WIP

Another fix
Move integration tests to unit tests
2026-06-10 01:59:17 +00:00 · 2024-11-25 16:43:20 -05:00 · 2024-11-24 18:53:14 -05:00 · 2024-11-24 18:44:51 -05:00 · 2024-11-24 18:03:20 -05:00 · 2024-11-22 12:04:19 -05:00
9109 changed files with 370514 additions and 1225057 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -17,16 +17,7 @@

 # https://cwiki.apache.org/confluence/display/INFRA/.asf.yaml+features+for+git+repositories
 ---
-notifications:
-  commits: commits@superset.apache.org
-  issues: notifications@superset.apache.org
-  pullrequests: notifications@superset.apache.org
-  discussions: notifications@superset.apache.org
-
 github:
-  pull_requests:
-    del_branch_on_merge: true
-    allow_update_branch: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
  homepage: https://superset.apache.org/
  labels:
@@ -56,17 +47,12 @@ github:
    projects: true
    # Enable wiki for documentation
    wiki: true
-    # Enable discussions
-    discussions: true

  enabled_merge_buttons:
    squash: true
    merge: false
    rebase: false

-  ghp_branch:  gh-pages
-  ghp_path: /
-
  protected_branches:
    master:
      required_status_checks:
@@ -83,17 +69,18 @@ github:
          - cypress-matrix (3, chrome)
          - cypress-matrix (4, chrome)
          - cypress-matrix (5, chrome)
-          - dependency-review
          - frontend-build
-          - playwright-tests (chromium)
          - pre-commit (current)
+          - pre-commit (next)
          - pre-commit (previous)
          - test-mysql
          - test-postgres (current)
+          - test-postgres (next)
          - test-postgres-hive
          - test-postgres-presto
          - test-sqlite
          - unit-tests (current)
+          - unit-tests (next)

      required_pull_request_reviews:
        dismiss_stale_reviews: false
@@ -101,10 +88,3 @@ github:
        required_approving_review_count: 1

      required_signatures: false
-    gh-pages:
-      required_pull_request_reviews:
-        dismiss_stale_reviews: false
-        require_code_owner_reviews: true
-        required_approving_review_count: 1
-
-      required_signatures: false
--- a/.claude/commands/js-to-ts.md
+++ b/.claude/commands/js-to-ts.md
@@ -1,10 +0,0 @@
-# JavaScript to TypeScript Migration Command
-
-## Usage
-```
-/js-to-ts <core-filename>
-```
- `<core-filename>` - Path to CORE file relative to `superset-frontend/` (e.g., `src/utils/common.js`, `src/middleware/loggerMiddleware.js`)
-
-## Agent Instructions
-**See:** [../projects/js-to-ts/AGENT.md](../projects/js-to-ts/AGENT.md) for complete migration guide.
--- a/.claude/projects/js-to-ts/AGENT.md
+++ b/.claude/projects/js-to-ts/AGENT.md
@@ -1,684 +0,0 @@
-# JavaScript to TypeScript Migration Agent Guide
-
-**Complete technical reference for converting JavaScript/JSX files to TypeScript/TSX in Apache Superset frontend.**
-
-**Agent Role:** Atomic migration unit - migrate the core file + ALL related tests/mocks as one cohesive unit. Use `git mv` to preserve history, NO `git commit`. NO global import changes. Report results upon completion.
-
---
-
-## 🎯 Migration Principles
-
-1. **Atomic migration units** - Core file + all related tests/mocks migrate together
-2. **Zero `any` types** - Use proper TypeScript throughout
-3. **Leverage existing types** - Reuse established definitions
-4. **Type inheritance** - Derivatives extend base component types
-5. **Strategic placement** - File types for maximum discoverability
-6. **Surgical improvements** - Enhance existing types during migration
-
---
-
-## Step 0: Dependency Check (MANDATORY)
-
-**Command:**
-```bash
-grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" superset-frontend/{filename}
-```
-
-**Decision:**
- ✅ No matches → Proceed with atomic migration (core + tests + mocks)
- ❌ Matches found → EXIT with dependency report (see format below)
-
---
-
-## Step 1: Identify Related Files (REQUIRED)
-
-**Atomic Migration Scope:**
-For core file `src/utils/example.js`, also migrate:
- `src/utils/example.test.js` / `src/utils/example.test.jsx`
- `src/utils/example.spec.js` / `src/utils/example.spec.jsx`
- `src/utils/__mocks__/example.js`
- Any other related test/mock files found by pattern matching
-
-**Find all related test and mock files:**
-```bash
-# Pattern-based search for related files
-basename=$(basename {filename} .js)
-dirname=$(dirname superset-frontend/{filename})
-
-# Find test files
-find "$dirname" -name "${basename}.test.js" -o -name "${basename}.test.jsx"
-find "$dirname" -name "${basename}.spec.js" -o -name "${basename}.spec.jsx"
-
-# Find mock files  
-find "$dirname" -name "__mocks__/${basename}.js"
-find "$dirname" -name "${basename}.mock.js"
-```
-
-**Migration Requirement:** All discovered related files MUST be migrated together as one atomic unit.
-
-**Test File Creation:** If NO test files exist for the core file, CREATE a minimal test file using the following pattern:
- Location: Same directory as core file
- Name: `{basename}.test.ts` (e.g., `DebouncedMessageQueue.test.ts`)
- Content: Basic test structure importing and testing the main functionality
- Use proper TypeScript types in test file
-
---
-
-## 🗺️ Type Reference Map
-
-### From `@superset-ui/core`
-```typescript
-// Data & Query
-QueryFormData, QueryData, JsonObject, AnnotationData, AdhocMetric
-LatestQueryFormData, GenericDataType, DatasourceType, ExtraFormData
-DataMaskStateWithId, NativeFilterScope, NativeFiltersState, NativeFilterTarget
-
-// UI & Theme  
-FeatureFlagMap, LanguagePack, ColorSchemeConfig, SequentialSchemeConfig
-```
-
-### From `@superset-ui/chart-controls`
-```typescript
-Dataset, ColumnMeta, ControlStateMapping
-```
-
-### From Local Types (`src/types/`)
-```typescript
-// Authentication
-User, UserWithPermissionsAndRoles, BootstrapUser, PermissionsAndRoles
-
-// Dashboard
-Dashboard, DashboardState, DashboardInfo, DashboardLayout, LayoutItem
-ComponentType, ChartConfiguration, ActiveFilters
-
-// Charts
-Chart, ChartState, ChartStatus, ChartLinkedDashboard, Slice, SaveActionType
-
-// Data
-Datasource, Database, Owner, Role
-
-// UI Components
-TagType, FavoriteStatus, Filter, ImportResourceName
-```
-
-### From Domain Types
-```typescript
-// src/dashboard/types.ts
-RootState, ChartsState, DatasourcesState, FilterBarOrientation
-ChartCrossFiltersConfig, ActiveTabs, MenuKeys
-
-// src/explore/types.ts  
-ExplorePageInitialData, ExplorePageState, ExploreResponsePayload, OptionSortType
-
-// src/SqlLab/types.ts
-[SQL Lab specific types]
-```
-
---
-
-## 🏗️ Type Organization Strategy
-
-### Type Placement Hierarchy
-
-1. **Component-Colocated** (90% of cases)
-   ```typescript
-   // Same file as component
-   interface MyComponentProps {
-     title: string;
-     onClick: () => void;
-   }
-   ```
-
-2. **Feature-Shared**
-   ```typescript
-   // src/[domain]/components/[Feature]/types.ts
-   export interface FilterConfiguration {
-     filterId: string;
-     targets: NativeFilterTarget[];
-   }
-   ```
-
-3. **Domain-Wide**
-   ```typescript
-   // src/[domain]/types.ts
-   export interface ExploreFormData extends QueryFormData {
-     viz_type: string;
-   }
-   ```
-
-4. **Global**
-   ```typescript
-   // src/types/[TypeName].ts
-   export interface ApiResponse<T> {
-     result: T;
-     count?: number;
-   }
-   ```
-
-### Type Discovery Commands
-```bash
-# Search existing types before creating
-find superset-frontend/src -name "types.ts" -exec grep -l "[TypeConcept]" {} \;
-grep -r "interface.*Props\|type.*Props" superset-frontend/src/
-```
-
-### Derivative Component Patterns
-
-**Rule:** Components that extend others should extend their type interfaces.
-
-```typescript
-// ✅ Base component type
-interface SelectProps {
-  value: string | number;
-  options: SelectOption[];
-  onChange: (value: string | number) => void;
-  disabled?: boolean;
-}
-
-// ✅ Derivative extends base
-interface ChartSelectProps extends SelectProps {
-  charts: Chart[];
-  onChartSelect: (chart: Chart) => void;
-}
-
-// ✅ Derivative with modified props  
-interface DatabaseSelectProps extends Omit<SelectProps, 'value' | 'onChange'> {
-  value: number;  // Narrowed type
-  onChange: (databaseId: number) => void;  // Specific signature
-}
-```
-
-**Common Patterns:**
- **Extension:** `extends BaseProps` - adds new props
- **Omission:** `Omit<BaseProps, 'prop'>` - removes props
- **Modification:** `Omit<BaseProps, 'prop'> & { prop: NewType }` - changes prop type
- **Restriction:** Override with narrower types (union → specific)
-
---
-
-## 📋 Migration Recipe
-
-### Step 2: File Conversion
-```bash
-# Use git mv to preserve history
-git mv component.js component.ts
-git mv Component.jsx Component.tsx
-```
-
-### Step 3: Import & Type Setup
-```typescript
-// Import order (enforced by linting)
-import { FC, ReactNode } from 'react';
-import { JsonObject, QueryFormData } from '@superset-ui/core';
-import { Dataset } from '@superset-ui/chart-controls';
-import type { Dashboard } from 'src/types/Dashboard';
-```
-
-### Step 4: Function & Component Typing
-```typescript
-// Functions with proper parameter/return types
-export function processData(
-  data: Dataset[],
-  config: JsonObject
-): ProcessedData[] {
-  // implementation
-}
-
-// Component props with inheritance
-interface ComponentProps extends BaseProps {
-  data: Chart[];
-  onSelect: (id: number) => void;
-}
-
-const Component: FC<ComponentProps> = ({ data, onSelect }) => {
-  // implementation
-};
-```
-
-### Step 5: State & Redux Typing
-```typescript
-// Hooks with specific types
-const [data, setData] = useState<Chart[]>([]);
-const [selected, setSelected] = useState<number | null>(null);
-
-// Redux with existing RootState
-const mapStateToProps = (state: RootState) => ({
-  charts: state.charts,
-  user: state.user,
-});
-```
-
---
-
-## 🧠 Type Debugging Strategies (Real-World Learnings)
-
-### The Evolution of Type Approaches
-When you hit type errors, follow this debugging evolution:
-
-#### 1. ❌ Idealized Union Types (First Attempt)
-```typescript
-// Looks clean but doesn't match reality
-type DatasourceInput = Datasource | QueryEditor;
-```
-**Problem**: Real calling sites pass variations, not exact types.
-
-#### 2. ❌ Overly Precise Types (Second Attempt)
-```typescript
-// Tried to match exact calling signatures
-type DatasourceInput =
-  | IDatasource  // From DatasourcePanel
-  | (QueryEditor & { columns: ColumnMeta[] });  // From SaveQuery
-```
-**Problem**: Too rigid, doesn't handle legacy variations.
-
-#### 3. ✅ Flexible Interface (Final Solution)
-```typescript
-// Captures what the function actually needs
-interface DatasourceInput {
-  name?: string | null;  // Allow null for compatibility
-  datasource_name?: string | null;  // Legacy variations
-  columns?: any[];  // Multiple column types accepted
-  database?: { id?: number };
-  // ... other optional properties
-}
-```
-**Success**: Works with all calling sites, focuses on function needs.
-
-### Type Debugging Process
-1. **Start with compilation errors** - they show exact mismatches
-2. **Examine actual usage** - look at calling sites, not idealized types  
-3. **Build flexible interfaces** - capture what functions need, not rigid contracts
-4. **Iterate based on downstream validation** - let calling sites guide your types
-
---
-
-## 🚨 Anti-Patterns to Avoid
-
-```typescript
-// ❌ Never use any
-const obj: any = {};
-
-// ✅ Use proper types
-const obj: Record<string, JsonObject> = {};
-
-// ❌ Don't recreate base component props
-interface ChartSelectProps {
-  value: string;     // Duplicated from SelectProps
-  onChange: () => void;  // Duplicated from SelectProps
-  charts: Chart[];   // New prop
-}
-
-// ✅ Inherit and extend
-interface ChartSelectProps extends SelectProps {
-  charts: Chart[];   // Only new props
-}
-
-// ❌ Don't create ad-hoc type variations
-interface UserInfo {
-  name: string;
-  email: string;
-}
-
-// ✅ Extend existing types (DRY principle)
-import { User } from 'src/types/bootstrapTypes';
-type UserDisplayInfo = Pick<User, 'firstName' | 'lastName' | 'email'>;
-
-// ❌ Don't create overly rigid unions
-type StrictInput = ExactTypeA | ExactTypeB;
-
-// ✅ Create flexible interfaces for function parameters
-interface FlexibleInput {
-  // Focus on what the function actually needs
-  commonProperty: string;
-  optionalVariations?: any;  // Allow for legacy variations
-}
-```
-
-## 📍 DRY Type Guidelines (WHERE TYPES BELONG)
-
-### Type Placement Rules
-**CRITICAL**: Type variations must live close to where they belong, not scattered across files.
-
-#### ✅ Proper Type Organization
-```typescript
-// ❌ Don't create one-off interfaces in utility files
-// src/utils/datasourceUtils.ts
-interface DatasourceInput { /* custom interface */ }  // Wrong!
-
-// ✅ Use existing types or extend them in their proper domain
-// src/utils/datasourceUtils.ts
-import { IDatasource } from 'src/explore/components/DatasourcePanel';
-import { QueryEditor } from 'src/SqlLab/types';
-
-// Create flexible interface that references existing types
-interface FlexibleDatasourceInput {
-  // Properties that actually exist across variations
-}
-```
-
-#### Type Location Hierarchy
-1. **Domain Types**: `src/{domain}/types.ts` (dashboard, explore, SqlLab)
-2. **Component Types**: Co-located with components  
-3. **Global Types**: `src/types/` directory
-4. **Utility Types**: Only when they truly don't belong elsewhere
-
-#### ✅ DRY Type Patterns
-```typescript
-// ✅ Extend existing domain types
-interface SaveQueryData extends Pick<QueryEditor, 'sql' | 'dbId' | 'catalog'> {
-  columns: ColumnMeta[];  // Add what's needed
-}
-
-// ✅ Create flexible interfaces for cross-domain utilities
-interface CrossDomainInput {
-  // Common properties that exist across different source types
-  name?: string | null;  // Accommodate legacy null values
-  // Only include properties the function actually uses
-}
-```
-
---
-
-## 🎯 PropTypes Auto-Generation (Elegant Approach)
-
-**IMPORTANT**: Superset has `babel-plugin-typescript-to-proptypes` configured to automatically generate PropTypes from TypeScript interfaces. Use this instead of manual PropTypes duplication!
-
-### ❌ Manual PropTypes Duplication (Avoid This)
-```typescript
-export interface MyComponentProps {
-  title: string;
-  count?: number;
-}
-
-// 8+ lines of manual PropTypes duplication 😱
-const propTypes = PropTypes.shape({
-  title: PropTypes.string.isRequired,
-  count: PropTypes.number,
-});
-
-export default propTypes;
-```
-
-### ✅ Auto-Generated PropTypes (Use This)
-```typescript
-import { InferProps } from 'prop-types';
-
-export interface MyComponentProps {
-  title: string;
-  count?: number;
-}
-
-// Single validator function - babel plugin auto-generates PropTypes! ✨
-export default function MyComponentValidator(props: MyComponentProps) {
-  return null; // PropTypes auto-assigned by babel-plugin-typescript-to-proptypes
-}
-
-// Optional: For consumers needing PropTypes type inference
-export type MyComponentPropsInferred = InferProps<typeof MyComponentValidator>;
-```
-
-### Migration Pattern for Type-Only Files
-
-**When migrating type-only files with manual PropTypes:**
-
-1. **Keep the TypeScript interfaces** (single source of truth)
-2. **Replace manual PropTypes** with validator function
-3. **Remove PropTypes imports** and manual shape definitions
-4. **Add InferProps import** if type inference needed
-
-**Example Migration:**
-```typescript
-// Before: 25+ lines with manual PropTypes duplication
-export interface AdhocFilterType { /* ... */ }
-const adhocFilterTypePropTypes = PropTypes.oneOfType([...]);
-
-// After: 3 lines with auto-generation
-export interface AdhocFilterType { /* ... */ }
-export default function AdhocFilterValidator(props: { filter: AdhocFilterType }) {
-  return null; // Auto-generated PropTypes by babel plugin
-}
-```
-
-### Component PropTypes Pattern
-
-**For React components, the babel plugin works automatically:**
-
-```typescript
-interface ComponentProps {
-  title: string;
-  onClick: () => void;
-}
-
-const MyComponent: FC<ComponentProps> = ({ title, onClick }) => {
-  // Component implementation
-};
-
-// PropTypes automatically generated by babel plugin - no manual work needed!
-export default MyComponent;
-```
-
-### Auto-Generation Benefits
-
- ✅ **Single source of truth**: TypeScript interfaces drive PropTypes
- ✅ **No duplication**: Eliminate 15-20 lines of manual PropTypes code
- ✅ **Automatic updates**: Changes to TypeScript automatically update PropTypes
- ✅ **Type safety**: Compile-time checking ensures PropTypes match interfaces
- ✅ **Backward compatibility**: Existing JavaScript components continue working
-
-### Babel Plugin Configuration
-
-The plugin is already configured in `babel.config.js`:
-```javascript
-['babel-plugin-typescript-to-proptypes', { loose: true }]
-```
-
-**No additional setup required** - just use TypeScript interfaces and the plugin handles the rest!
-
---
-
-## 🧪 Test File Migration Patterns
-
-### Test File Priority
- **Always migrate test files** alongside production files
- **Test files are often leaf nodes** - good starting candidates
- **Create tests if missing** - Leverage new TypeScript types for better test coverage
-
-### Test-Specific Type Patterns
-```typescript
-// Mock interfaces for testing
-interface MockStore {
-  getState: () => Partial<RootState>;  // Partial allows minimal mocking
-}
-
-// Type-safe mocking for complex objects
-const mockDashboardInfo: Partial<DashboardInfo> as DashboardInfo = {
-  id: 123,
-  json_metadata: '{}',
-};
-
-// Sinon stub typing
-let postStub: sinon.SinonStub;
-beforeEach(() => {
-  postStub = sinon.stub(SupersetClient, 'post');
-});
-
-// Use stub reference instead of original method
-expect(postStub.callCount).toBe(1);
-expect(postStub.getCall(0).args[0].endpoint).toMatch('/api/');
-```
-
-### Test Migration Recipe
-1. **Migrate production file first** (if both need migration)
-2. **Update test imports** to point to `.ts/.tsx` files
-3. **Add proper mock typing** using `Partial<T> as T` pattern
-4. **Fix stub typing** - Use stub references, not original methods
-5. **Verify all tests pass** with TypeScript compilation
-
---
-
-## 🔧 Type Conflict Resolution
-
-### Multiple Type Definitions Issue
-**Problem**: Same type name defined in multiple files causes compilation errors.
-
-**Example**: `DashboardInfo` defined in both:
- `src/dashboard/reducers/types.ts` (minimal)
- `src/dashboard/components/Header/types.ts` (different shape)  
- `src/dashboard/types.ts` (complete - used by RootState)
-
-### Resolution Strategy
-1. **Identify the authoritative type**:
-   ```bash
-   # Find which type is used by RootState/main interfaces
-   grep -r "DashboardInfo" src/dashboard/types.ts
-   ```
-
-2. **Use import from authoritative source**:
-   ```typescript
-   // ✅ Import from main domain types
-   import { RootState, DashboardInfo } from 'src/dashboard/types';
-
-   // ❌ Don't import from component-specific files
-   import { DashboardInfo } from 'src/dashboard/components/Header/types';
-   ```
-
-3. **Mock complex types in tests**:
-   ```typescript
-   // For testing - provide minimal required fields
-   const mockInfo: Partial<DashboardInfo> as DashboardInfo = {
-     id: 123,
-     json_metadata: '{}',
-     // Only provide fields actually used in test
-   };
-   ```
-
-### Type Hierarchy Discovery Commands
-```bash
-# Find all definitions of a type
-grep -r "interface.*TypeName\|type.*TypeName" src/
-
-# Find import usage patterns
-grep -r "import.*TypeName" src/
-
-# Check what RootState uses
-grep -A 10 -B 10 "TypeName" src/*/types.ts
-```
-
---
-
-## Agent Constraints (CRITICAL)
-
-1. **Use git mv** - Run `git mv file.js file.ts` to preserve git history, but NO `git commit`
-2. **NO global import changes** - Don't update imports across codebase
-3. **Type files OK** - Can modify existing type files to improve/align types
-4. **Single-File TypeScript Validation** (CRITICAL) - tsc has known issues with multi-file compilation:
-   - **Core Issue**: TypeScript's `tsc` has documented problems validating multiple files simultaneously in complex projects
-   - **Solution**: ALWAYS validate files one at a time using individual `tsc` calls
-   - **Command Pattern**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {single-file-path}`
-   - **Why**: Multi-file validation can produce false positives, miss real errors, and conflict during parallel agent execution
-5. **Downstream Impact Validation** (CRITICAL) - Your migration affects calling sites:
-   - **Find downstream files**: `find superset-frontend/src -name "*.tsx" -o -name "*.ts" | xargs grep -l "your-core-filename" 2>/dev/null || echo "No files found"`
-   - **Validate each downstream file individually**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
-   - **Fix type mismatches** you introduced in calling sites
-   - **NEVER ignore downstream errors** - they indicate your types don't match reality
-6. **Avoid Project-Wide Validation During Migration**:
-   - **NEVER use `npm run type`** during parallel agent execution - produces unreliable results
-   - **Single-file validation is authoritative** - trust individual file checks over project-wide scans
-6. **ESLint validation** - Run `npm run eslint -- --fix {file}` for each migrated file to auto-fix formatting/linting issues
-6. Zero `any` types - use proper TypeScript types
-7. Search existing types before creating new ones
-8. Follow patterns from this guide
-
---
-
-## Success Report Format
-
-```
-SUCCESS: Atomic Migration of {core-filename}
-
-## Files Migrated (Atomic Unit)
- Core: {core-filename} → {core-filename.ts/tsx}
- Tests: {list-of-test-files} → {list-of-test-files.ts/tsx} OR "CREATED: {basename}.test.ts"
- Mocks: {list-of-mock-files} → {list-of-mock-files.ts}
- Type files modified: {list-of-type-files}
-
-## Types Created/Improved
- {TypeName}: {location} ({scope}) - {rationale}
- {ExistingType}: enhanced in {location} - {improvement-description}
-
-## Documentation Recommendations  
- ADD_TO_DIRECTORY: {TypeName} - {reason}
- NO_DOCUMENTATION: {TypeName} - {reason}
-
-## Quality Validation
- **Single-File TypeScript Validation**: ✅ PASS - Core files individually validated
-  - Core file: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {core-file}`
-  - Test files: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {test-file}` (if exists)
- **Downstream Impact Check**: ✅ PASS - Found {N} files importing this module, all validate individually
-  - Downstream files: {list-of-files-that-import-your-module}
-  - Individual validation: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
- **ESLint validation**: ✅ PASS (using `npm run eslint -- --fix {files}` to auto-fix formatting)
- **Zero any types**: ✅ PASS
- **Local imports resolved**: ✅ PASS  
- **Functionality preserved**: ✅ PASS
- **Tests pass** (if test file): ✅ PASS
- **Follow-up action required**: {YES/NO}
-
-## Validation Strategy Notes
- **Single-file approach used**: Avoided multi-file tsc validation due to known TypeScript compilation issues
- **Project-wide validation skipped**: `npm run type` not used during parallel migration to prevent false positives
-
-## Migration Learnings
- Type conflicts encountered: {describe any multiple type definitions}
- Mock patterns used: {describe test mocking approaches}
- Import hierarchy decisions: {note authoritative type sources used}
- PropTypes strategy: {AUTO_GENERATED via babel plugin | MANUAL_DUPLICATION_REMOVED | N/A}
-
-## Improvement Suggestions for Documentation
- AGENT.md enhancement: {suggest additions to migration guide}
- Common pattern identified: {note reusable patterns for future migrations}
-```
-
---
-
-## Dependency Block Report Format
-
-```
-DEPENDENCY_BLOCK: Cannot migrate {filename}
-
-## Blocking Dependencies
- {path}: {type} - {usage} - {priority}
-
-## Impact Analysis
- Estimated types: {number}
- Expected locations: {list}
- Cross-domain: {YES/NO}
-
-## Recommended Order
-{ordered-list}
-```
-
---
-
-## 📚 Quick Reference
-
-**Type Utilities:**
- `Record<K, V>` - Object with specific key/value types
- `Partial<T>` - All properties optional
- `Pick<T, K>` - Subset of properties
- `Omit<T, K>` - Exclude specific properties
- `NonNullable<T>` - Exclude null/undefined
-
-**Event Types:**
- `MouseEvent<HTMLButtonElement>`
- `ChangeEvent<HTMLInputElement>`
- `FormEvent<HTMLFormElement>`
-
-**React Types:**
- `FC<Props>` - Functional component
- `ReactNode` - Any renderable content
- `CSSProperties` - Style objects
-
---
-
-**Remember:** Every type should add value and clarity. The goal is meaningful type safety that catches bugs and improves developer experience.
--- a/.claude/projects/js-to-ts/COORDINATOR.md
+++ b/.claude/projects/js-to-ts/COORDINATOR.md
@@ -1,199 +0,0 @@
-# JS-to-TS Coordinator Workflow
-
-**Role:** Strategic migration coordination - select leaf-node files, trigger agents, review results, handle integration, manage dependencies.
-
---
-
-## 1. Core File Selection Strategy
-
-**Target ONLY Core Files**: Coordinators identify core files (production code), agents handle related tests/mocks atomically.
-
-**File Analysis Commands**:
-```bash
-# Find CORE files with no JS/JSX dependencies (exclude tests/mocks) - SIZE PRIORITIZED
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | xargs wc -l | sort -n | head -20
-
-# Alternative: Get file sizes in lines with paths
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | while read file; do
-  lines=$(wc -l < "$file")
-  echo "$lines $file"
-done | sort -n | head -20
-
-# Check dependencies for core files only (start with smallest)
-for file in <core-files-sorted-by-size>; do
-  echo "=== $file ($(wc -l < "$file") lines) ==="
-  grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" || echo "✅ LEAF CANDIDATE"
-done
-
-# Identify heavily imported files (migrate last)  
-grep -r "from.*utils/common" superset-frontend/src/ | wc -l
-
-# Quick leaf analysis with size priority
-find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | head -30 | while read file; do
-  deps=$(grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" | wc -l)
-  lines=$(wc -l < "$file")
-  if [ "$deps" -eq 0 ]; then
-    echo "✅ LEAF: $lines lines - $file"
-  fi
-done | sort -n
-```
-
-**Priority Order** (Smallest files first for easier wins):
-1. **Small leaf files** (<50 lines) - No JS/JSX imports, quick TypeScript conversion
-2. **Medium leaf files** (50-200 lines) - Self-contained utilities and helpers  
-3. **Small dependency files** (<100 lines) - Import only already-migrated files
-4. **Larger components** (200+ lines) - Complex but well-contained functionality
-5. **Core foundational files** (utils/common.js, controls.jsx) - migrate last regardless of size
-
-**Size-First Benefits**:
- Faster completion builds momentum
- Earlier validation of migration patterns
- Easier rollback if issues arise
- Better success rate for agent learning
-
-**Migration Unit**: Each agent call migrates:
- 1 core file (primary target)
- All related `*.test.js/jsx` files
- All related `*.mock.js` files  
- All related `__mocks__/` files
-
---
-
-## 2. Task Creation & Agent Control
-
-### Task Triggering
-When triggering the `/js-to-ts` command:
- **Task Title**: Use the core filename as the task title (e.g., "DebouncedMessageQueue.js migration", "hostNamesConfig.js migration")
- **Task Description**: Include the full relative path to help agent locate the file
- **Reference**: Point agent to [AGENT.md](./AGENT.md) for technical instructions
-
-### Post-Processing Workflow
-After each agent completes:
-
-1. **Review Agent Report**: Always read and analyze the complete agent report
-2. **Share Summary**: Provide user with key highlights from agent's work:
-   - Files migrated (core + tests/mocks)
-   - Types created or improved
-   - Any validation issues or coordinator actions needed
-3. **Quality Assessment**: Evaluate agent's TypeScript implementation against criteria:
-   - ✅ **Type Usage**: Proper types used, no `any` types
-   - ✅ **Type Filing**: Types placed in correct hierarchy (component → feature → domain → global)
-   - ✅ **Side Effects**: No unintended changes to other files
-   - ✅ **Import Alignment**: Proper .ts/.tsx import extensions
-4. **Integration Decision**:
-   - **COMMIT**: If agent work is complete and high quality
-   - **FIX & COMMIT**: If minor issues need coordinator fixes
-   - **ROLLBACK**: If major issues require complete rework
-5. **Next Action**: Ask user preference - commit this work or trigger next migration
-
---
-
-## 3. Integration Decision Framework
-
-**Automatic Integration** ✅:
- `npm run type` passes without errors
- Agent created clean TypeScript with proper types
- Types appropriately filed in hierarchy
-
-**Coordinator Integration** (Fix Side-Effects) 🔧:
- `npm run type` fails BUT agent's work is high quality
- Good type usage, proper patterns, well-organized
- Side-effects are manageable TypeScript compilation errors
- **Coordinator Action**: Integrate the change, then fix global compilation issues
-
-**Rollback Only** ❌:
- Agent introduced `any` types or poor type choices
- Types poorly organized or conflicting with existing patterns
- Fundamental approach issues requiring complete rework
-
-**Integration Process**:
-1. **Review**: Agent already used `git mv` to preserve history
-2. **Fix Side-Effects**: Update dependent files with proper import extensions
-3. **Resolve Types**: Fix any cascading type issues across codebase
-4. **Validate**: Ensure `npm run type` passes after fixes
-
---
-
-## 4. Common Integration Patterns
-
-**Common Side-Effects (Expect These)**:
- **Type import conflicts**: Multiple definitions of same type name
- **Mock object typing**: Tests need complete type satisfaction
- **Stub method references**: Use stub vars instead of original methods
-
-**Coordinator Fixes (Standard Process)**:
-1. **Import Resolution**:
-   ```bash
-   # Find authoritative type source
-   grep -r "TypeName" src/*/types.ts
-   # Import from domain types (src/dashboard/types.ts) not component types
-   ```
-
-2. **Test Mock Completion**:
-   ```typescript
-   // Use Partial<T> as T pattern for minimal mocking
-   const mockDashboard: Partial<DashboardInfo> as DashboardInfo = {
-     id: 123,
-     json_metadata: '{}',
-   };
-   ```
-
-3. **Stub Reference Fixes**:
-   ```typescript
-   // ✅ Use stub variable
-   expect(postStub.callCount).toBe(1);
-   // ❌ Don't use original method
-   expect(SupersetClient.post.callCount).toBe(1);
-   ```
-
-4. **Validation Commands**:
-   ```bash
-   npm run type          # TypeScript compilation
-   npm test -- filename  # Test functionality
-   git status           # Should show rename, not add/delete
-   ```
-
---
-
-## 5. File Categories for Planning
-
-### Leaf Files (Start Here)
-**Self-contained files with minimal JS/JSX dependencies**:
- Test files (80 files) - Usually only import the file being tested
- Utility files without internal dependencies
- Components importing only external libraries
-
-### Heavily Imported Files (Migrate Last)
-**Core files that many others depend on**:
- `utils/common.js` - Core utility functions
- `utils/reducerUtils.js` - Redux helpers  
- `@superset-ui/core` equivalent files
- Major state management files (`explore/store.js`, `dashboard/actions/`)
-
-### Complex Components (Middle Priority)  
-**Large files requiring careful type analysis**:
- `components/Datasource/DatasourceEditor.jsx` (1,809 lines)
- `explore/components/controls/AnnotationLayerControl/AnnotationLayer.jsx` (1,031 lines)
- `explore/components/ExploreViewContainer/index.jsx` (911 lines)
-
---
-
-## 6. Success Metrics & Continuous Improvement
-
-**Per-File Gates**:
- ✅ `npm run type` passes after each migration
- ✅ Zero `any` types introduced
- ✅ All imports properly typed
- ✅ Types filed in correct hierarchy
-
-**Linear Scheduling**:
-When agents report `DEPENDENCY_BLOCK`:
- Queue dependencies in linear order
- Process one file at a time to avoid conflicts
- Handle cascading type changes between files
-
-**After Each Migration**:
-1. **Update guides** with new patterns discovered
-2. **Document coordinator fixes** that become common
-3. **Enhance agent instructions** based on recurring issues
-4. **Track success metrics** - automatic vs coordinator integration rates
--- a/.claude/projects/js-to-ts/PROJECT.md
+++ b/.claude/projects/js-to-ts/PROJECT.md
@@ -1,76 +0,0 @@
-# JavaScript to TypeScript Migration Project
-
-Progressive migration of 219 JS/JSX files to TypeScript in Apache Superset frontend.
-
-## 📁 Project Documentation
-
- **[AGENT.md](./AGENT.md)** - Complete technical migration guide for agents (includes type reference, patterns, validation)
- **[COORDINATOR.md](./COORDINATOR.md)** - Strategic workflow for coordinators (file selection, task management, integration)
-
-## 🎯 Quick Start
-
-**For Agents:** Read [AGENT.md](./AGENT.md) for complete migration instructions
-**For Coordinators:** Read [COORDINATOR.md](./COORDINATOR.md) for workflow and [AGENT.md](./AGENT.md) for supervision
-
-**Command:** `/js-to-ts <filename>` - See [../../commands/js-to-ts.md](../../commands/js-to-ts.md)
-
-## 📊 Migration Progress
-
-**Scope**: 219 files total (112 JS + 107 JSX)
- Production files: 139 (63%)  
- Test files: 80 (37%)
-
-**Strategy**: Leaf-first migration with dependency-aware coordination
-
-### Completed Migrations ✅
-
-1. **roundDecimal** - `plugins/legacy-plugin-chart-map-box/src/utils/roundDecimal.js`
-   - Migrated core + test files
-   - Added proper TypeScript function signature with optional precision parameter
-   - All tests pass
-
-2. **timeGrainSqlaAnimationOverrides** - `src/explore/controlPanels/timeGrainSqlaAnimationOverrides.js`
-   - Migrated to TypeScript with ControlPanelState and Dataset types
-   - Added TimeGrainOverrideState interface for return type
-   - Used type guards for safe property access
-
-3. **DebouncedMessageQueue** - `src/utils/DebouncedMessageQueue.js`
-   - Migrated to TypeScript with proper generics
-   - Created DebouncedMessageQueueOptions interface
-   - **CREATED test file** with 4 comprehensive test cases
-   - Excellent class property typing with private/readonly modifiers
-
-**Files Migrated**: 3/219 (1.4%)
-**Tests Created**: 2 (roundDecimal had existing, DebouncedMessageQueue created)
-
-### Next Candidates (Leaf Nodes) 🎯
-
-**Identified leaf files with no JS/JSX dependencies:**
- `src/utils/hostNamesConfig.js` - Domain configuration utility
- `src/explore/controlPanels/Separator.js` - Control panel configuration  
- `src/middleware/loggerMiddleware.js` - Logging middleware
-
-**Migration Quality**: All completed migrations have:
- ✅ Zero `any` types
- ✅ Proper TypeScript compilation
- ✅ ESLint validation passed
- ✅ Test coverage (created where missing)
-
---
-
-## 📈 Success Metrics
-
-**Per-File Gates**:
- ✅ `npm run type` passes after each migration
- ✅ Zero `any` types introduced  
- ✅ All imports properly typed
- ✅ Types filed in correct hierarchy
-
-**Overall Progress**:
- **Automatic Integration Rate**: 100% (3/3 migrations required no coordinator fixes)
- **Test Coverage**: Improved (1 new test file created)
- **Type Safety**: Enhanced with proper interfaces and generics
-
---
-
-*This is a claudette-managed progressive refactor. All documentation and coordination resources are organized under `.claude/projects/js-to-ts/`*
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -1,15 +0,0 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "jq -r '.tool_input.command // \"\"' | grep -qE '^git commit' && cd \"$CLAUDE_PROJECT_DIR\" && echo '🔍 Running pre-commit before commit...' && pre-commit run || true"
-          }
-        ]
-      }
-    ]
-  }
-}
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,36 +0,0 @@
-# .coveragerc to control coverage.py
-[run]
-branch = True
-source = superset
-# omit = bad_file.py
-
-[paths]
-source =
-    superset/
-    */site-packages/
-
-[report]
-# Regexes for lines to exclude from consideration
-exclude_lines =
-    # Have to re-enable the standard pragma
-    pragma: no cover
-
-    # Don't complain about missing debug-only code:
-    def __repr__
-    if self\.debug
-
-    # Don't complain if tests don't hit defensive assertion code:
-    raise AssertionError
-    raise NotImplementedError
-
-    # Don't complain if non-runnable code isn't run:
-    if 0:
-    if __name__ == .__main__.:
-
-    # Ignore importlib backport
-    from importlib
-
-    if TYPE_CHECKING:
-
-#fail_under = 100
-show_missing = True
--- a/.cursor/rules/dev-standard.mdc
+++ b/.cursor/rules/dev-standard.mdc
@@ -1,125 +0,0 @@
---
-description: Apache Superset development standards and guidelines for Cursor IDE
-globs: ["**/*.py", "**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.sql", "**/*.md"]
-alwaysApply: true
---
-
-# Apache Superset Development Standards for Cursor IDE
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **NO Enzyme** - Use React Testing Library/Jest (Enzyme fully removed)
- **Use @superset-ui/core** - Don't import Ant Design directly
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over Cypress end-to-end tests
- **Cypress is last resort** - Actively moving away from Cypress
- **Use Jest + React Testing Library** for component testing
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-## Code Standards
-
-### TypeScript Frontend
- **NO `any` types** - Use proper TypeScript
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state, hooks for local
-
-### Python Backend
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like LLMS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-## Key Directory Structure
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Architecture Patterns
-
-### Dataset-Centric Approach
-Charts built from enriched datasets containing:
- Dimension columns with labels/descriptions
- Predefined metrics as SQL expressions
- Self-service analytics within defined contexts
-
-### Security & Features
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# Quick validation (faster than --all-files)
-pre-commit run                    # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-## Development Guidelines
-
- **Documentation**: Update docs/ for any user-facing changes
- **Breaking Changes**: Add to UPDATING.md
- **Docstrings**: Required for new functions/classes
- **Follow existing patterns**: Mimic code style, use existing libraries and utilities
- **Type Safety**: This codebase is actively modernizing toward full TypeScript and type safety
- **Always run `pre-commit run`** to validate changes before committing
-
---
-
-**Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,20 +0,0 @@
-# Keep this in sync with the base image in the main Dockerfile (ARG PY_VER)
-FROM python:3.11.13-trixie AS base
-
-# Install system dependencies that Superset needs
-# This layer will be cached across Codespace sessions
-RUN apt-get update && apt-get install -y \
-    libsasl2-dev \
-    libldap2-dev \
-    libpq-dev \
-    tmux \
-    gh \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install uv for fast Python package management
-# This will also be cached in the image
-RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
-    echo 'export PATH="/root/.cargo/bin:$PATH"' >> /etc/bash.bashrc
-
-# Set the cargo/bin directory in PATH for all users
-ENV PATH="/root/.cargo/bin:${PATH}"
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -1,5 +0,0 @@
-# Superset Development with GitHub Codespaces
-
-For complete documentation on using GitHub Codespaces with Apache Superset, please see:
-
-**[Setting up a Development Environment - GitHub Codespaces](https://superset.apache.org/docs/contributing/development#github-codespaces-cloud-development)**
--- a/.devcontainer/bashrc-additions
+++ b/.devcontainer/bashrc-additions
@@ -1,62 +0,0 @@
-# Superset Codespaces environment setup
-# This file is appended to ~/.bashrc during Codespace setup
-
-# Find the workspace directory (handles both 'superset' and 'superset-2' names)
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-
-if [ -n "$WORKSPACE_DIR" ]; then
-    # Check if virtual environment exists
-    if [ -d "$WORKSPACE_DIR/.venv" ]; then
-        # Activate the virtual environment
-        source "$WORKSPACE_DIR/.venv/bin/activate"
-        echo "✅ Python virtual environment activated"
-
-        # Verify pre-commit is installed and set up
-        if command -v pre-commit &> /dev/null; then
-            echo "✅ pre-commit is available ($(pre-commit --version))"
-            # Install git hooks if not already installed
-            if [ -d "$WORKSPACE_DIR/.git" ] && [ ! -f "$WORKSPACE_DIR/.git/hooks/pre-commit" ]; then
-                echo "🪝 Installing pre-commit hooks..."
-                cd "$WORKSPACE_DIR" && pre-commit install
-            fi
-        else
-            echo "⚠️  pre-commit not found. Run: pip install pre-commit"
-        fi
-    else
-        echo "⚠️  Python virtual environment not found at $WORKSPACE_DIR/.venv"
-        echo "   Run: cd $WORKSPACE_DIR && .devcontainer/setup-dev.sh"
-    fi
-
-    # Always cd to the workspace directory for convenience
-    cd "$WORKSPACE_DIR"
-fi
-
-# Add helpful aliases for Superset development
-alias start-superset="$WORKSPACE_DIR/.devcontainer/start-superset.sh"
-alias setup-dev="$WORKSPACE_DIR/.devcontainer/setup-dev.sh"
-
-# Show helpful message on login
-echo ""
-echo "🚀 Superset Codespaces Environment"
-echo "=================================="
-
-# Check if Superset is running
-if docker ps 2>/dev/null | grep -q "superset"; then
-    echo "✅ Superset is running!"
-    echo "   - Check the 'Ports' tab for your live Superset URL"
-    echo "   - Initial startup takes 10-20 minutes"
-    echo "   - Login: admin/admin"
-else
-    echo "⚠️  Superset is not running. Use: start-superset"
-    # Check if there's a startup log
-    if [ -f "/tmp/superset-startup.log" ]; then
-        echo "   📋 Startup log found: cat /tmp/superset-startup.log"
-    fi
-fi
-
-echo ""
-echo "Quick commands:"
-echo "  start-superset - Start Superset with Docker Compose"
-echo "  setup-dev      - Set up Python environment (if not already done)"
-echo "  pre-commit run - Run pre-commit checks on staged files"
-echo ""
--- a/.devcontainer/build-and-push-image.sh
+++ b/.devcontainer/build-and-push-image.sh
@@ -1,20 +0,0 @@
-#!/bin/bash
-# Script to build and push the devcontainer image to GitHub Container Registry
-# This allows caching the image between Codespace sessions
-
-# You'll need to run this with appropriate GitHub permissions
-# gh auth login --scopes write:packages
-
-REGISTRY="ghcr.io"
-OWNER="apache"
-REPO="superset"
-TAG="devcontainer-base"
-
-echo "Building devcontainer image..."
-docker build -t $REGISTRY/$OWNER/$REPO:$TAG .devcontainer/
-
-echo "Pushing to GitHub Container Registry..."
-docker push $REGISTRY/$OWNER/$REPO:$TAG
-
-echo "Done! Update .devcontainer/devcontainer.json to use:"
-echo "  \"image\": \"$REGISTRY/$OWNER/$REPO:$TAG\""
--- a/.devcontainer/default/devcontainer.json
+++ b/.devcontainer/default/devcontainer.json
@@ -1,19 +0,0 @@
-{
-  // Extend the base configuration
-  "extends": "../devcontainer-base.json",
-
-  "name": "Apache Superset Development (Default)",
-
-  // Forward ports for development
-  "forwardPorts": [9001],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    }
-  },
-
-  // Auto-start Superset on Codespace resume
-  "postStartCommand": ".devcontainer/start-superset.sh"
-}
--- a/.devcontainer/devcontainer-base.json
+++ b/.devcontainer/devcontainer-base.json
@@ -1,39 +0,0 @@
-{
-  "name": "Apache Superset Development",
-  // Keep this in sync with the base image in Dockerfile (ARG PY_VER)
-  // Using the same base as Dockerfile, but non-slim for dev tools
-  "image": "python:3.11.13-bookworm",
-
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "moby": true,
-      "dockerDashComposeVersion": "v2"
-    },
-    "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
-    },
-    "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/common-utils:2": {
-      "configureZshAsDefaultShell": true
-    },
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
-    }
-  },
-
-  // Run commands after container is created
-  "postCreateCommand": "chmod +x .devcontainer/setup-dev.sh && .devcontainer/setup-dev.sh",
-
-  // VS Code customizations
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-python.python",
-        "ms-python.vscode-pylance",
-        "charliermarsh.ruff",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode"
-      ]
-    }
-  }
-}
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,66 +0,0 @@
-{
-  "name": "Apache Superset Development",
-  // Option 1: Use pre-built image directly
-  // "image": "ghcr.io/apache/superset:devcontainer-base",
-
-  // Option 2: Build from Dockerfile with cache (current approach)
-  "build": {
-    "dockerfile": "Dockerfile",
-    "context": ".",
-    // Cache from the Apache registry image
-    "cacheFrom": ["ghcr.io/apache/superset:devcontainer-base"]
-  },
-
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "moby": false,
-      "dockerDashComposeVersion": "v2"
-    },
-    "ghcr.io/devcontainers/features/node:1": {
-      "version": "20"
-    },
-    "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/common-utils:2": {
-      "configureZshAsDefaultShell": true
-    },
-    "ghcr.io/devcontainers/features/sshd:1": {
-      "version": "latest"
-    }
-  },
-
-  // Forward ports for development
-  "forwardPorts": [9001],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    }
-  },
-
-  // Run commands after container is created
-  "postCreateCommand": "bash .devcontainer/setup-dev.sh || echo '⚠️ Setup had issues - run .devcontainer/setup-dev.sh manually'",
-
-  // Auto-start Superset after ensuring Docker is ready
-  // Run in foreground to see any errors, but don't block on failures
-  "postStartCommand": "bash -c 'echo \"Waiting 30s for services to initialize...\"; sleep 30; .devcontainer/start-superset.sh || echo \"⚠️ Auto-start failed - run start-superset manually\"'",
-
-  // Set environment variables
-  "remoteEnv": {
-    // Removed automatic venv activation to prevent startup issues
-    // The setup script will handle this
-  },
-
-  // VS Code customizations
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-python.python",
-        "ms-python.vscode-pylance",
-        "charliermarsh.ruff",
-        "dbaeumer.vscode-eslint",
-        "esbenp.prettier-vscode"
-      ]
-    }
-  }
-}
--- a/.devcontainer/setup-dev.sh
+++ b/.devcontainer/setup-dev.sh
@@ -1,32 +0,0 @@
-#!/bin/bash
-# Setup script for Superset Codespaces development environment
-
-echo "🔧 Setting up Superset development environment..."
-
-# The universal image has most tools, just need Superset-specific libs
-echo "📦 Installing Superset-specific dependencies..."
-sudo apt-get update
-sudo apt-get install -y \
-    libsasl2-dev \
-    libldap2-dev \
-    libpq-dev \
-    tmux \
-    gh
-
-# Install uv for fast Python package management
-echo "📦 Installing uv..."
-curl -LsSf https://astral.sh/uv/install.sh | sh
-
-# Add cargo/bin to PATH for uv
-echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
-echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.zshrc
-
-# Install Claude Code CLI via npm
-echo "🤖 Installing Claude Code..."
-npm install -g @anthropic-ai/claude-code
-
-# Make the start script executable
-chmod +x .devcontainer/start-superset.sh
-
-echo "✅ Development environment setup complete!"
-echo "🚀 Run '.devcontainer/start-superset.sh' to start Superset"
--- a/.devcontainer/start-superset.sh
+++ b/.devcontainer/start-superset.sh
@@ -1,69 +0,0 @@
-#!/bin/bash
-# Startup script for Superset in Codespaces
-
-echo "🚀 Starting Superset in Codespaces..."
-echo "🌐 Frontend will be available at port 9001"
-
-# Check if MCP is enabled
-if [ "$ENABLE_MCP" = "true" ]; then
-    echo "🤖 MCP Service will be available at port 5008"
-fi
-
-# Find the workspace directory (Codespaces clones as 'superset', not 'superset-2')
-WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
-if [ -n "$WORKSPACE_DIR" ]; then
-    cd "$WORKSPACE_DIR"
-    echo "📁 Working in: $WORKSPACE_DIR"
-else
-    echo "📁 Using current directory: $(pwd)"
-fi
-
-# Check if docker is running
-if ! docker info > /dev/null 2>&1; then
-    echo "⏳ Waiting for Docker to start..."
-    sleep 5
-fi
-
-# Clean up any existing containers
-echo "🧹 Cleaning up existing containers..."
-docker-compose -f docker-compose-light.yml --profile mcp down
-
-# Start services
-echo "🏗️  Building and starting services..."
-echo ""
-echo "📝 Once started, login with:"
-echo "   Username: admin"
-echo "   Password: admin"
-echo ""
-echo "📋 Running in foreground with live logs (Ctrl+C to stop)..."
-
-# Run docker-compose and capture exit code
-if [ "$ENABLE_MCP" = "true" ]; then
-    echo "🤖 Starting with MCP Service enabled..."
-    docker-compose -f docker-compose-light.yml --profile mcp up
-else
-    docker-compose -f docker-compose-light.yml up
-fi
-EXIT_CODE=$?
-
-# If it failed, provide helpful instructions
-if [ $EXIT_CODE -ne 0 ] && [ $EXIT_CODE -ne 130 ]; then  # 130 is Ctrl+C
-    echo ""
-    echo "❌ Superset startup failed (exit code: $EXIT_CODE)"
-    echo ""
-    echo "🔄 To restart Superset, run:"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "🔧 For troubleshooting:"
-    echo "   # View logs:"
-    echo "   docker-compose -f docker-compose-light.yml logs"
-    echo ""
-    echo "   # Clean restart (removes volumes):"
-    echo "   docker-compose -f docker-compose-light.yml down -v"
-    echo "   .devcontainer/start-superset.sh"
-    echo ""
-    echo "   # Common issues:"
-    echo "   - Network timeouts: Just retry, often transient"
-    echo "   - Port conflicts: Check 'docker ps'"
-    echo "   - Database issues: Try clean restart with -v"
-fi
--- a/.devcontainer/with-mcp/devcontainer.json
+++ b/.devcontainer/with-mcp/devcontainer.json
@@ -1,29 +0,0 @@
-{
-  // Extend the base configuration
-  "extends": "../devcontainer-base.json",
-
-  "name": "Apache Superset Development with MCP",
-
-  // Forward ports for development
-  "forwardPorts": [9001, 5008],
-  "portsAttributes": {
-    "9001": {
-      "label": "Superset (via Webpack Dev Server)",
-      "onAutoForward": "notify",
-      "visibility": "public"
-    },
-    "5008": {
-      "label": "MCP Service (Model Context Protocol)",
-      "onAutoForward": "notify",
-      "visibility": "private"
-    }
-  },
-
-  // Auto-start Superset with MCP on Codespace resume
-  "postStartCommand": "ENABLE_MCP=true .devcontainer/start-superset.sh",
-
-  // Environment variables
-  "containerEnv": {
-    "ENABLE_MCP": "true"
-  }
-}
--- a/.dockerignore
+++ b/.dockerignore
@@ -34,6 +34,7 @@
 **/*.sqllite
 **/*.swp
 **/.terser-plugin-cache/
+**/.storybook/
 **/node_modules/

