fix(extensions): address review on hot-reload watcher

Per @codeant-ai's and @bito's review on #40084: 1. First-edit dropped on startup. Pre-populate baseline hashes from existing files in watched `dist` dirs via `prime_baseline()`, called once at watcher startup. Real edits now diff against the on-disk baseline instead of being silently swallowed as "first observation". 2. Move events used src_path. Atomic-build workflows (webpack tmp + rename into `dist`) mean `src_path` may point outside the watched tree. Use `dest_path` for `FileMovedEvent`, falling back to `src_path`. 3. Moves trigger regardless of content match. A move into/out of `dist` is itself the signal — don't gate it on hashing the (potentially missing) source. 4. Leading-edge debounce replaced with trailing debounce via `threading.Timer`. Each event resets the timer so the reload fires once after the build settles, instead of triggering immediately and dropping the writes that finish the build. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(extensions): make LOCAL_EXTENSIONS hot reload reliable in Docker
2026-06-10 01:59:17 +00:00 · 2026-06-08 15:42:30 -07:00 · 2026-06-08 15:42:30 -07:00
171 changed files with 1044 additions and 5310 deletions
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -30,8 +30,9 @@ jobs:
      pull-requests: write
      checks: write
    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: true
          ref: master
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -25,7 +25,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check and notify
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -75,14 +75,14 @@ jobs:
      issues: write
      id-token: write
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-          fetch-depth: 1
+    - name: Checkout repository
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      with:
+        persist-credentials: false
+        fetch-depth: 1

-      - name: Run Claude PR Action
-        uses: anthropics/claude-code-action@5fb899572b81d2bb648d4d187173a2f423a9677c # beta
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          timeout_minutes: "60"
+    - name: Run Claude PR Action
+      uses: anthropics/claude-code-action@5fb899572b81d2bb648d4d187173a2f423a9677c # beta
+      with:
+        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+        timeout_minutes: "60"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,7 +26,7 @@ jobs:
      frontend: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -57,13 +57,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -74,6 +74,6 @@ jobs:
          # queries: security-extended,security-and-quality

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: "Dependency Review"
@@ -51,7 +51,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -18,6 +18,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
+
  changes:
    runs-on: ubuntu-24.04
    timeout-minutes: 10
@@ -30,7 +31,7 @@ jobs:
      docker: ${{ steps.check.outputs.docker }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -70,8 +71,9 @@ jobs:
      IMAGE_TAG: apache/superset:GHA-${{ matrix.build_preset }}-${{ github.run_id }}

    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

@@ -145,7 +147,7 @@ jobs:
    timeout-minutes: 30
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Setup Docker Environment
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -33,13 +33,13 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-embedded-sdk/.nvmrc"
-          registry-url: "https://registry.npmjs.org"
+          node-version-file: './superset-embedded-sdk/.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm run ci:release
        env:
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -21,13 +21,13 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-embedded-sdk/.nvmrc"
-          registry-url: "https://registry.npmjs.org"
+          node-version-file: './superset-embedded-sdk/.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm test
      - run: npm run build
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -32,7 +32,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -18,6 +18,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
+
  validate-all-ghas:
    runs-on: ubuntu-24.04
    permissions:
@@ -27,14 +28,14 @@ jobs:
      security-events: write
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
-          node-version: "20"
+          node-version: '20'

      - name: Install Dependencies
        run: npm install -g @action-validator/core @action-validator/cli --save-dev
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -15,8 +15,9 @@ jobs:
      pull-requests: write
      issues: write
    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -11,29 +11,29 @@ jobs:
      contents: write

    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-          submodules: recursive
+    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      with:
+        persist-credentials: false
+        submodules: recursive

-      - name: Check for latest tag
-        id: latest-tag
-        env:
-          RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
-        run: |
-          source ./scripts/tag_latest_release.sh "$RELEASE_TAG_NAME" --dry-run
+    - name: Check for latest tag
+      id: latest-tag
+      env:
+        RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
+      run: |
+        source ./scripts/tag_latest_release.sh "$RELEASE_TAG_NAME" --dry-run

-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+    - name: Configure Git
+      run: |
+        git config user.name "$GITHUB_ACTOR"
+        git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

-      - name: Run latest-tag
-        uses: ./.github/actions/latest-tag
-        if: steps.latest-tag.outputs.SKIP_TAG != 'true'
-        with:
-          description: Superset latest release
-          tag-name: latest
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
+    - name: Run latest-tag
+      uses: ./.github/actions/latest-tag
+      if: steps.latest-tag.outputs.SKIP_TAG != 'true'
+      with:
+        description: Superset latest release
+        tag-name: latest
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -18,14 +18,14 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
-          distribution: "temurin"
-          java-version: "11"
+          distribution: 'temurin'
+          java-version: '11'
      - name: Run license check
        run: ./scripts/check_license.sh
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -21,7 +21,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -31,5 +31,6 @@ jobs:
          on-failed-regex-fail-action: true
          on-failed-regex-request-changes: false
          on-failed-regex-create-review: false
-          on-failed-regex-comment: "Please format your PR title to match: `%regex%`!"
+          on-failed-regex-comment:
+            "Please format your PR title to match: `%regex%`!"
          repo-token: "${{ github.token }}"
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -28,7 +28,7 @@ jobs:
        python-version: ${{ github.event_name == 'pull_request' && fromJSON('["current"]') || fromJSON('["current", "previous", "next"]') }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -48,9 +48,9 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version: "20"
-          cache: "npm"
-          cache-dependency-path: "superset-frontend/package-lock.json"
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: 'superset-frontend/package-lock.json'

      - name: Install Frontend Dependencies
        run: |
@@ -74,7 +74,7 @@ jobs:
        id: changed_files
        uses: ./.github/actions/file-changes-action
        with:
-          output: " "
+          output: ' '

      - name: pre-commit
        env:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,7 +33,7 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          # pulls all commits (needed for lerna / semantic release to correctly version)
@@ -52,7 +52,7 @@ jobs:
        if: env.HAS_TAGS
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
+          node-version-file: './superset-frontend/.nvmrc'

      - name: Cache npm
        if: env.HAS_TAGS
--- a/.github/workflows/showtime-trigger.yml
+++ b/.github/workflows/showtime-trigger.yml
@@ -10,11 +10,11 @@ on:
  workflow_dispatch:
    inputs:
      pr_number:
-        description: "PR number to sync"
+        description: 'PR number to sync'
        required: true
        type: number
      sha:
-        description: "Specific SHA to deploy (optional, defaults to latest)"
+        description: 'Specific SHA to deploy (optional, defaults to latest)'
        required: false
        type: string

@@ -152,7 +152,7 @@ jobs:

      - name: Checkout PR code (only if build needed)
        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ steps.check.outputs.target_sha }}
          persist-credentials: false
--- a/.github/workflows/superset-app-cli.yml
+++ b/.github/workflows/superset-app-cli.yml
@@ -41,7 +41,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -60,7 +60,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ github.event.workflow_run.head_sha || github.sha }}
          persist-credentials: false
@@ -68,13 +68,13 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./docs/.nvmrc"
+          node-version-file: './docs/.nvmrc'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
-          distribution: "zulu"
-          java-version: "21"
+          distribution: 'zulu'
+          java-version: '21'
      - name: Install Graphviz
        run: sudo apt-get install -y graphviz
      - name: Compute Entity Relationship diagram (ERD)
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -28,12 +28,12 @@ jobs:
    name: Link Checking
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      # Do not bump this linkinator-action version without opening
      # an ASF Infra ticket to allow the new version first!
-      - uses: JustinBeckwith/linkinator-action@af984b9f30f63e796ae2ea5be5e07cb587f1bbd9 # v2.3
+      - uses: JustinBeckwith/linkinator-action@af984b9f30f63e796ae2ea5be5e07cb587f1bbd9  # v2.3
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
          paths: "**/*.md, **/*.mdx"
@@ -73,14 +73,14 @@ jobs:
        working-directory: docs
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./docs/.nvmrc"
+          node-version-file: './docs/.nvmrc'
      - name: yarn install
        run: |
          yarn install --check-cache
@@ -112,7 +112,7 @@ jobs:
        working-directory: docs
    steps:
      - name: "Checkout PR head: ${{ github.event.workflow_run.head_sha }}"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ github.event.workflow_run.head_sha }}
          persist-credentials: false
@@ -120,7 +120,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./docs/.nvmrc"
+          node-version-file: './docs/.nvmrc'
      - name: yarn install
        run: |
          yarn install --check-cache
@@ -131,7 +131,7 @@ jobs:
          run_id: ${{ github.event.workflow_run.id }}
          name: database-diagnostics
          path: docs/src/data/
-          if_no_artifact_found: "warning"
+          if_no_artifact_found: 'warning'
      - name: Use fresh diagnostics
        run: |
          if [ -f "src/data/databases-diagnostics.json" ]; then
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -10,17 +10,17 @@ on:
  workflow_dispatch:
    inputs:
      use_dashboard:
-        description: "Use Cypress Dashboard (true/false) [paid service - trigger manually when needed]. You MUST provide a branch and/or PR number below for this to work."
+        description: 'Use Cypress Dashboard (true/false) [paid service - trigger manually when needed]. You MUST provide a branch and/or PR number below for this to work.'
        required: false
-        default: "false"
+        default: 'false'
      ref:
-        description: "The branch or tag to checkout"
+        description: 'The branch or tag to checkout'
        required: false
-        default: ""
+        default: ''
      pr_id:
-        description: "The pull request ID to checkout"
+        description: 'The pull request ID to checkout'
        required: false
-        default: ""
+        default: ''

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -38,7 +38,7 @@ jobs:
      frontend: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -97,21 +97,21 @@ jobs:
      # Conditional checkout based on context
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -130,9 +130,9 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
-          cache: "npm"
-          cache-dependency-path: "superset-frontend/package-lock.json"
+          node-version-file: './superset-frontend/.nvmrc'
+          cache: 'npm'
+          cache-dependency-path: 'superset-frontend/package-lock.json'
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
@@ -207,21 +207,21 @@ jobs:
      # Conditional checkout based on context (same as Cypress workflow)
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -240,9 +240,9 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
-          cache: "npm"
-          cache-dependency-path: "superset-frontend/package-lock.json"
+          node-version-file: './superset-frontend/.nvmrc'
+          cache: 'npm'
+          cache-dependency-path: 'superset-frontend/package-lock.json'
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-extensions-cli.yml
+++ b/.github/workflows/superset-extensions-cli.yml
@@ -31,7 +31,7 @@ jobs:
        working-directory: superset-extensions-cli
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -27,7 +27,7 @@ jobs:
      should-run: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout Code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -110,7 +110,7 @@ jobs:
      id-token: write
    steps:
      - name: Checkout Code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -33,7 +33,7 @@ jobs:
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
        with:
-          install-superset: "false"
+          install-superset: 'false'

      - name: Set up chart-testing
        uses: ./.github/actions/chart-testing-action
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -29,7 +29,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ inputs.ref || github.ref_name }}
          persist-credentials: true
--- a/.github/workflows/superset-playwright.yml
+++ b/.github/workflows/superset-playwright.yml
@@ -10,13 +10,13 @@ on:
  workflow_dispatch:
    inputs:
      ref:
-        description: "The branch or tag to checkout"
+        description: 'The branch or tag to checkout'
        required: false
-        default: ""
+        default: ''
      pr_id:
-        description: "The pull request ID to checkout"
+        description: 'The pull request ID to checkout'
        required: false
-        default: ""
+        default: ''

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -34,7 +34,7 @@ jobs:
      frontend: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -83,21 +83,21 @@ jobs:
      # Conditional checkout based on context (same as Cypress workflow)
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -116,9 +116,9 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
-          cache: "npm"
-          cache-dependency-path: "superset-frontend/package-lock.json"
+          node-version-file: './superset-frontend/.nvmrc'
+          cache: 'npm'
+          cache-dependency-path: 'superset-frontend/package-lock.json'
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -24,7 +24,7 @@ jobs:
      python: ${{ steps.check.outputs.python }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -67,7 +67,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -152,7 +152,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -202,7 +202,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -25,7 +25,7 @@ jobs:
      python: ${{ steps.check.outputs.python }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -72,7 +72,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -127,7 +127,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -25,7 +25,7 @@ jobs:
      python: ${{ steps.check.outputs.python }}
    steps:
      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Check for file changes
@@ -50,7 +50,7 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -25,7 +25,7 @@ jobs:
      pull-requests: read
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
@@ -40,9 +40,9 @@ jobs:
        if: steps.check.outputs.frontend
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
-          cache: "npm"
-          cache-dependency-path: "superset-frontend/package-lock.json"
+          node-version-file:  './superset-frontend/.nvmrc'
+          cache: 'npm'
+          cache-dependency-path: 'superset-frontend/package-lock.json'
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -61,7 +61,7 @@ jobs:
      pull-requests: read
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -25,7 +25,7 @@ jobs:
    timeout-minutes: 20
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - name: Install dependencies
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -9,7 +9,7 @@ on:
  workflow_dispatch:
    inputs:
      comment_body:
-        description: "Comment Body"
+        description: 'Comment Body'
        required: true
        type: string

@@ -38,7 +38,7 @@ jobs:
            });

      - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -16,11 +16,11 @@ on:
      force-latest:
        required: true
        type: choice
-        default: "false"
+        default: 'false'
        description: Whether to force a latest tag on the release
        options:
-          - "true"
-          - "false"
+          - 'true'
+          - 'false'
 permissions:
  contents: read

@@ -49,12 +49,12 @@ jobs:
      contents: write
    strategy:
      matrix:
-        build_preset:
-          ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
+        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
      fail-fast: false
    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -119,8 +119,9 @@ jobs:
      contents: read
      pull-requests: write
    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -32,14 +32,14 @@ jobs:
    name: Generate Reports
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version-file: "./superset-frontend/.nvmrc"
+          node-version-file: './superset-frontend/.nvmrc'

      - name: Install Dependencies
        run: npm ci
--- a/7
+++ b/7
@@ -55,13 +55,6 @@ WORKDIR /app/superset-frontend
 RUN mkdir -p /app/superset/static/assets \
             /app/superset/translations

-# Harden `npm ci` against transient npm-registry network blips (e.g. ECONNRESET),
-# which otherwise fail the entire multi-platform image build with no retry.
-ENV npm_config_fetch_retries=5 \
-    npm_config_fetch_retry_mintimeout=20000 \
-    npm_config_fetch_retry_maxtimeout=120000 \
-    npm_config_fetch_timeout=600000
-
 # Mount package files and install dependencies if not in dev mode
 # NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
 # ideally we'd COPY only their package.json. Here npm ci will be cached as long
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -44,32 +44,6 @@ The embedded dashboard page now validates the origin of incoming `postMessage` e

 Enforcement only applies when the Allowed Domains list is non-empty. If the list is empty (the default), any origin is accepted, so there is no behavior change for embeds that did not configure Allowed Domains.

-### Default guest/async JWT secrets are rejected at startup
-
-Superset already refuses to start in production (non-debug, non-testing) when `SECRET_KEY` is left at its built-in default, and when `GUEST_TOKEN_JWT_SECRET` is left at its default while `EMBEDDED_SUPERSET` is enabled. This behavior is extended to `GLOBAL_ASYNC_QUERIES_JWT_SECRET`: if the `GLOBAL_ASYNC_QUERIES` feature flag is enabled and the secret is still the publicly known default (`test-secret-change-me`), Superset logs a clear error and refuses to start.
-
-As with the existing `SECRET_KEY` check, this only fails in production. In debug mode, testing mode, or under the test runner, a warning is logged instead of exiting, so local development is unaffected.
-
-To resolve the error, set a strong random value in `superset_config.py`:
-
-```python
-GLOBAL_ASYNC_QUERIES_JWT_SECRET = "<output of: openssl rand -base64 42>"
-```
-
-The check is only active when the relevant feature is enabled, so deployments that do not use global async queries (or embedding) are not affected.
-
-### SMTP server certificate validation enabled by default
-
-`SMTP_SSL_SERVER_AUTH` now defaults to `True` (previously `False`). With this default, STARTTLS/SSL connections to the configured SMTP server validate the server's TLS certificate against the system trusted CA store. This makes outbound email (alerts and reports) verify the mail server's identity out of the box.
-
-If your SMTP server presents a self-signed certificate, or a certificate that is not trusted by the system CA store, email delivery may now fail with a certificate verification error. To restore the previous behavior of skipping certificate validation, set the following in `superset_config.py`:
-
-```python
-SMTP_SSL_SERVER_AUTH = False
-```
-
-The recommended fix is to add the SMTP server's certificate (or its issuing CA) to the system trust store rather than disabling validation.
-
 ### Dataset import validates catalog against the target connection

 Importing a dataset now validates the `catalog` field against the target database connection. When the connection has multi-catalog disabled (`allow_multi_catalog` off) and the dataset's catalog is not the connection's default catalog, the import fails instead of silently persisting the non-default catalog. This matches the validation already enforced on the dataset update path and prevents imported datasets from querying an unintended database.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,6 +34,7 @@ x-superset-volumes: &superset-volumes
  - superset_home:/app/superset_home
  - ./tests:/app/tests
  - superset_data:/app/data
+  - ./local_extensions:/app/local_extensions
 x-common-build: &common-build
  context: .
  target: ${SUPERSET_BUILD_TARGET:-dev} # can use `dev` (default) or `lean`
--- a/docker/docker-bootstrap.sh
+++ b/docker/docker-bootstrap.sh
@@ -96,7 +96,9 @@ case "${1}" in
        echo "  🔒 Werkzeug debugger disabled (set SUPERSET_DEBUG_ENABLED=true to enable)"
    fi

-    flask run -p $PORT --reload $DEBUGGER_FLAG --host=0.0.0.0 --exclude-patterns "*/node_modules/*:*/.venv/*:*/build/*:*/__pycache__/*:*/superset-frontend/*"
+    flask run -p $PORT --reload $DEBUGGER_FLAG --host=0.0.0.0 \
+      --extra-files "/app/superset/extensions/.reload_trigger" \
+      --exclude-patterns "*/node_modules/*:*/.venv/*:*/build/*:*/__pycache__/*:*/superset-frontend/*:*/superset/__init__.py"
    ;;
  app-gunicorn)
    echo "Starting web app..."
--- a/docs/package.json
+++ b/docs/package.json
@@ -101,7 +101,7 @@
    "@types/js-yaml": "^4.0.9",
    "@types/react": "^19.1.8",
    "@typescript-eslint/eslint-plugin": "^8.59.3",
-    "@typescript-eslint/parser": "^8.60.1",
+    "@typescript-eslint/parser": "^8.60.0",
    "eslint": "^9.39.2",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.5.6",
@@ -109,7 +109,7 @@
    "globals": "^17.6.0",
    "prettier": "^3.8.3",
    "typescript": "~6.0.3",
-    "typescript-eslint": "^8.60.1",
+    "typescript-eslint": "^8.60.0",
    "webpack": "^5.107.2"
  },
  "browserslist": {
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -4812,110 +4812,110 @@
  dependencies:
    "@types/yargs-parser" "*"

-"@typescript-eslint/eslint-plugin@8.60.1", "@typescript-eslint/eslint-plugin@^8.59.3":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.1.tgz#c1060bb8fa4be80624d3f3dec8dd9caca373af76"
-  integrity sha512-JQ4S5GB0tfjO8BuJ4fcX+HodkzJjYBV+7OJ+wLygaX7OGQ7FudyHL4NSCA6ob+w3Yn+5MkKIozOwQhXeM7opVg==
+"@typescript-eslint/eslint-plugin@8.60.0", "@typescript-eslint/eslint-plugin@^8.59.3":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz#8fc1e0a950c43270eaf0212dc060f7edaa42f9cf"
+  integrity sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==
  dependencies:
    "@eslint-community/regexpp" "^4.12.2"
-    "@typescript-eslint/scope-manager" "8.60.1"
-    "@typescript-eslint/type-utils" "8.60.1"
-    "@typescript-eslint/utils" "8.60.1"
-    "@typescript-eslint/visitor-keys" "8.60.1"
+    "@typescript-eslint/scope-manager" "8.60.0"
+    "@typescript-eslint/type-utils" "8.60.0"
+    "@typescript-eslint/utils" "8.60.0"
+    "@typescript-eslint/visitor-keys" "8.60.0"
    ignore "^7.0.5"
    natural-compare "^1.4.0"
    ts-api-utils "^2.5.0"

-"@typescript-eslint/parser@8.60.1", "@typescript-eslint/parser@^8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-8.60.1.tgz#a9d7f30850384d34b41f4687dd8944823c09e289"
-  integrity sha512-A0M6ua6H252bVjPvvtSgl2QA4+ET9S5Mtkb2GDyTxIhH/C4qDItT7RQNO5PhMC6NXGYXOR9dIalcDDgBKT7oFA==
+"@typescript-eslint/parser@8.60.0", "@typescript-eslint/parser@^8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-8.60.0.tgz#38d611b8e658cb10850d4975e8a175a222fbcd6a"
+  integrity sha512-fcqpj/MyK4sxDPcbe7STNPbpQL4RLZOPWuaTmwZYuc+hJKzRf58yRxfhqGpc6PIq9ZyfSBpfHgmUHmHs0KwHwg==
  dependencies:
-    "@typescript-eslint/scope-manager" "8.60.1"
-    "@typescript-eslint/types" "8.60.1"
-    "@typescript-eslint/typescript-estree" "8.60.1"
-    "@typescript-eslint/visitor-keys" "8.60.1"
+    "@typescript-eslint/scope-manager" "8.60.0"
+    "@typescript-eslint/types" "8.60.0"
+    "@typescript-eslint/typescript-estree" "8.60.0"
+    "@typescript-eslint/visitor-keys" "8.60.0"
    debug "^4.4.3"

-"@typescript-eslint/project-service@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/project-service/-/project-service-8.60.1.tgz#eb29712f58d72c222fc727162e92f2ab4670971b"
-  integrity sha512-eXkTH2bxmXlqD1RnOPmLZ9ZM9D3VwSx04JOwBnP9RQ+yUA5a2Mu7SfW8uaV2Aon53NJzZlZYuX7tn91Izf+xaw==
+"@typescript-eslint/project-service@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/project-service/-/project-service-8.60.0.tgz#b82ab12e64d005d0c7163d1240c432381f1bde0f"
+  integrity sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==
  dependencies:
-    "@typescript-eslint/tsconfig-utils" "^8.60.1"
-    "@typescript-eslint/types" "^8.60.1"
+    "@typescript-eslint/tsconfig-utils" "^8.60.0"
+    "@typescript-eslint/types" "^8.60.0"
    debug "^4.4.3"

-"@typescript-eslint/scope-manager@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-8.60.1.tgz#2f875962eaad0a0789cc3c36aea9b4ddeb2dd9c8"
-  integrity sha512-gvI5OQoptnxQnchOirukCuQ55svJSTuD/4k5+pC267xyBtYry748R9/c3tYUzb/iE6RZfllRz2lVulLCHkTm4w==
+"@typescript-eslint/scope-manager@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz#7617a4617c043fe235dcf066f9a40f106cfd2fd5"
+  integrity sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==
  dependencies:
-    "@typescript-eslint/types" "8.60.1"
-    "@typescript-eslint/visitor-keys" "8.60.1"
+    "@typescript-eslint/types" "8.60.0"
+    "@typescript-eslint/visitor-keys" "8.60.0"

-"@typescript-eslint/tsconfig-utils@8.60.1":
+"@typescript-eslint/tsconfig-utils@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz#3af78c48956227a407dea9626b8db8ca53f130d2"
+  integrity sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==
+
+"@typescript-eslint/tsconfig-utils@^8.60.0":
  version "8.60.1"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.1.tgz#bee8b942a13679a878101c9c74577d732062ed93"
  integrity sha512-nh8w4qAteiKuZu3pSSzG/yGKpw0OlkrKnzFmbVRenKaD4qc+7i1GrmZaLVkr8rk4uipiPGMOW4YsM6WmKZ5CvA==

