WIP

Another fix
Move integration tests to unit tests
2026-05-02 06:24:37 +00:00 · 2024-11-25 16:43:20 -05:00 · 2024-11-24 18:53:14 -05:00 · 2024-11-24 18:44:51 -05:00 · 2024-11-24 18:03:20 -05:00 · 2024-11-22 12:04:19 -05:00
2480 changed files with 141528 additions and 174078 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -17,14 +17,7 @@

 # https://cwiki.apache.org/confluence/display/INFRA/.asf.yaml+features+for+git+repositories
 ---
-notifications:
-  commits: commits@superset.apache.org
-  issues: notifications@superset.apache.org
-  pullrequests: notifications@superset.apache.org
-  discussions: notifications@superset.apache.org
-
 github:
-  del_branch_on_merge: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
  homepage: https://superset.apache.org/
  labels:
@@ -54,17 +47,12 @@ github:
    projects: true
    # Enable wiki for documentation
    wiki: true
-    # Enable discussions
-    discussions: true

  enabled_merge_buttons:
    squash: true
    merge: false
    rebase: false

-  ghp_branch:  gh-pages
-  ghp_path: /
-
  protected_branches:
    master:
      required_status_checks:
@@ -81,16 +69,18 @@ github:
          - cypress-matrix (3, chrome)
          - cypress-matrix (4, chrome)
          - cypress-matrix (5, chrome)
-          - dependency-review
          - frontend-build
          - pre-commit (current)
+          - pre-commit (next)
          - pre-commit (previous)
          - test-mysql
          - test-postgres (current)
+          - test-postgres (next)
          - test-postgres-hive
          - test-postgres-presto
          - test-sqlite
          - unit-tests (current)
+          - unit-tests (next)

      required_pull_request_reviews:
        dismiss_stale_reviews: false
@@ -98,10 +88,3 @@ github:
        required_approving_review_count: 1

      required_signatures: false
-    gh-pages:
-      required_pull_request_reviews:
-        dismiss_stale_reviews: false
-        require_code_owner_reviews: true
-        required_approving_review_count: 1
-
-      required_signatures: false
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,6 +34,7 @@
 **/*.sqllite
 **/*.swp
 **/.terser-plugin-cache/
+**/.storybook/
 **/node_modules/

 tests/
@@ -41,8 +42,6 @@ docs/
 install/
 superset-frontend/cypress-base/
 superset-frontend/coverage/
-superset-frontend/.temp_cache/
 superset/static/assets/
 superset-websocket/dist/
 venv
-.venv
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,2 @@
 docker/**/*.sh text eol=lf
 *.svg binary
-*.ipynb binary
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -12,21 +12,21 @@

 # Notify Helm Chart maintainers about changes in it

-/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina @mistercrunch @rusackas @Antonio-RiveroMartnez
+/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina

 # Notify E2E test maintainers of changes

-/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida @mistercrunch
+/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida

 # Notify PMC members of changes to GitHub Actions

-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

 # Notify PMC members of changes to required GitHub Actions

-/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @Antonio-RiveroMartnez
+/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

-# Maps are a finicky contribution process we care about
+# Maps are a finnicky contribution process we care about

 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -41,8 +41,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
-        - "4.1.2"
-        - "4.0.2"
+        - "4.1.0"
+        - "3.1.3"
    validations:
      required: true
  - type: dropdown
--- a/.github/actions/change-detector/label-draft-pr.yml
+++ b/.github/actions/change-detector/label-draft-pr.yml
@@ -1,23 +0,0 @@
-name: Label Draft PRs
-on:
-  pull_request:
-    types:
-      - opened
-      - converted_to_draft
-jobs:
-  label-draft:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if the PR is a draft
-        id: check-draft
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const isDraft = context.payload.pull_request.draft;
-            core.setOutput('isDraft', isDraft);
-      - name: Add `review:draft` Label
-        if: steps.check-draft.outputs.isDraft == 'true'
-        uses: actions-ecosystem/action-add-labels@v1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          labels: "review:draft"
--- a/.github/actions/setup-backend/action.yml
+++ b/.github/actions/setup-backend/action.yml
@@ -26,12 +26,11 @@ runs:
      shell: bash
      run: |
        if [ "${{ inputs.python-version }}" = "current" ]; then
-          echo "PYTHON_VERSION=3.11" >> $GITHUB_ENV
-        elif [ "${{ inputs.python-version }}" = "next" ]; then
-          # currently disabled in GHA matrixes because of library compatibility issues
-          echo "PYTHON_VERSION=3.12" >> $GITHUB_ENV
-        elif [ "${{ inputs.python-version }}" = "previous" ]; then
          echo "PYTHON_VERSION=3.10" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "next" ]; then
+          echo "PYTHON_VERSION=3.11" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "previous" ]; then
+          echo "PYTHON_VERSION=3.9" >> $GITHUB_ENV
        else
          echo "PYTHON_VERSION=${{ inputs.python-version }}" >> $GITHUB_ENV
        fi
@@ -44,15 +43,11 @@ runs:
      run: |
        if [ "${{ inputs.install-superset }}" = "true" ]; then
          sudo apt-get update && sudo apt-get -y install libldap2-dev libsasl2-dev
-
-          pip install --upgrade pip setuptools wheel uv
-
+          pip install --upgrade pip setuptools wheel
          if [ "${{ inputs.requirements-type }}" = "dev" ]; then
-            uv pip install --system -r requirements/development.txt
+            pip install -r requirements/development.txt
          elif [ "${{ inputs.requirements-type }}" = "base" ]; then
-            uv pip install --system -r requirements/base.txt
+            pip install -r requirements/base.txt
          fi
-
-          uv pip install --system -e .
        fi
      shell: bash
--- a/.github/actions/setup-docker/action.yml
+++ b/.github/actions/setup-docker/action.yml
@@ -1,69 +0,0 @@
-name: "Setup Docker Environment"
-description: "Reusable steps for setting up QEMU, Docker Buildx, DockerHub login, Supersetbot, and optionally Docker Compose"
-inputs:
-  build:
-    description: "Used for building?"
-    required: false
-    default: "false"
-  dockerhub-user:
-    description: "DockerHub username"
-    required: false
-  dockerhub-token:
-    description: "DockerHub token"
-    required: false
-  install-docker-compose:
-    description: "Flag to install Docker Compose"
-    required: false
-    default: "true"
-  login-to-dockerhub:
-    description: "Whether you want to log into dockerhub"
-    required: false
-    default: "true"
-outputs: {}
-runs:
-  using: "composite"
-  steps:
-
-    - name: Set up QEMU
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-buildx-action@v3
-
-    - name: Try to login to DockerHub
-      if: ${{ inputs.login-to-dockerhub == 'true' }}
-      continue-on-error: true
-      uses: docker/login-action@v3
-      with:
-        username: ${{ inputs.dockerhub-user }}
-        password: ${{ inputs.dockerhub-token }}
-
-    - name: Install Docker Compose
-      if: ${{ inputs.install-docker-compose == 'true' }}
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y ca-certificates curl
-        sudo install -m 0755 -d /etc/apt/keyrings
-
-        # Download and save the Docker GPG key in the correct format
-        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-
-        # Ensure the key file is readable
-        sudo chmod a+r /etc/apt/keyrings/docker.gpg
-
-        # Add the Docker repository using the correct key
-        echo \
-          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-        # Update package lists and install Docker Compose plugin
-        sudo apt update
-        sudo apt install -y docker-compose-plugin
-
-    - name: Docker Version Info
-      shell: bash
-      run: docker info
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,4 @@
 version: 2
-enable-beta-ecosystems: true
 updates:

  - package-ecosystem: "github-actions"
@@ -22,16 +21,10 @@ updates:
    versioning-strategy: increase


-  # NOTE: `uv` support is in beta, more details here:
-  # https://github.com/dependabot/dependabot-core/pull/10040#issuecomment-2696978430
-  - package-ecosystem: "uv"
-    directory: "requirements/"
-    open-pull-requests-limit: 10
-    schedule:
-      interval: "weekly"
-    labels:
-      - uv
-      - dependabot
+  # - package-ecosystem: "pip"
+  # NOTE: as dependabot isn't compatible with our python
+  # dependency setup (pip-compile-multi), we'll be using
+  # `supersetbot` instead

  - package-ecosystem: "npm"
    directory: ".github/actions"
@@ -330,10 +323,6 @@ updates:

  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-core/"
-    ignore:
-      # not until React >= 18.0.0
-      - dependency-name: "react-markdown"
-      - dependency-name: "remark-gfm"
    schedule:
      interval: "monthly"
    labels:
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -127,11 +127,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/es/**'

-"i18n:persian":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/fa/**'
-
 ############################################
 # Sub-projects and monorepo packages
 ############################################
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -145,7 +145,6 @@ cypress-install() {

 cypress-run-all() {
  local USE_DASHBOARD=$1
-  local APP_ROOT=$2
  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"

  # Start Flask and run it in background
@@ -153,12 +152,7 @@ cypress-run-all() {
  # so errors can print to stderr.
  local flasklog="${HOME}/flask.log"
  local port=8081
-  CYPRESS_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    CYPRESS_BASE_URL=${CYPRESS_BASE_URL}${APP_ROOT}
-  fi
-  export CYPRESS_BASE_URL
+  export CYPRESS_BASE_URL="http://localhost:${port}"

  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
  local flaskProcessId=$!
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -14,16 +14,10 @@ on:
        required: true
        description: Max number of PRs to open (0 for no limit)
        default: 5
-      extra-flags:
-        required: false
-        default: --only-base
-        description: Additional flags to pass to the bump-python command
-  #schedule:
-  #  - cron: '0 0 * * *'  # Runs daily at midnight UTC

 jobs:
  bump-python-package:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: write
      contents: write
@@ -45,8 +39,8 @@ jobs:
        with:
          python-version: "3.10"

-      - name: Install uv
-        run: pip install uv
+      - name: Install pip-compile-multi
+        run: pip install pip-compile-multi

      - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
        env:
@@ -65,13 +59,10 @@ jobs:
            GROUP_OPT="-g ${{ github.event.inputs.group }}"
          fi

-          EXTRA_FLAGS="${{ github.event.inputs.extra-flags }}"
-
          supersetbot bump-python \
            --verbose \
            --use-current-repo \
            --include-subpackages \
            --limit ${{ github.event.inputs.limit }} \
            $PACKAGE_OPT \
-            $GROUP_OPT \
-            $EXTRA_FLAGS
+            $GROUP_OPT
--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -9,7 +9,7 @@ on:
 jobs:
  cancel-duplicate-runs:
    name: Cancel duplicate workflow runs
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: write
      contents: read
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -1,43 +0,0 @@
-name: Check python dependencies
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  check-python-deps:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-          submodules: recursive
-          fetch-depth: 1
-
-      - name: Setup Python
-        if: steps.check.outputs.python
-        uses: ./.github/actions/setup-backend/
-
-      - name: Run uv
-        if: steps.check.outputs.python
-        run: ./scripts/uv-pip-compile.sh
-
-      - name: Check for uncommitted changes
-        run: |
-          if [[ -n "$(git diff)" ]]; then
-            echo "ERROR: The pinned dependencies are not up-to-date."
-            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
-            exit 1
-          else
-            echo "Pinned dependencies are up-to-date."
-          fi
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -19,7 +19,7 @@ concurrency:
 jobs:
  check_db_migration_conflict:
    name: Check DB migration conflict
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -17,7 +17,7 @@ concurrency:
 jobs:
  analyze:
    name: Analyze
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -5,32 +5,19 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: "Dependency Review"
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
+on: [pull_request]

 permissions:
  contents: read

 jobs:
  dependency-review:
-    if: github.event_name == 'pull_request'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
        uses: actions/checkout@v4
      - name: "Dependency Review"
        uses: actions/dependency-review-action@v4
-        continue-on-error: true
        with:
          fail-on-severity: critical
          # compatible/incompatible licenses addressed here: https://www.apache.org/legal/resolved.html
@@ -45,27 +32,4 @@ jobs:
          #   license: https://applitools.com/legal/open-source-terms-of-use/
          # pkg:npm/node-forge@1.3.1
          #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
-          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1
-
-  python-dependency-liccheck:
-    # NOTE: Configuration for liccheck lives in our pyproject.yml.
-    # You cannot use a liccheck.ini file in this workflow.
-    runs-on: ubuntu-22.04
-    steps:
-      - name: "Checkout Repository"
-        uses: actions/checkout@v4
-
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        with:
-          requirements-type: base
-
-      - name: "Set up liccheck"
-        run: |
-          uv pip install --system liccheck
-      - name: "Run liccheck"
-        run: |
-          # run the checks
-          liccheck -R output.txt
-          # Print the report
-          cat output.txt
+          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,22 +14,21 @@ concurrency:
  cancel-in-progress: true

 jobs:
-
  setup_matrix:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    outputs:
      matrix_config: ${{ steps.set_matrix.outputs.matrix_config }}
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT

  docker-build:
    name: docker-build
    needs: setup_matrix
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
        build_preset: ${{fromJson(needs.setup_matrix.outputs.matrix_config)}}
@@ -37,7 +36,6 @@ jobs:
    env:
      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-      IMAGE_TAG: apache/superset:GHA-${{ matrix.build_preset }}-${{ github.run_id }}

    steps:

@@ -52,13 +50,21 @@ jobs:
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Setup Docker Environment
+      - name: Set up QEMU
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Try to login to DockerHub
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        continue-on-error: true
+        uses: docker/login-action@v3
        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Setup supersetbot
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
@@ -73,65 +79,12 @@ jobs:
          # Single platform builds in pull_request context to speed things up
          if [ "${{ github.event_name }}" = "push" ]; then
            PLATFORM_ARG="--platform linux/arm64 --platform linux/amd64"
-            # can only --load images in single-platform builds
-            PUSH_OR_LOAD="--push"
          elif [ "${{ github.event_name }}" = "pull_request" ]; then
            PLATFORM_ARG="--platform linux/amd64"
-            PUSH_OR_LOAD="--load"
          fi

          supersetbot docker \
-            $PUSH_OR_LOAD \
            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
-            --extra-flags "--build-arg INCLUDE_CHROMIUM=false --tag $IMAGE_TAG" \
            $PLATFORM_ARG
-
-      # in the context of push (using multi-platform build), we need to pull the image locally
-      - name: Docker pull
-        if: github.event_name == 'push' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker)
-        run:  docker pull $IMAGE_TAG
-
-      - name: Print docker stats
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        run: |
-          echo "SHA: ${{ github.sha }}"
-          echo "IMAGE: $IMAGE_TAG"
-          docker images $IMAGE_TAG
-          docker history $IMAGE_TAG
-
-      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
-        shell: bash
-        run: |
-          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
-          # This should reuse the CACHED image built in the previous steps
-          docker compose build superset-init --build-arg DEV_MODE=false --build-arg INCLUDE_CHROMIUM=false
-          docker compose up superset-init --exit-code-from superset-init
-
-  docker-compose-image-tag:
-    runs-on: ubuntu-24.04
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Docker Environment
-        if: steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "false"
-          install-docker-compose: "true"
-      - name: docker-compose sanity check
-        if: steps.check.outputs.docker
-        shell: bash
-        run: |
-          docker compose -f docker-compose-image-tag.yml up superset-init --exit-code-from superset-init
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -23,7 +23,7 @@ jobs:
  build:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
@@ -31,7 +31,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm run ci:release
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -13,7 +13,7 @@ concurrency:

 jobs:
  embedded-sdk-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
@@ -21,7 +21,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm test
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -22,7 +22,7 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Cleanup ephemeral envs
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write
    steps:
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -1,181 +1,132 @@
 name: Ephemeral env workflow

-# Example manual trigger:
-# gh workflow run ephemeral-env.yml --ref fix_ephemerals --field label_name="testenv-up" --field issue_number=666
-
 on:
-  pull_request_target:
-    types:
-      - labeled
-  workflow_dispatch:
-    inputs:
-      label_name:
-        description: 'Label name to simulate label-based /testenv trigger'
-        required: true
-        default: 'testenv-up'
-      issue_number:
-        description: 'Issue or PR number'
-        required: true
+  issue_comment:
+    types: [created]

 jobs:
-  ephemeral-env-label:
+  config:
+    runs-on: "ubuntu-22.04"
+    if: github.event.issue.pull_request
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  ephemeral-env-comment:
    concurrency:
-      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-label
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-comment
      cancel-in-progress: true
-    name: Evaluate ephemeral env label trigger
-    runs-on: ubuntu-24.04
+    needs: config
+    if: needs.config.outputs.has-secrets
+    name: Evaluate ephemeral env comment trigger (/testenv)
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write
    outputs:
-      slash-command: ${{ steps.eval-label.outputs.result }}
+      slash-command: ${{ steps.eval-body.outputs.result }}
      feature-flags: ${{ steps.eval-feature-flags.outputs.result }}
-      sha: ${{ steps.get-sha.outputs.sha }}
-    env:
-      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

    steps:
-      - name: Check for the "testenv-up" label
-        id: eval-label
-        run: |
-          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
-            LABEL_NAME="${{ github.event.inputs.label_name }}"
-          else
-            LABEL_NAME="${{ github.event.label.name }}"
-          fi
+    - name: Debug
+      run: |
+        echo "Comment on PR #${{ github.event.issue.number }} by ${{ github.event.issue.user.login }}, ${{ github.event.comment.author_association }}"

-          echo "Evaluating label: $LABEL_NAME"
+    - name: Eval comment body for /testenv slash command
+      uses: actions/github-script@v7
+      id: eval-body
+      with:
+        result-encoding: string
+        script: |
+          const pattern = /^\/testenv (up|down)/
+          const result = pattern.exec(context.payload.comment.body)
+          return result === null ? 'noop' : result[1]