 tests/
@@ -41,8 +42,6 @@ docs/
 install/
 superset-frontend/cypress-base/
 superset-frontend/coverage/
-superset-frontend/.temp_cache/
 superset/static/assets/
 superset-websocket/dist/
 venv
-.venv
--- a/.envrc.example
+++ b/.envrc.example
@@ -1,41 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Auto-configure Docker Compose for multi-instance support
-# Requires direnv: https://direnv.net/
-#
-# Install: brew install direnv (or apt install direnv)
-# Setup: Add 'eval "$(direnv hook bash)"' to ~/.bashrc (or ~/.zshrc)
-# Allow: Run 'direnv allow' in this directory once
-
-# Generate unique project name from directory
-export COMPOSE_PROJECT_NAME=$(basename "$PWD" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g')
-
-# Find available ports sequentially to avoid collisions
-_is_free() { ! lsof -i ":$1" &>/dev/null 2>&1; }
-
-_p=80;    while ! _is_free $_p; do ((_p++)); done; export NGINX_PORT=$_p
-_p=8088;  while ! _is_free $_p; do ((_p++)); done; export SUPERSET_PORT=$_p
-_p=9000;  while ! _is_free $_p; do ((_p++)); done; export NODE_PORT=$_p
-_p=8080;  while ! _is_free $_p || [ $_p -eq $NGINX_PORT ]; do ((_p++)); done; export WEBSOCKET_PORT=$_p
-_p=8081;  while ! _is_free $_p || [ $_p -eq $WEBSOCKET_PORT ]; do ((_p++)); done; export CYPRESS_PORT=$_p
-_p=5432;  while ! _is_free $_p; do ((_p++)); done; export DATABASE_PORT=$_p
-_p=6379;  while ! _is_free $_p; do ((_p++)); done; export REDIS_PORT=$_p
-
-unset _p _is_free
-
-echo "🐳 Superset configured: http://localhost:$SUPERSET_PORT (dev: localhost:$NODE_PORT)"
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,2 @@
 docker/**/*.sh text eol=lf
 *.svg binary
-*.ipynb binary
-*.geojson binary
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@

 # https://github.com/apache/superset/issues/13351

-/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho @sadpandajoe
+/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho

 # Notify some committers of changes in the components

@@ -12,41 +12,21 @@

 # Notify Helm Chart maintainers about changes in it

-/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina @mistercrunch @rusackas @Antonio-RiveroMartnez
+/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina

 # Notify E2E test maintainers of changes

-/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida @mistercrunch
+/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida

 # Notify PMC members of changes to GitHub Actions

-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
-
-# Notify PMC members of changes to CI-executed scripts (supply-chain risk:
-# scripts/ files run directly in CI workflows and can execute arbitrary code)
-
-/scripts/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

 # Notify PMC members of changes to required GitHub Actions

-/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @Antonio-RiveroMartnez
+/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

-# Maps are a finicky contribution process we care about
+# Maps are a finnicky contribution process we care about

 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas
-
-# Notify translation maintainers of changes to translations
-
-/superset/translations/ @sfirke @rusackas
-
-# Notify PMC members of changes to extension-related files
-
-/docs/developer_portal/extensions/ @michael-s-molina @villebro @rusackas
-/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-extensions-cli/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/packages/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
-/superset-frontend/src/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -41,8 +41,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
-        - "6.0.0"
-        - "5.0.0"
+        - "4.1.0"
+        - "3.1.3"
    validations:
      required: true
  - type: dropdown
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+This is a project of the [Apache Software Foundation](https://apache.org) and follows the
+ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+## Reporting Vulnerabilities
+
+**⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️**
+
+
+Apache Software Foundation takes a rigorous standpoint in annihilating the security issues
+in its software projects. Apache Superset is highly sensitive and forthcoming to issues
+pertaining to its features and functionality.
+If you have any concern or believe you have found a vulnerability in Apache Superset,
+please get in touch with the Apache Superset Security Team privately at
+e-mail address [security@superset.apache.org](mailto:security@superset.apache.org).
+
+More details can be found on the ASF website at
+[ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability)
+
+We kindly ask you to include the following information in your report:
+- Apache Superset version that you are using
+- A sanitized copy of your `superset_config.py` file or any config overrides
+- Detailed steps to reproduce the vulnerability
+
+Note that Apache Superset is not responsible for any third-party dependencies that may
+have security issues. Any vulnerabilities found in third-party dependencies should be
+reported to the maintainers of those projects. Results from security scans of Apache
+Superset dependencies found on its official Docker image can be remediated at release time
+by extending the image itself.
+
+**Your responsible disclosure and collaboration are invaluable.**
+
+## Extra Information
+
+ - [Apache Superset documentation](https://superset.apache.org/docs/security)
+ - [Common Vulnerabilities and Exposures by release](https://superset.apache.org/docs/security/cves)
+ - [How Security Vulnerabilities are Reported & Handled in Apache Superset (Blog)](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)
--- a/.github/actions/change-detector/action.yml
+++ b/.github/actions/change-detector/action.yml
@@ -1,27 +1,24 @@
-name: Change Detector
-description: Detects file changes for pull request and push events
+name: 'Change Detector'
+description: 'Detects file changes for pull request and push events'
 inputs:
  token:
-    description: GitHub token for authentication
+    description: 'GitHub token for authentication'
    required: true
 outputs:
  python:
-    description: Whether Python-related files were changed
+    description: 'Whether Python-related files were changed'
    value: ${{ steps.change-detector.outputs.python }}
  frontend:
-    description: Whether frontend-related files were changed
+    description: 'Whether frontend-related files were changed'
    value: ${{ steps.change-detector.outputs.frontend }}
  docker:
-    description: Whether docker-related files were changed
+    description: 'Whether docker-related files were changed'
    value: ${{ steps.change-detector.outputs.docker }}
  docs:
-    description: Whether docs-related files were changed
+    description: 'Whether docs-related files were changed'
    value: ${{ steps.change-detector.outputs.docs }}
-  superset-extensions-cli:
-    description: Whether superset-extensions-cli package-related files were changed
-    value: ${{ steps.change-detector.outputs.superset-extensions-cli }}
 runs:
-  using: composite
+  using: 'composite'
  steps:
    - name: Detect file changes
      id: change-detector
--- a/.github/actions/change-detector/label-draft-pr.yml
+++ b/.github/actions/change-detector/label-draft-pr.yml
@@ -1,23 +0,0 @@
-name: Label Draft PRs
-on:
-  pull_request:
-    types:
-      - opened
-      - converted_to_draft
-jobs:
-  label-draft:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if the PR is a draft
-        id: check-draft
-        uses: actions/github-script@v8
-        with:
-          script: |
-            const isDraft = context.payload.pull_request.draft;
-            core.setOutput('isDraft', isDraft);
-      - name: Add `review:draft` Label
-        if: steps.check-draft.outputs.isDraft == 'true'
-        uses: actions-ecosystem/action-add-labels@v1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          labels: "review:draft"
--- a/.github/actions/setup-backend/action.yml
+++ b/.github/actions/setup-backend/action.yml
@@ -24,44 +24,30 @@ runs:
    - name: Interpret Python Version
      id: set-python-version
      shell: bash
-      env:
-        INPUT_PYTHON_VERSION: ${{ inputs.python-version }}
      run: |
-        if [ "$INPUT_PYTHON_VERSION" = "current" ]; then
-          RESOLVED_VERSION="3.11"
-        elif [ "$INPUT_PYTHON_VERSION" = "next" ]; then
-          # currently disabled in GHA matrixes because of library compatibility issues
-          RESOLVED_VERSION="3.12"
-        elif [ "$INPUT_PYTHON_VERSION" = "previous" ]; then
-          RESOLVED_VERSION="3.10"
-        elif printf '%s' "$INPUT_PYTHON_VERSION" | grep -Eq '^[0-9]+\.[0-9]+(\.[0-9]+)?$'; then
-          RESOLVED_VERSION="$INPUT_PYTHON_VERSION"
+        if [ "${{ inputs.python-version }}" = "current" ]; then
+          echo "PYTHON_VERSION=3.10" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "next" ]; then
+          echo "PYTHON_VERSION=3.11" >> $GITHUB_ENV
+        elif [ "${{ inputs.python-version }}" = "previous" ]; then
+          echo "PYTHON_VERSION=3.9" >> $GITHUB_ENV
        else
-          echo "Invalid python-version: '$INPUT_PYTHON_VERSION'" >&2
-          exit 1
+          echo "PYTHON_VERSION=${{ inputs.python-version }}" >> $GITHUB_ENV
        fi
-        echo "python-version=$RESOLVED_VERSION" >> "$GITHUB_OUTPUT"
-    - name: Set up Python ${{ steps.set-python-version.outputs.python-version }}
-      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+    - name: Set up Python ${{ env.PYTHON_VERSION }}
+      uses: actions/setup-python@v5
      with:
-        python-version: ${{ steps.set-python-version.outputs.python-version }}
+        python-version: ${{ env.PYTHON_VERSION }}
        cache: ${{ inputs.cache }}
    - name: Install dependencies
-      env:
-        INPUT_INSTALL_SUPERSET: ${{ inputs.install-superset }}
-        INPUT_REQUIREMENTS_TYPE: ${{ inputs.requirements-type }}
      run: |
-        if [ "$INPUT_INSTALL_SUPERSET" = "true" ]; then
+        if [ "${{ inputs.install-superset }}" = "true" ]; then
          sudo apt-get update && sudo apt-get -y install libldap2-dev libsasl2-dev
-
-          pip install --upgrade pip setuptools wheel uv
-
-          if [ "$INPUT_REQUIREMENTS_TYPE" = "dev" ]; then
-            uv pip install --system -r requirements/development.txt
-          elif [ "$INPUT_REQUIREMENTS_TYPE" = "base" ]; then
-            uv pip install --system -r requirements/base.txt
+          pip install --upgrade pip setuptools wheel
+          if [ "${{ inputs.requirements-type }}" = "dev" ]; then
+            pip install -r requirements/development.txt
+          elif [ "${{ inputs.requirements-type }}" = "base" ]; then
+            pip install -r requirements/base.txt
          fi
-
-          uv pip install --system -e .
        fi
      shell: bash
--- a/.github/actions/setup-docker/action.yml
+++ b/.github/actions/setup-docker/action.yml
@@ -1,78 +0,0 @@
-name: "Setup Docker Environment"
-description: "Reusable steps for setting up QEMU, Docker Buildx, DockerHub login, Supersetbot, and optionally Docker Compose"
-inputs:
-  build:
-    description: "Used for building?"
-    required: false
-    default: "false"
-  dockerhub-user:
-    description: "DockerHub username"
-    required: false
-  dockerhub-token:
-    description: "DockerHub token"
-    required: false
-  install-docker-compose:
-    description: "Flag to install Docker Compose"
-    required: false
-    default: "true"
-  login-to-dockerhub:
-    description: "Whether you want to log into dockerhub"
-    required: false
-    default: "true"
-outputs: {}
-runs:
-  using: "composite"
-  steps:
-
-    - name: Set up QEMU
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
-      with:
-        # Pin the binfmt image to a specific QEMU release. The default
-        # (`tonistiigi/binfmt:latest`) is a moving target, and drift across
-        # QEMU's x86_64→aarch64 translator has been the proximate cause of
-        # intermittent `exit code: 132` (SIGILL) failures during the arm64
-        # leg of the multi-platform docker build — newer Node native modules
-        # emit instructions QEMU's user-mode emulation occasionally drops on
-        # the floor. Pinning a known-good release stabilises that path.
-        image: tonistiigi/binfmt:qemu-v8.1.5
-
-    - name: Set up Docker Buildx
-      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-
-    - name: Try to login to DockerHub
-      if: ${{ inputs.login-to-dockerhub == 'true' }}
-      continue-on-error: true
-      uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-      with:
-        username: ${{ inputs.dockerhub-user }}
-        password: ${{ inputs.dockerhub-token }}
-
-    - name: Install Docker Compose
-      if: ${{ inputs.install-docker-compose == 'true' }}
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y ca-certificates curl
-        sudo install -m 0755 -d /etc/apt/keyrings
-
-        # Download and save the Docker GPG key in the correct format
-        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-
-        # Ensure the key file is readable
-        sudo chmod a+r /etc/apt/keyrings/docker.gpg
-
-        # Add the Docker repository using the correct key
-        echo \
-          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-        # Update package lists and install Docker Compose plugin
-        sudo apt update
-        sudo apt install -y docker-compose-plugin
-
-    - name: Docker Version Info
-      shell: bash
-      run: docker info
--- a/.github/actions/setup-supersetbot/action.yml
+++ b/.github/actions/setup-supersetbot/action.yml
@@ -10,7 +10,7 @@ runs:
  steps:

    - name: Setup Node Env
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      uses: actions/setup-node@v4
      with:
        node-version: '20'

@@ -21,9 +21,8 @@ runs:

    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
      if: ${{ inputs.from-npm == 'false' }}
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      uses: actions/checkout@v4
      with:
-        persist-credentials: false
        repository: apache-superset/supersetbot
        path: supersetbot

--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +0,0 @@
-../AGENTS.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,429 +1,352 @@
 version: 2
-enable-beta-ecosystems: true
 updates:
+
  - package-ecosystem: "github-actions"
    directory: "/"
-    ignore:
-      # Ignore temporarily as release schedule is too mentally taxing for dep-handling maintainers
-      # Additionally, very few PRs are reviewed by this action.
-      - dependency-name: anthropics/claude-code-action
    schedule:
-      interval: "daily"
-    cooldown:
-      default-days: 7
+      interval: "monthly"

  - package-ecosystem: "npm"
    ignore:
-      # TODO: remove below entries until React >= 18.0.0
+      # not until React >= 18.0.0
      - dependency-name: "storybook"
-        update-types: ["version-update:semver-major", "version-update:semver-minor"]
      - dependency-name: "@storybook*"
-        update-types: ["version-update:semver-major", "version-update:semver-minor"]
-      - dependency-name: "eslint-plugin-storybook"
-      - dependency-name: "react-error-boundary"
-      - dependency-name: "@rjsf/*"
-      # remark-gfm v4+ requires react-markdown v9+, which needs React 18
-      - dependency-name: "remark-gfm"
-      - dependency-name: "react-markdown"
-      # TODO: remove below entries until React >= 19.0.0
-      - dependency-name: "react-icons"
-      # JSDOM v30 doesn't play well with Jest v30
-      # Source: https://jestjs.io/blog#known-issues
-      # GH thread: https://github.com/jsdom/jsdom/issues/3492
-      - dependency-name: "jest-environment-jsdom"
-      # `@swc/plugin-transform-imports` doesn't work with current Webpack-SWC hybrid setup
-      # See https://github.com/apache/superset/pull/37384#issuecomment-3793991389
-      # TODO: remove the plugin once Lodash usage has been migrated to a more readily tree-shakeable alternative
-      - dependency-name: "@swc/plugin-transform-imports"
-      # `just-handlerbars-helpers` library in plugin-chart-handlebars requires `currencyformatter`` to be < 2
-      - dependency-name: "currencyformatter.js"
-        update-types: ["version-update:semver-major"]
-      # TODO: remove below clause once https://github.com/pmmmwh/react-refresh-webpack-plugin/pull/940 lands onto a future release
-      # and confirm the issue https://github.com/apache/superset/issues/39600 is fixed
-      - dependency-name: "react-checkbox-tree"
-        update-types: ["version-update:semver-major"]
-    groups:
-      storybook:
-        applies-to: version-updates
-        patterns:
-          - "@storybook*"
-          - "storybook"
-        update-types:
-          - "patch"
    directory: "/superset-frontend/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 30
    versioning-strategy: increase
-    cooldown:
-      default-days: 7


-  - package-ecosystem: "pip"
-    directory: "/"
-    open-pull-requests-limit: 10
-    # Bump the lower bound to the new version, not just widen the upper
-    # bound. Without this, a `sqlglot>=28.10.0, <29` constraint upgraded
-    # to `<30` would keep the stale lower bound forever, dragging
-    # transitively-resolved versions with it. See #40186 (review thread).
-    versioning-strategy: increase
-    schedule:
-      interval: "weekly"
-    labels:
-      - pip
-      - dependabot
-    cooldown:
-      default-days: 7
+  # - package-ecosystem: "pip"
+  # NOTE: as dependabot isn't compatible with our python
+  # dependency setup (pip-compile-multi), we'll be using
+  # `supersetbot` instead

  - package-ecosystem: "npm"
    directory: ".github/actions"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/docs/"
-    ignore:
-      # TODO: remove below entries until React >= 18.0.0 in superset-frontend
-      - dependency-name: "storybook"
-        update-types: ["version-update:semver-major", "version-update:semver-minor"]
-      - dependency-name: "@storybook*"
-        update-types: ["version-update:semver-major", "version-update:semver-minor"]
-      - dependency-name: "eslint-plugin-storybook"
-      - dependency-name: "react-error-boundary"
-    groups:
-      storybook:
-        applies-to: version-updates
-        patterns:
-          - "@storybook*"
-          - "storybook"
-        update-types:
-          - "patch"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-websocket/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-websocket/utils/client-ws-app/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 10
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  # Now for all of our plugins and packages!

