Improve regex

fix: sqlparse ReDOS
chore: Adds RC4 data to CHANGELOG.md
2026-05-01 05:54:26 +00:00 · 2025-07-31 11:38:14 -04:00 · 2025-07-30 18:19:07 -04:00 · 2025-06-18 13:54:31 -03:00 · 2025-06-18 13:06:01 -03:00 · 2025-06-18 09:32:03 -03:00
3977 changed files with 115485 additions and 390176 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -17,12 +17,6 @@

 # https://cwiki.apache.org/confluence/display/INFRA/.asf.yaml+features+for+git+repositories
 ---
-notifications:
-  commits: commits@superset.apache.org
-  issues: notifications@superset.apache.org
-  pullrequests: notifications@superset.apache.org
-  discussions: notifications@superset.apache.org
-
 github:
  del_branch_on_merge: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
@@ -54,8 +48,6 @@ github:
    projects: true
    # Enable wiki for documentation
    wiki: true
-    # Enable discussions
-    discussions: true

  enabled_merge_buttons:
    squash: true
@@ -83,7 +75,6 @@ github:
          - cypress-matrix (5, chrome)
          - dependency-review
          - frontend-build
-          - playwright-tests (chromium)
          - pre-commit (current)
          - pre-commit (previous)
          - test-mysql
--- a/.claude/commands/js-to-ts.md
+++ b/.claude/commands/js-to-ts.md
@@ -1,10 +0,0 @@
-# JavaScript to TypeScript Migration Command
-
-## Usage
-```
-/js-to-ts <core-filename>
-```
- `<core-filename>` - Path to CORE file relative to `superset-frontend/` (e.g., `src/utils/common.js`, `src/middleware/loggerMiddleware.js`)
-
-## Agent Instructions
-**See:** [../projects/js-to-ts/AGENT.md](../projects/js-to-ts/AGENT.md) for complete migration guide.
--- a/.claude/projects/js-to-ts/AGENT.md
+++ b/.claude/projects/js-to-ts/AGENT.md
@@ -1,684 +0,0 @@
-# JavaScript to TypeScript Migration Agent Guide
-
-**Complete technical reference for converting JavaScript/JSX files to TypeScript/TSX in Apache Superset frontend.**
-
-**Agent Role:** Atomic migration unit - migrate the core file + ALL related tests/mocks as one cohesive unit. Use `git mv` to preserve history, NO `git commit`. NO global import changes. Report results upon completion.
-
---
-
-## 🎯 Migration Principles
-
-1. **Atomic migration units** - Core file + all related tests/mocks migrate together
-2. **Zero `any` types** - Use proper TypeScript throughout
-3. **Leverage existing types** - Reuse established definitions
-4. **Type inheritance** - Derivatives extend base component types
-5. **Strategic placement** - File types for maximum discoverability
-6. **Surgical improvements** - Enhance existing types during migration
-
---
-
-## Step 0: Dependency Check (MANDATORY)
-
-**Command:**
-```bash
-grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" superset-frontend/{filename}
-```
-
-**Decision:**
- ✅ No matches → Proceed with atomic migration (core + tests + mocks)
- ❌ Matches found → EXIT with dependency report (see format below)
-
---
-
-## Step 1: Identify Related Files (REQUIRED)
-
-**Atomic Migration Scope:**
-For core file `src/utils/example.js`, also migrate:
- `src/utils/example.test.js` / `src/utils/example.test.jsx`
- `src/utils/example.spec.js` / `src/utils/example.spec.jsx`
- `src/utils/__mocks__/example.js`
- Any other related test/mock files found by pattern matching
-
-**Find all related test and mock files:**
-```bash
-# Pattern-based search for related files
-basename=$(basename {filename} .js)
-dirname=$(dirname superset-frontend/{filename})
-
-# Find test files
-find "$dirname" -name "${basename}.test.js" -o -name "${basename}.test.jsx"
-find "$dirname" -name "${basename}.spec.js" -o -name "${basename}.spec.jsx"
-
-# Find mock files  
-find "$dirname" -name "__mocks__/${basename}.js"
-find "$dirname" -name "${basename}.mock.js"
-```
-
-**Migration Requirement:** All discovered related files MUST be migrated together as one atomic unit.
-
-**Test File Creation:** If NO test files exist for the core file, CREATE a minimal test file using the following pattern:
- Location: Same directory as core file
- Name: `{basename}.test.ts` (e.g., `DebouncedMessageQueue.test.ts`)
- Content: Basic test structure importing and testing the main functionality
- Use proper TypeScript types in test file
-
---
-
-## 🗺️ Type Reference Map
-
-### From `@superset-ui/core`
-```typescript
-// Data & Query
-QueryFormData, QueryData, JsonObject, AnnotationData, AdhocMetric
-LatestQueryFormData, GenericDataType, DatasourceType, ExtraFormData
-DataMaskStateWithId, NativeFilterScope, NativeFiltersState, NativeFilterTarget
-
-// UI & Theme  
-FeatureFlagMap, LanguagePack, ColorSchemeConfig, SequentialSchemeConfig
-```
-
-### From `@superset-ui/chart-controls`
-```typescript
-Dataset, ColumnMeta, ControlStateMapping
-```
-
-### From Local Types (`src/types/`)
-```typescript
-// Authentication
-User, UserWithPermissionsAndRoles, BootstrapUser, PermissionsAndRoles
-
-// Dashboard
-Dashboard, DashboardState, DashboardInfo, DashboardLayout, LayoutItem
-ComponentType, ChartConfiguration, ActiveFilters
-
-// Charts
-Chart, ChartState, ChartStatus, ChartLinkedDashboard, Slice, SaveActionType
-
-// Data
-Datasource, Database, Owner, Role
-
-// UI Components
-TagType, FavoriteStatus, Filter, ImportResourceName
-```
-
-### From Domain Types
-```typescript
-// src/dashboard/types.ts
-RootState, ChartsState, DatasourcesState, FilterBarOrientation
-ChartCrossFiltersConfig, ActiveTabs, MenuKeys
-
-// src/explore/types.ts  
-ExplorePageInitialData, ExplorePageState, ExploreResponsePayload, OptionSortType
-
-// src/SqlLab/types.ts
-[SQL Lab specific types]
-```
-
---
-
-## 🏗️ Type Organization Strategy
-
-### Type Placement Hierarchy
-
-1. **Component-Colocated** (90% of cases)
-   ```typescript
-   // Same file as component
-   interface MyComponentProps {
-     title: string;
-     onClick: () => void;
-   }
-   ```
-
-2. **Feature-Shared**
-   ```typescript
-   // src/[domain]/components/[Feature]/types.ts
-   export interface FilterConfiguration {
-     filterId: string;
-     targets: NativeFilterTarget[];
-   }
-   ```
-
-3. **Domain-Wide**
-   ```typescript
-   // src/[domain]/types.ts
-   export interface ExploreFormData extends QueryFormData {
-     viz_type: string;
-   }
-   ```
-
-4. **Global**
-   ```typescript
-   // src/types/[TypeName].ts
-   export interface ApiResponse<T> {
-     result: T;
-     count?: number;
-   }
-   ```
-
-### Type Discovery Commands
-```bash
-# Search existing types before creating
-find superset-frontend/src -name "types.ts" -exec grep -l "[TypeConcept]" {} \;
-grep -r "interface.*Props\|type.*Props" superset-frontend/src/
-```
-
-### Derivative Component Patterns
-
-**Rule:** Components that extend others should extend their type interfaces.
-
-```typescript
-// ✅ Base component type
-interface SelectProps {
-  value: string | number;
-  options: SelectOption[];
-  onChange: (value: string | number) => void;
-  disabled?: boolean;
-}
-
-// ✅ Derivative extends base
-interface ChartSelectProps extends SelectProps {
-  charts: Chart[];
-  onChartSelect: (chart: Chart) => void;
-}
-
-// ✅ Derivative with modified props  
-interface DatabaseSelectProps extends Omit<SelectProps, 'value' | 'onChange'> {
-  value: number;  // Narrowed type
-  onChange: (databaseId: number) => void;  // Specific signature
-}
-```
-
-**Common Patterns:**
- **Extension:** `extends BaseProps` - adds new props
- **Omission:** `Omit<BaseProps, 'prop'>` - removes props
- **Modification:** `Omit<BaseProps, 'prop'> & { prop: NewType }` - changes prop type
- **Restriction:** Override with narrower types (union → specific)
-
---
-
-## 📋 Migration Recipe
-
-### Step 2: File Conversion
-```bash
-# Use git mv to preserve history
-git mv component.js component.ts
-git mv Component.jsx Component.tsx
-```
-
-### Step 3: Import & Type Setup
-```typescript
-// Import order (enforced by linting)
-import { FC, ReactNode } from 'react';
-import { JsonObject, QueryFormData } from '@superset-ui/core';
-import { Dataset } from '@superset-ui/chart-controls';
-import type { Dashboard } from 'src/types/Dashboard';
-```
-
-### Step 4: Function & Component Typing
-```typescript
-// Functions with proper parameter/return types
-export function processData(
-  data: Dataset[],
-  config: JsonObject
-): ProcessedData[] {
-  // implementation
-}
-
-// Component props with inheritance
-interface ComponentProps extends BaseProps {
-  data: Chart[];
-  onSelect: (id: number) => void;
-}
-
-const Component: FC<ComponentProps> = ({ data, onSelect }) => {
-  // implementation
-};
-```
-
-### Step 5: State & Redux Typing
-```typescript
-// Hooks with specific types
-const [data, setData] = useState<Chart[]>([]);
-const [selected, setSelected] = useState<number | null>(null);
-
-// Redux with existing RootState
-const mapStateToProps = (state: RootState) => ({
-  charts: state.charts,
-  user: state.user,
-});
-```
-
---
-
-## 🧠 Type Debugging Strategies (Real-World Learnings)
-
-### The Evolution of Type Approaches
-When you hit type errors, follow this debugging evolution:
-
-#### 1. ❌ Idealized Union Types (First Attempt)
-```typescript
-// Looks clean but doesn't match reality
-type DatasourceInput = Datasource | QueryEditor;
-```
-**Problem**: Real calling sites pass variations, not exact types.
-
-#### 2. ❌ Overly Precise Types (Second Attempt)
-```typescript
-// Tried to match exact calling signatures
-type DatasourceInput =
-  | IDatasource  // From DatasourcePanel
-  | (QueryEditor & { columns: ColumnMeta[] });  // From SaveQuery
-```
-**Problem**: Too rigid, doesn't handle legacy variations.
-
-#### 3. ✅ Flexible Interface (Final Solution)
-```typescript
-// Captures what the function actually needs
-interface DatasourceInput {
-  name?: string | null;  // Allow null for compatibility
-  datasource_name?: string | null;  // Legacy variations
-  columns?: any[];  // Multiple column types accepted
-  database?: { id?: number };
-  // ... other optional properties
-}
-```
-**Success**: Works with all calling sites, focuses on function needs.
-
-### Type Debugging Process
-1. **Start with compilation errors** - they show exact mismatches
-2. **Examine actual usage** - look at calling sites, not idealized types  
-3. **Build flexible interfaces** - capture what functions need, not rigid contracts
-4. **Iterate based on downstream validation** - let calling sites guide your types
-
---
-
-## 🚨 Anti-Patterns to Avoid
-
-```typescript
-// ❌ Never use any
-const obj: any = {};
-
-// ✅ Use proper types
-const obj: Record<string, JsonObject> = {};
-
-// ❌ Don't recreate base component props
-interface ChartSelectProps {
-  value: string;     // Duplicated from SelectProps
-  onChange: () => void;  // Duplicated from SelectProps
-  charts: Chart[];   // New prop
-}
-
-// ✅ Inherit and extend
-interface ChartSelectProps extends SelectProps {
-  charts: Chart[];   // Only new props
-}
-
-// ❌ Don't create ad-hoc type variations
-interface UserInfo {
-  name: string;
-  email: string;
-}
-
-// ✅ Extend existing types (DRY principle)
-import { User } from 'src/types/bootstrapTypes';
-type UserDisplayInfo = Pick<User, 'firstName' | 'lastName' | 'email'>;
-
-// ❌ Don't create overly rigid unions
-type StrictInput = ExactTypeA | ExactTypeB;
-
-// ✅ Create flexible interfaces for function parameters
-interface FlexibleInput {
-  // Focus on what the function actually needs
-  commonProperty: string;
-  optionalVariations?: any;  // Allow for legacy variations
-}
-```
-
-## 📍 DRY Type Guidelines (WHERE TYPES BELONG)
-
-### Type Placement Rules
-**CRITICAL**: Type variations must live close to where they belong, not scattered across files.
-
-#### ✅ Proper Type Organization
-```typescript
-// ❌ Don't create one-off interfaces in utility files
-// src/utils/datasourceUtils.ts
-interface DatasourceInput { /* custom interface */ }  // Wrong!
-
-// ✅ Use existing types or extend them in their proper domain
-// src/utils/datasourceUtils.ts
-import { IDatasource } from 'src/explore/components/DatasourcePanel';
-import { QueryEditor } from 'src/SqlLab/types';
-
-// Create flexible interface that references existing types
-interface FlexibleDatasourceInput {
-  // Properties that actually exist across variations
-}
-```
-
-#### Type Location Hierarchy
-1. **Domain Types**: `src/{domain}/types.ts` (dashboard, explore, SqlLab)
-2. **Component Types**: Co-located with components  
-3. **Global Types**: `src/types/` directory
-4. **Utility Types**: Only when they truly don't belong elsewhere
-
-#### ✅ DRY Type Patterns
-```typescript
-// ✅ Extend existing domain types
-interface SaveQueryData extends Pick<QueryEditor, 'sql' | 'dbId' | 'catalog'> {
-  columns: ColumnMeta[];  // Add what's needed
-}
-
-// ✅ Create flexible interfaces for cross-domain utilities
-interface CrossDomainInput {
-  // Common properties that exist across different source types
-  name?: string | null;  // Accommodate legacy null values
-  // Only include properties the function actually uses
-}
-```
-
---
-
-## 🎯 PropTypes Auto-Generation (Elegant Approach)
-
-**IMPORTANT**: Superset has `babel-plugin-typescript-to-proptypes` configured to automatically generate PropTypes from TypeScript interfaces. Use this instead of manual PropTypes duplication!
-
-### ❌ Manual PropTypes Duplication (Avoid This)
-```typescript
-export interface MyComponentProps {
-  title: string;
-  count?: number;
-}
-
-// 8+ lines of manual PropTypes duplication 😱
-const propTypes = PropTypes.shape({
-  title: PropTypes.string.isRequired,
-  count: PropTypes.number,
-});
-
-export default propTypes;
-```
-
-### ✅ Auto-Generated PropTypes (Use This)
-```typescript
-import { InferProps } from 'prop-types';
-
-export interface MyComponentProps {
-  title: string;
-  count?: number;
-}
-
-// Single validator function - babel plugin auto-generates PropTypes! ✨
-export default function MyComponentValidator(props: MyComponentProps) {
-  return null; // PropTypes auto-assigned by babel-plugin-typescript-to-proptypes
-}
-
-// Optional: For consumers needing PropTypes type inference
-export type MyComponentPropsInferred = InferProps<typeof MyComponentValidator>;
-```
-
-### Migration Pattern for Type-Only Files
-
-**When migrating type-only files with manual PropTypes:**
-
-1. **Keep the TypeScript interfaces** (single source of truth)
-2. **Replace manual PropTypes** with validator function
-3. **Remove PropTypes imports** and manual shape definitions
-4. **Add InferProps import** if type inference needed
-
-**Example Migration:**
-```typescript
-// Before: 25+ lines with manual PropTypes duplication
-export interface AdhocFilterType { /* ... */ }
-const adhocFilterTypePropTypes = PropTypes.oneOfType([...]);
-
-// After: 3 lines with auto-generation
-export interface AdhocFilterType { /* ... */ }
-export default function AdhocFilterValidator(props: { filter: AdhocFilterType }) {
-  return null; // Auto-generated PropTypes by babel plugin
-}
-```
-
-### Component PropTypes Pattern
-
-**For React components, the babel plugin works automatically:**
-
-```typescript
-interface ComponentProps {
-  title: string;
-  onClick: () => void;
-}
-
-const MyComponent: FC<ComponentProps> = ({ title, onClick }) => {
-  // Component implementation
-};
-
-// PropTypes automatically generated by babel plugin - no manual work needed!
-export default MyComponent;
-```
-
-### Auto-Generation Benefits
-
- ✅ **Single source of truth**: TypeScript interfaces drive PropTypes
- ✅ **No duplication**: Eliminate 15-20 lines of manual PropTypes code
- ✅ **Automatic updates**: Changes to TypeScript automatically update PropTypes
- ✅ **Type safety**: Compile-time checking ensures PropTypes match interfaces
- ✅ **Backward compatibility**: Existing JavaScript components continue working
-
-### Babel Plugin Configuration
-
-The plugin is already configured in `babel.config.js`:
-```javascript
-['babel-plugin-typescript-to-proptypes', { loose: true }]
-```
-
-**No additional setup required** - just use TypeScript interfaces and the plugin handles the rest!
-
---
-
-## 🧪 Test File Migration Patterns
-
-### Test File Priority
- **Always migrate test files** alongside production files
- **Test files are often leaf nodes** - good starting candidates
- **Create tests if missing** - Leverage new TypeScript types for better test coverage
-
-### Test-Specific Type Patterns
-```typescript
-// Mock interfaces for testing
-interface MockStore {
-  getState: () => Partial<RootState>;  // Partial allows minimal mocking
-}
-
-// Type-safe mocking for complex objects
-const mockDashboardInfo: Partial<DashboardInfo> as DashboardInfo = {
-  id: 123,
-  json_metadata: '{}',
-};
-
-// Sinon stub typing
-let postStub: sinon.SinonStub;
-beforeEach(() => {
-  postStub = sinon.stub(SupersetClient, 'post');
-});
-
-// Use stub reference instead of original method
-expect(postStub.callCount).toBe(1);
-expect(postStub.getCall(0).args[0].endpoint).toMatch('/api/');
-```
-
-### Test Migration Recipe
-1. **Migrate production file first** (if both need migration)
-2. **Update test imports** to point to `.ts/.tsx` files
-3. **Add proper mock typing** using `Partial<T> as T` pattern
-4. **Fix stub typing** - Use stub references, not original methods
-5. **Verify all tests pass** with TypeScript compilation
-
---
-
-## 🔧 Type Conflict Resolution
-
-### Multiple Type Definitions Issue
-**Problem**: Same type name defined in multiple files causes compilation errors.
-
-**Example**: `DashboardInfo` defined in both:
- `src/dashboard/reducers/types.ts` (minimal)
- `src/dashboard/components/Header/types.ts` (different shape)  
- `src/dashboard/types.ts` (complete - used by RootState)
-
-### Resolution Strategy
-1. **Identify the authoritative type**:
-   ```bash
-   # Find which type is used by RootState/main interfaces
-   grep -r "DashboardInfo" src/dashboard/types.ts
-   ```
-
-2. **Use import from authoritative source**:
-   ```typescript
-   // ✅ Import from main domain types
-   import { RootState, DashboardInfo } from 'src/dashboard/types';
-
-   // ❌ Don't import from component-specific files
-   import { DashboardInfo } from 'src/dashboard/components/Header/types';
-   ```
-
-3. **Mock complex types in tests**:
-   ```typescript
-   // For testing - provide minimal required fields
-   const mockInfo: Partial<DashboardInfo> as DashboardInfo = {
-     id: 123,
-     json_metadata: '{}',
-     // Only provide fields actually used in test
-   };
-   ```
-
-### Type Hierarchy Discovery Commands
-```bash
-# Find all definitions of a type
-grep -r "interface.*TypeName\|type.*TypeName" src/
-
-# Find import usage patterns
-grep -r "import.*TypeName" src/
-
-# Check what RootState uses
-grep -A 10 -B 10 "TypeName" src/*/types.ts
-```
-
---
-
-## Agent Constraints (CRITICAL)
-
-1. **Use git mv** - Run `git mv file.js file.ts` to preserve git history, but NO `git commit`
-2. **NO global import changes** - Don't update imports across codebase
-3. **Type files OK** - Can modify existing type files to improve/align types
-4. **Single-File TypeScript Validation** (CRITICAL) - tsc has known issues with multi-file compilation:
-   - **Core Issue**: TypeScript's `tsc` has documented problems validating multiple files simultaneously in complex projects
-   - **Solution**: ALWAYS validate files one at a time using individual `tsc` calls
-   - **Command Pattern**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {single-file-path}`
-   - **Why**: Multi-file validation can produce false positives, miss real errors, and conflict during parallel agent execution
-5. **Downstream Impact Validation** (CRITICAL) - Your migration affects calling sites:
-   - **Find downstream files**: `find superset-frontend/src -name "*.tsx" -o -name "*.ts" | xargs grep -l "your-core-filename" 2>/dev/null || echo "No files found"`
-   - **Validate each downstream file individually**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
-   - **Fix type mismatches** you introduced in calling sites
-   - **NEVER ignore downstream errors** - they indicate your types don't match reality
-6. **Avoid Project-Wide Validation During Migration**:
-   - **NEVER use `npm run type`** during parallel agent execution - produces unreliable results
-   - **Single-file validation is authoritative** - trust individual file checks over project-wide scans
-6. **ESLint validation** - Run `npm run eslint -- --fix {file}` for each migrated file to auto-fix formatting/linting issues
-6. Zero `any` types - use proper TypeScript types
-7. Search existing types before creating new ones
-8. Follow patterns from this guide
-
---
-
-## Success Report Format
-
-```
-SUCCESS: Atomic Migration of {core-filename}
-
-## Files Migrated (Atomic Unit)
- Core: {core-filename} → {core-filename.ts/tsx}
- Tests: {list-of-test-files} → {list-of-test-files.ts/tsx} OR "CREATED: {basename}.test.ts"
- Mocks: {list-of-mock-files} → {list-of-mock-files.ts}
- Type files modified: {list-of-type-files}
-
-## Types Created/Improved
- {TypeName}: {location} ({scope}) - {rationale}
- {ExistingType}: enhanced in {location} - {improvement-description}
-
-## Documentation Recommendations  
- ADD_TO_DIRECTORY: {TypeName} - {reason}
- NO_DOCUMENTATION: {TypeName} - {reason}
-
-## Quality Validation
- **Single-File TypeScript Validation**: ✅ PASS - Core files individually validated
-  - Core file: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {core-file}`
-  - Test files: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {test-file}` (if exists)
- **Downstream Impact Check**: ✅ PASS - Found {N} files importing this module, all validate individually
-  - Downstream files: {list-of-files-that-import-your-module}
-  - Individual validation: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
- **ESLint validation**: ✅ PASS (using `npm run eslint -- --fix {files}` to auto-fix formatting)
- **Zero any types**: ✅ PASS
- **Local imports resolved**: ✅ PASS  
- **Functionality preserved**: ✅ PASS
- **Tests pass** (if test file): ✅ PASS
- **Follow-up action required**: {YES/NO}
-
-## Validation Strategy Notes
- **Single-file approach used**: Avoided multi-file tsc validation due to known TypeScript compilation issues
- **Project-wide validation skipped**: `npm run type` not used during parallel migration to prevent false positives
-
-## Migration Learnings
- Type conflicts encountered: {describe any multiple type definitions}
- Mock patterns used: {describe test mocking approaches}
- Import hierarchy decisions: {note authoritative type sources used}
- PropTypes strategy: {AUTO_GENERATED via babel plugin | MANUAL_DUPLICATION_REMOVED | N/A}
-
-## Improvement Suggestions for Documentation
- AGENT.md enhancement: {suggest additions to migration guide}
- Common pattern identified: {note reusable patterns for future migrations}
-```
-
---
-
-## Dependency Block Report Format
-
-```
-DEPENDENCY_BLOCK: Cannot migrate {filename}
-
-## Blocking Dependencies
- {path}: {type} - {usage} - {priority}
-
-## Impact Analysis
- Estimated types: {number}
- Expected locations: {list}
- Cross-domain: {YES/NO}
-
-## Recommended Order
-{ordered-list}
-```
-
---
-
-## 📚 Quick Reference
-
-**Type Utilities:**
- `Record<K, V>` - Object with specific key/value types
- `Partial<T>` - All properties optional
- `Pick<T, K>` - Subset of properties
- `Omit<T, K>` - Exclude specific properties
- `NonNullable<T>` - Exclude null/undefined
-
-**Event Types:**
- `MouseEvent<HTMLButtonElement>`
- `ChangeEvent<HTMLInputElement>`
- `FormEvent<HTMLFormElement>`
-
-**React Types:**
- `FC<Props>` - Functional component
- `ReactNode` - Any renderable content
- `CSSProperties` - Style objects
-
---
-
-**Remember:** Every type should add value and clarity. The goal is meaningful type safety that catches bugs and improves developer experience.
--- a/.claude/projects/js-to-ts/COORDINATOR.md
+++ b/.claude/projects/js-to-ts/COORDINATOR.md
@@ -1,199 +0,0 @@
-# JS-to-TS Coordinator Workflow
-
-**Role:** Strategic migration coordination - select leaf-node files, trigger agents, review results, handle integration, manage dependencies.
-
---
-
-## 1. Core File Selection Strategy
-
-**Target ONLY Core Files**: Coordinators identify core files (production code), agents handle related tests/mocks atomically.
-
-**File Analysis Commands**:
-```bash
-# Find CORE files with no JS/JSX dependencies (exclude tests/mocks) - SIZE PRIORITIZED
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | xargs wc -l | sort -n | head -20
-
-# Alternative: Get file sizes in lines with paths
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | while read file; do
-  lines=$(wc -l < "$file")
-  echo "$lines $file"
-done | sort -n | head -20
-
-# Check dependencies for core files only (start with smallest)
-for file in <core-files-sorted-by-size>; do