-          if [[ "$LABEL_NAME" == "testenv-up" ]]; then
-            echo "result=up" >> $GITHUB_OUTPUT
-          else
-            echo "result=noop" >> $GITHUB_OUTPUT
-          fi
+    - name: Eval comment body for feature flags
+      uses: actions/github-script@v7
+      id: eval-feature-flags
+      with:
+        script: |
+          const pattern = /FEATURE_(\w+)=(\w+)/g;
+          let results = [];
+          [...context.payload.comment.body.matchAll(pattern)].forEach(match => {
+            const config = {
+              name: `SUPERSET_FEATURE_${match[1]}`,
+              value: match[2],
+            };
+            results.push(config);
+          });
+          return results;

-      - name: Get event SHA
-        id: get-sha
-        if: steps.eval-label.outputs.result == 'up'
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            let prSha;
-
-            // If event is workflow_dispatch, use the issue_number from inputs
-            if (context.eventName === "workflow_dispatch") {
-              const prNumber = "${{ github.event.inputs.issue_number }}";
-              if (!prNumber) {
-                console.log("No PR number found.");
-                return;
-              }
-
-              // Fetch PR details using the provided issue_number
-              const { data: pr } = await github.rest.pulls.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number: prNumber
-              });
-
-              prSha = pr.head.sha;
-            } else {
-              // If it's not workflow_dispatch, use the PR head sha from the event
-              prSha = context.payload.pull_request.head.sha;
-            }
-
-            console.log(`PR SHA: ${prSha}`);
-            core.setOutput("sha", prSha);
-
-      - name: Looking for feature flags in PR description
-        uses: actions/github-script@v7
-        id: eval-feature-flags
-        if: steps.eval-label.outputs.result == 'up'
-        with:
-          script: |
-            const description = context.payload.pull_request
-              ? context.payload.pull_request.body || ''
-              : context.payload.inputs.pr_description || '';
-
-            const pattern = /FEATURE_(\w+)=(\w+)/g;
-            let results = [];
-            [...description.matchAll(pattern)].forEach(match => {
-              const config = {
-                name: `SUPERSET_FEATURE_${match[1]}`,
-                value: match[2],
-              };
-              results.push(config);
-            });
-
-            return results;
-
-      - name: Reply with confirmation comment
-        uses: actions/github-script@v7
-        if: steps.eval-label.outputs.result == 'up'
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const action = '${{ steps.eval-label.outputs.result }}';
-            const user = context.actor;
-            const runId = context.runId;
-            const workflowUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId}`;
-
-            const issueNumber = context.payload.pull_request
-              ? context.payload.pull_request.number
-              : context.payload.inputs.issue_number;
-
-            if (!issueNumber) {
-              throw new Error("Issue number is not available.");
-            }
-
-            const body = `@${user} Processing your ephemeral environment request [here](${workflowUrl}).` +
-              ` Action: **${action}**.` +
-              ` More information on [how to use or configure ephemeral environments]` +
-              `(https://superset.apache.org/docs/contributing/howtos/#github-ephemeral-environments)`;
-
-
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: issueNumber,
-              body,
-            });
+    - name: Limit to committers
+      if: >
+        steps.eval-body.outputs.result != 'noop' &&
+        github.event.comment.author_association != 'MEMBER' &&
+        github.event.comment.author_association != 'OWNER'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Ephemeral environment creation is currently limited to committers.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)

  ephemeral-docker-build:
    concurrency:
-      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-build
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-build
      cancel-in-progress: true
-    needs: ephemeral-env-label
-    if: needs.ephemeral-env-label.outputs.slash-command == 'up'
+    needs: ephemeral-env-comment
    name: ephemeral-docker-build
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ needs.ephemeral-env-label.outputs.sha }} : ${{steps.get-sha.outputs.sha}} )"
+      - name: Get Info from comment
+        uses: actions/github-script@v7
+        id: get-pr-info
+        with:
+          script: |
+            const request = {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: ${{ github.event.issue.number }},
+            }
+            core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`)
+            const pr = await github.rest.pulls.get(request);
+            return pr.data;
+
+      - name: Debug
+        id: get-sha
+        run: |
+          echo "sha=${{ fromJSON(steps.get-pr-info.outputs.result).head.sha }}" >> $GITHUB_OUTPUT
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : ${{steps.get-sha.outputs.sha}} )"
        uses: actions/checkout@v4
        with:
-          ref: ${{ needs.ephemeral-env-label.outputs.sha }}
+          ref: ${{ steps.get-sha.outputs.sha }}
          persist-credentials: false

-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
-          install-docker-compose: "false"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3

-      - name: Setup supersetbot
-        uses: ./.github/actions/setup-supersetbot/
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

      - name: Build ephemeral env image
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          supersetbot docker \
-            --push \
-            --load \
-            --preset ci \
-            --platform  linux/amd64 \
-            --context-ref "$RELEASE" \
-            --extra-flags "--build-arg INCLUDE_CHROMIUM=false"
+          ./scripts/build_docker.py \
+            "ci" \
+            "pull_request" \
+            --build_context_ref ${{ github.event.issue.number }}

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
@@ -193,141 +144,140 @@ jobs:
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: superset-ci
-          IMAGE_TAG: apache/superset:${{ needs.ephemeral-env-label.outputs.sha }}-ci
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
+          IMAGE_TAG: apache/superset:${{ steps.get-sha.outputs.sha }}-ci
        run: |
-          docker tag $IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:pr-$PR_NUMBER-ci
+          docker tag $IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:pr-${{ github.event.issue.number }}-ci
          docker push -a $ECR_REGISTRY/$ECR_REPOSITORY

  ephemeral-env-up:
-    needs: [ephemeral-env-label, ephemeral-docker-build]
-    if: needs.ephemeral-env-label.outputs.slash-command == 'up'
+    needs: [ephemeral-env-comment, ephemeral-docker-build]
+    if: needs.ephemeral-env-comment.outputs.slash-command == 'up'
    name: Spin up an ephemeral environment
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write

    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false

-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-west-2

-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2

-      - name: Check target image exists in ECR
-        id: check-image
-        continue-on-error: true
-        env:
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
-        run: |
-          aws ecr describe-images \
-          --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
-          --repository-name superset-ci \
-          --image-ids imageTag=pr-$PR_NUMBER-ci
+    - name: Check target image exists in ECR
+      id: check-image
+      continue-on-error: true
+      run: |
+        aws ecr describe-images \
+        --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
+        --repository-name superset-ci \
+        --image-ids imageTag=pr-${{ github.event.issue.number }}-ci

-      - name: Fail on missing container image
-        if: steps.check-image.outcome == 'failure'
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.';
-            github.rest.issues.createComment({
-              issue_number: ${{ github.event.inputs.issue_number || github.event.pull_request.number }},
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: errMsg
-            });
-            core.setFailed(errMsg);
+    - name: Fail on missing container image
+      if: steps.check-image.outcome == 'failure'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)

-      - name: Fill in the new image ID in the Amazon ECS task definition
-        id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
-        with:
-          task-definition: .github/workflows/ecs-task-definition.json
-          container-name: superset-ci
-          image: ${{ steps.login-ecr.outputs.registry }}/superset-ci:pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-ci
+    - name: Fill in the new image ID in the Amazon ECS task definition
+      id: task-def
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: .github/workflows/ecs-task-definition.json
+        container-name: superset-ci
+        image: ${{ steps.login-ecr.outputs.registry }}/superset-ci:pr-${{ github.event.issue.number }}-ci

-      - name: Update env vars in the Amazon ECS task definition
-        run: |
-          cat <<< "$(jq '.containerDefinitions[0].environment += ${{ needs.ephemeral-env-label.outputs.feature-flags }}' < ${{ steps.task-def.outputs.task-definition }})" > ${{ steps.task-def.outputs.task-definition }}
+    - name: Update env vars in the Amazon ECS task definition
+      run: |
+        cat <<< "$(jq '.containerDefinitions[0].environment += ${{ needs.ephemeral-env-comment.outputs.feature-flags }}' < ${{ steps.task-def.outputs.task-definition }})" > ${{ steps.task-def.outputs.task-definition }}

-      - name: Describe ECS service
-        id: describe-services
-        run: |
-          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
-      - name: Create ECS service
-        id: create-service
-        if: steps.describe-services.outputs.active != 'true'
-        env:
-          ECR_SUBNETS: subnet-0e15a5034b4121710,subnet-0e8efef4a72224974
-          ECR_SECURITY_GROUP: sg-092ff3a6ae0574d91
-          PR_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
-        run: |
-          aws ecs create-service \
-          --cluster superset-ci \
-          --service-name pr-$PR_NUMBER-service \
-          --task-definition superset-ci \
-          --launch-type FARGATE \
-          --desired-count 1 \
-          --platform-version LATEST \
-          --network-configuration "awsvpcConfiguration={subnets=[$ECR_SUBNETS],securityGroups=[$ECR_SECURITY_GROUP],assignPublicIp=ENABLED}" \
-          --tags key=pr,value=$PR_NUMBER key=github_user,value=${{ github.actor }}
-      - name: Deploy Amazon ECS task definition
-        id: deploy-task
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
-        with:
-          task-definition: ${{ steps.task-def.outputs.task-definition }}
-          service: pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service
-          cluster: superset-ci
-          wait-for-service-stability: true
-          wait-for-minutes: 10
+    - name: Describe ECS service
+      id: describe-services
+      run: |
+        echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.issue.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
+    - name: Create ECS service
+      if: steps.describe-services.outputs.active != 'true'
+      id: create-service
+      env:
+        ECR_SUBNETS: subnet-0e15a5034b4121710,subnet-0e8efef4a72224974
+        ECR_SECURITY_GROUP: sg-092ff3a6ae0574d91
+      run: |
+        aws ecs create-service \
+        --cluster superset-ci \
+        --service-name pr-${{ github.event.issue.number }}-service \
+        --task-definition superset-ci \
+        --launch-type FARGATE \
+        --desired-count 1 \
+        --platform-version LATEST \
+        --network-configuration "awsvpcConfiguration={subnets=[$ECR_SUBNETS],securityGroups=[$ECR_SECURITY_GROUP],assignPublicIp=ENABLED}" \
+        --tags key=pr,value=${{ github.event.issue.number }} key=github_user,value=${{ github.actor }}

-      - name: List tasks
-        id: list-tasks
-        run: |
-          echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
-      - name: Get network interface
-        id: get-eni
-        run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
-      - name: Get public IP
-        id: get-ip
-        run: |
-          echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
-      - name: Comment (success)
-        if: ${{ success() }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{github.token}}
-          script: |
-            const issue_number = context.payload.inputs?.issue_number || context.issue.number;
-            github.rest.issues.createComment({
-              issue_number: issue_number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `@${{ github.actor }} Ephemeral environment spinning up at http://${{ steps.get-ip.outputs.ip }}:8080. Credentials are 'admin'/'admin'. Please allow several minutes for bootstrapping and startup.`
-            });
-      - name: Comment (failure)
-        if: ${{ failure() }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{github.token}}
-          script: |
-            const issue_number = context.payload.inputs?.issue_number || context.issue.number;
-            github.rest.issues.createComment({
-              issue_number: issue_number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: '@${{ github.event.inputs.user_login || github.event.comment.user.login }} Ephemeral environment creation failed. Please check the Actions logs for details.'
-            })
+    - name: Deploy Amazon ECS task definition
+      id: deploy-task
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        task-definition: ${{ steps.task-def.outputs.task-definition }}
+        service: pr-${{ github.event.issue.number }}-service
+        cluster: superset-ci
+        wait-for-service-stability: true
+        wait-for-minutes: 10
+
+    - name: List tasks
+      id: list-tasks
+      run: |
+        echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.issue.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
+
+    - name: Get network interface
+      id: get-eni
+      run: |
+        echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks | .[0] | .attachments | .[0] | .details | map(select(.name=="networkInterfaceId")) | .[0] | .value')" >> $GITHUB_OUTPUT
+
+    - name: Get public IP
+      id: get-ip
+      run: |
+        echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
+
+    - name: Comment (success)
+      if: ${{ success() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment spinning up at http://${{ steps.get-ip.outputs.ip }}:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.'
+          })
+
+    - name: Comment (failure)
+      if: ${{ failure() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment creation failed. Please check the Actions logs for details.'
+          })
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -24,7 +24,7 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Generate Report
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -11,7 +11,7 @@ on:
 jobs:

  validate-all-ghas:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -9,7 +9,7 @@ on:

 jobs:
  superbot-orglabel:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,7 +7,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
    - uses: actions/labeler@v5
      with:
--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -6,7 +6,7 @@ on:
 jobs:
  latest-release:
    name: Add/update tag to new release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write

--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
  license_check:
    name: License Check
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -11,7 +11,7 @@ concurrency:

 jobs:
  check-hold-label:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
    - name: Check for 'hold' label
      uses: actions/github-script@v7
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -10,7 +10,7 @@ on:

 jobs:
  lint-check:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -15,10 +15,10 @@ concurrency:

 jobs:
  pre-commit:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["current", "previous"]
+        python-version: ["current", "next", "previous"]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -38,39 +38,12 @@ jobs:
          echo "HOMEBREW_CELLAR=$HOMEBREW_CELLAR" >>"${GITHUB_ENV}"
          echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
          brew install norwoodj/tap/helm-docs
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Install Frontend Dependencies
-        run: |
-          cd superset-frontend
-          npm ci
-
-      - name: Install Docs Dependencies
-        run: |
-          cd docs
-          yarn install --immutable
-
      - name: pre-commit
        run: |
          set +e  # Don't exit immediately on failure
-          export SKIP=eslint-frontend,type-checking-frontend
          pre-commit run --all-files
-          PRE_COMMIT_EXIT_CODE=$?
-          git diff --quiet --exit-code
-          GIT_DIFF_EXIT_CODE=$?
-          if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ] || [ "${GIT_DIFF_EXIT_CODE}" -ne 0 ]; then
-            if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ]; then
-              echo "❌ Pre-commit check failed (exit code: ${EXIT_CODE})."
-            else
-              echo "❌ Git working directory is dirty."
-              echo "📌 This likely means that pre-commit made changes that were not committed."
-              echo "🔍 Modified files:"
-              git diff --name-only
-            fi
-
+          if [ $? -ne 0 ] || ! git diff --quiet --exit-code; then
+            echo "❌ Pre-commit check failed."
            echo "🚒 To prevent/address this CI issue, please install/use pre-commit locally."
            echo "📖 More details here: https://superset.apache.org/docs/contributing/development#git-hooks"
            exit 1
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -21,7 +21,7 @@ jobs:
  prefer_typescript:
    if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
    name: Prefer TypeScript
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -24,7 +24,13 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
-    runs-on: ubuntu-24.04
+
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        node-version: [20]
+
    steps:
      - uses: actions/checkout@v4
        with:
@@ -40,11 +46,11 @@ jobs:
          git fetch --prune --unshallow
          git tag -d `git tag | grep -E '^trigger-'`

-      - name: Install Node.js
+      - name: Use Node.js ${{ matrix.node-version }}
        if: env.HAS_TAGS
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node-version }}

      - name: Cache npm
        if: env.HAS_TAGS
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -21,11 +21,12 @@ jobs:
  cypress-applitools:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        browser: ["chrome"]
+        node: [20]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -39,7 +40,7 @@ jobs:
      APPLITOOLS_BATCH_NAME: Superset Cypress
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -65,7 +66,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -12,7 +12,7 @@ env:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -27,7 +27,10 @@ jobs:
  cron:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        node: [20]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -38,7 +41,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install eyes-storybook dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-cli.yml
+++ b/.github/workflows/superset-cli.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  test-load-examples:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -23,7 +23,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -12,7 +12,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -28,17 +28,17 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Build & Deploy
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
+      - name: Set up Node.js 20
        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
      - uses: actions/setup-java@v4
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -24,10 +24,11 @@ jobs:
      - uses: JustinBeckwith/linkinator-action@v1.11.0
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
-          paths: "**/*.md, **/*.mdx, !superset-frontend/CHANGELOG.md"
+          paths: "**/*.md, **/*.mdx"
          linksToSkip: >-
            ^https://github.com/apache/(superset|incubator-superset)/(pull|issue)/\d+,
            http://localhost:8088/,
+            docker/.env-non-dev,
            http://127.0.0.1:3000/,
            http://localhost:9001/,
            https://charts.bitnami.com/bitnami,
@@ -50,7 +51,7 @@ jobs:
            https://www.plaidcloud.com/
  build-deploy:
    name: Build & Deploy
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: docs
@@ -60,10 +61,10 @@ jobs:
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
+      - name: Set up Node.js 20
        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: yarn install
        run: |
          yarn install --check-cache
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -28,7 +28,6 @@ concurrency:

 jobs:
  cypress-matrix:
-    # Somehow one test flakes on 24.04 for unknown reasons, this is the only GHA left on 22.04
    runs-on: ubuntu-22.04
    permissions:
      contents: read
@@ -42,7 +41,6 @@ jobs:
      matrix:
        parallel_id: [0, 1, 2, 3, 4, 5]
        browser: ["chrome"]
-        app_root: ["", "/app/prefix"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -50,11 +48,11 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
-      # Only use dashboard when explicitly requested via workflow_dispatch
-      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true' || 'false' }}
+      # use the dashboard feature when running manually OR merging to master
+      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true'|| (github.ref == 'refs/heads/master' && 'true') || 'false' }}
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -110,7 +108,7 @@ jobs:
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "20"
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -136,10 +134,10 @@ jobs:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
-          run: cypress-run-all ${{ env.USE_DASHBOARD }} ${{ matrix.app_root }}
+          run: cypress-run-all ${{ env.USE_DASHBOARD }}
      - name: Upload Artifacts
        uses: actions/upload-artifact@v4
-        if: failure()
+        if: github.event_name == 'workflow_dispatch' && (steps.check.outputs.python || steps.check.outputs.frontend)
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
-          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}
+          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -1,4 +1,4 @@
-name: "Frontend Build CI (unit tests, linting & sanity checks)"
+name: Frontend

 on:
  push:
@@ -13,168 +13,68 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

