feat(security): terminate active sessions when an account is disabled

Disabling a user account (active=False) terminates that user's
outstanding sessions on their next request via a per-user invalidation
epoch (user_attribute.sessions_invalidated_at). Works for both
client-side cookie sessions and server-side session stores. Inert for
users that were never disabled (NULL epoch). The migration backfills the
epoch for accounts already disabled at upgrade time.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

UPDATING.md

@@ -70,6 +70,10 @@ superset revoke-guest-tokens
 
 This change is backward compatible. The feature is off by default, and even when enabled nothing is revoked until an admin explicitly bumps the version: the expected version starts at `0`, and tokens minted before this change (which carry no version claim) are treated as version `0`. No database migration is required.
 
+### Sessions are terminated when an account is disabled
+
+Disabling a user account (setting `active` to `False`, via the admin UI, REST API, or CLI) now terminates that user's outstanding sessions on their next request, instead of relying on a passive check. This works for both client-side cookie sessions and server-side session stores via a per-user invalidation epoch (`user_attribute.sessions_invalidated_at`, added by a migration). The mechanism is inert for users that were never disabled (NULL epoch), so there is no behavior change for active users. Re-enabling an account and logging in again starts a fresh, valid session. The migration backfills the epoch for accounts that are already disabled at upgrade time, so re-enabling such an account does not revive a session that predates this feature.
+
 ### Dataset import validates catalog against the target connection
 
 Importing a dataset now validates the `catalog` field against the target database connection. When the connection has multi-catalog disabled (`allow_multi_catalog` off) and the dataset's catalog is not the connection's default catalog, the import fails instead of silently persisting the non-default catalog. This matches the validation already enforced on the dataset update path and prevents imported datasets from querying an unintended database.

pyproject.toml

@@ -64,7 +64,7 @@ dependencies = [
     "holidays>=0.45, <1",
     "humanize",
     "isodate",
-    "jsonpath-ng>=1.8.0, <2",
+    "jsonpath-ng>=1.6.1, <2",
     "Mako>=1.2.2",
     "markdown>=3.10.2",
     # marshmallow>=4 has issues: https://github.com/apache/superset/issues/33162
@@ -94,7 +94,7 @@ dependencies = [
     "PyJWT>=2.4.0, <3.0",
     "redis>=5.0.0, <6.0",
     "rison>=2.0.0, <3.0",
-    "selenium>=4.44.0, <5.0",
+    "selenium>=4.14.0, <5.0",
     "shillelagh[gsheetsapi]>=1.4.4, <2.0",
     "sshtunnel>=0.4.0, <0.5",
     "simplejson>=3.15.0",
@@ -107,7 +107,7 @@ dependencies = [
     "typing-extensions>=4, <5",
     "waitress; sys_platform == 'win32'",
     "watchdog>=6.0.0",
-    "wtforms>=3.2.2, <4",
+    "wtforms>=2.3.3, <4",
     "wtforms-json",
     "xlsxwriter>=3.2.9, <3.3",
 ]
@@ -121,7 +121,7 @@ bigquery = [
     "sqlalchemy-bigquery>=1.15.0",
     "google-cloud-bigquery>=3.10.0",
 ]
-clickhouse = ["clickhouse-connect>=1.1.1, <2.0"]
+clickhouse = ["clickhouse-connect>=0.13.0, <2.0"]
 cockroachdb = ["cockroachdb>=0.3.5, <0.4"]
 crate = ["sqlalchemy-cratedb>=0.41.0, <1"]
 d1 = [
@@ -161,7 +161,7 @@ hive = [
     "pyhive[hive]>=0.6.5;python_version<'3.11'",
     "pyhive[hive_pure_sasl]>=0.7.0",
     "tableschema",
-    "thrift>=0.23.0, <1.0.0",
+    "thrift>=0.14.1, <1.0.0",
     "thrift_sasl>=0.4.3, < 1.0.0",
 ]
 impala = ["impyla>0.16.2, <0.23"]
@@ -195,7 +195,7 @@ spark = [
     "pyhive[hive]>=0.6.5;python_version<'3.11'",
     "pyhive[hive_pure_sasl]>=0.7",
     "tableschema",
-    "thrift>=0.23.0, <1",
+    "thrift>=0.14.1, <1",
 ]
 tdengine = [
     "taospy>=2.7.21",

requirements/base.txt

@@ -50,7 +50,7 @@ cattrs==25.1.1
     # via requests-cache
 celery==5.5.2
     # via apache-superset (pyproject.toml)
-certifi==2026.5.20
+certifi==2025.6.15
     # via
     #   requests
     #   selenium
@@ -194,7 +194,7 @@ jinja2==3.1.6
     # via
     #   flask
     #   flask-babel
-jsonpath-ng==1.8.0
+jsonpath-ng==1.7.0
     # via apache-superset (pyproject.toml)
 jsonschema==4.23.0
     # via
@@ -286,6 +286,8 @@ pillow==12.2.0
     # via apache-superset (pyproject.toml)
 platformdirs==4.3.8
     # via requests-cache
+ply==3.11
+    # via jsonpath-ng
 polyline==2.0.2
     # via apache-superset (pyproject.toml)
 prison==0.2.1
@@ -378,7 +380,7 @@ rpds-py==0.25.0
     #   referencing
 rsa==4.9.1
     # via google-auth
-selenium==4.44.0
+selenium==4.32.0
     # via apache-superset (pyproject.toml)
 setuptools==80.9.0
     # via -r requirements/base.in
@@ -421,7 +423,7 @@ sshtunnel==0.4.0
     # via apache-superset (pyproject.toml)
 tabulate==0.10.0
     # via apache-superset (pyproject.toml)
-trio==0.33.0
+trio==0.30.0
     # via
     #   selenium
     #   trio-websocket
@@ -478,7 +480,7 @@ wrapt==1.17.2
     # via deprecated
 wsproto==1.2.0
     # via trio-websocket
-wtforms==3.2.2
+wtforms==3.2.1
     # via
     #   apache-superset (pyproject.toml)
     #   flask-appbuilder

requirements/development.txt

@@ -112,7 +112,7 @@ celery==5.5.2
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset
-certifi==2026.5.20
+certifi==2025.6.15
     # via
     #   -c requirements/base-constraint.txt
     #   httpcore
@@ -471,7 +471,7 @@ jmespath==1.1.0
     # via
     #   boto3
     #   botocore
-jsonpath-ng==1.8.0
+jsonpath-ng==1.7.0
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset
@@ -674,6 +674,10 @@ platformdirs==4.3.8
     #   virtualenv
 pluggy==1.5.0
     # via pytest
+ply==3.11
+    # via
+    #   -c requirements/base-constraint.txt
+    #   jsonpath-ng
 polib==1.2.0
     # via apache-superset
 polyline==2.0.2
@@ -921,7 +925,7 @@ s3transfer==0.16.0
     # via boto3
 secretstorage==3.5.0
     # via keyring
-selenium==4.44.0
+selenium==4.32.0
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset
@@ -1019,7 +1023,7 @@ tqdm==4.67.1
     #   prophet
 trino==0.330.0
     # via apache-superset
-trio==0.33.0
+trio==0.30.0
     # via
     #   -c requirements/base-constraint.txt
     #   selenium
@@ -1121,7 +1125,7 @@ wsproto==1.2.0
     # via
     #   -c requirements/base-constraint.txt
     #   trio-websocket
-wtforms==3.2.2
+wtforms==3.2.1
     # via
     #   -c requirements/base-constraint.txt
     #   apache-superset

superset-frontend/babel.config.js

@@ -48,7 +48,6 @@ module.exports = {
     '@babel/plugin-syntax-dynamic-import',
     '@babel/plugin-transform-export-namespace-from',
     ['@babel/plugin-transform-class-properties', { loose: true }],
-    '@babel/plugin-transform-class-static-block',
     ['@babel/plugin-transform-optional-chaining', { loose: true }],
     ['@babel/plugin-transform-private-methods', { loose: true }],
     ['@babel/plugin-transform-nullish-coalescing-operator', { loose: true }],