-  echo "=== $file ($(wc -l < "$file") lines) ==="
-  grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" || echo "✅ LEAF CANDIDATE"
-done
-
-# Identify heavily imported files (migrate last)  
-grep -r "from.*utils/common" superset-frontend/src/ | wc -l
-
-# Quick leaf analysis with size priority
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | head -30 | while read file; do
-  deps=$(grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" | wc -l)
-  lines=$(wc -l < "$file")
-  if [ "$deps" -eq 0 ]; then
-    echo "✅ LEAF: $lines lines - $file"
-  fi
-done | sort -n
-```
-
-**Priority Order** (Smallest files first for easier wins):
-1. **Small leaf files** (<50 lines) - No JS/JSX imports, quick TypeScript conversion
-2. **Medium leaf files** (50-200 lines) - Self-contained utilities and helpers  
-3. **Small dependency files** (<100 lines) - Import only already-migrated files
-4. **Larger components** (200+ lines) - Complex but well-contained functionality
-5. **Core foundational files** (utils/common.js, controls.jsx) - migrate last regardless of size
-
-**Size-First Benefits**:
- Faster completion builds momentum
- Earlier validation of migration patterns
- Easier rollback if issues arise
- Better success rate for agent learning
-
-**Migration Unit**: Each agent call migrates:
- 1 core file (primary target)
- All related `*.test.js/jsx` files
- All related `*.mock.js` files  
- All related `__mocks__/` files
-
---
-
-## 2. Task Creation & Agent Control
-
-### Task Triggering
-When triggering the `/js-to-ts` command:
- **Task Title**: Use the core filename as the task title (e.g., "DebouncedMessageQueue.js migration", "hostNamesConfig.js migration")
- **Task Description**: Include the full relative path to help agent locate the file
- **Reference**: Point agent to [AGENT.md](./AGENT.md) for technical instructions
-
-### Post-Processing Workflow
-After each agent completes:
-
-1. **Review Agent Report**: Always read and analyze the complete agent report
-2. **Share Summary**: Provide user with key highlights from agent's work:
-   - Files migrated (core + tests/mocks)
-   - Types created or improved
-   - Any validation issues or coordinator actions needed
-3. **Quality Assessment**: Evaluate agent's TypeScript implementation against criteria:
-   - ✅ **Type Usage**: Proper types used, no `any` types
-   - ✅ **Type Filing**: Types placed in correct hierarchy (component → feature → domain → global)
-   - ✅ **Side Effects**: No unintended changes to other files
-   - ✅ **Import Alignment**: Proper .ts/.tsx import extensions
-4. **Integration Decision**:
-   - **COMMIT**: If agent work is complete and high quality
-   - **FIX & COMMIT**: If minor issues need coordinator fixes
-   - **ROLLBACK**: If major issues require complete rework
-5. **Next Action**: Ask user preference - commit this work or trigger next migration
-
---
-
-## 3. Integration Decision Framework
-
-**Automatic Integration** ✅:
- `npm run type` passes without errors
- Agent created clean TypeScript with proper types
- Types appropriately filed in hierarchy
-
-**Coordinator Integration** (Fix Side-Effects) 🔧:
- `npm run type` fails BUT agent's work is high quality
- Good type usage, proper patterns, well-organized
- Side-effects are manageable TypeScript compilation errors
- **Coordinator Action**: Integrate the change, then fix global compilation issues
-
-**Rollback Only** ❌:
- Agent introduced `any` types or poor type choices
- Types poorly organized or conflicting with existing patterns
- Fundamental approach issues requiring complete rework
-
-**Integration Process**:
-1. **Review**: Agent already used `git mv` to preserve history
-2. **Fix Side-Effects**: Update dependent files with proper import extensions
-3. **Resolve Types**: Fix any cascading type issues across codebase
-4. **Validate**: Ensure `npm run type` passes after fixes
-
---
-
-## 4. Common Integration Patterns
-
-**Common Side-Effects (Expect These)**:
- **Type import conflicts**: Multiple definitions of same type name
- **Mock object typing**: Tests need complete type satisfaction
- **Stub method references**: Use stub vars instead of original methods
-
-**Coordinator Fixes (Standard Process)**:
-1. **Import Resolution**:
-   ```bash
-   # Find authoritative type source
-   grep -r "TypeName" src/*/types.ts
-   # Import from domain types (src/dashboard/types.ts) not component types
-   ```
-
-2. **Test Mock Completion**:
-   ```typescript
-   // Use Partial<T> as T pattern for minimal mocking
-   const mockDashboard: Partial<DashboardInfo> as DashboardInfo = {
-     id: 123,
-     json_metadata: '{}',
-   };
-   ```
-
-3. **Stub Reference Fixes**:
-   ```typescript
-   // ✅ Use stub variable
-   expect(postStub.callCount).toBe(1);
-   // ❌ Don't use original method
-   expect(SupersetClient.post.callCount).toBe(1);
-   ```
-
-4. **Validation Commands**:
-   ```bash
-   npm run type          # TypeScript compilation
-   npm test -- filename  # Test functionality
-   git status           # Should show rename, not add/delete
-   ```
-
---
-
-## 5. File Categories for Planning
-
-### Leaf Files (Start Here)
-**Self-contained files with minimal JS/JSX dependencies**:
- Test files (80 files) - Usually only import the file being tested
- Utility files without internal dependencies
- Components importing only external libraries
-
-### Heavily Imported Files (Migrate Last)
-**Core files that many others depend on**:
- `utils/common.js` - Core utility functions
- `utils/reducerUtils.js` - Redux helpers  
- `@superset-ui/core` equivalent files
- Major state management files (`explore/store.js`, `dashboard/actions/`)
-
-### Complex Components (Middle Priority)  
-**Large files requiring careful type analysis**:
- `components/Datasource/DatasourceEditor.jsx` (1,809 lines)
- `explore/components/controls/AnnotationLayerControl/AnnotationLayer.jsx` (1,031 lines)
- `explore/components/ExploreViewContainer/index.jsx` (911 lines)
-
---
-
-## 6. Success Metrics & Continuous Improvement
-
-**Per-File Gates**:
- ✅ `npm run type` passes after each migration
- ✅ Zero `any` types introduced
- ✅ All imports properly typed
- ✅ Types filed in correct hierarchy
-
-**Linear Scheduling**:
-When agents report `DEPENDENCY_BLOCK`:
- Queue dependencies in linear order
- Process one file at a time to avoid conflicts
- Handle cascading type changes between files
-
-**After Each Migration**:
-1. **Update guides** with new patterns discovered
-2. **Document coordinator fixes** that become common
-3. **Enhance agent instructions** based on recurring issues
-4. **Track success metrics** - automatic vs coordinator integration rates
--- a/.claude/projects/js-to-ts/PROJECT.md
+++ b/.claude/projects/js-to-ts/PROJECT.md
@@ -1,76 +0,0 @@
-# JavaScript to TypeScript Migration Project
-
-Progressive migration of 219 JS/JSX files to TypeScript in Apache Superset frontend.
-
-## 📁 Project Documentation
-
- **[AGENT.md](./AGENT.md)** - Complete technical migration guide for agents (includes type reference, patterns, validation)
- **[COORDINATOR.md](./COORDINATOR.md)** - Strategic workflow for coordinators (file selection, task management, integration)
-
-## 🎯 Quick Start
-
-**For Agents:** Read [AGENT.md](./AGENT.md) for complete migration instructions
-**For Coordinators:** Read [COORDINATOR.md](./COORDINATOR.md) for workflow and [AGENT.md](./AGENT.md) for supervision
-
-**Command:** `/js-to-ts <filename>` - See [../../commands/js-to-ts.md](../../commands/js-to-ts.md)
-
-## 📊 Migration Progress
-
-**Scope**: 219 files total (112 JS + 107 JSX)
- Production files: 139 (63%)  
- Test files: 80 (37%)
-
-**Strategy**: Leaf-first migration with dependency-aware coordination
-
-### Completed Migrations ✅
-
-1. **roundDecimal** - `plugins/legacy-plugin-chart-map-box/src/utils/roundDecimal.js`
-   - Migrated core + test files
-   - Added proper TypeScript function signature with optional precision parameter
-   - All tests pass
-
-2. **timeGrainSqlaAnimationOverrides** - `src/explore/controlPanels/timeGrainSqlaAnimationOverrides.js`
-   - Migrated to TypeScript with ControlPanelState and Dataset types
-   - Added TimeGrainOverrideState interface for return type
-   - Used type guards for safe property access
-
-3. **DebouncedMessageQueue** - `src/utils/DebouncedMessageQueue.js`
-   - Migrated to TypeScript with proper generics
-   - Created DebouncedMessageQueueOptions interface
-   - **CREATED test file** with 4 comprehensive test cases
-   - Excellent class property typing with private/readonly modifiers
-
-**Files Migrated**: 3/219 (1.4%)
-**Tests Created**: 2 (roundDecimal had existing, DebouncedMessageQueue created)
-
-### Next Candidates (Leaf Nodes) 🎯
-
-**Identified leaf files with no JS/JSX dependencies:**
- `src/utils/hostNamesConfig.js` - Domain configuration utility
- `src/explore/controlPanels/Separator.js` - Control panel configuration  
- `src/middleware/loggerMiddleware.js` - Logging middleware
-
-**Migration Quality**: All completed migrations have:
- ✅ Zero `any` types
- ✅ Proper TypeScript compilation
- ✅ ESLint validation passed
- ✅ Test coverage (created where missing)
-
---
-
-## 📈 Success Metrics
-
-**Per-File Gates**:
- ✅ `npm run type` passes after each migration
- ✅ Zero `any` types introduced  
- ✅ All imports properly typed
- ✅ Types filed in correct hierarchy
-
-**Overall Progress**:
- **Automatic Integration Rate**: 100% (3/3 migrations required no coordinator fixes)
- **Test Coverage**: Improved (1 new test file created)
- **Type Safety**: Enhanced with proper interfaces and generics
-
---
-
-*This is a claudette-managed progressive refactor. All documentation and coordination resources are organized under `.claude/projects/js-to-ts/`*
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,36 +0,0 @@
-# .coveragerc to control coverage.py
-[run]
-branch = True
-source = superset
-# omit = bad_file.py
-
-[paths]
-source =
-    superset/
-    */site-packages/
-
-[report]
-# Regexes for lines to exclude from consideration
-exclude_lines =
-    # Have to re-enable the standard pragma
-    pragma: no cover
-
-    # Don't complain about missing debug-only code:
-    def __repr__
-    if self\.debug
-
-    # Don't complain if tests don't hit defensive assertion code:
-    raise AssertionError
-    raise NotImplementedError
-
-    # Don't complain if non-runnable code isn't run:
-    if 0:
-    if __name__ == .__main__.:
-
-    # Ignore importlib backport
-    from importlib
-
-    if TYPE_CHECKING:
-
-#fail_under = 100
-show_missing = True
--- a/.cursor/rules/dev-standard.mdc
+++ b/.cursor/rules/dev-standard.mdc
@@ -1,125 +0,0 @@
---
-description: Apache Superset development standards and guidelines for Cursor IDE
-globs: ["**/*.py", "**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.sql", "**/*.md"]
-alwaysApply: true
---
-
-# Apache Superset Development Standards for Cursor IDE
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **NO Enzyme** - Use React Testing Library/Jest (Enzyme fully removed)
- **Use @superset-ui/core** - Don't import Ant Design directly
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over Cypress end-to-end tests
- **Cypress is last resort** - Actively moving away from Cypress
- **Use Jest + React Testing Library** for component testing
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-## Code Standards
-
-### TypeScript Frontend
- **NO `any` types** - Use proper TypeScript
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state, hooks for local
-
-### Python Backend
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like LLMS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-## Key Directory Structure
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Architecture Patterns
-
-### Dataset-Centric Approach
-Charts built from enriched datasets containing:
- Dimension columns with labels/descriptions
- Predefined metrics as SQL expressions
- Self-service analytics within defined contexts
-
-### Security & Features
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# Quick validation (faster than --all-files)
-pre-commit run                    # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-## Development Guidelines
-
- **Documentation**: Update docs/ for any user-facing changes
- **Breaking Changes**: Add to UPDATING.md
- **Docstrings**: Required for new functions/classes
- **Follow existing patterns**: Mimic code style, use existing libraries and utilities
- **Type Safety**: This codebase is actively modernizing toward full TypeScript and type safety
- **Always run `pre-commit run`** to validate changes before committing
-
---
-
-**Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,20 +0,0 @@
-# Keep this in sync with the base image in the main Dockerfile (ARG PY_VER)
-FROM python:3.11.13-trixie AS base
-
-# Install system dependencies that Superset needs
-# This layer will be cached across Codespace sessions
-RUN apt-get update && apt-get install -y \
-    libsasl2-dev \
-    libldap2-dev \
-    libpq-dev \
-    tmux \
-    gh \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install uv for fast Python package management
-# This will also be cached in the image
-RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
-    echo 'export PATH="/root/.cargo/bin:$PATH"' >> /etc/bash.bashrc
-
-# Set the cargo/bin directory in PATH for all users
-ENV PATH="/root/.cargo/bin:${PATH}"
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -1,5 +0,0 @@
-# Superset Development with GitHub Codespaces
-
-For complete documentation on using GitHub Codespaces with Apache Superset, please see:
-
-**[Setting up a Development Environment - GitHub Codespaces](https://superset.apache.org/docs/contributing/development#github-codespaces-cloud-development)**
--- a/.devcontainer/bashrc-additions
+++ b/.devcontainer/bashrc-additions
@@ -1,62 +0,0 @@
-# Superset Codespaces environment setup
-# This file is appended to ~/.bashrc during Codespace setup
-
-# Find the workspace directory (handles both 'superset' and 'superset-2' names)
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-
-if [ -n "$WORKSPACE_DIR" ]; then
-    # Check if virtual environment exists
-    if [ -d "$WORKSPACE_DIR/.venv" ]; then
-        # Activate the virtual environment
-        source "$WORKSPACE_DIR/.venv/bin/activate"
-        echo "✅ Python virtual environment activated"
-
-        # Verify pre-commit is installed and set up
-        if command -v pre-commit &> /dev/null; then
-            echo "✅ pre-commit is available ($(pre-commit --version))"
-            # Install git hooks if not already installed
-            if [ -d "$WORKSPACE_DIR/.git" ] && [ ! -f "$WORKSPACE_DIR/.git/hooks/pre-commit" ]; then
-                echo "🪝 Installing pre-commit hooks..."
-                cd "$WORKSPACE_DIR" && pre-commit install
-            fi
-        else
-            echo "⚠️  pre-commit not found. Run: pip install pre-commit"
-        fi
-    else
-        echo "⚠️  Python virtual environment not found at $WORKSPACE_DIR/.venv"
-        echo "   Run: cd $WORKSPACE_DIR && .devcontainer/setup-dev.sh"
-    fi
-
-    # Always cd to the workspace directory for convenience
-    cd "$WORKSPACE_DIR"
-fi
-
-# Add helpful aliases for Superset development
-alias start-superset="$WORKSPACE_DIR/.devcontainer/start-superset.sh"
-alias setup-dev="$WORKSPACE_DIR/.devcontainer/setup-dev.sh"
-
-# Show helpful message on login
-echo ""
-echo "🚀 Superset Codespaces Environment"
-echo "=================================="
-
-# Check if Superset is running
-if docker ps 2>/dev/null | grep -q "superset"; then
-    echo "✅ Superset is running!"
-    echo "   - Check the 'Ports' tab for your live Superset URL"
-    echo "   - Initial startup takes 10-20 minutes"
-    echo "   - Login: admin/admin"
-else
-    echo "⚠️  Superset is not running. Use: start-superset"
-    # Check if there's a startup log
-    if [ -f "/tmp/superset-startup.log" ]; then
-        echo "   📋 Startup log found: cat /tmp/superset-startup.log"
-    fi
-fi
-
-echo ""
-echo "Quick commands:"
-echo "  start-superset - Start Superset with Docker Compose"
-echo "  setup-dev      - Set up Python environment (if not already done)"
-echo "  pre-commit run - Run pre-commit checks on staged files"
-echo ""
--- a/.devcontainer/build-and-push-image.sh
+++ b/.devcontainer/build-and-push-image.sh
@@ -1,20 +0,0 @@
-#!/bin/bash
-# Script to build and push the devcontainer image to GitHub Container Registry
-# This allows caching the image between Codespace sessions
-
-# You'll need to run this with appropriate GitHub permissions
-# gh auth login --scopes write:packages
-
-REGISTRY="ghcr.io"
-OWNER="apache"
-REPO="superset"
-TAG="devcontainer-base"
-
-echo "Building devcontainer image..."
-docker build -t $REGISTRY/$OWNER/$REPO:$TAG .devcontainer/
-
-echo "Pushing to GitHub Container Registry..."
-docker push $REGISTRY/$OWNER/$REPO:$TAG
-
-echo "Done! Update .devcontainer/devcontainer.json to use:"
-echo "  \"image\": \"$REGISTRY/$OWNER/$REPO:$TAG\""
--- a/.devcontainer/default/devcontainer.json
+++ b/.devcontainer/default/devcontainer.json
@@ -1,19 +0,0 @@
-{
-  // Extend the base configuration
-  "extends": "../devcontainer-base.json",
-
-  "name": "Apache Superset Development (Default)",
-
-  // Forward ports for development
-  "forwardPorts": [9001],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    }
-  },
-
-  // Auto-start Superset on Codespace resume
-  "postStartCommand": ".devcontainer/start-superset.sh"
-}
--- a/.devcontainer/devcontainer-base.json
+++ b/.devcontainer/devcontainer-base.json
@@ -1,39 +0,0 @@
-{
-  "name": "Apache Superset Development",
-  // Keep this in sync with the base image in Dockerfile (ARG PY_VER)
-  // Using the same base as Dockerfile, but non-slim for dev tools
-  "image": "python:3.11.13-bookworm",
-
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "moby": true,
-      "dockerDashComposeVersion": "v2"
-    },
-    "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
-    },
-    "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/common-utils:2": {
-      "configureZshAsDefaultShell": true
-    },
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
-    }
-  },
-
-  // Run commands after container is created
-  "postCreateCommand": "chmod +x .devcontainer/setup-dev.sh && .devcontainer/setup-dev.sh",
-
-  // VS Code customizations
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-python.python",
-        "ms-python.vscode-pylance",
-        "charliermarsh.ruff",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode"
-      ]
-    }
-  }
-}
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,66 +0,0 @@
-{
-  "name": "Apache Superset Development",
-  // Option 1: Use pre-built image directly
-  // "image": "ghcr.io/apache/superset:devcontainer-base",
-
-  // Option 2: Build from Dockerfile with cache (current approach)
-  "build": {
-    "dockerfile": "Dockerfile",
-    "context": ".",
-    // Cache from the Apache registry image
-    "cacheFrom": ["ghcr.io/apache/superset:devcontainer-base"]
-  },
-
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "moby": true,
-      "dockerDashComposeVersion": "v2"
-    },
-    "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
-    },
-    "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/common-utils:2": {
-      "configureZshAsDefaultShell": true
-    },
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
-    }
-  },
-
-  // Forward ports for development
-  "forwardPorts": [9001],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    }
-  },
-
-  // Run commands after container is created
-  "postCreateCommand": "bash .devcontainer/setup-dev.sh || echo '⚠️ Setup had issues - run .devcontainer/setup-dev.sh manually'",
-
-  // Auto-start Superset after ensuring Docker is ready
-  // Run in foreground to see any errors, but don't block on failures
-  "postStartCommand": "bash -c 'echo \"Waiting 30s for services to initialize...\"; sleep 30; .devcontainer/start-superset.sh || echo \"⚠️ Auto-start failed - run start-superset manually\"'",
-
-  // Set environment variables
-  "remoteEnv": {
-    // Removed automatic venv activation to prevent startup issues
-    // The setup script will handle this
-  },
-
-  // VS Code customizations
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-python.python",
-        "ms-python.vscode-pylance",
-        "charliermarsh.ruff",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode"
-      ]
-    }
-  }
-}
--- a/.devcontainer/setup-dev.sh
+++ b/.devcontainer/setup-dev.sh
@@ -1,32 +0,0 @@
-#!/bin/bash
-# Setup script for Superset Codespaces development environment
-
-echo "🔧 Setting up Superset development environment..."
-
-# The universal image has most tools, just need Superset-specific libs
-echo "📦 Installing Superset-specific dependencies..."
-sudo apt-get update
-sudo apt-get install -y \
-    libsasl2-dev \
-    libldap2-dev \
-    libpq-dev \
-    tmux \
-    gh
-
-# Install uv for fast Python package management
-echo "📦 Installing uv..."
-curl -LsSf https://astral.sh/uv/install.sh | sh
-
-# Add cargo/bin to PATH for uv
-echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
-echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.zshrc
-
-# Install Claude Code CLI via npm
-echo "🤖 Installing Claude Code..."
-npm install -g @anthropic-ai/claude-code
-
-# Make the start script executable
-chmod +x .devcontainer/start-superset.sh
-
-echo "✅ Development environment setup complete!"
-echo "🚀 Run '.devcontainer/start-superset.sh' to start Superset"
--- a/.devcontainer/start-superset.sh
+++ b/.devcontainer/start-superset.sh
@@ -1,69 +0,0 @@
-#!/bin/bash
-# Startup script for Superset in Codespaces
-
-echo "🚀 Starting Superset in Codespaces..."
-echo "🌐 Frontend will be available at port 9001"
-
-# Check if MCP is enabled
-if [ "$ENABLE_MCP" = "true" ]; then
-    echo "🤖 MCP Service will be available at port 5008"
-fi
-
-# Find the workspace directory (Codespaces clones as 'superset', not 'superset-2')
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-if [ -n "$WORKSPACE_DIR" ]; then
-    cd "$WORKSPACE_DIR"
-    echo "📁 Working in: $WORKSPACE_DIR"
-else
-    echo "📁 Using current directory: $(pwd)"
-fi
-
-# Check if docker is running
-if ! docker info > /dev/null 2>&1; then
-    echo "⏳ Waiting for Docker to start..."
-    sleep 5
-fi
-
-# Clean up any existing containers
-echo "🧹 Cleaning up existing containers..."
-docker-compose -f docker-compose-light.yml --profile mcp down
-
-# Start services
-echo "🏗️  Building and starting services..."
-echo ""
-echo "📝 Once started, login with:"
-echo "   Username: admin"
-echo "   Password: admin"
-echo ""
-echo "📋 Running in foreground with live logs (Ctrl+C to stop)..."
-
-# Run docker-compose and capture exit code
-if [ "$ENABLE_MCP" = "true" ]; then
-    echo "🤖 Starting with MCP Service enabled..."
-    docker-compose -f docker-compose-light.yml --profile mcp up
-else
-    docker-compose -f docker-compose-light.yml up
-fi
-EXIT_CODE=$?
-
-# If it failed, provide helpful instructions
-if [ $EXIT_CODE -ne 0 ] && [ $EXIT_CODE -ne 130 ]; then  # 130 is Ctrl+C
-    echo ""
-    echo "❌ Superset startup failed (exit code: $EXIT_CODE)"
-    echo ""
-    echo "🔄 To restart Superset, run:"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "🔧 For troubleshooting:"
-    echo "   # View logs:"
-    echo "   docker-compose -f docker-compose-light.yml logs"
-    echo ""
-    echo "   # Clean restart (removes volumes):"
-    echo "   docker-compose -f docker-compose-light.yml down -v"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "   # Common issues:"
-    echo "   - Network timeouts: Just retry, often transient"
-    echo "   - Port conflicts: Check 'docker ps'"
-    echo "   - Database issues: Try clean restart with -v"
-fi
--- a/.devcontainer/with-mcp/devcontainer.json
+++ b/.devcontainer/with-mcp/devcontainer.json
@@ -1,29 +0,0 @@
-{
-  // Extend the base configuration
-  "extends": "../devcontainer-base.json",
-
-  "name": "Apache Superset Development with MCP",
-
-  // Forward ports for development
-  "forwardPorts": [9001, 5008],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    },
-    "5008": {
-      "label": "MCP Service (Model Context Protocol)",
-      "onAutoForward": "notify",
-      "visibility": "private"
-    }
-  },
-
-  // Auto-start Superset with MCP on Codespace resume
-  "postStartCommand": "ENABLE_MCP=true .devcontainer/start-superset.sh",
-
-  // Environment variables
-  "containerEnv": {
-    "ENABLE_MCP": "true"
-  }
-}
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,3 @@
 docker/**/*.sh text eol=lf
 *.svg binary
 *.ipynb binary
-*.geojson binary
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@