-env:
-  TAG: apache/superset:GHA-${{ github.run_id }}
-
 jobs:
  frontend-build:
-    runs-on: ubuntu-24.04
-    outputs:
-      should-run: ${{ steps.check.outputs.frontend }}
+    runs-on: ubuntu-22.04
    steps:
-      - name: Checkout Code
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
-
-      - name: Check for File Changes
+          submodules: recursive
+      - name: Check npm lock file version
+        run: ./scripts/ci_check_npm_lock_version.sh ./superset-frontend/package-lock.json
+      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Docker Image
+      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker buildx build \
-            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-bookworm \
-            --target superset-node-ci \
-            .
-
-      - name: Save Docker Image as Artifact
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install dependencies
        if: steps.check.outputs.frontend
-        run: |
-          docker save $TAG | gzip > docker-image.tar.gz
-
-      - name: Upload Docker Image Artifact
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: npm-install
+      - name: eslint
        if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@v4
-        with:
-          name: docker-image
-          path: docker-image.tar.gz
-
-  sharded-jest-tests:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    strategy:
-      matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8]
-      fail-fast: false
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: npm run test with coverage
+        working-directory: ./superset-frontend
        run: |
-          mkdir -p ${{ github.workspace }}/superset-frontend/coverage
-          docker run \
-          -v ${{ github.workspace }}/superset-frontend/coverage:/app/superset-frontend/coverage \
-          --rm $TAG \
-          bash -c \
-          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json-summary"
-
-      - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: coverage-artifacts-${{ matrix.shard }}
-          path: superset-frontend/coverage
-
-  report-coverage:
-    needs: [sharded-jest-tests]
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@v4
-        with:
-          pattern: coverage-artifacts-*
-          path: coverage/
-
-      - name: Show Files
-        run: find coverage/
-
-      - name: Merge Code Coverage
-        run: npx nyc merge coverage/ merged-output/coverage-summary.json
-
-      - name: Upload Code Coverage
-        uses: codecov/codecov-action@v5
+          npm run eslint -- . --quiet
+      - name: tsc
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run type
+      - name: Build plugins packages
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build
+      - name: Build plugins Storybook
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build-storybook
+      - name: superset-ui/core coverage
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run core:cover
+      - name: unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run test -- --coverage --silent
+      # todo: remove this step when fix generator as a project in root jest.config.js
+      - name: generator-superset unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend/packages/generator-superset
+        run: npm run test
+      - name: Upload code coverage
+        uses: codecov/codecov-action@v4
        with:
          flags: javascript
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          files: merged-output/coverage-summary.json
-          slug: apache/superset
-
-  core-cover:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: superset-ui/core coverage
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run core:cover"
-
-  lint-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: eslint
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm i && npm run eslint -- . --quiet"
-
-      - name: tsc
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run type"
-
-  validate-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: docker load < docker-image.tar.gz
-
-      - name: Build Plugins Packages
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run plugins:build"
-
-      - name: Build Plugins Storybook
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run plugins:build-storybook"
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -1,4 +1,4 @@
-name: "Helm: lint and test charts"
+name: Lint and Test Charts

 on:
  pull_request:
@@ -13,7 +13,7 @@ concurrency:

 jobs:
  lint-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -25,7 +25,7 @@ jobs:
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
-          version: v3.16.4
+          version: v3.5.4

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -1,8 +1,4 @@
-# This workflow automates the release process for Helm charts.
-# The workflow creates a new branch for the release and opens a pull request against the 'gh-pages' branch,
-# allowing the changes to be reviewed and merged manually.
-
-name: "Helm: release charts"
+name: Release Charts

 on:
  push:
@@ -11,28 +7,18 @@ on:
      - "[0-9].[0-9]*"
    paths:
      - "helm/**"
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: "The branch, tag, or commit SHA to check out"
-        required: false
-        default: "master"

 jobs:
  release:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write
-      pull-requests: write
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    steps:
-      - name: Checkout code
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.ref || github.ref_name }}
-          persist-credentials: true
+          persist-credentials: false
          submodules: recursive
          fetch-depth: 0

@@ -49,77 +35,11 @@ jobs:
      - name: Add bitnami repo dependency
        run: helm repo add bitnami https://charts.bitnami.com/bitnami

-      - name: Fetch/list all tags
-        run: |
-          # Debugging tags
-          git fetch --tags --force
-          git tag -d superset-helm-chart-0.13.4 || true
-          echo "DEBUG TAGS"
-          git show-ref --tags
-
-      - name: Create unique pages branch name
-        id: vars
-        run: echo "branch_name=helm-publish-${GITHUB_SHA:0:7}" >> $GITHUB_ENV
-
-      - name: Force recreate branch from gh-pages
-        run: |
-          # Ensure a clean working directory
-          git reset --hard
-          git clean -fdx
-          git checkout -b local_gha_temp
-          git submodule update
-
-          # Fetch the latest gh-pages branch
-          git fetch origin gh-pages
-
-          # Check out and reset the target branch based on gh-pages
-          git checkout -B ${{ env.branch_name }} origin/gh-pages
-
-          # Remove submodules from the branch
-          git submodule deinit -f --all
-
-          # Force push to the remote branch
-          git push origin ${{ env.branch_name }} --force
-
-          # Return to the original branch
-          git checkout local_gha_temp
-
-      - name: Fetch/list all tags
-        run: |
-          git submodule update
-          cat .github/actions/chart-releaser-action/action.yml
-
      - name: Run chart-releaser
        uses: ./.github/actions/chart-releaser-action
        with:
-          version: v1.6.0
          charts_dir: helm
          mark_as_latest: false
-          pages_branch: ${{ env.branch_name }}
        env:
          CR_TOKEN: "${{ github.token }}"
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"
-
-      - name: Open Pull Request
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const branchName = '${{ env.branch_name }}';
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
-
-            if (!branchName) {
-              throw new Error("Branch name is not defined.");
-            }
-
-            const pr = await github.rest.pulls.create({
-              owner,
-              repo,
-              title: `Helm chart release for ${branchName}`,
-              head: branchName,
-              base: "gh-pages", // Adjust if the target branch is different
-              body: `This PR releases Helm charts to the gh-pages branch.`,
-            });
-
-            core.info(`Pull request created: ${pr.data.html_url}`);
-        env:
-          BRANCH_NAME: ${{ env.branch_name }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  test-mysql:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -68,16 +68,16 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,mysql
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
  test-postgres:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["current", "previous"]
+        python-version: ["current", "next", "previous"]
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -85,7 +85,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -129,14 +129,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,postgres
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true

  test-sqlite:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -181,7 +181,7 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,sqlite
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -16,7 +16,7 @@ concurrency:

 jobs:
  test-postgres-presto:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -25,7 +25,7 @@ jobs:
      SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -77,14 +77,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,presto
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true

  test-postgres-hive:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -94,7 +94,7 @@ jobs:
      UPLOAD_FOLDER: /tmp/.superset/uploads/
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -142,10 +142,9 @@ jobs:
      - name: Python unit tests (PostgreSQL)
        if: steps.check.outputs.python
        run: |
-          pip install -e .[hive]
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,hive
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -16,10 +16,10 @@ concurrency:

 jobs:
  unit-tests:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["previous", "current"]
+        python-version: ["current", "next"]
    env:
      PYTHONPATH: ${{ github.workspace }}
    steps:
@@ -44,9 +44,9 @@ jobs:
          SUPERSET_TESTENV: true
          SUPERSET_SECRET_KEY: not-a-secret
        run: |
-          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear --maxfail=50
+          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear
      - name: Upload code coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
          flags: python,unit
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -15,7 +15,7 @@ concurrency:

 jobs:
  frontend-check-translations:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
@@ -33,7 +33,7 @@ jobs:
        if: steps.check.outputs.frontend
        uses: actions/setup-node@v4
        with:
-          node-version-file:  './superset-frontend/.nvmrc'
+          node-version:  '18'
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -46,7 +46,7 @@ jobs:
          npm run build-translation

  babel-extract:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -18,7 +18,7 @@ concurrency:

 jobs:
  app-checks:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -15,7 +15,7 @@ on:

 jobs:
  supersetbot:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: >
      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot'))
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -23,7 +23,7 @@ on:
          - 'false'
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -39,26 +39,23 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: docker-release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          install-docker-compose: "false"
-          build: "true"
-
      - name: Use Node.js 20
        uses: actions/setup-node@v4
        with:
@@ -67,6 +64,13 @@ jobs:
      - name: Setup supersetbot
        uses: ./.github/actions/setup-supersetbot/

+      - name: Try to login to DockerHub
+        continue-on-error: true
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Execute custom Node.js script
        env:
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
@@ -87,7 +91,6 @@ jobs:
          fi

          supersetbot docker \
-            --push \
            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
@@ -100,7 +103,7 @@ jobs:
  update-prs-with-release-info:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -23,7 +23,7 @@ jobs:
  process-and-upload:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    name: Generate Reports
    steps:
      - name: Checkout Repository
@@ -32,10 +32,10 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: '20'

      - name: Install Dependencies
-        run: npm ci
+        run: npm install
        working-directory: ./superset-frontend

      - name: Run Script
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  welcome:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write

--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@
 *.swp
 __pycache__

-.aider*
 .local
 .cache
 .bento*
@@ -51,6 +50,7 @@ env
 venv*
 env_py3
 envpy3
+env36
 local_config.py
 /superset_config.py
 /superset_text.yml
@@ -66,10 +66,7 @@ superset-websocket/config.json
 *.js.map
 node_modules
 npm-debug.log*
-superset/static/assets/*
-!superset/static/assets/.gitkeep
-superset/static/uploads/*
-!superset/static/uploads/.gitkeep
+superset/static/assets
 superset/static/version_info.json
 superset-frontend/**/esm/*
 superset-frontend/**/lib/*
@@ -107,7 +104,6 @@ ghostdriver.log
 testCSV.csv
 .terser-plugin-cache/
 apache-superset-*.tar.gz*
-apache_superset-*.tar.gz*
 release.json

 # Translation-related files
@@ -126,4 +122,3 @@ docker/*local*
 # Jest test report
 test-report.html
 superset/static/stats/statistics.html
-.aider*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,11 +16,11 @@
 #
 repos:
  - repo: https://github.com/MarcoGorelli/auto-walrus
-    rev: 0.3.4
+    rev: v0.2.2
    hooks:
      - id: auto-walrus
  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.15.0
+    rev: v1.3.0
    hooks:
      - id: mypy
        args: [--check-untyped-defs]
@@ -38,49 +38,31 @@ repos:
            types-paramiko,
            types-Markdown,
          ]
+  - repo: https://github.com/peterdemin/pip-compile-multi
+    rev: v2.6.2
+    hooks:
+      - id: pip-compile-multi-verify
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v4.4.0
    hooks:
      - id: check-docstring-first
      - id: check-added-large-files
-        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$
+        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*
      - id: check-yaml
        exclude: ^helm/superset/templates/
      - id: debug-statements
      - id: end-of-file-fixer
-        exclude: .*/lerna\.json$
      - id: trailing-whitespace
        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
  - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v4.0.0-alpha.8 # Use the sha or tag you want to point at
+    rev: v3.1.0 # Use the sha or tag you want to point at
    hooks:
      - id: prettier
        additional_dependencies:
-          - prettier@3.5.3
+          - prettier@3.3.3
        args: ["--ignore-path=./superset-frontend/.prettierignore"]
        files: "superset-frontend"
-  - repo: local
-    hooks:
-    - id: eslint-frontend
-      name: eslint (frontend)
-      entry: ./scripts/eslint.sh
-      language: system
-      pass_filenames: true
-      files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-    - id: eslint-docs
-      name: eslint (docs)
-      entry: bash -c 'cd docs && FILES=$(echo "$@" | sed "s|docs/||g") && yarn eslint --fix --ext .js,.jsx,.ts,.tsx --quiet $FILES'
-      language: system
-      pass_filenames: true
-      files: ^docs/.*\.(js|jsx|ts|tsx)$
-    - id: type-checking-frontend
-      name: Type-Checking (Frontend)
-      entry: bash -c './scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base'
-      language: system
-      files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
-      exclude: ^superset-frontend/cypress-base\/
-      require_serial: true
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -88,15 +70,27 @@ repos:
      - id: blacklist
        args: ["--blacklisted-names=make_url", "--ignore=tests/"]
  - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.14.2
+    rev: v1.11.0
    hooks:
      - id: helm-docs
        files: helm
-        verbose: false
-        args: ["--log-level", "error"]
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.7
+    rev: v0.4.0
    hooks:
      - id: ruff
-        args: [--fix]
+        args: [ --fix ]
      - id: ruff-format
+  - repo: local
+    hooks:
+      - id: pylint
+        name: pylint
+        entry: pylint
+        language: system
+        types: [python]
+        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
+        args:
+          [
+            "-rn", # Only display messages
+            "-sn", # Don't display the score
+            "--rcfile=.pylintrc",
+          ]
--- a/.pylintrc
+++ b/.pylintrc
@@ -0,0 +1,380 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[MASTER]
+
+# Specify a configuration file.
+#rcfile=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=CVS,migrations
+
+# Add files or directories matching the regex patterns to the blacklist. The
+# regex matches against base names, not paths.
+ignore-patterns=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=superset.extensions.pylint
+
+# Use multiple processes to speed up Pylint.
+jobs=2
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code
+extension-pkg-whitelist=pyarrow
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=
+    useless-suppression,
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=
+    cyclic-import,  # re-enable once this no longer raises false positives
+    missing-docstring,
+    duplicate-code,
+    line-too-long,
+    unspecified-encoding,
+    too-many-instance-attributes  # re-enable once this no longer raises false positives
+
+[REPORTS]
+
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html. You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages
+reports=yes
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+
+[BASIC]
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=_,df,ex,f,i,id,j,k,l,o,pk,Run,ts,v,x,y
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=bar,baz,db,fd,foo,sesh,session,tata,toto,tutu
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+property-classes=
+    abc.abstractproperty,
+    sqlalchemy.ext.hybrid.hybrid_property
+
+# Regular expression matching correct argument names
+argument-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct method names
+method-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct variable names
+variable-rgx=[a-z_][a-z0-9_]{1,30}$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
+
+# Regular expression matching correct constant names
+const-rgx=(([A-Za-z_][A-Za-z0-9_]*)|(__.*__))$
+
+# Regular expression matching correct class names
+class-rgx=[A-Z_][a-zA-Z0-9]+$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Regular expression matching correct module names
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Regular expression matching correct attribute names
+attr-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression matching correct function names
+function-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=10
+
+
+[ELIF]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+
+[FORMAT]
+
+# Maximum number of characters on a single line.
+max-line-length=100
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+# Maximum number of lines in a module
+max-module-lines=1000
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,XXX
+
+
+[SIMILARITIES]
+
+# Minimum lines number of a similarity.
+min-similarity-lines=5
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[TYPECHECK]
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=numpy,pandas,alembic.op,sqlalchemy,alembic.context,flask_appbuilder.security.sqla.PermissionView.role,flask_appbuilder.Model.metadata,flask_appbuilder.Base.metadata
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=contextlib.closing,optparse.Values,thread._local,_thread._local
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+
+[VARIABLES]
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=(_+[a-zA-Z0-9]*?$)|dummy
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,future.builtins
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,__new__,setUp
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,_fields,_replace,_source,_make
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method
+max-args=5
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore
+ignored-argument-names=_.*
+
+# Maximum number of locals for function / method body
+max-locals=15
+
+# Maximum number of return / yield for function / method body
+max-returns=10
+
+# Maximum number of branch for function / method body
+max-branches=15
+
+# Maximum number of statements in function / method body
+max-statements=50
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=8
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of boolean expressions in a if statement
+max-bool-expr=5
+
+
+[IMPORTS]
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=optparse
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=builtins.Exception
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -70,7 +70,6 @@ google-sheets.svg
 ibm-db2.svg
 postgresql.svg
 snowflake.svg
-ydb.svg