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-calendar/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-histogram/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-partition/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-world-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-pivot-table/"
-    ignore:
-      # TODO: remove below entries until React >= 19.0.0
-      - dependency-name: "react-icons"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-chord/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-horizon/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-rose/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-deckgl/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-table/"
-    ignore:
-      # TODO: remove below entries until React >= 19.0.0
-      - dependency-name: "react-icons"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-country-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-map-box/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-nvd3/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-word-cloud/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-event-flow/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-paired-t-test/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey-loop/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-echarts/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
-    directory: "/superset-frontend/plugins/plugin-chart-ag-grid-table/"
+    directory: "/superset-frontend/plugins/preset-chart-xy/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
-    directory: "/superset-frontend/plugins/plugin-chart-cartodiagram/"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-heatmap/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-parallel-coordinates/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-sunburst/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-handlebars/"
-    ignore:
-      # `just-handlerbars-helpers` library in plugin-chart-handlebars requires `currencyformatter`` to be < 2
-      - dependency-name: "currencyformatter.js"
-        update-types: ["version-update:semver-major"]
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/generator-superset/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-chart-controls/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-core/"
-    ignore:
-      # not until React >= 18.0.0
-      - dependency-name: "react-markdown"
-      - dependency-name: "remark-gfm"
-      - dependency-name: "react-error-boundary"
    schedule:
-      interval: "daily"
+      interval: "monthly"
+    labels:
+      - npm
+      - dependabot
+    open-pull-requests-limit: 5
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-frontend/packages/superset-ui-demo/"
+    schedule:
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7

  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-switchboard/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
-    cooldown:
-      default-days: 7
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -17,11 +17,6 @@
  - any-glob-to-any-file:
    - 'superset/migrations/**'

-"risk:ci-script":
- changed-files:
-  - any-glob-to-any-file:
-    - 'scripts/**'
-
 ############################################
 # Dependencies
 ############################################
@@ -77,11 +72,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/zh/**'

-"i18n:czech":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/cs/**'
-
 "i18n:traditional-chinese":
 - changed-files:
  - any-glob-to-any-file:
@@ -127,11 +117,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/sk/**'

-"i18n:latvian":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/lv/**'
-
 "i18n:ukrainian":
 - changed-files:
  - any-glob-to-any-file:
@@ -142,11 +127,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/es/**'

-"i18n:persian":
- changed-files:
-  - any-glob-to-any-file:
-    - 'superset/translations/fa/**'
-
 ############################################
 # Sub-projects and monorepo packages
 ############################################
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -59,15 +59,6 @@ build-assets() {
  say "::endgroup::"
 }

-build-embedded-sdk() {
-  cd "$GITHUB_WORKSPACE/superset-embedded-sdk"
-
-  say "::group::Build embedded SDK bundle for E2E tests"
-  npm ci
-  npm run build
-  say "::endgroup::"
-}
-
 build-instrumented-assets() {
  cd "$GITHUB_WORKSPACE/superset-frontend"

@@ -126,33 +117,6 @@ testdata() {
  say "::endgroup::"
 }

-playwright_testdata() {
-  cd "$GITHUB_WORKSPACE"
-  say "::group::Load all examples for Playwright tests"
-  # must specify PYTHONPATH to make `tests.superset_test_config` importable
-  export PYTHONPATH="$GITHUB_WORKSPACE"
-  pip install -e .
-  superset db upgrade
-  superset load_test_users
-  superset load_examples
-  superset init
-  # Enable DML on the examples database so Playwright tests can create/drop
-  # temporary tables via SQL Lab without depending on external data sources.
-  superset shell <<'PYEOF'
-import sys
-from superset.extensions import db
-from superset.models.core import Database
-examples_db = db.session.query(Database).filter_by(database_name='examples').first()
-if not examples_db:
-    sys.exit('ERROR: examples database not found. load_examples may have failed.')
-
-examples_db.allow_dml = True
-db.session.commit()
-print('Enabled allow_dml on examples database')
-PYEOF
-  say "::endgroup::"
-}
-
 celery-worker() {
  cd "$GITHUB_WORKSPACE"
  say "::group::Start Celery worker"
@@ -181,76 +145,17 @@ cypress-install() {

 cypress-run-all() {
  local USE_DASHBOARD=$1
-  local APP_ROOT=$2
  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"

-  # Start the Superset backend via gunicorn (not `flask run`). The Flask
-  # development server is single-threaded and has no crash-recovery, so
-  # heavy tests (dashboard import/export, SQL Lab) can knock it offline
-  # for the rest of the run — surfacing as `ECONNREFUSED` / `socket hang up`
-  # / `Missing CSRF token` cascades. Gunicorn gives us multiple workers,
-  # a request timeout, and worker-recycling under load.
-  local serverlog="${HOME}/superset-cypress.log"
+  # Start Flask and run it in background
+  # --no-debugger means disable the interactive debugger on the 500 page
+  # so errors can print to stderr.
+  local flasklog="${HOME}/flask.log"
  local port=8081
-  CYPRESS_BASE_URL="http://localhost:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    CYPRESS_BASE_URL=${CYPRESS_BASE_URL}${APP_ROOT}
-  fi
-  export CYPRESS_BASE_URL
+  export CYPRESS_BASE_URL="http://localhost:${port}"

-  # Mirrors the args in docker/entrypoints/run-server.sh (1 worker × 20
-  # gthread threads) to keep parity with production. Multi-worker
-  # configurations expose timing-sensitive races in the SQL Lab → Explore
-  # navigation flow under E2E. We diverge from the entrypoint on:
-  #   --timeout 120: heavy dashboard import/export specs exceed the 60s
-  #     default
-  #   --max-requests / --max-requests-jitter: recycle the worker under
-  #     test load to avoid leaks accumulating across the run
-  #   superset.app:create_app(): explicit factory so we don't depend on
-  #     FLASK_APP being exported
-  nohup gunicorn \
-    --bind "127.0.0.1:$port" \
-    --workers 1 \
-    --worker-class gthread \
-    --threads 20 \
-    --timeout 120 \
-    --max-requests 500 \
-    --max-requests-jitter 50 \
-    --access-logfile - \
-    --error-logfile - \
-    "superset.app:create_app()" \
-    >"$serverlog" 2>&1 </dev/null &
-  local serverPid=$!
-
-  # Ensure the backend is cleaned up and its log is emitted even when the
-  # test runner fails under `set -e`.
-  trap '
-    echo "::group::gunicorn log for Cypress run"
-    cat "'"$serverlog"'" || true
-    echo "::endgroup::"
-    kill '"$serverPid"' 2>/dev/null || true
-  ' EXIT
-
-  # Wait for the backend to be ready before launching Cypress; otherwise
-  # the first spec can race the server bind and see connection errors.
-  local timeout=60
-  say "Waiting for gunicorn server to start on port $port..."
-  while [ $timeout -gt 0 ]; do
-    if curl -f "http://localhost:${port}${APP_ROOT}/health" >/dev/null 2>&1; then
-      say "gunicorn server is ready"
-      break
-    fi
-    sleep 1
-    timeout=$((timeout - 1))
-  done
-  if [ $timeout -eq 0 ]; then
-    echo "::error::gunicorn server failed to start within 60 seconds"
-    echo "::group::Server startup log"
-    cat "$serverlog"
-    echo "::endgroup::"
-    return 1
-  fi
+  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
+  local flaskProcessId=$!

  USE_DASHBOARD_FLAG=''
  if [ "$USE_DASHBOARD" = "true" ]; then
@@ -262,113 +167,13 @@ cypress-run-all() {
  # memoryMonitorPid=$!
  python ../../scripts/cypress_run.py --parallelism $PARALLELISM --parallelism-id $PARALLEL_ID --group $PARALLEL_ID --retries 5 $USE_DASHBOARD_FLAG
  # kill $memoryMonitorPid
-}

-playwright-install() {
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Install Playwright browsers"
-  npx playwright install --with-deps chromium
-  # Create output directories for test results and debugging
-  mkdir -p playwright-results
-  mkdir -p test-results
-  say "::endgroup::"
-}
-
-playwright-run() {
-  local APP_ROOT=$1
-  local TEST_PATH=$2
-
-  # Start the Superset backend via gunicorn from the project root.
-  # See cypress-run-all() above for the rationale — the Flask dev server
-  # cannot survive the dashboard import/export tests under load.
-  cd "$GITHUB_WORKSPACE"
-  local serverlog="${HOME}/superset-playwright.log"
-  local port=8081
-  # Use 127.0.0.1 explicitly: `flask run` binds IPv4 only, and Node's DNS
-  # resolution for `localhost` can return `::1` first (IPv6), which then
-  # refuses against the IPv4 listener and surfaces as
-  # `connect ECONNREFUSED ::1:<port>` in API helpers driven from Node
-  # (e.g., the embedded test app's exposed token fetcher).
-  PLAYWRIGHT_BASE_URL="http://127.0.0.1:${port}"
-  if [ -n "$APP_ROOT" ]; then
-    export SUPERSET_APP_ROOT=$APP_ROOT
-    PLAYWRIGHT_BASE_URL=${PLAYWRIGHT_BASE_URL}${APP_ROOT}/
-  fi
-  export PLAYWRIGHT_BASE_URL
-
-  # See cypress-run-all() above for the args rationale (1 worker × 20
-  # gthread threads matching docker/entrypoints/run-server.sh, plus a
-  # 120s timeout and request-recycling for heavy E2E load).
-  nohup gunicorn \
-    --bind "127.0.0.1:$port" \
-    --workers 1 \
-    --worker-class gthread \
-    --threads 20 \
-    --timeout 120 \
-    --max-requests 500 \
-    --max-requests-jitter 50 \
-    --access-logfile - \
-    --error-logfile - \
-    "superset.app:create_app()" \
-    >"$serverlog" 2>&1 </dev/null &
-  local serverPid=$!
-
-  # Ensure cleanup on exit (and emit the server log on failure)
-  trap '
-    echo "::group::gunicorn log for Playwright run"
-    cat "'"$serverlog"'" || true
-    echo "::endgroup::"
-    kill '"$serverPid"' 2>/dev/null || true
-  ' EXIT
-
-  # Wait for server to be ready with health check
-  local timeout=60
-  say "Waiting for gunicorn server to start on port $port..."
-  while [ $timeout -gt 0 ]; do
-    if curl -f ${PLAYWRIGHT_BASE_URL}/health >/dev/null 2>&1; then
-      say "gunicorn server is ready"
-      break
-    fi
-    sleep 1
-    timeout=$((timeout - 1))
-  done
-
-  if [ $timeout -eq 0 ]; then
-    echo "::error::gunicorn server failed to start within 60 seconds"
-    echo "::group::Server startup log"
-    cat "$serverlog"
-    echo "::endgroup::"
-    return 1
-  fi
-
-  # Change to frontend directory for Playwright execution
-  cd "$GITHUB_WORKSPACE/superset-frontend"
-
-  say "::group::Run Playwright tests"
-  echo "Running Playwright with baseURL: ${PLAYWRIGHT_BASE_URL}"
-  if [ -n "$TEST_PATH" ]; then
-    # Check if there are any test files in the specified path
-    if ! find "playwright/tests/${TEST_PATH}" -name "*.spec.ts" -type f 2>/dev/null | grep -q .; then
-      echo "No test files found in ${TEST_PATH} - skipping test run"
-      say "::endgroup::"
-      return 0
-    fi
-    echo "Running tests: ${TEST_PATH}"
-    # Set INCLUDE_EXPERIMENTAL=true to allow experimental tests to run
-    export INCLUDE_EXPERIMENTAL=true
-    npx playwright test "${TEST_PATH}" --output=playwright-results
-    local status=$?
-    # Unset to prevent leaking into subsequent commands
-    unset INCLUDE_EXPERIMENTAL
-  else
-    echo "Running all required tests (experimental/ excluded via playwright.config.ts)"
-    npx playwright test --output=playwright-results
-    local status=$?
-  fi
-  say "::endgroup::"
-
-  return $status
+  # After job is done, print out Flask log for debugging
+  echo "::group::Flask log for default run"
+  cat "$flasklog"
+  echo "::endgroup::"
+  # make sure the program exits
+  kill $flaskProcessId
 }

 eyes-storybook-dependencies() {
@@ -391,3 +196,26 @@ monitor_memory() {
    sleep 2
  done
 }
+
+cypress-run-applitools() {
+  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"
+
+  local flasklog="${HOME}/flask.log"
+  local port=8081
+  local cypress="./node_modules/.bin/cypress run"
+  local browser=${CYPRESS_BROWSER:-chrome}
+
+  export CYPRESS_BASE_URL="http://localhost:${port}"
+
+  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
+  local flaskProcessId=$!
+
+  $cypress --spec "cypress/applitools/**/*" --browser "$browser" --headless
+
+  say "::group::Flask log for default run"
+  cat "$flasklog"
+  say "::endgroup::"
+
+  # make sure the program exits
+  kill $flaskProcessId
+}
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -14,16 +14,10 @@ on:
        required: true
        description: Max number of PRs to open (0 for no limit)
        default: 5
-      extra-flags:
-        required: false
-        default: --only-base
-        description: Additional flags to pass to the bump-python command
-  #schedule:
-  #  - cron: '0 0 * * *'  # Runs daily at midnight UTC

 jobs:
  bump-python-package:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: write
      contents: write
@@ -32,7 +26,7 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: true
          ref: master
@@ -41,41 +35,34 @@ jobs:
        uses: ./.github/actions/setup-supersetbot/

      - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@v5
        with:
          python-version: "3.10"

-      - name: Install uv
-        run: pip install uv
+      - name: Install pip-compile-multi
+        run: pip install pip-compile-multi

      - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          INPUT_PACKAGE: ${{ github.event.inputs.package }}
-          INPUT_GROUP: ${{ github.event.inputs.group }}
-          INPUT_EXTRA_FLAGS: ${{ github.event.inputs.extra-flags }}
-          INPUT_LIMIT: ${{ github.event.inputs.limit }}
        run: |
          git config --global user.email "action@github.com"
          git config --global user.name "GitHub Action"

          PACKAGE_OPT=""
-          if [ -n "${INPUT_PACKAGE}" ]; then
-            PACKAGE_OPT="-p ${INPUT_PACKAGE}"
+          if [ -n "${{ github.event.inputs.package }}" ]; then
+            PACKAGE_OPT="-p ${{ github.event.inputs.package }}"
          fi

          GROUP_OPT=""
-          if [ -n "${INPUT_GROUP}" ]; then
-            GROUP_OPT="-g ${INPUT_GROUP}"
+          if [ -n "${{ github.event.inputs.group }}" ]; then
+            GROUP_OPT="-g ${{ github.event.inputs.group }}"
          fi

-          EXTRA_FLAGS="${INPUT_EXTRA_FLAGS}"
-
          supersetbot bump-python \
            --verbose \
            --use-current-repo \
            --include-subpackages \
-            --limit ${INPUT_LIMIT} \
+            --limit ${{ github.event.inputs.limit }} \
            $PACKAGE_OPT \
-            $GROUP_OPT \
-            $EXTRA_FLAGS
+            $GROUP_OPT
--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -0,0 +1,43 @@
+name: Cancel Duplicates
+on:
+  workflow_run:
+    workflows:
+      - "Miscellaneous"
+    types:
+      - requested
+
+jobs:
+  cancel-duplicate-runs:
+    name: Cancel duplicate workflow runs
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: write
+      contents: read
+    steps:
+      - name: Check number of queued tasks
+        id: check_queued
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          GITHUB_REPO: ${{ github.repository }}
+        run: |
+          get_count() {
+            echo $(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+                    "https://api.github.com/repos/$GITHUB_REPO/actions/runs?status=$1" | \
+                    jq ".total_count")
+          }
+          count=$(( `get_count queued` + `get_count in_progress` ))
+          echo "Found $count unfinished jobs."
+          echo "count=$count" >> $GITHUB_OUTPUT
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        if: steps.check_queued.outputs.count >= 20
+        uses: actions/checkout@v4
+
+      - name: Cancel duplicate workflow runs
+        if: steps.check_queued.outputs.count >= 20
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          pip install click requests typing_extensions python-dateutil
+          python ./scripts/cancel_github_workflows.py
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -1,63 +0,0 @@
-name: Check python dependencies
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-permissions:
-  contents: read
-  pull-requests: read
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  check-python-deps:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          submodules: recursive
-          fetch-depth: 1
-
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Python
-        if: steps.check.outputs.python
-        uses: ./.github/actions/setup-backend/
-
-      - name: Run uv
-        if: steps.check.outputs.python
-        run: ./scripts/uv-pip-compile.sh
-
-      - name: Check for uncommitted changes
-        if: steps.check.outputs.python
-        run: |
-          echo "Full diff (for logging/debugging):"
-          git diff
-
-          echo "Filtered diff (excluding comments and whitespace):"
-          filtered_diff=$(git diff -U0 | grep '^[-+]' | grep -vE '^[-+]{3}' | grep -vE '^[-+][[:space:]]*#' | grep -vE '^[-+][[:space:]]*$' || true)
-          echo "$filtered_diff"
-
-          if [[ -n "$filtered_diff" ]]; then
-            echo
-            echo "ERROR: The pinned dependencies are not up-to-date."
-            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
-            echo "More info: https://github.com/apache/superset/tree/master/requirements"
-            exit 1
-          else
-            echo "Pinned dependencies are up-to-date."
-          fi
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -19,17 +19,15 @@ concurrency:
 jobs:
  check_db_migration_conflict:
    name: Check DB migration conflict
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
      - name: Check and notify
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{ github.token }}
          script: |
@@ -71,7 +69,7 @@ jobs:
                    `❗ @${pull.user.login} Your base branch \`${currentBranch}\` has ` +
                    'also updated `superset/migrations`.\n' +
                    '\n' +
-                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://superset.apache.org/docs/contributing/development#merging-db-migrations).**',
+                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#merging-db-migrations).**',
                });
              }
            }
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -1,88 +0,0 @@
-name: Claude PR Assistant
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-
-permissions:
-  contents: read
-
-jobs:
-  check-permissions:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
-    runs-on: ubuntu-latest
-    outputs:
-      allowed: ${{ steps.check.outputs.allowed }}
-    steps:
-      - name: Check if user is allowed
-        id: check
-        env:
-          COMMENTER: ${{ github.event.comment.user.login }}
-        run: |
-          # List of allowed users
-          ALLOWED_USERS="mistercrunch,rusackas"
-
-          echo "Checking permissions for user: $COMMENTER"
-
-          # Check if user is in allowed list
-          if [[ ",$ALLOWED_USERS," == *",$COMMENTER,"* ]]; then
-            echo "allowed=true" >> $GITHUB_OUTPUT
-            echo "✅ User $COMMENTER is allowed to use Claude"
-          else
-            echo "allowed=false" >> $GITHUB_OUTPUT
-            echo "❌ User $COMMENTER is not allowed to use Claude"
-          fi
-
-  deny-access:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'false'
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - name: Comment access denied
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          COMMENTER_LOGIN: ${{ github.event.comment.user.login || github.event.review.user.login || github.event.issue.user.login }}
-        with:
-          script: |
-            const commenter = process.env.COMMENTER_LOGIN;
-            const message = `👋 Hi @${commenter}!
-
-            Thanks for trying to use Claude Code, but currently only certain team members have access to this feature.
-
-            If you believe you should have access, please contact a project maintainer.`;
-
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-              body: message
-            });
-
-  claude-code-action:
-    needs: check-permissions
-    if: needs.check-permissions.outputs.allowed == 'true'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      id-token: write
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      with:
-        persist-credentials: false
-        fetch-depth: 1
-
-    - name: Run Claude PR Action
-      uses: anthropics/claude-code-action@5fb899572b81d2bb648d4d187173a2f423a9677c # beta
-      with:
-        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-        timeout_minutes: "60"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -17,7 +17,7 @@ concurrency:
 jobs:
  analyze:
    name: Analyze
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
@@ -31,9 +31,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4

      - name: Check for file changes
        id: check
@@ -43,7 +41,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,6 +53,6 @@ jobs:

      - name: Perform CodeQL Analysis
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -5,34 +5,19 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: "Dependency Review"
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
+on: [pull_request]

 permissions:
  contents: read

 jobs:
  dependency-review:
-    if: github.event_name == 'pull_request'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4
      - name: "Dependency Review"
-        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
-        continue-on-error: true
+        uses: actions/dependency-review-action@v4
        with:
          fail-on-severity: critical
          # compatible/incompatible licenses addressed here: https://www.apache.org/legal/resolved.html
@@ -41,31 +26,10 @@ jobs:
          # pkg:npm/store2@2.14.2
          #   adding an exception for an ambigious license on store2, which has been resolved in
          #   the latest version. It's MIT: https://github.com/nbubna/store/blob/master/LICENSE-MIT
+          # pkg:npm/applitools/*
+          #   adding exception for all applitools modules (eyes-cypress and its dependencies),
+          #   which has an explicit OSS license approved by ASF
+          #   license: https://applitools.com/legal/open-source-terms-of-use/
          # pkg:npm/node-forge@1.3.1
          #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
-          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1
-
-  python-dependency-liccheck:
-    # NOTE: Configuration for liccheck lives in our pyproject.yml.
-    # You cannot use a liccheck.ini file in this workflow.
-    runs-on: ubuntu-22.04
-    steps:
-      - name: "Checkout Repository"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        with:
-          requirements-type: base
-
-      - name: "Set up liccheck"
-        run: |
-          uv pip install --system liccheck
-      - name: "Run liccheck"
-        run: |
-          # run the checks
-          liccheck -R output.txt
-          # Print the report
-          cat output.txt
+          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -9,31 +9,26 @@ on:
    branches:
      - "master"

-permissions:
-  contents: read
-  pull-requests: read
-
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

 jobs:
-
  setup_matrix:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    outputs:
      matrix_config: ${{ steps.set_matrix.outputs.matrix_config }}
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT

  docker-build:
    name: docker-build
    needs: setup_matrix
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
        build_preset: ${{fromJson(needs.setup_matrix.outputs.matrix_config)}}
@@ -41,12 +36,11 @@ jobs:
    env:
      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-      IMAGE_TAG: apache/superset:GHA-${{ matrix.build_preset }}-${{ github.run_id }}

    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

@@ -56,13 +50,21 @@ jobs:
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Setup Docker Environment
+      - name: Set up QEMU
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Try to login to DockerHub
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        continue-on-error: true
+        uses: docker/login-action@v3
        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Setup supersetbot
        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
@@ -73,79 +75,16 @@ jobs:
        shell: bash
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          BUILD_PRESET: ${{ matrix.build_preset }}
        run: |
          # Single platform builds in pull_request context to speed things up
-          if [ "$GITHUB_EVENT_NAME" = "push" ]; then
+          if [ "${{ github.event_name }}" = "push" ]; then
            PLATFORM_ARG="--platform linux/arm64 --platform linux/amd64"
-            # can only --load images in single-platform builds
-            PUSH_OR_LOAD="--push"
-          elif [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
+          elif [ "${{ github.event_name }}" = "pull_request" ]; then
            PLATFORM_ARG="--platform linux/amd64"
-            PUSH_OR_LOAD="--load"
          fi

          supersetbot docker \
-            $PUSH_OR_LOAD \
-            --preset "$BUILD_PRESET" \
+            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
-            --extra-flags "--build-arg INCLUDE_CHROMIUM=false --tag $IMAGE_TAG" \
            $PLATFORM_ARG
-
-      # in the context of push (using multi-platform build), we need to pull the image locally
-      - name: Docker pull
-        if: github.event_name == 'push' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker)
-        run: |
-          for i in 1 2 3; do
-            docker pull $IMAGE_TAG && break
-            [ $i -lt 3 ] && sleep 30
-          done
-
-      - name: Print docker stats
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        run: |
-          echo "SHA: ${{ github.sha }}"
-          echo "IMAGE: $IMAGE_TAG"
-          docker images $IMAGE_TAG
-          docker history $IMAGE_TAG
-
-      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'dev'
-        shell: bash
-        env:
-          BUILD_PRESET: ${{ matrix.build_preset }}
-        run: |
-          export SUPERSET_BUILD_TARGET=$BUILD_PRESET
-          # This should reuse the CACHED image built in the previous steps
-          docker compose build superset-init --build-arg DEV_MODE=false --build-arg INCLUDE_CHROMIUM=false
-          docker compose up superset-init --exit-code-from superset-init
-
-  docker-compose-image-tag:
-    # Run this job only on pushes to master (not for PRs)
-    # goal is to check that building the latest image works, not required for all PR pushes
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Docker Environment
-        if: steps.check.outputs.docker
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "false"
-          install-docker-compose: "true"
-      - name: docker-compose sanity check
-        if: steps.check.outputs.docker
-        shell: bash
-        run: |
-          docker compose -f docker-compose-image-tag.yml up superset-init --exit-code-from superset-init
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -6,12 +6,9 @@ on:
      - "master"
      - "[0-9].[0-9]*"

-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -19,26 +16,22 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${NPM_TOKEN}" ]; then
+          if [ -n "${{ (secrets.NPM_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '') || '' }}
  build:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
        with:
-          persist-credentials: false
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm run ci:release
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -6,9 +6,6 @@ on:
      - "superset-embedded-sdk/**"
    types: [synchronize, opened, reopened, ready_for_review]

-permissions:
-  contents: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -16,17 +13,15 @@ concurrency:

 jobs:
  embedded-sdk-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
        with:
-          persist-credentials: false
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: './superset-embedded-sdk/.nvmrc'
+          node-version: "20"
          registry-url: 'https://registry.npmjs.org'
      - run: npm ci
      - run: npm test
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -0,0 +1,75 @@
+name: Cleanup ephemeral envs (PR close)
+
+on:
+  pull_request_target:
+    types: [closed]
+
+jobs:
+  config:
+    runs-on: "ubuntu-22.04"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  ephemeral-env-cleanup:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    name: Cleanup ephemeral envs
+    runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Describe ECS service
+        id: describe-services
+        run: |
+          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
+
+      - name: Delete ECS service
+        if: steps.describe-services.outputs.active == 'true'
+        id: delete-service
+        run: |
+          aws ecs delete-service \
+          --cluster superset-ci \
+          --service pr-${{ github.event.number }}-service \
+          --force
+
+      - name: Login to Amazon ECR
+        if: steps.describe-services.outputs.active == 'true'
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Delete ECR image tag
+        if: steps.describe-services.outputs.active == 'true'
+        id: delete-image-tag
+        run: |
+          aws ecr batch-delete-image \
+          --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
+          --repository-name superset-ci \
+          --image-ids imageTag=pr-${{ github.event.number }}
+
+      - name: Comment (success)
+        if: steps.describe-services.outputs.active == 'true'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{github.token}}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: ${{ github.event.number }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Ephemeral environment shutdown and build artifacts deleted.'
+            })
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -0,0 +1,283 @@
+name: Ephemeral env workflow
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  config:
+    runs-on: "ubuntu-22.04"
+    if: github.event.issue.pull_request
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  ephemeral-env-comment:
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-comment
+      cancel-in-progress: true
+    needs: config
+    if: needs.config.outputs.has-secrets
+    name: Evaluate ephemeral env comment trigger (/testenv)
+    runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: write
+    outputs:
+      slash-command: ${{ steps.eval-body.outputs.result }}
+      feature-flags: ${{ steps.eval-feature-flags.outputs.result }}
+
+    steps:
+    - name: Debug
+      run: |
+        echo "Comment on PR #${{ github.event.issue.number }} by ${{ github.event.issue.user.login }}, ${{ github.event.comment.author_association }}"
+
+    - name: Eval comment body for /testenv slash command
+      uses: actions/github-script@v7
+      id: eval-body
+      with:
+        result-encoding: string
+        script: |
+          const pattern = /^\/testenv (up|down)/
+          const result = pattern.exec(context.payload.comment.body)
+          return result === null ? 'noop' : result[1]
+
+    - name: Eval comment body for feature flags
+      uses: actions/github-script@v7
+      id: eval-feature-flags
+      with:
+        script: |
+          const pattern = /FEATURE_(\w+)=(\w+)/g;
+          let results = [];
+          [...context.payload.comment.body.matchAll(pattern)].forEach(match => {
+            const config = {
+              name: `SUPERSET_FEATURE_${match[1]}`,
+              value: match[2],
+            };
+            results.push(config);
+          });
+          return results;
+
+    - name: Limit to committers
+      if: >
+        steps.eval-body.outputs.result != 'noop' &&
+        github.event.comment.author_association != 'MEMBER' &&
+        github.event.comment.author_association != 'OWNER'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Ephemeral environment creation is currently limited to committers.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)
+
+  ephemeral-docker-build:
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}-build
+      cancel-in-progress: true
+    needs: ephemeral-env-comment
+    name: ephemeral-docker-build
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Get Info from comment
+        uses: actions/github-script@v7
+        id: get-pr-info
+        with:
+          script: |
+            const request = {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: ${{ github.event.issue.number }},
+            }
+            core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`)
+            const pr = await github.rest.pulls.get(request);
+            return pr.data;
+
+      - name: Debug
+        id: get-sha
+        run: |
+          echo "sha=${{ fromJSON(steps.get-pr-info.outputs.result).head.sha }}" >> $GITHUB_OUTPUT
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : ${{steps.get-sha.outputs.sha}} )"
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.get-sha.outputs.sha }}
+          persist-credentials: false
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build ephemeral env image
+        run: |
+          ./scripts/build_docker.py \
+            "ci" \
+            "pull_request" \
+            --build_context_ref ${{ github.event.issue.number }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Load, tag and push image to ECR
+        id: push-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: superset-ci
+          IMAGE_TAG: apache/superset:${{ steps.get-sha.outputs.sha }}-ci
+        run: |
+          docker tag $IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:pr-${{ github.event.issue.number }}-ci
+          docker push -a $ECR_REGISTRY/$ECR_REPOSITORY
+
+  ephemeral-env-up:
+    needs: [ephemeral-env-comment, ephemeral-docker-build]
+    if: needs.ephemeral-env-comment.outputs.slash-command == 'up'
+    name: Spin up an ephemeral environment
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-west-2
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Check target image exists in ECR
+      id: check-image
+      continue-on-error: true
+      run: |
+        aws ecr describe-images \
+        --registry-id $(echo "${{ steps.login-ecr.outputs.registry }}" | grep -Eo "^[0-9]+") \
+        --repository-name superset-ci \
+        --image-ids imageTag=pr-${{ github.event.issue.number }}-ci
+
+    - name: Fail on missing container image
+      if: steps.check-image.outcome == 'failure'
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.'
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: errMsg
+          })
+          core.setFailed(errMsg)
+
+    - name: Fill in the new image ID in the Amazon ECS task definition
+      id: task-def
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: .github/workflows/ecs-task-definition.json
+        container-name: superset-ci
+        image: ${{ steps.login-ecr.outputs.registry }}/superset-ci:pr-${{ github.event.issue.number }}-ci
+
+    - name: Update env vars in the Amazon ECS task definition
+      run: |
+        cat <<< "$(jq '.containerDefinitions[0].environment += ${{ needs.ephemeral-env-comment.outputs.feature-flags }}' < ${{ steps.task-def.outputs.task-definition }})" > ${{ steps.task-def.outputs.task-definition }}
+
+    - name: Describe ECS service
+      id: describe-services
+      run: |
+        echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.issue.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
+    - name: Create ECS service
+      if: steps.describe-services.outputs.active != 'true'
+      id: create-service
+      env:
+        ECR_SUBNETS: subnet-0e15a5034b4121710,subnet-0e8efef4a72224974
+        ECR_SECURITY_GROUP: sg-092ff3a6ae0574d91
+      run: |
+        aws ecs create-service \
+        --cluster superset-ci \
+        --service-name pr-${{ github.event.issue.number }}-service \
+        --task-definition superset-ci \
+        --launch-type FARGATE \
+        --desired-count 1 \
+        --platform-version LATEST \
+        --network-configuration "awsvpcConfiguration={subnets=[$ECR_SUBNETS],securityGroups=[$ECR_SECURITY_GROUP],assignPublicIp=ENABLED}" \
+        --tags key=pr,value=${{ github.event.issue.number }} key=github_user,value=${{ github.actor }}
+
+    - name: Deploy Amazon ECS task definition
+      id: deploy-task
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        task-definition: ${{ steps.task-def.outputs.task-definition }}
+        service: pr-${{ github.event.issue.number }}-service
+        cluster: superset-ci
+        wait-for-service-stability: true
+        wait-for-minutes: 10
+
+    - name: List tasks
+      id: list-tasks
+      run: |
+        echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.issue.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
+
+    - name: Get network interface
+      id: get-eni
+      run: |
+        echo "eni=$(aws ecs describe-tasks --cluster superset-ci --tasks ${{ steps.list-tasks.outputs.task }} | jq '.tasks | .[0] | .attachments | .[0] | .details | map(select(.name=="networkInterfaceId")) | .[0] | .value')" >> $GITHUB_OUTPUT
+
+    - name: Get public IP
+      id: get-ip
+      run: |
+        echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
+
+    - name: Comment (success)
+      if: ${{ success() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment spinning up at http://${{ steps.get-ip.outputs.ip }}:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.'
+          })
+
+    - name: Comment (failure)
+      if: ${{ failure() }}
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{github.token}}
+        script: |
+          github.rest.issues.createComment({
+            issue_number: ${{ github.event.issue.number }},
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: '@${{ github.event.comment.user.login }} Ephemeral environment creation failed. Please check the Actions logs for details.'
+          })
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -6,12 +6,9 @@ on:
      - "master"
      - "[0-9].[0-9]*"

-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -19,25 +16,23 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${FOSSA_API_KEY}" ]; then
+          if [ -n "${{ (secrets.FOSSA_API_KEY != '' ) || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          FOSSA_API_KEY: ${{ (secrets.FOSSA_API_KEY != '' ) || '' }}
  license_check:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Generate Report
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: "11"
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -6,29 +6,18 @@ on:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
-    branches:
-      - "**"
-
-permissions:
-  contents: read
+    types: [synchronize, opened, reopened, ready_for_review]

 jobs:

  validate-all-ghas:
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      # Required for the zizmor action to upload its SARIF results to
-      # GitHub code scanning (advanced-security is enabled by default).
-      security-events: write
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4

      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        uses: actions/setup-node@v4
        with:
          node-version: '20'

@@ -37,6 +26,3 @@ jobs:

      - name: Run Script
        run: bash .github/workflows/github-action-validator.sh
-
-      - name: Check for security issues on GHA workflows
-        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -9,7 +9,7 @@ on:

 jobs:
  superbot-orglabel:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
@@ -17,7 +17,7 @@ jobs:
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,9 +7,9 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
-    - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
+    - uses: actions/labeler@v5
      with:
        sync-labels: true

--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -6,23 +6,21 @@ on:
 jobs:
  latest-release:
    name: Add/update tag to new release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write

    steps:
    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@v4
      with:
        persist-credentials: false
        submodules: recursive

    - name: Check for latest tag
      id: latest-tag
-      env:
-        RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
      run: |
-        source ./scripts/tag_latest_release.sh "$RELEASE_TAG_NAME" --dry-run
+        source ./scripts/tag_latest_release.sh $(echo ${{ github.event.release.tag_name }}) --dry-run

    - name: Configure Git
      run: |
@@ -31,7 +29,7 @@ jobs:

    - name: Run latest-tag
      uses: ./.github/actions/latest-tag
-      if: steps.latest-tag.outputs.SKIP_TAG != 'true'
+      if: (! ${{ steps.latest-tag.outputs.SKIP_TAG }} )
      with:
        description: Superset latest release
        tag-name: latest
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -4,9 +4,6 @@ on:
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]

-permissions:
-  contents: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -15,15 +12,15 @@ concurrency:
 jobs:
  license_check:
    name: License Check
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '11'
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -4,23 +4,17 @@ on:
  pull_request:
    types: [labeled, unlabeled, opened, reopened, synchronize]

-permissions:
-  pull-requests: read
-
-# Let each label event run to completion. Cancelling in-progress runs leaves
-# CANCELLED entries in the PR's check-suite rollup, which poisons GitHub's
-# `status:success` search filter even though all real CI passed. The job is
-# a tiny no-op github-script call, so the wasted compute is negligible.
+# cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: false
+  cancel-in-progress: true

 jobs:
  check-hold-label:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
    - name: Check for 'hold' label
-      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      uses: actions/github-script@v7
      with:
        github-token: ${{secrets.GITHUB_TOKEN}}
        script: |
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -10,13 +10,13 @@ on:

 jobs:
  lint-check:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -8,9 +8,6 @@ on:
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]

-permissions:
-  contents: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -18,13 +15,13 @@ concurrency:

 jobs:
  pre-commit:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "next", "previous"]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -41,57 +38,12 @@ jobs:
          echo "HOMEBREW_CELLAR=$HOMEBREW_CELLAR" >>"${GITHUB_ENV}"
          echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
          brew install norwoodj/tap/helm-docs
-      - name: Setup Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version: '20'
-
-      - name: Install Frontend Dependencies
-        run: |
-          cd superset-frontend
-          npm ci
-
-      - name: Install Docs Dependencies
-        run: |
-          cd docs
-          yarn install --immutable
-
-      - name: Cache pre-commit environments
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
-        with:
-          path: ~/.cache/pre-commit
-          key: pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}
-          restore-keys: |
-            pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-
-
-      - name: Get changed files
-        id: changed_files
-        uses: ./.github/actions/file-changes-action
-        with:
-          output: ' '
-
      - name: pre-commit
-        env:
-          CHANGED_FILES: ${{ steps.changed_files.outputs.files }}
        run: |
          set +e  # Don't exit immediately on failure
-          export SKIP=type-checking-frontend
-          pre-commit run --files $CHANGED_FILES
-          PRE_COMMIT_EXIT_CODE=$?
-          git diff --quiet --exit-code
-          GIT_DIFF_EXIT_CODE=$?
-          if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ] || [ "${GIT_DIFF_EXIT_CODE}" -ne 0 ]; then
-            if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ]; then
-              echo "❌ Pre-commit check failed (exit code: ${PRE_COMMIT_EXIT_CODE})."
-              echo "🔍 Modified files:"
-              git diff --name-only
-            else
-              echo "❌ Git working directory is dirty."
-              echo "📌 This likely means that pre-commit made changes that were not committed."
-              echo "🔍 Modified files:"
-              git diff --name-only
-            fi
-
+          pre-commit run --all-files
+          if [ $? -ne 0 ] || ! git diff --quiet --exit-code; then
+            echo "❌ Pre-commit check failed."
            echo "🚒 To prevent/address this CI issue, please install/use pre-commit locally."
            echo "📖 More details here: https://superset.apache.org/docs/contributing/development#git-hooks"
            exit 1
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -0,0 +1,70 @@
+name: Prefer TypeScript
+
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+    paths:
+      - "superset-frontend/src/**"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+    paths:
+      - "superset-frontend/src/**"
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  prefer_typescript:
+    if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
+    name: Prefer TypeScript
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+      - name: Get changed files
+        id: changed
+        uses: ./.github/actions/file-changes-action
+        with:
+          githubToken: ${{ github.token }}
+
+      - name: Determine if a .js or .jsx file was added
+        id: check
+        run: |
+          js_files_added() {
+            jq -r '
+              map(
+                select(
+                  endswith(".js") or endswith(".jsx")
+                )
+              ) | join("\n")
+            ' ${HOME}/files_added.json
+          }
+          echo "js_files_added=$(js_files_added)" >> $GITHUB_OUTPUT
+
+      - if: steps.check.outputs.js_files_added
+        name: Add Comment to PR
+        uses: ./.github/actions/comment-on-pr
+        continue-on-error: true
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          msg: |
+            ### WARNING: Prefer TypeScript
+
+            Looks like your PR contains new `.js` or `.jsx` files:
+
+            ```
+            ${{steps.check.outputs.js_files_added}}
+            ```
+
+            As decided in [SIP-36](https://github.com/apache/superset/issues/9101), all new frontend code should be written in TypeScript. Please convert above files to TypeScript then re-request review.
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,12 +6,9 @@ on:
      - "master"
      - "[0-9].[0-9]*"