superset-frontend/package-lock.json

@@ -95,7 +95,7 @@
         "echarts": "^5.6.0",
         "fast-glob": "^3.3.2",
         "fs-extra": "^11.3.5",
-        "fuse.js": "^7.4.1",
+        "fuse.js": "^7.3.0",
         "geolib": "^3.3.14",
         "geostyler": "^18.6.0",
         "geostyler-data": "^1.1.0",
@@ -178,13 +178,13 @@
         "@babel/types": "^7.29.7",
         "@emotion/babel-plugin": "^11.13.5",
         "@emotion/jest": "^11.14.2",
-        "@formatjs/intl-durationformat": "^0.10.13",
+        "@formatjs/intl-durationformat": "^0.10.3",
         "@istanbuljs/nyc-config-typescript": "^1.0.1",
         "@playwright/test": "^1.60.0",
         "@pmmmwh/react-refresh-webpack-plugin": "^0.6.2",
-        "@storybook/addon-docs": "10.4.2",
-        "@storybook/addon-links": "10.4.2",
-        "@storybook/react-webpack5": "10.4.2",
+        "@storybook/addon-docs": "10.4.1",
+        "@storybook/addon-links": "10.4.1",
+        "@storybook/react-webpack5": "10.4.1",
         "@storybook/test-runner": "0.24.4",
         "@svgr/webpack": "^8.1.0",
         "@swc/core": "^1.15.40",
@@ -242,7 +242,7 @@
         "eslint-plugin-prettier": "^5.5.6",
         "eslint-plugin-react-prefer-function-component": "^5.0.0",
         "eslint-plugin-react-you-might-not-need-an-effect": "^0.10.4",
-        "eslint-plugin-storybook": "10.4.2",
+        "eslint-plugin-storybook": "10.4.1",
         "eslint-plugin-testing-library": "^7.16.2",
         "eslint-plugin-theme-colors": "file:eslint-rules/eslint-plugin-theme-colors",
         "fetch-mock": "^12.6.0",
@@ -272,7 +272,7 @@
         "source-map": "^0.7.6",
         "source-map-support": "^0.5.21",
         "speed-measure-webpack-plugin": "^1.6.0",
-        "storybook": "10.4.2",
+        "storybook": "10.4.1",
         "style-loader": "^4.0.0",
         "swc-loader": "^0.2.7",
         "terser-webpack-plugin": "^5.6.1",
@@ -3939,38 +3939,50 @@
       }
     },
     "node_modules/@formatjs/bigdecimal": {
-      "version": "0.2.5",
-      "resolved": "https://registry.npmjs.org/@formatjs/bigdecimal/-/bigdecimal-0.2.5.tgz",
-      "integrity": "sha512-2XTKNrZRaCUyXK2976wfutqxMBuPO/S/zbJnQdysLI2Zy5mWPVNVEkE6tsTcSVWSE7DgO88t8DtBy+uf3I8bxg==",
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/@formatjs/bigdecimal/-/bigdecimal-0.2.0.tgz",
+      "integrity": "sha512-GeaxHZbUoYvHL9tC5eltHLs+1zU70aPw0s7LwqgktIzF5oMhNY4o4deEtusJMsq7WFJF3Ye2zQEzdG8beVk73w==",
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@formatjs/ecma402-abstract": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-3.2.0.tgz",
+      "integrity": "sha512-dHnqHgBo6GXYGRsepaE1wmsC2etaivOWd5VaJstZd+HI2zR3DCUjbDVZRtoPGkkXZmyHvBwrdEUuqfvzhF/DtQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@formatjs/bigdecimal": "0.2.0",
+        "@formatjs/fast-memoize": "3.1.1",
+        "@formatjs/intl-localematcher": "0.8.2"
+      }
+    },
     "node_modules/@formatjs/fast-memoize": {
-      "version": "3.1.5",
-      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-3.1.5.tgz",
-      "integrity": "sha512-KLi3fan6WnCHmigd9pmEEN8Hid0v4wiFBW576M/d07KMWYecf1CvyMI3n34vCmHT4AoVqG2n702kiHbXjzZX2A==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-3.1.1.tgz",
+      "integrity": "sha512-CbNbf+tlJn1baRnPkNePnBqTLxGliG6DDgNa/UtV66abwIjwsliPMOt0172tzxABYzSuxZBZfcp//qI8AvBWPg==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@formatjs/intl-durationformat": {
-      "version": "0.10.13",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-durationformat/-/intl-durationformat-0.10.13.tgz",
-      "integrity": "sha512-A1dBcOh1YrcRf/AbmZHFVXgIYkpAaFgyGaYavO/KutbqEXY3HI63o2E1ctmxmllfg3qn3TZGtZux42EFwHNTbg==",
+      "version": "0.10.3",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-durationformat/-/intl-durationformat-0.10.3.tgz",
+      "integrity": "sha512-xRS3GaOlsQLwz0n56SvaddwEnl2NLPKBvYg2M32ak/27dodmVxFJz3j7Nqj7EwKyHTu3f/e+BeoKPrIDUSXTuQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@formatjs/bigdecimal": "0.2.5",
-        "@formatjs/intl-localematcher": "0.8.9"
+        "@formatjs/ecma402-abstract": "3.2.0",
+        "@formatjs/intl-localematcher": "0.8.2"
       }
     },
     "node_modules/@formatjs/intl-localematcher": {
-      "version": "0.8.9",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.8.9.tgz",
-      "integrity": "sha512-GmB0F/gYh4Hdl4rLWjgDsgT+x4pB54fkJeRh8kAZ4XFzKeCK8dGs+SBJWXO42QZtOUni+IDWKNuCw6wiL4lTvw==",
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.8.2.tgz",
+      "integrity": "sha512-q05KMYGJLyqFNFtIb8NhWLF5X3aK/k0wYt7dnRFuy6aLQL+vUwQ1cg5cO4qawEiINybeCPXAWlprY2mSBjSXAQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@formatjs/fast-memoize": "3.1.5"
+        "@formatjs/fast-memoize": "3.1.1"
       }
     },
     "node_modules/@gar/promise-retry": {
@@ -9684,16 +9696,16 @@
       "license": "MIT"
     },
     "node_modules/@storybook/addon-docs": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.4.2.tgz",
-      "integrity": "sha512-CtW1O4xSKZPNtpWgpfp4yB/x4pj/of+3MvlEDfErSlr3Hp3QmEa2pCLaecR08H5LJqJFlt1PtG0UrIynTvgW9w==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-10.4.1.tgz",
+      "integrity": "sha512-IYqUdjoZe4VO2LFZlKL/gwy7DsQSWCq6hX+zc1MBmZo04yycDASk1tte57n9pdlW3ajw9yYMF/+lVBi+xQjyvw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@mdx-js/react": "^3.0.0",
-        "@storybook/csf-plugin": "10.4.2",
+        "@storybook/csf-plugin": "10.4.1",
         "@storybook/icons": "^2.0.2",
-        "@storybook/react-dom-shim": "10.4.2",
+        "@storybook/react-dom-shim": "10.4.1",
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "ts-dedent": "^2.0.0"
@@ -9704,7 +9716,7 @@
       },
       "peerDependencies": {
         "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       },
       "peerDependenciesMeta": {
         "@types/react": {
@@ -9712,10 +9724,45 @@
         }
       }
     },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/csf-plugin": {
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.4.1.tgz",
+      "integrity": "sha512-WdPepGBxDGOUDjYd8KxMtcf+us/2PAcnBczl77XtrnxxHNs0jWesxKkiJ9yiuGrge4BPhDeAj6rxjbBoaHxLBA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "unplugin": "^2.3.5"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "esbuild": "*",
+        "rollup": "*",
+        "storybook": "^10.4.1",
+        "vite": "*",
+        "webpack": "*"
+      },
+      "peerDependenciesMeta": {
+        "esbuild": {
+          "optional": true
+        },
+        "rollup": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        },
+        "webpack": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@storybook/addon-links": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.4.2.tgz",
-      "integrity": "sha512-cU8h4/m+oAr8UUwF4teZG2N1ilV+vU+98Ii/Ma+IIx9M/V7i5544UxfAz84dV5Rx2Oho6x8XH3gIvmevSyPi/Q==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-10.4.1.tgz",
+      "integrity": "sha512-h/5D23GwMuHA55sB7XDyhByF9psF7UFmaQOn72pjNAarew5eOpue5A+jXk3AKEYokHbvgQaoz+FrvWo9GEfSKQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9728,7 +9775,7 @@
       "peerDependencies": {
         "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       },
       "peerDependenciesMeta": {
         "@types/react": {
@@ -9740,13 +9787,13 @@
       }
     },
     "node_modules/@storybook/builder-webpack5": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/builder-webpack5/-/builder-webpack5-10.4.2.tgz",
-      "integrity": "sha512-nhmV0+nThCgy1y5742SS7c4vJrd5/1KfCXCNfsJ1v4Rkq7NIQnUhEIBwkSaY63lqH7FRHlFxIjwGS63veiCJuw==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/builder-webpack5/-/builder-webpack5-10.4.1.tgz",
+      "integrity": "sha512-3Ah4jUjg8nEms/5JV6odtQj9+pQ1DT/04s/V6dZKThGdl85YTrYUZV5OTgbNxYbmQn/TwpWWjQlcW8ulpo2WBw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@storybook/core-webpack": "10.4.2",
+        "@storybook/core-webpack": "10.4.1",
         "case-sensitive-paths-webpack-plugin": "^2.4.0",
         "cjs-module-lexer": "^1.2.3",
         "css-loader": "^7.1.2",
@@ -9767,7 +9814,7 @@
         "url": "https://opencollective.com/storybook"
       },
       "peerDependencies": {
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       },
       "peerDependenciesMeta": {
         "typescript": {
@@ -9776,9 +9823,9 @@
       }
     },
     "node_modules/@storybook/core-webpack": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/core-webpack/-/core-webpack-10.4.2.tgz",
-      "integrity": "sha512-qnYKMruU8lvI4yaq2PA9Gmxjrc7EZ3DRBI/cVKwEgOIREoxzr1F1IE7t7+325k9Phylue7E5rD3A7yjxeEKUyw==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/core-webpack/-/core-webpack-10.4.1.tgz",
+      "integrity": "sha512-Wert/4ou5WRl8WYWWS8bBW7Lxa/ASMEuQ3EVuG3SITAtPNvKDKqTFBjZLx9eJSefkX6fJ3yG85FFUOPsv6GemQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9789,42 +9836,7 @@
         "url": "https://opencollective.com/storybook"
       },
       "peerDependencies": {
-        "storybook": "^10.4.2"
-      }
-    },
-    "node_modules/@storybook/csf-plugin": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-10.4.2.tgz",
-      "integrity": "sha512-GqX/2DeF3/jKs5D7gpDiuT9gd0c/f2TKcnQ5av4/s3YqeN+0nhm7btkCrDfgF16uzE1Zj3OrkxvB3AOkfxWgDg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "unplugin": "^2.3.5"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/storybook"
-      },
-      "peerDependencies": {
-        "esbuild": "*",
-        "rollup": "*",
-        "storybook": "^10.4.2",
-        "vite": "*",
-        "webpack": "*"
-      },
-      "peerDependenciesMeta": {
-        "esbuild": {
-          "optional": true
-        },
-        "rollup": {
-          "optional": true
-        },
-        "vite": {
-          "optional": true
-        },
-        "webpack": {
-          "optional": true
-        }
+        "storybook": "^10.4.1"
       }
     },
     "node_modules/@storybook/global": {
@@ -9846,13 +9858,13 @@
       }
     },
     "node_modules/@storybook/preset-react-webpack": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/preset-react-webpack/-/preset-react-webpack-10.4.2.tgz",
-      "integrity": "sha512-21ld380f0/jTTitkfhTKgP3FBnVAgMu1P1ymrRyiFYJVSJBA5YejndFFBo0ugq9iGGsHXrVdOphC/OJKbTSWRQ==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/preset-react-webpack/-/preset-react-webpack-10.4.1.tgz",
+      "integrity": "sha512-uAR/C/oDZYhReaYpD4Rd5S4VWcXP2XO8+BwXwanKt4UHbYfOw7AQgBTeZ/6Wns/0xIXhOoA1rxO5TA2wDLUjLA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@storybook/core-webpack": "10.4.2",
+        "@storybook/core-webpack": "10.4.1",
         "@storybook/react-docgen-typescript-plugin": "1.0.6--canary.9.0c3f3b7.0",
         "@types/semver": "^7.7.1",
         "magic-string": "^0.30.5",
@@ -9869,7 +9881,7 @@
       "peerDependencies": {
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       },
       "peerDependenciesMeta": {
         "typescript": {
@@ -9878,14 +9890,14 @@
       }
     },
     "node_modules/@storybook/react": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/react/-/react-10.4.2.tgz",
-      "integrity": "sha512-NfEH3CrdCAgUV4Z7SPN3Iw6nofcueqtRj8iHuo77GNjz0qSfuVi9iS7a8o7x7QFSeIBZwS0Jv3CgmhN8qvoLjg==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/react/-/react-10.4.1.tgz",
+      "integrity": "sha512-WuYz4NaUk4gmFAMliSpCbV8w6jP5OY9juBfw1huwzu2S/k5FhnVXwmrUaL0fmf3Bq/7NgkzmBBbZr6I6LuHayQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@storybook/global": "^5.0.0",
-        "@storybook/react-dom-shim": "10.4.2",
+        "@storybook/react-dom-shim": "10.4.1",
         "react-docgen": "^8.0.2",
         "react-docgen-typescript": "^2.2.2"
       },
@@ -9898,7 +9910,7 @@
         "@types/react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2",
+        "storybook": "^10.4.1",
         "typescript": ">= 4.9.x"
       },
       "peerDependenciesMeta": {
@@ -9978,9 +9990,9 @@
       }
     },
     "node_modules/@storybook/react-dom-shim": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.4.2.tgz",
-      "integrity": "sha512-Eng3Yt2NCjPX94QcfyLeUFhrMj0hec2yU9J/qafBVbfj9XrFI8o+0ZwYJ7uXb9ECbvPN4y06dgt/2W/LiR417w==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-10.4.1.tgz",
+      "integrity": "sha512-6QFqfDNH4DMrt7yHKRfpqRopsVUc/Az+sXIdJ39IetYnHUxL3nW4NVaPc6uy/8Qi8urzUyEXL/nn7cpSIP2aPQ==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -9992,7 +10004,7 @@
         "@types/react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       },
       "peerDependenciesMeta": {
         "@types/react": {
@@ -10004,15 +10016,15 @@
       }
     },
     "node_modules/@storybook/react-webpack5": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/@storybook/react-webpack5/-/react-webpack5-10.4.2.tgz",
-      "integrity": "sha512-x7xwGLxU0w6/qi29/cHhua8qiCvfE05ku4pPLTXF8TsP/zfGsY8tbdlKO2+YKp+iBG8vafVc//ZXOAty1oypDA==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@storybook/react-webpack5/-/react-webpack5-10.4.1.tgz",
+      "integrity": "sha512-2jF231DrEk70I8+wVakCnKtpweGFNfxdaov883Rve0TFvhxZs42Y9PpKzSf4rusvSrWc9jdWuJ2k7ERbS50MLg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@storybook/builder-webpack5": "10.4.2",
-        "@storybook/preset-react-webpack": "10.4.2",
-        "@storybook/react": "10.4.2"
+        "@storybook/builder-webpack5": "10.4.1",
+        "@storybook/preset-react-webpack": "10.4.1",
+        "@storybook/react": "10.4.1"
       },
       "funding": {
         "type": "opencollective",
@@ -10021,7 +10033,7 @@
       "peerDependencies": {
         "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-        "storybook": "^10.4.2",
+        "storybook": "^10.4.1",
         "typescript": ">= 4.9.x"
       },
       "peerDependenciesMeta": {
@@ -19409,9 +19421,9 @@
       }
     },
     "node_modules/eslint-plugin-storybook": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-storybook/-/eslint-plugin-storybook-10.4.2.tgz",
-      "integrity": "sha512-l3/vzLRmb8VSi3X1Bo6/Pa+64naw1jFsZE5jPPA4izvVdNhH1rF4rGuOC3kDTU926qKVBQtKua8D24XWQtvcGg==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-storybook/-/eslint-plugin-storybook-10.4.1.tgz",
+      "integrity": "sha512-sLEvd/7lg/LtXwMjj3iFxZtoeAC/8l1Qhuw3Noa8iF8i0UIgAejUs7k6DNSqHkwrPR8caWT4+3fxdMXs1iGLTg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -19419,7 +19431,7 @@
       },
       "peerDependencies": {
         "eslint": ">=8",
-        "storybook": "^10.4.2"
+        "storybook": "^10.4.1"
       }
     },
     "node_modules/eslint-plugin-testing-library": {
@@ -20921,9 +20933,9 @@
       }
     },
     "node_modules/fuse.js": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/fuse.js/-/fuse.js-7.4.1.tgz",
-      "integrity": "sha512-AY7lKAXK71hi3WgUvDy6oZL67UEHOOtvCAwVdOXHyJd6ZzftBy7QqxuXt4HxmmAhYjmp/YCuOELZtIvAdlZ+fw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/fuse.js/-/fuse.js-7.4.0.tgz",
+      "integrity": "sha512-3UqmoSFwzX1sNB1YSk+Co0EdH29XCW2p9g48OAiy93cjKqzuABsqw2VIgSN3CmsT/wo6pIJ3F0Jxeiiby8rhIQ==",
       "license": "Apache-2.0",
       "engines": {
         "node": ">=10"
@@ -39036,9 +39048,9 @@
       }
     },
     "node_modules/storybook": {
-      "version": "10.4.2",
-      "resolved": "https://registry.npmjs.org/storybook/-/storybook-10.4.2.tgz",
-      "integrity": "sha512-5Ax5vbHxFgMBGGhQDm75Rrumm/HZC4ICFhMcJaM0UlqnC/4FKj/IaZtImZFupknyiiyUEcWHPQFA2kX3/VSv1A==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/storybook/-/storybook-10.4.1.tgz",
+      "integrity": "sha512-V1Zd2e+gBFufqAQVZ1JR8KLqALsEZ3JYSBnWwQbKa6zCfWWanR6AFMyuOkLt2gZOgGp3h2Riuz88pGNVTQSG0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -45363,7 +45375,7 @@
         "@deck.gl/extensions": "~9.2.9",
         "@deck.gl/geo-layers": "~9.2.5",
         "@deck.gl/layers": "~9.2.5",
-        "@deck.gl/mapbox": "^9.3.3",
+        "@deck.gl/mapbox": "~9.3.2",
         "@deck.gl/mesh-layers": "~9.2.5",
         "@luma.gl/constants": "~9.2.5",
         "@luma.gl/core": "~9.2.5",
@@ -45411,9 +45423,9 @@
       }
     },
     "plugins/preset-chart-deckgl/node_modules/@deck.gl/mapbox": {
-      "version": "9.3.3",
-      "resolved": "https://registry.npmjs.org/@deck.gl/mapbox/-/mapbox-9.3.3.tgz",
-      "integrity": "sha512-aUPqrwF6wkx+EtvKA3SaiK+UROMnZSmgEJWZ1qSKFSiH//kPuo5imbtXyan8sGhOet7NjnfEwJqFA3EBk7zDLA==",
+      "version": "9.3.2",
+      "resolved": "https://registry.npmjs.org/@deck.gl/mapbox/-/mapbox-9.3.2.tgz",
+      "integrity": "sha512-+T9pJwsOXwjUxyGN6oiBMfIs28VtDIG1V1Rqz4qqn4TjjNEFFw+xO0olJIg8FO5IAqw2OtePdsrMj0tX8tHdGQ==",
       "license": "MIT",
       "dependencies": {
         "@math.gl/web-mercator": "^4.1.0"