 # docs-related
 erd.puml
--- a/CHANGELOG/4.1.1.md
+++ b/CHANGELOG/4.1.1.md
@@ -1,50 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1 (Fri Nov 15 22:13:57 2024 +0530)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#30886](https://github.com/apache/superset/pull/30886) fix: blocks UI elements on right side (@samarsrivastav)
- [#30859](https://github.com/apache/superset/pull/30859) fix(package.json): Pin luxon version to unblock master (@geido)
- [#30588](https://github.com/apache/superset/pull/30588) fix(explore): column data type tooltip format (@mistercrunch)
- [#29911](https://github.com/apache/superset/pull/29911) fix: Rename database from 'couchbasedb' to 'couchbase' in documentation and db_engine_specs (@ayush-couchbase)
- [#30828](https://github.com/apache/superset/pull/30828) fix(TimezoneSelector): Failing unit tests due to timezone change (@geido)
- [#30875](https://github.com/apache/superset/pull/30875) fix: don't show metadata for embedded dashboards (@sadpandajoe)
- [#30851](https://github.com/apache/superset/pull/30851) fix: Graph chart colors (@michael-s-molina)
- [#29867](https://github.com/apache/superset/pull/29867) fix(capitalization): Capitalizing a button. (@rusackas)
- [#29782](https://github.com/apache/superset/pull/29782) fix(translations): Translate embedded errors (@rusackas)
- [#29772](https://github.com/apache/superset/pull/29772) fix: Fixing incomplete string escaping. (@rusackas)
- [#29725](https://github.com/apache/superset/pull/29725) fix(frontend/docker, ci): fix borked Docker build due to Lerna v8 uplift (@hainenber)
-
-**Others**
-
- [#30576](https://github.com/apache/superset/pull/30576) chore: add link to Superset when report error (@eschutho)
- [#29786](https://github.com/apache/superset/pull/29786) refactor(Slider): Upgrade Slider to Antd 5 (@geido)
- [#29674](https://github.com/apache/superset/pull/29674) refactor(ChartCreation): Migrate tests to RTL (@rtexelm)
- [#29843](https://github.com/apache/superset/pull/29843) refactor(controls): Migrate AdhocMetricOption.test to RTL (@rtexelm)
- [#29845](https://github.com/apache/superset/pull/29845) refactor(controls): Migrate MetricDefinitionValue.test to RTL (@rtexelm)
- [#28424](https://github.com/apache/superset/pull/28424) docs: Check markdown files for bad links using linkinator (@rusackas)
- [#29768](https://github.com/apache/superset/pull/29768) docs(contributing): fix broken link to translations sub-section (@sfirke)
--- a/CHANGELOG/4.1.2.md
+++ b/CHANGELOG/4.1.2.md
@@ -1,83 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.2 (Fri Mar 7 13:28:05 2025 -0800)
-
-**Database Migrations**
-
- [#32538](https://github.com/apache/superset/pull/32538) fix(migrations): Handle comparator None in old time comparison migration (@Antonio-RiveroMartnez)
- [#32155](https://github.com/apache/superset/pull/32155) fix(migrations): Handle no params in time comparison migration (@Antonio-RiveroMartnez)
- [#31185](https://github.com/apache/superset/pull/31185) fix: check for column before adding in migrations (@betodealmeida)
-
-**Features**
-
- [#29974](https://github.com/apache/superset/pull/29974) feat(sqllab): Adds refresh button to table metadata in SQL Lab (@Usiel)
-
-**Fixes**
-
- [#32515](https://github.com/apache/superset/pull/32515) fix(sqllab): Allow clear on schema and catalog (@justinpark)
- [#32500](https://github.com/apache/superset/pull/32500) fix: dashboard, chart and dataset import validation (@dpgaspar)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31407](https://github.com/apache/superset/pull/31407) fix: Big Number side cut fixed (@fardin-developer)
- [#31480](https://github.com/apache/superset/pull/31480) fix(sunburst): Use metric label from verbose map (@gerbermichi)
- [#31427](https://github.com/apache/superset/pull/31427) fix(tags): clean up bulk create api and schema (@villebro)
- [#31334](https://github.com/apache/superset/pull/31334) fix(docs): add custom editUrl path for intro page (@dwgrossberg)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31323](https://github.com/apache/superset/pull/31323) fix: Use clickhouse sqlglot dialect for YDB (@vgvoleg)
- [#31198](https://github.com/apache/superset/pull/31198) fix: add more clickhouse disallowed functions on config (@dpgaspar)
- [#31194](https://github.com/apache/superset/pull/31194) fix(embedded): Hide anchor links in embedded mode (@Vitor-Avila)
- [#31960](https://github.com/apache/superset/pull/31960) fix(sqllab): Missing allowHTML props in ResultTableExtension (@justinpark)
- [#31332](https://github.com/apache/superset/pull/31332) fix: prevent multiple pvm errors on migration (@eschutho)
- [#31437](https://github.com/apache/superset/pull/31437) fix(database import): Gracefully handle error to get catalog schemas (@Vitor-Avila)
- [#31173](https://github.com/apache/superset/pull/31173) fix: cache-warmup fails (@nsivarajan)
- [#30442](https://github.com/apache/superset/pull/30442) fix(fe/src/dashboard): optional chaining for possibly nullable parent attribute in LayoutItem type (@hainenber)
- [#31639](https://github.com/apache/superset/pull/31639) fix(sqllab): unable to update saved queries (@DamianPendrak)
- [#29898](https://github.com/apache/superset/pull/29898) fix: parse pandas pivot null values (@eschutho)
- [#31414](https://github.com/apache/superset/pull/31414) fix(Pivot Table): Fix column width to respect currency config (@Vitor-Avila)
- [#31335](https://github.com/apache/superset/pull/31335) fix(histogram): axis margin padding consistent with other graphs (@tatiana-cherne)
- [#31301](https://github.com/apache/superset/pull/31301) fix(AllEntitiesTable): show Tags (@alexandrusoare)
- [#31329](https://github.com/apache/superset/pull/31329) fix: pass string to `process_template` (@betodealmeida)
- [#31341](https://github.com/apache/superset/pull/31341) fix(pinot): remove query aliases from SELECT and ORDER BY clauses in Pinot (@yuribogomolov)
- [#31308](https://github.com/apache/superset/pull/31308) fix: annotations on horizontal bar chart (@DamianPendrak)
- [#31294](https://github.com/apache/superset/pull/31294) fix(sqllab): Remove update_saved_query_exec_info to reduce lag (@justinpark)
- [#30897](https://github.com/apache/superset/pull/30897) fix: Exception handling for SQL Lab views (@michael-s-molina)
- [#31199](https://github.com/apache/superset/pull/31199) fix(Databricks): Escape catalog and schema names in pre-queries (@Vitor-Avila)
- [#31265](https://github.com/apache/superset/pull/31265) fix(trino): db session error in handle cursor (@justinpark)
- [#31024](https://github.com/apache/superset/pull/31024) fix(dataset): use sqlglot for DML check (@betodealmeida)
- [#29885](https://github.com/apache/superset/pull/29885) fix: add mutator to get_columns_description (@eschutho)
- [#30821](https://github.com/apache/superset/pull/30821) fix: x axis title disappears when editing bar chart (@DamianPendrak)
- [#31181](https://github.com/apache/superset/pull/31181) fix: Time-series Line Chart Display unnecessary total (@michael-s-molina)
- [#31163](https://github.com/apache/superset/pull/31163) fix(Dashboard): Backward compatible shared_label_colors field (@geido)
- [#31156](https://github.com/apache/superset/pull/31156) fix: check orderby (@betodealmeida)
- [#31154](https://github.com/apache/superset/pull/31154) fix: Remove unwanted commit on Trino's handle_cursor (@michael-s-molina)
- [#31151](https://github.com/apache/superset/pull/31151) fix: Revert "feat(trino): Add functionality to upload data (#29164)" (@michael-s-molina)
- [#31031](https://github.com/apache/superset/pull/31031) fix(Dashboard): Ensure shared label colors are updated (@geido)
- [#30967](https://github.com/apache/superset/pull/30967) fix(release validation): scripts now support RSA and EDDSA keys. (@rusackas)
- [#30881](https://github.com/apache/superset/pull/30881) fix(Dashboard): Native & Cross-Filters Scoping Performance (@geido)
- [#30887](https://github.com/apache/superset/pull/30887) fix(imports): import query_context for imports with charts (@lindenh)
- [#31008](https://github.com/apache/superset/pull/31008) fix(explore): verified props is not updated (@justinpark)
- [#30646](https://github.com/apache/superset/pull/30646) fix(Dashboard): Retain colors when color scheme not set (@geido)
- [#30962](https://github.com/apache/superset/pull/30962) fix(Dashboard): Exclude edit param in async screenshot (@geido)
-
-**Others**
-
- [#32043](https://github.com/apache/superset/pull/32043) chore: Skip the creation of secondary perms during catalog migrations (@Vitor-Avila)
- [#30865](https://github.com/apache/superset/pull/30865) docs: Updating 4.1 Release Notes (@yousoph)
--- a/361
+++ b/361
@@ -18,52 +18,46 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.11-slim-bookworm
+ARG PY_VER=3.10-slim-bookworm

-# If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
+# if BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
+FROM --platform=${BUILDPLATFORM} node:20-bullseye-slim AS superset-node

-# Include translations in the final build
-ARG BUILD_TRANSLATIONS="false"
-
-######################################################################
-# superset-node-ci used as a base for building frontend assets and CI
-######################################################################
-FROM --platform=${BUILDPLATFORM} node:20-bookworm-slim AS superset-node-ci
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-ARG DEV_MODE="false"           # Skip frontend build in dev mode
-ENV DEV_MODE=${DEV_MODE}
-
-COPY docker/ /app/docker/
-# Arguments for build configuration
 ARG NPM_BUILD_CMD="build"

-# Install system dependencies required for node-gyp
-RUN /app/docker/apt-install.sh build-essential python3 zstd
+# Include translations in the final build. The default supports en only to
+# reduce complexity and weight for those only using en
+ARG BUILD_TRANSLATIONS="false"
+
+# Used by docker-compose to skip the frontend build,
+# in dev we mount the repo and build the frontend inside docker
+ARG DEV_MODE="false"
+
+# Include headless browsers? Allows for alerts, reports & thumbnails, but bloats the images
+ARG INCLUDE_CHROMIUM="true"
+ARG INCLUDE_FIREFOX="false"
+
+# Somehow we need python3 + build-essential on this side of the house to install node-gyp
+RUN apt-get update -qq \
+    && apt-get install \
+        -yqq --no-install-recommends \
+        build-essential \
+        python3 \
+        zstd

-# Define environment variables for frontend build
 ENV BUILD_CMD=${NPM_BUILD_CMD} \
    PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+# NPM ci first, as to NOT invalidate previous steps except for when package.json changes

-# Run the frontend memory monitoring script
-RUN /app/docker/frontend-mem-nag.sh
+RUN --mount=type=bind,target=/frontend-mem-nag.sh,src=./docker/frontend-mem-nag.sh \
+    /frontend-mem-nag.sh

 WORKDIR /app/superset-frontend
-
-# Create necessary folders to avoid errors in subsequent steps
-RUN mkdir -p /app/superset/static/assets \
-             /app/superset/translations
-
-# Mount package files and install dependencies if not in dev mode
-# NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
-# ideally we'd COPY only their package.json. Here npm ci will be cached as long
-# as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that's it's not possible selectively COPY of mount using blobs.
-RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
-    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
-    --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/root/.npm \
+# Creating empty folders to avoid errors when running COPY later on
+RUN mkdir -p /app/superset/static/assets
+RUN --mount=type=bind,target=./package.json,src=./superset-frontend/package.json \
+    --mount=type=bind,target=./package-lock.json,src=./superset-frontend/package-lock.json \
    if [ "$DEV_MODE" = "false" ]; then \
        npm ci; \
    else \
@@ -72,192 +66,161 @@ RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.j

 # Runs the webpack build process
 COPY superset-frontend /app/superset-frontend
-
-######################################################################
-# superset-node used for compile frontend assets
-######################################################################
-FROM superset-node-ci AS superset-node
-
-# Build the frontend if not in dev mode
-RUN --mount=type=cache,target=/root/.npm \
-    if [ "$DEV_MODE" = "false" ]; then \
-        echo "Running 'npm run ${BUILD_CMD}'"; \
-        npm run ${BUILD_CMD}; \
+# This copies the .po files needed for translation
+RUN mkdir -p /app/superset/translations
+COPY superset/translations /app/superset/translations
+RUN if [ "$DEV_MODE" = "false" ]; then \
+        BUILD_TRANSLATIONS=$BUILD_TRANSLATIONS npm run ${BUILD_CMD}; \
    else \
        echo "Skipping 'npm run ${BUILD_CMD}' in dev mode"; \
-    fi;
-
-# Copy translation files
-COPY superset/translations /app/superset/translations
-
-# Build the frontend if not in dev mode
-RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
-        npm run build-translation; \
-    fi; \
-    rm -rf /app/superset/translations/*/*/*.po; \
-    rm -rf /app/superset/translations/*/*/*.mo;
-
-
-######################################################################
-# Base python layer
-######################################################################
-FROM python:${PY_VER} AS python-base
-
-ARG SUPERSET_HOME="/app/superset_home"
-ENV SUPERSET_HOME=${SUPERSET_HOME}
-
-RUN mkdir -p $SUPERSET_HOME
-RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 $SUPERSET_HOME \
-    && chown -R superset:superset $SUPERSET_HOME
-
-# Some bash scripts needed throughout the layers
-COPY --chmod=755 docker/*.sh /app/docker/
-
-RUN pip install --no-cache-dir --upgrade uv
-
-# Using uv as it's faster/simpler than pip
-RUN uv venv /app/.venv
-ENV PATH="/app/.venv/bin:${PATH}"
-
-######################################################################
-# Python translation compiler layer
-######################################################################
-FROM python-base AS python-translation-compiler
-
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-
-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/translations.txt requirements/
-RUN --mount=type=cache,target=/root/.cache/uv \
-    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt
-
-COPY superset/translations/ /app/translations_mo/
-RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
-        pybabel compile -d /app/translations_mo | true; \
-    fi; \
-    rm -f /app/translations_mo/*/*/*.po; \
-    rm -f /app/translations_mo/*/*/*.json;
-
-######################################################################
-# Python APP common layer
-######################################################################
-FROM python-base AS python-common
-
-ENV SUPERSET_HOME="/app/superset_home" \
-    HOME="/app/superset_home" \
-    SUPERSET_ENV="production" \
-    FLASK_APP="superset.app:create_app()" \
-    PYTHONPATH="/app/pythonpath" \
-    SUPERSET_PORT="8088"
-
-# Copy the entrypoints, make them executable in userspace
-COPY --chmod=755 docker/entrypoints /app/docker/entrypoints
-
-WORKDIR /app
-# Set up necessary directories and user
-RUN mkdir -p \
-      ${PYTHONPATH} \
-      superset/static \
-      requirements \
-      superset-frontend \
-      apache_superset.egg-info \
-      requirements \
-    && touch superset/static/version_info.json
-
-# Install Playwright and optionally setup headless browsers
-ARG INCLUDE_CHROMIUM="true"
-ARG INCLUDE_FIREFOX="false"
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "$INCLUDE_CHROMIUM" = "true" ] || [ "$INCLUDE_FIREFOX" = "true" ]; then \
-        uv pip install playwright && \
-        playwright install-deps && \
-        if [ "$INCLUDE_CHROMIUM" = "true" ]; then playwright install chromium; fi && \
-        if [ "$INCLUDE_FIREFOX" = "true" ]; then playwright install firefox; fi; \
-    else \
-        echo "Skipping browser installation"; \
    fi

-# Copy required files for Python build
-COPY pyproject.toml setup.py MANIFEST.in README.md ./
-COPY superset-frontend/package.json superset-frontend/
-COPY scripts/check-env.py scripts/

-# keeping for backward compatibility
-COPY --chmod=755 ./docker/entrypoints/run-server.sh /usr/bin/
-
-# Some debian libs
-RUN /app/docker/apt-install.sh \
-      curl \
-      libsasl2-dev \
-      libsasl2-modules-gssapi-mit \
-      libpq-dev \
-      libecpg-dev \
-      libldap2-dev
-
-# Copy compiled things from previous stages
-COPY --from=superset-node /app/superset/static/assets superset/static/assets
-
-# TODO, when the next version comes out, use --exclude superset/translations
-COPY superset superset
-# TODO in the meantime, remove the .po files
-RUN rm superset/translations/*/*/*.po
-
-# Merging translations from backend and frontend stages
-COPY --from=superset-node /app/superset/translations superset/translations
-COPY --from=python-translation-compiler /app/translations_mo superset/translations
-
-HEALTHCHECK CMD /app/docker/docker-healthcheck.sh
-CMD ["/app/docker/entrypoints/run-server.sh"]
-EXPOSE ${SUPERSET_PORT}
+# Compiles .json files from the .po files, then deletes the .po files
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
+        npm run build-translation; \
+    else \
+        echo "Skipping translations as requested by build flag"; \
+    fi
+RUN rm /app/superset/translations/*/LC_MESSAGES/*.po
+RUN rm /app/superset/translations/messages.pot

+FROM python:${PY_VER} AS python-base
 ######################################################################
 # Final lean image...
 ######################################################################
-FROM python-common AS lean
+FROM python-base AS lean

-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/base.txt requirements/
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install .
-RUN python -m compileall /app/superset
+# Include translations in the final build. The default supports en only to
+# reduce complexity and weight for those only using en
+ARG BUILD_TRANSLATIONS="false"

+WORKDIR /app
+ENV LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    SUPERSET_ENV=production \
+    FLASK_APP="superset.app:create_app()" \
+    PYTHONPATH="/app/pythonpath" \
+    SUPERSET_HOME="/app/superset_home" \
+    SUPERSET_PORT=8088
+
+RUN mkdir -p ${PYTHONPATH} superset/static requirements superset-frontend apache_superset.egg-info requirements \
+    && useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
+    && apt-get update -qq && apt-get install -yqq --no-install-recommends \
+        curl \
+        libsasl2-dev \
+        libsasl2-modules-gssapi-mit \
+        libpq-dev \
+        libecpg-dev \
+        libldap2-dev \
+    && touch superset/static/version_info.json \
+    && chown -R superset:superset ./* \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --chown=superset:superset pyproject.toml setup.py MANIFEST.in README.md ./
+# setup.py uses the version information in package.json
+COPY --chown=superset:superset superset-frontend/package.json superset-frontend/
+COPY --chown=superset:superset requirements/base.txt requirements/
+COPY --chown=superset:superset scripts/check-env.py scripts/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install --no-cache-dir --upgrade setuptools pip \
+    && pip install --no-cache-dir -r requirements/base.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy the compiled frontend assets
+COPY --chown=superset:superset --from=superset-node /app/superset/static/assets superset/static/assets
+
+## Lastly, let's install superset itself
+COPY --chown=superset:superset superset superset
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --no-cache-dir -e .
+
+# Copy the .json translations from the frontend layer
+COPY --chown=superset:superset --from=superset-node /app/superset/translations superset/translations
+
+# Compile translations for the backend - this generates .mo files, then deletes the .po files
+COPY ./scripts/translations/generate_mo_files.sh ./scripts/translations/
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
+        ./scripts/translations/generate_mo_files.sh \
+        && chown -R superset:superset superset/translations \
+        && rm superset/translations/messages.pot \
+        && rm superset/translations/*/LC_MESSAGES/*.po; \
+    else \
+        echo "Skipping translations as requested by build flag"; \
+    fi
+
+COPY --chmod=755 ./docker/run-server.sh /usr/bin/
 USER superset

+HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
+
+EXPOSE ${SUPERSET_PORT}
+
+CMD ["/usr/bin/run-server.sh"]
+
 ######################################################################
 # Dev image...
 ######################################################################
-FROM python-common AS dev
+FROM lean AS dev

