8 @@ Join our growing community!
 - [PubNub](https://pubnub.com) [@jzucker2]
 - [ReadyTech](https://www.readytech.io)
 - [Reward Gateway](https://www.rewardgateway.com)
- [RIADVICE](https://riadvice.tn) [@riadvice]
 - [ScopeAI](https://www.getscopeai.com) [@iloveluce]
- [shipmnts](https://shipmnts.com)
 - [Showmax](https://showmax.com) [@bobek]
- [SingleStore](https://www.singlestore.com/)
 - [TechAudit](https://www.techaudit.info) [@ETselikov]
 - [Tenable](https://www.tenable.com) [@dflionis]
 - [Tentacle](https://www.linkedin.com/company/tentacle-cmi/) [@jdclarke5]
@@ -140,11 +128,9 @@ Join our growing community!
 - [Virtuoso QA](https://www.virtuosoqa.com)
 - [Whale](https://whale.im)
 - [Windsor.ai](https://www.windsor.ai/) [@octaviancorlade]
- [WinWin Network马上赢](https://brandct.cn/) [@wenbinye]
 - [Zeta](https://www.zeta.tech/) [@shaikidris]

 ### Media & Entertainment
-
 - [6play](https://www.6play.fr) [@CoryChaplin]
 - [bilibili](https://www.bilibili.com) [@Moinheart]
 - [BurdaForward](https://www.burda-forward.de/en/)
@@ -157,7 +143,6 @@ Join our growing community!
 - [Zaihang](https://www.zaih.com/)

 ### Education
-
 - [Aveti Learning](https://avetilearning.com/) [@TheShubhendra]
 - [Brilliant.org](https://brilliant.org/)
 - [Open edX](https://openedx.org/)
@@ -169,7 +154,6 @@ Join our growing community!
 - [WikiMedia Foundation](https://wikimediafoundation.org) [@vg]

 ### Energy
-
 - [Airboxlab](https://foobot.io) [@antoine-galataud]
 - [DouroECI](https://www.douroeci.com/) [@nunohelibeires]
 - [Safaricom](https://www.safaricom.co.ke/) [@mmutiso]
@@ -177,7 +161,6 @@ Join our growing community!
 - [Wattbewerb](https://wattbewerb.de/) [@wattbewerb]

 ### Healthcare
-
 - [Amino](https://amino.com) [@shkr]
 - [Bluesquare](https://www.bluesquarehub.com/) [@madewulf]
 - [Care](https://www.getcare.io/) [@alandao2021]
@@ -190,36 +173,29 @@ Join our growing community!
 - [2070Health](https://2070health.com/)

 ### HR / Staffing
-
 - [Swile](https://www.swile.co/) [@PaoloTerzi]
 - [Symmetrics](https://www.symmetrics.fyi)
 - [bluquist](https://bluquist.com/)

-### Government
-
+### Government / Non-Profit
 - [City of Ann Arbor, MI](https://www.a2gov.org/) [@sfirke]
 - [RIS3 Strategy of CZ, MIT CR](https://www.ris3.cz/) [@RIS3CZ]
 - [NRLM - Sarathi, India](https://pib.gov.in/PressReleasePage.aspx?PRID=1999586)

 ### Travel
-
 - [Agoda](https://www.agoda.com/) [@lostseaway, @maiake, @obombayo]
- [HomeToGo](https://hometogo.com/) [@pedromartinsteenstrup]
 - [Skyscanner](https://www.skyscanner.net/) [@cleslie, @stanhoucke]