-"@typescript-eslint/tsconfig-utils@^8.60.1":
-  version "8.61.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.61.0.tgz#05d6e3ff20001674ebcd22d03dac29ee448043ba"
-  integrity sha512-O5Amvdv9ztMpxpf+vmFULGG78IE6Qwdr3bCGvqwG4nwc9H2qXkOYJJnRbRHyMkQTjv1d03olqwwwzHLMqpFePQ==
-
-"@typescript-eslint/type-utils@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-8.60.1.tgz#1ae45f0f2a701354beea4a58c2161e40a5e3c379"
-  integrity sha512-sdwTrpjosW7ANQYJ39ZBF1ZyEMEGVB2UsikrserVM/30a/F1dTLnu9bGxEdosugyu5caigjLrR2qiD11asjI1A==
+"@typescript-eslint/type-utils@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz#6971a61bc4f3a1b2df45dcc14e26a43a88a4cb6a"
+  integrity sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==
  dependencies:
-    "@typescript-eslint/types" "8.60.1"
-    "@typescript-eslint/typescript-estree" "8.60.1"
-    "@typescript-eslint/utils" "8.60.1"
+    "@typescript-eslint/types" "8.60.0"
+    "@typescript-eslint/typescript-estree" "8.60.0"
+    "@typescript-eslint/utils" "8.60.0"
    debug "^4.4.3"
    ts-api-utils "^2.5.0"

-"@typescript-eslint/types@8.60.1":
+"@typescript-eslint/types@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-8.60.0.tgz#e77ad768e933263b1960b2fe79de75fe1cc6e7db"
+  integrity sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==
+
+"@typescript-eslint/types@^8.60.0":
  version "8.60.1"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-8.60.1.tgz#ccdc482ba9e17f9723a10ce240b5e67dad3046c4"
  integrity sha512-4h0tY8ppCkdCzcrl2YM5M3my0xsE1Tf8om3owEu5oPWmXwkKRmk0j0LGDzYBGUcAlesEbxBhazqu/K4cu3Ug7w==

-"@typescript-eslint/types@^8.60.1":
-  version "8.61.0"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-8.61.0.tgz#0ddb46e012a4288292950bdd253db42f278ce64d"
-  integrity sha512-9QTQpZ5Iin4CdIodfbDQFSeiSJKidgYJYug1P9CC2xWgUTvlmixViqDZNciMjwLBZyJnG4tGmPl97rVAFb1AJg==
-
-"@typescript-eslint/typescript-estree@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.1.tgz#016630b119228bf483ddc652703a6a038f3fdd74"
-  integrity sha512-alpRkfG8hlVE5kdJW2GkfgDgXxold3e8e4l6EnmhRmRLbekgAPCCGDVD++sABy9FcgPFroq+uFcCSM1vR57Cew==
+"@typescript-eslint/typescript-estree@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz#c102196a44414481190041c99eea1d854e66001b"
+  integrity sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==
  dependencies:
-    "@typescript-eslint/project-service" "8.60.1"
-    "@typescript-eslint/tsconfig-utils" "8.60.1"
-    "@typescript-eslint/types" "8.60.1"
-    "@typescript-eslint/visitor-keys" "8.60.1"
+    "@typescript-eslint/project-service" "8.60.0"
+    "@typescript-eslint/tsconfig-utils" "8.60.0"
+    "@typescript-eslint/types" "8.60.0"
+    "@typescript-eslint/visitor-keys" "8.60.0"
    debug "^4.4.3"
    minimatch "^10.2.2"
    semver "^7.7.3"
    tinyglobby "^0.2.15"
    ts-api-utils "^2.5.0"

-"@typescript-eslint/utils@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-8.60.1.tgz#31cf566095602d9fe8ad91837d2eb520b8de762b"
-  integrity sha512-h2MPBLoNtjc3qZWfY3Tl51yPorQ2McHn8pJfcMNTcIvrrZrr90Ykffit0yjrPFWQcRcUxzH20+6OcVdW4yHtUg==
+"@typescript-eslint/utils@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/utils/-/utils-8.60.0.tgz#6110cddaef87606ae4ca6f8bf81bb5949fc8e098"
+  integrity sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==
  dependencies:
    "@eslint-community/eslint-utils" "^4.9.1"
-    "@typescript-eslint/scope-manager" "8.60.1"
-    "@typescript-eslint/types" "8.60.1"
-    "@typescript-eslint/typescript-estree" "8.60.1"
+    "@typescript-eslint/scope-manager" "8.60.0"
+    "@typescript-eslint/types" "8.60.0"
+    "@typescript-eslint/typescript-estree" "8.60.0"

-"@typescript-eslint/visitor-keys@8.60.1":
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.1.tgz#165d1d8901137b944efaf18f00ab5ecb57f06995"
-  integrity sha512-EbGRQg4FhrmwLodl+t3JNAnXHWVr9Vp+Zl1QBZVPY4ByfkzIT8cX3K6QWODHtkIZqqJVEWvhHSx3v5PDHsaQag==
+"@typescript-eslint/visitor-keys@8.60.0":
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz#f2c41eedd3d7b03b808369fb2e3fb40a93783ec2"
+  integrity sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==
  dependencies:
-    "@typescript-eslint/types" "8.60.1"
+    "@typescript-eslint/types" "8.60.0"
    eslint-visitor-keys "^5.0.0"

 "@ungap/structured-clone@^1.0.0":
@@ -13490,9 +13490,9 @@ shebang-regex@^3.0.0:
  integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==

 shell-quote@^1.8.3:
-  version "1.8.4"
-  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.4.tgz#2edd9a4dcefc96649e2e2cb12f637b1f1d92a190"
-  integrity sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==
+  version "1.8.3"
+  resolved "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz"
+  integrity sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==

 shelljs@0.8.5:
  version "0.8.5"
@@ -14389,15 +14389,15 @@ types-ramda@^0.30.1:
  dependencies:
    ts-toolbelt "^9.6.0"

-typescript-eslint@^8.60.1:
-  version "8.60.1"
-  resolved "https://registry.yarnpkg.com/typescript-eslint/-/typescript-eslint-8.60.1.tgz#13db05c6eabb89669deec44545b788a0e9aee640"
-  integrity sha512-6m5hkkRAp8lKvhVpcprAIn5KkehQEh+47oHH2VGnExEh7dhNxXlg6GPAOIu6TxbVQxhebrJDvjl3020ooiWCMA==
+typescript-eslint@^8.60.0:
+  version "8.60.0"
+  resolved "https://registry.yarnpkg.com/typescript-eslint/-/typescript-eslint-8.60.0.tgz#6686fecb1f4f367c0bf0075828e93b7ecacbc62b"
+  integrity sha512-9f65qWLZdAW9m1JaxBDUHcqRUfL8bkxxXL7XxEfI+F09q56PkBvIfCjLF3yInsDM/BBmwkqmCQdCZe/RYlIWEw==
  dependencies:
-    "@typescript-eslint/eslint-plugin" "8.60.1"
-    "@typescript-eslint/parser" "8.60.1"
-    "@typescript-eslint/typescript-estree" "8.60.1"
-    "@typescript-eslint/utils" "8.60.1"
+    "@typescript-eslint/eslint-plugin" "8.60.0"
+    "@typescript-eslint/parser" "8.60.0"
+    "@typescript-eslint/typescript-estree" "8.60.0"
+    "@typescript-eslint/utils" "8.60.0"

 typescript@~6.0.3:
  version "6.0.3"
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -15,7 +15,7 @@
 # limitations under the License.
 #
 apiVersion: v2
-appVersion: "6.1.0"
+appVersion: "5.0.0"
 description: Apache Superset is a modern, enterprise-ready business intelligence web application
 name: superset
 icon: https://artifacthub.io/image/68c1d717-0e97-491f-b046-754e46f46922@2x
@@ -29,7 +29,7 @@ maintainers:
  - name: craig-rueda
    email: craig@craigrueda.com
    url: https://github.com/craig-rueda
-version: 0.16.0 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
+version: 0.15.5 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
 dependencies:
  - name: postgresql
    version: 16.7.27
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs

 # superset

-![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square)
+![Version: 0.15.5](https://img.shields.io/badge/Version-0.15.5-informational?style=flat-square)

 Apache Superset is a modern, enterprise-ready business intelligence web application

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -89,7 +89,7 @@ dependencies = [
    "python-dateutil",
    "python-dotenv", # optional dependencies for Flask but required for Superset, see https://flask.palletsprojects.com/en/stable/installation/#optional-dependencies
    "pygeohash",
-    "pyarrow>=24.0.0, <25", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
+    "pyarrow>=16.1.0, <21", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
    "pyyaml>=6.0.0, <7.0.0",
    "PyJWT>=2.4.0, <3.0",
    "redis>=5.0.0, <6.0",
@@ -447,7 +447,6 @@ requirement_txt_file = "requirements/base.txt"
 authorized_licenses = [
    "academic free license (afl)",
    "any-osi",
-    "apache-2.0",
    "apache license 2.0",
    "apache software",
    "apache software, bsd",
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -30,7 +30,7 @@ cryptography>=46.0.7,<47.0.0
 # Security: Snyk - XSS vulnerability in Mako templates
 mako>=1.3.11,<2.0.0
 # Security: CVE-2024-52338 (CRITICAL) - Deserialization of untrusted data in IPC/Parquet readers
-pyarrow>=24.0.0,<25.0.0
+pyarrow>=20.0.0,<21.0.0
 # Security: CVE-2026-27459 - pyopenssl certificate validation
 pyopenssl>=26.0.0,<27.0.0
 # Security: CVE-2026-25645 (MEDIUM) - Insecure Temporary File
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -294,7 +294,7 @@ prison==0.2.1
    # via flask-appbuilder
 prompt-toolkit==3.0.51
    # via click-repl
-pyarrow==24.0.0
+pyarrow==20.0.0
    # via
    #   -r requirements/base.in
    #   apache-superset (pyproject.toml)
--- a/requirements/development.txt
+++ b/requirements/development.txt
@@ -715,7 +715,7 @@ psycopg2-binary==2.9.12
    # via apache-superset
 py-key-value-aio==0.4.4
    # via fastmcp
-pyarrow==24.0.0
+pyarrow==20.0.0
    # via
    #   -c requirements/base-constraint.txt
    #   apache-superset
--- a/scripts/translations/babel_update.sh
+++ b/scripts/translations/babel_update.sh
@@ -55,21 +55,10 @@ msgcat --sort-by-msgid --no-wrap --no-location superset/translations/messages.po
 cat $LICENSE_TMP superset/translations/messages.pot > messages.pot.tmp \
  && mv messages.pot.tmp superset/translations/messages.pot

-# --no-fuzzy-matching: when a *new* source string is added, Babel's fuzzy
-# matcher otherwise guesses a "close" existing translation and marks it
-# `#, fuzzy` in every language catalog. Those guesses are (a) usually wrong
-# (e.g. a new "valuename" string mapped onto an unrelated "table name"
-# translation) and (b) counted by check_translation_regression.py as a
-# regression, so every PR that merely adds a translatable string failed the
-# babel-extract check. Disabling fuzzy matching means new strings land as
-# cleanly untranslated (empty msgstr) instead — accurate, and no spurious
-# regression. Renames likewise drop the stale translation rather than
-# stranding a wrong guess; the string is re-translated by the community.
 pybabel update \
  -i superset/translations/messages.pot \
  -d superset/translations \
-  --ignore-obsolete \
-  --no-fuzzy-matching
+  --ignore-obsolete

 # Chop off last blankline from po/pot files, see https://github.com/python-babel/babel/issues/799
 for file in $( find superset/translations/** );
--- a/scripts/translations/check_translation_regression.py
+++ b/scripts/translations/check_translation_regression.py
@@ -20,21 +20,20 @@ Check that source-code changes don't cause translation regressions.

 What counts as a regression
 ---------------------------
-A regression is an *existing translation that a source change invalidated*.
-The check keys on the **increase in fuzzy entries** rather than a drop in the
-translated count, because a count drop happens identically for a benign
-*deletion* and a real *rename*, so it cannot distinguish the two — whereas a
-``#, fuzzy`` marker unambiguously flags a stranded translation.
+A regression is an *existing translation that a source change invalidated* —
+i.e. a string was renamed/reworded so its committed translation no longer
+applies. ``babel_update.sh`` (``pybabel update --ignore-obsolete``) surfaces
+exactly these as **newly fuzzy** entries: the old translation is fuzzy-matched
+onto the new ``msgid`` and flagged ``#, fuzzy``.

-Note ``babel_update.sh`` runs ``pybabel update`` with ``--no-fuzzy-matching``,
-so *adding* (or renaming) a source string does **not** auto-generate a fuzzy
-guess against an unrelated existing translation — new strings land as cleanly
-untranslated (empty ``msgstr``). This deliberately avoids the prior behaviour
-where *every* PR that merely added a translatable string tripped this check on
-spurious fuzzies. As a result the check now guards against ``#, fuzzy`` entries
-that arrive another way — e.g. a committed ``.po`` edit — rather than ones the
-update step synthesises. *Deleting* a string is still not a regression: with
-``--ignore-obsolete`` it is simply dropped and no fuzzy is created.
+Crucially, *deleting* a translatable string is **not** a regression. With
+``--ignore-obsolete`` a removed string is dropped from the catalogs entirely;
+no fuzzy entry is created. So a PR that intentionally removes a string (e.g. a
+security fix that stops rendering a value) legitimately lowers the translated
+count without introducing any fuzzies, and must not be flagged. We therefore
+key the check on the **increase in fuzzy entries**, not on a drop in the
+translated count (a drop happens identically for a benign deletion and a real
+rename, so it cannot distinguish the two).

 Usage
 -----
--- a/superset-embedded-sdk/src/guestTokenRefresh.test.ts
+++ b/superset-embedded-sdk/src/guestTokenRefresh.test.ts
@@ -22,7 +22,6 @@ import {
  getGuestTokenRefreshTiming,
  MIN_REFRESH_WAIT_MS,
  DEFAULT_TOKEN_EXP_MS,
-  DEFAULT_TOKEN_REFRESH_RETRY_MS,
 } from "./guestTokenRefresh";

 describe("guest token refresh", () => {
@@ -94,11 +93,4 @@ describe("guest token refresh", () => {
    expect(timing).toBeGreaterThan(MIN_REFRESH_WAIT_MS);
    expect(timing).toBe(DEFAULT_TOKEN_EXP_MS - REFRESH_TIMING_BUFFER_MS);
  });
-
-  it("exposes a positive retry delay for failed token refreshes", () => {
-    // The refresh loop reschedules itself after this delay when a fetch
-    // fails or times out, so it must be a sane positive value.
-    expect(DEFAULT_TOKEN_REFRESH_RETRY_MS).toBe(10000);
-    expect(DEFAULT_TOKEN_REFRESH_RETRY_MS).toBeGreaterThan(0);
-  });
 });
--- a/superset-embedded-sdk/src/guestTokenRefresh.ts
+++ b/superset-embedded-sdk/src/guestTokenRefresh.ts
@@ -21,7 +21,6 @@ import { jwtDecode } from "jwt-decode";
 export const REFRESH_TIMING_BUFFER_MS = 5000 // refresh guest token early to avoid failed superset requests
 export const MIN_REFRESH_WAIT_MS = 10000 // avoid blasting requests as fast as the cpu can handle
 export const DEFAULT_TOKEN_EXP_MS = 300000 // (5 min) used only when parsing guest token exp fails
-export const DEFAULT_TOKEN_REFRESH_RETRY_MS = 10000 // wait before retrying a failed/timed-out token refresh

 // when do we refresh the guest token?
 export function getGuestTokenRefreshTiming(currentGuestToken: string) {
--- a/superset-embedded-sdk/src/index.ts
+++ b/superset-embedded-sdk/src/index.ts
@@ -24,11 +24,7 @@ import {

 // We can swap this out for the actual switchboard package once it gets published
 import { Switchboard } from '@superset-ui/switchboard';
-import {
-  getGuestTokenRefreshTiming,
-  DEFAULT_TOKEN_REFRESH_RETRY_MS,
-} from './guestTokenRefresh';
-import { withTimeout } from './withTimeout';
+import { getGuestTokenRefreshTiming } from './guestTokenRefresh';

 /**
 * The function to fetch a guest token from your Host App's backend server.
@@ -53,9 +49,6 @@ export type UiConfigType = {
  showRowLimitWarning?: boolean;
 };

-/** Default per-call timeout (ms) applied to the host `fetchGuestToken` callback. */
-const DEFAULT_GUEST_TOKEN_FETCH_TIMEOUT_MS = 30_000;
-
 export type EmbedDashboardParams = {
  /** The id provided by the embed configuration UI in Superset */
  id: string;
@@ -80,10 +73,6 @@ export type EmbedDashboardParams = {
  /** Callback to resolve permalink URLs. If provided, this will be called when generating permalinks
   * to allow the host app to customize the URL. If not provided, Superset's default URL is used. */
  resolvePermalinkUrl?: ResolvePermalinkUrlFn;
-  /** Timeout, in milliseconds, applied to each `fetchGuestToken` call so a host
-   * callback that never resolves cannot hang the embed/refresh cycle. Defaults
-   * to 30000ms. Set to 0 to disable the timeout. */
-  guestTokenFetchTimeoutMs?: number;
 };

 export type Size = {
@@ -138,7 +127,6 @@ export async function embedDashboard({
  iframeAllowExtras = [],
  referrerPolicy,
  resolvePermalinkUrl,
-  guestTokenFetchTimeoutMs = DEFAULT_GUEST_TOKEN_FETCH_TIMEOUT_MS,
 }: EmbedDashboardParams): Promise<EmbeddedDashboard> {
  function log(...info: unknown[]) {
    if (debug) {
@@ -146,16 +134,6 @@ export async function embedDashboard({
    }
  }

-  // Wrap the host-provided fetchGuestToken so a callback that never settles
-  // cannot hang the initial embed or a later refresh cycle.
-  function fetchGuestTokenWithTimeout(): Promise<string> {
-    return withTimeout(
-      fetchGuestToken(),
-      guestTokenFetchTimeoutMs,
-      'fetchGuestToken',
-    );
-  }
-
  log('embedding');

  if (supersetDomain.endsWith('/')) {
@@ -269,57 +247,21 @@ export async function embedDashboard({
    });
  }

-  let guestToken: string;
-  let ourPort: Switchboard;
-  try {
-    [guestToken, ourPort] = await Promise.all([
-      fetchGuestTokenWithTimeout(),
-      mountIframe(),
-    ]);
-  } catch (err) {
-    // If the initial token fetch (or timeout) rejects after the iframe has
-    // already been mounted, tear down the partially initialized iframe so the
-    // host isn't left with an orphaned embedded dashboard before rethrowing.
-    //@ts-ignore
-    mountPoint.replaceChildren();
-    throw err;
-  }
+  const [guestToken, ourPort]: [string, Switchboard] = await Promise.all([
+    fetchGuestToken(),
+    mountIframe(),
+  ]);

  ourPort.emit('guestToken', { guestToken });
  log('sent guest token');

-  // Track the pending refresh timer so it can be cancelled on unmount, and
-  // stop the cycle once unmounted so it cannot leak across mount/unmount cycles.
-  let refreshTimer: ReturnType<typeof setTimeout> | undefined;
-  let unmounted = false;
-
  async function refreshGuestToken() {
-    if (unmounted) return;
-    try {
-      const newGuestToken = await fetchGuestTokenWithTimeout();
-      if (unmounted) return;
-      ourPort.emit('guestToken', { guestToken: newGuestToken });
-      refreshTimer = setTimeout(
-        refreshGuestToken,
-        getGuestTokenRefreshTiming(newGuestToken),
-      );
-    } catch (err) {
-      // A transient fetch failure or timeout must not permanently stop the
-      // refresh cycle. Log it and retry so the session can recover once the
-      // host callback succeeds again.
-      log('failed to refresh guest token, will retry:', err);
-      if (unmounted) return;
-      refreshTimer = setTimeout(
-        refreshGuestToken,
-        DEFAULT_TOKEN_REFRESH_RETRY_MS,
-      );
-    }
+    const newGuestToken = await fetchGuestToken();
+    ourPort.emit('guestToken', { guestToken: newGuestToken });
+    setTimeout(refreshGuestToken, getGuestTokenRefreshTiming(newGuestToken));
  }

-  refreshTimer = setTimeout(
-    refreshGuestToken,
-    getGuestTokenRefreshTiming(guestToken),
-  );
+  setTimeout(refreshGuestToken, getGuestTokenRefreshTiming(guestToken));

  // Register the resolvePermalinkUrl method for the iframe to call
  // Returns null if no callback provided or on error, allowing iframe to use default URL
@@ -341,11 +283,6 @@ export async function embedDashboard({

  function unmount() {
    log('unmounting');
-    unmounted = true;
-    if (refreshTimer !== undefined) {
-      clearTimeout(refreshTimer);
-      refreshTimer = undefined;
-    }
    //@ts-ignore
    mountPoint.replaceChildren();
  }
--- a/superset-embedded-sdk/src/withTimeout.test.ts
+++ b/superset-embedded-sdk/src/withTimeout.test.ts
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import { withTimeout } from "./withTimeout";
-
-test("resolves with the value when the promise settles in time", async () => {
-  await expect(withTimeout(Promise.resolve("ok"), 1000, "fetch")).resolves.toBe(
-    "ok"
-  );
-});
-
-test("rejects when the promise does not settle within the timeout", async () => {
-  const never = new Promise<string>(() => {});
-  await expect(withTimeout(never, 10, "fetch")).rejects.toThrow(
-    /fetch did not resolve within 10ms/
-  );
-});
-
-test("passes the promise through unchanged when the timeout is disabled", async () => {
-  await expect(withTimeout(Promise.resolve("ok"), 0, "fetch")).resolves.toBe(
-    "ok"
-  );
-});
--- a/superset-embedded-sdk/src/withTimeout.ts
+++ b/superset-embedded-sdk/src/withTimeout.ts
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * Rejects if `promise` does not settle within `ms` milliseconds. A non-positive
- * `ms` disables the timeout and returns the promise unchanged. The timer is
- * always cleared so it cannot keep the event loop alive.
- */
-export function withTimeout<T>(
-  promise: Promise<T>,
-  ms: number,
-  label: string,
-): Promise<T> {
-  if (!ms || ms <= 0) {
-    return promise;
-  }
-  let timer: ReturnType<typeof setTimeout>;
-  const timeout = new Promise<never>((_resolve, reject) => {
-    timer = setTimeout(
-      () => reject(new Error(`${label} did not resolve within ${ms}ms`)),
-      ms,
-    );
-  });
-  return Promise.race([promise, timeout]).finally(() =>
-    clearTimeout(timer),
-  ) as Promise<T>;
-}
--- a/superset-extensions-cli/src/superset_extensions_cli/cli.py
+++ b/superset-extensions-cli/src/superset_extensions_cli/cli.py
@@ -226,7 +226,7 @@ def copy_frontend_dist(cwd: Path) -> str:
 def copy_backend_files(cwd: Path) -> None:
    """Copy backend files based on pyproject.toml build configuration (validation already passed)."""
    dist_dir = cwd / "dist"
-    backend_dir = (cwd / "backend").resolve()
+    backend_dir = cwd / "backend"

    # Read build config from pyproject.toml
    pyproject = read_toml(backend_dir / "pyproject.toml")
@@ -239,31 +239,11 @@ def copy_backend_files(cwd: Path) -> None:

    # Process include patterns
    for pattern in include_patterns:
-        # Include patterns are only meant to select files within the backend
-        # directory. Reject absolute patterns or ones that walk outside it via
-        # parent ("..") components before handing them to glob().
-        pattern_parts = Path(pattern).parts
-        if Path(pattern).is_absolute() or ".." in pattern_parts:
-            raise click.ClickException(
-                f"Invalid include pattern {pattern!r}: patterns must be "
-                "relative to the backend directory and may not contain '..'."
-            )
        for f in backend_dir.glob(pattern):
            if not f.is_file():
                continue

-            # Defense in depth: confirm the matched file resolves to a location
-            # inside the backend directory before copying it into the bundle.
-            resolved = f.resolve()
-            if not resolved.is_relative_to(backend_dir):
-                raise click.ClickException(
-                    f"Refusing to copy {f}: resolved path is outside the "
-                    f"backend directory {backend_dir}."
-                )
-
-            # Use the matched path (not the resolved target) for the bundle
-            # layout and exclude evaluation so symlinked files are staged at
-            # their configured path rather than their symlink target.
+            # Check exclude patterns
            relative_path = f.relative_to(backend_dir)
            should_exclude = any(
                relative_path.match(excl_pattern) for excl_pattern in exclude_patterns
--- a/superset-extensions-cli/tests/test_cli_build.py
+++ b/superset-extensions-cli/tests/test_cli_build.py
@@ -20,7 +20,6 @@ from __future__ import annotations
 import json
 from unittest.mock import Mock, patch