-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -19,23 +16,24 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${NPM_TOKEN}" ]; then
+          if [ -n "${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}
  build:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
+
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        node-version: [20]
+
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          # pulls all commits (needed for lerna / semantic release to correctly version)
          fetch-depth: 0
      - name: Get tags and filter trigger tags
@@ -48,15 +46,15 @@ jobs:
          git fetch --prune --unshallow
          git tag -d `git tag | grep -E '^trigger-'`

-      - name: Install Node.js
+      - name: Use Node.js ${{ matrix.node-version }}
        if: env.HAS_TAGS
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: ${{ matrix.node-version }}

      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
+        uses: actions/cache@v4
        with:
          path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -70,7 +68,7 @@ jobs:
        run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
+        uses: actions/cache@v4
        id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
--- a/.github/workflows/showtime-cleanup.yml
+++ b/.github/workflows/showtime-cleanup.yml
@@ -1,36 +0,0 @@
-name: 🎪 Showtime Cleanup
-
-# Scheduled cleanup of expired environments
-on:
-  schedule:
-    - cron: '0 */6 * * *'  # Every 6 hours
-
-  # Manual trigger for testing
-  workflow_dispatch:
-
-# Common environment variables
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_REGION: ${{ vars.AWS_REGION || 'us-west-2' }}
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-
-jobs:
-  cleanup-expired:
-    name: Clean up expired showtime environments
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Install Superset Showtime
-        run: pip install superset-showtime
-
-      - name: Cleanup expired environments
-        run: |
-          echo "Cleaning up environments respecting TTL labels"
-          python -m showtime cleanup --respect-ttl
--- a/.github/workflows/showtime-trigger.yml
+++ b/.github/workflows/showtime-trigger.yml
@@ -1,186 +0,0 @@
-name: 🎪 Superset Showtime
-
-# Ultra-simple: just sync on any PR state change
-on:
-  # zizmor: ignore[dangerous-triggers] - required to react to PR label changes; this workflow does not check out or execute PR-provided code
-  pull_request_target:
-    types: [labeled, unlabeled, synchronize, closed]
-
-  # Manual testing
-  workflow_dispatch:
-    inputs:
-      pr_number:
-        description: 'PR number to sync'
-        required: true
-        type: number
-      sha:
-        description: 'Specific SHA to deploy (optional, defaults to latest)'
-        required: false
-        type: string
-
-# Common environment variables for all jobs (non-sensitive only)
-env:
-  AWS_REGION: us-west-2
-  GITHUB_ORG: ${{ github.repository_owner }}
-  GITHUB_REPO: ${{ github.event.repository.name }}
-  GITHUB_ACTOR: ${{ github.actor }}
-
-jobs:
-  sync:
-    name: 🎪 Sync PR to desired state
-    runs-on: ubuntu-latest
-    timeout-minutes: 90
-
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Security Check - Authorize Maintainers Only
-        id: auth
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          script: |
-            const actor = context.actor;
-            console.log(`🔍 Checking authorization for ${actor}`);
-
-            // Early exit for workflow_dispatch - assume authorized since it's manually triggered
-            if (context.eventName === 'workflow_dispatch') {
-              console.log(`✅ Workflow dispatch event - assuming authorized for ${actor}`);
-              core.setOutput('authorized', 'true');
-              return;
-            }
-
-            const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              username: actor
-            });
-
-            console.log(`📊 Permission level for ${actor}: ${permission.permission}`);
-            const authorized = ['write', 'admin'].includes(permission.permission);
-
-            // If this is a synchronize event from unauthorized user, check if Showtime is active and set blocked label
-            if (!authorized && context.eventName === 'pull_request_target' && context.payload.action === 'synchronize') {
-              console.log(`🔒 Synchronize event detected - checking if Showtime is active`);
-
-              // Check if PR has any circus tent labels (Showtime is in use)
-              const { data: issue } = await github.rest.issues.get({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number
-              });
-
-              const hasCircusLabels = issue.labels.some(label => label.name.startsWith('🎪 '));
-
-              if (hasCircusLabels) {
-                console.log(`🎪 Circus labels found - setting blocked label to prevent auto-deployment`);
-
-                await github.rest.issues.addLabels({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: context.payload.pull_request.number,
-                  labels: ['🎪 🔒 showtime-blocked']
-                });
-
-                console.log(`✅ Blocked label set - Showtime will detect and skip operations`);
-              } else {
-                console.log(`ℹ️ No circus labels found - Showtime not in use, skipping block`);
-              }
-            }
-
-            if (!authorized) {
-              console.log(`🚨 Unauthorized user ${actor} - skipping all operations`);
-              core.setOutput('authorized', 'false');
-              return;
-            }
-
-            console.log(`✅ Authorized maintainer: ${actor}`);
-            core.setOutput('authorized', 'true');
-
-      - name: Install Superset Showtime
-        if: steps.auth.outputs.authorized == 'true'
-        run: |
-          echo "::notice::Maintainer $GITHUB_ACTOR triggered deploy for PR ${PULL_REQUEST_NUMBER}"
-          pip install --upgrade superset-showtime
-          showtime version
-
-        env:
-          PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number || github.event.inputs.pr_number }}
-      - name: Check what actions are needed
-        if: steps.auth.outputs.authorized == 'true'
-        id: check
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          INPUT_PR_NUMBER: ${{ github.event.inputs.pr_number }}
-          INPUT_SHA: ${{ github.event.inputs.sha }}
-        run: |
-          # Bulletproof PR number extraction
-          if [[ -n "${{ github.event.pull_request.number }}" ]]; then
-            PR_NUM="${{ github.event.pull_request.number }}"
-          elif [[ -n "${INPUT_PR_NUMBER}" ]]; then
-            PR_NUM="${INPUT_PR_NUMBER}"
-          else
-            echo "❌ No PR number found in event or inputs"
-            exit 1
-          fi
-
-          echo "Using PR number: $PR_NUM"
-
-          # Run sync check-only with optional SHA override
-          if [[ -n "${INPUT_SHA}" ]]; then
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${INPUT_SHA}")
-          else
-            OUTPUT=$(python -m showtime sync $PR_NUM --check-only)
-          fi
-          echo "$OUTPUT"
-
-          # Extract the outputs we need for conditional steps
-          BUILD=$(echo "$OUTPUT" | grep "build_needed=" | cut -d'=' -f2)
-          SYNC=$(echo "$OUTPUT" | grep "sync_needed=" | cut -d'=' -f2)
-          PR_NUM_OUT=$(echo "$OUTPUT" | grep "pr_number=" | cut -d'=' -f2)
-          TARGET_SHA=$(echo "$OUTPUT" | grep "target_sha=" | cut -d'=' -f2)
-
-          echo "build_needed=$BUILD" >> $GITHUB_OUTPUT
-          echo "sync_needed=$SYNC" >> $GITHUB_OUTPUT
-          echo "pr_number=$PR_NUM_OUT" >> $GITHUB_OUTPUT
-          echo "target_sha=$TARGET_SHA" >> $GITHUB_OUTPUT
-
-      - name: Checkout PR code (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          ref: ${{ steps.check.outputs.target_sha }}
-          persist-credentials: false
-
-      - name: Setup Docker Environment (only if build needed)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          build: "true"
-          install-docker-compose: "false"
-
-      - name: Execute sync (handles everything)
-        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.sync_needed == 'true'
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-          CHECK_PR_NUMBER: ${{ steps.check.outputs.pr_number }}
-          CHECK_TARGET_SHA: ${{ steps.check.outputs.target_sha }}
-        run: |
-          PR_NUM="$CHECK_PR_NUMBER"
-          TARGET_SHA="$CHECK_TARGET_SHA"
-          if [[ -n "$TARGET_SHA" ]]; then
-            python -m showtime sync $PR_NUM --sha "$TARGET_SHA"
-          else
-            python -m showtime sync $PR_NUM
-          fi
--- a/.github/workflows/superset-app-cli.yml
+++ b/.github/workflows/superset-app-cli.yml
@@ -1,71 +0,0 @@
-name: Superset App CLI tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-permissions:
-  contents: read
-  pull-requests: read
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  test-load-examples:
-    runs-on: ubuntu-24.04
-    env:
-      PYTHONPATH: ${{ github.workspace }}
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      REDIS_PORT: 16379
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-    services:
-      postgres:
-        image: postgres:17-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          # Use custom ports for services to avoid accidentally connecting to
-          # GitHub action runner's default installations
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          submodules: recursive
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        if: steps.check.outputs.python
-        uses: ./.github/actions/setup-backend/
-      - name: Setup Postgres
-        if: steps.check.outputs.python
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: superset init
-        if: steps.check.outputs.python
-        run: |
-          pip install -e .
-          superset db upgrade
-          superset load_test_users
-      - name: superset load_examples
-        if: steps.check.outputs.python
-        run: |
-          # load examples without test data
-          superset load_examples --load-big-data
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -0,0 +1,92 @@
+name: Applitools Cypress
+
+on:
+  schedule:
+    - cron: "0 1 * * *"
+
+jobs:
+  config:
+    runs-on: "ubuntu-22.04"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  cypress-applitools:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        browser: ["chrome"]
+        node: [20]
+    env:
+      SUPERSET_ENV: development
+      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
+      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
+      PYTHONPATH: ${{ github.workspace }}
+      REDIS_PORT: 16379
+      GITHUB_TOKEN: ${{ github.token }}
+      APPLITOOLS_APP_NAME: Superset
+      APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }}
+      APPLITOOLS_BATCH_ID: ${{ github.sha }}
+      APPLITOOLS_BATCH_NAME: Superset Cypress
+    services:
+      postgres:
+        image: postgres:15-alpine
+        env:
+          POSTGRES_USER: superset
+          POSTGRES_PASSWORD: superset
+        ports:
+          - 15432:5432
+      redis:
+        image: redis:7-alpine
+        ports:
+          - 16379:6379
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+          ref: master
+      - name: Setup Python
+        uses: ./.github/actions/setup-backend/
+      - name: Import test data
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: testdata
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install npm dependencies
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: npm-install
+      - name: Build javascript packages
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: build-instrumented-assets
+      - name: Setup Postgres
+        if: steps.check.outcome == 'failure'
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: setup-postgres
+      - name: Install cypress
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: cypress-install
+      - name: Run Cypress
+        uses: ./.github/actions/cached-dependencies
+        env:
+          CYPRESS_BROWSER: ${{ matrix.browser }}
+        with:
+          run: cypress-run-applitools
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -0,0 +1,55 @@
+name: Applitools Storybook
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+env:
+  APPLITOOLS_APP_NAME: Superset
+  APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }}
+  APPLITOOLS_BATCH_ID: ${{ github.sha }}
+  APPLITOOLS_BATCH_NAME: Superset Storybook
+
+jobs:
+  config:
+    runs-on: "ubuntu-22.04"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  cron:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        node: [20]
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+          ref: master
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+      - name: Install eyes-storybook dependencies
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: eyes-storybook-dependencies
+      - name: Install NPM dependencies
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: npm-install
+      - name: Run Applitools Eyes-Storybook
+        working-directory: ./superset-frontend
+        run: npx eyes-storybook -u https://superset-storybook.netlify.app/
--- a/.github/workflows/superset-cli.yml
+++ b/.github/workflows/superset-cli.yml
@@ -0,0 +1,67 @@
+name: Superset CLI tests
+
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  test-load-examples:
+    runs-on: ubuntu-22.04
+    env:
+      PYTHONPATH: ${{ github.workspace }}
+      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
+      REDIS_PORT: 16379
+      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
+    services:
+      postgres:
+        image: postgres:15-alpine
+        env:
+          POSTGRES_USER: superset
+          POSTGRES_PASSWORD: superset
+        ports:
+          # Use custom ports for services to avoid accidentally connecting to
+          # GitHub action runner's default installations
+          - 15432:5432
+      redis:
+        image: redis:7-alpine
+        ports:
+          - 16379:6379
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+      - name: Check for file changes
+        id: check
+        uses: ./.github/actions/change-detector/
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Python
+        if: steps.check.outputs.python
+        uses: ./.github/actions/setup-backend/
+      - name: Setup Postgres
+        if: steps.check.outputs.python
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: setup-postgres
+      - name: superset init
+        if: steps.check.outputs.python
+        run: |
+          pip install -e .
+          superset db upgrade
+          superset load_test_users
+      - name: superset load_examples
+        if: steps.check.outputs.python
+        run: |
+          # load examples without test data
+          superset load_examples --load-big-data
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -1,14 +1,6 @@
 name: Docs Deployment

 on:
-  # Deploy after integration tests complete on master
-  # zizmor: ignore[dangerous-triggers] - runs in base-branch context after a trusted upstream workflow; scoped to master
-  workflow_run:
-    workflows: ["Python-Integration"]
-    types: [completed]
-    branches: [master]
-
-  # Also allow manual trigger and direct pushes to docs
  push:
    paths:
      - "docs/**"
@@ -18,22 +10,9 @@ on:

  workflow_dispatch: {}

-# Serialize deploys: the action pushes to apache/superset-site without
-# rebasing, so concurrent runs race on the final push and the loser fails
-# with `! [rejected] asf-site -> asf-site (fetch first)`. Cancel any
-# in-progress run as soon as a newer one starts — the destination repo
-# isn't touched until the final push step, so canceling mid-build is safe,
-# and the freshest content always wins.
-concurrency:
-  group: docs-deploy-asf-site
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -41,37 +20,28 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${SUPERSET_SITE_BUILD}" ]; then
+          if [ -n "${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          SUPERSET_SITE_BUILD: ${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}
  build-deploy:
    needs: config
-    # For workflow_run triggers, only deploy when the triggering run originated
-    # from this repository (not a fork), ensuring the checked-out code and any
-    # local actions executed with deploy credentials are trusted.
-    if: >-
-      needs.config.outputs.has-secrets &&
-      (github.event_name != 'workflow_run' ||
-       github.event.workflow_run.head_repository.full_name == github.repository)
+    if: needs.config.outputs.has-secrets
    name: Build & Deploy
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    steps:
-      - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
        with:
-          ref: ${{ github.event.workflow_run.head_sha || github.sha }}
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+      - name: Set up Node.js 20
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+      - uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '21'
@@ -88,35 +58,6 @@ jobs:
        working-directory: docs
        run: |
          yarn install --check-cache
-      - name: Download database diagnostics (if triggered by integration tests)
-        if: github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
-        continue-on-error: true
-        with:
-          workflow: superset-python-integrationtest.yml
-          run_id: ${{ github.event.workflow_run.id }}
-          name: database-diagnostics
-          path: docs/src/data/
-      - name: Try to download latest diagnostics (for push/dispatch triggers)
-        if: github.event_name != 'workflow_run'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
-        continue-on-error: true
-        with:
-          workflow: superset-python-integrationtest.yml
-          name: database-diagnostics
-          path: docs/src/data/
-          branch: master
-          search_artifacts: true
-          if_no_artifact_found: warn
-      - name: Use diagnostics artifact if available
-        working-directory: docs
-        run: |
-          if [ -f "src/data/databases-diagnostics.json" ]; then
-            echo "Using fresh diagnostics from integration tests"
-            mv src/data/databases-diagnostics.json src/data/databases.json
-          else
-            echo "Using committed databases.json (no artifact found)"
-          fi
      - name: yarn build
        working-directory: docs
        run: |
@@ -130,5 +71,5 @@ jobs:
          destination-github-username: "apache"
          destination-repository-name: "superset-site"
          target-branch: "asf-site"
-          commit-message: "deploying docs: ${{ github.event.head_commit.message || 'triggered by integration tests' }} (apache/superset@${{ github.event.workflow_run.head_sha || github.sha }})"
+          commit-message: "deploying docs: ${{ github.event.head_commit.message }} (apache/superset@${{ github.sha }})"
          user-email: dev@superset.apache.org
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -4,44 +4,31 @@ on:
  pull_request:
    paths:
      - "docs/**"
-      - "superset/db_engine_specs/**"
      - ".github/workflows/superset-docs-verify.yml"
    types: [synchronize, opened, reopened, ready_for_review]
-  # zizmor: ignore[dangerous-triggers] - runs in base-branch context and only consumes artifacts from the trusted upstream workflow
-  workflow_run:
-    workflows: ["Python-Integration"]
-    types: [completed]

 # cancel previous workflow jobs for PRs
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_sha || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  linkinator:
    # See docs here: https://github.com/marketplace/actions/linkinator
-    # Only run on pull_request, not workflow_run
-    if: github.event_name == 'pull_request'
    name: Link Checking
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
+      - uses: actions/checkout@v4
      # Do not bump this linkinator-action version without opening
-      # an ASF Infra ticket to allow the new version first!
-      - uses: JustinBeckwith/linkinator-action@af984b9f30f63e796ae2ea5be5e07cb587f1bbd9  # v2.3
+      # an ASF Infra ticket to allow the new verison first!
+      - uses: JustinBeckwith/linkinator-action@v1.11.0
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
          paths: "**/*.md, **/*.mdx"
          linksToSkip: >-
-            ^https://github.com/apache/(superset|incubator-superset)/(pull|issues)/\d+,
-            ^https://github.com/apache/(superset|incubator-superset)/commit/[a-f0-9]+,
-            superset-frontend/.*CHANGELOG\.md,
+            ^https://github.com/apache/(superset|incubator-superset)/(pull|issue)/\d+,
            http://localhost:8088/,
+            docker/.env-non-dev,
            http://127.0.0.1:3000/,
            http://localhost:9001/,
            https://charts.bitnami.com/bitnami,
@@ -55,91 +42,32 @@ jobs:
            http://theiconic.com.au/,
            https://dev.mysql.com/doc/refman/5.7/en/innodb-limits.html,
            ^https://img\.shields\.io/.*,
-            https://vkusvill.ru/,
-            https://www.linkedin.com/in/mark-thomas-b16751158/,
-            https://theiconic.com.au/,
-            https://wattbewerb.de/,
-            https://timbr.ai/,
-            https://opensource.org/license/apache-2-0,
+            https://vkusvill.ru/
+            https://www.linkedin.com/in/mark-thomas-b16751158/
+            https://theiconic.com.au/
+            https://wattbewerb.de/
+            https://timbr.ai/
+            https://opensource.org/license/apache-2-0
            https://www.plaidcloud.com/
-
-  build-on-pr:
-    # Build docs when PR changes docs/** (uses committed databases.json)
-    if: github.event_name == 'pull_request'
-    name: Build (PR trigger)
-    runs-on: ubuntu-24.04
+  build-deploy:
+    name: Build & Deploy
+    runs-on: ubuntu-22.04
    defaults:
      run:
        working-directory: docs
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+      - name: Set up Node.js 20
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './docs/.nvmrc'
+          node-version: '20'
      - name: yarn install
        run: |
          yarn install --check-cache
-      - name: Lint docs links
-        # Fast source-level check for bare relative internal links
-        # like `[Foo](../foo)` that Docusaurus's onBrokenLinks
-        # setting can't catch. Runs in seconds; fails fast before
-        # the expensive build step.
-        run: |
-          yarn lint:docs-links
-      - name: yarn typecheck
-        run: |
-          yarn typecheck
-      - name: yarn build
-        run: |
-          yarn build
-
-  build-after-tests:
-    # Build docs after integration tests complete (uses fresh diagnostics)
-    # Only runs if integration tests succeeded
-    if: >
-      github.event_name == 'workflow_run' &&
-      github.event.workflow_run.conclusion == 'success' &&
-      github.event.workflow_run.head_repository.full_name == github.repository
-    name: Build (after integration tests)
-    runs-on: ubuntu-24.04
-    defaults:
-      run:
-        working-directory: docs
-    steps:
-      - name: "Checkout PR head: ${{ github.event.workflow_run.head_sha }}"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          ref: ${{ github.event.workflow_run.head_sha }}
-          persist-credentials: false
-          submodules: recursive
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: './docs/.nvmrc'
-      - name: yarn install
-        run: |
-          yarn install --check-cache
-      - name: Download database diagnostics from integration tests
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
-        with:
-          workflow: superset-python-integrationtest.yml
-          run_id: ${{ github.event.workflow_run.id }}
-          name: database-diagnostics
-          path: docs/src/data/
-          if_no_artifact_found: 'warning'
-      - name: Use fresh diagnostics
-        run: |
-          if [ -f "src/data/databases-diagnostics.json" ]; then
-            echo "Using fresh diagnostics from integration tests"
-            mv src/data/databases-diagnostics.json src/data/databases.json
-          else
-            echo "Warning: No diagnostics artifact found, using committed data"
-          fi
      - name: yarn typecheck
        run: |
          yarn typecheck
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -28,7 +28,6 @@ concurrency:

 jobs:
  cypress-matrix:
-    # Somehow one test flakes on 24.04 for unknown reasons, this is the only GHA left on 22.04
    runs-on: ubuntu-22.04
    permissions:
      contents: read
@@ -42,7 +41,6 @@ jobs:
      matrix:
        parallel_id: [0, 1, 2, 3, 4, 5]
        browser: ["chrome"]
-        app_root: ${{ github.event_name == 'push' && fromJSON('["", "/app/prefix"]') || fromJSON('[""]') }}
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -50,11 +48,11 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
-      # Only use dashboard when explicitly requested via workflow_dispatch
-      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true' || 'false' }}
+      # use the dashboard feature when running manually OR merging to master
+      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true'|| (github.ref == 'refs/heads/master' && 'true') || 'false' }}
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -69,21 +67,20 @@ jobs:
      # Conditional checkout based on context
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -109,9 +106,9 @@ jobs:
          run: testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: "20"
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -137,139 +134,10 @@ jobs:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
-          run: cypress-run-all ${{ env.USE_DASHBOARD }} ${{ matrix.app_root }}
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        env:
-          APP_ROOT: ${{ matrix.app_root }}
-        run: |
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
+          run: cypress-run-all ${{ env.USE_DASHBOARD }}
      - name: Upload Artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: failure()
+        uses: actions/upload-artifact@v4
+        if: github.event_name == 'workflow_dispatch' && (steps.check.outputs.python || steps.check.outputs.frontend)
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
-          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
-
-  playwright-tests:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      pull-requests: read
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: ["chromium"]
-        app_root: ${{ github.event_name == 'push' && fromJSON('["", "/app/prefix"]') || fromJSON('[""]') }}
-    env:
-      SUPERSET_ENV: development
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-      PYTHONPATH: ${{ github.workspace }}
-      REDIS_PORT: 16379
-      GITHUB_TOKEN: ${{ github.token }}
-    services:
-      postgres:
-        image: postgres:17-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      # -------------------------------------------------------
-      # Conditional checkout based on context (same as Cypress workflow)
-      - name: Checkout for push or pull_request event
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-      - name: Checkout using ref (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.inputs.ref }}
-          submodules: recursive
-      - name: Checkout using PR ID (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
-          submodules: recursive
-      # -------------------------------------------------------
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-      - name: Setup postgres
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: Import test data
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright_testdata
-      - name: Setup Node.js
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: './superset-frontend/.nvmrc'
-      - name: Install npm dependencies
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: npm-install
-      - name: Build javascript packages
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-instrumented-assets
-      - name: Build embedded SDK
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-embedded-sdk
-      - name: Install Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright-install
-      - name: Run Playwright (Required Tests)
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        with:
-          run: playwright-run "${{ matrix.app_root }}"
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        env:
-          APP_ROOT: ${{ matrix.app_root }}
-        run: |
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
-      - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: failure()
-        with:
-          path: |
-            ${{ github.workspace }}/superset-frontend/playwright-results/
-            ${{ github.workspace }}/superset-frontend/test-results/
-          name: playwright-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
+          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}
--- a/.github/workflows/superset-extensions-cli.yml
+++ b/.github/workflows/superset-extensions-cli.yml
@@ -1,68 +0,0 @@
-name: Superset Extensions CLI Package Tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-
-permissions:
-  contents: read
-  pull-requests: read
-
-# cancel previous workflow jobs for PRs
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  test-superset-extensions-cli-package:
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix:
-        python-version: ["previous", "current", "next"]
-    defaults:
-      run:
-        working-directory: superset-extensions-cli
-    steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          submodules: recursive
-
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Python
-        if: steps.check.outputs.superset-extensions-cli
-        uses: ./.github/actions/setup-backend/
-        with:
-          python-version: ${{ matrix.python-version }}
-          requirements-type: dev
-
-      - name: Run pytest with coverage
-        if: steps.check.outputs.superset-extensions-cli
-        run: |
-          pytest --cov=superset_extensions_cli --cov-report=xml --cov-report=term-missing --cov-report=html -v --tb=short
-
-      - name: Upload coverage reports to Codecov
-        if: steps.check.outputs.superset-extensions-cli
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
-        with:
-          file: ./coverage.xml
-          flags: superset-extensions-cli
-          name: superset-extensions-cli-coverage
-          fail_ci_if_error: false
-
-      - name: Upload HTML coverage report
-        if: steps.check.outputs.superset-extensions-cli
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: superset-extensions-cli-coverage-html
-          path: htmlcov/
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -1,4 +1,4 @@
-name: "Frontend Build CI (unit tests, linting & sanity checks)"
+name: Frontend

 on:
  push:
@@ -13,191 +13,68 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true

-env:
-  TAG: apache/superset:GHA-${{ github.run_id }}
-
-permissions:
-  contents: read
-
 jobs:
  frontend-build:
-    runs-on: ubuntu-24.04
-    outputs:
-      should-run: ${{ steps.check.outputs.frontend }}
+    runs-on: ubuntu-22.04
    steps:
-      - name: Checkout Code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-
-      - name: Check for File Changes
+          submodules: recursive
+      - name: Check npm lock file version
+        run: ./scripts/ci_check_npm_lock_version.sh ./superset-frontend/package-lock.json
+      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build Docker Image
+      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        shell: bash
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "git rev-parse --short HEAD"
-          git rev-parse --short HEAD
-          echo "git show -s --format=raw HEAD"
-          git show -s --format=raw HEAD
-          docker buildx build \
-            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-trixie \
-            --target superset-node-ci \
-            .
-
-      - name: Save Docker Image as Artifact
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install dependencies
        if: steps.check.outputs.frontend
-        run: |
-          docker save $TAG | zstd -3 --threads=0 > docker-image.tar.zst
-
-      - name: Upload Docker Image Artifact
+        uses: ./.github/actions/cached-dependencies
+        with:
+          run: npm-install
+      - name: eslint
        if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: docker-image
-          path: docker-image.tar.zst
-
-  sharded-jest-tests:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    strategy:
-      matrix:
-        shard: [1, 2, 3, 4, 5, 6, 7, 8]
-      fail-fast: false
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
+        working-directory: ./superset-frontend
        run: |
-          zstd -d < docker-image.tar.zst | docker load
-
-      - name: npm run test with coverage
+          npm run eslint -- . --quiet
+      - name: tsc
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
        run: |
-          mkdir -p ${{ github.workspace }}/superset-frontend/coverage
-          docker run \
-          -v ${{ github.workspace }}/superset-frontend/coverage:/app/superset-frontend/coverage \
-          --rm $TAG \
-          bash -c \
-          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json"
-
-      - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: coverage-artifacts-${{ matrix.shard }}
-          path: superset-frontend/coverage
-
-  report-coverage:
-    needs: [sharded-jest-tests]
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-
-      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          pattern: coverage-artifacts-*
-          path: coverage/
-
-      - name: Reorganize test result reports
+          npm run type
+      - name: Build plugins packages
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build
+      - name: Build plugins Storybook
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: npm run plugins:build-storybook
+      - name: superset-ui/core coverage
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
        run: |
-          find coverage/
-          for i in {1..8}; do
-            mv coverage/coverage-artifacts-${i}/coverage-final.json coverage/coverage-shard-${i}.json
-          done
-        shell: bash
-
-      - name: Merge Code Coverage
-        run: npx nyc merge coverage/ merged-output/coverage-summary.json
-
-      - name: Upload Code Coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+          npm run core:cover
+      - name: unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend
+        run: |
+          npm run test -- --coverage --silent
+      # todo: remove this step when fix generator as a project in root jest.config.js
+      - name: generator-superset unit tests
+        if: steps.check.outputs.frontend
+        working-directory: ./superset-frontend/packages/generator-superset
+        run: npm run test
+      - name: Upload code coverage
+        uses: codecov/codecov-action@v4
        with:
          flags: javascript
-          use_oidc: true
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          disable_search: true
-          files: merged-output/coverage-summary.json
-          slug: apache/superset
-
-  lint-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: |
-          zstd -d < docker-image.tar.zst | docker load
-
-      - name: lint
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm i && npm run lint"
-
-      - name: tsc
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm i && npm run plugins:build && npm run type"
-
-  validate-frontend:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: |
-          zstd -d < docker-image.tar.zst | docker load
-
-      - name: Build Plugins Packages
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run plugins:build"
-
-  test-storybook:
-    needs: frontend-build
-    if: needs.frontend-build.outputs.should-run == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: docker-image
-
-      - name: Load Docker Image
-        run: |
-          zstd -d < docker-image.tar.zst | docker load
-
-      - name: Build Storybook and Run Tests
-        run: |
-          docker run --rm $TAG bash -c \
-          "npm run build-storybook && npx playwright install-deps && npx playwright install chromium && npm run test-storybook:ci"
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -1,4 +1,4 @@
-name: "Helm: lint and test charts"
+name: Lint and Test Charts

 on:
  pull_request:
@@ -6,9 +6,6 @@ on:
    paths:
      - "helm/**"

-permissions:
-  contents: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -16,19 +13,19 @@ concurrency:

 jobs:
  lint-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@v4
        with:
-          version: v3.16.4
+          version: v3.5.4

      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -1,8 +1,4 @@
-# This workflow automates the release process for Helm charts.
-# The workflow creates a new branch for the release and opens a pull request against the 'gh-pages' branch,
-# allowing the changes to be reviewed and merged manually.
-
-name: "Helm: release charts"
+name: Release Charts

 on:
  push:
@@ -11,28 +7,18 @@ on:
      - "[0-9].[0-9]*"
    paths:
      - "helm/**"
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: "The branch, tag, or commit SHA to check out"
-        required: false
-        default: "master"

 jobs:
  release:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: write
-      pull-requests: write
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.ref || github.ref_name }}
-          persist-credentials: true
+          persist-credentials: false
          submodules: recursive
          fetch-depth: 0

@@ -42,86 +28,18 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@v4
        with:
          version: v3.5.4

      - name: Add bitnami repo dependency
        run: helm repo add bitnami https://charts.bitnami.com/bitnami