 ### Others
-
 - [10Web](https://10web.io/)
 - [AI inside](https://inside.ai/en/)
 - [Automattic](https://automattic.com/) [@Khrol, @Usiel]
 - [Dropbox](https://www.dropbox.com/) [@bkyryliuk]
- [Flowbird](https://flowbird.com) [@EmmanuelCbd]
 - [GEOTAB](https://www.geotab.com) [@JZ6]
 - [Grassroot](https://www.grassrootinstitute.org/)
 - [Increff](https://www.increff.com/) [@ishansinghania]
 - [komoot](https://www.komoot.com/) [@christophlingg]
 - [Let's Roam](https://www.letsroam.com/)
- [Machrent SA](https://www.machrent.com/)
 - [Onebeat](https://1beat.com/) [@GuyAttia]
 - [X](https://x.com/)
 - [VLMedia](https://www.vlmedia.com.tr/) [@ibotheperfect]
--- a/RESOURCES/STANDARD_ROLES.md
+++ b/RESOURCES/STANDARD_ROLES.md
@@ -43,8 +43,8 @@ under the License.
 | can this form post on ResetPasswordView          |:heavy_check_mark:|O|O|O|
 | can this form get on ResetMyPasswordView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ResetMyPasswordView        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form get on UserInfoEditView            |:heavy_check_mark:|O|O|O|
-| can this form post on UserInfoEditView           |:heavy_check_mark:|O|O|O|
+| can this form get on UserInfoEditView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can this form post on UserInfoEditView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can show on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can edit on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can delete on UserDBModelView                    |:heavy_check_mark:|O|O|O|
@@ -65,6 +65,7 @@ under the License.
 | can get on MenuApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can list on AsyncEventsRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can invalidate on CacheRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can function names on Database                   |:heavy_check_mark:|O|O|O|
 | can csv upload on Database                       |:heavy_check_mark:|O|O|O|
 | can excel upload on Database                     |:heavy_check_mark:|O|O|O|
 | can query form data on Api                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -75,6 +76,7 @@ under the License.
 | can get on Datasource                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can my queries on SqlLab                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
 | can log on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can schemas access for csv upload on Superset    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can import dashboards on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can schemas on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can sqllab history on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
@@ -94,9 +96,9 @@ under the License.
 | can available domains on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can request access on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can dashboard on Superset                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can post on TableSchemaView                      |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can expanded on TableSchemaView                  |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can delete on TableSchemaView                    |:heavy_check_mark:|O|O|:heavy_check_mark:|
+| can post on TableSchemaView                      |:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can expanded on TableSchemaView                  |:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can delete on TableSchemaView                    |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | can get on TabStateView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
 | can post on TabStateView                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
 | can delete query on TabStateView                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
@@ -116,6 +118,8 @@ under the License.
 | menu access on Data                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Databases                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Datasets                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a CSV                      |:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Upload Excel                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Charts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Dashboards                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on SQL Lab                           |:heavy_check_mark:|O|O|:heavy_check_mark:|
@@ -125,6 +129,13 @@ under the License.
 | all datasource access on all_datasource_access   |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all database access on all_database_access       |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all query access on all_query_access             |:heavy_check_mark:|O|O|O|
+| can edit on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can list on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can show on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can userinfo on UserOAuthModelView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can add on UserOAuthModelView                    |:heavy_check_mark:|O|O|O|
+| can delete on UserOAuthModelView                 |:heavy_check_mark:|O|O|O|
+| userinfoedit on UserOAuthModelView               |:heavy_check_mark:|O|O|O|
 | can write on DynamicPlugin                       |:heavy_check_mark:|O|O|O|
 | can edit on DynamicPlugin                        |:heavy_check_mark:|O|O|O|
 | can list on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -132,6 +143,13 @@ under the License.
 | can download on DynamicPlugin                    |:heavy_check_mark:|O|O|O|
 | can add on DynamicPlugin                         |:heavy_check_mark:|O|O|O|
 | can delete on DynamicPlugin                      |:heavy_check_mark:|O|O|O|
+| can edit on RowLevelSecurityFiltersModelView     |:heavy_check_mark:|O|O|O|
+| can list on RowLevelSecurityFiltersModelView     |:heavy_check_mark:|O|O|O|
+| can show on RowLevelSecurityFiltersModelView     |:heavy_check_mark:|O|O|O|
+| can download on RowLevelSecurityFiltersModelView |:heavy_check_mark:|O|O|O|
+| can add on RowLevelSecurityFiltersModelView      |:heavy_check_mark:|O|O|O|
+| can delete on RowLevelSecurityFiltersModelView   |:heavy_check_mark:|O|O|O|
+| muldelete on RowLevelSecurityFiltersModelView    |:heavy_check_mark:|O|O|O|
 | can external metadata by name on Datasource      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can get value on KV                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can store on KV                                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -174,6 +192,7 @@ under the License.
 | can share chart on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form get on ColumnarToDatabaseView      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ColumnarToDatabaseView     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a Columnar file            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can export on Chart                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can write on DashboardFilterStateRestApi         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can read on DashboardFilterStateRestApi          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -22,29 +22,6 @@ under the License.
 This file documents any backwards-incompatible changes in Superset and
 assists people when migrating to a new version.