-import click
 import pytest
 from superset_extensions_cli.cli import (
    app,
@@ -626,155 +625,6 @@ exclude = []
    )


-@pytest.mark.unit
-def test_copy_backend_files_supports_legitimate_nested_patterns(isolated_filesystem):
-    """Test copy_backend_files copies deeply nested files via recursive globs."""
-    backend_dir = isolated_filesystem / "backend"
-    nested = backend_dir / "src" / "test_org" / "test_ext" / "deep" / "deeper"
-    nested.mkdir(parents=True)
-    (nested / "module.py").write_text("# nested module")
-
-    pyproject_content = """[project]
-name = "test_org-test_ext"
-version = "1.0.0"
-license = "Apache-2.0"
-
-[tool.apache_superset_extensions.build]
-include = [
-    "src/test_org/test_ext/**/*.py",
-]
-exclude = []
-"""
-    (backend_dir / "pyproject.toml").write_text(pyproject_content)
-
-    extension_data = {
-        "publisher": "test-org",
-        "name": "test-ext",
-        "displayName": "Test Extension",
-        "version": "1.0.0",
-        "permissions": [],
-    }
-    (isolated_filesystem / "extension.json").write_text(json.dumps(extension_data))
-
-    clean_dist(isolated_filesystem)
-    copy_backend_files(isolated_filesystem)
-
-    dist_dir = isolated_filesystem / "dist"
-    assert_file_exists(
-        dist_dir
-        / "backend"
-        / "src"
-        / "test_org"
-        / "test_ext"
-        / "deep"
-        / "deeper"
-        / "module.py"
-    )
-
-
-@pytest.mark.unit
-@pytest.mark.parametrize(
-    "bad_pattern",
-    [
-        "../../.ssh/*",
-        "../config",
-        "src/../../secret.txt",
-        "/etc/passwd",
-    ],
-)
-def test_copy_backend_files_rejects_patterns_escaping_backend_dir(
-    isolated_filesystem, bad_pattern
-):
-    """Test copy_backend_files refuses include patterns that escape backend_dir."""
-    # Create a sensitive file outside the backend directory.
-    (isolated_filesystem / "secret.txt").write_text("SECRET")
-    (isolated_filesystem / "config").write_text("SECRET")
-
-    backend_dir = isolated_filesystem / "backend"
-    backend_src = backend_dir / "src" / "test_org" / "test_ext"
-    backend_src.mkdir(parents=True)
-    (backend_src / "__init__.py").write_text("# init")
-
-    pyproject_content = f"""[project]
-name = "test_org-test_ext"
-version = "1.0.0"
-license = "Apache-2.0"
-
-[tool.apache_superset_extensions.build]
-include = [
-    "{bad_pattern}",
-]
-exclude = []
-"""
-    (backend_dir / "pyproject.toml").write_text(pyproject_content)
-
-    extension_data = {
-        "publisher": "test-org",
-        "name": "test-ext",
-        "displayName": "Test Extension",
-        "version": "1.0.0",
-        "permissions": [],
-    }
-    (isolated_filesystem / "extension.json").write_text(json.dumps(extension_data))
-
-    clean_dist(isolated_filesystem)
-
-    with pytest.raises(click.ClickException):
-        copy_backend_files(isolated_filesystem)
-
-    # Nothing outside the backend directory should have been staged into dist,
-    # including paths reachable via ".." from inside dist/backend.
-    dist_dir = isolated_filesystem / "dist"
-    assert not (dist_dir / "secret.txt").exists()
-    assert not (dist_dir / "config").exists()
-
-
-@pytest.mark.unit
-def test_copy_backend_files_stages_symlink_at_matched_path(isolated_filesystem):
-    """Symlinked files inside backend are staged at the matched path, not the target."""
-    backend_dir = isolated_filesystem / "backend"
-    target_dir = backend_dir / "src" / "common"
-    target_dir.mkdir(parents=True)
-    (target_dir / "module.py").write_text("# shared module")
-
-    link_dir = backend_dir / "src" / "test_org" / "test_ext" / "common"
-    link_dir.mkdir(parents=True)
-    link = link_dir / "module.py"
-    link.symlink_to(target_dir / "module.py")
-
-    pyproject_content = """[project]
-name = "test_org-test_ext"
-version = "1.0.0"
-license = "Apache-2.0"
-
-[tool.apache_superset_extensions.build]
-include = [
-    "src/test_org/test_ext/**/*.py",
-]
-exclude = []
-"""
-    (backend_dir / "pyproject.toml").write_text(pyproject_content)
-
-    extension_data = {
-        "publisher": "test-org",
-        "name": "test-ext",
-        "displayName": "Test Extension",
-        "version": "1.0.0",
-        "permissions": [],
-    }
-    (isolated_filesystem / "extension.json").write_text(json.dumps(extension_data))
-
-    clean_dist(isolated_filesystem)
-    copy_backend_files(isolated_filesystem)
-
-    dist_dir = isolated_filesystem / "dist"
-    # Staged at the configured (symlink) path, not the resolved target path.
-    assert_file_exists(
-        dist_dir / "backend" / "src" / "test_org" / "test_ext" / "common" / "module.py"
-    )
-    assert not (dist_dir / "backend" / "src" / "common" / "module.py").exists()
-
-
 # Removed obsolete tests:
 # - test_copy_backend_files_handles_no_backend_config: This scenario can't happen since copy_backend_files is only called when backend exists
 # - test_copy_backend_files_exits_when_extension_json_missing: Validation catches this before copy_backend_files is called
--- a/superset-frontend/cypress-base/cypress/e2e/dashboard/actions.test.js
+++ b/superset-frontend/cypress-base/cypress/e2e/dashboard/actions.test.js
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { SAMPLE_DASHBOARD_1 } from 'cypress/utils/urls';
+import { interceptFav, interceptUnfav } from './utils';
+
+describe('Dashboard actions', () => {
+  beforeEach(() => {
+    cy.createSampleDashboards([0]);
+    cy.visit(SAMPLE_DASHBOARD_1);
+  });
+  it('should allow to favorite/unfavorite dashboard', () => {
+    interceptFav();
+    interceptUnfav();
+
+    // Find and click StarOutlined (adds to favorites)
+    cy.getBySel('dashboard-header-container')
+      .find("[aria-label='unstarred']")
+      .as('starIconOutlined')
+      .should('exist')
+      .click();
+
+    cy.wait('@select');
+
+    // After clicking, StarFilled should appear
+    cy.getBySel('dashboard-header-container')
+      .find("[aria-label='starred']")
+      .as('starIconFilled')
+      .should('exist');
+
+    // Verify the color of the filled star (gold)
+    cy.get('@starIconFilled')
+      .should('have.css', 'color')
+      .and('eq', 'rgb(252, 199, 0)');
+
+    // Click on StarFilled (removes from favorites)
+    cy.get('@starIconFilled').click();
+
+    cy.wait('@unselect');
+
+    // After clicking, StarOutlined should reappear
+    cy.getBySel('dashboard-header-container')
+      .find("[aria-label='unstarred']")
+      .as('starIconOutlinedAfter')
+      .should('exist');
+
+    // Verify the color of the outlined star (gray)
+    cy.get('@starIconOutlinedAfter')
+      .should('have.css', 'color')
+      .and('eq', 'rgba(0, 0, 0, 0.45)');
+  });
+});
--- a/superset-frontend/cypress-base/cypress/e2e/dashboard/utils.ts
+++ b/superset-frontend/cypress-base/cypress/e2e/dashboard/utils.ts
@@ -160,6 +160,18 @@ export function interceptLog() {
  cy.intercept('**/superset/log/?explode=events&dashboard_id=*').as('logs');
 }

+export function interceptFav() {
+  cy.intercept({ url: `**/api/v1/dashboard/*/favorites/`, method: 'POST' }).as(
+    'select',
+  );
+}
+
+export function interceptUnfav() {
+  cy.intercept({ url: `**/api/v1/dashboard/*/favorites/`, method: 'POST' }).as(
+    'unselect',
+  );
+}
+
 export function interceptDataset() {
  cy.intercept('GET', `**/api/v1/dataset/*`).as('getDataset');
 }
--- a/superset-frontend/package-lock.json
+++ b/superset-frontend/package-lock.json
@@ -223,7 +223,7 @@
        "@types/rison": "0.1.0",
        "@types/tinycolor2": "^1.4.3",
        "@types/unzipper": "^0.10.11",
-        "@typescript-eslint/eslint-plugin": "^8.60.1",
+        "@typescript-eslint/eslint-plugin": "^8.60.0",
        "@typescript-eslint/parser": "^8.59.4",
        "babel-jest": "^30.4.1",
        "babel-loader": "^10.1.1",
@@ -232,7 +232,7 @@
        "babel-plugin-lodash": "^3.3.4",
        "baseline-browser-mapping": "^2.10.33",
        "cheerio": "1.2.0",
-        "concurrently": "^10.0.3",
+        "concurrently": "^10.0.0",
        "copy-webpack-plugin": "^14.0.0",
        "cross-env": "^10.1.0",
        "css-loader": "^7.1.4",
@@ -240,7 +240,7 @@
        "eslint": "^8.56.0",
        "eslint-config-prettier": "^7.2.0",
        "eslint-import-resolver-alias": "^1.1.2",
-        "eslint-import-resolver-typescript": "^4.4.5",
+        "eslint-import-resolver-typescript": "^4.4.4",
        "eslint-plugin-cypress": "^3.6.0",
        "eslint-plugin-i18n-strings": "file:eslint-rules/eslint-plugin-i18n-strings",
        "eslint-plugin-icons": "file:eslint-rules/eslint-plugin-icons",
@@ -270,7 +270,7 @@
        "lightningcss": "^1.32.0",
        "mini-css-extract-plugin": "^2.10.2",
        "open-cli": "^9.0.0",
-        "oxlint": "^1.68.0",
+        "oxlint": "^1.67.0",
        "po2json": "^0.4.5",
        "prettier": "3.8.3",
        "prettier-plugin-packagejson": "^3.0.2",
@@ -8700,9 +8700,9 @@
      "license": "MIT"
    },
    "node_modules/@oxlint/binding-android-arm-eabi": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-android-arm-eabi/-/binding-android-arm-eabi-1.68.0.tgz",
-      "integrity": "sha512-wEdsIspexXLLMCPAEOcCuFLMt6aE3AzTuA/nQKLPRnoJ+EQTturmGheDkhHuuVHx0GbutjQ3JKmEn+Gz6Ag28Q==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-android-arm-eabi/-/binding-android-arm-eabi-1.67.0.tgz",
+      "integrity": "sha512-VrSi571rDv1N8HaEDM+DEX8nmT0y9jJo8tzzW13vsOWTx59xQczCIJx68n2zWOXRT5YKZsOZXp4qkHN/10x4mw==",
      "cpu": [
        "arm"
      ],
@@ -8717,9 +8717,9 @@
      }
    },
    "node_modules/@oxlint/binding-android-arm64": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-android-arm64/-/binding-android-arm64-1.68.0.tgz",
-      "integrity": "sha512-6aZRNNXQTsYtgaus8HTb9nuCcsrQTlKXGnktwvwW0n/SooRWNxNb3925grDkC63aEYZuCIyOVLV16IdYIoC2aQ==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-android-arm64/-/binding-android-arm64-1.67.0.tgz",
+      "integrity": "sha512-l6+NdYxMoRohix5r5bbigW16LPicceCwGcQ6LKKuE1kUdjgFfQolJjrJsQYPFetIs78Gxj/G/f5TEGoTCwj9nQ==",
      "cpu": [
        "arm64"
      ],
@@ -8734,9 +8734,9 @@
      }
    },
    "node_modules/@oxlint/binding-darwin-arm64": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-darwin-arm64/-/binding-darwin-arm64-1.68.0.tgz",
-      "integrity": "sha512-lVTbsE3kO4bLpZELgjRZuAJc8kP98wb83yMXWH8gaPaFZ+cM2IDeZto4ByoUAYj0Mxv2rvw+A1ssZequSepVSg==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-darwin-arm64/-/binding-darwin-arm64-1.67.0.tgz",
+      "integrity": "sha512-jOzXxS1AxFxhImLIRbtGIMrEwaXcgMw3gR57WB1cRk8ai+vpr6726kxXqVvlNsrXtJ/FrmOm8RxlC0m8SW24Qg==",
      "cpu": [
        "arm64"
      ],
@@ -8751,9 +8751,9 @@
      }
    },
    "node_modules/@oxlint/binding-darwin-x64": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-darwin-x64/-/binding-darwin-x64-1.68.0.tgz",
-      "integrity": "sha512-nCmw2XrmQskjBUh/sfP5yKs93V68LijQgjd1cuuZ/q4SCARngLYs60/qqyzuMsg8QQ9KArDI98hxs/RDGE4KRQ==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-darwin-x64/-/binding-darwin-x64-1.67.0.tgz",
+      "integrity": "sha512-3DFAVY94OqjIZHXIPz37yGRSWwOFTAqChQ64/M69GYLawzP0KiwdhDNfqdKKYT0bTR/DNxmMnQsj3ns+8+X/Lg==",
      "cpu": [
        "x64"
      ],
@@ -8768,9 +8768,9 @@
      }
    },
    "node_modules/@oxlint/binding-freebsd-x64": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-freebsd-x64/-/binding-freebsd-x64-1.68.0.tgz",
-      "integrity": "sha512-TI4ovQJliYE9V6e06cEv+qEI9uj7Ao65fmif4er4HD+aouyYyh0P31q2jh3KtqsOHHcQqv2PZ61TjJFLpBDGWQ==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-freebsd-x64/-/binding-freebsd-x64-1.67.0.tgz",
+      "integrity": "sha512-e4dDKZuLu8TR9DEBssWSDahlPgZBwojTTHZUvnjBRJfJJbpxYCjfjKfi0Z1+CSLMiJBwI2yCDtRM1XJQaARjmg==",
      "cpu": [
        "x64"
      ],
@@ -8785,9 +8785,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-arm-gnueabihf": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.68.0.tgz",
-      "integrity": "sha512-LcNnEi9g71Cmry5ZpLbKT+oVv+/zYG3hYVAbBBB5X85nOQZSk8l92CnDkxJMcxUg0NCnMCOFZuaVDlMyv4tYJw==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.67.0.tgz",
+      "integrity": "sha512-BKytFdcQzbITV3xlnzDUDTEDtbUMCCiC4EaNTDZ4FyT8gdNvBC4gfiLucXp/sQl0XU3p7syTlorUWVVVBZab2g==",
      "cpu": [
        "arm"
      ],
@@ -8802,9 +8802,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-arm-musleabihf": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-1.68.0.tgz",
-      "integrity": "sha512-OovHahL3FX4UaK+hgSf11llUx2vszqjSdQQ61Ck9InOEI/ptZoC4XSQJurITqItVvd53JSlmkLMeaNjM1PoQew==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-1.67.0.tgz",
+      "integrity": "sha512-XYAv0esBDX7BpTzRDjVX2Vdj+zndd8ll2dFQiaeQ6zTZr7A8GRDTN7fH3FP3jU+O0vCDx85oH/EtG7BzPgAXuw==",
      "cpu": [
        "arm"
      ],
@@ -8819,9 +8819,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-arm64-gnu": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.68.0.tgz",
-      "integrity": "sha512-YbzTglnHLzzi9zv5or8Ztz5fykAoZE8W9iM42/bOrF4HBSB6rJTqdLQWuoP76EHQw9DuKl76K1QmFlG29sPJXQ==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.67.0.tgz",
+      "integrity": "sha512-zizRMjA0i6u/2B0evgda04iycu+MoNuf1pBy6Eh+1CjC5wMEG7qN5zdDKTCvFc0KSYSDM9QTG3gjZHirgtQuKg==",
      "cpu": [
        "arm64"
      ],
@@ -8836,9 +8836,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-arm64-musl": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.68.0.tgz",
-      "integrity": "sha512-qVKtCZNic+OoNnOr/hCQAu22HSQzflI7Fsq/Blzkw02SnLuv163k3kfmrVpZjSBlUHgsRKj6WgQiw30d3SX02Q==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.67.0.tgz",
+      "integrity": "sha512-zB/Tf6sUjmmvvbva9Gj3JTJ8rJ9t4I8/U0o6vSRtd0DRIsIuyegBwJAzhSUFQHdMijIRJkW0exs/yBhpw2S20w==",
      "cpu": [
        "arm64"
      ],
@@ -8853,9 +8853,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-ppc64-gnu": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.68.0.tgz",
-      "integrity": "sha512-zExyZ8ZOUuAyQ0y9jpTcyjKUz62YY9JhKPyVxzvjTpXzZ3ujdqiVwfPWDdnA1SsIOrxdtxHn7KErDHLWskFjXg==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.67.0.tgz",
+      "integrity": "sha512-kgU40Gt74CK0TCsF51KZymkIwN9U0BajKsMijB52zPqOeZU9NAHkA/NSQkZDHEaCakx42DxhXkODiAqf2b4Gug==",
      "cpu": [
        "ppc64"
      ],
@@ -8870,9 +8870,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-riscv64-gnu": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-1.68.0.tgz",
-      "integrity": "sha512-6C4MPuwewyDavA7sxM14wzgRi5GGL68HPIxRCdVyS75U4MDbpFVYzKO9WNR6KLKTMPq2pcz3THwo1sK2uiqngw==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-1.67.0.tgz",
+      "integrity": "sha512-tOYhkk/iaG9aD3FvGpBFd1Lrw0x0RaVoJBxjUkfNzS50rC5NS5BteNCwgr8A2zCdADrIIoze6D7u6U5Ic++/iQ==",
      "cpu": [
        "riscv64"
      ],
@@ -8887,9 +8887,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-riscv64-musl": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-1.68.0.tgz",
-      "integrity": "sha512-bnZooVeHAcvA+dH0EDLgx+7HY/DRi6e0hFszg3P+OBatuUjV6EvfIyNIzWOusmqAVh4L6r21GGTZtiKE4iqM4Q==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-1.67.0.tgz",
+      "integrity": "sha512-sEtywrPb+0b+tHYl1SDCrw903fiC4eyKoNqzP3v+f2JT3Xcv4NEYG+P8rj+eEnX7IWhqV/xj8/JmcmVj21CXaA==",
      "cpu": [
        "riscv64"
      ],
@@ -8904,9 +8904,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-s390x-gnu": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.68.0.tgz",
-      "integrity": "sha512-dIqnZnJSmHCMOUpUcWQOiV14o3DDPVx1DSsMaSzvdhNjC1tB1iEPZbdiMSCIEYbkgbsYznHXWqFdKL8WUB3F8g==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.67.0.tgz",
+      "integrity": "sha512-BvR8Moa0zCLxroOx4vZaZN9nUfwAUpSTwjZdxZyKy4bv3PrzrXrxKR/ZQ0L9wNSvlPhnMJeZfa3q5w6ZCTuN6Q==",
      "cpu": [
        "s390x"
      ],
@@ -8921,9 +8921,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-x64-gnu": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.68.0.tgz",
-      "integrity": "sha512-zc9lEnfV/HreDTY6gdMlZe+irkwHSxQ4/B1pS9GyK7RVaA5LxhoZY/w6/o2vIwLLEYiXQ5ujGxOM1ZazeFAAIA==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.67.0.tgz",
+      "integrity": "sha512-mm2cxM6fksOpq6l0uFws8BUGKAR4dNa/cZCn37Npq7PFbhD5HDJqWfnoIvTaeRKMy5XdS2tO0MA0qbHDrnXAAA==",
      "cpu": [
        "x64"
      ],
@@ -8938,9 +8938,9 @@
      }
    },
    "node_modules/@oxlint/binding-linux-x64-musl": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-x64-musl/-/binding-linux-x64-musl-1.68.0.tgz",
-      "integrity": "sha512-Dl5QEX0TCo/40Cdh1o1JdPS//+YiWqjC+Hrrya5OQmStZZr4svAFtdlqcpCrU9yq2Mo3vRVyO9B3h0dzD8s36Q==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-linux-x64-musl/-/binding-linux-x64-musl-1.67.0.tgz",
+      "integrity": "sha512-WmbMuLapKyDlobMkXAaAL0Y+Uczh4LETfIfQsUpbId4Ip8Ai82/jqeYTOoUCkuuhBFapgqP253+d83tLKOksJg==",
      "cpu": [
        "x64"
      ],
@@ -8955,9 +8955,9 @@
      }
    },
    "node_modules/@oxlint/binding-openharmony-arm64": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-openharmony-arm64/-/binding-openharmony-arm64-1.68.0.tgz",
-      "integrity": "sha512-/qy6dOvi4S3/LeXq0l5BT5pRKPYA7oj3uKwJOAZOr5HRLL+HK6jdBynvWuXIA2wwfE01RzNYmbBdM7vwYx00sA==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-openharmony-arm64/-/binding-openharmony-arm64-1.67.0.tgz",
+      "integrity": "sha512-9g/PqxYJelzzTAOR5Y+RiRqdeydhEuXv2KxNeFcAKQ7UsvnWSY1OP4MsuPMbTO2Pf70tz7mFhl1j13H3fyh+8g==",
      "cpu": [
        "arm64"
      ],
@@ -8972,9 +8972,9 @@
      }
    },
    "node_modules/@oxlint/binding-win32-arm64-msvc": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.68.0.tgz",
-      "integrity": "sha512-fHNtVqPHSYE7UFDSLVFUjxQjnSVXxseNJmRW+XuP4pXXDwePdPda43NL7/BBCFTxHjycOc44JNDaOPtFDNui9A==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.67.0.tgz",
+      "integrity": "sha512-2VhwE6Gatb0vJGnN0TBuQMbKCOiZlSQ/zJvVWYLK4a9d4iDiJOen/yVQkGpmsJ90MuH66fzi0kEKI0jRQMDxGA==",
      "cpu": [
        "arm64"
      ],
@@ -8989,9 +8989,9 @@
      }
    },
    "node_modules/@oxlint/binding-win32-ia32-msvc": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.68.0.tgz",
-      "integrity": "sha512-NnKXr4Wgo4nps3erhrE0f8shBvBPZMHg72nDsvX0JyrRvsNiP3f1JNvbCKh+A6VFvpF7ZoJxu904P3cKMhvZnA==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.67.0.tgz",
+      "integrity": "sha512-EQ3VExXfeM1InbE5+JjufhZZTWy+kHUwgt3yZR7gQ47Je/mE0WspQPan0OJznh493L5anM210YNJtH1PXjTSFg==",
      "cpu": [
        "ia32"
      ],
@@ -9006,9 +9006,9 @@
      }
    },
    "node_modules/@oxlint/binding-win32-x64-msvc": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.68.0.tgz",
-      "integrity": "sha512-zg5pA+84AlU6XHJ3ruiRxziO71QTrz8nLsk6u01JGS5+tL9/bnlakFiklFrcy4R1/V7ktWtaNitN3JZWmKnf6g==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/@oxlint/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.67.0.tgz",
+      "integrity": "sha512-bw24y+/1MHS4QDkons3YyHkPT9uCMoLHHgQhb+mb8NOjTYwub1CZ+K9Ngr8aO5DMrDrkqHwTzlTwFP2vS8Y/ZQ==",
      "cpu": [
        "x64"
      ],
@@ -14158,17 +14158,17 @@
      "license": "MIT"
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.1.tgz",
-      "integrity": "sha512-JQ4S5GB0tfjO8BuJ4fcX+HodkzJjYBV+7OJ+wLygaX7OGQ7FudyHL4NSCA6ob+w3Yn+5MkKIozOwQhXeM7opVg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz",
+      "integrity": "sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/type-utils": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/type-utils": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
        "ts-api-utils": "^2.5.0"
@@ -14181,20 +14181,20 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "@typescript-eslint/parser": "^8.60.1",
+        "@typescript-eslint/parser": "^8.60.0",
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/project-service": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.1.tgz",
-      "integrity": "sha512-eXkTH2bxmXlqD1RnOPmLZ9ZM9D3VwSx04JOwBnP9RQ+yUA5a2Mu7SfW8uaV2Aon53NJzZlZYuX7tn91Izf+xaw==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz",
+      "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.60.1",
-        "@typescript-eslint/types": "^8.60.1",
+        "@typescript-eslint/tsconfig-utils": "^8.60.0",
+        "@typescript-eslint/types": "^8.60.0",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -14209,14 +14209,14 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.1.tgz",
-      "integrity": "sha512-gvI5OQoptnxQnchOirukCuQ55svJSTuD/4k5+pC267xyBtYry748R9/c3tYUzb/iE6RZfllRz2lVulLCHkTm4w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz",
+      "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1"
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -14227,9 +14227,9 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.1.tgz",
-      "integrity": "sha512-nh8w4qAteiKuZu3pSSzG/yGKpw0OlkrKnzFmbVRenKaD4qc+7i1GrmZaLVkr8rk4uipiPGMOW4YsM6WmKZ5CvA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz",
+      "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -14244,9 +14244,9 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.1.tgz",
-      "integrity": "sha512-4h0tY8ppCkdCzcrl2YM5M3my0xsE1Tf8om3owEu5oPWmXwkKRmk0j0LGDzYBGUcAlesEbxBhazqu/K4cu3Ug7w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz",
+      "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -14258,16 +14258,16 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.1.tgz",
-      "integrity": "sha512-alpRkfG8hlVE5kdJW2GkfgDgXxold3e8e4l6EnmhRmRLbekgAPCCGDVD++sABy9FcgPFroq+uFcCSM1vR57Cew==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz",
+      "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.60.1",
-        "@typescript-eslint/tsconfig-utils": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/project-service": "8.60.0",
+        "@typescript-eslint/tsconfig-utils": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
@@ -14286,16 +14286,16 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.1.tgz",
-      "integrity": "sha512-h2MPBLoNtjc3qZWfY3Tl51yPorQ2McHn8pJfcMNTcIvrrZrr90Ykffit0yjrPFWQcRcUxzH20+6OcVdW4yHtUg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz",
+      "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1"
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -14310,13 +14310,13 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.1.tgz",
-      "integrity": "sha512-EbGRQg4FhrmwLodl+t3JNAnXHWVr9Vp+Zl1QBZVPY4ByfkzIT8cX3K6QWODHtkIZqqJVEWvhHSx3v5PDHsaQag==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz",
+      "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -14655,15 +14655,15 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.1.tgz",
-      "integrity": "sha512-sdwTrpjosW7ANQYJ39ZBF1ZyEMEGVB2UsikrserVM/30a/F1dTLnu9bGxEdosugyu5caigjLrR2qiD11asjI1A==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz",
+      "integrity": "sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
        "debug": "^4.4.3",
        "ts-api-utils": "^2.5.0"
      },
@@ -14680,14 +14680,14 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/project-service": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.1.tgz",
-      "integrity": "sha512-eXkTH2bxmXlqD1RnOPmLZ9ZM9D3VwSx04JOwBnP9RQ+yUA5a2Mu7SfW8uaV2Aon53NJzZlZYuX7tn91Izf+xaw==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz",
+      "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.60.1",
-        "@typescript-eslint/types": "^8.60.1",
+        "@typescript-eslint/tsconfig-utils": "^8.60.0",
+        "@typescript-eslint/types": "^8.60.0",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -14702,14 +14702,14 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.1.tgz",
-      "integrity": "sha512-gvI5OQoptnxQnchOirukCuQ55svJSTuD/4k5+pC267xyBtYry748R9/c3tYUzb/iE6RZfllRz2lVulLCHkTm4w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz",
+      "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1"
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -14720,9 +14720,9 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.1.tgz",
-      "integrity": "sha512-nh8w4qAteiKuZu3pSSzG/yGKpw0OlkrKnzFmbVRenKaD4qc+7i1GrmZaLVkr8rk4uipiPGMOW4YsM6WmKZ5CvA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz",
+      "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -14737,9 +14737,9 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.1.tgz",
-      "integrity": "sha512-4h0tY8ppCkdCzcrl2YM5M3my0xsE1Tf8om3owEu5oPWmXwkKRmk0j0LGDzYBGUcAlesEbxBhazqu/K4cu3Ug7w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz",
+      "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -14751,16 +14751,16 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.1.tgz",
-      "integrity": "sha512-alpRkfG8hlVE5kdJW2GkfgDgXxold3e8e4l6EnmhRmRLbekgAPCCGDVD++sABy9FcgPFroq+uFcCSM1vR57Cew==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz",
+      "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.60.1",
-        "@typescript-eslint/tsconfig-utils": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/project-service": "8.60.0",
+        "@typescript-eslint/tsconfig-utils": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
@@ -14779,16 +14779,16 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.1.tgz",
-      "integrity": "sha512-h2MPBLoNtjc3qZWfY3Tl51yPorQ2McHn8pJfcMNTcIvrrZrr90Ykffit0yjrPFWQcRcUxzH20+6OcVdW4yHtUg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz",
+      "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1"
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -14803,13 +14803,13 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.1.tgz",
-      "integrity": "sha512-EbGRQg4FhrmwLodl+t3JNAnXHWVr9Vp+Zl1QBZVPY4ByfkzIT8cX3K6QWODHtkIZqqJVEWvhHSx3v5PDHsaQag==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz",
+      "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -18865,9 +18865,9 @@
      }
    },
    "node_modules/concurrently": {
-      "version": "10.0.3",
-      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-10.0.3.tgz",
-      "integrity": "sha512-hc3LH4UaKWd/bbyDK/IGVa4RB6PtQ3CUYwtrkzqHn+wIG3Hr5fhpRlk0L/gCa8ZE1L/Ufj50Zho69cI5w8SQBA==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-10.0.0.tgz",
+      "integrity": "sha512-DRrk10z3sVPpguNe8od2cGNqZGqbT15rwAnxD4dG3b78mdNNb/gJyr8T834Oj518WcBmTktrt4FhdwZn09ZWSg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -22390,9 +22390,9 @@
      }
    },
    "node_modules/eslint-import-resolver-typescript": {
-      "version": "4.4.5",
-      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-4.4.5.tgz",
-      "integrity": "sha512-nbE5XLph6TLtGYcu/U6e6ZVXyKBhbDWK5cLGk76eJ7NdZpwf1P9EFkpt1Z01mNZNrrilsAYWKH6zUkL4reoXbw==",
+      "version": "4.4.4",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-4.4.4.tgz",
+      "integrity": "sha512-1iM2zeBvrYmUNTj2vSC/90JTHDth+dfOfiNKkxApWRsTJYNrc8rOdxxIf5vazX+BiAXTeOT0UvWpGI/7qIWQOw==",
      "dev": true,
      "license": "ISC",
      "dependencies": {
@@ -37446,9 +37446,9 @@
      }
    },
    "node_modules/oxlint": {
-      "version": "1.68.0",
-      "resolved": "https://registry.npmjs.org/oxlint/-/oxlint-1.68.0.tgz",
-      "integrity": "sha512-dXcbq+xsmLrMy6T8d0euf3IYUfLmjHIE11pOxiUSi5LHkFZaYPv568R6sEjcavVpUxoaQe66UBuK4HEi74NxpA==",
+      "version": "1.67.0",
+      "resolved": "https://registry.npmjs.org/oxlint/-/oxlint-1.67.0.tgz",
+      "integrity": "sha512-blwwaHPdoH8piQ5/z0KHeoHFR7FZgl12WluKJfu4qFLPkZl6mK04PkLE45Fw1NxfBRSlh40Gu7MkxHUw++ociQ==",
      "dev": true,
      "license": "MIT",
      "bin": {
@@ -37461,25 +37461,25 @@
        "url": "https://github.com/sponsors/Boshen"
      },
      "optionalDependencies": {
-        "@oxlint/binding-android-arm-eabi": "1.68.0",
-        "@oxlint/binding-android-arm64": "1.68.0",
-        "@oxlint/binding-darwin-arm64": "1.68.0",
-        "@oxlint/binding-darwin-x64": "1.68.0",
-        "@oxlint/binding-freebsd-x64": "1.68.0",
-        "@oxlint/binding-linux-arm-gnueabihf": "1.68.0",
-        "@oxlint/binding-linux-arm-musleabihf": "1.68.0",
-        "@oxlint/binding-linux-arm64-gnu": "1.68.0",
-        "@oxlint/binding-linux-arm64-musl": "1.68.0",
-        "@oxlint/binding-linux-ppc64-gnu": "1.68.0",
-        "@oxlint/binding-linux-riscv64-gnu": "1.68.0",
-        "@oxlint/binding-linux-riscv64-musl": "1.68.0",
-        "@oxlint/binding-linux-s390x-gnu": "1.68.0",
-        "@oxlint/binding-linux-x64-gnu": "1.68.0",
-        "@oxlint/binding-linux-x64-musl": "1.68.0",
-        "@oxlint/binding-openharmony-arm64": "1.68.0",
-        "@oxlint/binding-win32-arm64-msvc": "1.68.0",
-        "@oxlint/binding-win32-ia32-msvc": "1.68.0",
-        "@oxlint/binding-win32-x64-msvc": "1.68.0"
+        "@oxlint/binding-android-arm-eabi": "1.67.0",
+        "@oxlint/binding-android-arm64": "1.67.0",
+        "@oxlint/binding-darwin-arm64": "1.67.0",
+        "@oxlint/binding-darwin-x64": "1.67.0",
+        "@oxlint/binding-freebsd-x64": "1.67.0",
+        "@oxlint/binding-linux-arm-gnueabihf": "1.67.0",
+        "@oxlint/binding-linux-arm-musleabihf": "1.67.0",
+        "@oxlint/binding-linux-arm64-gnu": "1.67.0",
+        "@oxlint/binding-linux-arm64-musl": "1.67.0",
+        "@oxlint/binding-linux-ppc64-gnu": "1.67.0",
+        "@oxlint/binding-linux-riscv64-gnu": "1.67.0",
+        "@oxlint/binding-linux-riscv64-musl": "1.67.0",
+        "@oxlint/binding-linux-s390x-gnu": "1.67.0",
+        "@oxlint/binding-linux-x64-gnu": "1.67.0",
+        "@oxlint/binding-linux-x64-musl": "1.67.0",
+        "@oxlint/binding-openharmony-arm64": "1.67.0",
+        "@oxlint/binding-win32-arm64-msvc": "1.67.0",
+        "@oxlint/binding-win32-ia32-msvc": "1.67.0",
+        "@oxlint/binding-win32-x64-msvc": "1.67.0"
      },
      "peerDependencies": {
        "oxlint-tsgolint": ">=0.22.1",
@@ -49354,7 +49354,7 @@
        "react-js-cron": "^5.2.0",
        "react-markdown": "^8.0.7",
        "react-resize-detector": "^7.1.2",
-        "react-syntax-highlighter": "^16.1.1",
+        "react-syntax-highlighter": "^16.1.0",
        "react-ultimate-pagination": "^1.3.2",
        "regenerator-runtime": "^0.14.1",
        "rehype-raw": "^7.0.0",
@@ -49610,7 +49610,7 @@
      "dependencies": {
        "d3": "^3.5.17",
        "prop-types": "^15.8.1",
-        "react": "^19.2.7"
+        "react": "^19.2.6"
      },
      "peerDependencies": {
        "@apache-superset/core": "*",
@@ -49619,9 +49619,9 @@
      }
    },
    "plugins/legacy-plugin-chart-chord/node_modules/react": {
-      "version": "19.2.7",
-      "resolved": "https://registry.npmjs.org/react/-/react-19.2.7.tgz",
-      "integrity": "sha512-HNe9WslTbXmFK8o8cmwgAeJFSBvt1bPdHCVKtaaV+WlAN36mpT4hcRpwbf3fY56ar2oIXzsBpOAiIRHAdY0OlQ==",
+      "version": "19.2.6",
+      "resolved": "https://registry.npmjs.org/react/-/react-19.2.6.tgz",
+      "integrity": "sha512-sfWGGfavi0xr8Pg0sVsyHMAOziVYKgPLNrS7ig+ivMNb3wbCBw3KxtflsGBAwD3gYQlE/AEZsTLgToRrSCjb0Q==",
      "license": "MIT",
      "engines": {
        "node": ">=0.10.0"
--- a/superset-frontend/package.json
+++ b/superset-frontend/package.json
@@ -306,7 +306,7 @@
    "@types/rison": "0.1.0",
    "@types/tinycolor2": "^1.4.3",
    "@types/unzipper": "^0.10.11",
-    "@typescript-eslint/eslint-plugin": "^8.60.1",
+    "@typescript-eslint/eslint-plugin": "^8.60.0",
    "@typescript-eslint/parser": "^8.59.4",
    "babel-jest": "^30.4.1",
    "babel-loader": "^10.1.1",
@@ -315,7 +315,7 @@
    "babel-plugin-lodash": "^3.3.4",
    "baseline-browser-mapping": "^2.10.33",
    "cheerio": "1.2.0",
-    "concurrently": "^10.0.3",
+    "concurrently": "^10.0.0",
    "copy-webpack-plugin": "^14.0.0",
    "cross-env": "^10.1.0",
    "css-loader": "^7.1.4",
@@ -323,7 +323,7 @@
    "eslint": "^8.56.0",
    "eslint-config-prettier": "^7.2.0",
    "eslint-import-resolver-alias": "^1.1.2",
-    "eslint-import-resolver-typescript": "^4.4.5",
+    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-cypress": "^3.6.0",
    "eslint-plugin-i18n-strings": "file:eslint-rules/eslint-plugin-i18n-strings",
    "eslint-plugin-icons": "file:eslint-rules/eslint-plugin-icons",
@@ -353,7 +353,7 @@
    "lightningcss": "^1.32.0",
    "mini-css-extract-plugin": "^2.10.2",
    "open-cli": "^9.0.0",
-    "oxlint": "^1.68.0",
+    "oxlint": "^1.67.0",
    "po2json": "^0.4.5",
    "prettier": "3.8.3",
    "prettier-plugin-packagejson": "^3.0.2",
--- a/superset-frontend/packages/superset-core/src/theme/types.ts
+++ b/superset-frontend/packages/superset-core/src/theme/types.ts
@@ -508,12 +508,6 @@ export interface ThemeContextType {
  clearLocalOverrides: () => void;
  getCurrentCrudThemeId: () => string | null;
  hasDevOverride: () => boolean;
-  /**
-   * True when an explicit theme config override is active (e.g. supplied via
-   * the Embedded SDK). Such an override takes precedence over a
-   * dashboard-level theme.
-   */
-  hasThemeConfigOverride: boolean;
  canSetMode: () => boolean;
  canSetTheme: () => boolean;
  canDetectOSPreference: () => boolean;
--- a/superset-frontend/packages/superset-ui-chart-controls/src/shared-controls/matrixifyControls.tsx
+++ b/superset-frontend/packages/superset-ui-chart-controls/src/shared-controls/matrixifyControls.tsx
@@ -118,6 +118,7 @@ const matrixifyControls: Record<string, SharedControlConfig<any>> = {};
    description: t(`Select dimension and values`),
    default: { dimension: '', values: [] },
    validators: [], // No validation - rely on visibility
+    renderTrigger: true,
    tabOverride: 'matrixify',
    shouldMapStateToProps: (prevState, state) => {
      // Recalculate when any relevant form_data field changes
--- a/superset-frontend/packages/superset-ui-core/src/chart/components/reactify.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/chart/components/reactify.tsx
@@ -17,20 +17,8 @@
 * under the License.
 */