-      - name: Fetch/list all tags
-        run: |
-          # Debugging tags
-          git fetch --tags --force
-          git tag -d superset-helm-chart-0.13.4 || true
-          echo "DEBUG TAGS"
-          git show-ref --tags
-
-      - name: Create unique pages branch name
-        id: vars
-        run: echo "branch_name=helm-publish-${GITHUB_SHA:0:7}" >> $GITHUB_ENV
-
-      - name: Force recreate branch from gh-pages
-        env:
-          BRANCH_NAME: ${{ env.branch_name }}
-        run: |
-          # Ensure a clean working directory
-          git reset --hard
-          git clean -fdx
-          git checkout -b local_gha_temp
-          git submodule update
-
-          # Fetch the latest gh-pages branch
-          git fetch origin gh-pages
-
-          # Check out and reset the target branch based on gh-pages
-          git checkout -B "$BRANCH_NAME" origin/gh-pages
-
-          # Remove submodules from the branch
-          git submodule deinit -f --all
-
-          # Force push to the remote branch
-          git push origin "$BRANCH_NAME" --force
-
-          # Return to the original branch
-          git checkout local_gha_temp
-
-      - name: Fetch/list all tags
-        run: |
-          git submodule update
-          cat .github/actions/chart-releaser-action/action.yml
-
      - name: Run chart-releaser
        uses: ./.github/actions/chart-releaser-action
        with:
-          version: v1.6.0
          charts_dir: helm
          mark_as_latest: false
-          pages_branch: ${{ env.branch_name }}
        env:
          CR_TOKEN: "${{ github.token }}"
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"
-
-      - name: Open Pull Request
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const branchName = process.env.BRANCH_NAME;
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
-
-            if (!branchName) {
-              throw new Error("Branch name is not defined.");
-            }
-
-            const pr = await github.rest.pulls.create({
-              owner,
-              repo,
-              title: `Helm chart release for ${branchName}`,
-              head: branchName,
-              base: "gh-pages", // Adjust if the target branch is different
-              body: `This PR releases Helm charts to the gh-pages branch.`,
-            });
-
-            core.info(`Pull request created: ${pr.data.html_url}`);
-        env:
-          BRANCH_NAME: ${{ env.branch_name }}
--- a/.github/workflows/superset-playwright.yml
+++ b/.github/workflows/superset-playwright.yml
@@ -1,162 +0,0 @@
-name: Playwright Experimental Tests
-
-on:
-  push:
-    branches:
-      - "master"
-      - "[0-9].[0-9]*"
-  pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: 'The branch or tag to checkout'
-        required: false
-        default: ''
-      pr_id:
-        description: 'The pull request ID to checkout'
-        required: false
-        default: ''
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  # NOTE: Required Playwright tests are in superset-e2e.yml (E2E / playwright-tests)
-  # This workflow contains only experimental tests that run in shadow mode
-  playwright-tests-experimental:
-    runs-on: ubuntu-22.04
-    continue-on-error: true
-    permissions:
-      contents: read
-      pull-requests: read
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: ["chromium"]
-        app_root: ["", "/app/prefix"]
-    env:
-      SUPERSET_ENV: development
-      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
-      PYTHONPATH: ${{ github.workspace }}
-      REDIS_PORT: 16379
-      GITHUB_TOKEN: ${{ github.token }}
-    services:
-      postgres:
-        image: postgres:17-alpine
-        env:
-          POSTGRES_USER: superset
-          POSTGRES_PASSWORD: superset
-        ports:
-          - 15432:5432
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 16379:6379
-    steps:
-      # -------------------------------------------------------
-      # Conditional checkout based on context (same as Cypress workflow)
-      - name: Checkout for push or pull_request event
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          submodules: recursive
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-      - name: Checkout using ref (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.inputs.ref }}
-          submodules: recursive
-      - name: Checkout using PR ID (workflow_dispatch)
-        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
-          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
-          submodules: recursive
-      # -------------------------------------------------------
-      - name: Check for file changes
-        id: check
-        uses: ./.github/actions/change-detector/
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Python
-        uses: ./.github/actions/setup-backend/
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-      - name: Setup postgres
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: setup-postgres
-      - name: Import test data
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright_testdata
-      - name: Setup Node.js
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: './superset-frontend/.nvmrc'
-      - name: Install npm dependencies
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: npm-install
-      - name: Build javascript packages
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-instrumented-assets
-      - name: Build embedded SDK
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: build-embedded-sdk
-      - name: Install Playwright
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        with:
-          run: playwright-install
-      - name: Run Playwright (Experimental Tests)
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        with:
-          run: playwright-run "${{ matrix.app_root }}" experimental/
-      - name: Run Playwright (Embedded Tests)
-        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: ./.github/actions/cached-dependencies
-        env:
-          NODE_OPTIONS: "--max-old-space-size=4096"
-          # Scope embedded-only env vars to this step. Setting them at the job
-          # level enabled the EMBEDDED_SUPERSET feature flag inside Flask for
-          # the preceding "Required Tests" and "Experimental Tests" steps too,
-          # which loads extra handlers and destabilizes the werkzeug dev
-          # server under the 2-worker Playwright load. Required Tests should
-          # match master's Flask configuration.
-          SUPERSET_FEATURE_EMBEDDED_SUPERSET: "true"
-          INCLUDE_EMBEDDED: "true"
-        with:
-          run: playwright-run "${{ matrix.app_root }}" embedded
-      - name: Set safe app root
-        if: failure()
-        id: set-safe-app-root
-        run: |
-          APP_ROOT="${{ matrix.app_root }}"
-          SAFE_APP_ROOT=${APP_ROOT//\//_}
-          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
-      - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: failure()
-        with:
-          path: |
-            ${{ github.workspace }}/superset-frontend/playwright-results/
-            ${{ github.workspace }}/superset-frontend/test-results/
-          name: playwright-experimental-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -15,9 +15,7 @@ concurrency:

 jobs:
  test-mysql:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -43,7 +41,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -70,49 +68,16 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,mysql
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset
-      - name: Generate database diagnostics for docs
-        if: steps.check.outputs.python
-        env:
-          SUPERSET_CONFIG: tests.integration_tests.superset_test_config
-          SUPERSET__SQLALCHEMY_DATABASE_URI: |
-            mysql+mysqldb://superset:superset@127.0.0.1:13306/superset?charset=utf8mb4&binary_prefix=true
-        run: |
-          python -c "
-          import json
-          from superset.app import create_app
-          from superset.db_engine_specs.lib import generate_yaml_docs
-          app = create_app()
-          with app.app_context():
-              docs = generate_yaml_docs()
-              # Wrap in the expected format
-              output = {
-                  'generated': '$(date -Iseconds)',
-                  'databases': docs
-              }
-              with open('databases-diagnostics.json', 'w') as f:
-                  json.dump(output, f, indent=2, default=str)
-              print(f'Generated diagnostics for {len(docs)} databases')
-          "
-      - name: Upload database diagnostics artifact
-        if: steps.check.outputs.python
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: database-diagnostics
-          path: databases-diagnostics.json
-          retention-days: 7
  test-postgres:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["current", "previous", "next"]
+        python-version: ["current", "next", "previous"]
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -120,7 +85,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -134,7 +99,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -164,17 +129,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,postgres
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset

  test-sqlite:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -190,7 +152,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -219,9 +181,8 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,sqlite
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -16,9 +16,7 @@ concurrency:

 jobs:
  test-postgres-presto:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -27,7 +25,7 @@ jobs:
      SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -50,7 +48,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -79,17 +77,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,presto
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset

  test-postgres-hive:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -99,7 +94,7 @@ jobs:
      UPLOAD_FOLDER: /tmp/.superset/uploads/
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:15-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -113,7 +108,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -147,12 +142,10 @@ jobs:
      - name: Python unit tests (PostgreSQL)
        if: steps.check.outputs.python
        run: |
-          pip install -e .[hive]
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,hive
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -16,17 +16,15 @@ concurrency:

 jobs:
  unit-tests:
-    runs-on: ubuntu-24.04
-    permissions:
-      id-token: write
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        python-version: ["previous", "current", "next"]
+        python-version: ["current", "next"]
    env:
      PYTHONPATH: ${{ github.workspace }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -46,19 +44,10 @@ jobs:
          SUPERSET_TESTENV: true
          SUPERSET_SECRET_KEY: not-a-secret
        run: |
-          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear --maxfail=50
-      - name: Python 100% coverage unit tests
-        if: steps.check.outputs.python
-        env:
-          SUPERSET_TESTENV: true
-          SUPERSET_SECRET_KEY: not-a-secret
-        run: |
-          pytest --durations-min=0.5 --cov=superset/sql/ ./tests/unit_tests/sql/ --cache-clear --cov-fail-under=100
-          pytest --durations-min=0.5 --cov=superset/semantic_layers/ ./tests/unit_tests/semantic_layers/ --cache-clear --cov-fail-under=100
+          pytest --durations-min=0.5 --cov-report= --cov=superset ./tests/common ./tests/unit_tests --cache-clear
      - name: Upload code coverage
-        uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
+        uses: codecov/codecov-action@v4
        with:
          flags: python,unit
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
-          use_oidc: true
-          slug: apache/superset
--- a/.github/workflows/superset-translations-comment.yml
+++ b/.github/workflows/superset-translations-comment.yml
@@ -1,88 +0,0 @@
-name: Translation Regression Comment
-
-on:
-  # zizmor: ignore[dangerous-triggers] - runs in base-branch context and only consumes the uploaded artifact; never checks out PR code (see note below)
-  workflow_run:
-    workflows: ["Translations"]
-    types: [completed]
-
-# This workflow posts a PR comment when the Translations workflow detects a
-# regression. It uses the workflow_run trigger so that it always runs in the
-# base-branch context and can safely be granted write permissions, even for
-# PRs from forks.
-#
-# IMPORTANT: This workflow must NEVER check out code from the PR branch.
-# All data comes from the artifact uploaded by the Translations workflow.
-
-permissions:
-  pull-requests: write
-  actions: read
-
-jobs:
-  post-comment:
-    runs-on: ubuntu-24.04
-    # Only act when the Translations workflow failed (which means a regression
-    # was detected — the workflow exits 1 on regression).
-    if: github.event.workflow_run.conclusion == 'failure'
-
-    steps:
-      - name: Download regression artifact
-        id: download
-        continue-on-error: true
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: translation-regression
-          run-id: ${{ github.event.workflow_run.id }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          path: /tmp/translation-regression
-
-      - name: Post or update PR comment
-        if: steps.download.outcome == 'success'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const fs = require('fs');
-
-            const prNumberFile = '/tmp/translation-regression/pr-number.txt';
-            const reportFile = '/tmp/translation-regression/regression-report.md';
-
-            if (!fs.existsSync(prNumberFile) || !fs.existsSync(reportFile)) {
-              console.log('Artifact files not found, skipping comment.');
-              return;
-            }
-
-            const prNumber = parseInt(fs.readFileSync(prNumberFile, 'utf8').trim(), 10);
-            if (!prNumber) {
-              console.log('Could not parse PR number, skipping comment.');
-              return;
-            }
-
-            const report = fs.readFileSync(reportFile, 'utf8');
-            const marker = '<!-- translation-regression-bot -->';
-            const body = `${marker}\n${report}`;
-
-            const { data: comments } = await github.rest.issues.listComments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: prNumber,
-            });
-
-            const existing = comments.find(c => c.body && c.body.includes(marker));
-
-            if (existing) {
-              await github.rest.issues.updateComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                comment_id: existing.id,
-                body,
-              });
-              console.log(`Updated existing comment ${existing.id} on PR #${prNumber}`);
-            } else {
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: prNumber,
-                body,
-              });
-              console.log(`Created new comment on PR #${prNumber}`);
-            }
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -8,10 +8,6 @@ on:
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]

-permissions:
-  contents: read
-  pull-requests: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -19,13 +15,10 @@ concurrency:

 jobs:
  frontend-check-translations:
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      pull-requests: read
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -38,9 +31,9 @@ jobs:

      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
-          node-version-file:  './superset-frontend/.nvmrc'
+          node-version:  '18'
      - name: Install dependencies
        if: steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
@@ -53,17 +46,13 @@ jobs:
          npm run build-translation

  babel-extract:
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      pull-requests: read
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
-
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
@@ -71,83 +60,8 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Python
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
+        if: steps.check.outputs.python
        uses: ./.github/actions/setup-backend/
-
-      - name: Install gettext tools
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        run: sudo apt-get update && sudo apt-get install -y gettext
-
-      # Fetch the base ref so we can compare PR-introduced regressions
-      # against a fair baseline (also runs babel_update against the base
-      # source) — this isolates the PR's contribution from any pre-existing
-      # drift on the base branch.
-      - name: Fetch base ref and create comparison worktree
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        env:
-          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
-        run: |
-          # For PRs use the base branch; for direct pushes compare against the previous commit.
-          BASE_REF="$PR_BASE_REF"
-          if [ -n "$BASE_REF" ]; then
-            git fetch --depth=1 origin "$BASE_REF"
-          else
-            git fetch --depth=2 origin "$GITHUB_REF"
-          fi
-          git worktree add /tmp/base-worktree FETCH_HEAD
-
-      # Run babel_update against BASE source + BASE translations. Any drift
-      # already present on the base branch (source strings that have changed
-      # without .po updates) shows up here as fuzzies — and will also show
-      # up in the PR run, so it cancels out in the comparison.
-      - name: Baseline — run babel_update against BASE source
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        working-directory: /tmp/base-worktree
+      - name: Test babel extraction
+        if: steps.check.outputs.python
        run: ./scripts/translations/babel_update.sh
-
-      - name: Record baseline translation counts
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        run: |
-          python scripts/translations/check_translation_regression.py \
-            --count \
-            --translations-dir /tmp/base-worktree/superset/translations \
-            > /tmp/before.json
-
-      # Run babel_update against the PR source and PR translations. This keeps
-      # committed .po fixes in play while the base babel_update above still
-      # cancels out translation drift already present on the base branch.
-      - name: Run babel_update against PR source
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        run: ./scripts/translations/babel_update.sh
-
-      - name: Check for translation regression
-        id: regression
-        if: steps.check.outputs.python == 'true' || steps.check.outputs.frontend == 'true'
-        continue-on-error: true
-        run: |
-          python scripts/translations/check_translation_regression.py \
-            --compare /tmp/before.json \
-            --report /tmp/regression-report.md
-
-      # Save the PR number so the comment workflow can post the report without
-      # needing write permissions on this pull_request-triggered job.
-      - name: Save PR number for comment workflow
-        if: >-
-          github.event_name == 'pull_request' &&
-          steps.regression.outcome == 'failure'
-        run: echo "${{ github.event.pull_request.number }}" > /tmp/pr-number.txt
-
-      - name: Upload regression artifact
-        if: >-
-          github.event_name == 'pull_request' &&
-          steps.regression.outcome == 'failure'
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: translation-regression
-          path: |
-            /tmp/regression-report.md
-            /tmp/pr-number.txt
-
-      - name: Fail if regression detected
-        if: steps.regression.outcome == 'failure'
-        run: exit 1
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -11,9 +11,6 @@ on:
      - "superset-websocket/**"
    types: [synchronize, opened, reopened, ready_for_review]

-permissions:
-  contents: read
-
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -21,10 +18,10 @@ concurrency:

 jobs:
  app-checks:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Install dependencies
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -15,7 +15,7 @@ on:

 jobs:
  supersetbot:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: >
      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot'))
@@ -26,7 +26,7 @@ jobs:
    steps:
      - name: Quickly add thumbs up!
        if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot')
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/')
@@ -38,7 +38,7 @@ jobs:
            });

      - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false

--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -21,12 +21,9 @@ on:
        options:
          - 'true'
          - 'false'
-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -34,74 +31,66 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${DOCKERHUB_USER}" ]; then
+          if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          DOCKERHUB_USER: ${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}
  docker-release:
    needs: config
    if: needs.config.outputs.has-secrets
    name: docker-release
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
+    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
+        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
-          persist-credentials: false
          fetch-depth: 0

-      - name: Setup Docker Environment
-        uses: ./.github/actions/setup-docker
-        with:
-          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
-          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-          install-docker-compose: "false"
-          build: "true"
-
      - name: Use Node.js 20
-        # zizmor: ignore[cache-poisoning] - node only runs the supersetbot CLI; no dependency cache is enabled
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: 20
-          package-manager-cache: false

      - name: Setup supersetbot
        uses: ./.github/actions/setup-supersetbot/

+      - name: Try to login to DockerHub
+        continue-on-error: true
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Execute custom Node.js script
        env:
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          INPUT_RELEASE: ${{ github.event.inputs.release }}
-          INPUT_FORCE_LATEST: ${{ github.event.inputs.force-latest }}
-          INPUT_GIT_REF: ${{ github.event.inputs.git-ref }}
-          GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
        run: |
-          RELEASE="${GITHUB_EVENT_RELEASE_TAG_NAME}"
+          RELEASE="${{ github.event.release.tag_name }}"
          FORCE_LATEST=""
          EVENT="${{github.event_name}}"
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            # in the case of a manually-triggered run, read release from input
-            RELEASE="${INPUT_RELEASE}"
-            if [ "${INPUT_FORCE_LATEST}" = "true" ]; then
+            RELEASE="${{ github.event.inputs.release }}"
+            if [ "${{ github.event.inputs.force-latest }}" = "true" ]; then
              FORCE_LATEST="--force-latest"
            fi
-            git checkout "${INPUT_GIT_REF}"
+            git checkout "${{ github.event.inputs.git-ref }}"
            EVENT="release"
          fi

          supersetbot docker \
-            --push \
            --preset ${{ matrix.build_preset }} \
            --context "$EVENT" \
            --context-ref "$RELEASE" $FORCE_LATEST \
@@ -114,24 +103,21 @@ jobs:
  update-prs-with-release-info:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: write
    steps:

      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
-          persist-credentials: false
          fetch-depth: 0

      - name: Use Node.js 20
-        # zizmor: ignore[cache-poisoning] - node only runs the supersetbot CLI; no dependency cache is enabled
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: 20
-          package-manager-cache: false

      - name: Setup supersetbot
        uses: ./.github/actions/setup-supersetbot/
@@ -139,15 +125,13 @@ jobs:
      - name: Label the PRs with the right release-related labels
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          INPUT_RELEASE: ${{ github.event.inputs.release }}
-          GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
        run: |
          export GITHUB_ACTOR=""
          git fetch --all --tags
          git checkout master
-          RELEASE="${GITHUB_EVENT_RELEASE_TAG_NAME}"
+          RELEASE="${{ github.event.release.tag_name }}"
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            # in the case of a manually-triggered run, read release from input
-            RELEASE="${INPUT_RELEASE}"
+            RELEASE="${{ github.event.inputs.release }}"
          fi
          supersetbot release-label $RELEASE
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -6,12 +6,9 @@ on:
      - master
      - "[0-9].[0-9]*"

-permissions:
-  contents: read
-
 jobs:
  config:
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-22.04"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
@@ -19,30 +16,26 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${GSHEET_KEY}" ]; then
+          if [ -n "${{ (secrets.GSHEET_KEY != '' ) || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

-        env:
-          GSHEET_KEY: ${{ (secrets.GSHEET_KEY != '' ) || '' }}
  process-and-upload:
    needs: config
    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    name: Generate Reports
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          persist-credentials: false
+        uses: actions/checkout@v4

      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
-          node-version-file: './superset-frontend/.nvmrc'
+          node-version: '20'

      - name: Install Dependencies
-        run: npm ci
+        run: npm install
        working-directory: ./superset-frontend

      - name: Run Script
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -1,29 +1,22 @@
 name: Welcome New Contributor

 on:
-  # zizmor: ignore[dangerous-triggers] - posts a welcome comment only; does not check out or execute PR-provided code
  pull_request_target:
    types: [opened]

 jobs:
  welcome:
-    runs-on: ubuntu-24.04
-    if: github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    runs-on: ubuntu-22.04
    permissions:
      pull-requests: write

    steps:
      - name: Welcome Message
-        uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
+        uses: actions/first-interaction@v1
+        continue-on-error: true
        with:
-          repo_token: ${{ github.token }}
-          issue_message: |-
-            Congrats on opening your first issue and thank you for contributing to Superset! :tada: :heart:
-
-            Please read our [New Contributor Welcome & Expectations](https://github.com/apache/superset/wiki/New-Contributor-Welcome-&-Expectations) guide.
-          pr_message: |-
+          repo-token: ${{ github.token }}
+          pr-message: |-
            Congrats on making your first PR and thank you for contributing to Superset! :tada: :heart:

-            Please read our [New Contributor Welcome & Expectations](https://github.com/apache/superset/wiki/New-Contributor-Welcome-&-Expectations) guide.
-
            We hope to see you in our [Slack](https://apache-superset.slack.com/) community too! Not signed up? Use our [Slack App](http://bit.ly/join-superset-slack) to self-register.
--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@
 *.swp
 __pycache__

-.aider*
 .local
 .cache
 .bento*
@@ -33,7 +32,6 @@ cover
 .env
 .envrc
 .idea
-.roo
 .mypy_cache
 .python-version
 .tox
@@ -44,7 +42,7 @@ _modules
 _static
 build
 app.db
-*.egg-info/
+apache_superset.egg-info/
 changelog.sh
 dist
 dump.rdb
@@ -52,6 +50,7 @@ env
 venv*
 env_py3
 envpy3
+env36
 local_config.py
 /superset_config.py
 /superset_text.yml
@@ -61,19 +60,18 @@ tmp
 rat-results.txt
 superset/app/
 superset-websocket/config.json
-.direnv
-*.log

 # Node.js, webpack artifacts, storybook
 *.entry.js
 *.js.map
 node_modules
 npm-debug.log*
-superset/static/*
-superset/static/assets/*
-!superset/static/assets/.gitkeep
-superset/static/uploads/*
-!superset/static/uploads/.gitkeep
+superset/static/assets
+superset/static/version_info.json
+superset-frontend/**/esm/*
+superset-frontend/**/lib/*
+superset-frontend/**/storybook-static/*
+superset-frontend/migration-storybook.log
 yarn-error.log
 *.map
 *.min.js
@@ -91,7 +89,6 @@ scripts/*.zip
 # IntelliJ
 *.iml
 venv
-.venv
@eaDir/

 # PyCharm
@@ -107,7 +104,6 @@ ghostdriver.log
 testCSV.csv
 .terser-plugin-cache/
 apache-superset-*.tar.gz*
-apache_superset-*.tar.gz*
 release.json

 # Translation-related files
@@ -115,29 +111,14 @@ release.json
 superset/translations/**/messages.json
 # these mo binary files are generated by `pybabel compile`
 superset/translations/**/messages.mo
-# cross-language index generated by scripts/translations/build_translation_index.py
-superset/translations/translation_index.json

 docker/requirements-local.txt

 cache/
 docker/*local*
-docker/superset-websocket/config.json
-docker-compose.override.yml

 .temp_cache

 # Jest test report
 test-report.html
 superset/static/stats/statistics.html
-
-# LLM-related
-CLAUDE.local.md
-PROJECT.md
-.aider*
-.claude_rc*
-.claude/settings.local.json
-.env.local
-oxc-custom-build/
-*.code-workspace
-*.duckdb
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,18 +16,15 @@
 #
 repos:
  - repo: https://github.com/MarcoGorelli/auto-walrus
-    rev: 0.3.4
+    rev: v0.2.2
    hooks:
      - id: auto-walrus
  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.15.0
+    rev: v1.3.0
    hooks:
      - id: mypy
-        name: mypy (main)
        args: [--check-untyped-defs]
-        exclude: ^superset-extensions-cli/
        additional_dependencies: [
-            types-cachetools,
            types-simplejson,
            types-python-dateutil,
            types-requests,
@@ -41,59 +38,31 @@ repos:
            types-paramiko,
            types-Markdown,
          ]
-      - id: mypy
-        name: mypy (superset-extensions-cli)
-        args: [--check-untyped-defs]
-        files: ^superset-extensions-cli/
+  - repo: https://github.com/peterdemin/pip-compile-multi
+    rev: v2.6.2
+    hooks:
+      - id: pip-compile-multi-verify
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v4.4.0
    hooks:
      - id: check-docstring-first
      - id: check-added-large-files
-        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$|^superset/examples/.*/data\.parquet$|^superset/translations/.*\.po$
+        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*
      - id: check-yaml
        exclude: ^helm/superset/templates/
      - id: debug-statements
      - id: end-of-file-fixer
-        exclude: .*/lerna\.json$|^docs/static/img/logos/
      - id: trailing-whitespace
        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
-  - repo: local
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v3.1.0 # Use the sha or tag you want to point at
    hooks:
-      - id: prettier-frontend
-        name: prettier (frontend)
-        entry: bash -c 'cd superset-frontend && for file in "$@"; do npx prettier --write "${file#superset-frontend/}"; done'
-        language: system
-        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx|css|scss|sass|json)$
-  - repo: local
-    hooks:
-      - id: oxlint-frontend
-        name: oxlint (frontend)
-        entry: ./scripts/oxlint.sh
-        language: system
-        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-      - id: custom-rules-frontend
-        name: custom rules (frontend)
-        entry: ./scripts/check-custom-rules.sh
-        language: system
-        pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-      - id: eslint-docs
-        name: eslint (docs)
-        entry: bash -c 'cd docs && FILES=$(printf "%s\n" "$@" | sed "s|^docs/||" | tr "\n" " ") && yarn eslint --fix --quiet $FILES'
-        language: system
-        pass_filenames: true
-        files: ^docs/.*\.(js|jsx|ts|tsx)$
-      - id: type-checking-frontend
-        name: Type-Checking (Frontend)
-        entry: ./scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base
-        language: system
-        files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
-        exclude: ^superset-frontend/cypress-base\/
-        require_serial: true
+      - id: prettier
+        additional_dependencies:
+          - prettier@3.3.3
+        args: ["--ignore-path=./superset-frontend/.prettierignore"]
+        files: "superset-frontend"
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -101,71 +70,27 @@ repos:
      - id: blacklist
        args: ["--blacklisted-names=make_url", "--ignore=tests/"]
  - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.14.2
+    rev: v1.11.0
    hooks:
      - id: helm-docs
        files: helm
-        verbose: false
-        args: ["--log-level", "error"]
-  # Using local hooks ensures ruff version matches requirements/development.txt
-  - repo: local
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.4.0
    hooks:
-      - id: ruff-format
-        name: ruff-format
-        entry: ruff format
-        language: system
-        types: [python]
      - id: ruff
-        name: ruff
-        entry: ruff check --fix --show-fixes
-        language: system
-        types: [python]
+        args: [ --fix ]
+      - id: ruff-format
  - repo: local
    hooks:
      - id: pylint
-        name: pylint with custom Superset plugins
-        entry: bash
+        name: pylint
+        entry: pylint
        language: system
        types: [python]
        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
        args:
-          - -c
-          - |
-            TARGET_BRANCH=${GITHUB_BASE_REF:-master}
-            # Only fetch if we're not in CI (CI already has all refs)
-            if [ -z "$CI" ]; then
-              git fetch --no-recurse-submodules origin "$TARGET_BRANCH" 2>/dev/null || true
-            fi
-            BASE=$(git merge-base origin/"$TARGET_BRANCH" HEAD 2>/dev/null) || BASE="HEAD"
-            files=$(git diff --name-only --diff-filter=ACM "$BASE"..HEAD 2>/dev/null | grep '^superset/.*\.py$' || true)
-            if [ -n "$files" ]; then
-              pylint --rcfile=.pylintrc --load-plugins=superset.extensions.pylint --reports=no $files
-            else
-              echo "No Python files to lint."
-            fi
-      - id: db-engine-spec-metadata
-        name: database engine spec metadata validation
-        entry: python superset/db_engine_specs/lint_metadata.py --strict
-        language: system
-        files: ^superset/db_engine_specs/.*\.py$
-        exclude: ^superset/db_engine_specs/(base|lib|lint_metadata|__init__)\.py$
-        pass_filenames: false
-  - repo: local
-    hooks:
-      - id: feature-flags-sync
-        name: feature flags documentation sync
-        entry: bash -c 'python scripts/extract_feature_flags.py > docs/static/feature-flags.json.tmp && if ! diff -q docs/static/feature-flags.json docs/static/feature-flags.json.tmp > /dev/null 2>&1; then mv docs/static/feature-flags.json.tmp docs/static/feature-flags.json && echo "Updated docs/static/feature-flags.json" && exit 1; else rm docs/static/feature-flags.json.tmp; fi'
-        language: system
-        files: ^superset/config\.py$
-        pass_filenames: false
-      - id: zizmor
-        name: zizmor (GHA security audit)
-        entry: zizmor
-        language: python
-        additional_dependencies: [zizmor==1.25.2]
-        files: ^\.github/
-        types: [yaml]
-        pass_filenames: false
-        # Advisory until pre-existing findings are resolved; remove
-        # --no-exit-codes to make this hook blocking.
-        args: [--no-exit-codes, .github/]
+          [
+            "-rn", # Only display messages
+            "-sn", # Don't display the score
+            "--rcfile=.pylintrc",
+          ]
--- a/.pylintrc
+++ b/.pylintrc
@@ -52,9 +52,34 @@ extension-pkg-whitelist=pyarrow


 [MESSAGES CONTROL]
-disable=all
-enable=disallowed-sql-import,consider-using-transaction

+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=
+    useless-suppression,
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=
+    cyclic-import,  # re-enable once this no longer raises false positives
+    missing-docstring,
+    duplicate-code,
+    line-too-long,
+    unspecified-encoding,
+    too-many-instance-attributes  # re-enable once this no longer raises false positives

 [REPORTS]

--- a/.rat-excludes
+++ b/.rat-excludes
@@ -11,7 +11,6 @@
 .nvmrc
 .prettierrc
 .rat-excludes
-.swcrc
 .*log
 .*pyc
 .*lock
@@ -33,8 +32,6 @@ apache_superset.egg-info
 # json and csv in general cannot have comments
 .*json
 .*csv
-# jinja templates often need to be as-is
-.*j2
 # Generated doc files
 env/*
 docs/.htaccess*
@@ -43,9 +40,6 @@ _build/*
 _static/*
 .buildinfo
 searchindex.js
-# auto-generated by docs/scripts/convert-api-sidebar.mjs from openapi.json
-sidebar.js
-sidebar.ts
 # auto generated
 requirements/*
 # vendorized
@@ -70,22 +64,14 @@ temporary_superset_ui/*
 # skip license checks for auto-generated test snapshots
 .*snap

-# docs third-party logos (database logos, org logos, etc.)
-databases/*
-logos/*
+# docs overrides for third party logos we don't have the rights to
+google-big-query.svg
+google-sheets.svg
+ibm-db2.svg
+postgresql.svg
+snowflake.svg