-## Next
- [33055](https://github.com/apache/superset/pull/33055): Upgrades Flask-AppBuilder to 5.0.0. The AUTH_OID authentication type has been deprecated and is no longer available as an option in Flask-AppBuilder. OpenID (OID) is considered a deprecated authentication protocol - if you are using AUTH_OID, you will need to migrate to an alternative authentication method such as OAuth, LDAP, or database authentication before upgrading.
- [35062](https://github.com/apache/superset/pull/35062): Changed the function signature of `setupExtensions` to `setupCodeOverrides` with options as arguments.
- [34871](https://github.com/apache/superset/pull/34871): Fixed Jest test hanging issue from Ant Design v5 upgrade. MessageChannel is now mocked in test environment to prevent rc-overflow from causing Jest to hang. Test environment only - no production impact.
- [34782](https://github.com/apache/superset/pull/34782): Dataset exports now include the dataset ID in their file name (similar to charts and dashboards). If managing assets as code, make sure to rename existing dataset YAMLs to include the ID (and avoid duplicated files).
- [34536](https://github.com/apache/superset/pull/34536): The `ENVIRONMENT_TAG_CONFIG` color values have changed to support only Ant Design semantic colors. Update your `superset_config.py`:
-  - Change `"error.base"` to just `"error"` after this PR
-  - Change any hex color values to one of: `"success"`, `"processing"`, `"error"`, `"warning"`, `"default"`
-  - Custom colors are no longer supported to maintain consistency with Ant Design components
- [34561](https://github.com/apache/superset/pull/34561) Added tiled screenshot functionality for Playwright-based reports to handle large dashboards more efficiently. When enabled (default: `SCREENSHOT_TILED_ENABLED = True`), dashboards with 20+ charts or height exceeding 5000px will be captured using multiple viewport-sized tiles and combined into a single image. This improves report generation performance and reliability for large dashboards.
-Note: Pillow is now a required dependency (previously optional) to support image processing for tiled screenshots.
-`thumbnails` optional dependency is now deprecated and will be removed in the next major release (7.0).
- [33084](https://github.com/apache/superset/pull/33084) The DISALLOWED_SQL_FUNCTIONS configuration now includes additional potentially sensitive database functions across PostgreSQL, MySQL, SQLite, MS SQL Server, and ClickHouse. Existing queries using these functions may now be blocked. Review your SQL Lab queries and dashboards if you encounter "disallowed function" errors after upgrading
- [34235](https://github.com/apache/superset/pull/34235) CSV exports now use `utf-8-sig` encoding by default to include a UTF-8 BOM, improving compatibility with Excel.
- [34258](https://github.com/apache/superset/pull/34258) changing the default in Dockerfile to INCLUDE_CHROMIUM="false" (from "true") in the past. This ensures the `lean` layer is lean by default, and people can opt-in to the `chromium` layer by setting the build arg `INCLUDE_CHROMIUM=true`. This is a breaking change for anyone using the `lean` layer, as it will no longer include Chromium by default.
- [34204](https://github.com/apache/superset/pull/33603) OpenStreetView has been promoted as the new default for Deck.gl visualization since it can be enabled by default without requiring an API key. If you have Mapbox set up and want to disable OpenStreeView in your environment, please follow the steps documented here [https://superset.apache.org/docs/configuration/map-tiles].
- [33116](https://github.com/apache/superset/pull/33116) In Echarts Series charts (e.g. Line, Area, Bar, etc.) charts, the `x_axis_sort_series` and `x_axis_sort_series_ascending` form data items have been renamed with `x_axis_sort` and `x_axis_sort_asc`.
-  There's a migration added that can potentially affect a significant number of existing charts.
- [32317](https://github.com/apache/superset/pull/32317) The horizontal filter bar feature is now out of testing/beta development and its feature flag `HORIZONTAL_FILTER_BAR` has been removed.
- [31590](https://github.com/apache/superset/pull/31590) Marks the begining of intricate work around supporting dynamic Theming, and breaks support for [THEME_OVERRIDES](https://github.com/apache/superset/blob/732de4ac7fae88e29b7f123b6cbb2d7cd411b0e4/superset/config.py#L671) in favor of a new theming system based on AntD V5. Likely this will be in disrepair until settling over the 5.x lifecycle.
- [32432](https://github.com/apache/superset/pull/31260) Moves the List Roles FAB view to the frontend and requires `FAB_ADD_SECURITY_API` to be enabled in the configuration and `superset init` to be executed.
- [34319](https://github.com/apache/superset/pull/34319) Drill to Detail and Drill By is now supported in Embedded mode, and also with the `DASHBOARD_RBAC` FF. If you don't want to expose these features in Embedded / `DASHBOARD_RBAC`, make sure the roles used for Embedded / `DASHBOARD_RBAC`don't have the required permissions to perform D2D actions.
-
 ## 5.0.0