superset-frontend/package.json

@@ -178,7 +178,7 @@
     "echarts": "^5.6.0",
     "fast-glob": "^3.3.2",
     "fs-extra": "^11.3.5",
-    "fuse.js": "^7.4.1",
+    "fuse.js": "^7.3.0",
     "geolib": "^3.3.14",
     "geostyler": "^18.6.0",
     "geostyler-data": "^1.1.0",
@@ -261,13 +261,13 @@
     "@babel/types": "^7.29.7",
     "@emotion/babel-plugin": "^11.13.5",
     "@emotion/jest": "^11.14.2",
-    "@formatjs/intl-durationformat": "^0.10.13",
+    "@formatjs/intl-durationformat": "^0.10.3",
     "@istanbuljs/nyc-config-typescript": "^1.0.1",
     "@playwright/test": "^1.60.0",
     "@pmmmwh/react-refresh-webpack-plugin": "^0.6.2",
-    "@storybook/addon-docs": "10.4.2",
-    "@storybook/addon-links": "10.4.2",
-    "@storybook/react-webpack5": "10.4.2",
+    "@storybook/addon-docs": "10.4.1",
+    "@storybook/addon-links": "10.4.1",
+    "@storybook/react-webpack5": "10.4.1",
     "@storybook/test-runner": "0.24.4",
     "@svgr/webpack": "^8.1.0",
     "@swc/core": "^1.15.40",
@@ -325,7 +325,7 @@
     "eslint-plugin-prettier": "^5.5.6",
     "eslint-plugin-react-prefer-function-component": "^5.0.0",
     "eslint-plugin-react-you-might-not-need-an-effect": "^0.10.4",
-    "eslint-plugin-storybook": "10.4.2",
+    "eslint-plugin-storybook": "10.4.1",
     "eslint-plugin-testing-library": "^7.16.2",
     "eslint-plugin-theme-colors": "file:eslint-rules/eslint-plugin-theme-colors",
     "fetch-mock": "^12.6.0",
@@ -355,7 +355,7 @@
     "source-map": "^0.7.6",
     "source-map-support": "^0.5.21",
     "speed-measure-webpack-plugin": "^1.6.0",
-    "storybook": "10.4.2",
+    "storybook": "10.4.1",
     "style-loader": "^4.0.0",
     "swc-loader": "^0.2.7",
     "terser-webpack-plugin": "^5.6.1",

superset-frontend/packages/superset-core/src/menus/index.ts

@@ -37,7 +37,7 @@
  * ```
  */
 
-import { Disposable, Event } from '../common';
+import { Disposable } from '../common';
 
 /**
  * Represents a menu item that links a view to a command.
@@ -102,37 +102,3 @@ export declare function registerMenuItem(
  * ```
  */
 export declare function getMenu(location: string): Menu | undefined;
-
-/**
- * Event fired when a menu item is registered.
- */
-export interface MenuItemRegisteredEvent {
-  /** The menu item that was registered. */
-  item: MenuItem;
-  /** The location where the item was registered. */
-  location: string;
-  /** The group the item was placed in. */
-  group: 'primary' | 'secondary' | 'context';
-}
-
-/**
- * Event fired when a menu item is unregistered.
- */
-export interface MenuItemUnregisteredEvent {
-  /** The menu item that was unregistered. */
-  item: MenuItem;
-  /** The location where the item was registered. */
-  location: string;
-  /** The group the item was placed in. */
-  group: 'primary' | 'secondary' | 'context';
-}
-
-/**
- * Event fired when a menu item is registered.
- */
-export declare const onDidRegisterMenuItem: Event<MenuItemRegisteredEvent>;
-
-/**
- * Event fired when a menu item is unregistered.
- */
-export declare const onDidUnregisterMenuItem: Event<MenuItemUnregisteredEvent>;

superset-frontend/packages/superset-core/src/views/index.ts

@@ -36,7 +36,7 @@
  */
 
 import { ReactElement } from 'react';
-import { Disposable, Event } from '../common';
+import { Disposable } from '../common';
 