 # https://github.com/apache/superset/issues/13351

-/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho @sadpandajoe
+/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho

 # Notify some committers of changes in the components

@@ -16,11 +16,11 @@

 # Notify E2E test maintainers of changes

-/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida @mistercrunch
+/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida

 # Notify PMC members of changes to GitHub Actions

-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar

 # Notify PMC members of changes to required GitHub Actions

@@ -30,13 +30,3 @@

 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas
-
-# Notify PMC members of changes to extension-related files
-
-/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-extensions-cli/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/packages/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -41,8 +41,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
-        - "5.0.0"
-        - "4.1.3"
+        - "4.1.1"
+        - "4.0.2"
    validations:
      required: true
  - type: dropdown
--- a/.github/actions/change-detector/action.yml
+++ b/.github/actions/change-detector/action.yml
@@ -1,27 +1,24 @@
-name: Change Detector
-description: Detects file changes for pull request and push events
+name: 'Change Detector'
+description: 'Detects file changes for pull request and push events'
 inputs:
  token:
-    description: GitHub token for authentication
+    description: 'GitHub token for authentication'
    required: true
 outputs:
  python:
-    description: Whether Python-related files were changed
+    description: 'Whether Python-related files were changed'
    value: ${{ steps.change-detector.outputs.python }}
  frontend:
-    description: Whether frontend-related files were changed
+    description: 'Whether frontend-related files were changed'
    value: ${{ steps.change-detector.outputs.frontend }}
  docker:
-    description: Whether docker-related files were changed
+    description: 'Whether docker-related files were changed'
    value: ${{ steps.change-detector.outputs.docker }}
  docs:
-    description: Whether docs-related files were changed
+    description: 'Whether docs-related files were changed'
    value: ${{ steps.change-detector.outputs.docs }}
-  superset-extensions-cli:
-    description: Whether superset-extensions-cli package-related files were changed
-    value: ${{ steps.change-detector.outputs.superset-extensions-cli }}
 runs:
-  using: composite
+  using: 'composite'
  steps:
    - name: Detect file changes
      id: change-detector
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +0,0 @@
-../AGENTS.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,24 +1,19 @@
 version: 2
-enable-beta-ecosystems: true
 updates:

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "daily"
+      interval: "monthly"

  - package-ecosystem: "npm"
    ignore:
      # not until React >= 18.0.0
      - dependency-name: "storybook"
      - dependency-name: "@storybook*"
-      # JSDOM v30 doesn't play well with Jest v30
-      # Source: https://jestjs.io/blog#known-issues
-      # GH thread: https://github.com/jsdom/jsdom/issues/3492
-      - dependency-name: "jest-environment-jsdom"
    directory: "/superset-frontend/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -26,35 +21,28 @@ updates:
    versioning-strategy: increase


-  # NOTE: `uv` support is in beta, more details here:
-  # https://github.com/dependabot/dependabot-core/pull/10040#issuecomment-2696978430
-  - package-ecosystem: "uv"
-    directory: "requirements/"
-    open-pull-requests-limit: 10
-    schedule:
-      interval: "weekly"
-    labels:
-      - uv
-      - dependabot
+  # - package-ecosystem: "pip"
+  # NOTE: as dependabot isn't compatible with our usage of `uv pip compile` we're using
+  # `supersetbot` instead

  - package-ecosystem: "npm"
    directory: ".github/actions"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase

  - package-ecosystem: "npm"
    directory: "/docs/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase

  - package-ecosystem: "npm"
    directory: "/superset-websocket/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -63,7 +51,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-websocket/utils/client-ws-app/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -75,7 +63,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-calendar/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -85,7 +73,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-histogram/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -95,7 +83,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-partition/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -105,7 +93,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-world-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -115,7 +103,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-pivot-table/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -125,7 +113,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-chord/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -135,7 +123,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-horizon/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -145,7 +133,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-rose/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -155,7 +143,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-deckgl/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -165,7 +153,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-table/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -175,7 +163,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-country-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -185,7 +173,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-map-box/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -195,7 +183,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -205,7 +193,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-nvd3/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -215,7 +203,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-word-cloud/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -225,7 +213,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-event-flow/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -235,7 +223,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-paired-t-test/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -245,7 +233,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey-loop/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -255,7 +243,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-echarts/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -265,7 +253,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/preset-chart-xy/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -275,7 +263,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-heatmap/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -285,7 +273,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-parallel-coordinates/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -295,7 +283,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sunburst/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -305,7 +293,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-handlebars/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -315,7 +303,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/generator-superset/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -325,7 +313,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-chart-controls/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -339,7 +327,7 @@ updates:
      - dependency-name: "react-markdown"
      - dependency-name: "remark-gfm"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -349,7 +337,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-demo/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -359,7 +347,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-switchboard/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -127,11 +127,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/es/**'

-"i18n:persian":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/fa/**'
-
 ############################################
 # Sub-projects and monorepo packages
 ############################################
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -145,7 +145,6 @@ cypress-install() {

 cypress-run-all() {
  local USE_DASHBOARD=$1
-  local APP_ROOT=$2
  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"

  # Start Flask and run it in background
@@ -153,12 +152,7 @@ cypress-run-all() {
  # so errors can print to stderr.
  local flasklog="${HOME}/flask.log"
  local port=8081
-  CYPRESS_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    CYPRESS_BASE_URL=${CYPRESS_BASE_URL}${APP_ROOT}
-  fi
-  export CYPRESS_BASE_URL
+  export CYPRESS_BASE_URL="http://localhost:${port}"

  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
  local flaskProcessId=$!
@@ -182,95 +176,6 @@ cypress-run-all() {
  kill $flaskProcessId
 }

-playwright-install() {
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Install Playwright browsers"
-  npx playwright install --with-deps chromium
-  # Create output directories for test results and debugging
-  mkdir -p playwright-results
-  mkdir -p test-results
-  say "::endgroup::"
-}
-
-playwright-run() {
-  local APP_ROOT=$1
-  local TEST_PATH=$2
-
-  # Start Flask from the project root (same as Cypress)
-  cd "$GITHUB_WORKSPACE"
-  local flasklog="${HOME}/flask-playwright.log"
-  local port=8081
-  PLAYWRIGHT_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    PLAYWRIGHT_BASE_URL=${PLAYWRIGHT_BASE_URL}${APP_ROOT}/
-  fi
-  export PLAYWRIGHT_BASE_URL
-
-  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
-  local flaskProcessId=$!
-
-  # Ensure cleanup on exit
-  trap "kill $flaskProcessId 2>/dev/null || true" EXIT
-
-  # Wait for server to be ready with health check
-  local timeout=60
-  say "Waiting for Flask server to start on port $port..."
-  while [ $timeout -gt 0 ]; do
-    if curl -f ${PLAYWRIGHT_BASE_URL}/health >/dev/null 2>&1; then
-      say "Flask server is ready"
-      break
-    fi
-    sleep 1
-    timeout=$((timeout - 1))
-  done
-
-  if [ $timeout -eq 0 ]; then
-    echo "::error::Flask server failed to start within 60 seconds"
-    echo "::group::Flask startup log"
-    cat "$flasklog"
-    echo "::endgroup::"
-    return 1
-  fi
-
-  # Change to frontend directory for Playwright execution
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Run Playwright tests"
-  echo "Running Playwright with baseURL: ${PLAYWRIGHT_BASE_URL}"
-  if [ -n "$TEST_PATH" ]; then
-    # Check if there are any test files in the specified path
-    if ! find "playwright/tests/${TEST_PATH}" -name "*.spec.ts" -type f 2>/dev/null | grep -q .; then
-      echo "No test files found in ${TEST_PATH} - skipping test run"
-      say "::endgroup::"
-      kill $flaskProcessId
-      return 0
-    fi
-    echo "Running tests: ${TEST_PATH}"
-    # Set INCLUDE_EXPERIMENTAL=true to allow experimental tests to run
-    export INCLUDE_EXPERIMENTAL=true
-    npx playwright test "${TEST_PATH}" --output=playwright-results
-    local status=$?
-    # Unset to prevent leaking into subsequent commands
-    unset INCLUDE_EXPERIMENTAL
-  else
-    echo "Running all required tests (experimental/ excluded via playwright.config.ts)"
-    npx playwright test --output=playwright-results
-    local status=$?
-  fi
-  say "::endgroup::"
-
-  # After job is done, print out Flask log for debugging
-  echo "::group::Flask log for Playwright run"
-  cat "$flasklog"
-  echo "::endgroup::"
-  # make sure the program exits
-  kill $flaskProcessId
-
-  return $status
-}
-
 eyes-storybook-dependencies() {
  say "::group::install eyes-storyook dependencies"
  sudo apt-get update -y && sudo apt-get -y install gconf-service ca-certificates libxshmfence-dev fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libgconf-2-4 libglib2.0-0 libgdk-pixbuf2.0-0 libgtk-3-0 libnspr4 libnss3 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 lsb-release xdg-utils libappindicator1
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -32,7 +32,7 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: true
          ref: master
@@ -41,7 +41,7 @@ jobs:
        uses: ./.github/actions/setup-supersetbot/

      - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "3.10"

--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -31,7 +31,7 @@ jobs:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        if: steps.check_queued.outputs.count >= 20
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

      - name: Cancel duplicate workflow runs
        if: steps.check_queued.outputs.count >= 20
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -17,18 +17,13 @@ jobs:
  check-python-deps:
    runs-on: ubuntu-22.04
    steps:
+
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-          fetch-depth: 1
-
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          depth: 1

      - name: Setup Python
        if: steps.check.outputs.python
@@ -39,20 +34,10 @@ jobs:
        run: ./scripts/uv-pip-compile.sh

      - name: Check for uncommitted changes
-        if: steps.check.outputs.python
        run: |
-          echo "Full diff (for logging/debugging):"
-          git diff
-
-          echo "Filtered diff (excluding comments and whitespace):"
-          filtered_diff=$(git diff -U0 | grep '^[-+]' | grep -vE '^[-+]{3}' | grep -vE '^[-+][[:space:]]*#' | grep -vE '^[-+][[:space:]]*$' || true)
-          echo "$filtered_diff"
-
-          if [[ -n "$filtered_diff" ]]; then
-            echo
+          if [[ -n "$(git diff)" ]]; then
            echo "ERROR: The pinned dependencies are not up-to-date."
            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
-            echo "More info: https://github.com/apache/superset/tree/master/requirements"
            exit 1
          else
            echo "Pinned dependencies are up-to-date."
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -25,9 +25,9 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
      - name: Check and notify
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{ github.token }}
          script: |
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -1,82 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-
-jobs:
-  check-permissions:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
-    runs-on: ubuntu-latest
-    outputs:
-      allowed: ${{ steps.check.outputs.allowed }}
-    steps:
-      - name: Check if user is allowed
-        id: check
-        run: |
-          # List of allowed users
-          ALLOWED_USERS="mistercrunch,rusackas"
-
-          # Get the commenter's username
-          COMMENTER="${{ github.event.comment.user.login }}"
-
-          echo "Checking permissions for user: $COMMENTER"
-
-          # Check if user is in allowed list
-          if [[ ",$ALLOWED_USERS," == *",$COMMENTER,"* ]]; then
-            echo "allowed=true" >> $GITHUB_OUTPUT
-            echo "✅ User $COMMENTER is allowed to use Claude"
-          else
-            echo "allowed=false" >> $GITHUB_OUTPUT
-            echo "❌ User $COMMENTER is not allowed to use Claude"
-          fi
-
-  deny-access:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'false'
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - name: Comment access denied
-        uses: actions/github-script@v8
-        with:
-          script: |
-            const message = `👋 Hi @${{ github.event.comment.user.login || github.event.review.user.login || github.event.issue.user.login }}!
-
-            Thanks for trying to use Claude Code, but currently only certain team members have access to this feature.
-
-            If you believe you should have access, please contact a project maintainer.`;
-
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-              body: message
-            });
-
-  claude-code-action:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'true'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      id-token: write
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
-      with:
-        fetch-depth: 1
-
-    - name: Run Claude PR Action
-      uses: anthropics/claude-code-action@beta
-      with:
-        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-        timeout_minutes: "60"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -31,7 +31,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

      - name: Check for file changes
        id: check
@@ -41,7 +41,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,6 +53,6 @@ jobs:

      - name: Perform CodeQL Analysis
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
      - name: "Dependency Review"
        uses: actions/dependency-review-action@v4
        continue-on-error: true
@@ -48,12 +48,10 @@ jobs:
          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1

  python-dependency-liccheck:
-    # NOTE: Configuration for liccheck lives in our pyproject.yml.
-    # You cannot use a liccheck.ini file in this workflow.
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT

@@ -42,7 +42,7 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

@@ -102,7 +102,7 @@ jobs:
          docker history $IMAGE_TAG

      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'dev'
+        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
        shell: bash
        run: |
          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
@@ -111,13 +111,10 @@ jobs:
          docker compose up superset-init --exit-code-from superset-init

  docker-compose-image-tag:
-    # Run this job only on pushes to master (not for PRs)
-    # goal is to check that building the latest image works, not required for all PR pushes
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Check for file changes
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -28,10 +28,10 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v5
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm run ci:release
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -18,10 +18,10 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v5
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm test
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -1,10 +1,4 @@
-name: Cleanup ephemeral envs (PR close) [DEPRECATED]
-
-# ⚠️  DEPRECATION NOTICE ⚠️
-# This workflow is deprecated and will be removed in a future version.
-# The new Superset Showtime workflow handles cleanup automatically.
-# See .github/workflows/showtime.yml and showtime-cleanup.yml for replacements.
-# Migration guide: https://github.com/mistercrunch/superset-showtime
+name: Cleanup ephemeral envs (PR close)

 on:
  pull_request_target:
@@ -33,7 +27,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v5
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -69,7 +63,7 @@ jobs:

      - name: Comment (success)
        if: steps.describe-services.outputs.active == 'true'
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
@@ -77,5 +71,5 @@ jobs:
              issue_number: ${{ github.event.number }},
              owner: context.repo.owner,
              repo: context.repo.repo,
-              body: '⚠️ **DEPRECATED WORKFLOW** - Ephemeral environment shutdown and build artifacts deleted. Please migrate to the new Superset Showtime system for future PRs.'
+              body: 'Ephemeral environment shutdown and build artifacts deleted.'
            })
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -1,12 +1,4 @@
-name: Ephemeral env workflow [DEPRECATED]
-
-# ⚠️  DEPRECATION NOTICE ⚠️
-# This workflow is deprecated and will be removed in a future version.
-# Please use the new Superset Showtime workflow instead:
-# - Use label "🎪 trigger-start" instead of "testenv-up"
-# - Showtime provides better reliability and easier management
-# - See .github/workflows/showtime.yml for the replacement
-# - Migration guide: https://github.com/mistercrunch/superset-showtime
+name: Ephemeral env workflow

 # Example manual trigger:
 # gh workflow run ephemeral-env.yml --ref fix_ephemerals --field label_name="testenv-up" --field issue_number=666
@@ -63,7 +55,7 @@ jobs:
      - name: Get event SHA
        id: get-sha
        if: steps.eval-label.outputs.result == 'up'
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -94,7 +86,7 @@ jobs:
            core.setOutput("sha", prSha);

      - name: Looking for feature flags in PR description
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        id: eval-feature-flags
        if: steps.eval-label.outputs.result == 'up'
        with:
@@ -116,7 +108,7 @@ jobs:
            return results;

      - name: Reply with confirmation comment
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        if: steps.eval-label.outputs.result == 'up'
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -134,14 +126,7 @@ jobs:
              throw new Error("Issue number is not available.");
            }

-            const body = `⚠️ **DEPRECATED WORKFLOW** ⚠️\n\n@${user} This workflow is deprecated! Please use the new **Superset Showtime** system instead:\n\n` +
-              `- Replace "testenv-up" label with "🎪 trigger-start"\n` +
-              `- Better reliability and easier management\n` +
-              `- See https://github.com/mistercrunch/superset-showtime for details\n\n` +
-              `Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.` +
-              ` More information on [how to use or configure ephemeral environments]` +
-              `(https://superset.apache.org/docs/contributing/howtos/#github-ephemeral-environments)`;
-
+            const body = `@${user} Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.`;

            await github.rest.issues.createComment({
              owner: context.repo.owner,
@@ -160,7 +145,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ needs.ephemeral-env-label.outputs.sha }} : ${{steps.get-sha.outputs.sha}} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          ref: ${{ needs.ephemeral-env-label.outputs.sha }}
          persist-credentials: false
@@ -189,7 +174,7 @@ jobs:
            --extra-flags "--build-arg INCLUDE_CHROMIUM=false"

      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v5
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -220,12 +205,12 @@ jobs:
      pull-requests: write

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v5
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -248,7 +233,7 @@ jobs:

      - name: Fail on missing container image
        if: steps.check-image.outcome == 'failure'
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{ github.token }}
          script: |
@@ -311,14 +296,14 @@ jobs:
      - name: Get network interface
        id: get-eni
        run: |
-          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name=="networkInterfaceId"))[0].value')" >> $GITHUB_OUTPUT
+          echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks[0].attachments[0].details | map(select(.name==\"networkInterfaceId\"))[0].value')" >> $GITHUB_OUTPUT
      - name: Get public IP
        id: get-ip
        run: |
          echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
      - name: Comment (success)
        if: ${{ success() }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
@@ -331,7 +316,7 @@ jobs:
            });
      - name: Comment (failure)
        if: ${{ failure() }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -27,12 +27,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: "11"
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -14,10 +14,10 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

      - name: Set up Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
          node-version: '20'

--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -17,7 +17,7 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -9,7 +9,7 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-24.04
    steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v5
      with:
        sync-labels: true

--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -12,7 +12,7 @@ jobs:

    steps:
    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-      uses: actions/checkout@v5
+      uses: actions/checkout@v4
      with:
        persist-credentials: false
        submodules: recursive
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -15,12 +15,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '11'
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
    - name: Check for 'hold' label
-      uses: actions/github-script@v8
+      uses: actions/github-script@v7
      with:
        github-token: ${{secrets.GITHUB_TOKEN}}
        script: |
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -18,10 +18,10 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "previous"]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -38,47 +38,14 @@ jobs:
          echo "HOMEBREW_CELLAR=$HOMEBREW_CELLAR" >>"${GITHUB_ENV}"
          echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
          brew install norwoodj/tap/helm-docs
-      - name: Setup Node.js
-        uses: actions/setup-node@v5
-        with:
-          node-version: '20'
-
-      - name: Install Frontend Dependencies
-        run: |
-          cd superset-frontend
-          npm ci
-
-      - name: Install Docs Dependencies
-        run: |
-          cd docs
-          yarn install --immutable
-
-      - name: Cache pre-commit environments
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/pre-commit
-          key: pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}
-          restore-keys: |
-            pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-
-
      - name: pre-commit
        run: |
          set +e  # Don't exit immediately on failure
-          export SKIP=eslint-frontend,type-checking-frontend
+          # Skip eslint as it requires `npm ci` and is executed in another job
+          export SKIP=eslint
          pre-commit run --all-files
-          PRE_COMMIT_EXIT_CODE=$?
-          git diff --quiet --exit-code
-          GIT_DIFF_EXIT_CODE=$?
-          if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ] || [ "${GIT_DIFF_EXIT_CODE}" -ne 0 ]; then
-            if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ]; then
-              echo "❌ Pre-commit check failed (exit code: ${EXIT_CODE})."
-            else
-              echo "❌ Git working directory is dirty."
-              echo "📌 This likely means that pre-commit made changes that were not committed."
-              echo "🔍 Modified files:"
-              git diff --name-only
-            fi
-
+          if [ $? -ne 0 ] || ! git diff --quiet --exit-code; then
+            echo "❌ Pre-commit check failed."
            echo "🚒 To prevent/address this CI issue, please install/use pre-commit locally."
            echo "📖 More details here: https://superset.apache.org/docs/contributing/development#git-hooks"
            exit 1
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -27,7 +27,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,9 +24,15 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
+
    runs-on: ubuntu-24.04
+
+    strategy:
+      matrix:
+        node-version: [20]
+
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
        with:
          # pulls all commits (needed for lerna / semantic release to correctly version)
          fetch-depth: 0
@@ -40,11 +46,11 @@ jobs:
          git fetch --prune --unshallow
          git tag -d `git tag | grep -E '^trigger-'`

-      - name: Install Node.js
+      - name: Use Node.js ${{ matrix.node-version }}
        if: env.HAS_TAGS
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node-version }}

      - name: Cache npm
        if: env.HAS_TAGS
--- a/.github/workflows/showtime-cleanup.yml
+++ b/.github/workflows/showtime-cleanup.yml
@@ -1,50 +0,0 @@
-name: 🎪 Showtime Cleanup
-
-# Scheduled cleanup of expired environments
-on:
-  schedule:
-    - cron: '0 */6 * * *'  # Every 6 hours
-
-  # Manual trigger for testing
-  workflow_dispatch:
-    inputs:
-      max_age_hours:
-        description: 'Maximum age in hours before cleanup'
-        required: false
-        default: '48'
-        type: string
-
-# Common environment variables
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_REGION: ${{ vars.AWS_REGION || 'us-west-2' }}
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-
-jobs:
-  cleanup-expired:
-    name: Clean up expired showtime environments
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Install Superset Showtime
-        run: pip install superset-showtime
-
-      - name: Cleanup expired environments
-        run: |
-          MAX_AGE="${{ github.event.inputs.max_age_hours || '48' }}"
-
-          # Validate max_age is numeric
-          if [[ ! "$MAX_AGE" =~ ^[0-9]+$ ]]; then
-            echo "❌ Invalid max_age_hours format: $MAX_AGE (must be numeric)"
-            exit 1
-          fi
-
-          echo "Cleaning up environments older than ${MAX_AGE}h"
-          python -m showtime cleanup --older-than "${MAX_AGE}h"
--- a/.github/workflows/showtime-trigger.yml
+++ b/.github/workflows/showtime-trigger.yml
@@ -1,179 +0,0 @@
-name: 🎪 Superset Showtime
-
-# Ultra-simple: just sync on any PR state change
-on:
-  pull_request_target:
-    types: [labeled, unlabeled, synchronize, closed]
-
-  # Manual testing
-  workflow_dispatch:
-    inputs:
-      pr_number:
-        description: 'PR number to sync'
-        required: true
-        type: number
-      sha:
-        description: 'Specific SHA to deploy (optional, defaults to latest)'
-        required: false
-        type: string
-
-# Common environment variables for all jobs (non-sensitive only)
-env:
-  AWS_REGION: us-west-2
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-  GITHUB_ACTOR: ${{ github.actor }}
-
-jobs:
-  sync:
-    name: 🎪 Sync PR to desired state
-    runs-on: ubuntu-latest
-    timeout-minutes: 90
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Security Check - Authorize Maintainers Only
-        id: auth
-        uses: actions/github-script@v8
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          script: |
-            const actor = context.actor;
-            console.log(`🔍 Checking authorization for ${actor}`);
-
-            // Early exit for workflow_dispatch - assume authorized since it's manually triggered
-            if (context.eventName === 'workflow_dispatch') {
-              console.log(`✅ Workflow dispatch event - assuming authorized for ${actor}`);
-              core.setOutput('authorized', 'true');
-              return;
-            }
-
-            const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              username: actor
-            });
-
-            console.log(`📊 Permission level for ${actor}: ${permission.permission}`);
-            const authorized = ['write', 'admin'].includes(permission.permission);
-
-            // If this is a synchronize event from unauthorized user, check if Showtime is active and set blocked label
-            if (!authorized && context.eventName === 'pull_request_target' && context.payload.action === 'synchronize') {
-              console.log(`🔒 Synchronize event detected - checking if Showtime is active`);
-
-              // Check if PR has any circus tent labels (Showtime is in use)
-              const { data: issue } = await github.rest.issues.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number
-              });
-
-              const hasCircusLabels = issue.labels.some(label => label.name.startsWith('🎪 '));
-
-              if (hasCircusLabels) {
-                console.log(`🎪 Circus labels found - setting blocked label to prevent auto-deployment`);
-
-                await github.rest.issues.addLabels({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: context.payload.pull_request.number,
-                  labels: ['🎪 🔒 showtime-blocked']
-                });
-
-                console.log(`✅ Blocked label set - Showtime will detect and skip operations`);
-              } else {
-                console.log(`ℹ️ No circus labels found - Showtime not in use, skipping block`);
-              }
-            }
-
-            if (!authorized) {
-              console.log(`🚨 Unauthorized user ${actor} - skipping all operations`);
-              core.setOutput('authorized', 'false');
-              return;
-            }
-
-            console.log(`✅ Authorized maintainer: ${actor}`);
-            core.setOutput('authorized', 'true');
-
-      - name: Install Superset Showtime
-        if: steps.auth.outputs.authorized == 'true'
-        run: |
-          echo "::notice::Maintainer ${{ github.actor }} triggered deploy for PR ${{ github.event.pull_request.number || github.event.inputs.pr_number }}"
-          pip install --upgrade superset-showtime
-          showtime version
-
-      - name: Check what actions are needed
-        if: steps.auth.outputs.authorized == 'true'
-        id: check
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Bulletproof PR number extraction
-          if [[ -n "${{ github.event.pull_request.number }}" ]]; then
-            PR_NUM="${{ github.event.pull_request.number }}"
-          elif [[ -n "${{ github.event.inputs.pr_number }}" ]]; then
-            PR_NUM="${{ github.event.inputs.pr_number }}"
-          else
-            echo "❌ No PR number found in event or inputs"
-            exit 1
-          fi
-
-          echo "Using PR number: $PR_NUM"
-
-          # Run sync check-only with optional SHA override
-          if [[ -n "${{ github.event.inputs.sha }}" ]]; then
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${{ github.event.inputs.sha }}")
-          else
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only)
-          fi
-          echo "$OUTPUT"
-
-          # Extract the outputs we need for conditional steps
-          BUILD=$(echo "$OUTPUT" | grep "build_needed=" | cut -d'=' -f2)
-          SYNC=$(echo "$OUTPUT" | grep "sync_needed=" | cut -d'=' -f2)
-          PR_NUM_OUT=$(echo "$OUTPUT" | grep "pr_number=" | cut -d'=' -f2)
-          TARGET_SHA=$(echo "$OUTPUT" | grep "target_sha=" | cut -d'=' -f2)
-
-          echo "build_needed=$BUILD" >> $GITHUB_OUTPUT
-          echo "sync_needed=$SYNC" >> $GITHUB_OUTPUT
-          echo "pr_number=$PR_NUM_OUT" >> $GITHUB_OUTPUT
-          echo "target_sha=$TARGET_SHA" >> $GITHUB_OUTPUT
-
-      - name: Checkout PR code (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ steps.check.outputs.target_sha }}
-          persist-credentials: false
-
-      - name: Setup Docker Environment (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
-          install-docker-compose: "false"
-
-      - name: Execute sync (handles everything)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.sync_needed == 'true'
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-        run: |
-          PR_NUM="${{ steps.check.outputs.pr_number }}"
-          TARGET_SHA="${{ steps.check.outputs.target_sha }}"
-          if [[ -n "$TARGET_SHA" ]]; then
-            python -m showtime sync $PR_NUM --sha "$TARGET_SHA"
-          else
-            python -m showtime sync $PR_NUM
-          fi
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -26,6 +26,7 @@ jobs:
      fail-fast: false
      matrix:
        browser: ["chrome"]
+        node: [20]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -39,7 +40,7 @@ jobs:
      APPLITOOLS_BATCH_NAME: Superset Cypress
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -51,7 +52,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -63,9 +64,9 @@ jobs:
        with:
          run: testdata
      - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -28,17 +28,20 @@ jobs:
    needs: config
    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        node: [20]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          ref: master
      - name: Set up Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node }}
      - name: Install eyes-storybook dependencies
        uses: ./.github/actions/cached-dependencies
        with:
--- a/.github/workflows/superset-app-cli.yml
+++ b/.github/workflows/superset-app-cli.yml
@@ -1,4 +1,4 @@
-name: Superset App CLI tests
+name: Superset CLI tests