 - [31976](https://github.com/apache/superset/pull/31976) Removed the `DISABLE_LEGACY_DATASOURCE_EDITOR` feature flag. The previous value of the feature flag was `True` and now the feature is permanently removed.
@@ -58,7 +35,7 @@ Note: Pillow is now a required dependency (previously optional) to support image
 - [31198](https://github.com/apache/superset/pull/31198) Disallows by default the use of the following ClickHouse functions: "version", "currentDatabase", "hostName".
 - [29798](https://github.com/apache/superset/pull/29798) Since 3.1.0, the intial schedule for an alert or report was mistakenly offset by the specified timezone's relation to UTC. The initial schedule should now begin at the correct time.
 - [30021](https://github.com/apache/superset/pull/30021) The `dev` layer in our Dockerfile no long includes firefox binaries, only Chromium to reduce bloat/docker-build-time.
- [30099](https://github.com/apache/superset/pull/30099) Translations are no longer included in the default docker image builds. If your environment requires translations, you'll want to set the docker build arg `BUILD_TRANSLATIONS=true`.
+- [30099](https://github.com/apache/superset/pull/30099) Translations are no longer included in the default docker image builds. If your environment requires translations, you'll want to set the docker build arg `BUILD_TRANSACTION=true`.
 - [31262](https://github.com/apache/superset/pull/31262) NOTE: deprecated `pylint` in favor of `ruff` as our only python linter. Only affect development workflows positively (not the release itself). It should cover most important rules, be much faster, but some things linting rules that were enforced before may not be enforce in the exact same way as before.
 - [31173](https://github.com/apache/superset/pull/31173) Modified `fetch_csrf_token` to align with HTTP standards, particularly regarding how cookies are handled. If you encounter any issues related to CSRF functionality, please report them as a new issue and reference this PR for context.
 - [31413](https://github.com/apache/superset/pull/31413) Enable the DATE_FORMAT_IN_EMAIL_SUBJECT feature flag to allow users to specify a date format for the email subject, which will then be replaced with the actual date.
@@ -71,13 +48,6 @@ Note: Pillow is now a required dependency (previously optional) to support image
 - [31961](https://github.com/apache/superset/pull/31961) Upgraded React from version 16.13.1 to 17.0.2. If you are using custom frontend extensions or plugins, you may need to update them to be compatible with React 17.
 - [31260](https://github.com/apache/superset/pull/31260) Docker images now use `uv pip install` instead of `pip install` to manage the python envrionment. Most docker-based deployments will be affected, whether you derive one of the published images, or have custom bootstrap script that install python libraries (drivers)

-### Potential Downtime
-
-## 4.1.2
-
- [31198](https://github.com/apache/superset/pull/31198) Disallows by default the use of the following ClickHouse functions: "version", "currentDatabase", "hostName".
- [31173](https://github.com/apache/superset/pull/31173) Modified `fetch_csrf_token` to align with HTTP standards, particularly regarding how cookies are handled. If you encounter any issues related to CSRF functionality, please report them as a new issue and reference this PR for context.
-
 ## 4.1.0