 /**
  * Represents a contributed view in the application.
@@ -88,33 +88,3 @@ export declare function registerView(
  * ```
  */
 export declare function getViews(location: string): View[] | undefined;
-
-/**
- * Event fired when a view is registered.
- */
-export interface ViewRegisteredEvent {
-  /** The descriptor of the view that was registered. */
-  view: View;
-  /** The location where the view was registered. */
-  location: string;
-}
-
-/**
- * Event fired when a view is unregistered.
- */
-export interface ViewUnregisteredEvent {
-  /** The descriptor of the view that was unregistered. */
-  view: View;
-  /** The location where the view was registered. */
-  location: string;
-}
-
-/**
- * Event fired when a view is registered.
- */
-export declare const onDidRegisterView: Event<ViewRegisteredEvent>;
-
-/**
- * Event fired when a view is unregistered.
- */
-export declare const onDidUnregisterView: Event<ViewUnregisteredEvent>;

superset-frontend/packages/superset-ui-core/package.json

@@ -43,7 +43,7 @@
     "d3-time": "^3.1.0",
     "d3-time-format": "^4.1.0",
     "dayjs": "^1.11.21",
-    "dompurify": "^3.4.8",
+    "dompurify": "^3.4.7",
     "fetch-retry": "^6.0.0",
     "handlebars": "^4.7.9",
     "jed": "^1.1.1",

superset-frontend/packages/superset-ui-core/test/number-format/factories/createDurationFormatter.test.ts

@@ -35,7 +35,7 @@ test('format milliseconds in human readable format with default options', () =>
 });
 test('format seconds in human readable format with default options', () => {
   const formatter = createDurationFormatter({ multiplier: 1000 });
-  expect(formatter(-0.5)).toBe('0s');
+  expect(formatter(-0.5)).toBe('-0s');
   expect(formatter(0.5)).toBe('0s');
   expect(formatter(1)).toBe('1s');
   expect(formatter(30)).toBe('30s');

superset-frontend/plugins/legacy-preset-chart-nvd3/package.json

@@ -34,7 +34,7 @@
     "fast-safe-stringify": "^2.1.1",
     "lodash": "^4.18.1",
     "nvd3-fork": "^2.0.5",
-    "dompurify": "^3.4.8",
+    "dompurify": "^3.4.7",
     "prop-types": "^15.8.1",
     "urijs": "^1.19.11"
   },

superset-frontend/plugins/preset-chart-deckgl/package.json

@@ -29,7 +29,7 @@
     "@deck.gl/extensions": "~9.2.9",
     "@deck.gl/geo-layers": "~9.2.5",
     "@deck.gl/layers": "~9.2.5",
-    "@deck.gl/mapbox": "~9.3.3",
+    "@deck.gl/mapbox": "~9.3.2",
     "@deck.gl/mesh-layers": "~9.2.5",
     "@luma.gl/constants": "~9.2.5",
     "@luma.gl/core": "~9.2.5",

superset-frontend/src/SqlLab/components/AppLayout/index.tsx

@@ -22,7 +22,7 @@ import type { SqlLabRootState } from 'src/SqlLab/types';
 import { css, styled } from '@apache-superset/core/theme';
 import { useComponentDidUpdate } from '@superset-ui/core';
 import { Grid } from '@superset-ui/core/components';
-import { useViews } from 'src/core';
+import { views } from 'src/core';
 import { Splitter } from 'src/components/Splitter';
 import useEffectEvent from 'src/hooks/useEffectEvent';
 import useStoredSidebarWidth from 'src/components/ResizableSidebar/useStoredSidebarWidth';
@@ -96,7 +96,7 @@ const AppLayout: React.FC<{ children?: React.ReactNode }> = ({ children }) => {
       setRightWidth(possibleRightWidth);
     }
   };
-  const viewItems = useViews(ViewLocations.sqllab.rightSidebar) || [];
+  const viewItems = views.getViews(ViewLocations.sqllab.rightSidebar) || [];
 
   return (
     <StyledContainer>

superset-frontend/src/SqlLab/components/SouthPane/index.tsx

@@ -31,7 +31,7 @@ import { Icons } from '@superset-ui/core/components/Icons';
 import { SqlLabRootState } from 'src/SqlLab/types';
 import { ViewLocations } from 'src/SqlLab/contributions';
 import PanelToolbar from 'src/components/PanelToolbar';
-import { useViews } from 'src/core';
+import { views } from 'src/core';
 import { resolveView } from 'src/core/views';
 import useQueryEditor from 'src/SqlLab/hooks/useQueryEditor';
 import useLogAction from 'src/logger/useLogAction';
@@ -107,7 +107,7 @@ const SouthPane = ({
   const editorId = tabViewId ?? id;
   const theme = useTheme();
   const dispatch = useAppDispatch();
-  const viewItems = useViews(ViewLocations.sqllab.panels) || [];
+  const viewItems = views.getViews(ViewLocations.sqllab.panels) || [];
   const { offline, tables } = useSelector(
     ({ sqlLab: { offline, tables } }: SqlLabRootState) => ({
       offline,

superset-frontend/src/SqlLab/components/StatusBar/index.tsx

@@ -19,7 +19,7 @@
 import { styled } from '@apache-superset/core/theme';
 import { Flex } from '@superset-ui/core/components';
 import ViewListExtension from 'src/components/ViewListExtension';
-import { useViews } from 'src/core';
+import { views } from 'src/core';
 import { SQL_EDITOR_STATUSBAR_HEIGHT } from 'src/SqlLab/constants';
 import { ViewLocations } from 'src/SqlLab/contributions';
 
@@ -38,7 +38,7 @@ const Container = styled(Flex)`
 `;
 
 const StatusBar = () => {
-  const statusBarViews = useViews(ViewLocations.sqllab.statusBar) || [];
+  const statusBarViews = views.getViews(ViewLocations.sqllab.statusBar) || [];
 
   return (
     <>

superset-frontend/src/components/PanelToolbar/index.tsx

@@ -17,12 +17,11 @@
  * under the License.
  */
 import { useMemo } from 'react';
-import { useMenu } from 'src/core';
 import { css, useTheme } from '@apache-superset/core/theme';
 import { Button, Divider, Dropdown } from '@superset-ui/core/components';
 import { Menu, MenuItemType } from '@superset-ui/core/components/Menu';
 import { Icons } from '@superset-ui/core/components/Icons';
-import { commands } from 'src/core';
+import { commands, menus } from 'src/core';
 
 export interface PanelToolbarProps {
   viewId: string;
@@ -36,7 +35,7 @@ const PanelToolbar = ({
   defaultSecondaryActions,
 }: PanelToolbarProps) => {
   const theme = useTheme();
-  const menu = useMenu(viewId);
+  const menu = menus.getMenu(viewId);
 
   const primaryItems = menu?.primary || [];
   const secondaryItems = menu?.secondary || [];

superset-frontend/src/core/editors/EditorHost.test.tsx

@@ -39,7 +39,8 @@ jest.mock('./EditorProviders', () => ({
     getInstance: () => ({
       getProvider: jest.fn().mockReturnValue(undefined),
       hasProvider: jest.fn().mockReturnValue(false),
-      subscribe: jest.fn().mockReturnValue(() => {}),
+      onDidRegister: jest.fn().mockReturnValue({ dispose: jest.fn() }),
+      onDidUnregister: jest.fn().mockReturnValue({ dispose: jest.fn() }),
     }),
   },
 }));

superset-frontend/src/core/editors/EditorHost.tsx

@@ -26,12 +26,13 @@
  * back to the default Ace editor.
  */
 
-import { useSyncExternalStore, forwardRef } from 'react';
+import { useState, useEffect, forwardRef } from 'react';
 import type { editors } from '@apache-superset/core';
 import { useTheme } from '@apache-superset/core/theme';
 import EditorProviders from './EditorProviders';
 import AceEditorProvider from './AceEditorProvider';
 
+type EditorLanguage = editors.EditorLanguage;
 type EditorProps = editors.EditorProps;
 type EditorHandle = editors.EditorHandle;
 
@@ -41,6 +42,49 @@ type EditorHandle = editors.EditorHandle;
  */
 export type EditorHostProps = EditorProps;
 
+/**
+ * Hook to track editor provider changes.
+ * Returns the provider for the specified language and re-renders when it changes.
+ */
+const useEditorProvider = (language: EditorLanguage) => {
+  const manager = EditorProviders.getInstance();
+  const [provider, setProvider] = useState(() => manager.getProvider(language));
+
+  useEffect(() => {
+    // Helper to safely update provider state, always fetching latest from manager
+    const updateProvider = () => {
+      setProvider(prev => {
+        const current = manager.getProvider(language);
+        return current !== prev ? current : prev;
+      });
+    };
+
+    // Subscribe to provider changes
+    const registerDisposable = manager.onDidRegister(event => {
+      if (event.editor.languages.includes(language)) {
+        updateProvider();
+      }
+    });
+
+    const unregisterDisposable = manager.onDidUnregister(event => {
+      if (event.editor.languages.includes(language)) {
+        updateProvider();
+      }
+    });
+
+    // Check for provider on mount (in case it was registered before this component mounted)
+    updateProvider();
+
+    return () => {
+      registerDisposable.dispose();
+      unregisterDisposable.dispose();
+    };
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [language, manager]);
+
+  return provider;
+};
+
 /**
  * EditorHost component that dynamically resolves and renders the appropriate editor.
  *
@@ -62,12 +106,7 @@ export type EditorHostProps = EditorProps;
 const EditorHost = forwardRef<EditorHandle, EditorHostProps>((props, ref) => {
   const { language } = props;
   const theme = useTheme();
-  const manager = EditorProviders.getInstance();
-  const provider = useSyncExternalStore(
-    manager.subscribe,
-    () => manager.getProvider(language),
-    () => undefined,
-  );
+  const provider = useEditorProvider(language);
 
   // Merge theme into props
   const propsWithTheme = { ...props, theme };

superset-frontend/src/core/editors/EditorProviders.ts

@@ -93,17 +93,6 @@ class EditorProviders {
    */
   private unregisterEmitter = new EventEmitter<EditorUnregisteredEvent>();
 
-  private syncListeners: Set<() => void> = new Set();
-
-  /**
-   * Stable-reference subscribe function for useSyncExternalStore.
-   * Defined as an arrow property so the reference is bound to this instance at construction.
-   */
-  public subscribe = (listener: () => void): (() => void) => {
-    this.syncListeners.add(listener);
-    return () => this.syncListeners.delete(listener);
-  };
-
   // eslint-disable-next-line no-useless-constructor
   private constructor() {
     // Private constructor for singleton pattern
@@ -156,7 +145,6 @@ class EditorProviders {
 
     // Fire registration event
     this.registerEmitter.fire({ editor });
-    this.syncListeners.forEach(l => l());
 
     // Return disposable for cleanup
     return new Disposable(() => {
@@ -188,7 +176,6 @@ class EditorProviders {
 
     // Fire unregistration event
     this.unregisterEmitter.fire({ editor });
-    this.syncListeners.forEach(l => l());
   }
 
   /**
@@ -247,7 +234,6 @@ class EditorProviders {
   public reset(): void {
     this.providers.clear();
     this.languageToProvider.clear();
-    this.syncListeners.clear();
   }
 }
 

superset-frontend/src/core/editors/index.ts

@@ -24,7 +24,6 @@
  * and resolution functions declared in the API types.
  */
 
-import { useSyncExternalStore } from 'react';
 import { editors as editorsApi } from '@apache-superset/core';
 import { Disposable } from '../models';
 import EditorProviders from './EditorProviders';
@@ -110,23 +109,6 @@ export const onDidUnregisterEditor = (
   return manager.onDidUnregister(listener);
 };
 
-/**
- * Hook that returns the editor provider for a specific language and re-renders when it changes.
- *
- * @param language The language to get an editor for
- * @returns The editor provider or undefined if no extension provides one
- */
-export const useEditor = (
-  language: EditorLanguage,
-): EditorProvider | undefined => {
-  const manager = EditorProviders.getInstance();
-  return useSyncExternalStore(
-    manager.subscribe,
-    () => manager.getProvider(language),
-    () => undefined,
-  );
-};
-
 /**
  * Editors API object for use in the extension system.
  */

superset-frontend/src/core/menus/index.ts

@@ -24,14 +24,11 @@
  * Extensions register menu items as side effects at import time.
  */
 
-import { useSyncExternalStore } from 'react';
 import type { menus as menusApi } from '@apache-superset/core';
 import { Disposable } from '../models';
 
 type MenuItem = menusApi.MenuItem;
 type Menu = menusApi.Menu;
-type MenuItemRegisteredEvent = menusApi.MenuItemRegisteredEvent;
-type MenuItemUnregisteredEvent = menusApi.MenuItemUnregisteredEvent;
 
 type StoredMenuItem = {
   item: MenuItem;
@@ -41,27 +38,6 @@ type StoredMenuItem = {
 
 const menuItems: StoredMenuItem[] = [];
 
-const syncListeners = new Set<() => void>();
-const subscribe = (listener: () => void) => {
-  syncListeners.add(listener);
-  return () => syncListeners.delete(listener);
-};
-
-const registerListeners = new Set<(e: MenuItemRegisteredEvent) => void>();
-const unregisterListeners = new Set<(e: MenuItemUnregisteredEvent) => void>();
-
-const menuCache = new Map<string, Menu | undefined>();
-const notifyRegister = (event: MenuItemRegisteredEvent) => {
-  menuCache.clear();
-  syncListeners.forEach(l => l());
-  registerListeners.forEach(l => l(event));
-};
-const notifyUnregister = (event: MenuItemUnregisteredEvent) => {
-  menuCache.clear();
-  syncListeners.forEach(l => l());
-  unregisterListeners.forEach(l => l(event));
-};
-
 const registerMenuItem: typeof menusApi.registerMenuItem = (
   item: MenuItem,
   location: string,