 on:
  push:
@@ -23,7 +23,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -37,7 +37,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -31,17 +31,17 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
-        uses: actions/setup-node@v5
+      - name: Set up Node.js 20
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
-      - uses: actions/setup-java@v5
+      - uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '21'
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -18,17 +18,15 @@ jobs:
    name: Link Checking
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
      # Do not bump this linkinator-action version without opening
-      # an ASF Infra ticket to allow the new version first!
-      - uses: JustinBeckwith/linkinator-action@3d5ba091319fa7b0ac14703761eebb7d100e6f6d  # v1.11.0
+      # an ASF Infra ticket to allow the new verison first!
+      - uses: JustinBeckwith/linkinator-action@v1.11.0
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
-          paths: "**/*.md, **/*.mdx"
+          paths: "**/*.md, **/*.mdx, !superset-frontend/CHANGELOG.md"
          linksToSkip: >-
-            ^https://github.com/apache/(superset|incubator-superset)/(pull|issues)/\d+,
-            ^https://github.com/apache/(superset|incubator-superset)/commit/[a-f0-9]+,
-            superset-frontend/.*CHANGELOG\.md,
+            ^https://github.com/apache/(superset|incubator-superset)/(pull|issue)/\d+,
            http://localhost:8088/,
            http://127.0.0.1:3000/,
            http://localhost:9001/,
@@ -43,12 +41,12 @@ jobs:
            http://theiconic.com.au/,
            https://dev.mysql.com/doc/refman/5.7/en/innodb-limits.html,
            ^https://img\.shields\.io/.*,
-            https://vkusvill.ru/,
-            https://www.linkedin.com/in/mark-thomas-b16751158/,
-            https://theiconic.com.au/,
-            https://wattbewerb.de/,
-            https://timbr.ai/,
-            https://opensource.org/license/apache-2-0,
+            https://vkusvill.ru/
+            https://www.linkedin.com/in/mark-thomas-b16751158/
+            https://theiconic.com.au/
+            https://wattbewerb.de/
+            https://timbr.ai/
+            https://opensource.org/license/apache-2-0
            https://www.plaidcloud.com/
  build-deploy:
    name: Build & Deploy
@@ -58,14 +56,14 @@ jobs:
        working-directory: docs
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
-        uses: actions/setup-node@v5
+      - name: Set up Node.js 20
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: yarn install
        run: |
          yarn install --check-cache
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -42,7 +42,6 @@ jobs:
      matrix:
        parallel_id: [0, 1, 2, 3, 4, 5]
        browser: ["chrome"]
-        app_root: ["", "/app/prefix"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -50,11 +49,11 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
-      # Only use dashboard when explicitly requested via workflow_dispatch
-      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true' || 'false' }}
+      # use the dashboard feature when running manually OR merging to master
+      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true'|| (github.ref == 'refs/heads/master' && 'true') || 'false' }}
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -69,21 +68,20 @@ jobs:
      # Conditional checkout based on context
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -109,9 +107,9 @@ jobs:
          run: testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "20"
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -137,132 +135,10 @@ jobs:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
-          run: cypress-run-all ${{ env.USE_DASHBOARD }} ${{ matrix.app_root }}
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
+          run: cypress-run-all ${{ env.USE_DASHBOARD }}
      - name: Upload Artifacts
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
-          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
-
-  playwright-tests:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      pull-requests: read
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: ["chromium"]
-        app_root: ["", "/app/prefix"]
-    env:
-      SUPERSET_ENV: development
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-      PYTHONPATH: ${{ github.workspace }}
-      REDIS_PORT: 16379
-      GITHUB_TOKEN: ${{ github.token }}
-    services:
-      postgres:
-        image: postgres:16-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      # -------------------------------------------------------
-      # Conditional checkout based on context (same as Cypress workflow)
-      - name: Checkout for push or pull_request event
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-      - name: Checkout using ref (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.inputs.ref }}
-          submodules: recursive
-      - name: Checkout using PR ID (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
-          submodules: recursive
-      # -------------------------------------------------------
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-      - name: Setup postgres
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: Import test data
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: testdata
-      - name: Setup Node.js
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@v5
-        with:
-          node-version-file: './superset-frontend/.nvmrc'
-      - name: Install npm dependencies
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: npm-install
-      - name: Build javascript packages
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-instrumented-assets
-      - name: Install Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright-install
-      - name: Run Playwright (Required Tests)
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        with:
-          run: playwright-run "${{ matrix.app_root }}"
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
-      - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          path: |
-            ${{ github.workspace }}/superset-frontend/playwright-results/
-            ${{ github.workspace }}/superset-frontend/test-results/
-          name: playwright-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
+          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}
--- a/.github/workflows/superset-extensions-cli.yml
+++ b/.github/workflows/superset-extensions-cli.yml
@@ -1,64 +0,0 @@
-name: Superset Extensions CLI Package Tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  test-superset-extensions-cli-package:
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix:
-        python-version: ["previous", "current", "next"]
-    defaults:
-      run:
-        working-directory: superset-extensions-cli
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          submodules: recursive
-
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Python
-        if: steps.check.outputs.superset-extensions-cli
-        uses: ./.github/actions/setup-backend/
-        with:
-          python-version: ${{ matrix.python-version }}
-          requirements-type: dev
-
-      - name: Run pytest with coverage
-        if: steps.check.outputs.superset-extensions-cli
-        run: |
-          pytest --cov=superset_extensions_cli --cov-report=xml --cov-report=term-missing --cov-report=html -v --tb=short
-
-      - name: Upload coverage reports to Codecov
-        if: steps.check.outputs.superset-extensions-cli
-        uses: codecov/codecov-action@v5
-        with:
-          file: ./coverage.xml
-          flags: superset-extensions-cli
-          name: superset-extensions-cli-coverage
-          fail_ci_if_error: false
-
-      - name: Upload HTML coverage report
-        if: steps.check.outputs.superset-extensions-cli
-        uses: actions/upload-artifact@v4
-        with:
-          name: superset-extensions-cli-coverage-html
-          path: htmlcov/
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -23,11 +23,9 @@ jobs:
      should-run: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}

      - name: Check for File Changes
        id: check
@@ -41,13 +39,9 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          echo "git rev-parse --short HEAD"
-          git rev-parse --short HEAD
-          echo "git show -s --format=raw HEAD"
-          git show -s --format=raw HEAD
          docker buildx build \
            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-trixie \
+            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-bookworm \
            --target superset-node-ci \
            .

@@ -73,7 +67,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v4
        with:
          name: docker-image

@@ -101,7 +95,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v4
        with:
          pattern: coverage-artifacts-*
          path: coverage/
@@ -121,29 +115,46 @@ jobs:
          files: merged-output/coverage-summary.json
          slug: apache/superset

+  core-cover:
+    needs: frontend-build
+    if: needs.frontend-build.outputs.should-run == 'true'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Download Docker Image Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-image
+
+      - name: Load Docker Image
+        run: docker load < docker-image.tar.gz
+
+      - name: superset-ui/core coverage
+        run: |
+          docker run --rm $TAG bash -c \
+          "npm run core:cover"
+
  lint-frontend:
    needs: frontend-build
    if: needs.frontend-build.outputs.should-run == 'true'
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v4
        with:
          name: docker-image

      - name: Load Docker Image
-        run: |
-          docker load < docker-image.tar.gz
+        run: docker load < docker-image.tar.gz

-      - name: lint
+      - name: eslint
        run: |
          docker run --rm $TAG bash -c \
-          "npm i && npm run lint"
+          "npm i && npm run eslint -- . --quiet"

      - name: tsc
        run: |
          docker run --rm $TAG bash -c \
-          "npm i && npm run plugins:build && npm run type"
+          "npm run type"

  validate-frontend:
    needs: frontend-build
@@ -151,7 +162,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v4
        with:
          name: docker-image

--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -29,7 +29,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.ref || github.ref_name }}
          persist-credentials: true
@@ -101,7 +101,7 @@ jobs:
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"

      - name: Open Pull Request
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          script: |
            const branchName = '${{ env.branch_name }}';
--- a/.github/workflows/superset-playwright.yml
+++ b/.github/workflows/superset-playwright.yml
@@ -1,142 +0,0 @@
-name: Playwright Experimental Tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: 'The branch or tag to checkout'
-        required: false
-        default: ''
-      pr_id:
-        description: 'The pull request ID to checkout'
-        required: false
-        default: ''
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  # NOTE: Required Playwright tests are in superset-e2e.yml (E2E / playwright-tests)
-  # This workflow contains only experimental tests that run in shadow mode
-  playwright-tests-experimental:
-    runs-on: ubuntu-22.04
-    continue-on-error: true
-    permissions:
-      contents: read
-      pull-requests: read
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: ["chromium"]
-        app_root: ["", "/app/prefix"]
-    env:
-      SUPERSET_ENV: development
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-      PYTHONPATH: ${{ github.workspace }}
-      REDIS_PORT: 16379
-      GITHUB_TOKEN: ${{ github.token }}
-    services:
-      postgres:
-        image: postgres:16-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      # -------------------------------------------------------
-      # Conditional checkout based on context (same as Cypress workflow)
-      - name: Checkout for push or pull_request event
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-      - name: Checkout using ref (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.inputs.ref }}
-          submodules: recursive
-      - name: Checkout using PR ID (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
-          submodules: recursive
-      # -------------------------------------------------------
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-      - name: Setup postgres
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: Import test data
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: testdata
-      - name: Setup Node.js
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@v5
-        with:
-          node-version-file: './superset-frontend/.nvmrc'
-      - name: Install npm dependencies
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: npm-install
-      - name: Build javascript packages
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-instrumented-assets
-      - name: Install Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright-install
-      - name: Run Playwright (Experimental Tests)
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        with:
-          run: playwright-run "${{ matrix.app_root }}" experimental/
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
-      - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          path: |
-            ${{ github.workspace }}/superset-frontend/playwright-results/
-            ${{ github.workspace }}/superset-frontend/test-results/
-          name: playwright-experimental-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -41,7 +41,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -77,7 +77,7 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "previous"]
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -85,7 +85,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -99,7 +99,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -152,7 +152,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -25,7 +25,7 @@ jobs:
      SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -48,7 +48,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -94,7 +94,7 @@ jobs:
      UPLOAD_FOLDER: /tmp/.superset/uploads/
    services:
      postgres:
-        image: postgres:16-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -108,7 +108,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -19,12 +19,12 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        python-version: ["previous", "current", "next"]
+        python-version: ["previous", "current"]
    env:
      PYTHONPATH: ${{ github.workspace }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -44,14 +44,7 @@ jobs:
          SUPERSET_TESTENV: true
          SUPERSET_SECRET_KEY: not-a-secret
        run: |
-          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear --maxfail=50
-      - name: Python 100% coverage unit tests
-        if: steps.check.outputs.python
-        env:
-          SUPERSET_TESTENV: true
-          SUPERSET_SECRET_KEY: not-a-secret
-        run: |
-          pytest --durations-min=0.5 --cov=superset/sql/ ./tests/unit_tests/sql/ --cache-clear --cov-fail-under=100
+          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear
      - name: Upload code coverage
        uses: codecov/codecov-action@v5
        with:
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -31,9 +31,9 @@ jobs:

      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file:  './superset-frontend/.nvmrc'
+          node-version:  '18'
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -49,7 +49,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -21,7 +21,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Install dependencies
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -26,7 +26,7 @@ jobs:
    steps:
      - name: Quickly add thumbs up!
        if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot')
-        uses: actions/github-script@v8
+        uses: actions/github-script@v7
        with:
          script: |
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/')
@@ -38,7 +38,7 @@ jobs:
            });

      - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -42,12 +42,12 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
+        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

@@ -60,7 +60,7 @@ jobs:
          build: "true"

      - name: Use Node.js 20
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
          node-version: 20

@@ -107,12 +107,12 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Use Node.js 20
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
          node-version: 20

--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -27,15 +27,15 @@ jobs:
    name: Generate Reports
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

      - name: Set up Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: '20'

      - name: Install Dependencies
-        run: npm ci
+        run: npm install
        working-directory: ./superset-frontend

      - name: Run Script
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -12,7 +12,7 @@ jobs:

    steps:
      - name: Welcome Message
-        uses: actions/first-interaction@v3
+        uses: actions/first-interaction@v1
        continue-on-error: true
        with:
          repo-token: ${{ github.token }}
--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@
 *.swp
 __pycache__

-.aider*
 .local
 .cache
 .bento*
@@ -33,7 +32,6 @@ cover
 .env
 .envrc
 .idea
-.roo
 .mypy_cache
 .python-version
 .tox
@@ -44,7 +42,7 @@ _modules
 _static
 build
 app.db
-*.egg-info/
+apache_superset.egg-info/
 changelog.sh
 dist
 dump.rdb
@@ -93,7 +91,6 @@ scripts/*.zip
 # IntelliJ
 *.iml
 venv
-.venv
@eaDir/

 # PyCharm
@@ -109,7 +106,6 @@ ghostdriver.log
 testCSV.csv
 .terser-plugin-cache/
 apache-superset-*.tar.gz*
-apache_superset-*.tar.gz*
 release.json

 # Translation-related files
@@ -122,19 +118,10 @@ docker/requirements-local.txt

 cache/
 docker/*local*
-docker/superset-websocket/config.json
-docker-compose.override.yml