 - [29274](https://github.com/apache/superset/pull/29274): We made it easier to trigger CI on your
--- a/docker-compose-image-tag.yml
+++ b/docker-compose-image-tag.yml
@@ -20,9 +20,6 @@
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
-#
-# For verbose logging during development:
-# - Set SUPERSET_LOG_LEVEL=debug in docker/.env-local for detailed Superset logs
 # -----------------------------------------------------------------------
 x-superset-image: &superset-image apachesuperset.docker.scarf.sh/apache/superset:${TAG:-latest-dev}
 x-superset-volumes:
@@ -44,7 +41,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    volumes:
@@ -68,6 +65,8 @@ services:
      superset-init:
        condition: service_completed_successfully
    volumes: *superset-volumes
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    image: *superset-image
@@ -87,6 +86,9 @@ services:
    volumes: *superset-volumes
    healthcheck:
      disable: true
+    environment:
+      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    image: *superset-image
@@ -109,6 +111,8 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    image: *superset-image
@@ -127,6 +131,8 @@ services:
    volumes: *superset-volumes
    healthcheck:
      disable: true
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose-light.yml
+++ b/docker-compose-light.yml
@@ -1,207 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# -----------------------------------------------------------------------
-# Lightweight docker-compose for running multiple Superset instances
-# This includes only essential services: database and Superset app (no Redis)
-#
-# RUNNING SUPERSET:
-# 1. Start services: docker-compose -f docker-compose-light.yml up
-# 2. Access at: http://localhost:9001 (or NODE_PORT if specified)
-#
-# RUNNING MULTIPLE INSTANCES:
-# - Use different project names: docker-compose -p project1 -f docker-compose-light.yml up
-# - Use different NODE_PORT values: NODE_PORT=9002 docker-compose -p project2 -f docker-compose-light.yml up
-# - Volumes are isolated by project name (e.g., project1_db_home_light, project2_db_home_light)
-# - Database name is intentionally different (superset_light) to prevent accidental cross-connections
-#
-# RUNNING TESTS WITH PYTEST:
-# Tests run in an isolated environment with a separate test database.
-# The pytest-runner service automatically creates and initializes the test database on first use.
-#
-# Basic usage:
-#   docker-compose -f docker-compose-light.yml run --rm pytest-runner pytest tests/unit_tests/
-#
-# Run specific test file:
-#   docker-compose -f docker-compose-light.yml run --rm pytest-runner pytest tests/unit_tests/test_foo.py
-#
-# Run with pytest options:
-#   docker-compose -f docker-compose-light.yml run --rm pytest-runner pytest -v -s -x tests/
-#
-# Force reload test database and run tests (when tests are failing due to bad state):
-#   docker-compose -f docker-compose-light.yml run --rm -e FORCE_RELOAD=true pytest-runner pytest tests/
-#
-# Run any command in test environment:
-#   docker-compose -f docker-compose-light.yml run --rm pytest-runner bash
-#   docker-compose -f docker-compose-light.yml run --rm pytest-runner pytest --collect-only
-#
-# For parallel test execution with different projects:
-#   docker-compose -p project1 -f docker-compose-light.yml run --rm pytest-runner pytest tests/
-#
-# DEVELOPMENT TIPS:
-# - First test run takes ~20-30 seconds (database creation + initialization)
-# - Subsequent runs are fast (~2-3 seconds startup)
-# - Use FORCE_RELOAD=true when you need a clean test database
-# - Tests use SimpleCache instead of Redis (no Redis required)
-# - Set SUPERSET_LOG_LEVEL=debug in docker/.env-local for detailed logs
-# -----------------------------------------------------------------------
-x-superset-user: &superset-user root
-x-superset-volumes: &superset-volumes
-  # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
-  - ./docker:/app/docker
-  - ./superset:/app/superset
-  - ./superset-frontend:/app/superset-frontend
-  - superset_home_light:/app/superset_home
-  - ./tests:/app/tests
-x-common-build: &common-build
-  context: .
-  target: ${SUPERSET_BUILD_TARGET:-dev} # can use `dev` (default) or `lean`
-  cache_from:
-    - apache/superset-cache:3.10-slim-trixie
-  args:
-    DEV_MODE: "true"
-    INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
-    INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
-    BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
-    LOAD_EXAMPLES_DUCKDB: ${LOAD_EXAMPLES_DUCKDB:-true}
-
-services:
-  db-light:
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
-    image: postgres:16
-    restart: unless-stopped
-    volumes:
-      - db_home_light:/var/lib/postgresql/data
-      - ./docker/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
-    environment:
-      POSTGRES_DB: superset_light
-    command: postgres -c max_connections=200
-
-  superset-light:
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
-    build:
-      <<: *common-build
-    command: ["/app/docker/docker-bootstrap.sh", "app"]
-    restart: unless-stopped
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    user: *superset-user
-    depends_on:
-      superset-init-light:
-        condition: service_completed_successfully
-    volumes: *superset-volumes
-    environment:
-      DATABASE_HOST: db-light
-      DATABASE_DB: superset_light
-      POSTGRES_DB: superset_light
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
-      SUPERSET_CONFIG_PATH: /app/docker/pythonpath_dev/superset_config_docker_light.py
-      GITHUB_HEAD_REF: ${GITHUB_HEAD_REF:-}
-      GITHUB_SHA: ${GITHUB_SHA:-}
-
-  superset-init-light:
-    build:
-      <<: *common-build
-    command: ["/app/docker/docker-init.sh"]
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
-    user: *superset-user
-    depends_on:
-      db-light:
-        condition: service_started
-    volumes: *superset-volumes
-    environment:
-      DATABASE_HOST: db-light
-      DATABASE_DB: superset_light
-      POSTGRES_DB: superset_light
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
-      SUPERSET_CONFIG_PATH: /app/docker/pythonpath_dev/superset_config_docker_light.py
-    healthcheck:
-      disable: true
-
-  superset-node-light:
-    build:
-      context: .
-      target: superset-node
-      args:
-        # This prevents building the frontend bundle since we'll mount local folder
-        # and build it on startup while firing docker-frontend.sh in dev mode, where
-        # it'll mount and watch local files and rebuild as you update them
-        DEV_MODE: "true"
-        BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
-    environment:
-      # set this to false if you have perf issues running the npm i; npm run dev in-docker
-      # if you do so, you have to run this manually on the host, which should perform better!
-      BUILD_SUPERSET_FRONTEND_IN_DOCKER: true
-      NPM_RUN_PRUNE: false
-      SCARF_ANALYTICS: "${SCARF_ANALYTICS:-}"
-      # configuring the dev-server to use the host.docker.internal to connect to the backend
-      superset: "http://superset-light:8088"
-      # Webpack dev server configuration
-      WEBPACK_DEVSERVER_HOST: "${WEBPACK_DEVSERVER_HOST:-0.0.0.0}"
-      WEBPACK_DEVSERVER_PORT: "${WEBPACK_DEVSERVER_PORT:-9000}"
-    ports:
-      - "${NODE_PORT:-9001}:9000"  # Parameterized port, accessible on all interfaces
-    command: ["/app/docker/docker-frontend.sh"]
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
-    volumes: *superset-volumes
-
-  pytest-runner:
-    build:
-      <<: *common-build
-    entrypoint: ["/app/docker/docker-pytest-entrypoint.sh"]
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
-    profiles:
-      - test  # Only starts when --profile test is used
-    depends_on:
-      db-light:
-        condition: service_started
-    user: *superset-user
-    volumes: *superset-volumes
-    environment:
-      DATABASE_HOST: db-light
-      DATABASE_DB: test
-      POSTGRES_DB: test
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@db-light:5432/test
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
-      SUPERSET_CONFIG: superset_test_config_light
-      PYTHONPATH: /app/pythonpath:/app/docker/pythonpath_dev:/app
-
-volumes:
-  superset_home_light:
-    external: false
-  db_home_light:
-    external: false
--- a/docker-compose-non-dev.yml
+++ b/docker-compose-non-dev.yml
@@ -20,9 +20,6 @@
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
-#
-# For verbose logging during development:
-# - Set SUPERSET_LOG_LEVEL=debug in docker/.env-local for detailed Superset logs
 # -----------------------------------------------------------------------
 x-superset-volumes:
  &superset-volumes # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
@@ -33,7 +30,7 @@ x-common-build: &common-build
  context: .
  target: dev
  cache_from:
-    - apache/superset-cache:3.10-slim-trixie
+    - apache/superset-cache:3.10-slim-bookworm