@@ -69,13 +45,11 @@ const registerMenuItem: typeof menusApi.registerMenuItem = (
 ): Disposable => {
   const stored: StoredMenuItem = { item, location, group };
   menuItems.push(stored);
-  notifyRegister({ item, location, group });
   return new Disposable(() => {
     const index = menuItems.indexOf(stored);
     if (index >= 0) {
       menuItems.splice(index, 1);
     }
-    notifyUnregister({ item, location, group });
   });
 };
 
@@ -103,34 +77,7 @@ const getMenu: typeof menusApi.getMenu = (
   return result;
 };
 
-export const useMenu = (location: string): Menu | undefined =>
-  useSyncExternalStore(
-    subscribe,
-    () => {
-      if (!menuCache.has(location)) {
-        menuCache.set(location, getMenu(location));
-      }
-      return menuCache.get(location);
-    },
-    () => undefined,
-  );
-
-export const onDidRegisterMenuItem: typeof menusApi.onDidRegisterMenuItem = (
-  listener: (e: MenuItemRegisteredEvent) => void,
-): Disposable => {
-  registerListeners.add(listener);
-  return new Disposable(() => registerListeners.delete(listener));
-};
-
-export const onDidUnregisterMenuItem: typeof menusApi.onDidUnregisterMenuItem =
-  (listener: (e: MenuItemUnregisteredEvent) => void): Disposable => {
-    unregisterListeners.add(listener);
-    return new Disposable(() => unregisterListeners.delete(listener));
-  };
-
 export const menus: typeof menusApi = {
   registerMenuItem,
   getMenu,
-  onDidRegisterMenuItem,
-  onDidUnregisterMenuItem,
 };

superset-frontend/src/core/views/index.ts

@@ -24,15 +24,13 @@
  * Extensions register views as side effects at import time.
  */
 
-import React, { ReactElement, useSyncExternalStore } from 'react';
+import React, { ReactElement } from 'react';
 import type { views as viewsApi } from '@apache-superset/core';
 import { ErrorBoundary } from 'src/components/ErrorBoundary';
 import ExtensionPlaceholder from 'src/extensions/ExtensionPlaceholder';
 import { Disposable } from '../models';
 
 type View = viewsApi.View;
-type ViewRegisteredEvent = viewsApi.ViewRegisteredEvent;
-type ViewUnregisteredEvent = viewsApi.ViewUnregisteredEvent;
 
 const viewRegistry: Map<
   string,
@@ -41,27 +39,6 @@ const viewRegistry: Map<
 
 const locationIndex: Map<string, Set<string>> = new Map();
 
-const syncListeners = new Set<() => void>();
-const subscribe = (listener: () => void) => {
-  syncListeners.add(listener);
-  return () => syncListeners.delete(listener);
-};
-
-const registerListeners = new Set<(e: ViewRegisteredEvent) => void>();
-const unregisterListeners = new Set<(e: ViewUnregisteredEvent) => void>();
-
-const viewsCache = new Map<string, View[] | undefined>();
-const notifyRegister = (event: ViewRegisteredEvent) => {
-  viewsCache.clear();
-  syncListeners.forEach(l => l());
-  registerListeners.forEach(l => l(event));
-};
-const notifyUnregister = (event: ViewUnregisteredEvent) => {
-  viewsCache.clear();
-  syncListeners.forEach(l => l());
-  unregisterListeners.forEach(l => l(event));
-};
-
 const registerView: typeof viewsApi.registerView = (
   view: View,
   location: string,
@@ -74,12 +51,10 @@ const registerView: typeof viewsApi.registerView = (
   const ids = locationIndex.get(location) ?? new Set();
   ids.add(id);
   locationIndex.set(location, ids);
-  notifyRegister({ view, location });
 
   return new Disposable(() => {
     viewRegistry.delete(id);
     locationIndex.get(location)?.delete(id);
-    notifyUnregister({ view, location });
   });
 };
 
@@ -102,35 +77,7 @@ const getViews: typeof viewsApi.getViews = (
     .filter((c): c is View => !!c);
 };
 
-export const useViews = (location: string): View[] | undefined =>
-  useSyncExternalStore(
-    subscribe,
-    () => {
-      if (!viewsCache.has(location)) {
-        viewsCache.set(location, getViews(location));
-      }
-      return viewsCache.get(location);
-    },
-    () => undefined,
-  );
-
-export const onDidRegisterView: typeof viewsApi.onDidRegisterView = (
-  listener: (e: ViewRegisteredEvent) => void,
-): Disposable => {
-  registerListeners.add(listener);
-  return new Disposable(() => registerListeners.delete(listener));
-};
-
-export const onDidUnregisterView: typeof viewsApi.onDidUnregisterView = (
-  listener: (e: ViewUnregisteredEvent) => void,
-): Disposable => {
-  unregisterListeners.add(listener);
-  return new Disposable(() => unregisterListeners.delete(listener));
-};
-
 export const views: typeof viewsApi = {
   registerView,
   getViews,
-  onDidRegisterView,
-  onDidUnregisterView,
 };

superset-frontend/src/extensions/ExtensionsStartup.tsx

@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { useEffect } from 'react';
+import { useEffect, useState } from 'react';
 // eslint-disable-next-line no-restricted-syntax
 import * as supersetCore from '@apache-superset/core';
 import { FeatureFlag, isFeatureEnabled } from '@superset-ui/core';
@@ -52,12 +52,20 @@ declare global {
 const ExtensionsStartup: React.FC<{ children?: React.ReactNode }> = ({
   children,
 }) => {
+  const [initialized, setInitialized] = useState(false);
+
   const userId = useSelector<RootState, number | undefined>(
     ({ user }) => user.userId,
   );
 
   useEffect(() => {
-    if (userId == null) return;
+    if (initialized) return;
+
+    if (!userId) {
+      // No user logged in — nothing to initialize
+      setInitialized(true);
+      return;
+    }
 
     // Provide the implementations for @apache-superset/core
     window.superset = {
@@ -72,10 +80,19 @@ const ExtensionsStartup: React.FC<{ children?: React.ReactNode }> = ({
       views,
     };
 
-    if (isFeatureEnabled(FeatureFlag.EnableExtensions)) {
-      ExtensionsLoader.getInstance().initializeExtensions();
-    }
-  }, [userId]);
+    const setup = async () => {
+      if (isFeatureEnabled(FeatureFlag.EnableExtensions)) {
+        await ExtensionsLoader.getInstance().initializeExtensions();
+      }
+      setInitialized(true);
+    };
+
+    setup();
+  }, [initialized, userId]);
+
+  if (!initialized) {
+    return null;
+  }
 
   return <>{children}</>;
 };

superset-websocket/package-lock.json

@@ -25,7 +25,7 @@
         "@types/lodash": "^4.17.24",
         "@types/node": "^25.9.1",
         "@types/ws": "^8.18.1",
-        "@typescript-eslint/eslint-plugin": "^8.60.1",
+        "@typescript-eslint/eslint-plugin": "^8.60.0",
         "@typescript-eslint/parser": "^8.60.1",
         "eslint": "^10.4.1",
         "eslint-config-prettier": "^10.1.8",

superset-websocket/package.json

@@ -33,7 +33,7 @@
     "@types/lodash": "^4.17.24",
     "@types/node": "^25.9.1",
     "@types/ws": "^8.18.1",
-    "@typescript-eslint/eslint-plugin": "^8.60.1",
+    "@typescript-eslint/eslint-plugin": "^8.60.0",
     "@typescript-eslint/parser": "^8.60.1",
     "eslint": "^10.4.1",
     "eslint-config-prettier": "^10.1.8",

superset-websocket/utils/client-ws-app/package-lock.json

@@ -13,7 +13,7 @@
         "express": "~5.2.1",
         "http-errors": "~2.0.1",
         "jsonwebtoken": "^9.0.3",
-        "morgan": "~1.11.0",
+        "morgan": "~1.10.1",
         "pug": "~3.0.4"
       }
     },
@@ -127,6 +127,17 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/body-parser/node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/buffer-equal-constant-time": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
@@ -444,6 +455,17 @@
         "node": ">=6.6.0"
       }
     },
+    "node_modules/express/node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/finalhandler": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz",
@@ -461,6 +483,18 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/finalhandler/node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/forwarded": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
@@ -833,22 +867,18 @@
       }
     },
     "node_modules/morgan": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.11.0.tgz",
-      "integrity": "sha512-zSkVu3t18r39pw4ixfBKvfZi3y2UOqr7d4WYwcj3m8nXpEQK4rPO6GLzs/CExoRgmX3y9EjmmcXqv6jq0SK46g==",
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz",
+      "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==",
       "dependencies": {
         "basic-auth": "~2.0.1",
         "debug": "2.6.9",
         "depd": "~2.0.0",
-        "on-finished": "~2.4.1",
+        "on-finished": "~2.3.0",
         "on-headers": "~1.1.0"
       },
       "engines": {
         "node": ">= 0.8.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/morgan/node_modules/debug": {
@@ -898,9 +928,9 @@
       }
     },
     "node_modules/on-finished": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
-      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
       "dependencies": {
         "ee-first": "1.1.1"
       },
@@ -1197,6 +1227,18 @@
         "node": ">= 18"
       }
     },
+    "node_modules/send/node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/serve-static": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.0.tgz",
@@ -1467,6 +1509,16 @@
         "qs": "^6.14.0",
         "raw-body": "^3.0.1",
         "type-is": "^2.0.1"
+      },
+      "dependencies": {
+        "on-finished": {
+          "version": "2.4.1",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+          "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+          "requires": {
+            "ee-first": "1.1.1"
+          }
+        }
       }
     },
     "buffer-equal-constant-time": {
@@ -1688,6 +1740,14 @@
           "version": "1.2.2",
           "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
           "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg=="
+        },
+        "on-finished": {
+          "version": "2.4.1",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+          "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+          "requires": {
+            "ee-first": "1.1.1"
+          }
         }
       }
     },
@@ -1702,6 +1762,16 @@
         "on-finished": "^2.4.1",
         "parseurl": "^1.3.3",
         "statuses": "^2.0.1"
+      },
+      "dependencies": {
+        "on-finished": {
+          "version": "2.4.1",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+          "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+          "requires": {
+            "ee-first": "1.1.1"
+          }
+        }
       }
     },
     "forwarded": {
@@ -1970,14 +2040,14 @@
       }
     },
     "morgan": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.11.0.tgz",
-      "integrity": "sha512-zSkVu3t18r39pw4ixfBKvfZi3y2UOqr7d4WYwcj3m8nXpEQK4rPO6GLzs/CExoRgmX3y9EjmmcXqv6jq0SK46g==",
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz",
+      "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==",
       "requires": {
         "basic-auth": "~2.0.1",
         "debug": "2.6.9",
         "depd": "~2.0.0",
-        "on-finished": "~2.4.1",
+        "on-finished": "~2.3.0",
         "on-headers": "~1.1.0"
       },
       "dependencies": {
@@ -2017,9 +2087,9 @@
       "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="
     },
     "on-finished": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
-      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
       "requires": {
         "ee-first": "1.1.1"
       }
@@ -2267,6 +2337,16 @@
         "on-finished": "^2.4.1",
         "range-parser": "^1.2.1",
         "statuses": "^2.0.1"
+      },
+      "dependencies": {
+        "on-finished": {
+          "version": "2.4.1",
+          "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+          "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+          "requires": {
+            "ee-first": "1.1.1"
+          }
+        }
       }
     },
     "serve-static": {

superset-websocket/utils/client-ws-app/package.json

@@ -11,7 +11,7 @@
     "express": "~5.2.1",
     "http-errors": "~2.0.1",
     "jsonwebtoken": "^9.0.3",
-    "morgan": "~1.11.0",
+    "morgan": "~1.10.1",
     "pug": "~3.0.4"
   }
 }

superset/commands/chart/exceptions.py

@@ -103,19 +103,6 @@ class DatasourceTypeUpdateRequiredValidationError(ValidationError):
         )
 
 
-class ChartQueryContextDatasourceMismatchValidationError(ValidationError):
-    """
-    Raised when a query-context-only update carries a datasource that does not
-    match the chart's own datasource.
-    """
-
-    def __init__(self) -> None:
-        super().__init__(
-            _("The query context datasource does not match the chart datasource"),
-            field_name="query_context",
-        )
-
-
 class ChartNotFoundError(CommandException):
     message = "Chart not found."
 

superset/commands/chart/update.py

@@ -29,7 +29,6 @@ from superset.commands.chart.exceptions import (
     ChartForbiddenError,
     ChartInvalidError,
     ChartNotFoundError,
-    ChartQueryContextDatasourceMismatchValidationError,
     ChartUpdateFailedError,
     DashboardsForbiddenError,
     DashboardsNotFoundValidationError,