-import {
-  forwardRef,
-  useEffect,
-  useImperativeHandle,
-  useLayoutEffect,
-  useRef,
-} from 'react';
-import type {
-  ComponentType,
-  WeakValidationMap,
-  ForwardRefExoticComponent,
-  PropsWithoutRef,
-  RefAttributes,
-} from 'react';
+// eslint-disable-next-line no-restricted-syntax -- whole React import is required for `reactify.test.tsx` Jest test passing.
+import { Component, ComponentClass, WeakValidationMap } from 'react';

 // TODO: Note that id and className can collide between Props and ReactifyProps
 // leading to (likely) unexpected behaviors. We should either require Props to not
@@ -61,103 +49,66 @@ export interface RenderFuncType<Props> {
  propTypes?: WeakValidationMap<Props & ReactifyProps>;
 }

-export interface ReactifiedComponentRef {
-  container?: HTMLDivElement;
-}
-
-export type ReactifiedComponent<Props> = ForwardRefExoticComponent<
-  PropsWithoutRef<Props & ReactifyProps> & RefAttributes<ReactifiedComponentRef>
->;
-
-// Return the widest public type that covers "use it as a React component" so
-// TypeScript JSX callers and `ComponentType<...>`-typed variables still compile;
-// callers with explicit `ComponentClass<...>` annotations must widen to
-// `ComponentType`. Those wanting the forwardRef surface can narrow to
-// `ReactifiedComponent<Props>` explicitly.
 export default function reactify<Props extends object>(
  renderFn: RenderFuncType<Props>,
  callbacks?: LifeCycleCallbacks,
-): ComponentType<Props & ReactifyProps> {
-  const ReactifiedComponent = forwardRef<
-    ReactifiedComponentRef,
-    Props & ReactifyProps
-  >(function ReactifiedComponent(props, ref) {
-    const containerRef = useRef<HTMLDivElement>(null);
-    // Keep the latest props available to the unmount callback — legacy
-    // consumers read values off `this.props` (e.g. ReactNVD3 uses id).
-    // Update the ref in a layout effect rather than during render so the
-    // assignment only happens for committed renders (safe under Concurrent
-    // Mode) and is in place before the passive unmount effect reads it.
-    const propsRef = useRef(props);
-    useLayoutEffect(() => {
-      propsRef.current = props;
-    });
+): ComponentClass<Props & ReactifyProps> {
+  class ReactifiedComponent extends Component<Props & ReactifyProps> {
+    container?: HTMLDivElement;

-    // Expose container via ref for external access
-    useImperativeHandle(
-      ref,
-      () => ({
-        get container() {
-          return containerRef.current ?? undefined;
-        },
-      }),
-      [],
-    );
+    constructor(props: Props & ReactifyProps) {
+      super(props);
+      this.setContainerRef = this.setContainerRef.bind(this);
+    }

-    // Execute renderFn on mount and every update (mimics componentDidMount + componentDidUpdate)
-    useEffect(() => {
-      if (containerRef.current) {
-        // `forwardRef` widens the props parameter to `PropsWithoutRef<...>`,
-        // which TypeScript can't narrow back to `Props & ReactifyProps` when
-        // `Props` is a generic `object`. The values are identical at runtime,
-        // so assert the original prop shape for `renderFn`.
-        renderFn(
-          containerRef.current,
-          props as Readonly<Props & ReactifyProps>,
-        );
+    componentDidMount() {
+      this.execute();
+    }
+
+    componentDidUpdate() {
+      this.execute();
+    }
+
+    componentWillUnmount() {
+      this.container = undefined;
+      if (callbacks?.componentWillUnmount) {
+        callbacks.componentWillUnmount.bind(this)();
      }
-    });
+    }

-    // Cleanup on unmount
-    useEffect(
-      () => () => {
-        if (callbacks?.componentWillUnmount) {
-          // Preserve legacy behavior where `this` was a component instance
-          // exposing `props`. The class version cleared `this.container`
-          // before invoking componentWillUnmount, so mirror that here to
-          // prevent callbacks from touching a DOM node that's being torn
-          // down.
-          callbacks.componentWillUnmount.call({
-            container: undefined,
-            props: propsRef.current,
-          });
-        }
-      },
-      [],
-    );
+    setContainerRef(ref: HTMLDivElement) {
+      this.container = ref;
+    }

-    const { id, className } = props;
+    execute() {
+      if (this.container) {
+        renderFn(this.container, this.props);
+      }
+    }

-    return <div ref={containerRef} id={id} className={className} />;
-  });
+    render() {
+      const { id, className } = this.props;

-  if (renderFn.displayName) {
-    ReactifiedComponent.displayName = renderFn.displayName;
+      return <div ref={this.setContainerRef} id={id} className={className} />;
+    }
  }

-  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- forwardRef static field types don't line up with renderFn's validator types
-  const result = ReactifiedComponent as any;
+  const ReactifiedClass: ComponentClass<Props & ReactifyProps> =
+    ReactifiedComponent;

+  if (renderFn.displayName) {
+    ReactifiedClass.displayName = renderFn.displayName;
+  }
+  // eslint-disable-next-line react/forbid-foreign-prop-types
  if (renderFn.propTypes) {
-    result.propTypes = {
-      ...result.propTypes,
+    ReactifiedClass.propTypes = {
+      ...ReactifiedClass.propTypes,
      ...renderFn.propTypes,
    };
  }
-
  if (renderFn.defaultProps) {
-    result.defaultProps = renderFn.defaultProps;
+    ReactifiedClass.defaultProps = renderFn.defaultProps;
  }

-  return result as unknown as ComponentType<Props & ReactifyProps>;
+  return ReactifiedComponent;
 }
--- a/superset-frontend/packages/superset-ui-core/src/components/Modal/Modal.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/components/Modal/Modal.tsx
@@ -369,7 +369,7 @@ const CustomModal = ({
        resizable || draggable ? (
          <Draggable
            disabled={!draggable || dragDisabled}
-            bounds={bounds ?? false}
+            bounds={bounds}
            onStart={(event, uiData) => onDragStart(event, uiData)}
            {...draggableConfig}
          >
--- a/superset-frontend/packages/superset-ui-core/src/components/Modal/types.ts
+++ b/superset-frontend/packages/superset-ui-core/src/components/Modal/types.ts
@@ -47,7 +47,7 @@ export interface ModalProps {
  resizable?: boolean;
  resizableConfig?: ResizableProps;
  draggable?: boolean;
-  draggableConfig?: Partial<DraggableProps>;
+  draggableConfig?: DraggableProps;
  destroyOnHidden?: boolean;
  maskClosable?: boolean;
  zIndex?: number;
--- a/superset-frontend/packages/superset-ui-core/test/chart/components/reactify.test.tsx
+++ b/superset-frontend/packages/superset-ui-core/test/chart/components/reactify.test.tsx
@@ -19,9 +19,9 @@

 import '@testing-library/jest-dom';
 import PropTypes from 'prop-types';
-import { useEffect, useState } from 'react';
+import { PureComponent } from 'react';
 import { reactify } from '@superset-ui/core';
-import { render, screen, waitFor } from '@testing-library/react';
+import { render, screen } from '@testing-library/react';
 import { RenderFuncType } from '../../../src/chart/components/reactify';

 describe('reactify(renderFn)', () => {
@@ -52,41 +52,48 @@ describe('reactify(renderFn)', () => {
    componentWillUnmount: willUnmountCb,
  });

-  function TestComponent() {
-    const [content, setContent] = useState('abc');
+  class TestComponent extends PureComponent<{}, { content: string }> {
+    constructor(props = {}) {
+      super(props);
+      this.state = { content: 'abc' };
+    }

-    useEffect(() => {
-      const timer = setTimeout(() => {
-        setContent('def');
+    componentDidMount() {
+      setTimeout(() => {
+        this.setState({ content: 'def' });
      }, 10);
-      return () => clearTimeout(timer);
-    }, []);
+    }

-    return <TheChart id="test" content={content} />;
+    render() {
+      const { content } = this.state;
+
+      return <TheChart id="test" content={content} />;
+    }
  }

-  function AnotherTestComponent() {
-    return <TheChartWithWillUnmountHook id="another_test" />;
+  class AnotherTestComponent extends PureComponent<{}, {}> {
+    render() {
+      return <TheChartWithWillUnmountHook id="another_test" />;
+    }
  }

-  beforeEach(() => {
-    (renderFn as jest.Mock).mockClear();
-    willUnmountCb.mockClear();
-  });
+  test('returns a React component class', () =>
+    new Promise(done => {
+      render(<TestComponent />);