 # docs-related
 erd.puml
 erd.svg
 intro_header.txt
-TODO.md
-
-# for LLMs
-llm-context.md
-llms.txt
-AGENTS.md
-LLMS.md
-CLAUDE.md
-CURSOR.md
-GEMINI.md
-GPT.md
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,307 +0,0 @@
-# LLM Context Guide for Apache Superset
-
-Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
-
-## ⚠️ CRITICAL: Always Run Pre-commit Before Pushing
-
-**ALWAYS run `pre-commit run --all-files` before pushing commits.** CI will fail if pre-commit checks don't pass. This is non-negotiable.
-
-```bash
-# Stage your changes first
-git add .
-
-# Run pre-commit on all files
-pre-commit run --all-files
-
-# If there are auto-fixes, stage them and commit
-git add .
-git commit --amend  # or new commit
-```
-
-Common pre-commit failures:
- **Formatting** - black, prettier, eslint will auto-fix
- **Type errors** - mypy failures need manual fixes
- **Linting** - ruff, pylint issues need manual fixes
-
-## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
-
-**These migrations are actively happening - avoid deprecated patterns:**
-
-### Frontend Modernization
- **NO `any` types** - Use proper TypeScript types
- **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
- **Use @superset-ui/core** - Don't import Ant Design directly, prefer Ant Design component wrappers from @superset-ui/core/components
- **Use antd theming tokens** - Prefer antd tokens over legacy theming tokens
- **Avoid custom css and styles** - Follow antd best practices and avoid styling and custom CSS whenever possible
-
-### Testing Strategy Migration
- **Prefer unit tests** over integration tests
- **Prefer integration tests** over end-to-end tests
- **Use Playwright for E2E tests** - Migrating from Cypress
- **Cypress is deprecated** - Will be removed once migration is completed
- **Use Jest + React Testing Library** for component testing
- **Use `test()` instead of `describe()`** - Follow [avoid nesting when testing](https://kentcdodds.com/blog/avoid-nesting-when-youre-testing) principles
-
-### Backend Type Safety
- **Add type hints** - All new Python code needs proper typing
- **MyPy compliance** - Run `pre-commit run mypy` to validate
- **SQLAlchemy typing** - Use proper model annotations
-
-### UUID Migration
- **Prefer UUIDs over auto-incrementing IDs** - New models should use UUID primary keys
- **External API exposure** - Use UUIDs in public APIs instead of internal integer IDs
- **Existing models** - Add UUID fields alongside integer IDs for gradual migration
-
-## Security and Threat Model
-
-Before evaluating any code path for security issues, read [`SECURITY.md`](SECURITY.md). It is the canonical, authoritative source for Apache Superset's security model and is referenced by both human reporters and automated scanners.
-
-In short, the test for whether a finding is in scope is one question:
-
-> *Does it let a principal perform an action the role and capability matrix in `SECURITY.md` does not entitle them to?*
-
-If yes, it is in scope. If no, it is not.
-
-The three trust boundaries are:
-
-1. **The Admin role** is a fully trusted operational principal. Anything an Admin can do through documented configuration, API, or UI is an intended capability, not a vulnerability.
-2. **The operator** owns deployment-time decisions (secrets, network exposure, feature-flag selection, connector and codec choices, notification destinations, third-party plugins). Misconfiguration at this layer is a deployment defect, not a Superset vulnerability.
-3. **The codebase** is responsible for enforcing the role and capability matrix wherever it exposes functionality to a principal: API routes, command and DAO layers, UI handlers, background jobs, and any other entry point. A missing or incorrect enforcement check is in scope no matter where it lives.
-
-The security model assumes that operator-controlled infrastructure, including the metadata database, cache backends, message brokers, secret stores, and deployment environment, remains within the operator's trust boundary. Vulnerabilities must demonstrate a security boundary violation by an attacker who does not already control those systems.
-
-Route-level authorization in this codebase uses one of three Flask-AppBuilder decorators depending on the route type:
-
- `@protect()` for REST API routes (`ModelRestApi` / `BaseApi`)
- `@has_access_api` for legacy view routes
- `@has_access` for legacy HTML view routes
-
-Object-level authorization via `security_manager.raise_for_access(...)` applies to data-bearing resources: dashboards, charts, datasets and datasources, queries, database and table access, and query contexts. Other resources (annotations, tags, CSS templates, reports, RLS rules, and similar) rely on the route-level decorator plus DAO `base_filters` for ownership scoping; the absence of `raise_for_access` on these resources is by design, not a finding. Code that omits the per-object gate on a route that returns or mutates a specific data-bearing object is in scope; code that follows the correct pattern for its resource class can still contain injection, SSRF, XSS, or other classes of finding unrelated to authorization, which are evaluated separately.
-
-The full role and capability matrix, in-scope and out-of-scope class lists, and CVE aggregation rules are in [`SECURITY.md`](SECURITY.md). Defer to that document for any specifics.
-
-**Requirements for findings filed by automated tooling**
-
-Automated scanners (LLM-based code scanners, static analyzers, dependency tools) that file findings against this codebase must, in each finding, name:
-
-1. The specific role and capability matrix row in [`SECURITY.md`](SECURITY.md) the finding believes is violated.
-2. The principal the finding assumes the attacker holds (Public, Gamma, sql_lab, Alpha, Admin, Embedded guest token, or a custom role with explicit capability grants).
-
-Findings that cannot identify both should be filed as questions, not vulnerabilities. This requirement exists to ensure every reported issue is testable against the published security model and to keep speculative or pattern-match-only reports out of the triage queue.
-
-## Key Directories
-
-```
-superset/
-├── superset/                    # Python backend (Flask, SQLAlchemy)
-│   ├── views/api/              # REST API endpoints
-│   ├── models/                 # Database models
-│   └── connectors/             # Database connections
-├── superset-frontend/src/       # React TypeScript frontend
-│   ├── components/             # Reusable components
-│   ├── explore/                # Chart builder
-│   ├── dashboard/              # Dashboard interface
-│   └── SqlLab/                 # SQL editor
-├── superset-frontend/packages/
-│   └── superset-ui-core/       # UI component library (USE THIS)
-├── tests/                      # Python/integration tests
-├── docs/                       # Documentation (UPDATE FOR CHANGES)
-└── UPDATING.md                 # Breaking changes log
-```
-
-## Code Standards
-
-### TypeScript Frontend
- **Avoid `any` types** - Use proper TypeScript, reuse existing types
- **Functional components** with hooks
- **@superset-ui/core** for UI components (not direct antd)
- **Jest** for testing (NO Enzyme)
- **Redux** for global state where it exists, hooks for local
-
-### Python Backend  
- **Type hints required** for all new code
- **MyPy compliant** - run `pre-commit run mypy`
- **SQLAlchemy models** with proper typing
- **pytest** for testing
-
-### Apache License Headers
- **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
- **LLM instruction files are excluded** - Files like AGENTS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
-
-### Code Comments
- **Avoid time-specific language** - Don't use words like "now", "currently", "today" in code comments as they become outdated
- **Write timeless comments** - Comments should remain accurate regardless of when they're read
-
-## Documentation Requirements
-
- **docs/**: Update for any user-facing changes
- **UPDATING.md**: Add breaking changes here
- **Docstrings**: Required for new functions/classes
-
-## Developer Portal: Storybook-to-MDX Documentation
-
-The Developer Portal auto-generates MDX documentation from Storybook stories. **Stories are the single source of truth.**
-
-### Core Philosophy
- **Fix issues in the STORY, not the generator** - When something doesn't render correctly, update the story file first
- **Generator should be lightweight** - It extracts and passes through data; avoid special cases
- **Stories define everything** - Props, controls, galleries, examples all come from story metadata
-
-### Story Requirements for Docs Generation
- Use `export default { title: '...' }` (inline), not `const meta = ...; export default meta;`
- Name interactive stories `Interactive${ComponentName}` (e.g., `InteractiveButton`)
- Define `args` for default prop values
- Define `argTypes` at the story level (not meta level) with control types and descriptions
- Use `parameters.docs.gallery` for size×style variant grids
- Use `parameters.docs.sampleChildren` for components that need children
- Use `parameters.docs.liveExample` for custom live code blocks
- Use `parameters.docs.staticProps` for complex object props that can't be parsed inline
-
-### Generator Location
- Script: `docs/scripts/generate-superset-components.mjs`
- Wrapper: `docs/src/components/StorybookWrapper.jsx`
- Output: `docs/developer_portal/components/`
-
-## Architecture Patterns
-
-### Security & Features
- **Security model**: see the top-level [Security and Threat Model](#security-and-threat-model) section and [`SECURITY.md`](SECURITY.md)
- **RBAC**: Role-based access via Flask-AppBuilder
- **Feature flags**: Control feature rollouts
- **Row-level security**: SQL-based data access control
-
-## Test Utilities
-
-### Python Test Helpers
- **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
- **`@with_config`** - Config mocking decorator
- **`@with_feature_flags`** - Feature flag testing
- **`login_as()`, `login_as_admin()`** - Authentication helpers
- **`create_dashboard()`, `create_slice()`** - Data setup utilities
-
-### TypeScript Test Helpers
- **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
- **`createWrapper()`** - Redux/Router/Theme wrapper
- **`selectOption()`** - Select component helper
- **React Testing Library** - NO Enzyme (removed)
-
-### Test Database Patterns
- **Mock patterns**: Use `MagicMock()` for config objects, avoid `AsyncMock` for synchronous code
- **API tests**: Update expected columns when adding new model fields
-
-### Running Tests
-```bash
-# Frontend
-npm run test                           # All tests
-npm run test -- filename.test.tsx     # Single file
-
-# E2E Tests (Playwright - NEW)
-npm run playwright:test                # All Playwright tests
-npm run playwright:ui                  # Interactive UI mode
-npm run playwright:headed              # See browser during tests
-npx playwright test tests/auth/login.spec.ts  # Single file
-npm run playwright:debug tests/auth/login.spec.ts  # Debug specific file
-
-# E2E Tests (Cypress - DEPRECATED)
-cd superset-frontend/cypress-base
-npm run cypress-run-chrome             # All Cypress tests (headless)
-npm run cypress-debug                  # Interactive Cypress UI
-
-# Backend  
-pytest                                 # All tests
-pytest tests/unit_tests/specific_test.py  # Single file
-pytest tests/unit_tests/               # Directory
-
-# If pytest fails with database/setup issues, ask the user to run test environment setup
-```
-
-## Environment Validation
-
-**Quick Setup Check (run this first):**
-
-```bash
-# Verify Superset is running
-curl -f http://localhost:8088/health || echo "❌ Setup required - see https://superset.apache.org/docs/contributing/development#working-with-llms"
-```
-
-**If health checks fail:**
-"It appears you aren't set up properly. Please refer to the [Working with LLMs](https://superset.apache.org/docs/contributing/development#working-with-llms) section in the development docs for setup instructions."
-
-**Key Project Files:**
- `superset-frontend/package.json` - Frontend build scripts (`npm run dev` on port 9000, `npm run test`, `npm run lint`)
- `pyproject.toml` - Python tooling (ruff, mypy configs)
- `requirements/` folder - Python dependencies (base.txt, development.txt)
-
-## SQLAlchemy Query Best Practices  
- **Use negation operator**: `~Model.field` instead of `== False` to avoid ruff E712 errors
- **Example**: `~Model.is_active` instead of `Model.is_active == False`
-
-## Pull Request Guidelines
-
-**When creating pull requests:**
-
-1. **Read the current PR template**: Always check `.github/PULL_REQUEST_TEMPLATE.md` for the latest format
-2. **Use the template sections**: Include all sections from the template (SUMMARY, BEFORE/AFTER, TESTING INSTRUCTIONS, ADDITIONAL INFORMATION)
-3. **Follow PR title conventions**: Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
-   - Format: `type(scope): description`
-   - Example: `fix(dashboard): load charts correctly`
-   - Types: `fix`, `feat`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`
-
-**Important**: Always reference the actual template file at `.github/PULL_REQUEST_TEMPLATE.md` instead of using cached content, as the template may be updated over time.
-
-## Pre-commit Validation
-
-**Use pre-commit hooks for quality validation:**
-
-```bash
-# Install hooks
-pre-commit install
-
-# IMPORTANT: Stage your changes first!
-git add .                        # Pre-commit only checks staged files
-
-# Quick validation (faster than --all-files)
-pre-commit run                   # Staged files only
-pre-commit run mypy              # Python type checking
-pre-commit run prettier          # Code formatting
-pre-commit run eslint            # Frontend linting
-```
-
-**Important pre-commit usage notes:**
- **Stage files first**: Run `git add .` before `pre-commit run` to check only changed files (much faster)
- **Virtual environment**: Activate your Python virtual environment before running pre-commit
-  ```bash
-  # Common virtual environment locations (yours may differ):
-  source .venv/bin/activate      # if using .venv
-  source venv/bin/activate       # if using venv
-  source ~/venvs/superset/bin/activate  # if using a central location
-  ```
-  If you get a "command not found" error, ask the user which virtual environment to activate
- **Auto-fixes**: Some hooks auto-fix issues (e.g., trailing whitespace). Re-run after fixes are applied
-
-## Common File Patterns
-
-### API Structure
- **`/api.py`** - REST endpoints with decorators and OpenAPI docstrings
- **`/schemas.py`** - Marshmallow validation schemas for OpenAPI spec
- **`/commands/`** - Business logic classes with @transaction() decorators
- **`/models/`** - SQLAlchemy database models
- **OpenAPI docs**: Auto-generated at `/swagger/v1` from docstrings and schemas
-
-### Migration Files
- **Location**: `superset/migrations/versions/`
- **Naming**: `YYYY-MM-DD_HH-MM_hash_description.py`
- **Utilities**: Use helpers from `superset.migrations.shared.utils` for database compatibility
- **Pattern**: Import utilities instead of raw SQLAlchemy operations
-
-## Platform-Specific Instructions
-
- **[CLAUDE.md](CLAUDE.md)** - For Claude/Anthropic tools
- **[.github/copilot-instructions.md](.github/copilot-instructions.md)** - For GitHub Copilot  
- **[GEMINI.md](GEMINI.md)** - For Google Gemini tools
- **[GPT.md](GPT.md)** - For OpenAI/ChatGPT tools
- **[.cursor/rules/dev-standard.mdc](.cursor/rules/dev-standard.mdc)** - For Cursor editor
-
---
-
-**LLM Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,9 +44,3 @@ under the License.
 - [4.0.1](./CHANGELOG/4.0.1.md)
 - [4.0.2](./CHANGELOG/4.0.2.md)
 - [4.1.0](./CHANGELOG/4.1.0.md)
- [4.1.1](./CHANGELOG/4.1.1.md)
- [4.1.2](./CHANGELOG/4.1.2.md)
- [4.1.3](./CHANGELOG/4.1.3.md)
- [4.1.4](./CHANGELOG/4.1.4.md)
- [5.0.0](./CHANGELOG/5.0.0.md)
- [6.0.0](./CHANGELOG/6.0.0.md)
--- a/CHANGELOG/4.1.1.md
+++ b/CHANGELOG/4.1.1.md
@@ -1,50 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1 (Fri Nov 15 22:13:57 2024 +0530)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#30886](https://github.com/apache/superset/pull/30886) fix: blocks UI elements on right side (@samarsrivastav)
- [#30859](https://github.com/apache/superset/pull/30859) fix(package.json): Pin luxon version to unblock master (@geido)
- [#30588](https://github.com/apache/superset/pull/30588) fix(explore): column data type tooltip format (@mistercrunch)
- [#29911](https://github.com/apache/superset/pull/29911) fix: Rename database from 'couchbasedb' to 'couchbase' in documentation and db_engine_specs (@ayush-couchbase)
- [#30828](https://github.com/apache/superset/pull/30828) fix(TimezoneSelector): Failing unit tests due to timezone change (@geido)
- [#30875](https://github.com/apache/superset/pull/30875) fix: don't show metadata for embedded dashboards (@sadpandajoe)
- [#30851](https://github.com/apache/superset/pull/30851) fix: Graph chart colors (@michael-s-molina)
- [#29867](https://github.com/apache/superset/pull/29867) fix(capitalization): Capitalizing a button. (@rusackas)
- [#29782](https://github.com/apache/superset/pull/29782) fix(translations): Translate embedded errors (@rusackas)
- [#29772](https://github.com/apache/superset/pull/29772) fix: Fixing incomplete string escaping. (@rusackas)
- [#29725](https://github.com/apache/superset/pull/29725) fix(frontend/docker, ci): fix borked Docker build due to Lerna v8 uplift (@hainenber)
-
-**Others**
-
- [#30576](https://github.com/apache/superset/pull/30576) chore: add link to Superset when report error (@eschutho)
- [#29786](https://github.com/apache/superset/pull/29786) refactor(Slider): Upgrade Slider to Antd 5 (@geido)
- [#29674](https://github.com/apache/superset/pull/29674) refactor(ChartCreation): Migrate tests to RTL (@rtexelm)
- [#29843](https://github.com/apache/superset/pull/29843) refactor(controls): Migrate AdhocMetricOption.test to RTL (@rtexelm)
- [#29845](https://github.com/apache/superset/pull/29845) refactor(controls): Migrate MetricDefinitionValue.test to RTL (@rtexelm)
- [#28424](https://github.com/apache/superset/pull/28424) docs: Check markdown files for bad links using linkinator (@rusackas)
- [#29768](https://github.com/apache/superset/pull/29768) docs(contributing): fix broken link to translations sub-section (@sfirke)
--- a/CHANGELOG/4.1.2.md
+++ b/CHANGELOG/4.1.2.md
@@ -1,83 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.2 (Fri Mar 7 13:28:05 2025 -0800)
-
-**Database Migrations**
-
- [#32538](https://github.com/apache/superset/pull/32538) fix(migrations): Handle comparator None in old time comparison migration (@Antonio-RiveroMartnez)
- [#32155](https://github.com/apache/superset/pull/32155) fix(migrations): Handle no params in time comparison migration (@Antonio-RiveroMartnez)
- [#31185](https://github.com/apache/superset/pull/31185) fix: check for column before adding in migrations (@betodealmeida)
-
-**Features**
-
- [#29974](https://github.com/apache/superset/pull/29974) feat(sqllab): Adds refresh button to table metadata in SQL Lab (@Usiel)
-
-**Fixes**
-
- [#32515](https://github.com/apache/superset/pull/32515) fix(sqllab): Allow clear on schema and catalog (@justinpark)
- [#32500](https://github.com/apache/superset/pull/32500) fix: dashboard, chart and dataset import validation (@dpgaspar)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31407](https://github.com/apache/superset/pull/31407) fix: Big Number side cut fixed (@fardin-developer)
- [#31480](https://github.com/apache/superset/pull/31480) fix(sunburst): Use metric label from verbose map (@gerbermichi)
- [#31427](https://github.com/apache/superset/pull/31427) fix(tags): clean up bulk create api and schema (@villebro)
- [#31334](https://github.com/apache/superset/pull/31334) fix(docs): add custom editUrl path for intro page (@dwgrossberg)
- [#31353](https://github.com/apache/superset/pull/31353) fix(sqllab): duplicate error message (@betodealmeida)
- [#31323](https://github.com/apache/superset/pull/31323) fix: Use clickhouse sqlglot dialect for YDB (@vgvoleg)
- [#31198](https://github.com/apache/superset/pull/31198) fix: add more clickhouse disallowed functions on config (@dpgaspar)
- [#31194](https://github.com/apache/superset/pull/31194) fix(embedded): Hide anchor links in embedded mode (@Vitor-Avila)
- [#31960](https://github.com/apache/superset/pull/31960) fix(sqllab): Missing allowHTML props in ResultTableExtension (@justinpark)
- [#31332](https://github.com/apache/superset/pull/31332) fix: prevent multiple pvm errors on migration (@eschutho)
- [#31437](https://github.com/apache/superset/pull/31437) fix(database import): Gracefully handle error to get catalog schemas (@Vitor-Avila)
- [#31173](https://github.com/apache/superset/pull/31173) fix: cache-warmup fails (@nsivarajan)
- [#30442](https://github.com/apache/superset/pull/30442) fix(fe/src/dashboard): optional chaining for possibly nullable parent attribute in LayoutItem type (@hainenber)
- [#31639](https://github.com/apache/superset/pull/31639) fix(sqllab): unable to update saved queries (@DamianPendrak)
- [#29898](https://github.com/apache/superset/pull/29898) fix: parse pandas pivot null values (@eschutho)
- [#31414](https://github.com/apache/superset/pull/31414) fix(Pivot Table): Fix column width to respect currency config (@Vitor-Avila)
- [#31335](https://github.com/apache/superset/pull/31335) fix(histogram): axis margin padding consistent with other graphs (@tatiana-cherne)
- [#31301](https://github.com/apache/superset/pull/31301) fix(AllEntitiesTable): show Tags (@alexandrusoare)
- [#31329](https://github.com/apache/superset/pull/31329) fix: pass string to `process_template` (@betodealmeida)
- [#31341](https://github.com/apache/superset/pull/31341) fix(pinot): remove query aliases from SELECT and ORDER BY clauses in Pinot (@yuribogomolov)
- [#31308](https://github.com/apache/superset/pull/31308) fix: annotations on horizontal bar chart (@DamianPendrak)
- [#31294](https://github.com/apache/superset/pull/31294) fix(sqllab): Remove update_saved_query_exec_info to reduce lag (@justinpark)
- [#30897](https://github.com/apache/superset/pull/30897) fix: Exception handling for SQL Lab views (@michael-s-molina)
- [#31199](https://github.com/apache/superset/pull/31199) fix(Databricks): Escape catalog and schema names in pre-queries (@Vitor-Avila)
- [#31265](https://github.com/apache/superset/pull/31265) fix(trino): db session error in handle cursor (@justinpark)
- [#31024](https://github.com/apache/superset/pull/31024) fix(dataset): use sqlglot for DML check (@betodealmeida)
- [#29885](https://github.com/apache/superset/pull/29885) fix: add mutator to get_columns_description (@eschutho)
- [#30821](https://github.com/apache/superset/pull/30821) fix: x axis title disappears when editing bar chart (@DamianPendrak)
- [#31181](https://github.com/apache/superset/pull/31181) fix: Time-series Line Chart Display unnecessary total (@michael-s-molina)
- [#31163](https://github.com/apache/superset/pull/31163) fix(Dashboard): Backward compatible shared_label_colors field (@geido)
- [#31156](https://github.com/apache/superset/pull/31156) fix: check orderby (@betodealmeida)
- [#31154](https://github.com/apache/superset/pull/31154) fix: Remove unwanted commit on Trino's handle_cursor (@michael-s-molina)
- [#31151](https://github.com/apache/superset/pull/31151) fix: Revert "feat(trino): Add functionality to upload data (#29164)" (@michael-s-molina)
- [#31031](https://github.com/apache/superset/pull/31031) fix(Dashboard): Ensure shared label colors are updated (@geido)
- [#30967](https://github.com/apache/superset/pull/30967) fix(release validation): scripts now support RSA and EDDSA keys. (@rusackas)
- [#30881](https://github.com/apache/superset/pull/30881) fix(Dashboard): Native & Cross-Filters Scoping Performance (@geido)
- [#30887](https://github.com/apache/superset/pull/30887) fix(imports): import query_context for imports with charts (@lindenh)
- [#31008](https://github.com/apache/superset/pull/31008) fix(explore): verified props is not updated (@justinpark)
- [#30646](https://github.com/apache/superset/pull/30646) fix(Dashboard): Retain colors when color scheme not set (@geido)
- [#30962](https://github.com/apache/superset/pull/30962) fix(Dashboard): Exclude edit param in async screenshot (@geido)
-
-**Others**
-
- [#32043](https://github.com/apache/superset/pull/32043) chore: Skip the creation of secondary perms during catalog migrations (@Vitor-Avila)
- [#30865](https://github.com/apache/superset/pull/30865) docs: Updating 4.1 Release Notes (@yousoph)
--- a/CHANGELOG/4.1.3.md
+++ b/CHANGELOG/4.1.3.md
@@ -1,58 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.3 (Thu May 29 02:31:07 2025 -0500)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
-
- [#33522](https://github.com/apache/superset/pull/33522) fix(Sqllab):  Autocomplete got stuck in UI when open it too fast (@rebenitez1802)
- [#33425](https://github.com/apache/superset/pull/33425) fix(table-chart): time shift is not working (@justinpark)
- [#32414](https://github.com/apache/superset/pull/32414) fix(api): Added uuid to list api calls (@withnale)
- [#33354](https://github.com/apache/superset/pull/33354) fix: loading examples from raw.githubusercontent.com fails with 429 errors (@mistercrunch)
- [#32382](https://github.com/apache/superset/pull/32382) fix(pinot): revert join and subquery flags (@yuribogomolov)
- [#32473](https://github.com/apache/superset/pull/32473) fix(plugin-chart-echarts): remove erroneous upper bound value (@villebro)
- [#33048](https://github.com/apache/superset/pull/33048) fix: improve error type on parse error (@justinpark)
- [#32968](https://github.com/apache/superset/pull/32968) fix(pivot-table): Revert "fix(Pivot Table): Fix column width to respect currency config (#31414)" (@justinpark)
- [#32795](https://github.com/apache/superset/pull/32795) fix(log): store navigation path to get correct logging path (@justinpark)
- [#33216](https://github.com/apache/superset/pull/33216) fix: Downgrade to marshmallow<4 (@amotl)
- [#32866](https://github.com/apache/superset/pull/32866) fix: make packages PEP 625 compliant (@sadpandajoe)
- [#32035](https://github.com/apache/superset/pull/32035) fix(fe/dashboard-list): display modifier info for `Last modified` data (@hainenber)
- [#32708](https://github.com/apache/superset/pull/32708) fix(logging): missing path in event data (@justinpark)
- [#32699](https://github.com/apache/superset/pull/32699) fix: Signature of Celery pruner jobs (@michael-s-molina)
- [#32681](https://github.com/apache/superset/pull/32681) fix(log): Update recent_activity by event name (@justinpark)
- [#32608](https://github.com/apache/superset/pull/32608) fix(welcome): perf on distinct recent activities (@justinpark)
- [#32572](https://github.com/apache/superset/pull/32572) fix: Log table retention policy (@michael-s-molina)
- [#32406](https://github.com/apache/superset/pull/32406) fix(model/helper): represent RLS filter clause in proper textual SQL string (@hainenber)
- [#32240](https://github.com/apache/superset/pull/32240) fix: upgrade to 3.11.11-slim-bookworm to address critical vulnerabilities (@gpchandran)
- [#30858](https://github.com/apache/superset/pull/30858) fix(chart data): removing query from /chart/data payload when accessing as guest user (@fisjac)
-
-**Others**
-
- [#33612](https://github.com/apache/superset/pull/33612) chore: update Dockerfile - Upgrade to 3.11.12 (@gpchandran)
- [#33435](https://github.com/apache/superset/pull/33435) docs: CVEs fixed on 4.1.2 (@sha174n)
- [#33339](https://github.com/apache/superset/pull/33339) chore(🦾): bump python h11 0.14.0 -> 0.16.0 (@github-actions[bot])
- [#32745](https://github.com/apache/superset/pull/32745) chore(🦾): bump python sqlglot 26.1.3 -> 26.11.1 (@github-actions[bot])
- [#32782](https://github.com/apache/superset/pull/32782) chore: Revert "chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm`" (@sadpandajoe)
- [#32780](https://github.com/apache/superset/pull/32780) chore: bump base image in Dockerfile with `ARG PY_VER=3.11.11-slim-bookworm` (@gpchandran)
--- a/CHANGELOG/4.1.4.md
+++ b/CHANGELOG/4.1.4.md
@@ -1,33 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 4.1.4 (Thu Jul 24 08:30:04 2025 -0300)
-
-**Database Migrations**
-
-**Features**
-
-**Fixes**
- [#34289](https://github.com/apache/superset/pull/34289) fix: Saved queries list break if one query can't be parsed (@michael-s-molina)
- [#33059](https://github.com/apache/superset/pull/33059) fix: Adds missing __init__ file to commands/logs (@michael-s-molina)
-
-**Others**
- [#32236](https://github.com/apache/superset/pull/32236) chore(deps): bump cryptography from 43.0.3 to 44.0.1 (@dependabot[bot])
--- a/CHANGELOG/5.0.0.md
+++ b/CHANGELOG/5.0.0.md
@@ -1,937 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-->
-
-## Change Log
-
-### 5.0.0 (Wed Jun 18 13:54:10 2025 -0300)
-
-**Database Migrations**
-
- [#31959](https://github.com/apache/superset/pull/31959) refactor: upload data unification, less permissions and less endpoints (@dpgaspar)
- [#31582](https://github.com/apache/superset/pull/31582) refactor: Removes 5.0 approved legacy charts (@michael-s-molina)
- [#31490](https://github.com/apache/superset/pull/31490) feat: use docker in frontend GHA to parallelize work (@mistercrunch)
- [#30398](https://github.com/apache/superset/pull/30398) feat: add and use UUIDMixin for most models (@mistercrunch)
- [#29649](https://github.com/apache/superset/pull/29649) fix: remove old database constraint on the Dataset model (@betodealmeida)
- [#31447](https://github.com/apache/superset/pull/31447) chore: enforce more ruff rules (@mistercrunch)
- [#31303](https://github.com/apache/superset/pull/31303) feat: Adds helper functions for migrations (@luizotavio32)
-
-**Features**
-
- [#32052](https://github.com/apache/superset/pull/32052) feat: add connector for Parseable (@AdheipSingh)
- [#32051](https://github.com/apache/superset/pull/32051) feat(sqllab): improve table metadata UI (@justinpark)
- [#29900](https://github.com/apache/superset/pull/29900) feat(sqllab): Replace FilterableTable by AgGrid Table (@justinpark)
- [#31979](https://github.com/apache/superset/pull/31979) feat(fe): upgrade `superset-frontend` to Typescript v5 (@hainenber)
- [#31413](https://github.com/apache/superset/pull/31413) feat: add date format to the email subject (@US579)
- [#31984](https://github.com/apache/superset/pull/31984) feat: run prettier before eslint in pre-commit hooks (@mistercrunch)
- [#31889](https://github.com/apache/superset/pull/31889) feat(CalendarFrame): adding previous calendar quarter (@alexandrusoare)
- [#31796](https://github.com/apache/superset/pull/31796) feat: get docker-compose to work as the backend for Cypress tests (@mistercrunch)
- [#31876](https://github.com/apache/superset/pull/31876) feat: use npm run dev-server in docker-compose (@mistercrunch)
- [#31849](https://github.com/apache/superset/pull/31849) feat: old Firebolt dialect (@betodealmeida)
- [#31840](https://github.com/apache/superset/pull/31840) feat: Mutate SQL query executed by alerts (@Vitor-Avila)
- [#31825](https://github.com/apache/superset/pull/31825) feat: Firebolt sqlglot dialect (@betodealmeida)
- [#31575](https://github.com/apache/superset/pull/31575) feat: redesign labels (@mistercrunch)
- [#31747](https://github.com/apache/superset/pull/31747) feat: improve docker-compose services boot sequence (@mistercrunch)
- [#31760](https://github.com/apache/superset/pull/31760) feat: allowing print() statements to be unbuffered in docker (@mistercrunch)
- [#31486](https://github.com/apache/superset/pull/31486) feat: push predicates into virtual datasets (@betodealmeida)
- [#31518](https://github.com/apache/superset/pull/31518) feat: adds a github action to auto label draft prs (@sadpandajoe)
- [#31740](https://github.com/apache/superset/pull/31740) feat: make CI against 'next' python version not-required (@mistercrunch)
- [#31602](https://github.com/apache/superset/pull/31602) feat(Sqllab): Enabling selection and copying of columns and rows in sql lab and dataset view (@samraHanif0340)
- [#31580](https://github.com/apache/superset/pull/31580) feat(doris): add catalog support for Apache Doris (@liujiwen-up)
- [#25869](https://github.com/apache/superset/pull/25869) feat(plugin): add plugin-chart-cartodiagram (@jansule)
- [#31037](https://github.com/apache/superset/pull/31037) feat(country-map): add map for France with all overseas territories (@tarraschk)
- [#31386](https://github.com/apache/superset/pull/31386) feat(gha): various docker / docker-compose build improvements (@mistercrunch)
- [#31316](https://github.com/apache/superset/pull/31316) feat(sqllab): giving the query history pane a facelift (@mistercrunch)
- [#31273](https://github.com/apache/superset/pull/31273) feat: fine-grain chart data telemetry (@betodealmeida)
- [#31141](https://github.com/apache/superset/pull/31141) feat: add YDB as a new database engine (@vgvoleg)
- [#31261](https://github.com/apache/superset/pull/31261) feat(Handlebars): formatNumber and group helpers (@Vitor-Avila)
- [#31260](https://github.com/apache/superset/pull/31260) feat: use uv in CI (@mistercrunch)
- [#31187](https://github.com/apache/superset/pull/31187) feat(sqllab): Popup notification when download data can exceed row count (@justinpark)
- [#31166](https://github.com/apache/superset/pull/31166) feat: make sure to quote formulas on Excel export (@betodealmeida)
- [#31164](https://github.com/apache/superset/pull/31164) feat: purge OAuth2 tokens when DB changes (@betodealmeida)
- [#30870](https://github.com/apache/superset/pull/30870) feat: make ephemeral env use supersetbot + deprecate build_docker.py (@mistercrunch)
- [#30926](https://github.com/apache/superset/pull/30926) feat(trino,presto): add missing time grains (@villebro)
- [#30884](https://github.com/apache/superset/pull/30884) feat: add logging durations for screenshot async service (@mistercrunch)
- [#29609](https://github.com/apache/superset/pull/29609) feat: add a script to check environment software versions (@mistercrunch)
- [#30081](https://github.com/apache/superset/pull/30081) feat(oauth2): add support for trino (@joaoferrao)
- [#30694](https://github.com/apache/superset/pull/30694) feat: allow exporting all tabs to a single PDF in report (@US579)
- [#30674](https://github.com/apache/superset/pull/30674) feat(oauth): adding necessary changes to support bigquery oauth (@fisjac)
- [#30721](https://github.com/apache/superset/pull/30721) feat(dataset API): Add parameter to optionally render Jinja macros in API response (@Vitor-Avila)
- [#30412](https://github.com/apache/superset/pull/30412) feat: cancel impala query on stop (@wugeer)
- [#30710](https://github.com/apache/superset/pull/30710) feat(helm-chart): Add extraLabels to all resources (@maxforasteiro)
- [#29927](https://github.com/apache/superset/pull/29927) feat(db_engine_specs): added support for Denodo Virtual DataPort (@denodo-research-labs)
- [#30593](https://github.com/apache/superset/pull/30593) feat(number-format): Add duration formatter with colon notation (@gerbermichi)
- [#30559](https://github.com/apache/superset/pull/30559) feat(formatting): Add memory units adaptive formatter to format bytes (@mkopec87)
- [#30501](https://github.com/apache/superset/pull/30501) feat(SQL Lab): better SQL parsing error messages (@betodealmeida)
- [#30390](https://github.com/apache/superset/pull/30390) feat(be/cfg): replace deprecated imp.load_source with importlib.util (@hainenber)
- [#29395](https://github.com/apache/superset/pull/29395) feat(dashboard): update tab drag and drop reordering with positional placement and indicators for UI (@rtexelm)
- [#30380](https://github.com/apache/superset/pull/30380) feat(auth): when user is not logged in, failure to access a dashboard should redirect to login screen (@sfirke)
- [#30364](https://github.com/apache/superset/pull/30364) feat(datasets): Allow swap dataset after deletion (@Antonio-RiveroMartnez)
- [#30336](https://github.com/apache/superset/pull/30336) feat(Digest): Add RLS at digest generation for Charts and Dashboards (@geido)
- [#30266](https://github.com/apache/superset/pull/30266) feat: allow configuring an engine context manager (@betodealmeida)
- [#30323](https://github.com/apache/superset/pull/30323) feat(jinja): add option to format time filters using strftime (@villebro)
- [#29897](https://github.com/apache/superset/pull/29897) feat(explore): Add time shift color control to ECharts (@rtexelm)
- [#30016](https://github.com/apache/superset/pull/30016) feat: Displaying details to Dataset/Database deletion modals (@rusackas)
- [#30142](https://github.com/apache/superset/pull/30142) feat(jinja): add advanced temporal filter functionality (@villebro)
- [#28110](https://github.com/apache/superset/pull/28110) feat(db_engine): Implement user impersonation support for StarRocks (@Woellchen)
- [#30126](https://github.com/apache/superset/pull/30126) feat: OAuth2 database field (@betodealmeida)
- [#30082](https://github.com/apache/superset/pull/30082) feat: Oauth2 in DatabaseSelector (@betodealmeida)
- [#30071](https://github.com/apache/superset/pull/30071) feat: allow create/update OAuth2 DB (@betodealmeida)