 .temp_cache

 # Jest test report
 test-report.html
 superset/static/stats/statistics.html
-
-# LLM-related
-CLAUDE.local.md
-PROJECT.md
 .aider*
-.claude_rc*
-.env.local
-oxc-custom-build/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,12 +20,10 @@ repos:
    hooks:
      - id: auto-walrus
  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.15.0
+    rev: v1.13.0
    hooks:
      - id: mypy
-        name: mypy (main)
        args: [--check-untyped-defs]
-        exclude: ^superset-extensions-cli/
        additional_dependencies: [
            types-simplejson,
            types-python-dateutil,
@@ -40,10 +38,6 @@ repos:
            types-paramiko,
            types-Markdown,
          ]
-      - id: mypy
-        name: mypy (superset-extensions-cli)
-        args: [--check-untyped-defs]
-        files: ^superset-extensions-cli/
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
@@ -58,41 +52,22 @@ repos:
      - id: trailing-whitespace
        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v4.0.0-alpha.8 # Use the sha or tag you want to point at
+    hooks:
+      - id: prettier
+        additional_dependencies:
+          - prettier@3.3.3
+        args: ["--ignore-path=./superset-frontend/.prettierignore"]
+        files: "superset-frontend"
  - repo: local
    hooks:
-      - id: prettier-frontend
-        name: prettier (frontend)
-        entry: bash -c 'cd superset-frontend && for file in "$@"; do npx prettier --write "${file#superset-frontend/}"; done'
+      - id: eslint
+        name: eslint
+        entry: bash -c 'cd superset-frontend && npm run eslint -- $(echo "$@" | sed "s|superset-frontend/||g")'
        language: system
        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx|css|scss|sass|json)$
-  - repo: local
-    hooks:
-      - id: oxlint-frontend
-        name: oxlint (frontend)
-        entry: ./scripts/oxlint.sh
-        language: system
-        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-      - id: custom-rules-frontend
-        name: custom rules (frontend)
-        entry: ./scripts/check-custom-rules.sh
-        language: system
-        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-      - id: eslint-docs
-        name: eslint (docs)
-        entry: bash -c 'cd docs && FILES=$(echo "$@" | sed "s|docs/||g") && yarn eslint --fix --quiet $FILES'
-        language: system
-        pass_filenames: true
-        files: ^docs/.*\.(js|jsx|ts|tsx)$
-      - id: type-checking-frontend
-        name: Type-Checking (Frontend)
-        entry: ./scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base
-        language: system
-        files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
-        exclude: ^superset-frontend/cypress-base\/
-        require_serial: true
+        files: \.(js|jsx|ts|tsx)$
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -104,34 +79,9 @@ repos:
    hooks:
      - id: helm-docs
        files: helm
-        verbose: false
-        args: ["--log-level", "error"]
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.7
+    rev: v0.8.0
    hooks:
-      - id: ruff-format
      - id: ruff
-        args: [--fix]
-  - repo: local
-    hooks:
-      - id: pylint
-        name: pylint with custom Superset plugins
-        entry: bash
-        language: system
-        types: [python]
-        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
-        args:
-          - -c
-          - |
-            TARGET_BRANCH=${GITHUB_BASE_REF:-master}
-            # Only fetch if we're not in CI (CI already has all refs)
-            if [ -z "$CI" ]; then
-              git fetch --no-recurse-submodules origin "$TARGET_BRANCH" 2>/dev/null || true
-            fi
-            BASE=$(git merge-base origin/"$TARGET_BRANCH" HEAD 2>/dev/null) || BASE="HEAD"
-            files=$(git diff --name-only --diff-filter=ACM "$BASE"..HEAD 2>/dev/null | grep '^superset/.*\.py$' || true)
-            if [ -n "$files" ]; then
-              pylint --rcfile=.pylintrc --load-plugins=superset.extensions.pylint --reports=no $files
-            else
-              echo "No Python files to lint."
-            fi
+        args: [ --fix ]
+      - id: ruff-format
--- a/.pylintrc
+++ b/.pylintrc
@@ -1,355 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[MASTER]
-
-# Specify a configuration file.
-#rcfile=
-
-# Python code to execute, usually for sys.path manipulation such as
-# pygtk.require().
-#init-hook=
-
-# Add files or directories to the blacklist. They should be base names, not
-# paths.
-ignore=CVS,migrations
-
-# Add files or directories matching the regex patterns to the blacklist. The
-# regex matches against base names, not paths.
-ignore-patterns=
-
-# Pickle collected data for later comparisons.
-persistent=yes
-
-# List of plugins (as comma separated values of python modules names) to load,
-# usually to register additional checkers.
-load-plugins=superset.extensions.pylint
-
-# Use multiple processes to speed up Pylint.
-jobs=2
-
-# Allow loading of arbitrary C extensions. Extensions are imported into the
-# active Python interpreter and may run arbitrary code.
-unsafe-load-any-extension=no
-
-# A comma-separated list of package or module names from where C extensions may
-# be loaded. Extensions are loading into the active Python interpreter and may
-# run arbitrary code
-extension-pkg-whitelist=pyarrow
-
-
-[MESSAGES CONTROL]
-disable=all
-enable=json-import,disallowed-sql-import,consider-using-transaction
-
-
-[REPORTS]
-
-# Set the output format. Available formats are text, parseable, colorized, msvs
-# (visual studio) and html. You can also give a reporter class, eg
-# mypackage.mymodule.MyReporterClass.
-output-format=text
-
-# Tells whether to display a full report or only the messages
-reports=yes
-
-# Python expression which should return a note less than 10 (10 is the highest
-# note). You have access to the variables errors warning, statement which
-# respectively contain the number of errors / warnings messages and the total
-# number of statements analyzed. This is used by the global evaluation report
-# (RP0004).
-evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
-
-# Template used to display messages. This is a python new-style format string
-# used to format the message information. See doc for all details
-#msg-template=
-
-
-[BASIC]
-
-# Good variable names which should always be accepted, separated by a comma
-good-names=_,df,ex,f,i,id,j,k,l,o,pk,Run,ts,v,x,y
-
-# Bad variable names which should always be refused, separated by a comma
-bad-names=bar,baz,db,fd,foo,sesh,session,tata,toto,tutu
-
-# Colon-delimited sets of names that determine each other's naming style when
-# the name regexes allow several styles.
-name-group=
-
-# Include a hint for the correct naming format with invalid-name
-include-naming-hint=no
-
-# List of decorators that produce properties, such as abc.abstractproperty. Add
-# to this list to register other decorators that produce valid properties.
-property-classes=
-    abc.abstractproperty,
-    sqlalchemy.ext.hybrid.hybrid_property
-
-# Regular expression matching correct argument names
-argument-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct method names
-method-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct variable names
-variable-rgx=[a-z_][a-z0-9_]{1,30}$
-
-# Regular expression matching correct inline iteration names
-inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
-
-# Regular expression matching correct constant names
-const-rgx=(([A-Za-z_][A-Za-z0-9_]*)|(__.*__))$
-
-# Regular expression matching correct class names
-class-rgx=[A-Z_][a-zA-Z0-9]+$
-
-# Regular expression matching correct class attribute names
-class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
-
-# Regular expression matching correct module names
-module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
-
-# Regular expression matching correct attribute names
-attr-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression matching correct function names
-function-rgx=[a-z_][a-z0-9_]{2,30}$
-
-# Regular expression which should only match function or class names that do
-# not require a docstring.
-no-docstring-rgx=^_
-
-# Minimum line length for functions/classes that require docstrings, shorter
-# ones are exempt.
-docstring-min-length=10
-
-
-[ELIF]
-
-# Maximum number of nested blocks for function / method body
-max-nested-blocks=5
-
-
-[FORMAT]
-
-# Maximum number of characters on a single line.
-max-line-length=100
-
-# Regexp for a line that is allowed to be longer than the limit.
-ignore-long-lines=^\s*(# )?<?https?://\S+>?$
-
-# Allow the body of an if to be on the same line as the test if there is no
-# else.
-single-line-if-stmt=no
-
-# Maximum number of lines in a module
-max-module-lines=1000
-
-# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
-# tab).
-indent-string='    '
-
-# Number of spaces of indent required inside a hanging  or continued line.
-indent-after-paren=4
-
-# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
-expected-line-ending-format=
-
-
-[LOGGING]
-
-# Logging modules to check that the string format arguments are in logging
-# function parameter format
-logging-modules=logging
-
-
-[MISCELLANEOUS]
-
-# List of note tags to take in consideration, separated by a comma.
-notes=FIXME,XXX
-
-
-[SIMILARITIES]
-
-# Minimum lines number of a similarity.
-min-similarity-lines=5
-
-# Ignore comments when computing similarities.
-ignore-comments=yes
-
-# Ignore docstrings when computing similarities.
-ignore-docstrings=yes
-
-# Ignore imports when computing similarities.
-ignore-imports=no
-
-
-[SPELLING]
-
-# Spelling dictionary name. Available dictionaries: none. To make it working
-# install python-enchant package.
-spelling-dict=
-
-# List of comma separated words that should not be checked.
-spelling-ignore-words=
-
-# A path to a file that contains private dictionary; one word per line.
-spelling-private-dict-file=
-
-# Tells whether to store unknown words to indicated private dictionary in
-# --spelling-private-dict-file option instead of raising a message.
-spelling-store-unknown-words=no
-
-
-[TYPECHECK]
-
-# Tells whether missing members accessed in mixin class should be ignored. A
-# mixin class is detected if its name ends with "mixin" (case insensitive).
-ignore-mixin-members=yes
-
-# List of module names for which member attributes should not be checked
-# (useful for modules/projects where namespaces are manipulated during runtime
-# and thus existing member attributes cannot be deduced by static analysis. It
-# supports qualified module names, as well as Unix pattern matching.
-ignored-modules=numpy,pandas,alembic.op,sqlalchemy,alembic.context,flask_appbuilder.security.sqla.PermissionView.role,flask_appbuilder.Model.metadata,flask_appbuilder.Base.metadata
-
-# List of class names for which member attributes should not be checked (useful
-# for classes with dynamically set attributes). This supports the use of
-# qualified names.
-ignored-classes=contextlib.closing,optparse.Values,thread._local,_thread._local
-
-# List of members which are set dynamically and missed by pylint inference
-# system, and so shouldn't trigger E1101 when accessed. Python regular
-# expressions are accepted.
-generated-members=
-
-# List of decorators that produce context managers, such as
-# contextlib.contextmanager. Add to this list to register other decorators that
-# produce valid context managers.
-contextmanager-decorators=contextlib.contextmanager
-
-
-[VARIABLES]
-
-# Tells whether we should check for unused import in __init__ files.
-init-import=no
-
-# A regular expression matching the name of dummy variables (i.e. expectedly
-# not used).
-dummy-variables-rgx=(_+[a-zA-Z0-9]*?$)|dummy
-
-# List of additional names supposed to be defined in builtins. Remember that
-# you should avoid to define new builtins when possible.
-additional-builtins=
-
-# List of strings which can identify a callback function by name. A callback
-# name must start or end with one of those strings.
-callbacks=cb_,_cb
-
-# List of qualified module names which can have objects that can redefine
-# builtins.
-redefining-builtins-modules=six.moves,future.builtins
-
-
-[CLASSES]
-
-# List of method names used to declare (i.e. assign) instance attributes.
-defining-attr-methods=__init__,__new__,setUp
-
-# List of valid names for the first argument in a class method.
-valid-classmethod-first-arg=cls
-
-# List of valid names for the first argument in a metaclass class method.
-valid-metaclass-classmethod-first-arg=mcs
-
-# List of member names, which should be excluded from the protected access
-# warning.
-exclude-protected=_asdict,_fields,_replace,_source,_make
-
-
-[DESIGN]
-
-# Maximum number of arguments for function / method
-max-args=5
-
-# Argument names that match this expression will be ignored. Default to name
-# with leading underscore
-ignored-argument-names=_.*
-
-# Maximum number of locals for function / method body
-max-locals=15
-
-# Maximum number of return / yield for function / method body
-max-returns=10
-
-# Maximum number of branch for function / method body
-max-branches=15
-
-# Maximum number of statements in function / method body
-max-statements=50
-
-# Maximum number of parents for a class (see R0901).
-max-parents=7
-
-# Maximum number of attributes for a class (see R0902).
-max-attributes=8
-
-# Minimum number of public methods for a class (see R0903).
-min-public-methods=2
-
-# Maximum number of public methods for a class (see R0904).
-max-public-methods=20
-
-# Maximum number of boolean expressions in a if statement
-max-bool-expr=5
-
-
-[IMPORTS]
-
-# Deprecated modules which should not be used, separated by a comma
-deprecated-modules=optparse
-
-# Create a graph of every (i.e. internal and external) dependencies in the
-# given file (report RP0402 must not be disabled)
-import-graph=
-
-# Create a graph of external dependencies in the given file (report RP0402 must
-# not be disabled)
-ext-import-graph=
-
-# Create a graph of internal dependencies in the given file (report RP0402 must
-# not be disabled)
-int-import-graph=
-
-# Force import order to recognize a module as part of the standard
-# compatibility libraries.
-known-standard-library=
-
-# Force import order to recognize a module as part of a third party library.
-known-third-party=enchant
-
-# Analyse import fallback blocks. This can be used to support both Python 2 and
-# 3 compatible code, which means that the block might have code that exists
-# only in one or another interpreter, leading to false positives when analysed.
-analyse-fallback-blocks=no
-
-
-[EXCEPTIONS]
-
-# Exceptions that will emit a warning when being caught. Defaults to
-# "Exception"
-overgeneral-exceptions=builtins.Exception
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -11,7 +11,6 @@
 .nvmrc
 .prettierrc
 .rat-excludes
-.swcrc
 .*log
 .*pyc
 .*lock
@@ -33,8 +32,6 @@ apache_superset.egg-info
 # json and csv in general cannot have comments
 .*json
 .*csv
-# jinja templates often need to be as-is
-.*j2
 # Generated doc files
 env/*
 docs/.htaccess*
@@ -74,18 +71,8 @@ ibm-db2.svg
 postgresql.svg
 snowflake.svg
 ydb.svg
-loading.svg

 # docs-related
 erd.puml
 erd.svg
 intro_header.txt
-
-# for LLMs
-llm-context.md
-AGENTS.md
-LLMS.md
-CLAUDE.md
-CURSOR.md
-GEMINI.md
-GPT.md
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,224 +0,0 @@
-# LLM Context Guide for Apache Superset
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **Use @superset-ui/core** - Don't import Ant Design directly, prefer Ant Design component wrappers from @superset-ui/core/components
- **Use antd theming tokens** - Prefer antd tokens over legacy theming tokens
- **Avoid custom css and styles** - Follow antd best practices and avoid styling and custom CSS whenever possible
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over end-to-end tests
- **Use Playwright for E2E tests** - Migrating from Cypress
- **Cypress is deprecated** - Will be removed once migration is completed
- **Use Jest + React Testing Library** for component testing
- **Use `test()` instead of `describe()`** - Follow [avoid nesting when testing](https://kentcdodds.com/blog/avoid-nesting-when-youre-testing) principles
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-### UUID Migration
- **Prefer UUIDs over auto-incrementing IDs** - New models should use UUID primary keys
- **External API exposure** - Use UUIDs in public APIs instead of internal integer IDs
- **Existing models** - Add UUID fields alongside integer IDs for gradual migration
-
-## Key Directories
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Code Standards
-
-### TypeScript Frontend
- **Avoid `any` types** - Use proper TypeScript, reuse existing types
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state where it exists, hooks for local
-
-### Python Backend  
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like AGENTS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-### Code Comments
- **Avoid time-specific language** - Don't use words like "now", "currently", "today" in code comments as they become outdated
- **Write timeless comments** - Comments should remain accurate regardless of when they're read
-
-## Documentation Requirements
-
- **docs/**: Update for any user-facing changes
- **UPDATING.md**: Add breaking changes here
- **Docstrings**: Required for new functions/classes
-
-## Architecture Patterns
-
-### Security & Features
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-### Test Database Patterns
- **Mock patterns**: Use `MagicMock()` for config objects, avoid `AsyncMock` for synchronous code
- **API tests**: Update expected columns when adding new model fields
-
-### Running Tests
-```bash
-# Frontend
-npm run test                           # All tests
-npm run test -- filename.test.tsx     # Single file
-
-# E2E Tests (Playwright - NEW)
-npm run playwright:test                # All Playwright tests
-npm run playwright:ui                  # Interactive UI mode
-npm run playwright:headed              # See browser during tests
-npx playwright test tests/auth/login.spec.ts  # Single file
-npm run playwright:debug tests/auth/login.spec.ts  # Debug specific file
-
-# E2E Tests (Cypress - DEPRECATED)
-cd superset-frontend/cypress-base
-npm run cypress-run-chrome             # All Cypress tests (headless)
-npm run cypress-debug                  # Interactive Cypress UI
-
-# Backend  
-pytest                                 # All tests
-pytest tests/unit_tests/specific_test.py  # Single file
-pytest tests/unit_tests/               # Directory
-
-# If pytest fails with database/setup issues, ask the user to run test environment setup
-```
-
-## Environment Validation
-
-**Quick Setup Check (run this first):**
-
-```bash
-# Verify Superset is running
-curl -f http://localhost:8088/health || echo "❌ Setup required - see https://superset.apache.org/docs/contributing/development#working-with-llms"
-```
-
-**If health checks fail:**
-"It appears you aren't set up properly. Please refer to the [Working with LLMs](https://superset.apache.org/docs/contributing/development#working-with-llms) section in the development docs for setup instructions."
-
-**Key Project Files:**
- `superset-frontend/package.json` - Frontend build scripts (`npm run dev` on port 9000, `npm run test`, `npm run lint`)
- `pyproject.toml` - Python tooling (ruff, mypy configs)
- `requirements/` folder - Python dependencies (base.txt, development.txt)
-
-## SQLAlchemy Query Best Practices  
- **Use negation operator**: `~Model.field` instead of `== False` to avoid ruff E712 errors
- **Example**: `~Model.is_active` instead of `Model.is_active == False`
-
-## Pull Request Guidelines
-
-**When creating pull requests:**
-
-1. **Read the current PR template**: Always check `.github/PULL_REQUEST_TEMPLATE.md` for the latest format
-2. **Use the template sections**: Include all sections from the template (SUMMARY, BEFORE/AFTER, TESTING INSTRUCTIONS, ADDITIONAL INFORMATION)
-3. **Follow PR title conventions**: Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
-   - Format: `type(scope): description`
-   - Example: `fix(dashboard): load charts correctly`
-   - Types: `fix`, `feat`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`
-
-**Important**: Always reference the actual template file at `.github/PULL_REQUEST_TEMPLATE.md` instead of using cached content, as the template may be updated over time.
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# IMPORTANT: Stage your changes first!
-git add .                        # Pre-commit only checks staged files
-
-# Quick validation (faster than --all-files)
-pre-commit run                   # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-**Important pre-commit usage notes:**
- **Stage files first**: Run `git add .` before `pre-commit run` to check only changed files (much faster)
- **Virtual environment**: Activate your Python virtual environment before running pre-commit
-  ```bash
-  # Common virtual environment locations (yours may differ):
-  source .venv/bin/activate      # if using .venv
-  source venv/bin/activate       # if using venv
-  source ~/venvs/superset/bin/activate  # if using a central location
-  ```
-  If you get a "command not found" error, ask the user which virtual environment to activate
- **Auto-fixes**: Some hooks auto-fix issues (e.g., trailing whitespace). Re-run after fixes are applied
-
-## Common File Patterns
-
-### API Structure
- **`/api.py`** - REST endpoints with decorators and OpenAPI docstrings
- **`/schemas.py`** - Marshmallow validation schemas for OpenAPI spec
- **`/commands/`** - Business logic classes with @transaction() decorators
- **`/models/`** - SQLAlchemy database models
- **OpenAPI docs**: Auto-generated at `/swagger/v1` from docstrings and schemas
-
-### Migration Files
- **Location**: `superset/migrations/versions/`
- **Naming**: `YYYY-MM-DD_HH-MM_hash_description.py`
- **Utilities**: Use helpers from `superset.migrations.shared.utils` for database compatibility
- **Pattern**: Import utilities instead of raw SQLAlchemy operations
-
-## Platform-Specific Instructions
-
- **[CLAUDE.md](CLAUDE.md)** - For Claude/Anthropic tools
- **[.github/copilot-instructions.md](.github/copilot-instructions.md)** - For GitHub Copilot  
- **[GEMINI.md](GEMINI.md)** - For Google Gemini tools
- **[GPT.md](GPT.md)** - For OpenAI/ChatGPT tools
- **[.cursor/rules/dev-standard.mdc](.cursor/rules/dev-standard.mdc)** - For Cursor editor
-
---
-
-**LLM Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,8 +44,4 @@ under the License.
 - [4.0.1](./CHANGELOG/4.0.1.md)
 - [4.0.2](./CHANGELOG/4.0.2.md)
 - [4.1.0](./CHANGELOG/4.1.0.md)
- [4.1.1](./CHANGELOG/4.1.1.md)
- [4.1.2](./CHANGELOG/4.1.2.md)
- [4.1.3](./CHANGELOG/4.1.3.md)
- [4.1.4](./CHANGELOG/4.1.4.md)
 - [5.0.0](./CHANGELOG/5.0.0.md)
--- a/CHANGELOG/4.1.1.md
+++ b/CHANGELOG/4.1.1.md
@@ -1,50 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1 (Fri Nov 15 22:13:57 2024 +0530)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#30886](https://github.com/apache/superset/pull/30886) fix: blocks UI elements on right side (@samarsrivastav)
- [#30859](https://github.com/apache/superset/pull/30859) fix(package.json): Pin luxon version to unblock master (@geido)
- [#30588](https://github.com/apache/superset/pull/30588) fix(explore): column data type tooltip format (@mistercrunch)
- [#29911](https://github.com/apache/superset/pull/29911) fix: Rename database from 'couchbasedb' to 'couchbase' in documentation and db_engine_specs (@ayush-couchbase)
- [#30828](https://github.com/apache/superset/pull/30828) fix(TimezoneSelector): Failing unit tests due to timezone change (@geido)
- [#30875](https://github.com/apache/superset/pull/30875) fix: don't show metadata for embedded dashboards (@sadpandajoe)
- [#30851](https://github.com/apache/superset/pull/30851) fix: Graph chart colors (@michael-s-molina)
- [#29867](https://github.com/apache/superset/pull/29867) fix(capitalization): Capitalizing a button. (@rusackas)
- [#29782](https://github.com/apache/superset/pull/29782) fix(translations): Translate embedded errors (@rusackas)
- [#29772](https://github.com/apache/superset/pull/29772) fix: Fixing incomplete string escaping. (@rusackas)
- [#29725](https://github.com/apache/superset/pull/29725) fix(frontend/docker, ci): fix borked Docker build due to Lerna v8 uplift (@hainenber)
-
-**Others**
-
- [#30576](https://github.com/apache/superset/pull/30576) chore: add link to Superset when report error (@eschutho)
- [#29786](https://github.com/apache/superset/pull/29786) refactor(Slider): Upgrade Slider to Antd 5 (@geido)
- [#29674](https://github.com/apache/superset/pull/29674) refactor(ChartCreation): Migrate tests to RTL (@rtexelm)
- [#29843](https://github.com/apache/superset/pull/29843) refactor(controls): Migrate AdhocMetricOption.test to RTL (@rtexelm)
- [#29845](https://github.com/apache/superset/pull/29845) refactor(controls): Migrate MetricDefinitionValue.test to RTL (@rtexelm)
- [#28424](https://github.com/apache/superset/pull/28424) docs: Check markdown files for bad links using linkinator (@rusackas)
- [#29768](https://github.com/apache/superset/pull/29768) docs(contributing): fix broken link to translations sub-section (@sfirke)
--- a/CHANGELOG/4.1.2.md
+++ b/CHANGELOG/4.1.2.md
@@ -1,83 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.2 (Fri Mar 7 13:28:05 2025 -0800)
-
-**Database Migrations**
-
- [#32538](https://github.com/apache/superset/pull/32538) fix(migrations): Handle comparator None in old time comparison migration (@Antonio-RiveroMartnez)
- [#32155](https://github.com/apache/superset/pull/32155) fix(migrations): Handle no params in time comparison migration (@Antonio-RiveroMartnez)
- [#31185](https://github.com/apache/superset/pull/31185) fix: check for column before adding in migrations (@betodealmeida)
-
-**Features**
-
- [#29974](https://github.com/apache/superset/pull/29974) feat(sqllab): Adds refresh button to table metadata in SQL Lab (@Usiel)
-
-**Fixes**
-
- [#32515](https://github.com/apache/superset/pull/32515) fix(sqllab): Allow clear on schema and catalog (@justinpark)
- [#32500](https://github.com/apache/superset/pull/32500) fix: dashboard, chart and dataset import validation (@dpgaspar)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31407](https://github.com/apache/superset/pull/31407) fix: Big Number side cut fixed (@fardin-developer)
- [#31480](https://github.com/apache/superset/pull/31480) fix(sunburst): Use metric label from verbose map (@gerbermichi)
- [#31427](https://github.com/apache/superset/pull/31427) fix(tags): clean up bulk create api and schema (@villebro)
- [#31334](https://github.com/apache/superset/pull/31334) fix(docs): add custom editUrl path for intro page (@dwgrossberg)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31323](https://github.com/apache/superset/pull/31323) fix: Use clickhouse sqlglot dialect for YDB (@vgvoleg)
- [#31198](https://github.com/apache/superset/pull/31198) fix: add more clickhouse disallowed functions on config (@dpgaspar)
- [#31194](https://github.com/apache/superset/pull/31194) fix(embedded): Hide anchor links in embedded mode (@Vitor-Avila)
- [#31960](https://github.com/apache/superset/pull/31960) fix(sqllab): Missing allowHTML props in ResultTableExtension (@justinpark)
- [#31332](https://github.com/apache/superset/pull/31332) fix: prevent multiple pvm errors on migration (@eschutho)
- [#31437](https://github.com/apache/superset/pull/31437) fix(database import): Gracefully handle error to get catalog schemas (@Vitor-Avila)
- [#31173](https://github.com/apache/superset/pull/31173) fix: cache-warmup fails (@nsivarajan)
- [#30442](https://github.com/apache/superset/pull/30442) fix(fe/src/dashboard): optional chaining for possibly nullable parent attribute in LayoutItem type (@hainenber)
- [#31639](https://github.com/apache/superset/pull/31639) fix(sqllab): unable to update saved queries (@DamianPendrak)
- [#29898](https://github.com/apache/superset/pull/29898) fix: parse pandas pivot null values (@eschutho)
- [#31414](https://github.com/apache/superset/pull/31414) fix(Pivot Table): Fix column width to respect currency config (@Vitor-Avila)
- [#31335](https://github.com/apache/superset/pull/31335) fix(histogram): axis margin padding consistent with other graphs (@tatiana-cherne)
- [#31301](https://github.com/apache/superset/pull/31301) fix(AllEntitiesTable): show Tags (@alexandrusoare)
- [#31329](https://github.com/apache/superset/pull/31329) fix: pass string to `process_template` (@betodealmeida)
- [#31341](https://github.com/apache/superset/pull/31341) fix(pinot): remove query aliases from SELECT and ORDER BY clauses in Pinot (@yuribogomolov)
- [#31308](https://github.com/apache/superset/pull/31308) fix: annotations on horizontal bar chart (@DamianPendrak)
- [#31294](https://github.com/apache/superset/pull/31294) fix(sqllab): Remove update_saved_query_exec_info to reduce lag (@justinpark)
- [#30897](https://github.com/apache/superset/pull/30897) fix: Exception handling for SQL Lab views (@michael-s-molina)
- [#31199](https://github.com/apache/superset/pull/31199) fix(Databricks): Escape catalog and schema names in pre-queries (@Vitor-Avila)
- [#31265](https://github.com/apache/superset/pull/31265) fix(trino): db session error in handle cursor (@justinpark)
- [#31024](https://github.com/apache/superset/pull/31024) fix(dataset): use sqlglot for DML check (@betodealmeida)
- [#29885](https://github.com/apache/superset/pull/29885) fix: add mutator to get_columns_description (@eschutho)
- [#30821](https://github.com/apache/superset/pull/30821) fix: x axis title disappears when editing bar chart (@DamianPendrak)
- [#31181](https://github.com/apache/superset/pull/31181) fix: Time-series Line Chart Display unnecessary total (@michael-s-molina)
- [#31163](https://github.com/apache/superset/pull/31163) fix(Dashboard): Backward compatible shared_label_colors field (@geido)
- [#31156](https://github.com/apache/superset/pull/31156) fix: check orderby (@betodealmeida)
- [#31154](https://github.com/apache/superset/pull/31154) fix: Remove unwanted commit on Trino's handle_cursor (@michael-s-molina)
- [#31151](https://github.com/apache/superset/pull/31151) fix: Revert "feat(trino): Add functionality to upload data (#29164)" (@michael-s-molina)
- [#31031](https://github.com/apache/superset/pull/31031) fix(Dashboard): Ensure shared label colors are updated (@geido)
- [#30967](https://github.com/apache/superset/pull/30967) fix(release validation): scripts now support RSA and EDDSA keys. (@rusackas)
- [#30881](https://github.com/apache/superset/pull/30881) fix(Dashboard): Native & Cross-Filters Scoping Performance (@geido)
- [#30887](https://github.com/apache/superset/pull/30887) fix(imports): import query_context for imports with charts (@lindenh)
- [#31008](https://github.com/apache/superset/pull/31008) fix(explore): verified props is not updated (@justinpark)
- [#30646](https://github.com/apache/superset/pull/30646) fix(Dashboard): Retain colors when color scheme not set (@geido)
- [#30962](https://github.com/apache/superset/pull/30962) fix(Dashboard): Exclude edit param in async screenshot (@geido)
-
-**Others**
-
- [#32043](https://github.com/apache/superset/pull/32043) chore: Skip the creation of secondary perms during catalog migrations (@Vitor-Avila)
- [#30865](https://github.com/apache/superset/pull/30865) docs: Updating 4.1 Release Notes (@yousoph)
--- a/CHANGELOG/4.1.3.md
+++ b/CHANGELOG/4.1.3.md
@@ -1,58 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.3 (Thu May 29 02:31:07 2025 -0500)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#33522](https://github.com/apache/superset/pull/33522) fix(Sqllab):  Autocomplete got stuck in UI when open it too fast (@rebenitez1802)
- [#33425](https://github.com/apache/superset/pull/33425) fix(table-chart): time shift is not working (@justinpark)
- [#32414](https://github.com/apache/superset/pull/32414) fix(api): Added uuid to list api calls (@withnale)
- [#33354](https://github.com/apache/superset/pull/33354) fix: loading examples from raw.githubusercontent.com fails with 429 errors (@mistercrunch)
- [#32382](https://github.com/apache/superset/pull/32382) fix(pinot): revert join and subquery flags (@yuribogomolov)
- [#32473](https://github.com/apache/superset/pull/32473) fix(plugin-chart-echarts): remove erroneous upper bound value (@villebro)
- [#33048](https://github.com/apache/superset/pull/33048) fix: improve error type on parse error (@justinpark)
- [#32968](https://github.com/apache/superset/pull/32968) fix(pivot-table): Revert "fix(Pivot Table): Fix column width to respect currency config (#31414)" (@justinpark)
- [#32795](https://github.com/apache/superset/pull/32795) fix(log): store navigation path to get correct logging path (@justinpark)
- [#33216](https://github.com/apache/superset/pull/33216) fix: Downgrade to marshmallow<4 (@amotl)
- [#32866](https://github.com/apache/superset/pull/32866) fix: make packages PEP 625 compliant (@sadpandajoe)
- [#32035](https://github.com/apache/superset/pull/32035) fix(fe/dashboard-list): display modifier info for `Last modified` data (@hainenber)
- [#32708](https://github.com/apache/superset/pull/32708) fix(logging): missing path in event data (@justinpark)
- [#32699](https://github.com/apache/superset/pull/32699) fix: Signature of Celery pruner jobs (@michael-s-molina)
- [#32681](https://github.com/apache/superset/pull/32681) fix(log): Update recent_activity by event name (@justinpark)
- [#32608](https://github.com/apache/superset/pull/32608) fix(welcome): perf on distinct recent activities (@justinpark)
- [#32572](https://github.com/apache/superset/pull/32572) fix: Log table retention policy (@michael-s-molina)
- [#32406](https://github.com/apache/superset/pull/32406) fix(model/helper): represent RLS filter clause in proper textual SQL string (@hainenber)
- [#32240](https://github.com/apache/superset/pull/32240) fix: upgrade to 3.11.11-slim-bookworm to address critical vulnerabilities (@gpchandran)
- [#30858](https://github.com/apache/superset/pull/30858) fix(chart data): removing query from /chart/data payload when accessing as guest user (@fisjac)
-
-**Others**
-
- [#33612](https://github.com/apache/superset/pull/33612) chore: update Dockerfile - Upgrade to 3.11.12 (@gpchandran)
- [#33435](https://github.com/apache/superset/pull/33435) docs: CVEs fixed on 4.1.2 (@sha174n)
- [#33339](https://github.com/apache/superset/pull/33339) chore(🦾): bump python h11 0.14.0 -> 0.16.0 (@github-actions[bot])
- [#32745](https://github.com/apache/superset/pull/32745) chore(🦾): bump python sqlglot 26.1.3 -> 26.11.1 (@github-actions[bot])
- [#32782](https://github.com/apache/superset/pull/32782) chore: Revert "chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm`" (@sadpandajoe)
- [#32780](https://github.com/apache/superset/pull/32780) chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm` (@gpchandran)
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,23 +16,9 @@
 specific language governing permissions and limitations
 under the License.
 -->
-# Contributing to Apache Superset
-
 Contributions are welcome and are greatly appreciated! Every
 little bit helps, and credit will always be given.