-  test('returns a React component and re-renders on prop changes', async () => {
-    render(<TestComponent />);
-
-    expect(renderFn).toHaveBeenCalledTimes(1);
-    expect(screen.getByText('abc')).toBeInTheDocument();
-    expect(screen.getByText('abc').parentNode).toHaveAttribute('id', 'test');
-
-    await waitFor(() => {
-      expect(screen.getByText('def')).toBeInTheDocument();
-    });
-    expect(screen.getByText('def').parentNode).toHaveAttribute('id', 'test');
-    expect(renderFn).toHaveBeenCalledTimes(2);
-  });
+      expect(renderFn).toHaveBeenCalledTimes(1);
+      expect(screen.getByText('abc')).toBeInTheDocument();
+      expect(screen.getByText('abc').parentNode).toHaveAttribute('id', 'test');
+      setTimeout(() => {
+        expect(renderFn).toHaveBeenCalledTimes(2);
+        expect(screen.getByText('def')).toBeInTheDocument();
+        expect(screen.getByText('def').parentNode).toHaveAttribute(
+          'id',
+          'test',
+        );
+        done(undefined);
+      }, 20);
+    }));
  describe('displayName', () => {
    test('has displayName if renderFn.displayName is defined', () => {
      expect(TheChart.displayName).toEqual('BoldText');
@@ -119,16 +126,20 @@ describe('reactify(renderFn)', () => {
      expect(AnotherChart.defaultProps).toBeUndefined();
    });
  });
-  test('calls renderFn when container is set', () => {
+  test('does not try to render if not mounted', () => {
    const anotherRenderFn = jest.fn();
-    const AnotherChart = reactify(anotherRenderFn);
-    const { unmount } = render(<AnotherChart id="test" />);
-    expect(anotherRenderFn).toHaveBeenCalled();
-    unmount();
-  });
-  test('calls willUnmount hook when it is provided', () => {
-    const { unmount } = render(<AnotherTestComponent />);
-    unmount();
-    expect(willUnmountCb).toHaveBeenCalledTimes(1);
+    const AnotherChart = reactify(anotherRenderFn); // enables valid new AnotherChart() call
+    // @ts-expect-error
+    new AnotherChart({ id: 'test' }).execute();
+    expect(anotherRenderFn).not.toHaveBeenCalled();
  });
+  test('calls willUnmount hook when it is provided', () =>
+    new Promise(done => {
+      const { unmount } = render(<AnotherTestComponent />);
+      setTimeout(() => {
+        unmount();
+        expect(willUnmountCb).toHaveBeenCalledTimes(1);
+        done(undefined);
+      }, 20);
+    }));
 });
--- a/superset-frontend/playwright/tests/dashboard/mixed-chart-dashboard-filters.spec.ts
+++ b/superset-frontend/playwright/tests/dashboard/mixed-chart-dashboard-filters.spec.ts
@@ -1,203 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * Regression for #29519: a dashboard-level filter that is in scope for a Mixed
- * (mixed_timeseries) chart should apply to BOTH of the chart's queries — Query
- * A and Query B — not just Query A.
- *
- * A Mixed chart issues a single query context with two queries
- * (queries[0] = A, queries[1] = B). This test creates a Mixed chart, puts it on
- * a dashboard behind a native filter scoped to the chart, loads the dashboard,
- * and inspects the outgoing POST /api/v1/chart/data payload to assert the filter
- * is present in both queries.
- *
- * CI green => both queries inherit the dashboard filter (contract holds);
- *             merging closes #29519 and guards against regressions.
- * CI red   => Query B dropped the filter; the bug is live in the Mixed chart
- *             query-building path (plugin-chart-echarts/src/MixedTimeseries).
- */
-import { testWithAssets, expect } from '../../helpers/fixtures';
-import { apiPost, apiPut } from '../../helpers/api/requests';
-import { apiPostDashboard } from '../../helpers/api/dashboard';
-import { DashboardPage } from '../../pages/DashboardPage';
-
-const DATASET_NAME = 'birth_names';
-const FILTER_COLUMN = 'gender';
-const FILTER_VALUE = 'boy';
-
-async function findDatasetIdByName(page: any, name: string): Promise<number> {
-  const query = `(filters:!((col:table_name,opr:eq,value:'${name}')))`;
-  const resp = await page.request.get(`api/v1/dataset/?q=${query}`);
-  const body = await resp.json();
-  if (!body.result?.length) {
-    throw new Error(`Dataset ${name} not found`);
-  }
-  return body.result[0].id;
-}
-
-testWithAssets(
-  'Mixed chart applies dashboard filter to both queries (#29519)',
-  async ({ page, testAssets }) => {
-    const datasetId = await findDatasetIdByName(page, DATASET_NAME);
-
-    const chartParams = {
-      datasource: `${datasetId}__table`,
-      viz_type: 'mixed_timeseries',
-      x_axis: 'ds',
-      time_grain_sqla: 'P1Y',
-      metrics: ['count'],
-      groupby: [],
-      adhoc_filters: [],
-      metrics_b: ['count'],
-      groupby_b: [],
-      adhoc_filters_b: [],
-      row_limit: 100,
-      row_limit_b: 100,
-      truncate_metric: true,
-      truncate_metric_b: true,
-      comparison_type: 'values',
-      color_scheme: 'supersetColors',
-    };
-    const chartResp = await apiPost(page, 'api/v1/chart/', {
-      slice_name: `mixed_filter_repro_${Date.now()}`,
-      viz_type: 'mixed_timeseries',
-      datasource_id: datasetId,
-      datasource_type: 'table',
-      params: JSON.stringify(chartParams),
-    });
-    expect(chartResp.ok()).toBe(true);
-    const chartId: number = (await chartResp.json()).id;
-    testAssets.trackChart(chartId);
-
-    const chartLayoutKey = `CHART-${chartId}`;
-    const filterId = `NATIVE_FILTER-${Math.random().toString(36).slice(2, 10)}`;
-    const positionJson = {
-      DASHBOARD_VERSION_KEY: 'v2',
-      ROOT_ID: { type: 'ROOT', id: 'ROOT_ID', children: ['GRID_ID'] },
-      GRID_ID: {
-        type: 'GRID',
-        id: 'GRID_ID',
-        children: ['ROW-1'],
-        parents: ['ROOT_ID'],
-      },
-      'ROW-1': {
-        type: 'ROW',
-        id: 'ROW-1',
-        children: [chartLayoutKey],
-        parents: ['ROOT_ID', 'GRID_ID'],
-        meta: { background: 'BACKGROUND_TRANSPARENT' },
-      },
-      [chartLayoutKey]: {
-        type: 'CHART',
-        id: chartLayoutKey,
-        children: [],
-        parents: ['ROOT_ID', 'GRID_ID', 'ROW-1'],
-        meta: { chartId, width: 8, height: 60, sliceName: 'mixed_filter_repro' },
-      },
-    };
-    const jsonMetadata = {
-      native_filter_configuration: [
-        {
-          id: filterId,
-          name: 'Gender',
-          filterType: 'filter_select',
-          type: 'NATIVE_FILTER',
-          targets: [{ datasetId, column: { name: FILTER_COLUMN } }],
-          controlValues: {
-            multiSelect: false,
-            enableEmptyFilter: false,
-            defaultToFirstItem: false,
-            inverseSelection: false,
-            searchAllOptions: false,
-          },
-          defaultDataMask: {
-            filterState: { value: [FILTER_VALUE] },
-            extraFormData: {
-              filters: [
-                { col: FILTER_COLUMN, op: 'IN', val: [FILTER_VALUE] },
-              ],
-            },
-          },
-          cascadeParentIds: [],
-          scope: { rootPath: ['ROOT_ID'], excluded: [] },
-          chartsInScope: [chartId],
-        },
-      ],
-      chart_configuration: {},
-      cross_filters_enabled: false,
-      global_chart_configuration: {
-        scope: { rootPath: ['ROOT_ID'], excluded: [] },
-        chartsInScope: [chartId],
-      },
-    };
-    const dashResp = await apiPostDashboard(page, {
-      dashboard_title: `mixed_filter_repro_${Date.now()}`,
-      published: true,
-      position_json: JSON.stringify(positionJson),
-      json_metadata: JSON.stringify(jsonMetadata),
-    });
-    expect(dashResp.ok()).toBe(true);
-    const dashBody = await dashResp.json();
-    const dashboardId: number = dashBody.result?.id ?? dashBody.id;
-    testAssets.trackDashboard(dashboardId);
-
-    await apiPut(page, `api/v1/chart/${chartId}`, { dashboards: [dashboardId] });
-
-    // Capture the Mixed chart's data request (the one with two queries).
-    const twoQueryPayloads: any[] = [];
-    page.on('request', req => {
-      if (
-        req.url().includes('/api/v1/chart/data') &&
-        req.method() === 'POST'
-      ) {
-        try {
-          const body = req.postDataJSON();
-          if (body?.queries?.length === 2) {
-            twoQueryPayloads.push(body);
-          }
-        } catch {
-          // ignore non-JSON bodies
-        }
-      }
-    });
-
-    const dashboardPage = new DashboardPage(page);
-    await dashboardPage.gotoById(dashboardId);
-    await dashboardPage.waitForLoad();
-    await dashboardPage.waitForChartsToLoad();
-
-    await expect
-      .poll(() => twoQueryPayloads.length, { timeout: 15_000 })
-      .toBeGreaterThan(0);
-
-    const payload = twoQueryPayloads[twoQueryPayloads.length - 1];
-    const filtersA = JSON.stringify(payload.queries[0].filters || []);
-    const filtersB = JSON.stringify(payload.queries[1].filters || []);
-
-    expect(
-      filtersA.includes(FILTER_COLUMN),
-      'Query A should inherit the dashboard filter',
-    ).toBe(true);
-    expect(
-      filtersB.includes(FILTER_COLUMN),
-      'Query B should inherit the dashboard filter (see #29519)',
-    ).toBe(true);
-  },
-);
--- a/superset-frontend/plugins/legacy-plugin-chart-chord/package.json
+++ b/superset-frontend/plugins/legacy-plugin-chart-chord/package.json
@@ -31,7 +31,7 @@
  "dependencies": {
    "d3": "^3.5.17",
    "prop-types": "^15.8.1",
-    "react": "^19.2.7"
+    "react": "^19.2.6"
  },
  "peerDependencies": {
    "@superset-ui/chart-controls": "*",
--- a/superset-frontend/plugins/plugin-chart-point-cluster-map/package.json
+++ b/superset-frontend/plugins/plugin-chart-point-cluster-map/package.json
@@ -29,7 +29,7 @@
    "@math.gl/web-mercator": "^4.1.0",
    "mapbox-gl": "^3.24.0",
    "maplibre-gl": "^5.24.0",
-    "react-map-gl": "^8.1.1",
+    "react-map-gl": "^8.1.0",
    "supercluster": "^8.0.1"
  },
  "peerDependencies": {
--- a/superset-frontend/src/SqlLab/components/TabbedSqlEditors/index.tsx
+++ b/superset-frontend/src/SqlLab/components/TabbedSqlEditors/index.tsx
@@ -25,7 +25,6 @@ import { FeatureFlag, isFeatureEnabled } from '@superset-ui/core';
 import { styled } from '@apache-superset/core/theme';
 import { Logger } from 'src/logger/LogUtils';
 import { EmptyState, Tooltip } from '@superset-ui/core/components';
-import { ErrorBoundary } from 'src/components/ErrorBoundary';
 import { detectOS } from 'src/utils/common';
 import * as Actions from 'src/SqlLab/actions/sqlLab';
 import { Icons } from '@superset-ui/core/components/Icons';
@@ -177,16 +176,14 @@ class TabbedSqlEditors extends PureComponent<TabbedSqlEditorsProps> {
      key: qe.id,
      label: <SqlEditorTabHeader queryEditor={qe} />,
      children: (
-        <ErrorBoundary>
-          <SqlEditor
-            queryEditor={qe}
-            defaultQueryLimit={this.props.defaultQueryLimit}
-            maxRow={this.props.maxRow}
-            displayLimit={this.props.displayLimit}
-            saveQueryWarning={this.props.saveQueryWarning}
-            scheduleQueryWarning={this.props.scheduleQueryWarning}
-          />
-        </ErrorBoundary>
+        <SqlEditor
+          queryEditor={qe}
+          defaultQueryLimit={this.props.defaultQueryLimit}
+          maxRow={this.props.maxRow}
+          displayLimit={this.props.displayLimit}
+          saveQueryWarning={this.props.saveQueryWarning}
+          scheduleQueryWarning={this.props.scheduleQueryWarning}
+        />
      ),
    }));

--- a/superset-frontend/src/components/CrudThemeProvider.test.tsx
+++ b/superset-frontend/src/components/CrudThemeProvider.test.tsx
@@ -25,8 +25,6 @@ import {
  isThemeConfigDark,
 } from '@apache-superset/core/theme';
 import getBootstrapData from 'src/utils/getBootstrapData';
-import { ThemeContext } from 'src/theme/ThemeProvider';
-import type { ThemeContextType } from '@apache-superset/core/theme';
 import CrudThemeProvider from './CrudThemeProvider';

 jest.mock('@apache-superset/core/theme', () => ({
@@ -309,59 +307,6 @@ test('ignores non-array fontUrls in theme config without throwing', () => {
  expect(fontStyle).toBeNull();
 });

-test('skips the dashboard theme when an SDK theme config override is active', () => {
-  const themeConfig = {
-    token: {
-      colorPrimary: '#ff0000',
-      fontUrls: ['https://fonts.example.com/dashboard.css'],
-    },
-  };
-  render(
-    <ThemeContext.Provider
-      value={{ hasThemeConfigOverride: true } as unknown as ThemeContextType}
-    >
-      <CrudThemeProvider
-        theme={{
-          id: 1,
-          theme_name: 'Custom Theme',
-          json_data: JSON.stringify(themeConfig),
-        }}
-      >
-        <div>Dashboard Content</div>
-      </CrudThemeProvider>
-    </ThemeContext.Provider>,
-  );
-
-  // The SDK override wins: the dashboard theme provider must not wrap children.
-  expect(screen.getByText('Dashboard Content')).toBeInTheDocument();
-  expect(
-    screen.queryByTestId('dashboard-theme-provider'),
-  ).not.toBeInTheDocument();
-  // The override fully owns theming, so dashboard fonts must not be injected.
-  expect(document.querySelector('style[data-superset-fonts]')).toBeNull();
-});
-
-test('applies the dashboard theme when no SDK theme config override is active', () => {
-  const themeConfig = { token: { colorPrimary: '#ff0000' } };
-  render(
-    <ThemeContext.Provider
-      value={{ hasThemeConfigOverride: false } as unknown as ThemeContextType}
-    >
-      <CrudThemeProvider
-        theme={{
-          id: 1,
-          theme_name: 'Custom Theme',
-          json_data: JSON.stringify(themeConfig),
-        }}
-      >
-        <div>Dashboard Content</div>
-      </CrudThemeProvider>
-    </ThemeContext.Provider>,
-  );
-
-  expect(screen.getByTestId('dashboard-theme-provider')).toBeInTheDocument();
-});
-
 test('does not inject font style element when no fontUrls in config', () => {
  const themeConfig = { token: { colorPrimary: '#ff0000' } };
  render(
--- a/superset-frontend/src/components/CrudThemeProvider.tsx
+++ b/superset-frontend/src/components/CrudThemeProvider.tsx
@@ -16,7 +16,7 @@
 * specific language governing permissions and limitations
 * under the License.
 */
-import { ReactNode, useContext, useEffect, useMemo } from 'react';
+import { ReactNode, useEffect, useMemo } from 'react';
 import { logging } from '@apache-superset/core/utils';
 import {
  Theme,
@@ -24,7 +24,6 @@ import {
  isThemeConfigDark,
 } from '@apache-superset/core/theme';
 import getBootstrapData from 'src/utils/getBootstrapData';
-import { ThemeContext } from 'src/theme/ThemeProvider';
 import type { Dashboard } from 'src/types/Dashboard';

 interface CrudThemeProviderProps {
@@ -42,18 +41,8 @@ export default function CrudThemeProvider({
  children,
  theme,
 }: CrudThemeProviderProps) {
-  // An explicit theme config override (e.g. supplied via the Embedded SDK)
-  // applies on the global theme controller and must win over the
-  // dashboard-level theme. When such an override is active, skip the
-  // dashboard theme so the override is not shadowed by this nested provider.
-  const themeContext = useContext(ThemeContext);
-  const hasThemeConfigOverride = themeContext?.hasThemeConfigOverride ?? false;
-
  const { dashboardTheme, fontUrls } = useMemo(() => {
-    // When an SDK override is active it fully owns theming, so skip parsing the
-    // dashboard theme entirely. This also prevents the font-injection effect
-    // below from loading dashboard fonts the override does not use.
-    if (hasThemeConfigOverride || !theme?.json_data) {
+    if (!theme?.json_data) {
      return { dashboardTheme: null, fontUrls: undefined };
    }
    try {
@@ -75,7 +64,7 @@ export default function CrudThemeProvider({
      logging.warn('Failed to load dashboard theme:', error);
      return { dashboardTheme: null, fontUrls: undefined };
    }
-  }, [theme?.json_data, hasThemeConfigOverride]);
+  }, [theme?.json_data]);

  useEffect(() => {
    if (!dashboardTheme || !fontUrls?.length) return undefined;
@@ -94,7 +83,7 @@ export default function CrudThemeProvider({
    };
  }, [dashboardTheme, fontUrls]);

-  if (!dashboardTheme || hasThemeConfigOverride) {
+  if (!dashboardTheme) {
    return <>{children}</>;
  }

--- a/superset-frontend/src/dashboard/actions/dashboardState.certification.test.ts
+++ b/superset-frontend/src/dashboard/actions/dashboardState.certification.test.ts
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-import { SupersetClient, isFeatureEnabled } from '@superset-ui/core';
-import { waitFor } from 'spec/helpers/testing-library';
-import {
-  filterId,
-  sliceEntitiesForDashboard as sliceEntities,
-} from 'spec/fixtures/mockSliceEntities';
-import { emptyFilters } from 'spec/fixtures/mockDashboardFilters';
-import mockDashboardData from 'spec/fixtures/mockDashboardData';
-import { saveDashboardRequest } from 'src/dashboard/actions/dashboardState';
-import { SAVE_TYPE_OVERWRITE } from 'src/dashboard/util/constants';
-
-jest.mock('@superset-ui/core', () => ({
-  ...jest.requireActual('@superset-ui/core'),
-  isFeatureEnabled: jest.fn(),
-}));
-
-const mockIsFeatureEnabled = isFeatureEnabled as jest.Mock;
-
-const mockState = {
-  dashboardState: { sliceIds: [filterId], hasUnsavedChanges: true },
-  dashboardInfo: { metadata: { color_scheme: 'supersetColors' } },
-  sliceEntities,
-  dashboardFilters: emptyFilters,
-  dashboardLayout: {
-    past: [],
-    present: mockDashboardData.positions,
-    future: {},
-  },
-  charts: {},
-};
-
-let putStub: jest.SpyInstance;
-
-beforeEach(() => {
-  // Disable ConfirmDashboardDiff so SAVE_TYPE_OVERWRITE always calls PUT
-  // directly (skipping the GET precheck) — without this the test outcome
-  // depends on the global feature-flag state and the assertions become
-  // non-deterministic, meaning a reverted fix may go undetected.
-  mockIsFeatureEnabled.mockReturnValue(false);
-  jest.spyOn(SupersetClient, 'post').mockResolvedValue({} as any);
-  jest.spyOn(SupersetClient, 'get').mockResolvedValue({} as any);
-  putStub = jest.spyOn(SupersetClient, 'put').mockResolvedValue({
-    json: { result: mockDashboardData },
-  } as any);
-});
-
-afterEach(() => {
-  jest.restoreAllMocks();
-});
-
-function setup() {
-  const getState = jest.fn(() => mockState) as unknown as () => any;
-  const dispatch = jest.fn();
-  return { getState, dispatch };
-}
-
-test('clears certification_details when certified_by is cleared', async () => {
-  const { getState, dispatch } = setup();
-  const thunk = saveDashboardRequest(
-    {
-      ...mockDashboardData,
-      certified_by: '',
-      certification_details: 'Old details',
-    },
-    1,
-    SAVE_TYPE_OVERWRITE,
-  );
-  thunk(dispatch, getState);
-  await waitFor(() => expect(putStub.mock.calls.length).toBe(1));
-  const body = JSON.parse(putStub.mock.calls[0][0].body);
-  expect(body.certified_by).toBe('');
-  expect(body.certification_details).toBe('');
-});
-
-test('preserves certification_details when certified_by is set', async () => {
-  const { getState, dispatch } = setup();
-  const thunk = saveDashboardRequest(
-    {
-      ...mockDashboardData,
-      certified_by: 'Alice',
-      certification_details: 'Verified by Alice',
-    },
-    1,
-    SAVE_TYPE_OVERWRITE,
-  );
-  thunk(dispatch, getState);
-  await waitFor(() => expect(putStub.mock.calls.length).toBe(1));
-  const body = JSON.parse(putStub.mock.calls[0][0].body);
-  expect(body.certified_by).toBe('Alice');
-  expect(body.certification_details).toBe('Verified by Alice');
-});
-
-test('omits certification fields when certified_by is undefined', async () => {
-  const { getState, dispatch } = setup();
-  const thunk = saveDashboardRequest(
-    {
-      ...mockDashboardData,
-      certified_by: undefined,
-      certification_details: undefined,
-    },
-    1,
-    SAVE_TYPE_OVERWRITE,
-  );
-  thunk(dispatch, getState);
-  await waitFor(() => expect(putStub.mock.calls.length).toBe(1));
-  const body = JSON.parse(putStub.mock.calls[0][0].body);
-  expect(body).not.toHaveProperty('certified_by');
-  expect(body).not.toHaveProperty('certification_details');
-});
--- a/superset-frontend/src/dashboard/components/Header/Header.test.tsx
+++ b/superset-frontend/src/dashboard/components/Header/Header.test.tsx
@@ -597,35 +597,6 @@ test('should fave', async () => {
  expect(saveFaveStar).toHaveBeenCalledTimes(1);
 });