-# Debian libs needed for dev
-RUN /app/docker/apt-install.sh \
-    git \
-    pkg-config \
-    default-libmysqlclient-dev
+USER root
+RUN apt-get update -qq \
+    && apt-get install -yqq --no-install-recommends \
+        libnss3 \
+        libdbus-glib-1-2 \
+        libgtk-3-0 \
+        libx11-xcb1 \
+        libasound2 \
+        libxtst6 \
+        git \
+        pkg-config \
+        && rm -rf /var/lib/apt/lists/*

-# Copy development requirements and install them
-COPY requirements/*.txt requirements/
-# Install Python dependencies using docker/pip-install.sh
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install .
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --no-cache-dir playwright
+RUN playwright install-deps

-RUN uv pip install .[postgres]
-RUN python -m compileall /app/superset
+RUN if [ "$INCLUDE_CHROMIUM" = "true" ]; then \
+        playwright install chromium; \
+    else \
+        echo "Skipping translations in dev mode"; \
+    fi
+
+# Install GeckoDriver WebDriver
+ARG GECKODRIVER_VERSION=v0.34.0 \
+    FIREFOX_VERSION=125.0.3
+
+RUN if [ "$INCLUDE_FIREFOX" = "true" ]; then \
+        apt-get update -qq \
+        && apt-get install -yqq --no-install-recommends wget bzip2 \
+        && wget -q https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz -O - | tar xfz - -C /usr/local/bin \
+        && wget -q https://download-installer.cdn.mozilla.net/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/firefox-${FIREFOX_VERSION}.tar.bz2 -O - | tar xfj - -C /opt \
+        && ln -s /opt/firefox/firefox /usr/local/bin/firefox \
+        && apt-get autoremove -yqq --purge wget bzip2 && rm -rf /var/[log,tmp]/* /tmp/* /var/lib/apt/lists/*; \
+    fi
+
+# Installing mysql client os-level dependencies in dev image only because GPL
+RUN apt-get install -yqq --no-install-recommends \
+        default-libmysqlclient-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --chown=superset:superset requirements/development.txt requirements/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install --no-cache-dir -r requirements/development.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*

 USER superset
-
 ######################################################################
 # CI image...
 ######################################################################
 FROM lean AS ci
-USER root
-RUN uv pip install .[postgres]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]
+
+COPY --chown=superset:superset --chmod=755 ./docker/*.sh /app/docker/
+
+CMD ["/app/docker/docker-ci.sh"]
--- a/3
+++ b/3
@@ -87,6 +87,9 @@ format: py-format js-format
 py-format: pre-commit
 	pre-commit run black --all-files

+py-lint: pre-commit
+	pylint -j 0 superset
+
 js-format:
 	cd superset-frontend; npm run prettier

--- a/README.md
+++ b/README.md
@@ -20,11 +20,11 @@ under the License.
 # Superset

 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/license/apache-2-0)
-[![Latest Release on Github](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/releases/latest)
-[![Build Status](https://github.com/apache/superset/actions/workflows/superset-python-unittest.yml/badge.svg)](https://github.com/apache/superset/actions)
-[![PyPI version](https://badge.fury.io/py/apache_superset.svg)](https://badge.fury.io/py/apache_superset)
+[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/tree/latest)
+[![Build Status](https://github.com/apache/superset/workflows/Python/badge.svg)](https://github.com/apache/superset/actions)
+[![PyPI version](https://badge.fury.io/py/apache-superset.svg)](https://badge.fury.io/py/apache-superset)
 [![Coverage Status](https://codecov.io/github/apache/superset/coverage.svg?branch=master)](https://codecov.io/github/apache/superset)
-[![PyPI](https://img.shields.io/pypi/pyversions/apache_superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache_superset)
+[![PyPI](https://img.shields.io/pypi/pyversions/apache-superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache-superset)
 [![Get on Slack](https://img.shields.io/badge/slack-join-orange.svg)](http://bit.ly/join-superset-slack)
 [![Documentation](https://img.shields.io/badge/docs-apache.org-blue.svg)](https://superset.apache.org)

@@ -72,10 +72,8 @@ Superset provides:
 ## Screenshots & Gifs

 **Video Overview**
-
 <!-- File hosted here https://github.com/apache/superset-site/raw/lfs/superset-video-4k.mp4 -->
-
-[superset-video-1080p.webm](https://github.com/user-attachments/assets/b37388f7-a971-409c-96a7-90c4e31322e6)
+[superset-video-4k.webm](https://github.com/apache/superset/assets/812905/da036bc2-150c-4ee7-80f9-75e63210ff76)

 <br/>

@@ -138,8 +136,6 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="oceanbase" border="0" width="220" />
  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
 </p>

 **A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
@@ -148,7 +144,7 @@ Want to add support for your datastore or data engine? Read more [here](https://

 ## Installation and Configuration

-Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) guide or learn about [the options for production deployments](https://superset.apache.org/docs/installation/architecture/).
+[Extended documentation for Superset](https://superset.apache.org/docs/installation/docker-compose)

 ## Get Involved

@@ -157,7 +153,7 @@ Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) gu
  and please read our [Slack Community Guidelines](https://github.com/apache/superset/blob/master/CODE_OF_CONDUCT.md#slack-community-guidelines)
 - [Join our dev@superset.apache.org Mailing list](https://lists.apache.org/list.html?dev@superset.apache.org). To join, simply send an email to [dev-subscribe@superset.apache.org](mailto:dev-subscribe@superset.apache.org)
 - If you want to help troubleshoot GitHub Issues involving the numerous database drivers that Superset supports, please consider adding your name and the databases you have access to on the [Superset Database Familiarity Rolodex](https://docs.google.com/spreadsheets/d/1U1qxiLvOX0kBTUGME1AHHi6Ywel6ECF8xk_Qy-V9R8c/edit#gid=0)
- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings. Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)
+- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings.  Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)

 ## Contributor Guide

@@ -185,16 +181,14 @@ Understanding the Superset Points of View
  - [Building New Database Connectors](https://preset.io/blog/building-database-connector/)
  - [Create Your First Dashboard](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/)
  - [Comprehensive Tutorial for Contributing Code to Apache Superset
-    ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
+  ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
 - [Resources to master Superset by Preset](https://preset.io/resources/)

 - Deploying Superset
-
  - [Official Docker image](https://hub.docker.com/r/apache/superset)
  - [Helm Chart](https://github.com/apache/superset/tree/master/helm/superset)

 - Recordings of Past [Superset Community Events](https://preset.io/events)
-
  - [Mixed Time Series Charts](https://preset.io/events/mixed-time-series-visualization-in-superset-workshop/)
  - [How the Bing Team Customized Superset for the Internal Self-Serve Data & Analytics Platform](https://preset.io/events/how-the-bing-team-heavily-customized-superset-for-their-internal-data/)
  - [Live Demo: Visualizing MongoDB and Pinot Data using Trino](https://preset.io/events/2021-04-13-visualizing-mongodb-and-pinot-data-using-trino/)
@@ -202,7 +196,6 @@ Understanding the Superset Points of View
  - [Building a Database Connector for Superset](https://preset.io/events/2021-02-16-building-a-database-connector-for-superset/)

 - Visualizations
-
  - [Creating Viz Plugins](https://superset.apache.org/docs/contributing/creating-viz-plugins/)
  - [Managing and Deploying Custom Viz Plugins](https://medium.com/nmc-techblog/apache-superset-manage-custom-viz-plugins-in-production-9fde1a708e55)
  - [Why Apache Superset is Betting on Apache ECharts](https://preset.io/blog/2021-4-1-why-echarts/)
--- a/RELEASING/Dockerfile.from_local_tarball
+++ b/RELEASING/Dockerfile.from_local_tarball
@@ -20,7 +20,7 @@ RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -30,14 +30,14 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
+    curl -sL https://deb.nodesource.com/setup_18.x | bash -; \
+    apt-get install -y nodejs; \
+    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi

 RUN mkdir -p /home/superset
@@ -50,21 +50,21 @@ ARG SUPERSET_RELEASE_RC_TARBALL
 # Can fetch source from svn or copy tarball from local mounted directory
 COPY $SUPERSET_RELEASE_RC_TARBALL ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend

 RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/ \
-  SUPERSET_TESTENV=true
+    PYTHONPATH=/home/superset/superset/:$PYTHONPATH \
+    SUPERSET_TESTENV=true
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.from_svn_tarball
+++ b/RELEASING/Dockerfile.from_svn_tarball
@@ -20,7 +20,7 @@ RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -29,16 +29,13 @@ RUN apt-get install -y apt-transport-https apt-utils

 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
-RUN apt-get install -y subversion build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+RUN apt-get install -y build-essential libssl-dev \
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
-RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
-RUN if ! which npm; then apt-get install -y npm; fi
+RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - \
+    && apt-get install -y nodejs

 RUN mkdir -p /home/superset
 RUN chown superset /home/superset
@@ -49,20 +46,22 @@ ARG VERSION
 # Can fetch source from svn or copy tarball from local mounted directory
 RUN svn co https://dist.apache.org/repos/dist/dev/superset/$VERSION ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR apache-superset-$VERSION

-RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+RUN cd superset-frontend \
+    && npm ci \
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/
+    PYTHONPATH=/home/superset/superset/:$PYTHONPATH
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -123,10 +123,10 @@ SUPERSET_RC=1
 SUPERSET_GITHUB_BRANCH=1.5
 SUPERSET_PGP_FULLNAME=villebro@apache.org
 SUPERSET_VERSION_RC=1.5.1rc1
-SUPERSET_RELEASE=apache_superset-1.5.1
-SUPERSET_RELEASE_RC=apache_superset-1.5.1rc1
-SUPERSET_RELEASE_TARBALL=apache_superset-1.5.1-source.tar.gz
-SUPERSET_RELEASE_RC_TARBALL=apache_superset-1.5.1rc1-source.tar.gz
+SUPERSET_RELEASE=apache-superset-1.5.1
+SUPERSET_RELEASE_RC=apache-superset-1.5.1rc1
+SUPERSET_RELEASE_TARBALL=apache-superset-1.5.1-source.tar.gz
+SUPERSET_RELEASE_RC_TARBALL=apache-superset-1.5.1rc1-source.tar.gz
 SUPERSET_TMP_ASF_SITE_PATH=/tmp/incubator-superset-site-1.5.1
 -------------------------------
 ```
@@ -380,7 +380,7 @@ Official instructions:
 https://www.apache.org/info/verification.html

 We now have a handy script for anyone validating a release to use. The core of it is in this very folder, `verify_release.py`. Just make sure you have all three release files in the same directory (`{some version}.tar.gz`, `{some version}.tar.gz.asc` and `{some version}tar.gz.sha512`). Then you can pass this script the path to the `.gz` file like so:
-`python verify_release.py ~/path/tp/apache_superset-{version/candidate}-source.tar.gz`
+`python verify_release.py ~/path/tp/apache-superset-{version/candidate}-source.tar.gz`

 If all goes well, you will see this result in your terminal:

@@ -452,13 +452,10 @@ cd ../


 # Compile translations for the backend
-./scripts/translations/generate_mo_files.sh
-
-# update build version number
-sed -i '' "s/version_string = .*/version_string = \"$SUPERSET_VERSION\"/" setup.py
+./scripts/translations/generate_po_files.sh

 # build the python distribution
-python setup.py sdist
+python -m build
 ```

 Publish to PyPI
@@ -470,7 +467,7 @@ while requesting access to push packages.

 ```bash
 twine upload dist/apache_superset-${SUPERSET_VERSION}-py3-none-any.whl
-twine upload dist/apache_superset-${SUPERSET_VERSION}.tar.gz
+twine upload dist/apache-superset-${SUPERSET_VERSION}.tar.gz
 ```

 Set your username to `__token__`
--- a/RELEASING/changelog.py
+++ b/RELEASING/changelog.py
@@ -232,7 +232,8 @@ class GitChangeLog:
        for log in self._logs:
            yield {
                "pr_number": log.pr_number,
-                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/{log.pr_number}",
+                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/"
+                f"{log.pr_number}",
                "message": log.message,
                "time": log.time,
                "author": log.author,
@@ -271,14 +272,14 @@ class GitLogs:

    @staticmethod
    def _git_get_current_head() -> str:
-        output = os.popen("git status | head -1").read()  # noqa: S605, S607
+        output = os.popen("git status | head -1").read()
        match = re.match("(?:HEAD detached at|On branch) (.*)", output)
        if not match:
            return ""
        return match.group(1)

    def _git_checkout(self, git_ref: str) -> None:
-        os.popen(f"git checkout {git_ref}").read()  # noqa: S605
+        os.popen(f"git checkout {git_ref}").read()
        current_head = self._git_get_current_head()
        if current_head != git_ref:
            print(f"Could not checkout {git_ref}")
@@ -289,7 +290,7 @@ class GitLogs:
        current_git_ref = self._git_get_current_head()
        self._git_checkout(self._git_ref)
        output = (
-            os.popen('git --no-pager log --pretty=format:"%h|%an|%ae|%ad|%s|"')  # noqa: S605, S607
+            os.popen('git --no-pager log --pretty=format:"%h|%an|%ae|%ad|%s|"')
            .read()
            .split("\n")
        )
@@ -322,9 +323,9 @@ class BaseParameters:


 def print_title(message: str) -> None:
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")
    print(message)
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")


@click.group()
@@ -348,14 +349,14 @@ def compare(base_parameters: BaseParameters) -> None:
    previous_logs = base_parameters.previous_logs
    current_logs = base_parameters.current_logs
    print_title(
-        f"Pull requests from {current_logs.git_ref} not in {previous_logs.git_ref}"
+        f"Pull requests from " f"{current_logs.git_ref} not in {previous_logs.git_ref}"
    )
    previous_diff_logs = previous_logs.diff(current_logs)
    for diff_log in previous_diff_logs:
        print(f"{diff_log}")

    print_title(
-        f"Pull requests from {previous_logs.git_ref} not in {current_logs.git_ref}"
+        f"Pull requests from " f"{previous_logs.git_ref} not in {current_logs.git_ref}"
    )
    current_diff_logs = current_logs.diff(previous_logs)
    for diff_log in current_diff_logs:
--- a/RELEASING/email_templates/announce.j2
+++ b/RELEASING/email_templates/announce.j2
@@ -31,7 +31,7 @@ The official source release:
 https://downloads.apache.org/{{ project_module }}/{{ version }}

 The PyPI package:
-https://pypi.org/project/apache_superset/{{ version }}
+https://pypi.org/project/apache-superset/{{ version }}

 The CHANGELOG for the release:
 https://github.com/apache/{{ project_module }}/blob/{{ version }}/CHANGELOG/{{ version }}.md
--- a/RELEASING/generate_email.py
+++ b/RELEASING/generate_email.py
@@ -31,7 +31,7 @@ except ModuleNotFoundError:
 RECEIVER_EMAIL = "dev@superset.apache.org"
 PROJECT_NAME = "Superset"
 PROJECT_MODULE = "superset"
-PROJECT_DESCRIPTION = "Apache Superset is a modern, enterprise-ready business intelligence web application."  # noqa: E501
+PROJECT_DESCRIPTION = "Apache Superset is a modern, enterprise-ready business intelligence web application."


 def string_comma_to_list(message: str) -> list[str]:
--- a/RELEASING/make_tarball.sh
+++ b/RELEASING/make_tarball.sh
@@ -32,7 +32,7 @@ else
  SUPERSET_VERSION="${1}"
  SUPERSET_RC="${2}"
  SUPERSET_PGP_FULLNAME="${3}"
-  SUPERSET_RELEASE_RC_TARBALL="apache_superset-${SUPERSET_VERSION_RC}-source.tar.gz"
+  SUPERSET_RELEASE_RC_TARBALL="apache-superset-${SUPERSET_VERSION_RC}-source.tar.gz"
 fi

 SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
--- a/RELEASING/make_tarball_entrypoint.sh
+++ b/RELEASING/make_tarball_entrypoint.sh
@@ -22,7 +22,7 @@ if [ -z "${SUPERSET_VERSION_RC}" ] || [ -z "${SUPERSET_SVN_DEV_PATH}" ] || [ -z
  exit 1
 fi

-SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
 SUPERSET_RELEASE_RC_BASE_PATH="${SUPERSET_SVN_DEV_PATH}"/"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL_PATH="${SUPERSET_RELEASE_RC_BASE_PATH}"/"${SUPERSET_RELEASE_RC_TARBALL}"
--- a/RELEASING/set_release_env.sh
+++ b/RELEASING/set_release_env.sh
@@ -50,8 +50,8 @@ else
  export SUPERSET_GITHUB_BRANCH="${VERSION_MAJOR}.${VERSION_MINOR}"
  export SUPERSET_PGP_FULLNAME="${2}"
  export SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${VERSION_RC}"
-  export SUPERSET_RELEASE=apache_superset-"${SUPERSET_VERSION}"
-  export SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  export SUPERSET_RELEASE=apache-superset-"${SUPERSET_VERSION}"
+  export SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  export SUPERSET_RELEASE_TARBALL="${SUPERSET_RELEASE}"-source.tar.gz
  export SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  export SUPERSET_TMP_ASF_SITE_PATH="/tmp/incubator-superset-site-${SUPERSET_VERSION}"
--- a/RELEASING/test_run_tarball.sh
+++ b/RELEASING/test_run_tarball.sh
@@ -27,7 +27,7 @@ if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
 fi

 if [[ -n ${1} ]] && [[ ${1} == "local" ]]; then
-  SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  SUPERSET_TARBALL_PATH="${SUPERSET_SVN_DEV_PATH}"/${SUPERSET_VERSION_RC}/${SUPERSET_RELEASE_RC_TARBALL}
  SUPERSET_TMP_TARBALL_FILENAME=_tmp_"${SUPERSET_VERSION_RC}".tar.gz
--- a/RELEASING/validate_this_release.sh
+++ b/RELEASING/validate_this_release.sh
@@ -38,7 +38,7 @@ get_pip_command() {
 PYTHON=$(get_python_command)
 PIP=$(get_pip_command)

-# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache_superset-x.x.xrcx-source.tar.gz`
+# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache-superset-x.x.xrcx-source.tar.gz`
 RELEASE_ZIP_PATH="../../$(basename "$(dirname "$(pwd)")")-source.tar.gz"

 # Install dependencies from requirements.txt if the file exists
--- a/RELEASING/verify_release.py
+++ b/RELEASING/verify_release.py
@@ -23,12 +23,12 @@ from typing import Optional

 import requests

-# Part 1: Verify SHA512 hash - this is the same as running `shasum -a 512 {release}` and comparing it against `{release}.sha512`  # noqa: E501
+# Part 1: Verify SHA512 hash - this is the same as running `shasum -a 512 {release}` and comparing it against `{release}.sha512`


 def get_sha512_hash(filename: str) -> str:
    """Run the shasum command on the file and return the SHA512 hash."""
-    result = subprocess.run(["shasum", "-a", "512", filename], stdout=subprocess.PIPE)  # noqa: S603, S607
+    result = subprocess.run(["shasum", "-a", "512", filename], stdout=subprocess.PIPE)
    sha512_hash = result.stdout.decode().split()[0]
    return sha512_hash

@@ -43,7 +43,7 @@ def read_sha512_file(filename: str) -> str:


 def verify_sha512(filename: str) -> str:
-    """Verify if the SHA512 hash of the file matches with the hash in the .sha512 file."""  # noqa: E501
+    """Verify if the SHA512 hash of the file matches with the hash in the .sha512 file."""
    sha512_hash = get_sha512_hash(filename)
    sha512_file_content = read_sha512_file(filename)

@@ -53,15 +53,14 @@ def verify_sha512(filename: str) -> str:
        return "SHA failed"


-# Part 2: Verify RSA key - this is the same as running `gpg --verify {release}.asc {release}` and comparing the RSA key and email address against the KEYS file  # noqa: E501
+# Part 2: Verify RSA key - this is the same as running `gpg --verify {release}.asc {release}` and comparing the RSA key and email address against the KEYS file


 def get_gpg_info(filename: str) -> tuple[Optional[str], Optional[str]]:
    """Run the GPG verify command and extract RSA key and email address."""
    asc_filename = filename + ".asc"
-    result = subprocess.run(  # noqa: S603
-        ["gpg", "--verify", asc_filename, filename],  # noqa: S607
-        capture_output=True,  # noqa: S607
+    result = subprocess.run(
+        ["gpg", "--verify", asc_filename, filename], capture_output=True
    )
    output = result.stderr.decode()

@@ -91,7 +90,7 @@ def get_gpg_info(filename: str) -> tuple[Optional[str], Optional[str]]:
 def verify_key(key: str, email: Optional[str]) -> str:
    """Fetch the KEYS file and verify if the RSA/EDDSA key and email match."""
    url = "https://downloads.apache.org/superset/KEYS"
-    response = requests.get(url)  # noqa: S113
+    response = requests.get(url)
    if response.status_code == 200:
        if key not in response.text:
            return "RSA/EDDSA key not found on KEYS page"
--- a/RESOURCES/FEATURE_FLAGS.md
+++ b/RESOURCES/FEATURE_FLAGS.md
@@ -44,11 +44,12 @@ These features are **finished** but currently being tested. They are usable, but
 - ALLOW_FULL_CSV_EXPORT
 - CACHE_IMPERSONATION
 - CONFIRM_DASHBOARD_DIFF
+- DRILL_TO_DETAIL
 - DYNAMIC_PLUGINS
- DATE_FORMAT_IN_EMAIL_SUBJECT: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports#commons)
 - ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
 - ESTIMATE_QUERY_COST
 - GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
+- HORIZONTAL_FILTER_BAR
 - IMPERSONATE_WITH_EMAIL_PREFIX
 - PLAYWRIGHT_REPORTS_AND_THUMBNAILS
 - RLS_IN_SQLLAB
@@ -62,8 +63,9 @@ These features flags are **safe for production**. They have been tested and will
 [//]: # "PLEASE KEEP THESE LISTS SORTED ALPHABETICALLY"

 ### Flags on the path to feature launch and flag deprecation/removal
-
 - DASHBOARD_VIRTUALIZATION
+- DRILL_BY
+- DISABLE_LEGACY_DATASOURCE_EDITOR

 ### Flags retained for runtime configuration

@@ -77,7 +79,6 @@ independently. This new framework will also allow for non-boolean configurations
 - ALLOW_ADHOC_SUBQUERY
 - DASHBOARD_RBAC [(docs)](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard#manage-access-to-dashboards)
 - DATAPANEL_CLOSED_BY_DEFAULT
- DRILL_BY
 - DRUID_JOINS
 - EMBEDDABLE_CHARTS
 - EMBEDDED_SUPERSET
@@ -97,6 +98,6 @@ These features flags currently default to True and **will be removed in a future
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"

 - AVOID_COLORS_COLLISION
- DRILL_TO_DETAIL
+- DASHBOARD_CROSS_FILTERS
 - ENABLE_JAVASCRIPT_CONTROLS
 - KV_STORE
--- a/RESOURCES/INTHEWILD.md
+++ b/RESOURCES/INTHEWILD.md
@@ -25,8 +25,8 @@ all you have to do is file a simple PR [like this one](https://github.com/apache
 the categorization is inaccurate, please file a PR with your correction as well.
 Join our growing community!

-### Sharing Economy

+### Sharing Economy
 - [Airbnb](https://github.com/airbnb)
 - [Faasos](https://faasos.com/) [@shashanksingh]
 - [Free2Move](https://www.free2move.com/) [@PaoloTerzi]
@@ -36,62 +36,50 @@ Join our growing community!
 - [Ontruck](https://www.ontruck.com/)

 ### Financial Services
-
 - [Aktia Bank plc](https://www.aktia.com)
 - [American Express](https://www.americanexpress.com) [@TheLastSultan]
 - [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]
 - [Cape Crypto](https://capecrypto.com)
 - [Capital Service S.A.](https://capitalservice.pl) [@pkonarzewski]
 - [Clark.de](https://clark.de/)
- [Europace](https://europace.de)
 - [KarrotPay](https://www.daangnpay.com/)
- [Remita](https://remita.net) [@mujibishola]
 - [Taveo](https://www.taveo.com) [@codek]
 - [Unit](https://www.unit.co/about-us) [@amitmiran137]
 - [Wise](https://wise.com) [@koszti]
 - [Xendit](https://xendit.co/) [@LieAlbertTriAdrian]
- [Cover Genius](https://covergenius.com/)

 ### Gaming
-
 - [Popoko VM Games Studio](https://popoko.live)

 ### E-Commerce
-
 - [AiHello](https://www.aihello.com) [@ganeshkrishnan1]
 - [Bazaar Technologies](https://www.bazaartech.com) [@umair-abro]
 - [Dragonpass](https://www.dragonpass.com.cn/) [@zhxjdwh]
 - [Dropit Shopping](https://www.dropit.shop/) [@dropit-dev]
 - [Fanatics](https://www.fanatics.com/) [@coderfender]
 - [Fordeal](https://www.fordeal.com) [@Renkai]
- [Fynd](https://www.fynd.com/) [@darpanjain07]
 - [GFG - Global Fashion Group](https://global-fashion-group.com) [@ksaagariconic]
- [GoTo/Gojek](https://www.gojek.io/) [@gwthm-in]
 - [HuiShouBao](https://www.huishoubao.com/) [@Yukinoshita-Yukino]
 - [Now](https://www.now.vn/) [@davidkohcw]
 - [Qunar](https://www.qunar.com/) [@flametest]
 - [Rakuten Viki](https://www.viki.com)
 - [Shopee](https://shopee.sg) [@xiaohanyu]
 - [Shopkick](https://www.shopkick.com) [@LAlbertalli]
- [ShopUp](https://www.shopup.org/) [@gwthm-in]
 - [Tails.com](https://tails.com/gb/) [@alanmcruickshank]
 - [THE ICONIC](https://theiconic.com.au/) [@ksaagariconic]
 - [Utair](https://www.utair.ru) [@utair-digital]
 - [VkusVill](https://vkusvill.ru/) [@ETselikov]
 - [Zalando](https://www.zalando.com) [@dmigo]
 - [Zalora](https://www.zalora.com) [@ksaagariconic]
- [Zepto](https://www.zeptonow.com/) [@gwthm-in]

 ### Enterprise Technology
-
 - [A3Data](https://a3data.com.br) [@neylsoncrepalde]
 - [Analytics Aura](https://analyticsaura.com/) [@Analytics-Aura]
 - [Apollo GraphQL](https://www.apollographql.com/) [@evans]
 - [Astronomer](https://www.astronomer.io) [@ryw]
 - [Avesta Technologies](https://avestatechnologies.com/) [@TheRum]
 - [Caizin](https://caizin.com/) [@tejaskatariya]
- [Canonical](https://canonical.com)
- [Careem](https://www.careem.com/) [@samraHanif0340]
+- [Careem](https://www.careem.com/) [@SamraHanifCareem]
 - [Cloudsmith](https://cloudsmith.io) [@alancarson]
 - [Cyberhaven](https://www.cyberhaven.com/) [@toliver-ch]
 - [Deepomatic](https://deepomatic.com/) [@Zanoellia]
@@ -102,7 +90,6 @@ Join our growing community!
 - [ELMO Cloud HR & Payroll](https://elmosoftware.com.au/)
 - [Endress+Hauser](https://www.endress.com/) [@rumbin]
 - [FBK - ICT center](https://ict.fbk.eu)
- [Formbricks](https://formbricks.com)
 - [Gavagai](https://gavagai.io) [@gavagai-corp]
 - [GfK Data Lab](https://www.gfk.com/home) [@mherr]
 - [Hydrolix](https://www.hydrolix.io/)
@@ -116,7 +103,6 @@ Join our growing community!
 - [Ona](https://ona.io) [@pld]
 - [Orange](https://www.orange.com) [@icsu]
 - [Oslandia](https://oslandia.com)
- [Oxylabs](https://oxylabs.io/) [@rytis-ulys]
 - [Peak AI](https://www.peak.ai/) [@azhar22k]
 - [PeopleDoc](https://www.people-doc.com) [@rodo]
 - [PlaidCloud](https://www.plaidcloud.com)
@@ -124,11 +110,8 @@ Join our growing community!
 - [PubNub](https://pubnub.com) [@jzucker2]
 - [ReadyTech](https://www.readytech.io)
 - [Reward Gateway](https://www.rewardgateway.com)
- [RIADVICE](https://riadvice.tn) [@riadvice]
 - [ScopeAI](https://www.getscopeai.com) [@iloveluce]
- [shipmnts](https://shipmnts.com)
 - [Showmax](https://showmax.com) [@bobek]
- [SingleStore](https://www.singlestore.com/)
 - [TechAudit](https://www.techaudit.info) [@ETselikov]
 - [Tenable](https://www.tenable.com) [@dflionis]
 - [Tentacle](https://www.linkedin.com/company/tentacle-cmi/) [@jdclarke5]
@@ -136,14 +119,11 @@ Join our growing community!
 - [Tobii](https://www.tobii.com/) [@dwa]
 - [Tooploox](https://www.tooploox.com/) [@jakubczaplicki]
 - [Unvired](https://unvired.com) [@srinisubramanian]
- [Virtuoso QA](https://www.virtuosoqa.com)
 - [Whale](https://whale.im)
 - [Windsor.ai](https://www.windsor.ai/) [@octaviancorlade]
- [WinWin Network马上赢](https://brandct.cn/) [@wenbinye]
 - [Zeta](https://www.zeta.tech/) [@shaikidris]

 ### Media & Entertainment
-
 - [6play](https://www.6play.fr) [@CoryChaplin]
 - [bilibili](https://www.bilibili.com) [@Moinheart]
 - [BurdaForward](https://www.burda-forward.de/en/)
@@ -156,10 +136,8 @@ Join our growing community!
 - [Zaihang](https://www.zaih.com/)

 ### Education
-
 - [Aveti Learning](https://avetilearning.com/) [@TheShubhendra]
 - [Brilliant.org](https://brilliant.org/)
- [Open edX](https://openedx.org/)
 - [Platzi.com](https://platzi.com/)
 - [Sunbird](https://www.sunbird.org/) [@eksteporg]
 - [The GRAPH Network](https://thegraphnetwork.org/) [@fccoelho]
@@ -168,7 +146,6 @@ Join our growing community!
 - [WikiMedia Foundation](https://wikimediafoundation.org) [@vg]

 ### Energy
-
 - [Airboxlab](https://foobot.io) [@antoine-galataud]
 - [DouroECI](https://www.douroeci.com/) [@nunohelibeires]
 - [Safaricom](https://www.safaricom.co.ke/) [@mmutiso]
@@ -176,7 +153,6 @@ Join our growing community!
 - [Wattbewerb](https://wattbewerb.de/) [@wattbewerb]

 ### Healthcare
-
 - [Amino](https://amino.com) [@shkr]
 - [Bluesquare](https://www.bluesquarehub.com/) [@madewulf]
 - [Care](https://www.getcare.io/) [@alandao2021]
@@ -189,36 +165,29 @@ Join our growing community!
 - [2070Health](https://2070health.com/)

 ### HR / Staffing
-
 - [Swile](https://www.swile.co/) [@PaoloTerzi]
 - [Symmetrics](https://www.symmetrics.fyi)
 - [bluquist](https://bluquist.com/)

-### Government
-
+### Government / Non-Profit
 - [City of Ann Arbor, MI](https://www.a2gov.org/) [@sfirke]
 - [RIS3 Strategy of CZ, MIT CR](https://www.ris3.cz/) [@RIS3CZ]
 - [NRLM - Sarathi, India](https://pib.gov.in/PressReleasePage.aspx?PRID=1999586)

 ### Travel
-
 - [Agoda](https://www.agoda.com/) [@lostseaway, @maiake, @obombayo]
- [HomeToGo](https://hometogo.com/) [@pedromartinsteenstrup]
 - [Skyscanner](https://www.skyscanner.net/) [@cleslie, @stanhoucke]

 ### Others
-
 - [10Web](https://10web.io/)
 - [AI inside](https://inside.ai/en/)
 - [Automattic](https://automattic.com/) [@Khrol, @Usiel]
 - [Dropbox](https://www.dropbox.com/) [@bkyryliuk]
- [Flowbird](https://flowbird.com) [@EmmanuelCbd]
 - [GEOTAB](https://www.geotab.com) [@JZ6]
 - [Grassroot](https://www.grassrootinstitute.org/)
 - [Increff](https://www.increff.com/) [@ishansinghania]
 - [komoot](https://www.komoot.com/) [@christophlingg]
 - [Let's Roam](https://www.letsroam.com/)
- [Machrent SA](https://www.machrent.com/)
 - [Onebeat](https://1beat.com/) [@GuyAttia]
 - [X](https://x.com/)
 - [VLMedia](https://www.vlmedia.com.tr/) [@ibotheperfect]
--- a/RESOURCES/STANDARD_ROLES.md
+++ b/RESOURCES/STANDARD_ROLES.md
@@ -43,8 +43,8 @@ under the License.
 | can this form post on ResetPasswordView          |:heavy_check_mark:|O|O|O|
 | can this form get on ResetMyPasswordView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ResetMyPasswordView        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form get on UserInfoEditView            |:heavy_check_mark:|O|O|O|
-| can this form post on UserInfoEditView           |:heavy_check_mark:|O|O|O|
+| can this form get on UserInfoEditView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can this form post on UserInfoEditView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can show on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can edit on UserDBModelView                      |:heavy_check_mark:|O|O|O|
 | can delete on UserDBModelView                    |:heavy_check_mark:|O|O|O|
@@ -65,6 +65,7 @@ under the License.
 | can get on MenuApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can list on AsyncEventsRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can invalidate on CacheRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can function names on Database                   |:heavy_check_mark:|O|O|O|
 | can csv upload on Database                       |:heavy_check_mark:|O|O|O|
 | can excel upload on Database                     |:heavy_check_mark:|O|O|O|
 | can query form data on Api                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -75,6 +76,7 @@ under the License.
 | can get on Datasource                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can my queries on SqlLab                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
 | can log on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can schemas access for csv upload on Superset    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can import dashboards on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can schemas on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can sqllab history on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
@@ -116,6 +118,8 @@ under the License.
 | menu access on Data                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Databases                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Datasets                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a CSV                      |:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Upload Excel                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Charts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on Dashboards                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | menu access on SQL Lab                           |:heavy_check_mark:|O|O|:heavy_check_mark:|
@@ -125,6 +129,13 @@ under the License.
 | all datasource access on all_datasource_access   |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all database access on all_database_access       |:heavy_check_mark:|:heavy_check_mark:|O|O|
 | all query access on all_query_access             |:heavy_check_mark:|O|O|O|
+| can edit on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can list on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can show on UserOAuthModelView                   |:heavy_check_mark:|O|O|O|
+| can userinfo on UserOAuthModelView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can add on UserOAuthModelView                    |:heavy_check_mark:|O|O|O|
+| can delete on UserOAuthModelView                 |:heavy_check_mark:|O|O|O|
+| userinfoedit on UserOAuthModelView               |:heavy_check_mark:|O|O|O|
 | can write on DynamicPlugin                       |:heavy_check_mark:|O|O|O|
 | can edit on DynamicPlugin                        |:heavy_check_mark:|O|O|O|
 | can list on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
@@ -181,6 +192,7 @@ under the License.
 | can share chart on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form get on ColumnarToDatabaseView      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can this form post on ColumnarToDatabaseView     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| menu access on Upload a Columnar file            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can export on Chart                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can write on DashboardFilterStateRestApi         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
 | can read on DashboardFilterStateRestApi          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -23,39 +23,13 @@ This file documents any backwards-incompatible changes in Superset and
 assists people when migrating to a new version.