@@ -42,7 +41,6 @@ from superset.exceptions import SupersetSecurityException
 from superset.models.dashboard import Dashboard
 from superset.models.slice import Slice
 from superset.tags.models import ObjectType
-from superset.utils import json
 from superset.utils.decorators import on_error, transaction
 
 logger = logging.getLogger(__name__)
@@ -103,51 +101,6 @@ class UpdateChartCommand(UpdateMixin, BaseCommand):
                 if not security_manager.is_owner(dash):
                     raise DashboardsForbiddenError()
 
-    def _validate_query_context_datasource(
-        self, exceptions: list[ValidationError]
-    ) -> None:
-        """
-        Ensure a query-context-only update keeps the chart's own datasource.
-
-        The submitted query context is only verified when it carries a parseable
-        ``datasource`` object; a payload that references a different datasource than
-        the chart's persisted one is rejected. Payloads without a datasource fall
-        back to the chart's datasource at execution time and need no check.
-        """
-        if not self._model:
-            return
-
-        raw_query_context = self._properties.get("query_context")
-        if not raw_query_context:
-            return
-
-        try:
-            query_context = json.loads(raw_query_context)
-        except (TypeError, ValueError):
-            # An unparseable payload cannot be verified or replayed; leave it for
-            # downstream handling rather than guessing at its intent.
-            return
-
-        datasource = (
-            query_context.get("datasource") if isinstance(query_context, dict) else None
-        )
-        if not isinstance(datasource, dict):
-            return
-
-        try:
-            ids_match = int(datasource["id"]) == self._model.datasource_id
-        except (KeyError, TypeError, ValueError):
-            ids_match = False
-
-        datasource_type = datasource.get("type")
-        types_match = (
-            datasource_type is None
-            or str(datasource_type) == self._model.datasource_type
-        )
-
-        if not ids_match or not types_match:
-            exceptions.append(ChartQueryContextDatasourceMismatchValidationError())
-
     def validate(self) -> None:  # noqa: C901
         exceptions: list[ValidationError] = []
         dashboard_ids = self._properties.get("dashboards")
@@ -181,12 +134,6 @@ class UpdateChartCommand(UpdateMixin, BaseCommand):
                 raise ChartForbiddenError() from ex
             except ValidationError as ex:
                 exceptions.append(ex)
-        else:
-            # The query-context-only path skips the ownership check so report and
-            # alert workers can refresh a chart's cached payload. Keep that payload
-            # bound to the chart's own datasource so it cannot be repointed at an
-            # unrelated one.
-            self._validate_query_context_datasource(exceptions)
 
         # validate tags
         try:

superset/config.py

@@ -459,7 +459,6 @@ LANGUAGES = {
     "nl": {"flag": "nl", "name": "Dutch"},
     "uk": {"flag": "ua", "name": "Ukrainian"},
     "mi": {"flag": "nz", "name": "Māori"},
-    "ro": {"flag": "ro", "name": "Romanian"},
 }
 # Turning off i18n by default as translation in most languages are
 # incomplete and not well maintained.

superset/initialization/__init__.py

@@ -764,6 +764,23 @@ class SupersetAppInitializer:  # pylint: disable=too-many-public-methods
                 gc.collect()
             return response
 
+        @self.superset_app.before_request
+        def enforce_session_validity() -> Any:
+            """Force logout of sessions invalidated by a per-user epoch."""
+            from superset.security.session_invalidation import (
+                enforce_session_validity as _enforce,
+            )
+
+            return _enforce()
+
+        # Stamp the per-user invalidation epoch when an account is disabled,
+        # so outstanding sessions are terminated on their next request.
+        from superset.security.session_invalidation import (
+            register_session_invalidation_events,
+        )
+
+        register_session_invalidation_events(appbuilder.sm.user_model)
+
         @self.superset_app.context_processor
         def get_common_bootstrap_data() -> dict[str, Any]:
             # Import here to avoid circular imports

superset/migrations/versions/2026-06-02_10-00_f7a1c93e0b21_add_sessions_invalidated_at.py

@@ -0,0 +1,177 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""add sessions_invalidated_at to user_attribute
+
+Revision ID: f7a1c93e0b21
+Revises: 31dae2559c05
+Create Date: 2026-06-02 10:00:00.000000
+
+"""
+
+from datetime import datetime, timezone
+
+import sqlalchemy as sa
+from alembic import op
+
+from superset.migrations.shared.utils import (
+    add_columns,
+    create_index,
+    drop_columns,
+    drop_index,
+)
+
+# revision identifiers, used by Alembic.
+revision = "f7a1c93e0b21"
+down_revision = "31dae2559c05"
+
+TABLE = "user_attribute"
+COLUMN = "sessions_invalidated_at"
+INDEX = "ix_user_attribute_sessions_invalidated_at"
+UQ = "uq_user_attribute_user_id"
+
+
+MERGE_COLUMNS = ("avatar_url", "welcome_dashboard_id", "sessions_invalidated_at")
+
+
+def upgrade():
+    add_columns(TABLE, sa.Column(COLUMN, sa.DateTime(), nullable=True))
+    create_index(TABLE, INDEX, [COLUMN])
+    # The model treats ``user_attribute`` as one row per user (all readers use
+    # ``extra_attributes[0]``). Enforce that invariant so the session-invalidation
+    # upsert is race-safe. Collapse any pre-existing duplicates into the lowest
+    # ``id`` per user before adding the unique constraint.
+    #
+    # The merge/de-dup is driven in Python rather than via correlated subqueries:
+    # MySQL forbids referencing the UPDATE/DELETE target table in a subquery
+    # (error 1093), so a portable SQL form is awkward. Reading the duplicate rows
+    # and resolving the winner in Python works identically on SQLite/MySQL/Postgres.
+    _dedupe_user_attributes()
+    # SQLite has no ALTER ... ADD CONSTRAINT, so use batch mode (copy-and-move)
+    # which all dialects support.
+    with op.batch_alter_table(TABLE) as batch_op:
+        batch_op.create_unique_constraint(UQ, ["user_id"])
+    # Backfill an epoch for accounts that are already disabled at upgrade time.
+    # Without this, a user disabled before this lands and later re-enabled would
+    # have no epoch, so a pre-existing session (which also carries no recorded
+    # login time) would silently revive. Stamping the epoch now means any such
+    # outstanding session is treated as invalidated.
+    _backfill_disabled_users()
+
+
+def _dedupe_user_attributes():
+    """Collapse duplicate ``user_attribute`` rows into the lowest ``id`` per user.
+
+    Settings stored only on a higher-``id`` duplicate are merged forward into the
+    kept row (the kept row's NULL columns take the lowest-``id`` non-NULL sibling
+    value) so nothing is silently lost, then the redundant rows are deleted.
+    """
+    bind = op.get_bind()
+    columns = ", ".join(("id", "user_id", *MERGE_COLUMNS))
+    rows = bind.execute(
+        sa.text(f"SELECT {columns} FROM {TABLE} ORDER BY id")  # noqa: S608
+    ).fetchall()
+
+    by_user: dict[int, list] = {}
+    for row in rows:
+        mapping = row._mapping
+        if mapping["user_id"] is None:
+            continue
+        by_user.setdefault(mapping["user_id"], []).append(mapping)
+
+    for user_rows in by_user.values():
+        if len(user_rows) < 2:
+            continue
+        # Rows are ordered by id, so the first is the keeper.
+        keeper = user_rows[0]
+        duplicates = user_rows[1:]
+        updates = {}
+        for column in MERGE_COLUMNS:
+            if keeper[column] is not None:
+                continue
+            for dup in duplicates:
+                if dup[column] is not None:
+                    updates[column] = dup[column]
+                    break
+        if updates:
+            assignments = ", ".join(f"{col} = :{col}" for col in updates)
+            bind.execute(
+                sa.text(
+                    f"UPDATE {TABLE} SET {assignments} WHERE id = :id"  # noqa: S608
+                ),
+                {**updates, "id": keeper["id"]},
+            )
+        bind.execute(
+            sa.text(f"DELETE FROM {TABLE} WHERE id = :id"),  # noqa: S608
+            [{"id": dup["id"]} for dup in duplicates],
+        )
+
+
+def _backfill_disabled_users():
+    """Stamp the invalidation epoch for users that are already disabled.
+
+    Upserts one ``user_attribute`` row per disabled user (``ab_user.active`` is
+    false) that has no epoch yet, so re-enabling such an account does not revive
+    a session that predates this feature. Done in Python to stay portable across
+    SQLite/MySQL/Postgres; the unique constraint added above guarantees one row
+    per user, so the insert path cannot create duplicates.
+    """
+    bind = op.get_bind()
+    now = datetime.now(timezone.utc).replace(tzinfo=None)
+
+    # FAB stores ``active`` as a boolean/tinyint; some legacy rows leave it NULL,
+    # which is not "explicitly disabled", so only match a false value.
+    disabled_user_ids = [
+        row._mapping["id"]
+        for row in bind.execute(
+            sa.text("SELECT id FROM ab_user WHERE active = :inactive"),
+            {"inactive": False},
+        ).fetchall()
+    ]
+    if not disabled_user_ids:
+        return
+
+    existing = {
+        row._mapping["user_id"]
+        for row in bind.execute(
+            sa.text(f"SELECT user_id FROM {TABLE}")  # noqa: S608
+        ).fetchall()
+    }
+
+    for user_id in disabled_user_ids:
+        if user_id in existing:
+            bind.execute(
+                sa.text(
+                    f"UPDATE {TABLE} SET {COLUMN} = :now, changed_on = :now "  # noqa: S608, E501
+                    f"WHERE user_id = :user_id AND {COLUMN} IS NULL"
+                ),
+                {"now": now, "user_id": user_id},
+            )
+        else:
+            bind.execute(
+                sa.text(
+                    f"INSERT INTO {TABLE} (user_id, {COLUMN}, created_on, changed_on) "  # noqa: S608, E501
+                    "VALUES (:user_id, :now, :now, :now)"
+                ),
+                {"now": now, "user_id": user_id},
+            )
+
+
+def downgrade():
+    with op.batch_alter_table(TABLE) as batch_op:
+        batch_op.drop_constraint(UQ, type_="unique")
+    drop_index(TABLE, INDEX)
+    drop_columns(TABLE, COLUMN)

superset/models/user_attributes.py

@@ -16,7 +16,14 @@
 # under the License.
 
 from flask_appbuilder import Model
-from sqlalchemy import Column, ForeignKey, Integer, String
+from sqlalchemy import (
+    Column,
+    DateTime,
+    ForeignKey,
+    Integer,
+    String,
+    UniqueConstraint,
+)
 from sqlalchemy.orm import relationship
 
 from superset import security_manager
@@ -34,6 +41,9 @@ class UserAttribute(Model, AuditMixinNullable):
     """
 
     __tablename__ = "user_attribute"
+    # One attribute row per user; readers rely on ``extra_attributes[0]`` and the
+    # session-invalidation upsert depends on this for race safety.
+    __table_args__ = (UniqueConstraint("user_id", name="uq_user_attribute_user_id"),)
     id = Column(Integer, primary_key=True)
     user_id = Column(Integer, ForeignKey("ab_user.id"))
     user = relationship(
@@ -42,3 +52,8 @@ class UserAttribute(Model, AuditMixinNullable):
     welcome_dashboard_id = Column(Integer, ForeignKey("dashboards.id"))
     welcome_dashboard = relationship("Dashboard")
     avatar_url = Column(String(100))
+    # When set, any session for this user whose login predates this timestamp
+    # is forced to log out (see ``superset.security.session_invalidation``).
+    # Stamped when the account is disabled, so outstanding sessions terminate
+    # regardless of the session backend. NULL means "never invalidated".
+    sessions_invalidated_at = Column(DateTime, nullable=True, index=True)

superset/security/manager.py

@@ -639,6 +639,12 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
         return lm
 
     def on_user_login(self, user: Any) -> None:
+        # pylint: disable=import-outside-toplevel
+        from superset.security.session_invalidation import stamp_login_time
+
+        # Record the authentication time so outstanding sessions can be
+        # invalidated when the account is later disabled.
+        stamp_login_time()
         _log_audit_event(
             "UserLoggedIn",
             {"username": user.username, "user_id": user.id},

superset/security/session_invalidation.py

@@ -0,0 +1,205 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""
+Backend-agnostic session invalidation.
+
+Outstanding sessions are terminated by comparing the time a session was