-// FaveStar.onClick passes the *prior* isStarred value to saveFaveStar — the
-// reducer flips it. So favoriting (unstarred → starred) sends `false`, and
-// unfavoriting (starred → unstarred) sends `true`.
-test('should call saveFaveStar with false when favoriting from the header', () => {
-  setup();
-  const header = screen.getByTestId('dashboard-header-container');
-
-  userEvent.click(within(header).getByRole('img', { name: 'unstarred' }));
-  expect(saveFaveStar).toHaveBeenCalledTimes(1);
-  expect(saveFaveStar).toHaveBeenCalledWith(
-    initialState.dashboardInfo.id,
-    false,
-  );
-});
-
-test('should call saveFaveStar with true when unfavoriting from the header', () => {
-  setup({
-    dashboardState: { ...initialState.dashboardState, isStarred: true },
-  });
-  const header = screen.getByTestId('dashboard-header-container');
-
-  userEvent.click(within(header).getByRole('img', { name: 'starred' }));
-  expect(saveFaveStar).toHaveBeenCalledTimes(1);
-  expect(saveFaveStar).toHaveBeenCalledWith(
-    initialState.dashboardInfo.id,
-    true,
-  );
-});
-
 test('should toggle the edit mode', () => {
  const canEditState = {
    dashboardInfo: {
--- a/superset-frontend/src/dashboard/components/nativeFilters/FilterBar/FilterBar.test.tsx
+++ b/superset-frontend/src/dashboard/components/nativeFilters/FilterBar/FilterBar.test.tsx
@@ -902,61 +902,3 @@ test('Clear All on a required filter disables Apply via validateStatus', async (
  expect(screen.getByTestId(getTestId('apply-button'))).toBeDisabled();
  updateDataMaskSpy.mockRestore();
 });
-
-test('FilterBar renders the configured filter name in the bar', async () => {
-  const filterId = 'NATIVE_FILTER-name-render';
-  const filter = createFilter({
-    id: filterId,
-    name: 'Region',
-    filterType: 'filter_select',
-    targets: [{ datasetId: 7, column: { name: 'region' } }],
-    chartsInScope: [18],
-  });
-  const state = {
-    ...stateWithoutNativeFilters,
-    dashboardInfo: {
-      id: 1,
-      dash_edit_perm: true,
-      filterBarOrientation: FilterBarOrientation.Vertical,
-      metadata: {
-        native_filter_configuration: [filter],
-        chart_configuration: {},
-      },
-    },
-    dashboardState: {
-      ...stateWithoutNativeFilters.dashboardState,
-      activeTabs: ['ROOT_ID'],
-    },
-    dataMask: { [filterId]: createDataMask(filterId, undefined, {}) },
-    nativeFilters: {
-      filters: { [filterId]: filter },
-      filtersState: {},
-    },
-  };
-
-  const props = createOpenedBarProps();
-  renderFilterBar(props, state);
-  await act(async () => {
-    jest.advanceTimersByTime(300);
-  });
-
-  expect(await screen.findByText('Region')).toBeInTheDocument();
-});
-
-test('Clicking the gear "Add or edit filters and controls" item opens the FiltersConfigModal', async () => {
-  const props = createOpenedBarProps();
-  renderFilterBar(props, stateWithoutNativeFilters);
-  await act(async () => {
-    jest.advanceTimersByTime(100);
-  });
-
-  const gear = await screen.findByTestId('filterbar-orientation-icon');
-  userEvent.click(gear);
-
-  const addEditItem = await screen.findByText(
-    'Add or edit filters and controls',
-  );
-  userEvent.click(addEditItem);
-
-  expect(await screen.findByTestId('filter-modal')).toBeInTheDocument();
-});
--- a/superset-frontend/src/dashboard/components/nativeFilters/FiltersConfigModal/FiltersConfigModal.test.tsx
+++ b/superset-frontend/src/dashboard/components/nativeFilters/FiltersConfigModal/FiltersConfigModal.test.tsx
@@ -844,7 +844,9 @@ test('enables save button and includes updated title when editing an existing di
  jest.useRealTimers();

  await waitFor(() =>
-    expect(screen.getByRole('button', { name: SAVE_REGEX })).not.toBeDisabled(),
+    expect(
+      screen.getByRole('button', { name: SAVE_REGEX }),
+    ).not.toBeDisabled(),
  );

  await userEvent.click(screen.getByRole('button', { name: SAVE_REGEX }));
@@ -908,7 +910,9 @@ test('enables save button and includes updated title when editing an existing ch
  jest.useRealTimers();

  await waitFor(() =>
-    expect(screen.getByRole('button', { name: SAVE_REGEX })).not.toBeDisabled(),
+    expect(
+      screen.getByRole('button', { name: SAVE_REGEX }),
+    ).not.toBeDisabled(),
  );

  await userEvent.click(screen.getByRole('button', { name: SAVE_REGEX }));
@@ -956,144 +960,3 @@ test('empty state disappears when a filter is added via dropdown', async () => {
  });
  expect(screen.getByText(FILTER_TYPE_REGEX)).toBeInTheDocument();
 });
-
-test('restores a deleted filter via the "Restore filter" button', async () => {
-  const nativeFilterConfig = [
-    buildNativeFilter('NATIVE_FILTER-1', 'state', []),
-    buildNativeFilter('NATIVE_FILTER-2', 'country', []),
-  ];
-  const state = {
-    ...defaultState(),
-    dashboardInfo: {
-      metadata: { native_filter_configuration: nativeFilterConfig },
-    },
-    dashboardLayout,
-  };
-
-  defaultRender(state, { ...props, createNewOnOpen: false });
-
-  const filterContainer = screen.getByTestId('filter-title-container');
-  const firstTab = within(filterContainer).getAllByRole('tab')[0];
-  fireEvent.click(within(firstTab).getByRole('button', { name: /delete/i }));
-
-  expect(
-    await screen.findByText(/you have removed this filter/i),
-  ).toBeInTheDocument();
-  const restoreButton = screen.getByTestId('restore-filter-button');
-  await userEvent.click(restoreButton);
-
-  await waitFor(() => {
-    expect(
-      screen.queryByText(/you have removed this filter/i),
-    ).not.toBeInTheDocument();
-  });
-  expect(screen.getByRole('textbox', { name: FILTER_NAME_REGEX })).toHaveValue(
-    'state',
-  );
-}, 30000);
-
-test('undoes a filter deletion via the sidebar "Undo?" link', async () => {
-  const nativeFilterConfig = [
-    buildNativeFilter('NATIVE_FILTER-1', 'state', []),
-    buildNativeFilter('NATIVE_FILTER-2', 'country', []),
-  ];
-  const state = {
-    ...defaultState(),
-    dashboardInfo: {
-      metadata: { native_filter_configuration: nativeFilterConfig },
-    },
-    dashboardLayout,
-  };
-
-  defaultRender(state, { ...props, createNewOnOpen: false });
-
-  const filterContainer = screen.getByTestId('filter-title-container');
-  const firstTab = within(filterContainer).getAllByRole('tab')[0];
-  fireEvent.click(within(firstTab).getByRole('button', { name: /delete/i }));
-
-  const undoButton = await screen.findByTestId('undo-button');
-  expect(undoButton).toHaveTextContent(/undo\?/i);
-  await userEvent.click(undoButton);
-
-  await waitFor(() => {
-    expect(
-      screen.queryByText(/you have removed this filter/i),
-    ).not.toBeInTheDocument();
-  });
-  expect(screen.getByRole('textbox', { name: FILTER_NAME_REGEX })).toHaveValue(
-    'state',
-  );
-}, 30000);
-
-test('shows info tooltips beside value-filter options and reveals tooltip text on hover', async () => {
-  defaultRender();
-
-  // Upstream Cypress checked six tooltips on the value filter (nativeFilterTooltips
-  // 0..5); asserting the count keeps this test honest if tooltips get added or
-  // removed alongside a regression to the option list.
-  const tooltipIcons = screen.getAllByLabelText(/show info tooltip/i);
-  expect(tooltipIcons.length).toBeGreaterThanOrEqual(6);
-
-  await userEvent.hover(tooltipIcons[0]);
-
-  // role='tooltip' trips an nwsapi bug on antd's internal :only-child selectors;
-  // query the portal node by class and require non-empty text content so an empty
-  // tooltip render does not pass.
-  await waitFor(() => {
-    const tooltip = document.querySelector('.ant-tooltip-inner');
-    expect(tooltip).toBeInTheDocument();
-    expect(tooltip?.textContent?.trim()).toBeTruthy();
-  });
-}, 30000);
-
-test('numerical range filter — Range Type selector lets the user pick a display mode', async () => {
-  defaultRender();
-
-  await userEvent.click(screen.getByText(VALUE_REGEX));
-  await userEvent.click(await screen.findByText(NUMERICAL_RANGE_REGEX));
-
-  const rangeTypeCombobox = await screen.findByRole('combobox', {
-    name: /range type/i,
-  });
-
-  // Default render is "Slider and range input"; asserting Slider is absent first
-  // ensures the post-click assertion proves a state change rather than passing on
-  // the default selection.
-  expect(
-    document.querySelector('.ant-select-selection-item[title="Slider"]'),
-  ).not.toBeInTheDocument();
-
-  await userEvent.click(rangeTypeCombobox);
-  const sliderOption = await screen.findByRole('option', {
-    name: /^slider$/i,
-  });
-  await userEvent.click(sliderOption);
-
-  // antd Select renders the active selection as a span whose title attribute is
-  // the picked option's label.
-  await waitFor(() => {
-    expect(
-      document.querySelector('.ant-select-selection-item[title="Slider"]'),
-    ).toBeInTheDocument();
-  });
-}, 30000);
-
-test('toggles "Filter has default value" to show and hide the Default Value control', async () => {
-  defaultRender();
-
-  const defaultValueCheckbox = getCheckbox(DEFAULT_VALUE_REGEX);
-  expect(defaultValueCheckbox).not.toBeChecked();
-  expect(screen.queryByText(/^default value$/i)).not.toBeInTheDocument();
-
-  await userEvent.click(defaultValueCheckbox);
-
-  expect(defaultValueCheckbox).toBeChecked();
-  expect(await screen.findByText(/^default value$/i)).toBeInTheDocument();
-
-  await userEvent.click(defaultValueCheckbox);
-
-  expect(defaultValueCheckbox).not.toBeChecked();
-  await waitFor(() => {
-    expect(screen.queryByText(/^default value$/i)).not.toBeInTheDocument();
-  });
-});
--- a/superset-frontend/src/dashboard/components/nativeFilters/FiltersConfigModal/NativeFiltersModal.test.tsx
+++ b/superset-frontend/src/dashboard/components/nativeFilters/FiltersConfigModal/NativeFiltersModal.test.tsx
@@ -84,14 +84,6 @@ test('the form validates required fields', async () => {
  expect(onSave).toHaveBeenCalledTimes(0);
 });

-async function openDropdownAndAddFilter(
-  getByTestId: (id: string) => HTMLElement,
-  findByRole: (role: string, opts: { name: RegExp }) => Promise<HTMLElement>,
-) {
-  fireEvent.mouseEnter(getByTestId('new-item-dropdown-button'));
-  fireEvent.click(await findByRole('menuitem', { name: /add filter/i }));
-}
-
 // eslint-disable-next-line no-restricted-globals -- TODO: Migrate from describe blocks
 describe('createNewOnOpen', () => {
  test('does not show alert when there is no unsaved filters', async () => {
@@ -107,23 +99,15 @@ describe('createNewOnOpen', () => {
      onCancel,
      createNewOnOpen: false,
    });
-    await openDropdownAndAddFilter(getByTestId, findByRole);
+    const dropdownButton = getByTestId('new-item-dropdown-button');
+    fireEvent.mouseEnter(dropdownButton);
+    const addFilterMenuItem = await findByRole('menuitem', {
+      name: /add filter/i,
+    });
+    fireEvent.click(addFilterMenuItem);
    fireEvent.click(getByRole('button', { name: 'Cancel' }));
    expect(onCancel).toHaveBeenCalledTimes(0);
    expect(getByRole('alert')).toBeInTheDocument();
    expect(getByRole('alert')).toHaveTextContent('There are unsaved changes.');
  });
-
-  test('confirm-cancel button proceeds with cancel after the unsaved alert', async () => {
-    const onCancel = jest.fn();
-    const { getByRole, getByTestId, findByRole } = setup({
-      onCancel,
-      createNewOnOpen: false,
-    });
-    await openDropdownAndAddFilter(getByTestId, findByRole);
-    fireEvent.click(getByRole('button', { name: 'Cancel' }));
-    expect(getByRole('alert')).toBeInTheDocument();
-    fireEvent.click(getByTestId('native-filter-modal-confirm-cancel-button'));
-    expect(onCancel).toHaveBeenCalledTimes(1);
-  });
 });
--- a/superset-frontend/src/pages/SqlLab/index.tsx
+++ b/superset-frontend/src/pages/SqlLab/index.tsx
@@ -24,12 +24,10 @@ import { useSqlLabInitialState } from 'src/hooks/apiResources/sqlLab';
 import type { InitialState } from 'src/hooks/apiResources/sqlLab';
 import { resetState } from 'src/SqlLab/actions/sqlLab';
 import { addDangerToast } from 'src/components/MessageToasts/actions';
-import { ErrorAlert } from 'src/components/ErrorMessage';
 import type { SqlLabRootState } from 'src/SqlLab/types';
 import { SqlLabGlobalStyles } from 'src/SqlLab//SqlLabGlobalStyles';
 import App from 'src/SqlLab/components/App';
-import { Button, Loading } from '@superset-ui/core/components';
-import { t } from '@apache-superset/core/translation';
+import { Loading } from '@superset-ui/core/components';
 import EditorAutoSync from 'src/SqlLab/components/EditorAutoSync';
 import useEffectEvent from 'src/hooks/useEffectEvent';
 import { LocationProvider } from './LocationContext';
@@ -38,7 +36,7 @@ export default function SqlLab() {
  const lastInitializedAt = useSelector<SqlLabRootState, number>(
    state => state.sqlLab.queriesLastUpdate || 0,
  );
-  const { data, isLoading, isError, error, fulfilledTimeStamp, refetch } =
+  const { data, isLoading, isError, error, fulfilledTimeStamp } =
    useSqlLabInitialState();
  const shouldInitialize = lastInitializedAt <= (fulfilledTimeStamp || 0);
  const dispatch = useDispatch();
@@ -57,39 +55,11 @@ export default function SqlLab() {
    }
  }, [data, initBootstrapData]);

-  useEffect(() => {
-    if (isError) {
-      dispatch(addDangerToast(error?.message || t('An error occurred')));
-    }
-  }, [isError, error, dispatch]);
-
  if (isLoading || shouldInitialize) return <Loading />;

-  if (isError) {
-    return (
-      <div
-        css={css`
-          padding: 24px;
-        `}
-      >
-        <ErrorAlert
-          errorType={t('Could not load SQL Lab')}
-          message={t(
-            'An error occurred while loading SQL Lab. This may be caused by a corrupted query state.',
-          )}
-        >
-          <Button
-            buttonStyle="primary"
-            onClick={refetch}
-            css={css`
-              margin-top: 16px;
-            `}
-          >
-            {t('Reload SQL Lab')}
-          </Button>
-        </ErrorAlert>
-      </div>
-    );
+  if (isError && error?.message) {
+    dispatch(addDangerToast(error?.message));
+    return null;
  }

  return (
--- a/superset-frontend/src/theme/ThemeController.ts
+++ b/superset-frontend/src/theme/ThemeController.ts
@@ -99,11 +99,6 @@ export class ThemeController {

  private dashboardCrudTheme: AnyThemeConfig | null = null;

-  // Tracks whether an explicit theme config override has been applied via
-  // setThemeConfig (e.g. from the Embedded SDK). When set, it must take
-  // precedence over a dashboard-level theme.
-  private themeConfigOverride = false;
-
  // Track loaded font URLs to avoid duplicate injections
  private loadedFontUrls: Set<string> = new Set();

@@ -472,15 +467,6 @@ export class ThemeController {
    return this.devThemeOverride !== null;
  }

-  /**
-   * Checks if an explicit theme config override has been applied via
-   * setThemeConfig (e.g. from the Embedded SDK). When true, this override
-   * takes precedence over any dashboard-level theme.
-   */
-  public hasThemeConfigOverride(): boolean {
-    return this.themeConfigOverride;
-  }
-
  /**
   * Gets the applied theme ID (for UI display purposes).
   */
@@ -526,7 +512,6 @@ export class ThemeController {
  public setThemeConfig(config: SupersetThemeConfig): void {
    this.defaultTheme = config.theme_default;
    this.darkTheme = config.theme_dark || null;
-    this.themeConfigOverride = true;

    let newMode: ThemeMode;
    try {
--- a/superset-frontend/src/theme/ThemeProvider.tsx
+++ b/superset-frontend/src/theme/ThemeProvider.tsx
@@ -33,7 +33,7 @@ import {
 } from '@apache-superset/core/theme';
 import { ThemeController } from './ThemeController';

-export const ThemeContext = createContext<ThemeContextType | null>(null);
+const ThemeContext = createContext<ThemeContextType | null>(null);

 interface ThemeProviderProps {
  children: React.ReactNode;
@@ -52,10 +52,6 @@ export function SupersetThemeProvider({
    themeController.getCurrentMode(),
  );

-  const [hasThemeConfigOverride, setHasThemeConfigOverride] = useState<boolean>(
-    themeController.hasThemeConfigOverride(),
-  );
-
  useEffect(() => {
    // TODO: Once we migrate to react>=18 is should be possible
    // to replace the useState and useEffect with a singular
@@ -63,7 +59,6 @@ export function SupersetThemeProvider({
    const updateState = (theme: Theme) => {
      setCurrentTheme(theme);
      setCurrentThemeMode(themeController.getCurrentMode());
-      setHasThemeConfigOverride(themeController.hasThemeConfigOverride());
      document.documentElement.setAttribute(
        'data-theme-mode',
        themeController.getCurrentModeResolved(),
@@ -148,7 +143,6 @@ export function SupersetThemeProvider({
      clearLocalOverrides,
      getCurrentCrudThemeId,
      hasDevOverride,
-      hasThemeConfigOverride,
      canSetMode,
      canSetTheme,
      canDetectOSPreference,
@@ -165,7 +159,6 @@ export function SupersetThemeProvider({
      clearLocalOverrides,
      getCurrentCrudThemeId,
      hasDevOverride,
-      hasThemeConfigOverride,
      canSetMode,
      canSetTheme,
      canDetectOSPreference,
--- a/superset-frontend/src/theme/tests/ThemeController.test.ts
+++ b/superset-frontend/src/theme/tests/ThemeController.test.ts
@@ -1082,24 +1082,6 @@ test('setThemeConfig sets complete theme configuration', () => {
  expect(controller.canSetMode()).toBe(true);
 });

-test('setThemeConfig flags an active theme config override', () => {
-  mockGetBootstrapData.mockReturnValue(
-    createMockBootstrapData({ default: {}, dark: {} }),
-  );
-
-  const controller = createController({ defaultTheme: { token: {} } });
-
-  // No override until setThemeConfig is called (e.g. from the Embedded SDK).
-  expect(controller.hasThemeConfigOverride()).toBe(false);
-
-  controller.setThemeConfig({
-    theme_default: DEFAULT_THEME,
-    theme_dark: DARK_THEME,
-  });
-
-  expect(controller.hasThemeConfigOverride()).toBe(true);
-});
-
 test('setThemeConfig handles theme_default only', () => {
  mockGetBootstrapData.mockReturnValue(
    createMockBootstrapData({
--- a/superset-frontend/src/theme/tests/ThemeProvider.test.tsx
+++ b/superset-frontend/src/theme/tests/ThemeProvider.test.tsx
@@ -86,7 +86,6 @@ describe('SupersetThemeProvider', () => {
      clearLocalOverrides: jest.fn(),
      getCurrentCrudThemeId: jest.fn().mockReturnValue(null),
      hasDevOverride: jest.fn().mockReturnValue(false),
-      hasThemeConfigOverride: jest.fn().mockReturnValue(false),
      canSetMode: jest.fn().mockReturnValue(true),
      canSetTheme: jest.fn().mockReturnValue(true),
      canDetectOSPreference: jest.fn().mockReturnValue(true),
--- a/superset-websocket/Dockerfile
+++ b/superset-websocket/Dockerfile
@@ -14,13 +14,6 @@
 # limitations under the License.
 FROM node:22-alpine AS build

-# Harden `npm ci` against transient npm-registry network blips (e.g. ECONNRESET),
-# which otherwise fail the image build with no retry.
-ENV npm_config_fetch_retries=5 \
-    npm_config_fetch_retry_mintimeout=20000 \
-    npm_config_fetch_retry_maxtimeout=120000 \
-    npm_config_fetch_timeout=600000
-
 WORKDIR /home/superset-websocket

 COPY . ./
@@ -31,12 +24,7 @@ RUN npm ci && \

 FROM node:22-alpine

-# Retry npm-registry fetches so a transient blip doesn't fail the build.
-ENV NODE_ENV=production \
-    npm_config_fetch_retries=5 \
-    npm_config_fetch_retry_mintimeout=20000 \
-    npm_config_fetch_retry_maxtimeout=120000 \
-    npm_config_fetch_timeout=600000
+ENV NODE_ENV=production
 WORKDIR /home/superset-websocket