 ## Next
- [33116](https://github.com/apache/superset/pull/33116) In Echarts Series charts (e.g. Line, Area, Bar, etc.) charts, the `x_axis_sort_series` and `x_axis_sort_series_ascending` form data items have been renamed with `x_axis_sort` and `x_axis_sort_asc`.
-There's a migration added that can potentially affect a significant number of existing charts.
- [32317](https://github.com/apache/superset/pull/32317) The horizontal filter bar feature is now out of testing/beta development and its feature flag `HORIZONTAL_FILTER_BAR` has been removed.
- [31976](https://github.com/apache/superset/pull/31976) Removed the `DISABLE_LEGACY_DATASOURCE_EDITOR` feature flag. The previous value of the feature flag was `True` and now the feature is permanently removed.
- [31959](https://github.com/apache/superset/pull/32000) Removes CSV_UPLOAD_MAX_SIZE config, use your web server to control file upload size.
- [31959](https://github.com/apache/superset/pull/31959) Removes the following endpoints from data uploads: `/api/v1/database/<id>/<file type>_upload` and `/api/v1/database/<file type>_metadata`, in favour of new one (Details on the PR). And simplifies permissions.
- [31844](https://github.com/apache/superset/pull/31844) The `ALERT_REPORTS_EXECUTE_AS` and `THUMBNAILS_EXECUTE_AS` config parameters have been renamed to `ALERT_REPORTS_EXECUTORS` and `THUMBNAILS_EXECUTORS` respectively. A new config flag `CACHE_WARMUP_EXECUTORS` has also been introduced to be able to control which user is used to execute cache warmup tasks. Finally, the config flag `THUMBNAILS_SELENIUM_USER` has been removed. To use a fixed executor for async tasks, use the new `FixedExecutor` class. See the config and docs for more info on setting up different executor profiles.
- [31894](https://github.com/apache/superset/pull/31894) Domain sharding is deprecated in favor of HTTP2. The `SUPERSET_WEBSERVER_DOMAINS` configuration will be removed in the next major version (6.0)
- [31794](https://github.com/apache/superset/pull/31794) Removed the previously deprecated `DASHBOARD_CROSS_FILTERS` feature flag
- [31774](https://github.com/apache/superset/pull/31774): Fixes the spelling of the `USE-ANALAGOUS-COLORS` feature flag. Please update any scripts/configuration item to use the new/corrected `USE-ANALOGOUS-COLORS` flag spelling.
- [31582](https://github.com/apache/superset/pull/31582) Removed the legacy Area, Bar, Event Flow, Heatmap, Histogram, Line, Sankey, and Sankey Loop charts. They were all automatically migrated to their ECharts counterparts with the exception of the Event Flow and Sankey Loop charts which were removed as they were not actively maintained and not widely used. If you were using the Event Flow or Sankey Loop charts, you will need to find an alternative solution.
+
 - [29798](https://github.com/apache/superset/pull/29798) Since 3.1.0, the intial schedule for an alert or report was mistakenly offset by the specified timezone's relation to UTC. The initial schedule should now begin at the correct time.
 - [30021](https://github.com/apache/superset/pull/30021) The `dev` layer in our Dockerfile no long includes firefox binaries, only Chromium to reduce bloat/docker-build-time.
 - [30099](https://github.com/apache/superset/pull/30099) Translations are no longer included in the default docker image builds. If your environment requires translations, you'll want to set the docker build arg `BUILD_TRANSACTION=true`.
- [31262](https://github.com/apache/superset/pull/31262) NOTE: deprecated `pylint` in favor of `ruff` as our only python linter. Only affect development workflows positively (not the release itself). It should cover most important rules, be much faster, but some things linting rules that were enforced before may not be enforce in the exact same way as before.
- [31413](https://github.com/apache/superset/pull/31413) Enable the DATE_FORMAT_IN_EMAIL_SUBJECT feature flag to allow users to specify a date format for the email subject, which will then be replaced with the actual date.
- [31385](https://github.com/apache/superset/pull/31385) Significant docker refactor, reducing access levels for the `superset` user, streamlining layer building, ...
- [31503](https://github.com/apache/superset/pull/31503) Deprecating python 3.9.x support, 3.11 is now the recommended version and 3.10 is still supported over the Superset 5.0 lifecycle.
- [29121](https://github.com/apache/superset/pull/29121) Removed the `css`, `position_json`, and `json_metadata` from the payload of the dashboard list endpoint (`GET api/v1/dashboard`) for performance reasons.
- [29163](https://github.com/apache/superset/pull/29163) Removed the `SHARE_QUERIES_VIA_KV_STORE` and `KV_STORE` feature flags and changed the way Superset shares SQL Lab queries to use permalinks. The legacy `/kv` API was removed but we still support legacy links in 5.0. In 6.0, only permalinks will be supported.
- [25166](https://github.com/apache/superset/pull/25166) Changed the default configuration of `UPLOAD_FOLDER` from `/app/static/uploads/` to `/static/uploads/`. It also removed the unused `IMG_UPLOAD_FOLDER` and `IMG_UPLOAD_URL` configuration options.
- [30284](https://github.com/apache/superset/pull/30284) Deprecated GLOBAL_ASYNC_QUERIES_REDIS_CONFIG in favor of the new GLOBAL_ASYNC_QUERIES_CACHE_BACKEND configuration. To leverage Redis Sentinel, set CACHE_TYPE to RedisSentinelCache, or use RedisCache for standalone Redis
- [31961](https://github.com/apache/superset/pull/31961) Upgraded React from version 16.13.1 to 17.0.2. If you are using custom frontend extensions or plugins, you may need to update them to be compatible with React 17.
- [31260](https://github.com/apache/superset/pull/31260) Docker images now use `uv pip install` instead of `pip install` to manage the python envrionment. Most docker-based deployments will be affected, whether you derive one of the published images, or have custom bootstrap script that install python libraries (drivers)
- [32432](https://github.com/apache/superset/pull/31260) Moves the List Roles FAB view to the frontend and requires `FAB_ADD_SECURITY_API` to be enabled in the configuration and `superset init` to be executed.

 ### Potential Downtime

-## 4.1.2
-
- [31198](https://github.com/apache/superset/pull/31198) Disallows by default the use of the following ClickHouse functions: "version", "currentDatabase", "hostName".
- [31173](https://github.com/apache/superset/pull/31173) Modified `fetch_csrf_token` to align with HTTP standards, particularly regarding how cookies are handled. If you encounter any issues related to CSRF functionality, please report them as a new issue and reference this PR for context.
-
 ## 4.1.0

 - [29274](https://github.com/apache/superset/pull/29274): We made it easier to trigger CI on your
--- a/docker-compose-image-tag.yml
+++ b/docker-compose-image-tag.yml
@@ -22,6 +22,9 @@
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
 x-superset-image: &superset-image apachesuperset.docker.scarf.sh/apache/superset:${TAG:-latest-dev}
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
 x-superset-volumes:
  &superset-volumes # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -41,7 +44,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    volumes:
@@ -61,12 +64,8 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    image: *superset-image
@@ -77,18 +76,11 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    image: *superset-image
@@ -100,9 +92,7 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
@@ -111,8 +101,6 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    image: *superset-image
@@ -124,15 +112,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose-non-dev.yml
+++ b/docker-compose-non-dev.yml
@@ -21,6 +21,9 @@
 # create you own docker environment file (docker/.env) with your own
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
 x-superset-volumes:
  &superset-volumes # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -46,7 +49,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    volumes:
@@ -67,12 +70,8 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-init:
    container_name: superset_init
@@ -84,18 +83,11 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker:
    build:
@@ -108,9 +100,7 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
@@ -119,8 +109,6 @@ services:
          "CMD-SHELL",
          "celery -A superset.tasks.celery_app:app inspect ping -d celery@$$HOSTNAME",
        ]
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-worker-beat:
    build:
@@ -133,15 +121,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: "root"
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

 volumes:
  superset_home:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -22,6 +22,10 @@
 # unique random secure passwords and SECRET_KEY.
 # -----------------------------------------------------------------------
 x-superset-user: &superset-user root
+x-superset-depends-on: &superset-depends-on
+  - db
+  - redis
+  - superset-checks
 x-superset-volumes: &superset-volumes
  # /app/pythonpath_docker will be appended to the PYTHONPATH in the final container
  - ./docker:/app/docker
@@ -29,24 +33,17 @@ x-superset-volumes: &superset-volumes
  - ./superset-frontend:/app/superset-frontend
  - superset_home:/app/superset_home
  - ./tests:/app/tests
+
 x-common-build: &common-build
  context: .
-  target: ${SUPERSET_BUILD_TARGET:-dev} # can use `dev` (default) or `lean`
+  target: dev
  cache_from:
    - apache/superset-cache:3.10-slim-bookworm
  args:
    DEV_MODE: "true"
-    INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
-    INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
-    BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}

 services:
  nginx:
-    env_file:
-      - path: docker/.env # default
-        required: true
-      - path: docker/.env-local # optional override
-        required: false
    image: nginx:latest
    container_name: superset_nginx
    restart: unless-stopped
@@ -56,8 +53,6 @@ services:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./docker/nginx/templates:/etc/nginx/templates:ro
-
  redis:
    image: redis:7
    container_name: superset_cache
@@ -73,7 +68,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    image: postgres:16
+    image: postgres:15
    container_name: superset_db
    restart: unless-stopped
    ports:
@@ -95,18 +90,13 @@ services:
    restart: unless-stopped
    ports:
      - 8088:8088
-      # When in cypress-mode ->
-      - 8081:8081
    extra_hosts:
      - "host.docker.internal:host-gateway"
    user: *superset-user
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    volumes: *superset-volumes
    environment:
      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-websocket:
    container_name: superset_websocket
@@ -141,6 +131,23 @@ services:
      - REDIS_PORT=6379
      - REDIS_SSL=false

+  superset-checks:
+    build:
+      context: .
+      target: python-base
+      cache_from:
+        - apache/superset-cache:3.10-slim-bookworm
+    container_name: superset_checks
+    command: ["/app/scripts/check-env.py"]
+    env_file:
+      - path: docker/.env # default
+        required: true
+      - path: docker/.env-local # optional override
+        required: false
+    user: *superset-user
+    healthcheck:
+      disable: true
+
  superset-init:
    build:
      <<: *common-build
@@ -151,17 +158,11 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
-    depends_on:
-      db:
-        condition: service_started
-      redis:
-        condition: service_started
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    environment:
      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOAD_EXAMPLES: "${SUPERSET_LOAD_EXAMPLES:-yes}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    healthcheck:
      disable: true

@@ -174,17 +175,11 @@ services:
        # and build it on startup while firing docker-frontend.sh in dev mode, where
        # it'll mount and watch local files and rebuild as you update them
        DEV_MODE: "true"
-        BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
    environment:
      # set this to false if you have perf issues running the npm i; npm run dev in-docker
      # if you do so, you have to run this manually on the host, which should perform better!
      BUILD_SUPERSET_FRONTEND_IN_DOCKER: true
-      NPM_RUN_PRUNE: false
      SCARF_ANALYTICS: "${SCARF_ANALYTICS:-}"
-      # configuring the dev-server to use the host.docker.internal to connect to the backend
-      superset: "http://superset:8088"
-    ports:
-      - "127.0.0.1:9000:9000"  # exposing the dynamic webpack dev server
    container_name: superset_node
    command: ["/app/docker/docker-frontend.sh"]
    env_file:
@@ -192,6 +187,7 @@ services:
        required: true
      - path: docker/.env-local # optional override
        required: false
+    depends_on: *superset-depends-on
    volumes: *superset-volumes

  superset-worker:
@@ -206,12 +202,8 @@ services:
        required: false
    environment:
      CELERYD_CONCURRENCY: 2
-      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    restart: unless-stopped
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    extra_hosts:
@@ -233,15 +225,11 @@ services:
      - path: docker/.env-local # optional override
        required: false
    restart: unless-stopped
-    depends_on:
-      - superset-worker
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    healthcheck:
      disable: true
-    environment:
-      CYPRESS_CONFIG: "${CYPRESS_CONFIG:-}"
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"

  superset-tests-worker:
    build:
@@ -262,11 +250,8 @@ services:
      REDIS_RESULTS_DB: 3
      REDIS_HOST: localhost
      CELERYD_CONCURRENCY: 8
-      SUPERSET_LOG_LEVEL: "${SUPERSET_LOG_LEVEL:-info}"
    network_mode: host
-    depends_on:
-      superset-init:
-        condition: service_completed_successfully
+    depends_on: *superset-depends-on
    user: *superset-user
    volumes: *superset-volumes
    healthcheck:
--- a/docker/.env
+++ b/docker/.env
@@ -15,11 +15,8 @@
 # limitations under the License.
 #

-# Allowing python to print() in docker
-PYTHONUNBUFFERED=1

 COMPOSE_PROJECT_NAME=superset
-DEV_MODE=true

 # database configurations (do not modify)
 DATABASE_DB=superset
@@ -54,7 +51,6 @@ REDIS_HOST=redis
 REDIS_PORT=6379

 FLASK_DEBUG=true
-SUPERSET_APP_ROOT="/"
 SUPERSET_ENV=development
 SUPERSET_LOAD_EXAMPLES=yes
 CYPRESS_CONFIG=false
@@ -63,7 +59,7 @@ MAPBOX_API_KEY=''

 # Make sure you set this to a unique secure random value on production
 SUPERSET_SECRET_KEY=TEST_NON_DEV_SECRET
+
 ENABLE_PLAYWRIGHT=false
 PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
 BUILD_SUPERSET_FRONTEND_IN_DOCKER=true
-SUPERSET_LOG_LEVEL=info
--- a/docker/README.md
+++ b/docker/README.md
@@ -68,7 +68,7 @@ Don't forget to reload the page to take the new frontend into account though.

 ## Production

-It is possible to run Superset in non-development mode by using [`docker-compose-non-dev.yml`](../docker-compose-non-dev.yml). This file excludes the volumes needed for development.
+It is possible to run Superset in non-development mode by using [`docker-compose-non-dev.yml`](../docker-compose-non-dev.yml). This file excludes the volumes needed for development and uses [`./docker/.env-non-dev`](./.env-non-dev) which sets the variable `SUPERSET_ENV` to `production`.

 ## Resource Constraints

--- a/docker/apt-install.sh
+++ b/docker/apt-install.sh
@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-set -euo pipefail
-
-# Ensure this script is run as root
-if [[ $EUID -ne 0 ]]; then
-  echo "This script must be run as root" >&2
-  exit 1
-fi
-
-# Check for required arguments
-if [[ $# -lt 1 ]]; then
-  echo "Usage: $0 <package1> [<package2> ...]" >&2
-  exit 1
-fi
-
-# Colors for better logging (optional)
-GREEN='\033[0;32m'
-RED='\033[0;31m'
-RESET='\033[0m'
-
-# Install packages with clean-up
-echo -e "${GREEN}Updating package lists...${RESET}"
-apt-get update -qq
-
-echo -e "${GREEN}Installing packages: $@${RESET}"
-apt-get install -yqq --no-install-recommends "$@"
-
-echo -e "${GREEN}Autoremoving unnecessary packages...${RESET}"
-apt-get autoremove -y
-
-echo -e "${GREEN}Cleaning up package cache and metadata...${RESET}"
-apt-get clean
-rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* /tmp/* /var/tmp/*
-
-echo -e "${GREEN}Installation and cleanup complete.${RESET}"
--- a/docker/docker-bootstrap.sh
+++ b/docker/docker-bootstrap.sh
@@ -18,43 +18,19 @@

 set -eo pipefail

-# Make python interactive
-if [ "$DEV_MODE" == "true" ]; then
-    if [ "$(whoami)" = "root" ] && command -v uv > /dev/null 2>&1; then
-      echo "Reinstalling the app in editable mode"
-      uv pip install -e .
-    fi
-fi
 REQUIREMENTS_LOCAL="/app/docker/requirements-local.txt"
-PORT=${PORT:-8088}
 # If Cypress run – overwrite the password for admin and export env variables
 if [ "$CYPRESS_CONFIG" == "true" ]; then
+    export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
    export SUPERSET_TESTENV=true
-    export POSTGRES_DB=superset_cypress
-    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset_cypress
-    PORT=8081
-fi
-if [[ "$DATABASE_DIALECT" == postgres* ]] && [ "$(whoami)" = "root" ]; then
-    # older images may not have the postgres dev requirements installed
-    echo "Installing postgres requirements"
-    if command -v uv > /dev/null 2>&1; then
-        # Use uv in newer images
-        uv pip install -e .[postgres]
-    else
-        # Use pip in older images
-        pip install -e .[postgres]
-    fi
+    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset
 fi
 #
 # Make sure we have dev requirements installed
 #
 if [ -f "${REQUIREMENTS_LOCAL}" ]; then
  echo "Installing local overrides at ${REQUIREMENTS_LOCAL}"
-  if command -v uv > /dev/null 2>&1; then
-    uv pip install --no-cache-dir -r "${REQUIREMENTS_LOCAL}"
-  else
-    pip install --no-cache-dir -r "${REQUIREMENTS_LOCAL}"
-  fi
+  pip install --no-cache-dir -r "${REQUIREMENTS_LOCAL}"
 else
  echo "Skipping local overrides"
 fi
@@ -72,7 +48,7 @@ case "${1}" in
    ;;
  app)
    echo "Starting web app (using development server)..."
-    flask run -p $PORT --with-threads --reload --debugger --host=0.0.0.0
+    flask run -p 8088 --with-threads --reload --debugger --host=0.0.0.0
    ;;
  app-gunicorn)
    echo "Starting web app..."
--- a/docker/entrypoints/docker-ci.sh
+++ b/docker/entrypoints/docker-ci.sh
@@ -23,4 +23,4 @@
 export SERVER_THREADS_AMOUNT=8
 # start up the web server