+authenticated (``session["_login_at"]``, stamped at login) against a per-user
+invalidation epoch (``UserAttribute.sessions_invalidated_at``). When a session
+predates the user's epoch it is forced to log out on its next request.
+
+The epoch is stamped whenever an account is *disabled* (``active`` flips to
+``False``), via a SQLAlchemy ``after_update`` listener so it fires regardless of
+the code path that disabled the user (FAB admin UI, REST API, or CLI). This
+works for both client-side cookie sessions and server-side session stores
+without enumerating the store by user. A deleted user is already rejected by
+Flask-Login's user loader, so deletion needs no epoch.
+
+The mechanism is inert until an epoch is set: users that were never disabled
+(NULL epoch) are never affected, so it is backwards compatible by default.
+"""
+
+import logging
+import math
+from datetime import datetime, timezone
+from typing import Any, Optional
+
+from flask import flash, session
+from flask_babel import gettext as __
+from flask_login import current_user, logout_user
+from sqlalchemy import event, inspect
+from sqlalchemy.exc import IntegrityError
+from werkzeug.wrappers import Response
+
+logger = logging.getLogger(__name__)
+
+#: Session key holding the epoch-seconds timestamp of when the session logged in.
+SESSION_LOGIN_AT_KEY = "_login_at"
+
+
+def _utcnow() -> datetime:
+    return datetime.now(timezone.utc)
+
+
+def stamp_login_time() -> None:
+    """Record the current session's authentication time. Call on login."""
+    session[SESSION_LOGIN_AT_KEY] = _utcnow().timestamp()
+
+
+def _as_utc_timestamp(value: datetime) -> float:
+    """Epoch seconds for ``value``, treating naive datetimes as UTC.
+
+    The ``sessions_invalidated_at`` column is a naive ``DateTime`` storing a UTC
+    instant; calling ``.timestamp()`` on a naive datetime would otherwise assume
+    *local* time and skew the comparison by the local UTC offset.
+    """
+    if value.tzinfo is None:
+        value = value.replace(tzinfo=timezone.utc)
+    return value.timestamp()
+
+
+def is_session_invalidated(
+    login_at: Optional[float], invalidated_at: Optional[datetime]
+) -> bool:
+    """
+    Return True if a session authenticated at ``login_at`` is invalidated by an
+    epoch of ``invalidated_at``.
+
+    - No epoch (``invalidated_at is None``) ⇒ never invalidated (the common case
+      and the reason the feature is inert/backwards compatible by default).
+    - An epoch with no recorded login time ⇒ invalidated. A session old enough
+      to predate the feature carries no ``_login_at``; if the user has since
+      been disabled, fail closed.
+    - Otherwise the session is invalidated iff it logged in before the epoch.
+    """
+    if invalidated_at is None:
+        return False
+    if login_at is None:
+        return True
+    return login_at < _as_utc_timestamp(invalidated_at)
+
+
+def _get_user_invalidated_at(user: Any) -> Optional[datetime]:
+    extra_attributes = getattr(user, "extra_attributes", None)
+    if not extra_attributes:
+        return None
+    return extra_attributes[0].sessions_invalidated_at
+
+
+def enforce_session_validity() -> Optional[Response]:
+    """
+    ``before_request`` hook: force logout of sessions invalidated by the user's
+    epoch.
+
+    Fails open — any error here logs a warning and allows the request rather
+    than risk locking everyone out on a bug in the check.
+    """
+    try:
+        user = current_user
+        if not user or not getattr(user, "is_authenticated", False):
+            return None
+        # Guest (embedded) users are not FAB users and have their own
+        # revocation mechanism; skip them.
+        if getattr(user, "is_guest_user", False):
+            return None
+        invalidated_at = _get_user_invalidated_at(user)
+        if invalidated_at is None:
+            return None
+        login_at = session.get(SESSION_LOGIN_AT_KEY)
+        if not is_session_invalidated(login_at, invalidated_at):
+            return None
+
+        # Clear the authenticated session and let the request continue as
+        # anonymous: each route's own decorator then responds correctly for its
+        # type (401 for the REST API, redirect-to-login for HTML views) without
+        # this hook needing to know the route kind.
+        logout_user()
+        session.clear()
+        flash(__("Your session has ended. Please sign in again."), "warning")
+        return None
+    except Exception:  # noqa: BLE001  # pylint: disable=broad-except
+        logger.warning(
+            "Session-invalidation check failed; allowing request", exc_info=True
+        )
+        return None
+
+
+def invalidate_user_sessions(connection: Any, user_id: int) -> None:
+    """Stamp the invalidation epoch for ``user_id`` using ``connection``.
+
+    Upserts the user's ``UserAttribute`` row so the mechanism works even for
+    users that have no attribute row yet. ``user_attribute.user_id`` carries a
+    unique constraint, so the insert is safe against a concurrent disable of the
+    same user: the loser's insert raises ``IntegrityError``, which is caught and
+    retried as an update rather than creating a duplicate row.
+    """
+    # pylint: disable=import-outside-toplevel
+    from superset.models.user_attributes import UserAttribute
+
+    table = UserAttribute.__table__
+    # Round the epoch up to the next whole second. Some backends (e.g. MySQL)
+    # store ``DATETIME`` columns without sub-second precision and truncate the
+    # value; a session that logged in earlier in the same wall-clock second
+    # carries a fractional ``_login_at`` that would otherwise compare as >= the
+    # truncated epoch and survive invalidation. Ceiling the stamp guarantees it
+    # strictly exceeds any login time from the same second.
+    now_epoch = _utcnow().timestamp()
+    now = datetime.fromtimestamp(math.ceil(now_epoch), timezone.utc).replace(
+        tzinfo=None
+    )
+
+    def _stamp_existing() -> int:
+        return connection.execute(
+            table.update()
+            .where(table.c.user_id == user_id)
+            .values(sessions_invalidated_at=now, changed_on=now)
+        ).rowcount
+
+    if _stamp_existing():
+        return
+
+    try:
+        with connection.begin_nested():
+            connection.execute(
+                table.insert().values(
+                    user_id=user_id,
+                    sessions_invalidated_at=now,
+                    created_on=now,
+                    changed_on=now,
+                )
+            )
+    except IntegrityError:
+        # A concurrent disable inserted the row first; stamp it instead.
+        _stamp_existing()
+
+
+def _stamp_epoch_on_disable(_mapper: Any, connection: Any, target: Any) -> None:
+    history = inspect(target).attrs.active.history
+    # Only act when ``active`` actually changed to False — ignore the
+    # last_login / login_count updates FAB writes on every login.
+    if not history.has_changes() or target.active:
+        return
+    invalidate_user_sessions(connection, target.id)
+
+
+def register_session_invalidation_events(user_model: Any) -> None:
+    """Register the ``after_update`` listener that stamps the epoch on disable.
+
+    Idempotent: safe to call on every app initialization (e.g. across tests).
+    """
+    if not event.contains(user_model, "after_update", _stamp_epoch_on_disable):
+        event.listen(user_model, "after_update", _stamp_epoch_on_disable)

superset/utils/json.py

@@ -26,7 +26,6 @@ import pandas as pd
 import simplejson
 from flask_babel.speaklater import LazyString
 from jsonpath_ng import parse
-from jsonpath_ng.jsonpath import Child, Fields, Root
 from simplejson import JSONDecodeError
 
 from superset.constants import PASSWORD_MASK
@@ -305,30 +304,6 @@ def reveal_sensitive(
     return revealed_payload
 
 
-def _render_jsonpath(node: Any) -> str:
-    """
-    Render a JSONPath node as a stable dotted string (e.g. ``foo.bar``).
-
-    ``str()`` of a jsonpath-ng path is not stable across releases: as of
-    jsonpath-ng 1.8.0 a ``Child`` node renders with surrounding parentheses
-    (e.g. ``(foo.bar)``). This helper produces the historic dotted notation so
-    that the strings returned by :func:`get_masked_fields` remain consistent and
-    can be round-tripped back through ``parse``.
-
-    Falls back to ``str()`` for node kinds that aren't plain field access (e.g.
-    array indices, slices), preserving their existing representation.
-    """
-    if isinstance(node, Child):
-        left = _render_jsonpath(node.left)
-        right = _render_jsonpath(node.right)
-        return f"{left}.{right}" if left else right
-    if isinstance(node, Fields):
-        return ".".join(node.fields)
-    if isinstance(node, Root):
-        return ""
-    return str(node)
-
-
 def get_masked_fields(
     payload: dict[str, Any],
     sensitive_fields: set[str],
@@ -346,10 +321,8 @@ def get_masked_fields(
         for match in jsonpath_expr.find(payload):
             if match.value == PASSWORD_MASK:
                 # Using `match.full_path` instead of json_path to account
-                # for wildcards. Render the path explicitly so the output is
-                # stable across jsonpath-ng versions (newer releases wrap
-                # `Child` paths in parentheses when stringified).
-                masked.append(f"$.{_render_jsonpath(match.full_path)}")
+                # for wildcards
+                masked.append(f"$.{match.full_path}")
     return masked
 
 

tests/integration_tests/security/session_invalidation_tests.py

@@ -0,0 +1,79 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from superset import db
+from superset.models.user_attributes import UserAttribute
+from tests.integration_tests.base_tests import SupersetTestCase
+
+USERNAME = "session_invalidation_user"
+PASSWORD = "general"  # noqa: S105
+
+
+class TestSessionInvalidation(SupersetTestCase):
+    def setUp(self) -> None:
+        self.create_user(
+            USERNAME,
+            PASSWORD,
+            "Admin",
+            email="session_invalidation_user@fab.org",
+        )
+        db.session.commit()
+
+    def tearDown(self) -> None:
+        if user := self.get_user(USERNAME):
+            db.session.query(UserAttribute).filter_by(user_id=user.id).delete()
+            db.session.delete(user)
+            db.session.commit()
+
+    def _set_active(self, active: bool) -> None:
+        # Update via the ORM so the after_update event fires (mirrors the
+        # FAB admin UI / REST API path that flips ``active``).
+        user = self.get_user(USERNAME)
+        user.active = active
+        db.session.commit()
+
+    def test_disabling_user_forces_logout_of_active_session(self) -> None:
+        self.login(USERNAME, PASSWORD)
+
+        # Authenticated request works before the account is disabled.
+        assert self.client.get("/api/v1/me/").status_code == 200
+
+        # Disabling the account stamps the per-user invalidation epoch...
+        self._set_active(False)
+        user = self.get_user(USERNAME)
+        attribute = (
+            db.session.query(UserAttribute).filter_by(user_id=user.id).one_or_none()
+        )
+        assert attribute is not None
+        assert attribute.sessions_invalidated_at is not None
+
+        # ...so the previously-authenticated session is now forced out. The
+        # hook clears the session and the protected REST route answers 401.
+        assert self.client.get("/api/v1/me/").status_code == 401
+
+    def test_active_user_session_is_unaffected(self) -> None:
+        """A user who was never disabled (NULL epoch) is never logged out."""
+        self.login(USERNAME, PASSWORD)
+        assert self.client.get("/api/v1/me/").status_code == 200
+        # No epoch was ever stamped.
+        user = self.get_user(USERNAME)
+        attribute = (
+            db.session.query(UserAttribute).filter_by(user_id=user.id).one_or_none()
+        )
+        assert attribute is None or attribute.sessions_invalidated_at is None
+        # Repeated requests stay authenticated.
+        assert self.client.get("/api/v1/me/").status_code == 200

tests/unit_tests/commands/chart/update_test.py

@@ -17,11 +17,10 @@
 import pytest
 from pytest_mock import MockerFixture
 
-from superset.commands.chart.exceptions import ChartForbiddenError, ChartInvalidError
+from superset.commands.chart.exceptions import ChartForbiddenError
 from superset.commands.chart.update import UpdateChartCommand
 from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
 from superset.exceptions import SupersetSecurityException
-from superset.utils import json
 
 
 def _ownership_exc() -> SupersetSecurityException:
@@ -92,73 +91,3 @@ def test_update_chart_owner_can_perform_regular_update(
 