 COPY --from=build /home/superset-websocket/dist ./dist
--- a/superset-websocket/package-lock.json
+++ b/superset-websocket/package-lock.json
@@ -26,7 +26,7 @@
        "@types/node": "^25.9.1",
        "@types/ws": "^8.18.1",
        "@typescript-eslint/eslint-plugin": "^8.60.0",
-        "@typescript-eslint/parser": "^8.60.1",
+        "@typescript-eslint/parser": "^8.60.0",
        "eslint": "^10.4.1",
        "eslint-config-prettier": "^10.1.8",
        "eslint-plugin-lodash": "^8.0.0",
@@ -37,7 +37,7 @@
        "ts-node": "^10.9.2",
        "tscw-config": "^1.1.2",
        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.60.1"
+        "typescript-eslint": "^8.60.0"
      },
      "engines": {
        "node": "^22.22.0",
@@ -1844,17 +1844,17 @@
      "dev": true
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.1.tgz",
-      "integrity": "sha512-JQ4S5GB0tfjO8BuJ4fcX+HodkzJjYBV+7OJ+wLygaX7OGQ7FudyHL4NSCA6ob+w3Yn+5MkKIozOwQhXeM7opVg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz",
+      "integrity": "sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/type-utils": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/type-utils": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
        "ts-api-utils": "^2.5.0"
@@ -1867,7 +1867,7 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "@typescript-eslint/parser": "^8.60.1",
+        "@typescript-eslint/parser": "^8.60.0",
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
        "typescript": ">=4.8.4 <6.1.0"
      }
@@ -1883,16 +1883,16 @@
      }
    },
    "node_modules/@typescript-eslint/parser": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.1.tgz",
-      "integrity": "sha512-A0M6ua6H252bVjPvvtSgl2QA4+ET9S5Mtkb2GDyTxIhH/C4qDItT7RQNO5PhMC6NXGYXOR9dIalcDDgBKT7oFA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.0.tgz",
+      "integrity": "sha512-fcqpj/MyK4sxDPcbe7STNPbpQL4RLZOPWuaTmwZYuc+hJKzRf58yRxfhqGpc6PIq9ZyfSBpfHgmUHmHs0KwHwg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -1908,14 +1908,14 @@
      }
    },
    "node_modules/@typescript-eslint/project-service": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.1.tgz",
-      "integrity": "sha512-eXkTH2bxmXlqD1RnOPmLZ9ZM9D3VwSx04JOwBnP9RQ+yUA5a2Mu7SfW8uaV2Aon53NJzZlZYuX7tn91Izf+xaw==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz",
+      "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.60.1",
-        "@typescript-eslint/types": "^8.60.1",
+        "@typescript-eslint/tsconfig-utils": "^8.60.0",
+        "@typescript-eslint/types": "^8.60.0",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -1930,14 +1930,14 @@
      }
    },
    "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.1.tgz",
-      "integrity": "sha512-gvI5OQoptnxQnchOirukCuQ55svJSTuD/4k5+pC267xyBtYry748R9/c3tYUzb/iE6RZfllRz2lVulLCHkTm4w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz",
+      "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1"
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1948,9 +1948,9 @@
      }
    },
    "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.1.tgz",
-      "integrity": "sha512-nh8w4qAteiKuZu3pSSzG/yGKpw0OlkrKnzFmbVRenKaD4qc+7i1GrmZaLVkr8rk4uipiPGMOW4YsM6WmKZ5CvA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz",
+      "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -1965,15 +1965,15 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.1.tgz",
-      "integrity": "sha512-sdwTrpjosW7ANQYJ39ZBF1ZyEMEGVB2UsikrserVM/30a/F1dTLnu9bGxEdosugyu5caigjLrR2qiD11asjI1A==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz",
+      "integrity": "sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
        "debug": "^4.4.3",
        "ts-api-utils": "^2.5.0"
      },
@@ -1990,9 +1990,9 @@
      }
    },
    "node_modules/@typescript-eslint/types": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.1.tgz",
-      "integrity": "sha512-4h0tY8ppCkdCzcrl2YM5M3my0xsE1Tf8om3owEu5oPWmXwkKRmk0j0LGDzYBGUcAlesEbxBhazqu/K4cu3Ug7w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz",
+      "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2004,16 +2004,16 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.1.tgz",
-      "integrity": "sha512-alpRkfG8hlVE5kdJW2GkfgDgXxold3e8e4l6EnmhRmRLbekgAPCCGDVD++sABy9FcgPFroq+uFcCSM1vR57Cew==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz",
+      "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.60.1",
-        "@typescript-eslint/tsconfig-utils": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/project-service": "8.60.0",
+        "@typescript-eslint/tsconfig-utils": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
@@ -2071,16 +2071,16 @@
      }
    },
    "node_modules/@typescript-eslint/utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.1.tgz",
-      "integrity": "sha512-h2MPBLoNtjc3qZWfY3Tl51yPorQ2McHn8pJfcMNTcIvrrZrr90Ykffit0yjrPFWQcRcUxzH20+6OcVdW4yHtUg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz",
+      "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1"
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2095,13 +2095,13 @@
      }
    },
    "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.1.tgz",
-      "integrity": "sha512-EbGRQg4FhrmwLodl+t3JNAnXHWVr9Vp+Zl1QBZVPY4ByfkzIT8cX3K6QWODHtkIZqqJVEWvhHSx3v5PDHsaQag==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz",
+      "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -6188,16 +6188,16 @@
      }
    },
    "node_modules/typescript-eslint": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.60.1.tgz",
-      "integrity": "sha512-6m5hkkRAp8lKvhVpcprAIn5KkehQEh+47oHH2VGnExEh7dhNxXlg6GPAOIu6TxbVQxhebrJDvjl3020ooiWCMA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.60.0.tgz",
+      "integrity": "sha512-9f65qWLZdAW9m1JaxBDUHcqRUfL8bkxxXL7XxEfI+F09q56PkBvIfCjLF3yInsDM/BBmwkqmCQdCZe/RYlIWEw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.60.1",
-        "@typescript-eslint/parser": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1"
+        "@typescript-eslint/eslint-plugin": "8.60.0",
+        "@typescript-eslint/parser": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -7927,16 +7927,16 @@
      "dev": true
    },
    "@typescript-eslint/eslint-plugin": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.1.tgz",
-      "integrity": "sha512-JQ4S5GB0tfjO8BuJ4fcX+HodkzJjYBV+7OJ+wLygaX7OGQ7FudyHL4NSCA6ob+w3Yn+5MkKIozOwQhXeM7opVg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz",
+      "integrity": "sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==",
      "dev": true,
      "requires": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/type-utils": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/type-utils": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
        "ts-api-utils": "^2.5.0"
@@ -7951,75 +7951,75 @@
      }
    },
    "@typescript-eslint/parser": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.1.tgz",
-      "integrity": "sha512-A0M6ua6H252bVjPvvtSgl2QA4+ET9S5Mtkb2GDyTxIhH/C4qDItT7RQNO5PhMC6NXGYXOR9dIalcDDgBKT7oFA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.0.tgz",
+      "integrity": "sha512-fcqpj/MyK4sxDPcbe7STNPbpQL4RLZOPWuaTmwZYuc+hJKzRf58yRxfhqGpc6PIq9ZyfSBpfHgmUHmHs0KwHwg==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3"
      }
    },
    "@typescript-eslint/project-service": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.1.tgz",
-      "integrity": "sha512-eXkTH2bxmXlqD1RnOPmLZ9ZM9D3VwSx04JOwBnP9RQ+yUA5a2Mu7SfW8uaV2Aon53NJzZlZYuX7tn91Izf+xaw==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz",
+      "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/tsconfig-utils": "^8.60.1",
-        "@typescript-eslint/types": "^8.60.1",
+        "@typescript-eslint/tsconfig-utils": "^8.60.0",
+        "@typescript-eslint/types": "^8.60.0",
        "debug": "^4.4.3"
      }
    },
    "@typescript-eslint/scope-manager": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.1.tgz",
-      "integrity": "sha512-gvI5OQoptnxQnchOirukCuQ55svJSTuD/4k5+pC267xyBtYry748R9/c3tYUzb/iE6RZfllRz2lVulLCHkTm4w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz",
+      "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1"
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0"
      }
    },
    "@typescript-eslint/tsconfig-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.1.tgz",
-      "integrity": "sha512-nh8w4qAteiKuZu3pSSzG/yGKpw0OlkrKnzFmbVRenKaD4qc+7i1GrmZaLVkr8rk4uipiPGMOW4YsM6WmKZ5CvA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz",
+      "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==",
      "dev": true,
      "requires": {}
    },
    "@typescript-eslint/type-utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.1.tgz",
-      "integrity": "sha512-sdwTrpjosW7ANQYJ39ZBF1ZyEMEGVB2UsikrserVM/30a/F1dTLnu9bGxEdosugyu5caigjLrR2qiD11asjI1A==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz",
+      "integrity": "sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0",
        "debug": "^4.4.3",
        "ts-api-utils": "^2.5.0"
      }
    },
    "@typescript-eslint/types": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.1.tgz",
-      "integrity": "sha512-4h0tY8ppCkdCzcrl2YM5M3my0xsE1Tf8om3owEu5oPWmXwkKRmk0j0LGDzYBGUcAlesEbxBhazqu/K4cu3Ug7w==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz",
+      "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==",
      "dev": true
    },
    "@typescript-eslint/typescript-estree": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.1.tgz",
-      "integrity": "sha512-alpRkfG8hlVE5kdJW2GkfgDgXxold3e8e4l6EnmhRmRLbekgAPCCGDVD++sABy9FcgPFroq+uFcCSM1vR57Cew==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz",
+      "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/project-service": "8.60.1",
-        "@typescript-eslint/tsconfig-utils": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/visitor-keys": "8.60.1",
+        "@typescript-eslint/project-service": "8.60.0",
+        "@typescript-eslint/tsconfig-utils": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/visitor-keys": "8.60.0",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
@@ -8054,24 +8054,24 @@
      }
    },
    "@typescript-eslint/utils": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.1.tgz",
-      "integrity": "sha512-h2MPBLoNtjc3qZWfY3Tl51yPorQ2McHn8pJfcMNTcIvrrZrr90Ykffit0yjrPFWQcRcUxzH20+6OcVdW4yHtUg==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz",
+      "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==",
      "dev": true,
      "requires": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.60.1",
-        "@typescript-eslint/types": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1"
+        "@typescript-eslint/scope-manager": "8.60.0",
+        "@typescript-eslint/types": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0"
      }
    },
    "@typescript-eslint/visitor-keys": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.1.tgz",
-      "integrity": "sha512-EbGRQg4FhrmwLodl+t3JNAnXHWVr9Vp+Zl1QBZVPY4ByfkzIT8cX3K6QWODHtkIZqqJVEWvhHSx3v5PDHsaQag==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz",
+      "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/types": "8.60.1",
+        "@typescript-eslint/types": "8.60.0",
        "eslint-visitor-keys": "^5.0.0"
      },
      "dependencies": {
@@ -11021,15 +11021,15 @@
      "dev": true
    },
    "typescript-eslint": {
-      "version": "8.60.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.60.1.tgz",
-      "integrity": "sha512-6m5hkkRAp8lKvhVpcprAIn5KkehQEh+47oHH2VGnExEh7dhNxXlg6GPAOIu6TxbVQxhebrJDvjl3020ooiWCMA==",
+      "version": "8.60.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.60.0.tgz",
+      "integrity": "sha512-9f65qWLZdAW9m1JaxBDUHcqRUfL8bkxxXL7XxEfI+F09q56PkBvIfCjLF3yInsDM/BBmwkqmCQdCZe/RYlIWEw==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/eslint-plugin": "8.60.1",
-        "@typescript-eslint/parser": "8.60.1",
-        "@typescript-eslint/typescript-estree": "8.60.1",
-        "@typescript-eslint/utils": "8.60.1"
+        "@typescript-eslint/eslint-plugin": "8.60.0",
+        "@typescript-eslint/parser": "8.60.0",
+        "@typescript-eslint/typescript-estree": "8.60.0",
+        "@typescript-eslint/utils": "8.60.0"
      }
    },
    "uglify-js": {
--- a/superset-websocket/package.json
+++ b/superset-websocket/package.json
@@ -34,7 +34,7 @@
    "@types/node": "^25.9.1",
    "@types/ws": "^8.18.1",
    "@typescript-eslint/eslint-plugin": "^8.60.0",
-    "@typescript-eslint/parser": "^8.60.1",
+    "@typescript-eslint/parser": "^8.60.0",
    "eslint": "^10.4.1",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-lodash": "^8.0.0",
@@ -45,7 +45,7 @@
    "ts-node": "^10.9.2",
    "tscw-config": "^1.1.2",
    "typescript": "^6.0.3",
-    "typescript-eslint": "^8.60.1"
+    "typescript-eslint": "^8.60.0"
  },
  "engines": {
    "node": "^22.22.0",
--- a/superset-websocket/spec/index.test.ts
+++ b/superset-websocket/spec/index.test.ts
@@ -43,7 +43,7 @@ const mockRedisXrange = jest.fn() as jest.MockedFunction<MockedRedisXrange>;
 jest.mock('ws');
 jest.mock('ioredis', () => {
  return jest.fn().mockImplementation(() => {
-    return { xrange: mockRedisXrange, on: jest.fn() };
+    return { xrange: mockRedisXrange };
  });
 });

@@ -304,136 +304,6 @@ describe('server', () => {

      cleanChannelMock.mockRestore();
    });
-
-    const makeItem = (i: number): server.StreamResult =>
-      [
-        `161542615${i}-0`,
-        [
-          'data',
-          JSON.stringify({
-            channel_id: channelId,
-            job_id: `job-${i}`,
-            status: 'done',
-          }),
-        ],
-      ] as server.StreamResult;
-
-    afterEach(() => {
-      server.opts.eventYieldBatchSize = 100;
-    });
-
-    test('yields to the event loop for large batches', async () => {
-      server.opts.eventYieldBatchSize = 2;
-      const ws = new wsMock('localhost');
-      server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      const sendMock = jest.spyOn(ws, 'send');
-      const setImmediateSpy = jest.spyOn(global, 'setImmediate');
-
-      const results = [0, 1, 2, 3, 4].map(makeItem);
-      await server.processStreamResults(results);
-
-      // every event is still delivered
-      expect(sendMock).toHaveBeenCalledTimes(5);
-      // and the loop yielded at least at indexes 2 and 4
-      expect(setImmediateSpy.mock.calls.length).toBeGreaterThanOrEqual(2);
-      setImmediateSpy.mockRestore();
-    });
-
-    test('processes the whole batch when yielding is disabled', async () => {
-      server.opts.eventYieldBatchSize = 0;
-      const ws = new wsMock('localhost');
-      server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      const sendMock = jest.spyOn(ws, 'send');
-
-      const results = [0, 1, 2, 3, 4].map(makeItem);
-      await server.processStreamResults(results);
-
-      expect(sendMock).toHaveBeenCalledTimes(5);
-    });
-  });
-
-  describe('backpressure', () => {
-    const fakeEvent = {
-      id: '1615426152415-0',
-      channel_id: channelId,
-      job_id: 'c9b99965-8f1e-4ce5-aa43-d6fc94d6a510',
-      status: 'done',
-    };
-
-    afterEach(() => {
-      server.opts.maxSocketBufferBytes = 0;
-      // Restore any spies (e.g. on server.cleanChannel) so they don't leak
-      // across tests and cause order-dependent failures.
-      jest.restoreAllMocks();
-    });
-
-    test('does not terminate when cap disabled (0)', () => {
-      server.opts.maxSocketBufferBytes = 0;
-      const ws = new wsMock('localhost');
-      // simulate a large outbound buffer
-      (ws as unknown as { bufferedAmount: number }).bufferedAmount = 10_000_000;
-      const terminateMock = jest.spyOn(ws, 'terminate');
-      const sendMock = jest.spyOn(ws, 'send');
-      server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-
-      server.sendToChannel(channelId, fakeEvent);
-
-      expect(terminateMock).not.toHaveBeenCalled();
-      expect(sendMock).toHaveBeenCalled();
-    });
-
-    test('terminates a slow client whose buffer exceeds the cap', () => {
-      server.opts.maxSocketBufferBytes = 1024;
-      const ws = new wsMock('localhost');
-      (ws as unknown as { bufferedAmount: number }).bufferedAmount = 2048;
-      const terminateMock = jest.spyOn(ws, 'terminate');
-      const sendMock = jest.spyOn(ws, 'send');
-      const cleanChannelMock = jest.spyOn(server, 'cleanChannel');
-      server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-
-      server.sendToChannel(channelId, fakeEvent);
-
-      expect(terminateMock).toHaveBeenCalled();
-      expect(sendMock).not.toHaveBeenCalled();
-      expect(statsdIncrementMock).toHaveBeenCalledWith(
-        'ws_client_backpressure_disconnect',
-      );
-      expect(cleanChannelMock).toHaveBeenCalledWith(channelId);
-    });
-
-    test('keeps sending to a client within the cap', () => {
-      server.opts.maxSocketBufferBytes = 1024;
-      const ws = new wsMock('localhost');
-      (ws as unknown as { bufferedAmount: number }).bufferedAmount = 16;
-      const terminateMock = jest.spyOn(ws, 'terminate');
-      const sendMock = jest.spyOn(ws, 'send');
-      server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-
-      server.sendToChannel(channelId, fakeEvent);
-
-      expect(terminateMock).not.toHaveBeenCalled();
-      expect(sendMock).toHaveBeenCalled();
-    });
  });

  describe('fetchRangeFromStream', () => {
@@ -443,9 +313,7 @@ describe('server', () => {

    test('success with results', async () => {
      mockRedisXrange.mockResolvedValueOnce(streamReturnValue);
-      const cb = jest.fn() as jest.MockedFunction<
-        (results: server.StreamResult[]) => void | Promise<void>
-      >;
+      const cb = jest.fn();
      await server.fetchRangeFromStream({
        sessionId: '123',
        startId: '-',
@@ -462,9 +330,7 @@ describe('server', () => {
    });

    test('success no results', async () => {
-      const cb = jest.fn() as jest.MockedFunction<
-        (results: server.StreamResult[]) => void | Promise<void>
-      >;
+      const cb = jest.fn();
      await server.fetchRangeFromStream({
        sessionId: '123',
        startId: '-',
@@ -481,9 +347,7 @@ describe('server', () => {
    });

    test('error', async () => {
-      const cb = jest.fn() as jest.MockedFunction<
-        (results: server.StreamResult[]) => void | Promise<void>
-      >;
+      const cb = jest.fn();
      mockRedisXrange.mockRejectedValueOnce(new Error());
      await server.fetchRangeFromStream({
        sessionId: '123',
@@ -632,172 +496,6 @@ describe('server', () => {
    });
  });

-  describe('connection limits', () => {
-    const getRequest = (token: string, url: string): http.IncomingMessage => {
-      const request = new http.IncomingMessage(new net.Socket());
-      request.method = 'GET';
-      request.headers = { cookie: `${config.jwtCookieName}=${token}` };
-      request.url = url;
-      return request;
-    };
-
-    afterEach(() => {
-      // restore opt-in limits to their disabled default
-      server.opts.maxTotalConnections = 0;
-      server.opts.maxConnectionsPerChannel = 0;
-    });
-
-    test('no limit when disabled (0)', () => {
-      server.opts.maxTotalConnections = 0;
-      server.opts.maxConnectionsPerChannel = 0;
-      const socketInstance = {
-        ws: new wsMock('localhost'),
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, socketInstance);
-      expect(server.connectionLimitReason(channelId)).toBeNull();
-    });
-
-    test('total connection limit reached', () => {
-      server.opts.maxTotalConnections = 1;
-      const ws = new wsMock('localhost');
-      setReadyState(ws, WebSocket.OPEN);
-      const socketInstance = {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, socketInstance);
-      expect(server.connectionLimitReason('some-other-channel')).toMatch(
-        /total connection limit/,
-      );
-    });
-
-    test('per-channel connection limit reached', () => {
-      server.opts.maxConnectionsPerChannel = 1;
-      const ws = new wsMock('localhost');
-      setReadyState(ws, WebSocket.OPEN);
-      const socketInstance = {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, socketInstance);
-      expect(server.connectionLimitReason(channelId)).toMatch(
-        /per-channel connection limit/,
-      );
-    });
-
-    test('stale closed socket does not count toward total limit', () => {
-      server.opts.maxTotalConnections = 1;
-      const ws = new wsMock('localhost');
-      const socketInstance = {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, socketInstance);
-      // simulate the socket having closed but not yet been GC'd
-      setReadyState(ws, WebSocket.CLOSED);
-      expect(server.connectionLimitReason('some-other-channel')).toBeNull();
-    });
-
-    test('stale closed socket does not count toward per-channel limit', () => {
-      server.opts.maxConnectionsPerChannel = 1;
-      const ws = new wsMock('localhost');
-      const socketInstance = {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, socketInstance);
-      // simulate the socket having closed but not yet been GC'd
-      setReadyState(ws, WebSocket.CLOSED);
-      expect(server.connectionLimitReason(channelId)).toBeNull();
-    });
-
-    test('isSocketActive reflects the socket readyState', () => {
-      const ws = new wsMock('localhost');
-      setReadyState(ws, WebSocket.OPEN);
-      const socketId = server.trackClient(channelId, {
-        ws,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      expect(server.isSocketActive(socketId)).toBe(true);
-      // CONNECTING is also considered active (see SOCKET_ACTIVE_STATES)
-      setReadyState(ws, WebSocket.CONNECTING);
-      expect(server.isSocketActive(socketId)).toBe(true);
-      setReadyState(ws, WebSocket.CLOSED);
-      expect(server.isSocketActive(socketId)).toBe(false);
-      // unknown socket ids are never active
-      expect(server.isSocketActive('does-not-exist')).toBe(false);
-    });
-
-    test('activeSocketCount counts only active sockets', () => {
-      const openWs = new wsMock('localhost');
-      setReadyState(openWs, WebSocket.OPEN);
-      server.trackClient(channelId, {
-        ws: openWs,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      const closedWs = new wsMock('localhost');
-      setReadyState(closedWs, WebSocket.CLOSED);
-      server.trackClient(channelId, {
-        ws: closedWs,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      expect(server.activeSocketCount()).toBe(1);
-    });
-
-    test('activeChannelSocketCount counts only active sockets on the channel', () => {
-      const openWs = new wsMock('localhost');
-      setReadyState(openWs, WebSocket.OPEN);
-      server.trackClient(channelId, {
-        ws: openWs,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      const closedWs = new wsMock('localhost');
-      setReadyState(closedWs, WebSocket.CLOSED);
-      server.trackClient(channelId, {
-        ws: closedWs,
-        channel: channelId,
-        pongTs: Date.now(),
-      });
-      expect(server.activeChannelSocketCount(channelId)).toBe(1);
-      // unknown channels report zero active sockets
-      expect(server.activeChannelSocketCount('no-such-channel')).toBe(0);
-    });
-
-    test('wsConnection refuses over-limit connection without tracking', () => {
-      server.opts.maxConnectionsPerChannel = 1;
-      const existingWs = new wsMock('localhost');
-      setReadyState(existingWs, WebSocket.OPEN);
-      const existing = {
-        ws: existingWs,
-        channel: channelId,
-        pongTs: Date.now(),
-      };
-      server.trackClient(channelId, existing);
-
-      const trackClientSpy = jest.spyOn(server, 'trackClient');
-      const ws = new wsMock('localhost');
-      const validToken = jwt.sign({ channel: channelId }, config.jwtSecret);
-      server.wsConnection(ws, getRequest(validToken, 'http://localhost'));
-
-      expect(ws.close).toHaveBeenCalledWith(
-        1013,
-        expect.stringMatching(/limit/),
-      );
-      expect(trackClientSpy).not.toHaveBeenCalled();
-      trackClientSpy.mockRestore();
-    });
-  });
-
  describe('httpUpgrade', () => {
    let socket: net.Socket;
    let socketDestroySpy: jest.SpiedFunction<typeof socket.destroy>;
@@ -828,8 +526,6 @@ describe('server', () => {
      server.httpUpgrade(request, socket, Buffer.alloc(5));
      expect(socketDestroySpy).toHaveBeenCalled();
      expect(wssUpgradeSpy).not.toHaveBeenCalled();
-      // rejected upgrades are counted for auditability
-      expect(statsdIncrementMock).toHaveBeenCalledWith('ws_upgrade_rejected');
    });

    test('valid JWT, no channel', async () => {
--- a/superset-websocket/src/config.ts
+++ b/superset-websocket/src/config.ts
@@ -51,10 +51,6 @@ type ConfigType = {
  socketResponseTimeoutMs: number;
  pingSocketsIntervalMs: number;
  gcChannelsIntervalMs: number;
-  maxSocketBufferBytes: number;
-  eventYieldBatchSize: number;
-  maxConnectionsPerChannel: number;
-  maxTotalConnections: number;
 };

 function defaultConfig(): ConfigType {
@@ -74,15 +70,6 @@ function defaultConfig(): ConfigType {
    socketResponseTimeoutMs: 60 * 1000,
    pingSocketsIntervalMs: 20 * 1000,
    gcChannelsIntervalMs: 120 * 1000,
-    // 0 disables the per-socket send-buffer cap; set a positive byte value to
-    // opt in to terminating clients whose outbound buffer grows beyond it.
-    maxSocketBufferBytes: 0,
-    // Number of stream events to process before yielding to the event loop.
-    // 0 disables yielding (process the whole batch synchronously).
-    eventYieldBatchSize: 100,
-    // 0 disables the limit (unlimited); set a positive value to opt in.
-    maxConnectionsPerChannel: 0,
-    maxTotalConnections: 0,
    statsd: {
      host: '127.0.0.1',
      port: 8125,
@@ -113,21 +100,6 @@ function configFromFile(): Partial<ConfigType> {

 const isPresent = (s: string) => /\S+/.test(s);
 const toNumber = Number;
-
-// Parse a non-negative numeric env override, ignoring malformed input.
-// Returns the fallback (and logs a warning) when the value is not a finite
-// number >= 0, so a misconfiguration can't silently disable the feature.
-function toNonNegativeNumber(val: string, fallback: number): number {
-  const parsed = Number(val);
-  if (!Number.isFinite(parsed) || parsed < 0) {
-    console.warn(
-      `Invalid numeric config value "${val}"; expected a non-negative ` +
-        `number. Falling back to ${fallback}.`,
-    );
-    return fallback;
-  }
-  return parsed;
-}
 const toBoolean = (s: string) => s.toLowerCase() === 'true';
 const toStringArray = (s: string) =>
  s
@@ -155,19 +127,6 @@ function applyEnvOverrides(config: ConfigType): ConfigType {
      (config.pingSocketsIntervalMs = toNumber(val)),
    GC_CHANNELS_INTERVAL_MS: val =>
      (config.gcChannelsIntervalMs = toNumber(val)),
-    MAX_SOCKET_BUFFER_BYTES: val =>
-      (config.maxSocketBufferBytes = toNonNegativeNumber(
-        val,
-        config.maxSocketBufferBytes,
-      )),
-    EVENT_YIELD_BATCH_SIZE: val =>
-      (config.eventYieldBatchSize = toNonNegativeNumber(
-        val,
-        config.eventYieldBatchSize,
-      )),
-    MAX_CONNECTIONS_PER_CHANNEL: val =>
-      (config.maxConnectionsPerChannel = toNumber(val)),
-    MAX_TOTAL_CONNECTIONS: val => (config.maxTotalConnections = toNumber(val)),
    REDIS_HOST: val => (config.redis.host = val),
    REDIS_PORT: val => (config.redis.port = toNumber(val)),
    REDIS_PASSWORD: val => (config.redis.password = val),
--- a/superset-websocket/src/index.ts
+++ b/superset-websocket/src/index.ts
@@ -18,7 +18,6 @@
 */
 import * as http from 'http';
 import * as net from 'net';
-import { inspect } from 'util';
 import WebSocket, { WebSocketServer } from 'ws';
 import { randomUUID } from 'crypto';
 import jwt, { Algorithm } from 'jsonwebtoken';
@@ -45,7 +44,7 @@ export type SupersetError<ExtraType = Record<string, any> | null> = {
  message: string;
 };

-type ListenerFunction = (results: StreamResult[]) => void | Promise<void>;
+type ListenerFunction = (results: StreamResult[]) => void;
 interface EventValue {
  id: string;
  channel_id: string;
@@ -97,15 +96,15 @@ export const statsd = new StatsD({

 // enforce JWT secret length
 if (startServer && opts.jwtSecret.length < 32) {
-  logger.error('Please provide a JWT secret at least 32 bytes long');
+  console.error('ERROR: Please provide a JWT secret at least 32 bytes long');
  process.exit(1);
 }

 if (startServer && opts.jwtSecret.startsWith('CHANGE-ME')) {
-  logger.warn(
-    'It appears your secret in your config.json is insecure. ' +
-      'DO NOT USE IN PRODUCTION',
+  console.warn(
+    'WARNING: it appears your secret in your config.json is insecure',
  );
+  console.warn('DO NOT USE IN PRODUCTION');
 }

 export const buildRedisOpts = (baseConfig: RedisConfig) => {
@@ -141,9 +140,6 @@ export const buildRedisOpts = (baseConfig: RedisConfig) => {