- [#29912](https://github.com/apache/superset/pull/29912) feat(GAQ): Add Redis Sentinel Support for Global Async Queries (@nsivarajan)
- [#24308](https://github.com/apache/superset/pull/24308) feat(docker): add GUNICORN_LOGLEVEL env var (@drummerwolli)
- [#29333](https://github.com/apache/superset/pull/29333) feat(alert/reports): adding logic to handle downstream reports when tab is deleted from dashboard (@fisjac)
- [#30002](https://github.com/apache/superset/pull/30002) feat(time_comparison): Support all date formats when computing custom and inherit offsets (@Antonio-RiveroMartnez)
- [#25775](https://github.com/apache/superset/pull/25775) feat: Adding Elestio as deployment option (@kaiwalyakoparkar)
- [#29941](https://github.com/apache/superset/pull/29941) feat(docs): fix bug google chrome < 114 not found (@hoalongnatsu)
- [#29917](https://github.com/apache/superset/pull/29917) feat: Enable injecting custom html into head (@kgabryje)
- [#29875](https://github.com/apache/superset/pull/29875) feat(build): webpack visualizer (@rusackas)
- [#29724](https://github.com/apache/superset/pull/29724) feat: get html (links/styling/img/...) to work in pivot table (@mistercrunch)
- [#29795](https://github.com/apache/superset/pull/29795) feat: adding AntdThemeProvider to storybook config (@rusackas)
- [#29096](https://github.com/apache/superset/pull/29096) feat(alerts): enable tab selection for dashboard alerts/reports (@fisjac)
- [#29553](https://github.com/apache/superset/pull/29553) feat(explorer): Add configs and formatting to discrete comparison columns (@rtexelm)
- [#29627](https://github.com/apache/superset/pull/29627) feat(country map): Adding Hungary (and other touchups) (@rusackas)
-
-**Fixes**
-
- [#33817](https://github.com/apache/superset/pull/33817) fix: SQL Lab warning message sizes (@michael-s-molina)
- [#33779](https://github.com/apache/superset/pull/33779) fix(Echarts): Echarts Legend Scroll fix (@amaannawab923)
- [#33765](https://github.com/apache/superset/pull/33765) fix(tooltip): Sanitize tooltip html (@msyavuz)
- [#33759](https://github.com/apache/superset/pull/33759) fix: apply d3 format to BigNumber(s) (@betodealmeida)
- [#33752](https://github.com/apache/superset/pull/33752) fix(create chart page): add missing space between words (@Quatters)
- [#33748](https://github.com/apache/superset/pull/33748) fix: sync dot color between dashboard chart and edit chart (@anantaoutlook)
- [#33743](https://github.com/apache/superset/pull/33743) fix(dataset): Fix plural toast messages (@rad-pat)
- [#33717](https://github.com/apache/superset/pull/33717) fix(explore): add gap to the "Cached" button (@Quatters)
- [#33719](https://github.com/apache/superset/pull/33719) fix(Alerts & reports): invalid "Last updated" time formatting (@Quatters)
- [#33726](https://github.com/apache/superset/pull/33726) fix(dashboard): show dashboard thumbnail images when retrieved (@rad-pat)
- [#33296](https://github.com/apache/superset/pull/33296) fix(template_processing): get_filters now works for IS_NULL and IS_NOT_NULL operators (@Prokos)
- [#32414](https://github.com/apache/superset/pull/32414) fix(api): Added uuid to list api calls (@withnale)
- [#33710](https://github.com/apache/superset/pull/33710) fix: Migrate charts with empty query_context (@luizotavio32)
- [#33592](https://github.com/apache/superset/pull/33592) fix: Makes time compare migration more resilient (@michael-s-molina)
- [#33596](https://github.com/apache/superset/pull/33596) fix: Missing processor context when rendering Jinja (@michael-s-molina)
- [#33285](https://github.com/apache/superset/pull/33285) fix: Adjust viz migrations to also migrate the queries object (@luizotavio32)
- [#33431](https://github.com/apache/superset/pull/33431) fix(sankey): incorrect nodeValues (@richardfogaca)
- [#33553](https://github.com/apache/superset/pull/33553) fix(AllEntities): Display action buttons according to the user permissions (@Vitor-Avila)
- [#30577](https://github.com/apache/superset/pull/30577) fix(user settings): Update forked cosmo theme to resolve down chevron in caret style (#30514) (@mklumpen)
- [#33540](https://github.com/apache/superset/pull/33540) fix(table): table sort by fix (@amaannawab923)
- [#33522](https://github.com/apache/superset/pull/33522) fix(Sqllab): Autocomplete got stuck in UI when open it too fast (@rebenitez1802)
- [#33444](https://github.com/apache/superset/pull/33444) fix: allow metadata to parse json (@eschutho)
- [#33425](https://github.com/apache/superset/pull/33425) fix(table-chart): time shift is not working (@justinpark)
- [#33364](https://github.com/apache/superset/pull/33364) fix(deckgl): fix deckgl multiple layers chart filter and viewport (@syedbarimanjan)
- [#33422](https://github.com/apache/superset/pull/33422) fix(Row): don't unload charts while embedded to reduce rerenders (@msyavuz)
- [#33354](https://github.com/apache/superset/pull/33354) fix: loading examples from raw.githubusercontent.com fails with 429 errors (@mistercrunch)
- [#31917](https://github.com/apache/superset/pull/31917) fix(be/utils): sync cache timeout for memoized function (@hainenber)
- [#33345](https://github.com/apache/superset/pull/33345) fix(i18n): zh_TW pybabel compile error: placeholders are incompatible (@bestlong)
- [#33337](https://github.com/apache/superset/pull/33337) fix: Edge case with metric not getting quoted in sort by when normalize_columns is enabled (@Vitor-Avila)
- [#33224](https://github.com/apache/superset/pull/33224) fix: Temporal filter conversion in viz migrations (@michael-s-molina)
- [#33306](https://github.com/apache/superset/pull/33306) fix: improve function detection (@betodealmeida)
- [#33269](https://github.com/apache/superset/pull/33269) fix(echarts): rename time series shifted colnames (@justinpark)
- [#33267](https://github.com/apache/superset/pull/33267) fix: mask password on DB import (@betodealmeida)
- [#33025](https://github.com/apache/superset/pull/33025) fix: LocalProxy is not mapped warning (@dpgaspar)
- [#33248](https://github.com/apache/superset/pull/33248) fix(histogram): remove extra single quotes (@rusackas)
- [#33250](https://github.com/apache/superset/pull/33250) fix(DB update): Gracefully handle querry error during DB update (@Vitor-Avila)
- [#33238](https://github.com/apache/superset/pull/33238) fix(heatmap): correctly render int and boolean falsy values on axes (@sfirke)
- [#33237](https://github.com/apache/superset/pull/33237) fix(sqllab permalink): Commit SQL Lab permalinks (@Vitor-Avila)
- [#33234](https://github.com/apache/superset/pull/33234) fix(standalone): Ensure correct URL param value for standalone mode (@Vitor-Avila)
- [#33291](https://github.com/apache/superset/pull/33291) fix(antd): Invalid dashed border in tertiary button (@justinpark)
- [#33214](https://github.com/apache/superset/pull/33214) fix(export): Full CSV/Excel exports respecting SQL_MAX_ROW config (@Vitor-Avila)
- [#33164](https://github.com/apache/superset/pull/33164) fix(sqllab): Invalid SQL Error breaks SQL Lab (@justinpark)
- [#33154](https://github.com/apache/superset/pull/33154) fix(deckgl): Update Arc to properly adjust line width (@rusackas)
- [#33161](https://github.com/apache/superset/pull/33161) fix: os.makedirs race condition (@jamra)
- [#33143](https://github.com/apache/superset/pull/33143) fix(echart): Thrown errors shown after resized (@justinpark)
- [#33138](https://github.com/apache/superset/pull/33138) fix(echart): Tooltip date format doesn't follow time grain (@justinpark)
- [#31692](https://github.com/apache/superset/pull/31692) fix(lang): patch FAB's LocaleView to redirect to previous page (@pomegranited)
- [#33106](https://github.com/apache/superset/pull/33106) fix(dashboard): invalid active tab state (@justinpark)
- [#33037](https://github.com/apache/superset/pull/33037) fix: Viz migration error handling (@michael-s-molina)
- [#33107](https://github.com/apache/superset/pull/33107) fix(playwright): allow screenshotting empty dashboards (@hxtmdev)
- [#33110](https://github.com/apache/superset/pull/33110) fix: resolve recent merge collisio (@mistercrunch)
- [#33103](https://github.com/apache/superset/pull/33103) fix: Allows configuration of Selenium Webdriver binary (@michael-s-molina)
- [#33109](https://github.com/apache/superset/pull/33109) fix(thumbnails): ensure consistent cache_key (@hxtmdev)
- [#32193](https://github.com/apache/superset/pull/32193) fix(dashboard): Generate screenshot via celery (@tahvane1)
- [#33087](https://github.com/apache/superset/pull/33087) fix(docker): fallback to pip if uv is not available (@hossein-khalilian)
- [#33059](https://github.com/apache/superset/pull/33059) fix: Adds missing **init** file to commands/logs (@michael-s-molina)
- [#33048](https://github.com/apache/superset/pull/33048) fix: improve error type on parse error (@justinpark)
- [#31720](https://github.com/apache/superset/pull/31720) fix(export): charts csv export in dashboards (@EmmanuelCbd)
- [#33024](https://github.com/apache/superset/pull/33024) fix(log): Missing failed query log on async queries (@justinpark)
- [#32839](https://github.com/apache/superset/pull/32839) fix: fix bug where dashboard did not enter fullscreen mode. (@LevisNgigi)
- [#28428](https://github.com/apache/superset/pull/28428) fix(dashboard): chart fullscreen issue when filter pane is collapsed (@hlvhe)
- [#29422](https://github.com/apache/superset/pull/29422) fix: `show_filters` URL parameter is not working (@hexcafe)
- [#32965](https://github.com/apache/superset/pull/32965) fix: Bar Chart (legacy) migration to keep labels layout (@michael-s-molina)
- [#30679](https://github.com/apache/superset/pull/30679) fix: fixed Add Metrics to Tree Chart (#29158) (@SBIN2010)
- [#32968](https://github.com/apache/superset/pull/32968) fix(pivot-table): Revert "fix(Pivot Table): Fix column width to respect currency config (#31414)" (@justinpark)
- [#32384](https://github.com/apache/superset/pull/32384) fix: Clicking in the body of a Markdown component does not put it into edit mode (@notHuman9504)
- [#32763](https://github.com/apache/superset/pull/32763) fix(sqllab): Invalid display of table column keys (@justinpark)
- [#32871](https://github.com/apache/superset/pull/32871) fix(Jinja): Emit time grain to table charts even if they don't have a temporal column (@Vitor-Avila)
- [#32372](https://github.com/apache/superset/pull/32372) fix(backend/async_events): allow user to configure username for Redis authentication in GLOBAL_ASYNC_QUERIES_CACHE_BACKEND (@hainenber)
- [#32873](https://github.com/apache/superset/pull/32873) fix: use role_model from security manager (@lohart13)
- [#32851](https://github.com/apache/superset/pull/32851) fix(ColorPickerControl): change color picker control width (@SBIN2010)
- [#32863](https://github.com/apache/superset/pull/32863) fix(table-chart): Do not show comparison columns config if time_compare is set to [] (@Vitor-Avila)
- [#31869](https://github.com/apache/superset/pull/31869) fix(translation): Dutch translations for Current datetime filter (@christiaan)
- [#32829](https://github.com/apache/superset/pull/32829) fix: update dataset/query catalog on DB changes (@betodealmeida)
- [#32850](https://github.com/apache/superset/pull/32850) fix(echarts): Sort series by name using natural comparison (@Vitor-Avila)
- [#32795](https://github.com/apache/superset/pull/32795) fix(log): store navigation path to get correct logging path (@justinpark)
- [#32665](https://github.com/apache/superset/pull/32665) fix: Time Comparison Feature Reverts Metric Labels to Metric Keys in Table Charts (@fardin-developer)
- [#32792](https://github.com/apache/superset/pull/32792) fix: key error in frontend on disallowed GSheets (@chrisvnimbus)
- [#32797](https://github.com/apache/superset/pull/32797) fix: CSV/Excel upload form change column dates description (@SBIN2010)
- [#32802](https://github.com/apache/superset/pull/32802) fix(sec): resolve CVE-2025-29907 and CVE-2025-25977 by pinning `jspdf` to v3 (@hainenber)
- [#32406](https://github.com/apache/superset/pull/32406) fix(model/helper): represent RLS filter clause in proper textual SQL string (@hainenber)
- [#32739](https://github.com/apache/superset/pull/32739) fix(excel export): big number truncation handling (@CharlesNkdl)
- [#32778](https://github.com/apache/superset/pull/32778) fix(config): correct slack image url in talisman (@v9dev)
- [#28350](https://github.com/apache/superset/pull/28350) fix(css): typos in styles (@Kukusik8)
- [#32775](https://github.com/apache/superset/pull/32775) fix(import): Missing catalog field in saved query schema (@Quatters)
- [#32774](https://github.com/apache/superset/pull/32774) fix(sqllab): Pass query_id as kwarg so backoff can see it (@Antonio-RiveroMartnez)
- [#32720](https://github.com/apache/superset/pull/32720) fix(chart control): Change default of "Y Axis Title Margin" (@Quatters)
- [#32761](https://github.com/apache/superset/pull/32761) fix: do not add calculated columns when syncing (@eschutho)
- [#31751](https://github.com/apache/superset/pull/31751) fix: Changing language doesn't affect echarts charts (@jpchev)
- [#28203](https://github.com/apache/superset/pull/28203) fix(contextmenu): uncaught TypeError (@sowo)
- [#32679](https://github.com/apache/superset/pull/32679) fix: ensure datasource permission in explore (@hxtmdev)
- [#32410](https://github.com/apache/superset/pull/32410) fix(import): Ensure import exceptions are logged (@withnale)
- [#32683](https://github.com/apache/superset/pull/32683) fix: coerce datetime conversion errors (@betodealmeida)
- [#32708](https://github.com/apache/superset/pull/32708) fix(logging): missing path in event data (@justinpark)
- [#32701](https://github.com/apache/superset/pull/32701) fix: boolean filters in Explore (@betodealmeida)
- [#32696](https://github.com/apache/superset/pull/32696) fix(spreadsheet uploads): make file extension comparisons case-insensitive (@sfirke)
- [#32691](https://github.com/apache/superset/pull/32691) fix(cosmetics): allow toast message to be toggled off when modal is opened (@hainenber)
- [#32699](https://github.com/apache/superset/pull/32699) fix: Signature of Celery pruner jobs (@michael-s-molina)
- [#32681](https://github.com/apache/superset/pull/32681) fix(log): Update recent_activity by event name (@justinpark)
- [#32678](https://github.com/apache/superset/pull/32678) fix: Update RELEASING/README.md (@michael-s-molina)
- [#32661](https://github.com/apache/superset/pull/32661) fix(gsheets): update params from encrypted extra (@betodealmeida)
- [#32657](https://github.com/apache/superset/pull/32657) fix(import): Import a DB connection with expanded rows enabled (@Vitor-Avila)
- [#32646](https://github.com/apache/superset/pull/32646) fix(dashboard): Ensure `dashboardId` is included in `form_data` for embedded mode (@mostopalove)
- [#32652](https://github.com/apache/superset/pull/32652) fix: Upgrade node base image to Debian 12 bookworm (@dolph)
- [#32608](https://github.com/apache/superset/pull/32608) fix(welcome): perf on distinct recent activities (@justinpark)
- [#32549](https://github.com/apache/superset/pull/32549) fix(dashboard): Support bigint value in native filters (@justinpark)
- [#32599](https://github.com/apache/superset/pull/32599) fix(Slack V2): Specify the filename for the Slack upload method (@Vitor-Avila)
- [#32572](https://github.com/apache/superset/pull/32572) fix: Log table retention policy (@michael-s-molina)
- [#32532](https://github.com/apache/superset/pull/32532) fix: add DateOffset to json serializer (@eschutho)
- [#32523](https://github.com/apache/superset/pull/32523) fix: keep calculated columns when datasource is updated (@eschutho)
- [#32507](https://github.com/apache/superset/pull/32507) fix: Show response message as default error (@eschutho)
- [#32336](https://github.com/apache/superset/pull/32336) fix(Slack): Fix Slack recipients migration to V2 (@Vitor-Avila)
- [#32511](https://github.com/apache/superset/pull/32511) fix(beat): prune_query celery task args fix (@Usiel)
- [#32499](https://github.com/apache/superset/pull/32499) fix(explore): Glitch in a tooltip with metric's name (@kgabryje)
- [#32486](https://github.com/apache/superset/pull/32486) fix: skip DB filter when doing OAuth2 (@betodealmeida)
- [#32488](https://github.com/apache/superset/pull/32488) fix(tooltip): displaying <a> tags correctly (@rusackas)
- [#32473](https://github.com/apache/superset/pull/32473) fix(plugin-chart-echarts): remove erroneous upper bound value (@villebro)
- [#32420](https://github.com/apache/superset/pull/32420) fix(com/grid-comp/markdown): pin `remark-gfm` to v3 to allow inline code block by backticks in Markdown (@hainenber)
- [#32423](https://github.com/apache/superset/pull/32423) fix(clickhouse): get_parameters_from_uri failing when secure is true (@codenamelxl)
- [#32290](https://github.com/apache/superset/pull/32290) fix(viz): update nesting logic to handle multiple dimensions in PartitionViz (@DamianPendrak)
- [#32382](https://github.com/apache/superset/pull/32382) fix(pinot): revert join and subquery flags (@yuribogomolov)
- [#32325](https://github.com/apache/superset/pull/32325) fix: bump FAB to 4.5.4 (@dpgaspar)
- [#32344](https://github.com/apache/superset/pull/32344) fix: ensure metric_macro expands templates (@betodealmeida)
- [#32348](https://github.com/apache/superset/pull/32348) fix: clickhouse-connect engine SSH parameter (@maybedino)
- [#32362](https://github.com/apache/superset/pull/32362) fix(docker): Configure nginx for consistent port mapping and hot reloading (@vedantprajapati)
- [#32350](https://github.com/apache/superset/pull/32350) fix(firebolt): allow backslach escape for single quotes (@betodealmeida)
- [#32356](https://github.com/apache/superset/pull/32356) fix(SSHTunnelForm): make the password tooltip visible (@EnxDev)
- [#32284](https://github.com/apache/superset/pull/32284) fix(roles): Add SqlLabPermalinkRestApi as default sqlab roles. (@LevisNgigi)
- [#32035](https://github.com/apache/superset/pull/32035) fix(fe/dashboard-list): display modifier info for `Last modified` data (@hainenber)
- [#32337](https://github.com/apache/superset/pull/32337) fix: revert "fix: remove sort values on stacked totals (#31333)" (@eschutho)
- [#31993](https://github.com/apache/superset/pull/31993) fix: oauth2 trino (@aurokk)
- [#32332](https://github.com/apache/superset/pull/32332) fix: Download as PDF fails due to cache error (@kgabryje)
- [#30888](https://github.com/apache/superset/pull/30888) fix: keep the tab order (@US579)
- [#32272](https://github.com/apache/superset/pull/32272) fix(viz/table): selected column not shown in Conditional Formatting popover (@hainenber)
- [#32253](https://github.com/apache/superset/pull/32253) fix: Decimal values for Histogram bins (@michael-s-molina)
- [#32218](https://github.com/apache/superset/pull/32218) fix(Datasource): handle undefined datasource_type in fetchSyncedColumns (@tahvane1)
- [#32240](https://github.com/apache/superset/pull/32240) fix: upgrade to 3.11.11-slim-bookworm to address critical vulnerabilities (@gpchandran)
- [#31333](https://github.com/apache/superset/pull/31333) fix: remove sort values on stacked totals (@eschutho)
- [#32227](https://github.com/apache/superset/pull/32227) fix: Update 'Last modified' time when modifying RLS rules (@fardin-developer)
- [#32115](https://github.com/apache/superset/pull/32115) fix(Scope): Correct issue where filters appear out of scope when sort is unchecked. (@LevisNgigi)
- [#32224](https://github.com/apache/superset/pull/32224) fix(sqllab): close the table tab (@justinpark)
- [#32212](https://github.com/apache/superset/pull/32212) fix: set `Rich tooltip` -> 'Show percentage' to false by default (@mistercrunch)
- [#32222](https://github.com/apache/superset/pull/32222) fix(SaveDatasetModal): repairs field alignment in the SaveDatasetModal component (@EnxDev)
- [#32211](https://github.com/apache/superset/pull/32211) fix: hydrate datasetsStatus (@betodealmeida)
- [#32195](https://github.com/apache/superset/pull/32195) fix: handlebars html and css templates reset on dataset update (@DamianPendrak)
- [#32176](https://github.com/apache/superset/pull/32176) fix: TDengine move tdengine.png to databases/ subfolder (@DuanKuanJun)
- [#32185](https://github.com/apache/superset/pull/32185) fix: Adds an entry to UPDATING.md about DISABLE_LEGACY_DATASOURCE_EDITOR (@michael-s-molina)
- [#32154](https://github.com/apache/superset/pull/32154) fix(sqllab): correct URL format for SQL Lab permalinks (@LevisNgigi)
- [#30903](https://github.com/apache/superset/pull/30903) fix(virtual dataset sync): Sync virtual dataset columns when changing the SQL query (@fisjac)
- [#32163](https://github.com/apache/superset/pull/32163) fix(docker): Docker python-translation-build (@EmmanuelCbd)
- [#32156](https://github.com/apache/superset/pull/32156) fix: ScreenshotCachePayload serialization (@betodealmeida)
- [#32151](https://github.com/apache/superset/pull/32151) fix(releasing): fix borked SVN-based image building process (@hainenber)
- [#32137](https://github.com/apache/superset/pull/32137) fix: copy oauth2 capture to `get_sqla_engine` (@betodealmeida)
- [#32135](https://github.com/apache/superset/pull/32135) fix: Local tarball Docker container is missing zstd dependency (@michael-s-molina)
- [#32133](https://github.com/apache/superset/pull/32133) fix: No virtual environment when running Docker translation compiler (@michael-s-molina)
- [#32040](https://github.com/apache/superset/pull/32040) fix(ci): ephemeral env, handle different label, create comment (@dpgaspar)
- [#32064](https://github.com/apache/superset/pull/32064) fix(datepicker): Full width datepicker on filter value select (@msyavuz)
- [#32122](https://github.com/apache/superset/pull/32122) fix: Histogram examples config (@michael-s-molina)
- [#32053](https://github.com/apache/superset/pull/32053) fix: enforce `ALERT_REPORTS_MAX_CUSTOM_SCREENSHOT_WIDTH` (@betodealmeida)
- [#31757](https://github.com/apache/superset/pull/31757) fix(thumbnail cache): Enabling force parameter on screenshot/thumbnail cache (@fisjac)
- [#32061](https://github.com/apache/superset/pull/32061) fix(DatePicker): Increase z-index over Modal (@geido)
- [#32031](https://github.com/apache/superset/pull/32031) fix(fe/explore): prevent runtime error when editing Dataset-origin Chart with empty title (@hainenber)
- [#32045](https://github.com/apache/superset/pull/32045) fix: Revert "fix: re-enable cypress checks" (@mistercrunch)
- [#32008](https://github.com/apache/superset/pull/32008) fix: re-enable cypress checks (@mistercrunch)
- [#32017](https://github.com/apache/superset/pull/32017) fix: eph env + improve docker images to run in userspace (@mistercrunch)
- [#31340](https://github.com/apache/superset/pull/31340) fix(ci): change ephemeral env to use github labels instead of comments (@dpgaspar)
- [#32025](https://github.com/apache/superset/pull/32025) fix: Filters badge disappeared (@kgabryje)
- [#32015](https://github.com/apache/superset/pull/32015) fix(issue #31927): TimeGrain.WEEK_STARTING_MONDAY (@AdrianMastronardi)
- [#30716](https://github.com/apache/superset/pull/30716) fix: Reordering echart props to fix confidence interval in Mixed Charts (@geotab-data-platform)
- [#32005](https://github.com/apache/superset/pull/32005) fix(sqllab): tab layout truncated (@justinpark)
- [#29417](https://github.com/apache/superset/pull/29417) fix(verbose map): Correct raw metrics handling in verbose map (@mcdogg17)
- [#31962](https://github.com/apache/superset/pull/31962) fix: proper URL building (@betodealmeida)
- [#31941](https://github.com/apache/superset/pull/31941) fix(timezoneselector): Correct the order to match names first (@msyavuz)
- [#25166](https://github.com/apache/superset/pull/25166) fix: correct value for config variable `UPLOAD_FOLDER` (@sebastianliebscher)
- [#31948](https://github.com/apache/superset/pull/31948) fix: Load cached DB metadata as DatasourceName and add catalog to schema_list cache key (@Vitor-Avila)
- [#31809](https://github.com/apache/superset/pull/31809) fix: Prevent undo functionality from referencing incorrect dashboard edits (@fardin-developer)
- [#30949](https://github.com/apache/superset/pull/30949) fix: adjust line type as well as weight for time series (@eschutho)
- [#31933](https://github.com/apache/superset/pull/31933) fix(E2E): Fix flaky Dashboard list delete test (@geido)
- [#31867](https://github.com/apache/superset/pull/31867) fix(date_parser): fixed bug for advanced time range filter (@alexandrusoare)
- [#31873](https://github.com/apache/superset/pull/31873) fix(documentation): updated link to CORS_OPTIONS in Networking Settings (@ankur-zignite91)
- [#31910](https://github.com/apache/superset/pull/31910) fix: add catalog to cache key when getting tables/views (@betodealmeida)
- [#31837](https://github.com/apache/superset/pull/31837) fix(bigquery): return no catalogs when creds not set (@betodealmeida)
- [#31848](https://github.com/apache/superset/pull/31848) fix: d3.count doesn't exist (@mistercrunch)
- [#31830](https://github.com/apache/superset/pull/31830) fix: fix/suppress webpack console warnings (@mistercrunch)
- [#31834](https://github.com/apache/superset/pull/31834) fix(OAuth): Remove masked_encrypted_extra from DB update properties (@Vitor-Avila)
- [#31798](https://github.com/apache/superset/pull/31798) fix(Embedded): Skip CSRF validation for dashboard download endpoints (@Vitor-Avila)
- [#31815](https://github.com/apache/superset/pull/31815) fix(modal): fixed z-index issue (@alexandrusoare)
- [#31774](https://github.com/apache/superset/pull/31774) fix: corrects spelling of USE_ANALAGOUS_COLORS to be USE_ANALOGOUS_COLORS (@rusackas)
- [#31777](https://github.com/apache/superset/pull/31777) fix(oauth): Handle updates to the OAuth config (@Vitor-Avila)
- [#31789](https://github.com/apache/superset/pull/31789) fix(button): change back button styles for dropdown buttons (@msyavuz)
- [#31752](https://github.com/apache/superset/pull/31752) fix: Heatmap sorting (@michael-s-molina)
- [#31742](https://github.com/apache/superset/pull/31742) fix: GHA frontend builds fail when frontends hasn't changed (@mistercrunch)
- [#31732](https://github.com/apache/superset/pull/31732) fix: docker builds in forks (@mistercrunch)
- [#31606](https://github.com/apache/superset/pull/31606) fix: docker-compose-image-tag fails to start (@mistercrunch)
- [#31710](https://github.com/apache/superset/pull/31710) fix(inthewild): Update companies using superset (@gwthm-in)
- [#31673](https://github.com/apache/superset/pull/31673) fix: typo in plugin-chart-echats controls (@vhf)
- [#31688](https://github.com/apache/superset/pull/31688) fix(helm): change values.yaml comments (@sule26)
- [#31588](https://github.com/apache/superset/pull/31588) fix: install uv in docker-bootstrap (@mistercrunch)
- [#31583](https://github.com/apache/superset/pull/31583) fix(docs): get quickstart guide working again (@sfirke)
- [#31561](https://github.com/apache/superset/pull/31561) fix: add various recent issues on master CI (@mistercrunch)
- [#31493](https://github.com/apache/superset/pull/31493) fix: master docker builds fail because of multi-platform builds can't --load (@mistercrunch)
- [#31483](https://github.com/apache/superset/pull/31483) fix: Card component background color (@kgabryje)
- [#31472](https://github.com/apache/superset/pull/31472) fix: Tooltip covers the date selector in native filters (@kgabryje)
- [#31473](https://github.com/apache/superset/pull/31473) fix(explore): Styling issue in Search Metrics input field (@kgabryje)
- [#31449](https://github.com/apache/superset/pull/31449) fix(filter options): full size list item targets (@rusackas)
- [#31458](https://github.com/apache/superset/pull/31458) fix(api): typo api.py (@zero-stroke)
- [#31385](https://github.com/apache/superset/pull/31385) fix: docker refactor (@mistercrunch)
- [#31374](https://github.com/apache/superset/pull/31374) fix(Dashboard): Sync color configuration via dedicated endpoint (@geido)
- [#31411](https://github.com/apache/superset/pull/31411) fix: pkg_resources is getting deprecated (@mistercrunch)
- [#31391](https://github.com/apache/superset/pull/31391) fix: don't include chromium on ephemeral envs (@mistercrunch)
- [#31387](https://github.com/apache/superset/pull/31387) fix: Revert "chore(deps-dev): bump esbuild from 0.20.0 to 0.24.0 in /super… (@sadpandajoe)
- [#31236](https://github.com/apache/superset/pull/31236) fix: ephemeral envs fail on noop (@dpgaspar)
- [#31350](https://github.com/apache/superset/pull/31350) fix(alerts&reports): tabs with userfriendly urls (@tahvane1)
- [#30956](https://github.com/apache/superset/pull/30956) fix: added missing pod labels for init job (@glothriel)
- [#31279](https://github.com/apache/superset/pull/31279) fix(filters): improving the add filter/divider UI. (@rusackas)
- [#31155](https://github.com/apache/superset/pull/31155) fix: helm chart deploy to open PRs to now-protected gh-pages branch (@mistercrunch)
- [#31152](https://github.com/apache/superset/pull/31152) fix: try to re-enable gh-pages (@mistercrunch)
- [#31148](https://github.com/apache/superset/pull/31148) fix: touch helm/ folder to trigger doc deploy in CI (@mistercrunch)
- [#31035](https://github.com/apache/superset/pull/31035) fix: ephemeral environments missing env var (@mistercrunch)
- [#30966](https://github.com/apache/superset/pull/30966) fix(helm-chart): Fix broken PodDisruptionBudget due to introduction of extraLabels. (@theoriginalgri)
- [#30964](https://github.com/apache/superset/pull/30964) fix(Card): Use correct class names for Ant Design 5 Card component (@geido)
- [#30924](https://github.com/apache/superset/pull/30924) fix(helm): use submodule on helm release action (@villebro)
- [#30767](https://github.com/apache/superset/pull/30767) fix(empty dashboards): Allow downloading a screenshot of an empty dashboard (@msyavuz)
- [#30885](https://github.com/apache/superset/pull/30885) fix(docs): add missing bracket in openID config (@samarsrivastav)
- [#30858](https://github.com/apache/superset/pull/30858) fix(chart data): removing query from /chart/data payload when accessing as guest user (@fisjac)
- [#30848](https://github.com/apache/superset/pull/30848) fix(time_comparison): Allow deleting dates when using custom shift (@Antonio-RiveroMartnez)
- [#28524](https://github.com/apache/superset/pull/28524) fix: warning emits an error (@eschutho)
- [#30682](https://github.com/apache/superset/pull/30682) fix(explore): Update tooltip copy for rendering html in tables and pivot tables (@yousoph)
- [#30618](https://github.com/apache/superset/pull/30618) fix(mssql db_engine_spec): adds uniqueidentifier to column_type_mappings (@rparsonsbb)
- [#27142](https://github.com/apache/superset/pull/27142) fix(chart): apply number format in Box Plot tooltip only where necessary (@goto-loop)
- [#30608](https://github.com/apache/superset/pull/30608) fix(country-map): Rename incorrect Vietnam province name for Country Map (@tienhung2812)
- [#30702](https://github.com/apache/superset/pull/30702) fix(Dashboard): DatePicker to not autoclose modal (@geido)
- [#30688](https://github.com/apache/superset/pull/30688) fix: bump FAB to 4.5.2 (@dpgaspar)
- [#30659](https://github.com/apache/superset/pull/30659) fix: Link Checking (@CodeWithEmad)
- [#30661](https://github.com/apache/superset/pull/30661) fix: Domain 'undefined' error in Storybook (@kgabryje)
- [#30626](https://github.com/apache/superset/pull/30626) fix: Module is not defined in Partition chart (@michael-s-molina)
- [#30616](https://github.com/apache/superset/pull/30616) fix(docs): leading whitespace line is causing page title and header to be malformed (@sfirke)
- [#30606](https://github.com/apache/superset/pull/30606) fix: Set correct amount of steps to avoid confusing logs while loading examples (@deathstrokedarksky)
- [#30522](https://github.com/apache/superset/pull/30522) fix(SQL Lab): hang when result set size is too big (@anamitraadhikari)
- [#30443](https://github.com/apache/superset/pull/30443) fix(Jinja metric macro): Support Drill By and Excel/CSV download without a dataset ID (@Vitor-Avila)
- [#30569](https://github.com/apache/superset/pull/30569) fix(dev-server): Revert "chore(fe): bump webpack-related packages to v5" (@geido)
- [#30069](https://github.com/apache/superset/pull/30069) fix(frontend/generator): fix failed Viz plugin build due to missing JSDOM config and dep (@hainenber)
- [#30277](https://github.com/apache/superset/pull/30277) fix(examples): fix examples uri for sqlite (@villebro)
- [#30509](https://github.com/apache/superset/pull/30509) fix(plugin/echarts): correct enum values for LABEL_POSITION map (@hainenber)
- [#30500](https://github.com/apache/superset/pull/30500) fix(sqllab): Remove redundant scrolling (@justinpark)
- [#30349](https://github.com/apache/superset/pull/30349) fix(radar-chart): metric options not available & add `min` option (@goncaloacteixeira)
- [#30493](https://github.com/apache/superset/pull/30493) fix(Package.json): Bump dayjs version (@geido)
- [#30406](https://github.com/apache/superset/pull/30406) fix(language): pt_BR translation (@diegolnasc)
- [#30441](https://github.com/apache/superset/pull/30441) fix: battling cypress' dashboard feature (@mistercrunch)
- [#30430](https://github.com/apache/superset/pull/30430) fix: cypress on master doesn't work because of --parallel flag (@mistercrunch)
- [#29444](https://github.com/apache/superset/pull/29444) fix(plugin/country/map): rectify naming for some Vietnamese provinces (@hainenber)
- [#30388](https://github.com/apache/superset/pull/30388) fix(ECharts): Revert ECharts version bump (@geido)
- [#30340](https://github.com/apache/superset/pull/30340) fix(CI): increase node JS heap size (@rusackas)
- [#30325](https://github.com/apache/superset/pull/30325) fix(db_engine_specs): add a few missing time grains to Postgres spec (@sfirke)
- [#30273](https://github.com/apache/superset/pull/30273) fix(dashboard): invalid button style in undo/redo button (@justinpark)
- [#30099](https://github.com/apache/superset/pull/30099) fix: Move copying translation files before npm run build in Docker (@martyngigg)
- [#30279](https://github.com/apache/superset/pull/30279) fix(install/docker): use zstd-baked image for building superset-frontend in containerized env (@hainenber)
- [#30234](https://github.com/apache/superset/pull/30234) fix(deps): release new embedded sdk (@rusackas)
- [#30237](https://github.com/apache/superset/pull/30237) fix(docs): change flask-oidc url (@drblack666)
- [#30217](https://github.com/apache/superset/pull/30217) fix(sdk): use latest @supserset-ui/switchboard version to avoid pulling empty dependency (@hainenber)
- [#30147](https://github.com/apache/superset/pull/30147) fix(docs): typo in docker-compose.mdx (@alexengrig)
- [#30148](https://github.com/apache/superset/pull/30148) fix: Adds the Deprecated label to Time-series Percent Change chart (@michael-s-molina)
- [#30141](https://github.com/apache/superset/pull/30141) fix(sqllab): race condition when updating same cursor position (@justinpark)
- [#30041](https://github.com/apache/superset/pull/30041) fix: Revert "fix(list/chart views): Chart Properties modal now has transitions" (@rusackas)
- [#30034](https://github.com/apache/superset/pull/30034) fix: Handle zstd encoding in webpack proxy config (@kgabryje)
- [#29916](https://github.com/apache/superset/pull/29916) fix: duplicate `truncateXAxis` option in `BarChart` (@dmitriyVasilievich1986)
- [#30013](https://github.com/apache/superset/pull/30013) fix(translations): Fixed APPLY translation in Spanish (@jvines)
- [#30001](https://github.com/apache/superset/pull/30001) fix: Reports are not sent when selecting to send as PNG, CSV or text (@eschutho)
- [#29686](https://github.com/apache/superset/pull/29686) fix: Removed fixed width constraint from Save button (@goldjee)
- [#29951](https://github.com/apache/superset/pull/29951) fix(i18n): translation fix in server side generated time grains (@Seboeb)
- [#29938](https://github.com/apache/superset/pull/29938) fix: thumbnail url json response was malformed (@eschutho)
- [#29944](https://github.com/apache/superset/pull/29944) fix: only show dataset name in list (@eschutho)
- [#29935](https://github.com/apache/superset/pull/29935) fix: Fix delete_fake_db (@stamplevskiyd)
- [#29522](https://github.com/apache/superset/pull/29522) fix(cli): add impersonate_user to db import (@chessman)
- [#29895](https://github.com/apache/superset/pull/29895) fix(PivotTable): Pass string only to safeHtmlSpan (@geido)
- [#29864](https://github.com/apache/superset/pull/29864) fix: mypy issue on py3.9 + prevent similar issues (@mistercrunch)
- [#29861](https://github.com/apache/superset/pull/29861) fix: mypy fails related to simplejson.dumps (@mistercrunch)
- [#24411](https://github.com/apache/superset/pull/24411) fix(docs): update timescale.png (@mathisve)
- [#29851](https://github.com/apache/superset/pull/29851) fix: Add missing icons (@kgabryje)
- [#29591](https://github.com/apache/superset/pull/29591) fix: machine auth for GAQ enabled deployments (@harshit2283)
- [#29798](https://github.com/apache/superset/pull/29798) fix: set default timezone to UTC for cron timezone conversions (@danielli-ziprecruiter)
- [#28796](https://github.com/apache/superset/pull/28796) fix(list/chart views): Chart Properties modal now has transitions (@rusackas)