 services:
  redis:
@@ -49,7 +46,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    volumes:
@@ -74,6 +71,8 @@ services:
      superset-init:
        condition: service_completed_successfully
    volumes: *superset-volumes
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    container_name: superset_init
@@ -94,6 +93,9 @@ services:
    volumes: *superset-volumes
    healthcheck:
      disable: true
+    environment:
+      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    build:
@@ -117,6 +119,8 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    build:
@@ -136,6 +140,8 @@ services:
    volumes: *superset-volumes
    healthcheck:
      disable: true
+    environment:
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,9 +20,6 @@
 # If you choose to use this type of deployment make sure to
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
-#
-# For verbose logging during development:
-# - Set SUPERSET_LOG_LEVEL=debug in docker/.env-local for detailed Superset logs
 # -----------------------------------------------------------------------
 x-superset-user: &superset-user root
 x-superset-volumes: &superset-volumes
@@ -32,25 +29,20 @@ x-superset-volumes: &superset-volumes
  - ./superset-frontend:/app/superset-frontend
  - superset_home:/app/superset_home
  - ./tests:/app/tests
+
 x-common-build: &common-build
  context: .
  target: ${SUPERSET_BUILD_TARGET:-dev} # can use `dev` (default) or `lean`
  cache_from:
-    - apache/superset-cache:3.10-slim-trixie
+    - apache/superset-cache:3.10-slim-bookworm
  args:
    DEV_MODE: "true"
    INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
    INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
    BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
-    LOAD_EXAMPLES_DUCKDB: ${LOAD_EXAMPLES_DUCKDB:-true}