 // initialize servers
 const redis = new Redis(buildRedisOpts(opts.redis));
-redis.on('error', (err: Error) => {
-  logger.error(`Redis connection error: ${err.message}`);
-});
 const httpServer = http.createServer();
 export const wss = new WebSocketServer({
  noServer: true,
@@ -163,67 +159,6 @@ export const setLastFirehoseId = (id: string): void => {
  lastFirehoseId = id;
 };

-// WebSocket close code used when a connection is refused because a configured
-// connection limit has been reached (1013 = "Try Again Later").
-const CONNECTION_LIMIT_CLOSE_CODE = 1013;
-
-/**
- * Returns whether the socket with the given id is currently active, i.e. it is
- * still registered and its underlying connection is in an active readyState.
- *
- * Closed sockets are only removed from the registries asynchronously (via the
- * `checkSockets`/`cleanChannel` GC routines), so connection-limit checks must
- * filter on live socket state rather than trusting the raw registry sizes.
- */
-export const isSocketActive = (socketId: string): boolean => {
-  const socketInstance = sockets[socketId];
-  return (
-    !!socketInstance &&
-    SOCKET_ACTIVE_STATES.includes(socketInstance.ws.readyState)
-  );
-};
-
-/**
- * Counts the sockets in the global registry that are still active.
- */
-export const activeSocketCount = (): number =>
-  Object.keys(sockets).filter(isSocketActive).length;
-
-/**
- * Counts the active sockets currently registered on the given channel.
- */
-export const activeChannelSocketCount = (channel: string): number =>
-  channels[channel]?.sockets.filter(isSocketActive).length ?? 0;
-
-/**
- * Determines whether accepting a new connection on the given channel would
- * exceed a configured connection limit. Returns a human-readable reason when a
- * limit is reached, or `null` when the connection is within limits.
- *
- * Both limits are opt-in: a value of `0` (the default) disables the check.
- *
- * Counts are derived from active socket state rather than raw registry sizes:
- * recently closed sockets linger in the registries until the next GC pass, so
- * counting them would spuriously reject new connections even when no active
- * connection is consuming capacity.
- */
-export const connectionLimitReason = (channel: string): string | null => {
-  const { maxTotalConnections, maxConnectionsPerChannel } = opts;
-
-  if (maxTotalConnections > 0 && activeSocketCount() >= maxTotalConnections) {
-    return `total connection limit (${maxTotalConnections}) reached`;
-  }
-
-  if (
-    maxConnectionsPerChannel > 0 &&
-    activeChannelSocketCount(channel) >= maxConnectionsPerChannel
-  ) {
-    return `per-channel connection limit (${maxConnectionsPerChannel}) reached`;
-  }
-
-  return null;
-};
-
 /**
 * Adds the passed channel and socket instance to the internal registries.
 */
@@ -259,28 +194,6 @@ export const sendToChannel = (channel: string, value: EventValue): void => {
  channels[channel].sockets.forEach(socketId => {
    const socketInstance: SocketInstance = sockets[socketId];
    if (!socketInstance) return cleanChannel(channel);
-    // Backpressure: if a slow or stalled client has let its outbound buffer
-    // grow past the configured cap, terminate it rather than buffering
-    // unbounded data in server memory. Opt-in: a cap of 0 disables the check.
-    const { maxSocketBufferBytes } = opts;
-    if (
-      maxSocketBufferBytes > 0 &&
-      socketInstance.ws.bufferedAmount > maxSocketBufferBytes
-    ) {
-      statsd.increment('ws_client_backpressure_disconnect');
-      logger.warn(
-        `Terminating socket on channel ${channel}: send buffer ` +
-          `(${socketInstance.ws.bufferedAmount} bytes) exceeded the ` +
-          `configured limit (${maxSocketBufferBytes} bytes)`,
-      );
-      socketInstance.ws.terminate();
-      // Drop the terminated socket from the global registry immediately
-      // rather than waiting for the next checkSockets sweep, so a burst of
-      // slow clients doesn't leave dead entries resident between pings.
-      delete sockets[socketId];
-      cleanChannel(channel);
-      return;
-    }
    try {
      socketInstance.ws.send(strData);
    } catch (err) {
@@ -306,7 +219,7 @@ export const fetchRangeFromStream = async ({
  try {
    const reply = await redis.xrange(streamName, startId, endId);
    if (!reply || !reply.length) return;
-    await listener(reply as StreamResult[]);
+    listener(reply as StreamResult[]);
  } catch (e) {
    logger.error(e);
  }
@@ -341,11 +254,7 @@ export const subscribeToGlobalStream = async (
      if (!results.length) {
        continue;
      }
-      // Await the listener before advancing so that batches are processed
-      // sequentially. processStreamResults yields to the event loop mid-batch
-      // for large bursts; without awaiting here a subsequent xread could start
-      // a concurrent batch and interleave out-of-order sends to clients.
-      await listener(results as StreamResult[]);
+      listener(results as StreamResult[]);
      setLastFirehoseId(results[length - 1][0]);
    } catch (e) {
      logger.error(e);
@@ -355,33 +264,19 @@ export const subscribeToGlobalStream = async (
 };

 /**
- * Callback function to process events received from a Redis Stream.
- *
- * For large batches the loop periodically yields to the Node.js event loop
- * (via setImmediate) so that connection management, health checks and
- * ping/pong handling are not starved while a burst of events is processed.
- * The yield cadence is controlled by `eventYieldBatchSize` (0 disables it).
+ * Callback function to process events received from a Redis Stream
 */
-export const processStreamResults = async (
-  results: StreamResult[],
-): Promise<void> => {
-  // Log only the batch size, not the raw payloads, which carry user and
-  // job identifiers.
-  logger.debug(`events received: count=${results.length}`);
-  const { eventYieldBatchSize } = opts;
-  for (let i = 0; i < results.length; i += 1) {
-    if (eventYieldBatchSize > 0 && i > 0 && i % eventYieldBatchSize === 0) {
-      await new Promise(resolve => setImmediate(resolve));
-    }
+export const processStreamResults = (results: StreamResult[]): void => {
+  logger.debug(`events received: ${results}`);
+  results.forEach(item => {
    try {
-      const item = results[i];
      const id = item[0];
      const data = JSON.parse(item[1][1]);
      sendToChannel(data.channel_id, { id, ...data });
    } catch (err) {
      logger.error(err);
    }
-  }
+  });
 };

 /**
@@ -440,17 +335,6 @@ export const incrementId = (id: string): string => {
 */
 export const wsConnection = (ws: WebSocket, request: http.IncomingMessage) => {
  const channel: string = readChannelId(request);
-
-  // Refuse the connection if a configured connection limit has been reached,
-  // before tracking it against the internal registries.
-  const limitReason = connectionLimitReason(channel);
-  if (limitReason) {
-    statsd.increment('ws_connection_rejected');
-    logger.warn(`Refusing connection on channel ${channel}: ${limitReason}`);
-    ws.close(CONNECTION_LIMIT_CLOSE_CODE, limitReason);
-    return;
-  }
-
  const socketInstance: SocketInstance = { ws, channel, pongTs: Date.now() };

  // add this ws instance to the internal registry
@@ -553,14 +437,8 @@ export const httpUpgrade = (
  try {
    readChannelId(request);
  } catch (err) {
-    // Token invalid/absent: do not establish a WebSocket connection. Record a
-    // structured warning (with the request's remote address) so rejected
-    // upgrade attempts are auditable, without logging the token itself.
-    statsd.increment('ws_upgrade_rejected');
-    logger.warn(
-      `Rejected WebSocket upgrade from ${request.socket.remoteAddress ?? 'unknown'}: ` +
-        `${(err as Error).message}`,
-    );
+    // JWT invalid, do not establish a WebSocket connection
+    logger.error(err);
    socket.destroy();
    return;
  }
@@ -635,28 +513,9 @@ export const cleanChannel = (channel: string) => {
 // server startup

 if (startServer) {
-  // Last-resort handlers so an unhandled async error is recorded through the
-  // configured logger instead of printing a default trace (or, for an
-  // unhandled rejection, terminating the process on newer Node versions).
-  process.on('unhandledRejection', (reason: unknown) => {
-    // Normalize the reason defensively: a raw template interpolation throws on
-    // a Symbol (or other exotic value), which would crash this last-resort
-    // handler. `inspect` safely stringifies any value.
-    logger.error(`Unhandled promise rejection: ${inspect(reason)}`);
-  });
-  process.on('uncaughtException', (err: unknown) => {
-    // JavaScript can throw non-Error values (including null), so guard the
-    // shape before dereferencing instead of assuming an Error is present.
-    const detail =
-      err instanceof Error ? (err.stack ?? err.message) : inspect(err);
-    logger.error(`Uncaught exception: ${detail}`);
-  });
-
  // init server event listeners
  wss.on('connection', function (ws: WebSocket) {
-    ws.on('error', (err: Error) =>
-      logger.error(`socket error: ${err.message}`),
-    );
+    ws.on('error', console.error);
  });
  wss.on('connection', wsConnection);
  httpServer.on('request', httpRequest);
--- a/superset-websocket/src/logger.ts
+++ b/superset-websocket/src/logger.ts
@@ -43,7 +43,6 @@ export function createLogger(opts: LoggingOptionsType) {
    level: opts.logLevel,
    transports: logTransports,
    format: winston.format.combine(
-      winston.format.timestamp(),
      winston.format.errors({ stack: true }),
      winston.format.json(),
    ),
--- a/superset/async_events/async_query_manager.py
+++ b/superset/async_events/async_query_manager.py
@@ -18,7 +18,6 @@ from __future__ import annotations

 import logging
 import uuid
-from datetime import datetime, timedelta, timezone
 from typing import Any, Literal, Optional

 import jwt
@@ -113,7 +112,6 @@ class AsyncQueryManager:
        self._jwt_cookie_domain: Optional[str]
        self._jwt_cookie_samesite: Optional[Literal["None", "Lax", "Strict"]] = None
        self._jwt_secret: str
-        self._jwt_expiration_seconds: int = 0
        self._load_chart_data_into_cache_job: Any = None
        # pylint: disable=invalid-name
        self._load_explore_json_into_cache_job: Any = None
@@ -149,9 +147,6 @@ class AsyncQueryManager:
        ]
        self._jwt_cookie_domain = app.config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN"]
        self._jwt_secret = app.config["GLOBAL_ASYNC_QUERIES_JWT_SECRET"]
-        self._jwt_expiration_seconds = app.config[
-            "GLOBAL_ASYNC_QUERIES_JWT_EXPIRATION_SECONDS"
-        ]

        if app.config["GLOBAL_ASYNC_QUERIES_REGISTER_REQUEST_HANDLERS"]:
            self.register_request_handlers(app)
@@ -183,13 +178,8 @@ class AsyncQueryManager:
                session["async_user_id"] = user_id

                sub = str(user_id) if user_id else None
-                now = datetime.now(tz=timezone.utc)
                token = jwt.encode(
-                    {
-                        "channel": async_channel_id,
-                        "sub": sub,
-                        "exp": now + timedelta(seconds=self._jwt_expiration_seconds),
-                    },
+                    {"channel": async_channel_id, "sub": sub},
                    self._jwt_secret,
                    algorithm="HS256",
                )
@@ -201,7 +191,6 @@ class AsyncQueryManager:
                    secure=self._jwt_cookie_secure,
                    domain=self._jwt_cookie_domain,
                    samesite=self._jwt_cookie_samesite,
-                    max_age=self._jwt_expiration_seconds,
                )

            return response
--- a/superset/charts/api.py
+++ b/superset/charts/api.py
@@ -87,7 +87,6 @@ from superset.models.slice import Slice
 from superset.tasks.thumbnails import cache_chart_thumbnail
 from superset.tasks.utils import get_current_user
 from superset.utils import json
-from superset.utils.core import sanitize_cookie_token
 from superset.utils.screenshots import (
    ChartScreenshot,
    DEFAULT_CHART_WINDOW_SIZE,
@@ -883,7 +882,7 @@ class ChartRestApi(BaseSupersetModelRestApi):
            as_attachment=True,
            download_name=filename,
        )
-        if token := sanitize_cookie_token(request.args.get("token")):
+        if token := request.args.get("token"):
            response.set_cookie(token, "done", max_age=600)
        return response

--- a/superset/charts/client_processing.py
+++ b/superset/charts/client_processing.py
@@ -35,7 +35,6 @@ from flask_babel import gettext as __

 from superset.common.chart_data import ChartDataResultFormat
 from superset.extensions import event_logger
-from superset.utils import csv
 from superset.utils.core import (
    extract_dataframe_dtypes,
    get_column_names,
@@ -389,13 +388,11 @@ def apply_client_processing(  # noqa: C901
        if query["result_format"] == ChartDataResultFormat.JSON:
            query["data"] = processed_df.to_dict()
        elif query["result_format"] == ChartDataResultFormat.CSV:
-            # Route through the formula-escaping CSV writer, consistent with the
-            # other CSV export paths (viz, query context, SQL Lab export), while
-            # applying CSV_EXPORT config for consistent CSV formatting.
-            query["data"] = csv.df_to_escaped_csv(
-                processed_df,
-                index=show_default_index,
-                **current_app.config["CSV_EXPORT"],
-            )
+            buf = StringIO()
+            # Apply CSV_EXPORT config for consistent CSV formatting
+            csv_export_config = current_app.config["CSV_EXPORT"]
+            processed_df.to_csv(buf, index=show_default_index, **csv_export_config)
+            buf.seek(0)
+            query["data"] = buf.getvalue()

    return result
--- a/superset/charts/data/api.py
+++ b/superset/charts/data/api.py
@@ -734,10 +734,6 @@ class ChartDataRestApi(ChartRestApi):

            # Sanitize chart name for filename
            filename = secure_filename(f"superset_{chart_name}_{timestamp}.csv")
-        else:
-            # Sanitize the client-provided filename before placing it in the
-            # Content-Disposition header to avoid header/path injection.
-            filename = secure_filename(filename) or "export.csv"

        logger.info("Creating streaming CSV response: %s", filename)
        if expected_rows:
@@ -758,10 +754,7 @@ class ChartDataRestApi(ChartRestApi):
        # Create response with streaming headers
        response = Response(
            csv_generator_callable(),  # Call the callable to get generator
-            # Use content_type (not mimetype) so the charset is set verbatim;
-            # passing a charset via mimetype makes Werkzeug append a second
-            # charset, producing a malformed doubled Content-Type header.
-            content_type=f"text/csv; charset={encoding}",
+            mimetype=f"text/csv; charset={encoding}",
            headers={
                "Content-Disposition": f'attachment; filename="{filename}"',
                "Cache-Control": "no-cache",
--- a/superset/commands/chart/data/create_async_job_command.py
+++ b/superset/commands/chart/data/create_async_job_command.py
@@ -33,11 +33,6 @@ class CreateAsyncChartDataJobCommand:
        )

    def run(self, form_data: dict[str, Any], user_id: Optional[int]) -> dict[str, Any]:
-        if not getattr(self, "_async_channel_id", None):
-            raise RuntimeError(
-                "CreateAsyncChartDataJobCommand.run() called before validate(); "
-                "the async channel id was not initialized."
-            )
        return async_query_manager.submit_chart_data_job(
            self._async_channel_id, form_data, user_id
        )
--- a/superset/commands/dashboard/filter_state/create.py
+++ b/superset/commands/dashboard/filter_state/create.py
@@ -16,7 +16,7 @@
 # under the License.
 from typing import cast

-from flask import current_app as app, session
+from flask import session

 from superset.commands.dashboard.filter_state.utils import check_access
 from superset.commands.temporary_cache.create import CreateTemporaryCacheCommand
@@ -39,9 +39,6 @@ class CreateFilterStateCommand(CreateTemporaryCacheCommand):
        value = cast(str, cmd_params.value)  # schema ensures that value is not optional
        check_access(resource_id)
        entry: Entry = {"owner": get_user_id(), "value": value}
-        timeout = app.config["FILTER_STATE_CACHE_CONFIG"].get("CACHE_DEFAULT_TIMEOUT")
-        cache_manager.filter_state_cache.set(
-            cache_key(resource_id, key), entry, timeout=timeout
-        )
-        cache_manager.filter_state_cache.set(contextual_key, key, timeout=timeout)
+        cache_manager.filter_state_cache.set(cache_key(resource_id, key), entry)
+        cache_manager.filter_state_cache.set(contextual_key, key)
        return key
--- a/superset/commands/database/uploaders/columnar_reader.py
+++ b/superset/commands/database/uploaders/columnar_reader.py
@@ -23,7 +23,6 @@ from zipfile import BadZipfile, is_zipfile, ZipFile

 import pandas as pd
 import pyarrow.parquet as pq
-from flask import current_app
 from flask_babel import lazy_gettext as _
 from pyarrow.lib import ArrowException
 from werkzeug.datastructures import FileStorage
@@ -34,47 +33,10 @@ from superset.commands.database.uploaders.base import (
    FileMetadata,
    ReaderOptions,
 )
-from superset.exceptions import SupersetException
-from superset.utils.core import check_is_safe_zip

 logger = logging.getLogger(__name__)


-def _check_file_size(file: FileStorage) -> None:
-    """
-    Reject an uploaded file whose raw (on-the-wire) size exceeds the configured
-    limit before its contents are buffered into memory.
-
-    This is complementary to the ZIP decompression-ratio guard: it bounds the
-    raw bytes accepted regardless of whether the payload is compressed.
-
-    :param file: The uploaded file to check.
-    :throws DatabaseUploadFailed: if the file exceeds the configured limit.
-    """
-    max_size = current_app.config.get("UPLOAD_MAX_FILE_SIZE_BYTES")
-    if not max_size:
-        return
-    stream = file.stream
-    try:
-        current_position = stream.tell()
-        stream.seek(0, 2)  # seek to end
-        size = stream.tell()
-        stream.seek(current_position)
-    except (AttributeError, OSError):
-        # If the stream is not seekable we cannot determine the size cheaply;
-        # skip the check and rely on downstream guards.
-        return
-    if size > max_size:
-        raise DatabaseUploadFailed(
-            _(
-                "File size %(size)s bytes exceeds the maximum allowed "
-                "upload size of %(max_size)s bytes",
-                size=size,
-                max_size=max_size,
-            )
-        )
-
-
 class ColumnarReaderOptions(ReaderOptions, total=False):
    columns_read: list[str]

@@ -118,7 +80,6 @@ class ColumnarReader(BaseDataReader):
        :param file: The file to yield files from.
        :return: A generator that yields files.
        """
-        _check_file_size(file)
        file_suffix = Path(file.filename).suffix
        if not file_suffix:
            raise DatabaseUploadFailed(_("Unexpected no file extension found"))
@@ -128,12 +89,6 @@ class ColumnarReader(BaseDataReader):
                raise DatabaseUploadFailed(_("Not a valid ZIP file"))
            try:
                with ZipFile(file) as zip_file:
-                    # guard against decompression bombs before reading entries,
-                    # mirroring the importer path
-                    try:
-                        check_is_safe_zip(zip_file)
-                    except SupersetException as ex:
-                        raise DatabaseUploadFailed(str(ex)) from ex
                    # check if all file types are of the same extension
                    file_suffixes = {Path(name).suffix for name in zip_file.namelist()}
                    if len(file_suffixes) > 1:
--- a/superset/commands/explore/form_data/create.py
+++ b/superset/commands/explore/form_data/create.py
@@ -16,7 +16,7 @@
 # under the License.
 import logging

-from flask import current_app as app, session
+from flask import session
 from sqlalchemy.exc import SQLAlchemyError

 from superset.commands.base import BaseCommand
@@ -64,13 +64,8 @@ class CreateFormDataCommand(BaseCommand):
                    "chart_id": chart_id,
                    "form_data": form_data,
                }
-                timeout = app.config["EXPLORE_FORM_DATA_CACHE_CONFIG"].get(
-                    "CACHE_DEFAULT_TIMEOUT"
-                )
-                cache_manager.explore_form_data_cache.set(key, state, timeout=timeout)
-                cache_manager.explore_form_data_cache.set(
-                    contextual_key, key, timeout=timeout
-                )
+                cache_manager.explore_form_data_cache.set(key, state)
+                cache_manager.explore_form_data_cache.set(contextual_key, key)
            return key
        except SQLAlchemyError as ex:
            logger.exception("Error running create command")
--- a/superset/commands/export/assets.py
+++ b/superset/commands/export/assets.py
@@ -26,9 +26,7 @@ from superset.commands.chart.export import ExportChartsCommand
 from superset.commands.dashboard.export import ExportDashboardsCommand
 from superset.commands.database.export import ExportDatabasesCommand
 from superset.commands.dataset.export import ExportDatasetsCommand
-from superset.commands.export.models import ExportModelsCommand
 from superset.commands.query.export import ExportSavedQueriesCommand
-from superset.commands.tag.export import ExportTagsCommand
 from superset.utils.dict_import_export import EXPORT_VERSION

 METADATA_FILE_NAME = "metadata.yaml"
@@ -48,7 +46,7 @@ class ExportAssetsCommand(BaseCommand):
        yield METADATA_FILE_NAME, lambda: yaml.safe_dump(metadata, sort_keys=False)
        seen = {METADATA_FILE_NAME}

-        commands: list[type[ExportModelsCommand]] = [
+        commands = [
            ExportDatabasesCommand,
            ExportDatasetsCommand,
            ExportChartsCommand,
@@ -56,8 +54,6 @@ class ExportAssetsCommand(BaseCommand):
            ExportSavedQueriesCommand,
        ]

-        dashboard_ids: list[int | str] = []
-        chart_ids: list[int | str] = []
        for command in commands:
            ids = [model.id for model in command.dao.find_all()]
            for file_name, file_content in command(ids, export_related=False).run():
@@ -65,17 +61,5 @@ class ExportAssetsCommand(BaseCommand):
                    yield file_name, file_content
                    seen.add(file_name)

-            if command == ExportDashboardsCommand:
-                dashboard_ids = ids
-            elif command == ExportChartsCommand:
-                chart_ids = ids
-
-        # FIXME: It would probably be better to align the tags export
-        # command with the other export commands
-        yield from ExportTagsCommand.export(
-            dashboard_ids=dashboard_ids,
-            chart_ids=chart_ids,
-        )
-
    def validate(self) -> None:
        pass
--- a/superset/commands/security/create.py
+++ b/superset/commands/security/create.py
@@ -21,7 +21,6 @@ from typing import Any

 from superset.commands.base import BaseCommand
 from superset.commands.exceptions import DatasourceNotFoundValidationError
-from superset.commands.security.utils import raise_for_datasource_access
 from superset.commands.utils import populate_roles
 from superset.connectors.sqla.models import SqlaTable
 from superset.daos.security import RLSDAO
@@ -51,6 +50,5 @@ class CreateRLSRuleCommand(BaseCommand):
        )
        if len(tables) != len(self._tables):
            raise DatasourceNotFoundValidationError()
-        raise_for_datasource_access(tables)
        self._properties["roles"] = roles
        self._properties["tables"] = tables
--- a/superset/commands/security/delete.py
+++ b/superset/commands/security/delete.py
@@ -23,9 +23,8 @@ from superset.commands.security.exceptions import (
    RLSRuleNotFoundError,
    RuleDeleteFailedError,
 )
-from superset.commands.security.utils import raise_for_datasource_access
-from superset.connectors.sqla.models import RowLevelSecurityFilter
 from superset.daos.security import RLSDAO
+from superset.reports.models import ReportSchedule
 from superset.utils.decorators import on_error, transaction

 logger = logging.getLogger(__name__)
@@ -34,7 +33,7 @@ logger = logging.getLogger(__name__)
 class DeleteRLSRuleCommand(BaseCommand):
    def __init__(self, model_ids: list[int]):
        self._model_ids = model_ids
-        self._models: list[RowLevelSecurityFilter] = []
+        self._models: list[ReportSchedule] = []

    @transaction(on_error=partial(on_error, reraise=RuleDeleteFailedError))
    def run(self) -> None:
@@ -46,7 +45,3 @@ class DeleteRLSRuleCommand(BaseCommand):
        self._models = RLSDAO.find_by_ids(self._model_ids)
        if not self._models or len(self._models) != len(self._model_ids):
            raise RLSRuleNotFoundError()
-        # Apply the same datasource access check as create/update: a caller may
-        # only delete a rule if they can access every datasource it references.
-        for rule in self._models:
-            raise_for_datasource_access(rule.tables)
--- a/Show More
+++ b/Show More