     find_by_id.assert_called_once_with(1)
     raise_for_ownership.assert_called_once()
-
-
-def _query_context_payload(datasource: object) -> dict[str, object]:
-    return {
-        "query_context": json.dumps({"datasource": datasource, "queries": []}),
-        "query_context_generation": True,
-    }
-
-
-def test_update_chart_query_context_matching_datasource_is_allowed(
-    mocker: MockerFixture,
-) -> None:
-    """A query context that targets the chart's own datasource is accepted."""
-    find_by_id = mocker.patch("superset.commands.chart.update.ChartDAO.find_by_id")
-    find_by_id.return_value = mocker.MagicMock(
-        id=1, tags=[], dashboards=[], datasource_id=42, datasource_type="table"
-    )
-    mocker.patch("superset.commands.chart.update.security_manager.raise_for_ownership")
-
-    UpdateChartCommand(
-        1, _query_context_payload({"id": 42, "type": "table"})
-    ).validate()
-
-
-@pytest.mark.parametrize(
-    "datasource",
-    [
-        {"id": 99, "type": "table"},  # different id
-        {"id": 42, "type": "query"},  # different type
-        {"id": "99", "type": "table"},  # different id as string
-    ],
-)
-def test_update_chart_query_context_mismatched_datasource_is_rejected(
-    mocker: MockerFixture,
-    datasource: dict[str, object],
-) -> None:
-    """A query context pointing at a different datasource is rejected with a 4xx."""
-    find_by_id = mocker.patch("superset.commands.chart.update.ChartDAO.find_by_id")
-    find_by_id.return_value = mocker.MagicMock(
-        id=1, tags=[], dashboards=[], datasource_id=42, datasource_type="table"
-    )
-    mocker.patch("superset.commands.chart.update.security_manager.raise_for_ownership")
-
-    with pytest.raises(ChartInvalidError):
-        UpdateChartCommand(1, _query_context_payload(datasource)).validate()
-
-
-@pytest.mark.parametrize(
-    "query_context",
-    [
-        "{}",  # no datasource key
-        '{"datasource": null}',  # null datasource
-        "not-json",  # unparseable payload
-    ],
-)
-def test_update_chart_query_context_without_datasource_is_allowed(
-    mocker: MockerFixture,
-    query_context: str,
-) -> None:
-    """Payloads with no verifiable datasource fall back to the chart's own."""
-    find_by_id = mocker.patch("superset.commands.chart.update.ChartDAO.find_by_id")
-    find_by_id.return_value = mocker.MagicMock(
-        id=1, tags=[], dashboards=[], datasource_id=42, datasource_type="table"
-    )
-    mocker.patch("superset.commands.chart.update.security_manager.raise_for_ownership")
-
-    UpdateChartCommand(
-        1,
-        {"query_context": query_context, "query_context_generation": True},
-    ).validate()

tests/unit_tests/security/audit_log_test.py

@@ -206,9 +206,12 @@ def test_group_api_post_delete_logs_event(mock_log: MagicMock) -> None:
 # --- Login / Logout ---
 
 
+@patch("superset.security.session_invalidation.stamp_login_time")
 @patch("superset.security.manager._log_audit_event")
-def test_on_user_login_logs_event(mock_log: MagicMock) -> None:
-    """on_user_login logs a UserLoggedIn event."""
+def test_on_user_login_logs_event(
+    mock_log: MagicMock, mock_stamp_login_time: MagicMock
+) -> None:
+    """on_user_login logs a UserLoggedIn event and stamps the session."""
     sm = SupersetSecurityManager.__new__(SupersetSecurityManager)
     user = MagicMock(spec=User)
     user.username = "testuser"
@@ -216,6 +219,7 @@ def test_on_user_login_logs_event(mock_log: MagicMock) -> None:
 
     sm.on_user_login(user)
 
+    mock_stamp_login_time.assert_called_once()
     mock_log.assert_called_once_with(
         "UserLoggedIn", {"username": "testuser", "user_id": 7}
     )

tests/unit_tests/security/test_session_invalidation.py

@@ -0,0 +1,214 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from datetime import datetime, timedelta, timezone
+from types import SimpleNamespace
+from unittest.mock import MagicMock, patch
+
+from sqlalchemy.exc import IntegrityError
+
+from superset.security.session_invalidation import (
+    _as_utc_timestamp,
+    enforce_session_validity,
+    invalidate_user_sessions,
+    is_session_invalidated,
+    SESSION_LOGIN_AT_KEY,
+)
+
+
+def test_no_epoch_is_never_invalidated() -> None:
+    """A user that was never disabled (NULL epoch) is never invalidated."""
+    assert is_session_invalidated(login_at=None, invalidated_at=None) is False
+    assert is_session_invalidated(login_at=1_000.0, invalidated_at=None) is False
+
+
+def test_epoch_with_no_login_time_fails_closed() -> None:
+    """A pre-feature session (no _login_at) on a disabled user is invalidated."""
+    epoch = datetime.now(timezone.utc)
+    assert is_session_invalidated(login_at=None, invalidated_at=epoch) is True
+
+
+def test_session_before_epoch_is_invalidated() -> None:
+    epoch = datetime.now(timezone.utc)
+    before = (epoch - timedelta(minutes=5)).timestamp()
+    assert is_session_invalidated(login_at=before, invalidated_at=epoch) is True
+
+
+def test_session_after_epoch_is_valid() -> None:
+    """A fresh login after a disable+re-enable must not be invalidated."""
+    epoch = datetime.now(timezone.utc)
+    after = (epoch + timedelta(minutes=5)).timestamp()
+    assert is_session_invalidated(login_at=after, invalidated_at=epoch) is False
+
+
+def test_login_exactly_at_epoch_is_valid() -> None:
+    epoch = datetime.now(timezone.utc)
+    assert (
+        is_session_invalidated(login_at=epoch.timestamp(), invalidated_at=epoch)
+        is False
+    )
+
+
+def test_naive_epoch_is_treated_as_utc() -> None:
+    """
+    The DB column is a naive UTC ``DateTime``; the comparison must treat it as
+    UTC, not local time (otherwise it skews by the local offset).
+    """
+    aware = datetime(2026, 6, 2, 12, 0, 0, tzinfo=timezone.utc)
+    naive = aware.replace(tzinfo=None)
+    assert _as_utc_timestamp(naive) == aware.timestamp()
+
+    just_before = aware.timestamp() - 1
+    just_after = aware.timestamp() + 1
+    assert is_session_invalidated(login_at=just_before, invalidated_at=naive) is True
+    assert is_session_invalidated(login_at=just_after, invalidated_at=naive) is False
+
+
+MODULE = "superset.security.session_invalidation"
+
+
+def _user(*, authenticated: bool = True, guest: bool = False) -> SimpleNamespace:
+    return SimpleNamespace(is_authenticated=authenticated, is_guest_user=guest)
+
+
+def test_enforce_skips_unauthenticated_user() -> None:
+    """No authenticated user ⇒ nothing to enforce, request proceeds."""
+    with (
+        patch(f"{MODULE}.current_user", _user(authenticated=False)),
+        patch(f"{MODULE}.logout_user") as logout,
+    ):
+        assert enforce_session_validity() is None
+        logout.assert_not_called()
+
+
+def test_enforce_skips_guest_user() -> None:
+    """Guest (embedded) users have their own revocation path and are skipped."""
+    with (
+        patch(f"{MODULE}.current_user", _user(guest=True)),
+        patch(f"{MODULE}._get_user_invalidated_at") as get_epoch,
+        patch(f"{MODULE}.logout_user") as logout,
+    ):
+        assert enforce_session_validity() is None
+        get_epoch.assert_not_called()
+        logout.assert_not_called()
+
+
+def test_enforce_no_epoch_leaves_session_alone() -> None:
+    """A user with no invalidation epoch is never logged out."""
+    with (
+        patch(f"{MODULE}.current_user", _user()),
+        patch(f"{MODULE}._get_user_invalidated_at", return_value=None),
+        patch(f"{MODULE}.logout_user") as logout,
+    ):
+        assert enforce_session_validity() is None
+        logout.assert_not_called()
+
+
+def test_enforce_valid_session_is_not_logged_out() -> None:
+    """A session that logged in after the epoch stays authenticated."""
+    epoch = datetime.now(timezone.utc)
+    after = (epoch + timedelta(minutes=5)).timestamp()
+    fake_session = MagicMock()
+    fake_session.get.return_value = after
+    with (
+        patch(f"{MODULE}.current_user", _user()),
+        patch(f"{MODULE}._get_user_invalidated_at", return_value=epoch),
+        patch(f"{MODULE}.session", fake_session),
+        patch(f"{MODULE}.logout_user") as logout,
+    ):
+        assert enforce_session_validity() is None
+        fake_session.get.assert_called_once_with(SESSION_LOGIN_AT_KEY)
+        logout.assert_not_called()
+
+
+def test_enforce_invalidated_session_is_logged_out() -> None:
+    """A session predating the epoch is cleared and flashed a warning."""
+    epoch = datetime.now(timezone.utc)
+    before = (epoch - timedelta(minutes=5)).timestamp()
+    fake_session = MagicMock()
+    fake_session.get.return_value = before
+    with (
+        patch(f"{MODULE}.current_user", _user()),
+        patch(f"{MODULE}._get_user_invalidated_at", return_value=epoch),
+        patch(f"{MODULE}.session", fake_session),
+        patch(f"{MODULE}.logout_user") as logout,
+        patch(f"{MODULE}.flash") as flash,
+    ):
+        assert enforce_session_validity() is None
+        logout.assert_called_once()
+        fake_session.clear.assert_called_once()
+        flash.assert_called_once()
+
+
+def test_enforce_fails_open_on_error() -> None:
+    """Any error in the check logs a warning and allows the request."""
+    # A real (non-guest, authenticated) user so the check reaches the epoch
+    # lookup, which then raises — exercising the fail-open handler.
+    user = SimpleNamespace(is_authenticated=True, is_guest_user=False)
+    with (
+        patch(f"{MODULE}.current_user", user),
+        patch(f"{MODULE}._get_user_invalidated_at", side_effect=RuntimeError("boom")),
+        patch(f"{MODULE}.logout_user") as logout,
+        patch(f"{MODULE}.logger") as logger,
+    ):
+        assert enforce_session_validity() is None
+        logout.assert_not_called()
+        logger.warning.assert_called_once()
+
+
+def test_invalidate_updates_existing_row() -> None:
+    """When a row already exists, the upsert updates it and skips the insert."""
+    connection = MagicMock()
+    connection.execute.return_value.rowcount = 1
+    invalidate_user_sessions(connection, user_id=7)
+    # Single UPDATE, no INSERT / SAVEPOINT.
+    assert connection.execute.call_count == 1
+    connection.begin_nested.assert_not_called()
+
+
+def test_invalidate_inserts_when_missing() -> None:
+    """When no row exists, the upsert inserts one inside a SAVEPOINT."""
+    connection = MagicMock()
+    # First execute is the UPDATE (rowcount 0); second is the INSERT.
+    connection.execute.return_value.rowcount = 0
+    invalidate_user_sessions(connection, user_id=7)
+    assert connection.execute.call_count == 2
+    connection.begin_nested.assert_called_once()
+
+
+def test_invalidate_retries_as_update_on_race() -> None:
+    """If a concurrent disable wins the insert, the IntegrityError is caught
+    and the row is stamped via UPDATE instead of duplicating it."""
+    connection = MagicMock()
+    update_result = SimpleNamespace(rowcount=0)
+    retry_result = SimpleNamespace(rowcount=1)
+
+    calls: list[str] = []
+
+    def execute(statement, *args, **kwargs):  # noqa: ANN001, ANN002, ANN003
+        compiled = str(statement).strip().upper()
+        if compiled.startswith("UPDATE"):
+            calls.append("update")
+            # First UPDATE finds nothing; the retry UPDATE succeeds.
+            return retry_result if len(calls) > 1 else update_result
+        calls.append("insert")
+        raise IntegrityError("insert", {}, Exception())
+
+    connection.execute.side_effect = execute
+    invalidate_user_sessions(connection, user_id=7)
+    # update (miss) -> insert (race loses) -> update (retry succeeds)
+    assert calls == ["update", "insert", "update"]

tests/unit_tests/utils/test_split.py

@@ -1,81 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-from superset.utils.core import split
-
-
-def test_split_empty_string():
-    assert list(split("")) == [""]
-
-
-def test_split_leading_delimiter():
-    assert list(split(" a")) == [
-        "",
-        "a",
-    ]
-
-
-def test_split_trailing_delimiter():
-    assert list(split("a ")) == [
-        "a",
-        "",
-    ]
-
-
-def test_split_only_delimiter():
-    assert list(split(" ")) == [
-        "",
-        "",
-    ]
-
-
-def test_split_nested_parentheses():
-    assert list(
-        split(
-            "a,(b,(c,d))",
-            delimiter=",",
-        )
-    ) == [
-        "a",
-        "(b,(c,d))",
-    ]
-
-
-def test_branch_separator_found():
-    assert list(split("a b")) == [
-        "a",
-        "b",
-    ]
-
-
-def test_branch_separator_not_found():
-    assert list(split("ab")) == [
-        "ab",
-    ]
-
-
-def test_branch_parentheses():
-    assert list(split("(a b)")) == [
-        "(a b)",
-    ]
-
-
-def test_branch_escaped_quote():
-    assert list(split(r'"a\"b c" d')) == [
-        r'"a\"b c"',
-        "d",
-    ]