-/app/docker/entrypoints/run-server.sh
+/usr/bin/run-server.sh
--- a/docker/docker-entrypoint-initdb.d/cypress-init.sh
+++ b/docker/docker-entrypoint-initdb.d/cypress-init.sh
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# ------------------------------------------------------------------------
-# Creates the examples database and respective user. This database location
-# and access credentials are defined on the environment variables
-# ------------------------------------------------------------------------
-set -e
-
-psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" <<-EOSQL
-  CREATE DATABASE superset_cypress;
-EOSQL
--- a/docker/docker-frontend.sh
+++ b/docker/docker-frontend.sh
@@ -27,18 +27,11 @@ if [ "$BUILD_SUPERSET_FRONTEND_IN_DOCKER" = "true" ]; then
    echo "Building Superset frontend in dev mode inside docker container"
    cd /app/superset-frontend

-    if [ "$NPM_RUN_PRUNE" = "true" ]; then
-        echo "Running `npm run prune`"
-        npm run prune
-    fi
-
    echo "Running `npm install`"
    npm install

-    echo "Start webpack dev server"
-    # start the webpack dev server, serving dynamically at http://localhost:9000
-    # it proxies to the backend served at http://localhost:8088
-    npm run dev-server
+    echo "Running frontend"
+    npm run dev

 else
    echo "Skipping frontend build steps - YOU NEED TO RUN IT MANUALLY ON THE HOST!"
--- a/docker/docker-healthcheck.sh
+++ b/docker/docker-healthcheck.sh
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-curl -f "http://localhost:${SUPERSET_PORT}/${SUPERSET_APP_ROOT/\//}/health" || exit 1
--- a/docker/docker-init.sh
+++ b/docker/docker-init.sh
@@ -30,18 +30,24 @@ fi

 echo_step() {
 cat <<EOF
+
 ######################################################################
+
+
 Init Step ${1}/${STEP_CNT} [${2}] -- ${3}
+
+
 ######################################################################
+
 EOF
 }
 ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin}"
 # If Cypress run – overwrite the password for admin and export env variables
 if [ "$CYPRESS_CONFIG" == "true" ]; then
    ADMIN_PASSWORD="general"
+    export SUPERSET_CONFIG=tests.integration_tests.superset_test_config
    export SUPERSET_TESTENV=true
-    export POSTGRES_DB=superset_cypress
-    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset_cypress
+    export SUPERSET__SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://superset:superset@db:5432/superset
 fi
 # Initialize the database
 echo_step "1" "Starting" "Applying DB migrations"
@@ -50,16 +56,12 @@ echo_step "1" "Complete" "Applying DB migrations"

 # Create an admin user
 echo_step "2" "Starting" "Setting up admin user ( admin / $ADMIN_PASSWORD )"
-if [ "$CYPRESS_CONFIG" == "true" ]; then
-    superset load_test_users
-else
-    superset fab create-admin \
-        --username admin \
-        --email admin@superset.com \
-        --password "$ADMIN_PASSWORD" \
-        --firstname Superset \
-        --lastname Admin
-fi
+superset fab create-admin \
+              --username admin \
+              --firstname Superset \
+              --lastname Admin \
+              --email admin@superset.com \
+              --password "$ADMIN_PASSWORD"
 echo_step "2" "Complete" "Setting up admin user"
 # Create default roles and permissions
 echo_step "3" "Starting" "Setting up roles and perms"
@@ -71,9 +73,10 @@ if [ "$SUPERSET_LOAD_EXAMPLES" = "yes" ]; then
    echo_step "4" "Starting" "Loading examples"
    # If Cypress run which consumes superset_test_config – load required data for tests
    if [ "$CYPRESS_CONFIG" == "true" ]; then
+        superset load_test_users
        superset load_examples --load-test-data
    else
-        superset load_examples
+        superset load_examples --force
    fi
    echo_step "4" "Complete" "Loading examples"
 fi
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -90,5 +90,38 @@ http {

    client_max_body_size 10m;

-    include /etc/nginx/conf.d/superset.conf;
+    upstream superset_app {
+        server host.docker.internal:8088;
+        keepalive 100;
+    }
+
+    upstream superset_websocket {
+        server host.docker.internal:8080;
+        keepalive 100;
+    }
+
+    server {
+        listen 80 default_server;
+        server_name  _;
+
+        location /ws {
+            proxy_pass http://superset_websocket;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+            proxy_set_header Host $host;
+        }
+
+        location / {
+            proxy_pass http://superset_app;
+            proxy_set_header    Host                $host;
+            proxy_set_header    X-Real-IP           $remote_addr;
+            proxy_set_header    X-Forwarded-For     $remote_addr;
+            proxy_set_header    X-Forwarded-Host    $host;
+            proxy_set_header    X-Forwarded-Proto   $scheme;
+            proxy_http_version 1.1;
+            port_in_redirect off;
+            proxy_connect_timeout 300;
+        }
+    }
 }
--- a/docker/nginx/templates/superset.conf.template
+++ b/docker/nginx/templates/superset.conf.template
@@ -1,57 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-upstream superset_app {
-    server host.docker.internal:8088;
-    keepalive 100;
-}
-
-upstream superset_websocket {
-    server host.docker.internal:8080;
-    keepalive 100;
-}
-
-server {
-    listen 80 default_server;
-    server_name  _;
-
-    location /ws {
-        proxy_pass http://superset_websocket;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header Host $host;
-    }
-
-    location ${SUPERSET_APP_ROOT}/static {
-        proxy_pass http://host.docker.internal:9000;  # Proxy to superset-node
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-    }
-
-    location ${SUPERSET_APP_ROOT} {
-        proxy_pass http://superset_app;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_http_version 1.1;
-        port_in_redirect off;
-        proxy_connect_timeout 300;
-    }
-
-}
--- a/docker/pip-install.sh
+++ b/docker/pip-install.sh
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-set -euo pipefail
-
-# Default flag
-REQUIRES_BUILD_ESSENTIAL=false
-USE_CACHE=true
-
-# Filter arguments
-ARGS=()
-for arg in "$@"; do
-  case "$arg" in
-    --requires-build-essential)
-      REQUIRES_BUILD_ESSENTIAL=true
-      ;;
-    --no-cache)
-      USE_CACHE=false
-      ;;
-    *)
-      ARGS+=("$arg")
-      ;;
-  esac
-done
-
-# Install build-essential if required
-if $REQUIRES_BUILD_ESSENTIAL; then
-  echo "Installing build-essential for package builds..."
-  apt-get update -qq \
-    && apt-get install -yqq --no-install-recommends build-essential
-fi
-
-# Choose whether to use pip cache
-if $USE_CACHE; then
-  echo "Using pip cache..."
-  uv pip install "${ARGS[@]}"
-else
-  echo "Disabling pip cache..."
-  uv pip install --no-cache-dir "${ARGS[@]}"
-fi
-
-# Remove build-essential if it was installed
-if $REQUIRES_BUILD_ESSENTIAL; then
-  echo "Removing build-essential to keep the image lean..."
-  apt-get autoremove -yqq --purge build-essential \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
-fi
-
-echo "Python packages installed successfully."
--- a/docker/pythonpath_dev/superset_config.py
+++ b/docker/pythonpath_dev/superset_config.py
@@ -22,7 +22,6 @@
 #
 import logging
 import os
-import sys

 from celery.schedules import crontab
 from flask_caching.backends.filesystemcache import FileSystemCache
@@ -71,7 +70,6 @@ CACHE_CONFIG = {
    "CACHE_REDIS_DB": REDIS_RESULTS_DB,
 }
 DATA_CACHE_CONFIG = CACHE_CONFIG
-THUMBNAIL_CACHE_CONFIG = CACHE_CONFIG


 class CeleryConfig:
@@ -101,28 +99,11 @@ CELERY_CONFIG = CeleryConfig

 FEATURE_FLAGS = {"ALERT_REPORTS": True}
 ALERT_REPORTS_NOTIFICATION_DRY_RUN = True
-WEBDRIVER_BASEURL = f"http://superset_app{os.environ.get('SUPERSET_APP_ROOT', '/')}/"  # When using docker compose baseurl should be http://superset_nginx{ENV{BASEPATH}}/  # noqa: E501
+WEBDRIVER_BASEURL = "http://superset:8088/"  # When using docker compose baseurl should be http://superset_app:8088/
 # The base URL for the email report hyperlinks.
-WEBDRIVER_BASEURL_USER_FRIENDLY = (
-    f"http://localhost:8888/{os.environ.get('SUPERSET_APP_ROOT', '/')}/"
-)
+WEBDRIVER_BASEURL_USER_FRIENDLY = WEBDRIVER_BASEURL
 SQLLAB_CTAS_NO_LIMIT = True

-log_level_text = os.getenv("SUPERSET_LOG_LEVEL", "INFO")
-LOG_LEVEL = getattr(logging, log_level_text.upper(), logging.INFO)
-
-if os.getenv("CYPRESS_CONFIG") == "true":
-    # When running the service as a cypress backend, we need to import the config
-    # located @ tests/integration_tests/superset_test_config.py
-    base_dir = os.path.dirname(__file__)
-    module_folder = os.path.abspath(
-        os.path.join(base_dir, "../../tests/integration_tests/")
-    )
-    sys.path.insert(0, module_folder)
-    from superset_test_config import *  # noqa
-
-    sys.path.pop(0)
-
 #
 # Optionally import superset_config_docker.py (which will have been included on
 # the PYTHONPATH) in order to allow for local settings to be overridden
@@ -132,7 +113,7 @@ try:
    from superset_config_docker import *  # noqa

    logger.info(
-        f"Loaded your Docker configuration at [{superset_config_docker.__file__}]"
+        f"Loaded your Docker configuration at " f"[{superset_config_docker.__file__}]"
    )
 except ImportError:
    logger.info("Using default Docker config...")
--- a/docker/entrypoints/run-server.sh
+++ b/docker/entrypoints/run-server.sh
--- a/docs/.eslintrc.js
+++ b/docs/.eslintrc.js
@@ -1,47 +0,0 @@
-/* eslint-env node */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-module.exports = {
-  extends: [
-    'eslint:recommended',
-    'plugin:@typescript-eslint/recommended',
-    'plugin:react/recommended',
-    'plugin:prettier/recommended',
-  ],
-  parser: '@typescript-eslint/parser',
-  parserOptions: {
-    ecmaFeatures: {
-      jsx: true,
-    },
-    ecmaVersion: 2020,
-    sourceType: 'module',
-  },
-  plugins: ['@typescript-eslint', 'react', 'prettier'],
-  rules: {
-    'react/react-in-jsx-scope': 'off',
-    'react/prop-types': 'off',
-    '@typescript-eslint/explicit-module-boundary-types': 'off',
-  },
-  settings: {
-    react: {
-      version: 'detect',
-    },
-  },
-  ignorePatterns: ['build/**/*', '.docusaurus/**/*', 'node_modules/**/*'],
-};
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-v20.18.3
+v20.16.0
--- a/docs/README.md
+++ b/docs/README.md
@@ -18,6 +18,6 @@ under the License.
 -->

 This is the public documentation site for Superset, built using
-[Docusaurus 3](https://docusaurus.io/). See
+[Docusaurus 2](https://docusaurus.io/). See
 [CONTRIBUTING.md](../CONTRIBUTING.md#documentation) for documentation on
 contributing to documentation.
--- a/docs/babel.config.js
+++ b/docs/babel.config.js
@@ -1,4 +1,3 @@
-/* eslint-env node */
 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
--- a/docs/data/countries.json
+++ b/docs/data/countries.json
@@ -63,7 +63,6 @@
    "Fiji",
    "Finland",
    "France",
-    "France (with overseas)",
    "France (regions)",
    "French Polynesia",
    "Gabon",
@@ -86,7 +85,6 @@
    "Israel",
    "Italy",
    "Italy (regions)",
-    "Ivory Coast",
    "Japan",
    "Jordan",
    "Kazakhstan",
@@ -144,7 +142,6 @@
    "Poland",
    "Portugal",
    "Qatar",
-    "Republic Of Serbia",
    "Romania",
    "Russia",
    "Rwanda",
--- a/docs/docs/api.mdx
+++ b/docs/docs/api.mdx
@@ -4,6 +4,7 @@ hide_title: true
 sidebar_position: 10
 ---

+import { Buffer } from 'buffer/index.js';
 import SwaggerUI from 'swagger-ui-react';
 import openapi from '/resources/openapi.json';
 import 'swagger-ui-react/swagger-ui.css';
--- a/docs/docs/configuration/alerts-reports.mdx
+++ b/docs/docs/configuration/alerts-reports.mdx
@@ -25,9 +25,6 @@ Alerts and reports are disabled by default. To turn them on, you need to do some
 - At least one of those must be configured, depending on what you want to use:
  - emails: `SMTP_*` settings
  - Slack messages: `SLACK_API_TOKEN`
- Users can customize the email subject by including date code placeholders, which will automatically be replaced with the corresponding UTC date when the email is sent. To enable this functionality, activate the `"DATE_FORMAT_IN_EMAIL_SUBJECT"` [feature flag](/docs/configuration/configuring-superset#feature-flags). This enables date formatting in email subjects, preventing all reporting emails from being grouped into the same thread (optional for the reporting feature).
-    - Use date codes from [strftime.org](https://strftime.org/) to create the email subject.
-    - If no date code is provided, the original string will be used as the email subject.

 ##### Disable dry-run mode

@@ -56,14 +53,11 @@ To send alerts and reports to Slack channels, you need to create a new Slack App
   - `incoming-webhook`
   - `files:write`
   - `chat:write`
-   - `channels:read`
-   - `groups:read`
 4. At the top of the "OAuth and Permissions" section, click "install to workspace".
 5. Select a default channel for your app and continue.
   (You can post to any channel by inviting your Superset app into that channel).
 6. The app should now be installed in your workspace, and a "Bot User OAuth Access Token" should have been created. Copy that token in the `SLACK_API_TOKEN` variable of your `superset_config.py`.
-7. Ensure the feature flag `ALERT_REPORT_SLACK_V2` is set to True in `superset_config.py`
-8. Restart the service (or run `superset init`) to pull in the new configuration.
+7. Restart the service (or run `superset init`) to pull in the new configuration.

 Note: when you configure an alert or a report, the Slack channel list takes channel names without the leading '#' e.g. use `alerts` instead of `#alerts`.

@@ -92,7 +86,6 @@ You can find documentation about each field in the default `config.py` in the Gi
 You need to replace default values with your custom Redis, Slack and/or SMTP config.

 Superset uses Celery beat and Celery worker(s) to send alerts and reports.
-
 - The beat is the scheduler that tells the worker when to perform its tasks. This schedule is defined when you create the alert or report.
 - The worker will process the  tasks that need to be performed when an alert or report is fired.

@@ -144,7 +137,7 @@ SLACK_API_TOKEN = "xoxb-"
 SMTP_HOST = "smtp.sendgrid.net" # change to your host
 SMTP_PORT = 2525 # your port, e.g. 587
 SMTP_STARTTLS = True
-SMTP_SSL_SERVER_AUTH = True # If you're using an SMTP server with a valid certificate
+SMTP_SSL_SERVER_AUTH = True # If your using an SMTP server with a valid certificate
 SMTP_SSL = False
 SMTP_USER = "your_user" # use the empty string "" if using an unauthenticated SMTP server
 SMTP_PASSWORD = "your_password" # use the empty string "" if using an unauthenticated SMTP server
@@ -181,13 +174,15 @@ By default, Alerts and Reports are executed as the owner of the alert/report obj
 just change the config as follows (`admin` in this example):

 ```python
-from superset.tasks.types import FixedExecutor
+from superset.tasks.types import ExecutorType

-ALERT_REPORTS_EXECUTORS = [FixedExecutor("admin")]
+THUMBNAIL_SELENIUM_USER = 'admin'
+ALERT_REPORTS_EXECUTE_AS = [ExecutorType.SELENIUM]
 ```

 Please refer to `ExecutorType` in the codebase for other executor types.

+
 **Important notes**

 - Be mindful of the concurrency setting for celery (using `-c 4`). Selenium/webdriver instances can
@@ -199,6 +194,7 @@ Please refer to `ExecutorType` in the codebase for other executor types.
 - Adjust `WEBDRIVER_BASEURL` in your configuration file if celery workers can’t access Superset via
  its default value of `http://0.0.0.0:8080/`.

+
 It's also possible to specify a minimum interval between each report's execution through the config file:

 ``` python
@@ -304,7 +300,6 @@ One symptom of an invalid connection to an email server is receiving an error of
 Confirm via testing that your outbound email configuration is correct.  Here is the simplest test, for an un-authenticated email SMTP email service running on port 25.  If you are sending over SSL, for instance, study how [Superset's codebase sends emails](https://github.com/apache/superset/blob/master/superset/utils/core.py#L818) and then test with those commands and arguments.

 Start Python in your worker environment, replace all example values, and run:
-
 ```python
 import smtplib
 from email.mime.multipart import MIMEMultipart
@@ -326,7 +321,6 @@ mailserver.quit()
 This should send an email.

 Possible fixes:
-
 - Some cloud hosts disable outgoing unauthenticated SMTP email to prevent spam.  For instance, [Azure blocks port 25 by default on some machines](https://learn.microsoft.com/en-us/azure/virtual-network/troubleshoot-outbound-smtp-connectivity). Enable that port or use another sending method.
 - Use another set of SMTP credentials that you verify works in this setup.

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Beto Dealmeida	754807b87d	WIP	2024-11-25 16:43:20 -05:00
Beto Dealmeida	782f94fe8d	Another fix	2024-11-24 18:53:14 -05:00
Beto Dealmeida	8e0c00a82e	Move integration tests to unit tests	2024-11-24 18:44:51 -05:00
Beto Dealmeida	c0c8802de9	Small fix	2024-11-24 18:03:20 -05:00
Beto Dealmeida	cd3209a600	chore (SIP-117): remove more sqlparse	2024-11-22 12:04:19 -05:00