 services:
  nginx:
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
    image: nginx:latest
    container_name: superset_nginx
    restart: unless-stopped
@@ -60,8 +52,6 @@ services:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./docker/nginx/templates:/etc/nginx/templates:ro
-
  redis:
    image: redis:7
    container_name: superset_cache
@@ -77,7 +67,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    ports:
@@ -109,7 +99,8 @@ services:
        condition: service_completed_successfully
    volumes: *superset-volumes
    environment:
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
+      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-websocket:
    container_name: superset_websocket
@@ -162,7 +153,9 @@ services:
    user: *superset-user
    volumes: *superset-volumes
    environment:
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
+      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
+      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    healthcheck:
      disable: true

@@ -183,7 +176,7 @@ services:
      NPM_RUN_PRUNE: false
      SCARF_ANALYTICS: "${SCARF_ANALYTICS:-}"
      # configuring the dev-server to use the host.docker.internal to connect to the backend
-      superset: "http://superset:8088"
+      superset: "http://host.docker.internal:8088"
    ports:
      - "127.0.0.1:9000:9000"  # exposing the dynamic webpack dev server
    container_name: superset_node
@@ -207,6 +200,8 @@ services:
        required: false
    environment:
      CELERYD_CONCURRENCY: 2
+      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    restart: unless-stopped
    depends_on:
      superset-init:
@@ -238,6 +233,9 @@ services:
    volumes: *superset-volumes
    healthcheck:
      disable: true
+    environment:
+      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-tests-worker:
    build:
@@ -258,6 +256,7 @@ services:
      REDIS_RESULTS_DB: 3
      REDIS_HOST: localhost
      CELERYD_CONCURRENCY: 8
+      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    network_mode: host
    depends_on:
      superset-init:
--- a/docker/.env
+++ b/docker/.env
@@ -53,13 +53,7 @@ PYTHONPATH=/app/pythonpath:/app/docker/pythonpath_dev
 REDIS_HOST=redis
 REDIS_PORT=6379

-# Development and logging configuration
-# FLASK_DEBUG: Enables Flask dev features (auto-reload, better error pages) - keep 'true' for development
 FLASK_DEBUG=true
-# SUPERSET_LOG_LEVEL: Controls Superset application logging verbosity (debug, info, warning, error, critical)
-SUPERSET_LOG_LEVEL=info
-
-SUPERSET_APP_ROOT="/"
 SUPERSET_ENV=development
 SUPERSET_LOAD_EXAMPLES=yes
 CYPRESS_CONFIG=false
@@ -68,6 +62,8 @@ MAPBOX_API_KEY=''

 # Make sure you set this to a unique secure random value on production
 SUPERSET_SECRET_KEY=TEST_NON_DEV_SECRET
+
 ENABLE_PLAYWRIGHT=false
 PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
 BUILD_SUPERSET_FRONTEND_IN_DOCKER=true
+SUPERSET_LOG_LEVEL=info
--- a/docker/apt-install.sh
+++ b/docker/apt-install.sh
@@ -18,7 +18,7 @@
 set -euo pipefail

 # Ensure this script is run as root
-if [[ ${EUID} -ne 0 ]]; then
+if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" >&2
  exit 1
 fi
@@ -42,7 +42,7 @@ echo -e "${GREEN}Installing packages: $@${RESET}"
 apt-get install -yqq --no-install-recommends "$@"

 echo -e "${GREEN}Autoremoving unnecessary packages...${RESET}"
-apt-get autoremove -yqq --purge
+apt-get autoremove -y

 echo -e "${GREEN}Cleaning up package cache and metadata...${RESET}"
 apt-get clean
--- a/Show More
+++ b/Show More