-## Developer Portal
-
-All developer and contribution documentation has moved to the Apache Superset Developer Portal:
-
-**[📚 View the Developer Portal →](https://superset.apache.org/developer_portal/)**
-
-The Developer Portal includes comprehensive guides for:
- [Contributing Overview](https://superset.apache.org/developer_portal/contributing/overview)
- [Development Setup](https://superset.apache.org/developer_portal/contributing/development-setup)
- [Submitting Pull Requests](https://superset.apache.org/developer_portal/contributing/submitting-pr)
- [Contribution Guidelines](https://superset.apache.org/developer_portal/contributing/guidelines)
- [Code Review Process](https://superset.apache.org/developer_portal/contributing/code-review)
- [Development How-tos](https://superset.apache.org/developer_portal/contributing/howtos)
-
-Source for the Developer Portal documentation is [located here](https://github.com/apache/superset/tree/master/docs/developer_portal).
+All matters related to contributions have moved to [this section of
+the official Superset documentation](https://superset.apache.org/docs/contributing/). Source for the documentation is
+[located here](https://github.com/apache/superset/tree/master/docs/docs).
--- a/84
+++ b/84
@@ -18,7 +18,7 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.14-slim-trixie
+ARG PY_VER=3.11.13-slim-bookworm

 # If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
@@ -26,13 +26,10 @@ ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
 # Include translations in the final build
 ARG BUILD_TRANSLATIONS="false"

-# Build arg to pre-populate examples DuckDB file
-ARG LOAD_EXAMPLES_DUCKDB="false"
-
 ######################################################################
 # superset-node-ci used as a base for building frontend assets and CI
 ######################################################################
-FROM --platform=${BUILDPLATFORM} node:20-trixie-slim AS superset-node-ci
+FROM --platform=${BUILDPLATFORM} node:20-bookworm-slim AS superset-node-ci
 ARG BUILD_TRANSLATIONS
 ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
 ARG DEV_MODE="false"           # Skip frontend build in dev mode
@@ -62,12 +59,12 @@ RUN mkdir -p /app/superset/static/assets \
 # NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
 # ideally we'd COPY only their package.json. Here npm ci will be cached as long
 # as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that it's not possible to selectively COPY or mount using blobs.
+# Note that's it's not possible selectively COPY of mount using blobs.
 RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
    --mount=type=cache,target=/root/.cache \
    --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        npm ci; \
    else \
        echo "Skipping 'npm ci' in dev mode"; \
@@ -77,13 +74,13 @@ RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.j
 COPY superset-frontend /app/superset-frontend

 ######################################################################
-# superset-node is used for compiling frontend assets
+# superset-node used for compile frontend assets
 ######################################################################
 FROM superset-node-ci AS superset-node

 # Build the frontend if not in dev mode
 RUN --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        echo "Running 'npm run ${BUILD_CMD}'"; \
        npm run ${BUILD_CMD}; \
    else \
@@ -93,11 +90,12 @@ RUN --mount=type=cache,target=/root/.npm \
 # Copy translation files
 COPY superset/translations /app/superset/translations

-# Build translations if enabled, then cleanup localization files
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+# Build the frontend if not in dev mode
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        npm run build-translation; \
    fi; \
-    rm -rf /app/superset/translations/*/*/*.[po,mo];
+    rm -rf /app/superset/translations/*/*/*.po; \
+    rm -rf /app/superset/translations/*/*/*.mo;


 ######################################################################
@@ -108,10 +106,10 @@ FROM python:${PY_VER} AS python-base
 ARG SUPERSET_HOME="/app/superset_home"
 ENV SUPERSET_HOME=${SUPERSET_HOME}

-RUN mkdir -p ${SUPERSET_HOME}
+RUN mkdir -p $SUPERSET_HOME
 RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 ${SUPERSET_HOME} \
-    && chown -R superset:superset ${SUPERSET_HOME}
+    && chmod -R 1777 $SUPERSET_HOME \
+    && chown -R superset:superset $SUPERSET_HOME

 # Some bash scripts needed throughout the layers
 COPY --chmod=755 docker/*.sh /app/docker/
@@ -136,19 +134,17 @@ RUN --mount=type=cache,target=/root/.cache/uv \
    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt

 COPY superset/translations/ /app/translations_mo/
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        pybabel compile -d /app/translations_mo | true; \
    fi; \
-    rm -f /app/translations_mo/*/*/*.[po,json]
+    rm -f /app/translations_mo/*/*/*.po; \
+    rm -f /app/translations_mo/*/*/*.json;

 ######################################################################
 # Python APP common layer
 ######################################################################
 FROM python-base AS python-common

-# Re-declare build arg to receive it in this stage
-ARG LOAD_EXAMPLES_DUCKDB
-
 ENV SUPERSET_HOME="/app/superset_home" \
    HOME="/app/superset_home" \
    SUPERSET_ENV="production" \
@@ -171,16 +167,14 @@ RUN mkdir -p \
    && touch superset/static/version_info.json

 # Install Playwright and optionally setup headless browsers
-ENV PLAYWRIGHT_BROWSERS_PATH=/usr/local/share/playwright-browsers
-
-ARG INCLUDE_CHROMIUM="false"
+ARG INCLUDE_CHROMIUM="true"
 ARG INCLUDE_FIREFOX="false"
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "${INCLUDE_CHROMIUM}" = "true" ] || [ "${INCLUDE_FIREFOX}" = "true" ]; then \
+    if [ "$INCLUDE_CHROMIUM" = "true" ] || [ "$INCLUDE_FIREFOX" = "true" ]; then \
        uv pip install playwright && \
        playwright install-deps && \
-        if [ "${INCLUDE_CHROMIUM}" = "true" ]; then playwright install chromium; fi && \
-        if [ "${INCLUDE_FIREFOX}" = "true" ]; then playwright install firefox; fi; \
+        if [ "$INCLUDE_CHROMIUM" = "true" ]; then playwright install chromium; fi && \
+        if [ "$INCLUDE_FIREFOX" = "true" ]; then playwright install firefox; fi; \
    else \
        echo "Skipping browser installation"; \
    fi
@@ -202,18 +196,6 @@ RUN /app/docker/apt-install.sh \
      libecpg-dev \
      libldap2-dev

-# Pre-load examples DuckDB file if requested
-RUN if [ "$LOAD_EXAMPLES_DUCKDB" = "true" ]; then \
-        mkdir -p /app/data && \
-        echo "Downloading pre-built examples.duckdb..." && \
-        curl -L -o /app/data/examples.duckdb \
-            "https://raw.githubusercontent.com/apache-superset/examples-data/master/examples.duckdb" && \
-        chown -R superset:superset /app/data; \
-    else \
-        mkdir -p /app/data && \
-        chown -R superset:superset /app/data; \
-    fi
-
 # Copy compiled things from previous stages
 COPY --from=superset-node /app/superset/static/assets superset/static/assets

@@ -226,7 +208,7 @@ RUN rm superset/translations/*/*/*.po
 COPY --from=superset-node /app/superset/translations superset/translations
 COPY --from=python-translation-compiler /app/translations_mo superset/translations

-HEALTHCHECK CMD /app/docker/docker-healthcheck.sh
+HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
 CMD ["/app/docker/entrypoints/run-server.sh"]
 EXPOSE ${SUPERSET_PORT}

@@ -237,15 +219,11 @@ FROM python-common AS lean

 # Install Python dependencies using docker/pip-install.sh
 COPY requirements/base.txt requirements/
-
-# Copy superset-core package needed for editable install in base.txt
-COPY superset-core superset-core
-
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
 # Install the superset package
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
+    uv pip install .
 RUN python -m compileall /app/superset

 USER superset
@@ -263,17 +241,12 @@ RUN /app/docker/apt-install.sh \

 # Copy development requirements and install them
 COPY requirements/*.txt requirements/
-
-# Copy local packages needed for editable installs in development.txt
-COPY superset-core superset-core
-COPY superset-extensions-cli superset-extensions-cli
-
 # Install Python dependencies using docker/pip-install.sh
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
 # Install the superset package
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
+    uv pip install .

 RUN uv pip install .[postgres]
 RUN python -m compileall /app/superset
@@ -285,15 +258,6 @@ USER superset
 ######################################################################
 FROM lean AS ci
 USER root
-RUN uv pip install .[postgres,duckdb]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]
-
-######################################################################
-# Showtime image - lean + DuckDB for examples database
-######################################################################
-FROM lean AS showtime
-USER root
-RUN uv pip install .[duckdb]
+RUN uv pip install .[postgres]
 USER superset
 CMD ["/app/docker/entrypoints/docker-ci.sh"]
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/GPT.md
+++ b/GPT.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/LINTING_ARCHITECTURE.md
+++ b/LINTING_ARCHITECTURE.md
@@ -1,121 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-# Superset Frontend Linting Architecture
-
-## Overview
-We use a hybrid linting approach combining OXC (fast, standard rules) with custom AST-based checks for Superset-specific patterns.
-
-## Components
-
-### 1. Primary Linter: OXC
- **What**: Oxidation Compiler's linter (oxlint)
- **Handles**: 95% of linting rules (standard ESLint rules, TypeScript, React, etc.)
- **Speed**: ~50-100x faster than ESLint
- **Config**: `oxlint.json`
-
-### 2. Custom Rule Checker
- **What**: Node.js AST-based script
- **Handles**: Superset-specific rules:
-  - No literal colors (use theme)
-  - No FontAwesome icons (use Icons component)
-  - No template vars in i18n
- **Speed**: Fast enough for pre-commit
- **Script**: `scripts/check-custom-rules.js`
-
-## Developer Workflow
-
-### Local Development
-```bash
-# Fast linting (OXC only)
-npm run lint
-
-# Full linting (OXC + custom rules)
-npm run lint:full
-
-# Auto-fix what's possible
-npm run lint-fix
-```
-
-### Pre-commit
-1. OXC runs first (via `scripts/oxlint.sh`)
-2. Custom rules check runs second (lightweight, AST-based)
-3. Both must pass for commit to succeed
-
-### CI Pipeline
-```yaml
- name: Lint with OXC
-  run: npm run lint
-
- name: Check custom rules
-  run: npm run check:custom-rules
-```
-
-## Why This Architecture?
-
-### ✅ Pros
-1. **No binary distribution issues** - ASF compatible
-2. **Fast performance** - OXC for bulk, lightweight script for custom
-3. **Maintainable** - Custom rules in JavaScript, not Rust
-4. **Flexible** - Can evolve as OXC adds plugin support
-5. **Cacheable** - Both OXC and Node.js are standard tools
-
-### ❌ Cons  
-1. **Two tools** - Slightly more complex than single linter
-2. **Duplicate parsing** - Files parsed twice (once by each tool)
-
-### 🔄 Migration Path
-When OXC supports JavaScript plugins:
-1. Convert `check-custom-rules.js` to OXC plugin format
-2. Consolidate back to single tool
-3. Keep same rules and developer experience
-
-## Implementation Checklist
-
- [x] OXC for standard linting
- [x] Pre-commit integration  
- [ ] Custom rules script
- [ ] Combine in npm scripts
- [ ] Update CI pipeline
- [ ] Developer documentation
-
-## Performance Targets
-
-| Operation | Target Time | Current |
-|-----------|------------|---------|
-| Pre-commit (changed files) | <2s | ✅ 1.5s |
-| Full lint (all files) | <10s | ✅ 8s |
-| Custom rules check | <5s | 🔄 TBD |
-
-## Caching Strategy
-
-### Local Development
- OXC: Built-in incremental checking
- Custom rules: Use file hash cache (similar to pytest cache)
-
-### CI
- Cache `node_modules` (includes oxlint binary)
- Cache custom rules results by commit hash
- Skip unchanged files using git diff
-
-## Future Improvements
-
-1. **When OXC adds plugin support**: Migrate custom rules to OXC plugins
-2. **Consider Biome**: Another Rust-based linter with plugin support
-3. **AST sharing**: Investigate sharing AST between tools to avoid double parsing
--- a/2
+++ b/2
@@ -91,7 +91,7 @@ js-format:
 	cd superset-frontend; npm run prettier

 flask-app:
-	flask run -p 8088 --reload --debugger
+	flask run -p 8088 --with-threads --reload --debugger

 node-app:
 	cd superset-frontend; npm run dev-server
--- a/README.md
+++ b/README.md
@@ -20,11 +20,11 @@ under the License.
 # Superset

 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/license/apache-2-0)
-[![Latest Release on Github](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/releases/latest)
-[![Build Status](https://github.com/apache/superset/actions/workflows/superset-python-unittest.yml/badge.svg)](https://github.com/apache/superset/actions)
-[![PyPI version](https://badge.fury.io/py/apache_superset.svg)](https://badge.fury.io/py/apache_superset)
+[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/tree/latest)
+[![Build Status](https://github.com/apache/superset/workflows/Python/badge.svg)](https://github.com/apache/superset/actions)
+[![PyPI version](https://badge.fury.io/py/apache-superset.svg)](https://badge.fury.io/py/apache-superset)
 [![Coverage Status](https://codecov.io/github/apache/superset/coverage.svg?branch=master)](https://codecov.io/github/apache/superset)
-[![PyPI](https://img.shields.io/pypi/pyversions/apache_superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache_superset)
+[![PyPI](https://img.shields.io/pypi/pyversions/apache-superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache-superset)
 [![Get on Slack](https://img.shields.io/badge/slack-join-orange.svg)](http://bit.ly/join-superset-slack)
 [![Documentation](https://img.shields.io/badge/docs-apache.org-blue.svg)](https://superset.apache.org)

@@ -72,10 +72,8 @@ Superset provides:
 ## Screenshots & Gifs

 **Video Overview**
-
 <!-- File hosted here https://github.com/apache/superset-site/raw/lfs/superset-video-4k.mp4 -->
-
-[superset-video-1080p.webm](https://github.com/user-attachments/assets/b37388f7-a971-409c-96a7-90c4e31322e6)
+[superset-video-4k.webm](https://github.com/apache/superset/assets/812905/da036bc2-150c-4ee7-80f9-75e63210ff76)

 <br/>

@@ -103,7 +101,7 @@ Here are some of the major database solutions that are supported:

 <p align="center">
  <img src="https://superset.apache.org/img/databases/redshift.png" alt="redshift" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-bigquery" border="0" width="200"/>
+  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-biquery" border="0" width="200"/>
  <img src="https://superset.apache.org/img/databases/snowflake.png" alt="snowflake" border="0" width="200"/>
  <img src="https://superset.apache.org/img/databases/trino.png" alt="trino" border="0" width="150" />
  <img src="https://superset.apache.org/img/databases/presto.png" alt="presto" border="0" width="200"/>
@@ -111,6 +109,7 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/druid.png" alt="druid" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/firebolt.png" alt="firebolt" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/timescale.png" alt="timescale" border="0" width="200" />
+  <img src="https://superset.apache.org/img/databases/rockset.png" alt="rockset" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/postgresql.png" alt="postgresql" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/mysql.png" alt="mysql" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/mssql-server.png" alt="mssql-server" border="0" width="200" />
@@ -135,10 +134,9 @@ Here are some of the major database solutions that are supported:
  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/doris.png" alt="doris" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="sap-hana" border="0" width="220" />
+  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="oceanbase" border="0" width="220" />
  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
 </p>

 **A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
@@ -147,7 +145,7 @@ Want to add support for your datastore or data engine? Read more [here](https://

 ## Installation and Configuration

-Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) guide or learn about [the options for production deployments](https://superset.apache.org/docs/installation/architecture/).
+[Extended documentation for Superset](https://superset.apache.org/docs/installation/docker-compose)

 ## Get Involved

@@ -156,7 +154,7 @@ Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) gu
  and please read our [Slack Community Guidelines](https://github.com/apache/superset/blob/master/CODE_OF_CONDUCT.md#slack-community-guidelines)
 - [Join our dev@superset.apache.org Mailing list](https://lists.apache.org/list.html?dev@superset.apache.org). To join, simply send an email to [dev-subscribe@superset.apache.org](mailto:dev-subscribe@superset.apache.org)
 - If you want to help troubleshoot GitHub Issues involving the numerous database drivers that Superset supports, please consider adding your name and the databases you have access to on the [Superset Database Familiarity Rolodex](https://docs.google.com/spreadsheets/d/1U1qxiLvOX0kBTUGME1AHHi6Ywel6ECF8xk_Qy-V9R8c/edit#gid=0)
- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings. Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)
+- Join Superset's Town Hall and [Operational Model](https://preset.io/blog/the-superset-operational-model-wants-you/) recurring meetings.  Meeting info is available on the [Superset Community Calendar](https://superset.apache.org/community)

 ## Contributor Guide

@@ -184,16 +182,14 @@ Understanding the Superset Points of View
  - [Building New Database Connectors](https://preset.io/blog/building-database-connector/)
  - [Create Your First Dashboard](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/)
  - [Comprehensive Tutorial for Contributing Code to Apache Superset
-    ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
+  ](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
 - [Resources to master Superset by Preset](https://preset.io/resources/)

 - Deploying Superset
-
  - [Official Docker image](https://hub.docker.com/r/apache/superset)
  - [Helm Chart](https://github.com/apache/superset/tree/master/helm/superset)

 - Recordings of Past [Superset Community Events](https://preset.io/events)
-
  - [Mixed Time Series Charts](https://preset.io/events/mixed-time-series-visualization-in-superset-workshop/)
  - [How the Bing Team Customized Superset for the Internal Self-Serve Data & Analytics Platform](https://preset.io/events/how-the-bing-team-heavily-customized-superset-for-their-internal-data/)
  - [Live Demo: Visualizing MongoDB and Pinot Data using Trino](https://preset.io/events/2021-04-13-visualizing-mongodb-and-pinot-data-using-trino/)
@@ -201,7 +197,6 @@ Understanding the Superset Points of View
  - [Building a Database Connector for Superset](https://preset.io/events/2021-02-16-building-a-database-connector-for-superset/)

 - Visualizations
-
  - [Creating Viz Plugins](https://superset.apache.org/docs/contributing/creating-viz-plugins/)
  - [Managing and Deploying Custom Viz Plugins](https://medium.com/nmc-techblog/apache-superset-manage-custom-viz-plugins-in-production-9fde1a708e55)
  - [Why Apache Superset is Betting on Apache ECharts](https://preset.io/blog/2021-4-1-why-echarts/)
--- a/RELEASING/Dockerfile.from_local_tarball
+++ b/RELEASING/Dockerfile.from_local_tarball
@@ -14,13 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -30,14 +30,14 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
+    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
+    apt-get install -y nodejs; \
+    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi

 RUN mkdir -p /home/superset
@@ -50,21 +50,21 @@ ARG SUPERSET_RELEASE_RC_TARBALL
 # Can fetch source from svn or copy tarball from local mounted directory
 COPY $SUPERSET_RELEASE_RC_TARBALL ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend

 RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/ \
-  SUPERSET_TESTENV=true
+    PYTHONPATH=/home/superset/superset/ \
+    SUPERSET_TESTENV=true
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.from_svn_tarball
+++ b/RELEASING/Dockerfile.from_svn_tarball
@@ -14,13 +14,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset

 # Configure environment
 ENV LANG=C.UTF-8 \
-  LC_ALL=C.UTF-8
+    LC_ALL=C.UTF-8

 RUN apt-get update -y

@@ -30,14 +30,14 @@ RUN apt-get install -y apt-transport-https apt-utils
 # Install superset dependencies
 # https://superset.apache.org/docs/installation/installing-superset-from-scratch
 RUN apt-get install -y subversion build-essential libssl-dev \
-  libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd
+    libffi-dev python3-dev libsasl2-dev libldap2-dev libxi-dev chromium zstd

 # Install nodejs for custom build
 # https://nodejs.org/en/download/package-manager/
 RUN set -eux; \
-  curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
-  apt-get install -y nodejs; \
-  node --version;
+    curl -sL https://deb.nodesource.com/setup_20.x | bash -; \
+    apt-get install -y nodejs; \
+    node --version;
 RUN if ! which npm; then apt-get install -y npm; fi

 RUN mkdir -p /home/superset
@@ -49,20 +49,20 @@ ARG VERSION
 # Can fetch source from svn or copy tarball from local mounted directory
 RUN svn co https://dist.apache.org/repos/dist/dev/superset/$VERSION ./
 RUN tar -xvf *.tar.gz
-WORKDIR /home/superset/apache_superset-$VERSION/superset-frontend
+WORKDIR /home/superset/apache-superset-$VERSION/superset-frontend

 RUN npm ci \
-  && npm run build \
-  && rm -rf node_modules
+    && npm run build \
+    && rm -rf node_modules

-WORKDIR /home/superset/apache_superset-$VERSION
+WORKDIR /home/superset/apache-superset-$VERSION
 RUN pip install --upgrade setuptools pip \
-  && pip install -r requirements/base.txt \
-  && pip install --no-cache-dir .
+    && pip install -r requirements/base.txt \
+    && pip install --no-cache-dir .

 RUN flask fab babel-compile --target superset/translations

 ENV PATH=/home/superset/superset/bin:$PATH \
-  PYTHONPATH=/home/superset/superset/
+    PYTHONPATH=/home/superset/superset/
 COPY from_tarball_entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/RELEASING/Dockerfile.make_docs
+++ b/RELEASING/Dockerfile.make_docs
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 ARG VERSION

 RUN git clone --depth 1 --branch ${VERSION} https://github.com/apache/superset.git /superset
--- a/RELEASING/Dockerfile.make_tarball
+++ b/RELEASING/Dockerfile.make_tarball
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm

 RUN apt-get update -y
 RUN apt-get install -y \
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -123,10 +123,10 @@ SUPERSET_RC=1
 SUPERSET_GITHUB_BRANCH=1.5
 SUPERSET_PGP_FULLNAME=villebro@apache.org
 SUPERSET_VERSION_RC=1.5.1rc1
-SUPERSET_RELEASE=apache_superset-1.5.1
-SUPERSET_RELEASE_RC=apache_superset-1.5.1rc1
-SUPERSET_RELEASE_TARBALL=apache_superset-1.5.1-source.tar.gz
-SUPERSET_RELEASE_RC_TARBALL=apache_superset-1.5.1rc1-source.tar.gz
+SUPERSET_RELEASE=apache-superset-1.5.1
+SUPERSET_RELEASE_RC=apache-superset-1.5.1rc1
+SUPERSET_RELEASE_TARBALL=apache-superset-1.5.1-source.tar.gz
+SUPERSET_RELEASE_RC_TARBALL=apache-superset-1.5.1rc1-source.tar.gz
 SUPERSET_TMP_ASF_SITE_PATH=/tmp/incubator-superset-site-1.5.1
 -------------------------------
 ```
@@ -380,7 +380,7 @@ Official instructions:
 https://www.apache.org/info/verification.html

 We now have a handy script for anyone validating a release to use. The core of it is in this very folder, `verify_release.py`. Just make sure you have all three release files in the same directory (`{some version}.tar.gz`, `{some version}.tar.gz.asc` and `{some version}tar.gz.sha512`). Then you can pass this script the path to the `.gz` file like so:
-`python verify_release.py ~/path/tp/apache_superset-{version/candidate}-source.tar.gz`
+`python verify_release.py ~/path/tp/apache-superset-{version/candidate}-source.tar.gz`

 If all goes well, you will see this result in your terminal:

@@ -454,11 +454,8 @@ cd ../
 # Compile translations for the backend
 ./scripts/translations/generate_mo_files.sh

-# update build version number
-sed -i '' "s/version_string = .*/version_string = \"$SUPERSET_VERSION\"/" setup.py
-
 # build the python distribution
-python setup.py sdist
+python -m build
 ```

 Publish to PyPI
@@ -469,11 +466,8 @@ an account first if you don't have one, and reference your username
 while requesting access to push packages.

 ```bash
-# Run this first to make sure you are uploading the right version.
-# Pypi does not allow you to delete or retract once uplaoded.
-twine check dist/*
-
-twine upload dist/*
+twine upload dist/apache_superset-${SUPERSET_VERSION}-py3-none-any.whl
+twine upload dist/apache-superset-${SUPERSET_VERSION}.tar.gz
 ```

 Set your username to `__token__`
@@ -522,8 +516,6 @@ takes the version (ie `3.1.1`), the git reference (any SHA, tag or branch
 reference), and whether to force the `latest` Docker tag on the
 generated images.

-**NOTE:** If the docker image isn't built, you'll need to run this [GH action](https://github.com/apache/superset/actions/workflows/tag-release.yml) where you provide it the tag sha.
-
 ### Npm Release

 You might want to publish the latest @superset-ui release to npm
--- a/RELEASING/changelog.py
+++ b/RELEASING/changelog.py
@@ -232,7 +232,8 @@ class GitChangeLog:
        for log in self._logs:
            yield {
                "pr_number": log.pr_number,
-                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/{log.pr_number}",
+                "pr_link": f"https://github.com/{SUPERSET_REPO}/pull/"
+                f"{log.pr_number}",
                "message": log.message,
                "time": log.time,
                "author": log.author,
@@ -322,9 +323,9 @@ class BaseParameters:


 def print_title(message: str) -> None:
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")
    print(message)
-    print(f"{50 * '-'}")
+    print(f"{50*'-'}")


@click.group()
@@ -348,14 +349,14 @@ def compare(base_parameters: BaseParameters) -> None:
    previous_logs = base_parameters.previous_logs
    current_logs = base_parameters.current_logs
    print_title(
-        f"Pull requests from {current_logs.git_ref} not in {previous_logs.git_ref}"
+        f"Pull requests from " f"{current_logs.git_ref} not in {previous_logs.git_ref}"
    )
    previous_diff_logs = previous_logs.diff(current_logs)
    for diff_log in previous_diff_logs:
        print(f"{diff_log}")

    print_title(
-        f"Pull requests from {previous_logs.git_ref} not in {current_logs.git_ref}"
+        f"Pull requests from " f"{previous_logs.git_ref} not in {current_logs.git_ref}"
    )
    current_diff_logs = current_logs.diff(previous_logs)
    for diff_log in current_diff_logs:
--- a/RELEASING/email_templates/announce.j2
+++ b/RELEASING/email_templates/announce.j2
@@ -31,7 +31,7 @@ The official source release:
 https://downloads.apache.org/{{ project_module }}/{{ version }}

 The PyPI package:
-https://pypi.org/project/apache_superset/{{ version }}
+https://pypi.org/project/apache-superset/{{ version }}

 The CHANGELOG for the release:
 https://github.com/apache/{{ project_module }}/blob/{{ version }}/CHANGELOG/{{ version }}.md
--- a/RELEASING/make_tarball.sh
+++ b/RELEASING/make_tarball.sh
@@ -32,10 +32,11 @@ else
  SUPERSET_VERSION="${1}"
  SUPERSET_RC="${2}"
  SUPERSET_PGP_FULLNAME="${3}"
-  SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
-  SUPERSET_RELEASE_RC_TARBALL="apache_superset-${SUPERSET_VERSION_RC}-source.tar.gz"
+  SUPERSET_RELEASE_RC_TARBALL="apache-superset-${SUPERSET_VERSION_RC}-source.tar.gz"
 fi

+SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
+
 if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
  SUPERSET_SVN_DEV_PATH="$HOME/svn/superset_dev"
 fi
--- a/RELEASING/make_tarball_entrypoint.sh
+++ b/RELEASING/make_tarball_entrypoint.sh
@@ -22,7 +22,7 @@ if [ -z "${SUPERSET_VERSION_RC}" ] || [ -z "${SUPERSET_SVN_DEV_PATH}" ] || [ -z
  exit 1
 fi

-SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
 SUPERSET_RELEASE_RC_BASE_PATH="${SUPERSET_SVN_DEV_PATH}"/"${SUPERSET_VERSION_RC}"
 SUPERSET_RELEASE_RC_TARBALL_PATH="${SUPERSET_RELEASE_RC_BASE_PATH}"/"${SUPERSET_RELEASE_RC_TARBALL}"
--- a/RELEASING/set_release_env.sh
+++ b/RELEASING/set_release_env.sh
@@ -50,8 +50,8 @@ else
  export SUPERSET_GITHUB_BRANCH="${VERSION_MAJOR}.${VERSION_MINOR}"
  export SUPERSET_PGP_FULLNAME="${2}"
  export SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${VERSION_RC}"
-  export SUPERSET_RELEASE=apache_superset-"${SUPERSET_VERSION}"
-  export SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  export SUPERSET_RELEASE=apache-superset-"${SUPERSET_VERSION}"
+  export SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  export SUPERSET_RELEASE_TARBALL="${SUPERSET_RELEASE}"-source.tar.gz
  export SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  export SUPERSET_TMP_ASF_SITE_PATH="/tmp/incubator-superset-site-${SUPERSET_VERSION}"
--- a/RELEASING/test_run_tarball.sh
+++ b/RELEASING/test_run_tarball.sh
@@ -27,7 +27,7 @@ if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
 fi

 if [[ -n ${1} ]] && [[ ${1} == "local" ]]; then
-  SUPERSET_RELEASE_RC=apache_superset-"${SUPERSET_VERSION_RC}"
+  SUPERSET_RELEASE_RC=apache-superset-"${SUPERSET_VERSION_RC}"
  SUPERSET_RELEASE_RC_TARBALL="${SUPERSET_RELEASE_RC}"-source.tar.gz
  SUPERSET_TARBALL_PATH="${SUPERSET_SVN_DEV_PATH}"/${SUPERSET_VERSION_RC}/${SUPERSET_RELEASE_RC_TARBALL}
  SUPERSET_TMP_TARBALL_FILENAME=_tmp_"${SUPERSET_VERSION_RC}".tar.gz
--- a/RELEASING/validate_this_release.sh
+++ b/RELEASING/validate_this_release.sh
@@ -38,7 +38,7 @@ get_pip_command() {
 PYTHON=$(get_python_command)
 PIP=$(get_pip_command)

-# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache_superset-x.x.xrcx-source.tar.gz`
+# Get the release directory's path. If you unzip an Apache release and just run the npm script to validate the release, this will be a file name like `apache-superset-x.x.xrcx-source.tar.gz`
 RELEASE_ZIP_PATH="../../$(basename "$(dirname "$(pwd)")")-source.tar.gz"

 # Install dependencies from requirements.txt if the file exists
--- a/RESOURCES/FEATURE_FLAGS.md
+++ b/RESOURCES/FEATURE_FLAGS.md
@@ -28,7 +28,6 @@ These features are considered **unfinished** and should only be used on developm
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"

 - ALERT_REPORT_TABS
- DATE_RANGE_TIMESHIFTS_ENABLED
 - ENABLE_ADVANCED_DATA_TYPES
 - PRESTO_EXPAND_DATA
 - SHARE_QUERIES_VIA_KV_STORE
@@ -50,6 +49,7 @@ These features are **finished** but currently being tested. They are usable, but
 - ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
 - ESTIMATE_QUERY_COST
 - GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
+- HORIZONTAL_FILTER_BAR
 - IMPERSONATE_WITH_EMAIL_PREFIX
 - PLAYWRIGHT_REPORTS_AND_THUMBNAILS
 - RLS_IN_SQLLAB
--- a/Show More
+++ b/Show More