- [#29688](https://github.com/apache/superset/pull/29688) fix(ci): release process for labeling PRs (@mistercrunch)
- [#29779](https://github.com/apache/superset/pull/29779) fix: remove --no-optional from docker-compose build (@mistercrunch)
-
-**Others**
-
- [#33745](https://github.com/apache/superset/pull/33745) build: update Dockerfile to 3.11.13-slim-bookworm (@gpchandran)
- [#33612](https://github.com/apache/superset/pull/33612) chore: update Dockerfile - Upgrade to 3.11.12 (@gpchandran)
- [#33339](https://github.com/apache/superset/pull/33339) chore(🦾): bump python h11 0.14.0 -> 0.16.0 (@github-actions[bot])
- [#32745](https://github.com/apache/superset/pull/32745) chore(🦾): bump python sqlglot 26.1.3 -> 26.11.1 (@github-actions[bot])
- [#32239](https://github.com/apache/superset/pull/32239) docs: adding notes about using uv instead of raw pip (@mistercrunch)
- [#32221](https://github.com/apache/superset/pull/32221) chore(ci): fix ephemeral env null issue number (v2) (@dpgaspar)
- [#32220](https://github.com/apache/superset/pull/32220) chore(ci): fix ephemeral env null issue number (@dpgaspar)
- [#32030](https://github.com/apache/superset/pull/32030) chore(timeseries charts): adjust legend width by padding (@eschutho)
- [#32062](https://github.com/apache/superset/pull/32062) chore: Re-enable asnyc event API tests (@Vitor-Avila)
- [#32004](https://github.com/apache/superset/pull/32004) refactor(Radio): Upgrade Radio Component to Ant Design 5 (@EnxDev)
- [#32054](https://github.com/apache/superset/pull/32054) chore: Add more database-related tests (follow up to #31948) (@Vitor-Avila)
- [#31811](https://github.com/apache/superset/pull/31811) chore(Network Errors): Update network errors on filter bars and charts (@msyavuz)
- [#31794](https://github.com/apache/superset/pull/31794) chore: Removing DASHBOARD_CROSS_FILTERS flag and all that comes with it. (@rusackas)
- [#32013](https://github.com/apache/superset/pull/32013) chore: add UPDATING note for CSV_UPLOAD_MAX_SIZE removal (@dpgaspar)
- [#31961](https://github.com/apache/superset/pull/31961) refactor: Upgrade to React 17 (@kgabryje)
- [#32007](https://github.com/apache/superset/pull/32007) chore(fe): correct typing for sheetsColumnNames (@hainenber)
- [#32000](https://github.com/apache/superset/pull/32000) refactor: Remove CSV upload size limit and related validation (@sha174n)
- [#31421](https://github.com/apache/superset/pull/31421) refactor(Shared_url_query): Fix shared query URL access for SQL Lab users. (@LevisNgigi)
- [#31980](https://github.com/apache/superset/pull/31980) chore: Add FYND to INTHEWILD.md (@darpanjain07)
- [#31976](https://github.com/apache/superset/pull/31976) refactor: Removes the legacy dataset editor (@michael-s-molina)
- [#31858](https://github.com/apache/superset/pull/31858) chore: refactor Alert-related components (@mistercrunch)
- [#31547](https://github.com/apache/superset/pull/31547) chore(deps): bump react-transition-group and @types/react-transition-group in /superset-frontend (@dependabot[bot])
- [#31963](https://github.com/apache/superset/pull/31963) chore(build): enforce eslint rule banning antd imports outside of core Superset components (@rusackas)
- [#31965](https://github.com/apache/superset/pull/31965) chore: fix `tsc` errors (@hainenber)
- [#31860](https://github.com/apache/superset/pull/31860) chore: Empty state refactor (@mistercrunch)
- [#31844](https://github.com/apache/superset/pull/31844) chore: replace selenium user with fixed user (@villebro)
- [#31943](https://github.com/apache/superset/pull/31943) refactor: Removes legacy dashboard endpoints (@michael-s-molina)
- [#31942](https://github.com/apache/superset/pull/31942) refactor: Removes legacy CSS template endpoint (@michael-s-molina)
- [#31819](https://github.com/apache/superset/pull/31819) chore(fe): migrate 6 Enzyme-based unit tests to RTL (@hainenber)
- [#31947](https://github.com/apache/superset/pull/31947) chore: bump FAB to 4.5.3 (@dpgaspar)
- [#30284](https://github.com/apache/superset/pull/30284) chore(GAQ): Remove GLOBAL_ASYNC_QUERIES_REDIS_CONFIG (@nsivarajan)
- [#31926](https://github.com/apache/superset/pull/31926) chore: cypress set up tweaks (@mistercrunch)
- [#31905](https://github.com/apache/superset/pull/31905) chore: Reduces the form_data_key length (@michael-s-molina)
- [#31460](https://github.com/apache/superset/pull/31460) docs: Removed mentioning of .env-non-dev in docker/README.md (@nikelborm)
- [#31907](https://github.com/apache/superset/pull/31907) chore: replace Lodash usage with native JS implementation (@hainenber)
- [#31699](https://github.com/apache/superset/pull/31699) refactor(Menu): Upgrade Menu Component to Ant Design 5 (@geido)
- [#31908](https://github.com/apache/superset/pull/31908) chore(fe): dev deps cleanup (@hainenber)
- [#31916](https://github.com/apache/superset/pull/31916) docs: clarify port configuration for Cypress (@mistercrunch)
- [#29163](https://github.com/apache/superset/pull/29163) refactor(sqllab): migrate share queries via kv by permalink (@justinpark)
- [#29121](https://github.com/apache/superset/pull/29121) perf(dashboard): dashboard list endpoint returning large and unnecessary data (@Always-prog)
- [#31894](https://github.com/apache/superset/pull/31894) chore(config): Deprecating Domain Sharding (@rusackas)
- [#31795](https://github.com/apache/superset/pull/31795) chore: Re-enable skipped tests (@michael-s-molina)
- [#31875](https://github.com/apache/superset/pull/31875) chore: add a disable for pylint (@betodealmeida)
- [#31874](https://github.com/apache/superset/pull/31874) docs: add a note about accessing the dev env's postgres database (@mistercrunch)
- [#31845](https://github.com/apache/superset/pull/31845) chore: add eslint to pre-commit hooks (@mistercrunch)
- [#31847](https://github.com/apache/superset/pull/31847) chore(ci): auto delete branches on merge (@rusackas)
- [#31846](https://github.com/apache/superset/pull/31846) chore: properly import expect from chai in cypress-base/cypress/support/e2e.ts (@mistercrunch)
- [#31831](https://github.com/apache/superset/pull/31831) chore: bump @ant-design/icons to fix fill-rule console warning (@mistercrunch)
- [#31503](https://github.com/apache/superset/pull/31503) chore: python version to 3.11 (while supporting 3.10) (@mistercrunch)
- [#31761](https://github.com/apache/superset/pull/31761) build(eslint): disabling wildcard imports with eslint (@rusackas)
- [#25933](https://github.com/apache/superset/pull/25933) chore(deps): bump selenium 4.14.0+ (@gnought)
- [#31820](https://github.com/apache/superset/pull/31820) chore(tests): Changing the logic for an intermittent tag test (@Vitor-Avila)
- [#31631](https://github.com/apache/superset/pull/31631) refactor(bulk_select): Fix bulk select tagging issues for users (@LevisNgigi)
- [#31019](https://github.com/apache/superset/pull/31019) refactor(date picker): Migrate Date Picker to Ant Design 5 (@msyavuz)
- [#31787](https://github.com/apache/superset/pull/31787) docs: improve dev python environment install (@sha174n)
- [#31797](https://github.com/apache/superset/pull/31797) chore: adding Antonio as a helm codeowner (@eschutho)
- [#31452](https://github.com/apache/superset/pull/31452) refactor(dashboard): Migrate ResizableContainer to TypeScript and functional component (@EnxDev)
- [#31791](https://github.com/apache/superset/pull/31791) chore: Skips integration tests affected by legacy charts removal (@michael-s-molina)
- [#31661](https://github.com/apache/superset/pull/31661) build(deps-dev): bump css-loader from 6.8.1 to 7.1.2 in /superset-frontend (@dependabot[bot])
- [#31668](https://github.com/apache/superset/pull/31668) build(deps-dev): bump css-minimizer-webpack-plugin from 5.0.1 to 7.0.0 in /superset-frontend (@dependabot[bot])
- [#31754](https://github.com/apache/superset/pull/31754) refactor: Removes Apply to all panels filters scope configuration (@michael-s-molina)
- [#31623](https://github.com/apache/superset/pull/31623) refactor(Button): Upgrade Button component to Antd5 (@alexandrusoare)
- [#31756](https://github.com/apache/superset/pull/31756) docs: add Remita to list (@mujibishola)
- [#31750](https://github.com/apache/superset/pull/31750) docs: add cover genius to the user list (@US579)
- [#31412](https://github.com/apache/superset/pull/31412) chore(ff): deprecating `DRILL_TO_DETAIL` feature flag to launch it prime-time (@rusackas)
- [#31718](https://github.com/apache/superset/pull/31718) refactor(Steps): Migrate Steps to Ant Design 5 (@msyavuz)
- [#31537](https://github.com/apache/superset/pull/31537) chore(deps): bump react-virtualized-auto-sizer from 1.0.24 to 1.0.25 in /superset-frontend (@dependabot[bot])
- [#31552](https://github.com/apache/superset/pull/31552) chore(deps-dev): bump eslint-plugin-react-hooks from 4.6.0 to 4.6.2 in /superset-frontend (@dependabot[bot])
- [#31545](https://github.com/apache/superset/pull/31545) chore(deps-dev): bump webpack from 5.94.0 to 5.97.1 in /superset-frontend (@dependabot[bot])
- [#31551](https://github.com/apache/superset/pull/31551) chore(deps-dev): bump eslint-plugin-cypress from 3.5.0 to 3.6.0 in /superset-frontend (@dependabot[bot])
- [#31559](https://github.com/apache/superset/pull/31559) chore(deps): bump abortcontroller-polyfill from 1.7.5 to 1.7.8 in /superset-frontend (@dependabot[bot])
- [#31653](https://github.com/apache/superset/pull/31653) build(deps): update @emotion/cache requirement from ^11.4.0 to ^11.14.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31664](https://github.com/apache/superset/pull/31664) build(deps): bump markdown-to-jsx from 7.4.7 to 7.7.2 in /superset-frontend (@dependabot[bot])
- [#31665](https://github.com/apache/superset/pull/31665) build(deps): bump html-webpack-plugin from 5.6.0 to 5.6.3 in /superset-frontend (@dependabot[bot])
- [#31666](https://github.com/apache/superset/pull/31666) build(deps-dev): bump @emotion/babel-plugin from 11.12.0 to 11.13.5 in /superset-frontend (@dependabot[bot])
- [#31667](https://github.com/apache/superset/pull/31667) build(deps-dev): bump jsdom from 24.1.1 to 25.0.1 in /superset-frontend (@dependabot[bot])
- [#31685](https://github.com/apache/superset/pull/31685) build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /superset/translations (@dependabot[bot])
- [#31622](https://github.com/apache/superset/pull/31622) chore: replace `imp` built-in module usage for future Python3.12 usage (@hainenber)
- [#31712](https://github.com/apache/superset/pull/31712) chore(fe/sec): resolve High CVE-2024-21538 and Moderate CVE-2024-55565 by bumping `nanoid` and `cross-spawn` (@hainenber)
- [#31627](https://github.com/apache/superset/pull/31627) chore(helm): bump helm on CI to latest version (@villebro)
- [#31701](https://github.com/apache/superset/pull/31701) chore: add helm code owners (@villebro)
- [#31691](https://github.com/apache/superset/pull/31691) docs: add Open edX to users list (@pomegranited)
- [#31693](https://github.com/apache/superset/pull/31693) refactor(space): Migrate Space to Ant Design 5 (@msyavuz)
- [#31530](https://github.com/apache/superset/pull/31530) chore(deps-dev): bump eslint from 9.14.0 to 9.17.0 in /superset-websocket (@dependabot[bot])
- [#31670](https://github.com/apache/superset/pull/31670) build(deps): update echarts requirement from ^5.4.1 to ^5.6.0 in /superset-frontend/plugins/plugin-chart-echarts (@dependabot[bot])
- [#31652](https://github.com/apache/superset/pull/31652) build(deps): update chalk requirement from ^5.4.0 to ^5.4.1 in /superset-frontend/packages/generator-superset (@dependabot[bot])
- [#31655](https://github.com/apache/superset/pull/31655) build(deps): bump core-js from 3.38.1 to 3.39.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31656](https://github.com/apache/superset/pull/31656) build(deps): bump antd from 5.22.5 to 5.22.7 in /docs (@dependabot[bot])
- [#31657](https://github.com/apache/superset/pull/31657) build(deps-dev): update @babel/core requirement from ^7.23.9 to ^7.26.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31658](https://github.com/apache/superset/pull/31658) build(deps): update @emotion/react requirement from ^11.13.3 to ^11.14.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31662](https://github.com/apache/superset/pull/31662) build(deps-dev): bump @types/node from 22.7.4 to 22.10.3 in /superset-websocket (@dependabot[bot])
- [#31663](https://github.com/apache/superset/pull/31663) build(deps-dev): bump typescript-eslint from 8.12.2 to 8.19.0 in /superset-websocket (@dependabot[bot])
- [#31672](https://github.com/apache/superset/pull/31672) build(deps-dev): update @types/node requirement from ^22.5.4 to ^22.10.3 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#31633](https://github.com/apache/superset/pull/31633) refactor(empty): Migrate Empty component to Ant Design 5 (@msyavuz)
- [#31607](https://github.com/apache/superset/pull/31607) refactor(Divider): Migrate Divider to Ant Design 5 (@msyavuz)
- [#31310](https://github.com/apache/superset/pull/31310) refactor(moment): Replace Moment.js with DayJs (@msyavuz)
- [#30778](https://github.com/apache/superset/pull/30778) build(deps-dev): update @types/jest requirement from ^29.5.12 to ^29.5.14 in /superset-frontend/plugins/plugin-chart-handlebars (@dependabot[bot])
- [#31526](https://github.com/apache/superset/pull/31526) chore(deps): bump hot-shots from 10.0.0 to 10.2.1 in /superset-websocket (@dependabot[bot])
- [#31538](https://github.com/apache/superset/pull/31538) chore(deps-dev): update @babel/preset-react requirement from ^7.23.3 to ^7.26.3 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31217](https://github.com/apache/superset/pull/31217) chore(deps-dev): bump eslint-plugin-jest-dom from 3.6.5 to 5.5.0 in /superset-frontend (@dependabot[bot])
- [#31541](https://github.com/apache/superset/pull/31541) chore(deps): bump antd from 5.22.2 to 5.22.5 in /docs (@dependabot[bot])
- [#31536](https://github.com/apache/superset/pull/31536) chore(deps): bump prism-react-renderer from 2.4.0 to 2.4.1 in /docs (@dependabot[bot])
- [#30322](https://github.com/apache/superset/pull/30322) build(deps): bump find-my-way and @applitools/eyes-cypress in /superset-frontend/cypress-base (@dependabot[bot])
- [#30789](https://github.com/apache/superset/pull/30789) build(deps-dev): update @types/lodash requirement from ^4.17.7 to ^4.17.13 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#31523](https://github.com/apache/superset/pull/31523) chore(deps-dev): bump @types/lodash from 4.17.7 to 4.17.13 in /superset-websocket (@dependabot[bot])
- [#31546](https://github.com/apache/superset/pull/31546) chore(deps-dev): bump @types/rison from 0.0.9 to 0.1.0 in /superset-frontend (@dependabot[bot])
- [#31557](https://github.com/apache/superset/pull/31557) chore(deps): bump react-reverse-portal from 2.1.1 to 2.1.2 in /superset-frontend (@dependabot[bot])
- [#31577](https://github.com/apache/superset/pull/31577) docs: add Virtuoso QA to users list (@shubham-rohatgi)
- [#31520](https://github.com/apache/superset/pull/31520) chore(deps): bump debug from 4.3.7 to 4.4.0 in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30474](https://github.com/apache/superset/pull/30474) build(deps-dev): bump thread-loader from 4.0.2 to 4.0.4 in /superset-frontend (@dependabot[bot])
- [#30085](https://github.com/apache/superset/pull/30085) build(deps): bump gh-pages from 5.0.0 to 6.1.1 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31558](https://github.com/apache/superset/pull/31558) chore(deps-dev): bump eslint-import-resolver-typescript from 3.6.3 to 3.7.0 in /superset-frontend (@dependabot[bot])
- [#31521](https://github.com/apache/superset/pull/31521) chore(deps-dev): bump prettier from 3.3.3 to 3.4.2 in /superset-websocket (@dependabot[bot])
- [#30785](https://github.com/apache/superset/pull/30785) build(deps-dev): update @types/underscore requirement from ^1.11.15 to ^1.13.0 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#30779](https://github.com/apache/superset/pull/30779) build(deps-dev): update @types/lodash requirement from ^4.17.7 to ^4.17.13 in /superset-frontend/plugins/plugin-chart-handlebars (@dependabot[bot])
- [#31539](https://github.com/apache/superset/pull/31539) chore(deps-dev): bump webpack from 5.96.1 to 5.97.1 in /docs (@dependabot[bot])
- [#31540](https://github.com/apache/superset/pull/31540) chore(deps): bump @algolia/client-search from 5.15.0 to 5.18.0 in /docs (@dependabot[bot])
- [#27809](https://github.com/apache/superset/pull/27809) build(deps): bump @math.gl/web-mercator from 3.6.3 to 4.0.1 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#31529](https://github.com/apache/superset/pull/31529) chore(deps): update @deck.gl/aggregation-layers requirement from ^9.0.37 to ^9.0.38 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#31572](https://github.com/apache/superset/pull/31572) chore(deps): bump gh-pages from 5.0.0 to 6.2.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#30458](https://github.com/apache/superset/pull/30458) build(deps): bump @types/d3-format from 1.4.5 to 3.0.4 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#31542](https://github.com/apache/superset/pull/31542) chore(deps): bump @docsearch/react from 3.6.3 to 3.8.2 in /docs (@dependabot[bot])
- [#31225](https://github.com/apache/superset/pull/31225) chore(deps-dev): bump typescript from 4.9.5 to 5.7.2 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31388](https://github.com/apache/superset/pull/31388) chore(deps): update dompurify requirement from ^3.1.3 to ^3.2.3 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (@dependabot[bot])
- [#31543](https://github.com/apache/superset/pull/31543) chore(deps): bump @storybook/types from 8.1.11 to 8.4.7 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31533](https://github.com/apache/superset/pull/31533) chore(deps): update chalk requirement from ^5.3.0 to ^5.4.0 in /superset-frontend/packages/generator-superset (@dependabot[bot])
- [#31532](https://github.com/apache/superset/pull/31532) chore(deps-dev): update @types/d3-time requirement from ^3.0.3 to ^3.0.4 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#31531](https://github.com/apache/superset/pull/31531) chore(deps): update yeoman-generator requirement from ^7.3.2 to ^7.4.0 in /superset-frontend/packages/generator-superset (@dependabot[bot])
- [#31525](https://github.com/apache/superset/pull/31525) chore(deps): update @deck.gl/layers requirement from ^9.0.37 to ^9.0.38 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#31524](https://github.com/apache/superset/pull/31524) chore(deps-dev): update @babel/types requirement from ^7.25.6 to ^7.26.3 in /superset-frontend/plugins/plugin-chart-pivot-table (@dependabot[bot])
- [#31389](https://github.com/apache/superset/pull/31389) chore(deps): update @emotion/styled requirement from ^11.3.0 to ^11.14.0 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#31519](https://github.com/apache/superset/pull/31519) chore: remove dependency on func_timeout because LGPL (@mistercrunch)
- [#31517](https://github.com/apache/superset/pull/31517) chore: update browser list (@mistercrunch)
- [#31420](https://github.com/apache/superset/pull/31420) refactor(Modal): Upgrade Modal component to Antd5 (@alexandrusoare)
- [#31511](https://github.com/apache/superset/pull/31511) chore: rename `apply_post_process` (@betodealmeida)
- [#31390](https://github.com/apache/superset/pull/31390) chore(gha): bump ubuntu to latest fresh release (@mistercrunch)
- [#31313](https://github.com/apache/superset/pull/31313) chore: deprecate pip-compile-multi in favor or uv (@mistercrunch)
- [#31515](https://github.com/apache/superset/pull/31515) chore: deprecate fossa in favor of liccheck to validate python licenses (@mistercrunch)
- [#31501](https://github.com/apache/superset/pull/31501) chore(code owners): Update CODEOWNERS file to remove a couple inactive contributors (@rusackas)
- [#31496](https://github.com/apache/superset/pull/31496) docs: Update new user for Careem to user's list (@samraHanif0340)
- [#31451](https://github.com/apache/superset/pull/31451) chore: remove numba and llvmlite deps as they are large and we don't use them (@mistercrunch)
- [#30605](https://github.com/apache/superset/pull/30605) chore(translations): German translation update (@gerbermichi)
- [#31262](https://github.com/apache/superset/pull/31262) chore: deprecate `pylint` in favor of `ruff` (@mistercrunch)
- [#31422](https://github.com/apache/superset/pull/31422) docs: CVEs fixed on 4.1.0 v2 (@dpgaspar)
- [#31268](https://github.com/apache/superset/pull/31268) refactor: Migrate AdhocFilterEditPopoverSqlTabContent to TypeScript (@EnxDev)
- [#30196](https://github.com/apache/superset/pull/30196) build(packages): npm build/publish improvements. Making packages publishable again. (@rusackas)
- [#31378](https://github.com/apache/superset/pull/31378) chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /docs (@dependabot[bot])
- [#31381](https://github.com/apache/superset/pull/31381) chore(embedded sdk): bump sdk version number (@rusackas)
- [#31380](https://github.com/apache/superset/pull/31380) chore(embedded sdk): bumping dependencies (@rusackas)
- [#31362](https://github.com/apache/superset/pull/31362) chore(deps): bump nanoid from 5.0.7 to 5.0.9 in /superset-frontend/cypress-base (@dependabot[bot])
- [#31209](https://github.com/apache/superset/pull/31209) chore(deps): bump antd from 5.21.6 to 5.22.2 in /docs (@dependabot[bot])
- [#31219](https://github.com/apache/superset/pull/31219) chore(deps-dev): bump esbuild from 0.20.0 to 0.24.0 in /superset-frontend (@dependabot[bot])
- [#31314](https://github.com/apache/superset/pull/31314) chore(deps): bump path-to-regexp and express in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#31220](https://github.com/apache/superset/pull/31220) chore(deps): bump winston from 3.15.0 to 3.17.0 in /superset-websocket (@dependabot[bot])
- [#31218](https://github.com/apache/superset/pull/31218) chore(deps-dev): bump @babel/eslint-parser from 7.23.10 to 7.25.9 in /superset-frontend (@dependabot[bot])
- [#31222](https://github.com/apache/superset/pull/31222) chore(deps-dev): bump @eslint/js from 9.14.0 to 9.16.0 in /superset-websocket (@dependabot[bot])
- [#31352](https://github.com/apache/superset/pull/31352) docs: CVEs fixed on 4.1.0 (@dpgaspar)
- [#31168](https://github.com/apache/superset/pull/31168) refactor(Alert): Migrate Alert component to Ant Design V5 (@LevisNgigi)
- [#31290](https://github.com/apache/superset/pull/31290) chore(FilterBar): move the "Add/edit filters" button in the FilterBar to the settings menu (@alexandrusoare)
- [#31312](https://github.com/apache/superset/pull/31312) refactor(Name_column): Make 'Name' column of Saved Query page into links (@LevisNgigi)
- [#31203](https://github.com/apache/superset/pull/31203) chore(deps): bump deck.gl from 9.0.34 to 9.0.36 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#31275](https://github.com/apache/superset/pull/31275) chore: relax greenlet requirements (@sadpandajoe)
- [#31205](https://github.com/apache/superset/pull/31205) chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 in /docs (@dependabot[bot])
- [#31207](https://github.com/apache/superset/pull/31207) chore(deps): bump @algolia/client-search from 5.12.0 to 5.15.0 in /docs (@dependabot[bot])
- [#31208](https://github.com/apache/superset/pull/31208) chore(deps): bump less from 4.2.0 to 4.2.1 in /docs (@dependabot[bot])
- [#31204](https://github.com/apache/superset/pull/31204) chore(deps-dev): bump @docusaurus/tsconfig from 3.5.2 to 3.6.3 in /docs (@dependabot[bot])
- [#31206](https://github.com/apache/superset/pull/31206) chore(deps): bump swagger-ui-react from 5.17.14 to 5.18.2 in /docs (@dependabot[bot])
- [#31224](https://github.com/apache/superset/pull/31224) chore(deps-dev): bump @types/jest from 29.5.12 to 29.5.14 in /superset-websocket (@dependabot[bot])
- [#31228](https://github.com/apache/superset/pull/31228) chore(deps): bump @types/react-table from 7.7.19 to 7.7.20 in /superset-frontend (@dependabot[bot])
- [#31210](https://github.com/apache/superset/pull/31210) chore(deps-dev): bump @docusaurus/module-type-aliases from 3.5.2 to 3.6.3 in /docs (@dependabot[bot])
- [#31213](https://github.com/apache/superset/pull/31213) chore(deps): bump @ant-design/icons from 5.5.1 to 5.5.2 in /docs (@dependabot[bot])
- [#31230](https://github.com/apache/superset/pull/31230) chore(deps): bump @scarf/scarf from 1.3.0 to 1.4.0 in /superset-frontend (@dependabot[bot])
- [#31259](https://github.com/apache/superset/pull/31259) chore(bug report template): bump Superset versions to reflect 4.1.1 release (@sfirke)
- [#31231](https://github.com/apache/superset/pull/31231) chore(deps): bump re-resizable from 6.10.0 to 6.10.1 in /superset-frontend (@dependabot[bot])
- [#31270](https://github.com/apache/superset/pull/31270) refactor: Split SliceHeaderControls into smaller files (@kgabryje)
- [#30864](https://github.com/apache/superset/pull/30864) docs: adapt docs to suggest 'docker compose up --build' (@mistercrunch)
- [#31034](https://github.com/apache/superset/pull/31034) chore: simplify Dockerfile package install calls with bash wrappers (@mistercrunch)
- [#31214](https://github.com/apache/superset/pull/31214) chore(deps): bump codecov/codecov-action from 4 to 5 (@dependabot[bot])
- [#31250](https://github.com/apache/superset/pull/31250) chore(🦾): bump python flask-migrate subpackage(s) (@github-actions[bot])
- [#31249](https://github.com/apache/superset/pull/31249) chore(🦾): bump python nh3 0.2.18 -> 0.2.19 (@github-actions[bot])
- [#31253](https://github.com/apache/superset/pull/31253) chore(🦾): bump python pyjwt 2.10.0 -> 2.10.1 (@github-actions[bot])
- [#31254](https://github.com/apache/superset/pull/31254) chore: pin greenlet in base dependencies (@mistercrunch)
- [#31186](https://github.com/apache/superset/pull/31186) docs(contributing): how to nuke the docker-compose postgres (@mistercrunch)
- [#31244](https://github.com/apache/superset/pull/31244) perf: Optimize DashboardPage and SyncDashboardState (@kgabryje)
- [#31243](https://github.com/apache/superset/pull/31243) perf: Optimize native filters and cross filters (@kgabryje)
- [#31240](https://github.com/apache/superset/pull/31240) perf: Optimize dashboard grid components (@kgabryje)
- [#31242](https://github.com/apache/superset/pull/31242) perf: Optimize Dashboard components (@kgabryje)
- [#31241](https://github.com/apache/superset/pull/31241) perf: Optimize dashboard chart-related components (@kgabryje)
- [#31182](https://github.com/apache/superset/pull/31182) chore(Tooltip): Upgrade Tooltip to Ant Design 5 (@alexandrusoare)
- [#31193](https://github.com/apache/superset/pull/31193) refactor: Creates the VizType enum (@michael-s-molina)
- [#31165](https://github.com/apache/superset/pull/31165) docs: update slack alert instructions to work with V2 slack API (@PJDuszynski)
- [#28461](https://github.com/apache/superset/pull/28461) chore(🦾): bump python sqlglot 23.6.3 -> 23.15.8 (@github-actions[bot])
- [#31171](https://github.com/apache/superset/pull/31171) chore(🦾): bump python pyparsing 3.1.2 -> 3.2.0 (@github-actions[bot])
- [#31170](https://github.com/apache/superset/pull/31170) chore(deps): cap async_timeout<5.0.0 (@mistercrunch)
- [#31032](https://github.com/apache/superset/pull/31032) refactor: remove more sqlparse (@betodealmeida)
- [#31126](https://github.com/apache/superset/pull/31126) chore(🦾): bump python importlib-metadata 7.1.0 -> 8.5.0 (@github-actions[bot])
- [#29382](https://github.com/apache/superset/pull/29382) chore: deprecate tox in favor of act (@mistercrunch)
- [#31109](https://github.com/apache/superset/pull/31109) chore(🦾): bump python billiard 4.2.0 -> 4.2.1 (@github-actions[bot])
- [#31138](https://github.com/apache/superset/pull/31138) chore(🦾): bump python flask-limiter 3.7.0 -> 3.8.0 (@github-actions[bot])
- [#31140](https://github.com/apache/superset/pull/31140) chore(🦾): bump python mako 1.3.5 -> 1.3.6 (@github-actions[bot])
- [#31127](https://github.com/apache/superset/pull/31127) chore(🦾): bump python celery subpackage(s) (@github-actions[bot])
- [#31128](https://github.com/apache/superset/pull/31128) chore(🦾): bump python humanize 4.9.0 -> 4.11.0 (@github-actions[bot])
- [#31129](https://github.com/apache/superset/pull/31129) chore(🦾): bump python simplejson 3.19.2 -> 3.19.3 (@github-actions[bot])
- [#31130](https://github.com/apache/superset/pull/31130) chore(🦾): bump python numexpr 2.10.1 -> 2.10.2 (@github-actions[bot])
- [#31132](https://github.com/apache/superset/pull/31132) chore(🦾): bump python slack-sdk 3.27.2 -> 3.33.4 (@github-actions[bot])
- [#31133](https://github.com/apache/superset/pull/31133) chore(🦾): bump python pyopenssl 24.1.0 -> 24.2.1 (@github-actions[bot])
- [#31135](https://github.com/apache/superset/pull/31135) chore(🦾): bump python dnspython 2.6.1 -> 2.7.0 (@github-actions[bot])
- [#31136](https://github.com/apache/superset/pull/31136) chore(🦾): bump python zstandard 0.22.0 -> 0.23.0 (@github-actions[bot])
- [#31137](https://github.com/apache/superset/pull/31137) chore(🦾): bump python limits 3.12.0 -> 3.13.0 (@github-actions[bot])
- [#31139](https://github.com/apache/superset/pull/31139) chore(🦾): bump python flask-jwt-extended 4.6.0 -> 4.7.1 (@github-actions[bot])
- [#31125](https://github.com/apache/superset/pull/31125) chore(🦾): bump python gunicorn 22.0.0 -> 23.0.0 (@github-actions[bot])
- [#31124](https://github.com/apache/superset/pull/31124) chore(🦾): bump python zipp 3.19.0 -> 3.21.0 (@github-actions[bot])
- [#31123](https://github.com/apache/superset/pull/31123) chore(🦾): bump python flask-compress 1.15 -> 1.17 (@github-actions[bot])
- [#31108](https://github.com/apache/superset/pull/31108) chore(🦾): bump python dill 0.3.8 -> 0.3.9 (@github-actions[bot])
- [#31116](https://github.com/apache/superset/pull/31116) chore(🦾): bump python email-validator 2.1.1 -> 2.2.0 (@github-actions[bot])
- [#31153](https://github.com/apache/superset/pull/31153) chore(asf): add `gh-pages` to protected branches (@rusackas)
- [#31122](https://github.com/apache/superset/pull/31122) chore(🦾): bump python async-timeout 4.0.3 -> 5.0.1 (@github-actions[bot])
- [#31121](https://github.com/apache/superset/pull/31121) chore(🦾): bump python prompt-toolkit 3.0.44 -> 3.0.48 (@github-actions[bot])
- [#31119](https://github.com/apache/superset/pull/31119) chore(🦾): bump python sqlparse 0.5.0 -> 0.5.2 (@github-actions[bot])
- [#30963](https://github.com/apache/superset/pull/30963) refactor(List): Upgrade List from antdesign4 to antdesign5 (@alexandrusoare)
- [#31113](https://github.com/apache/superset/pull/31113) chore(🦾): bump python mysqlclient 2.2.4 -> 2.2.6 (@github-actions[bot])
- [#31114](https://github.com/apache/superset/pull/31114) chore(🦾): bump python grpcio-status subpackage(s) (@github-actions[bot])
- [#31112](https://github.com/apache/superset/pull/31112) chore(🦾): bump python cycler 0.11.0 -> 0.12.1 (@github-actions[bot])
- [#31091](https://github.com/apache/superset/pull/31091) chore(🦾): bump python croniter 2.0.5 -> 5.0.1 (@github-actions[bot])
- [#31107](https://github.com/apache/superset/pull/31107) chore(🦾): bump python google-auth 2.29.0 -> 2.36.0 (@github-actions[bot])
- [#31106](https://github.com/apache/superset/pull/31106) chore(🦾): bump python psutil 6.0.0 -> 6.1.0 (@github-actions[bot])
- [#31105](https://github.com/apache/superset/pull/31105) chore(🦾): bump python dnspython 2.6.1 -> 2.7.0 (@github-actions[bot])
- [#31102](https://github.com/apache/superset/pull/31102) chore(🦾): bump python markdown 3.6 -> 3.7 (@github-actions[bot])
- [#31101](https://github.com/apache/superset/pull/31101) chore(🦾): bump python pluggy 1.4.0 -> 1.5.0 (@github-actions[bot])
- [#31100](https://github.com/apache/superset/pull/31100) chore(🦾): bump python sqloxide 0.1.43 -> 0.1.51 (@github-actions[bot])
- [#31099](https://github.com/apache/superset/pull/31099) chore(🦾): bump python wheel 0.43.0 -> 0.45.1 (@github-actions[bot])
- [#31098](https://github.com/apache/superset/pull/31098) chore(🦾): bump python pyproject-api 1.6.1 -> 1.8.0 (@github-actions[bot])
- [#31096](https://github.com/apache/superset/pull/31096) chore(🦾): bump python pytest-cov 5.0.0 -> 6.0.0 (@github-actions[bot])
- [#31094](https://github.com/apache/superset/pull/31094) chore(🦾): bump python chardet 5.1.0 -> 5.2.0 (@github-actions[bot])
- [#31093](https://github.com/apache/superset/pull/31093) chore(🦾): bump python jsonpath-ng 1.6.1 -> 1.7.0 (@github-actions[bot])
- [#31092](https://github.com/apache/superset/pull/31092) chore(🦾): bump python sshtunnel subpackage(s) (@github-actions[bot])
- [#31097](https://github.com/apache/superset/pull/31097) chore(🦾): bump python mako 1.3.5 -> 1.3.6 (@github-actions[bot])
- [#31090](https://github.com/apache/superset/pull/31090) chore(🦾): bump python tomlkit 0.12.5 -> 0.13.2 (@github-actions[bot])
- [#31087](https://github.com/apache/superset/pull/31087) chore(🦾): bump python isodate 0.6.1 -> 0.7.2 (@github-actions[bot])
- [#31082](https://github.com/apache/superset/pull/31082) chore(🦾): bump python db-dtypes 1.2.0 -> 1.3.1 (@github-actions[bot])
- [#31081](https://github.com/apache/superset/pull/31081) chore(🦾): bump python trino 0.328.0 -> 0.330.0 (@github-actions[bot])
- [#31089](https://github.com/apache/superset/pull/31089) chore(🦾): bump python certifi 2024.2.2 -> 2024.8.30 (@github-actions[bot])
- [#31088](https://github.com/apache/superset/pull/31088) chore(🦾): bump python pydata-google-auth 1.7.0 -> 1.9.0 (@github-actions[bot])
- [#31086](https://github.com/apache/superset/pull/31086) chore(🦾): bump python pyproject-hooks 1.0.0 -> 1.2.0 (@github-actions[bot])
- [#31085](https://github.com/apache/superset/pull/31085) chore(🦾): bump python sqlalchemy-bigquery 1.11.0 -> 1.12.0 (@github-actions[bot])
- [#31084](https://github.com/apache/superset/pull/31084) chore(🦾): bump python kiwisolver 1.4.5 -> 1.4.7 (@github-actions[bot])
- [#31083](https://github.com/apache/superset/pull/31083) chore(🦾): bump python coverage subpackage(s) (@github-actions[bot])
- [#31077](https://github.com/apache/superset/pull/31077) chore(🦾): bump python cfgv 3.3.1 -> 3.4.0 (@github-actions[bot])
- [#31075](https://github.com/apache/superset/pull/31075) chore(🦾): bump python fonttools 4.51.0 -> 4.55.0 (@github-actions[bot])
- [#31076](https://github.com/apache/superset/pull/31076) chore(🦾): bump python pyasn1-modules 0.4.0 -> 0.4.1 (@github-actions[bot])
- [#31079](https://github.com/apache/superset/pull/31079) chore(🦾): bump python pyhive subpackage(s) (@github-actions[bot])
- [#31078](https://github.com/apache/superset/pull/31078) chore(🦾): bump python google-cloud-core 2.3.2 -> 2.4.1 (@github-actions[bot])
- [#31048](https://github.com/apache/superset/pull/31048) chore(🦾): bump python sqlalchemy-utils subpackage(s) (@github-actions[bot])
- [#31073](https://github.com/apache/superset/pull/31073) chore(🦾): bump python amqp 5.2.0 -> 5.3.1 (@github-actions[bot])
- [#31071](https://github.com/apache/superset/pull/31071) chore(🦾): bump python cachetools 5.3.3 -> 5.5.0 (@github-actions[bot])
- [#31074](https://github.com/apache/superset/pull/31074) chore(🦾): bump python kombu 5.3.7 -> 5.4.2 (@github-actions[bot])
- [#31066](https://github.com/apache/superset/pull/31066) chore(🦾): bump python pyyaml 6.0.1 -> 6.0.2 (@github-actions[bot])
- [#31068](https://github.com/apache/superset/pull/31068) chore(🦾): bump python tqdm 4.66.4 -> 4.67.1 (@github-actions[bot])
- [#31069](https://github.com/apache/superset/pull/31069) chore(🦾): bump python proto-plus 1.22.2 -> 1.25.0 (@github-actions[bot])
- [#31067](https://github.com/apache/superset/pull/31067) chore(🦾): bump python importlib-resources 6.4.0 -> 6.4.5 (@github-actions[bot])
- [#31062](https://github.com/apache/superset/pull/31062) chore(🦾): bump python apispec subpackage(s) (@github-actions[bot])
- [#31056](https://github.com/apache/superset/pull/31056) chore(🦾): bump python deprecated 1.2.14 -> 1.2.15 (@github-actions[bot])
- [#31050](https://github.com/apache/superset/pull/31050) chore(🦾): bump python pre-commit 3.7.1 -> 4.0.1 (@github-actions[bot])
- [#31064](https://github.com/apache/superset/pull/31064) chore(🦾): bump python charset-normalizer 3.3.2 -> 3.4.0 (@github-actions[bot])
- [#31001](https://github.com/apache/superset/pull/31001) chore(🦾): bump python ruff 0.4.5 -> 0.8.0 (@github-actions[bot])
- [#31049](https://github.com/apache/superset/pull/31049) chore(🦾): bump python googleapis-common-protos 1.63.0 -> 1.66.0 (@github-actions[bot])
- [#31046](https://github.com/apache/superset/pull/31046) chore(🦾): bump python cron-descriptor 1.4.3 -> 1.4.5 (@github-actions[bot])
- [#31052](https://github.com/apache/superset/pull/31052) chore(🦾): bump python flask-wtf 1.2.1 -> 1.2.2 (@github-actions[bot])
- [#31044](https://github.com/apache/superset/pull/31044) docs: updated the install process in pypi.mdx (@Rkejji)
- [#31054](https://github.com/apache/superset/pull/31054) chore(🦾): bump python nh3 0.2.17 -> 0.2.18 (@github-actions[bot])
- [#31045](https://github.com/apache/superset/pull/31045) chore(🦾): bump python marshmallow 3.21.2 -> 3.23.1 (@github-actions[bot])
- [#31041](https://github.com/apache/superset/pull/31041) chore(🦾): bump python idna 3.7 -> 3.10 (@github-actions[bot])
- [#31042](https://github.com/apache/superset/pull/31042) chore(🦾): bump python pyjwt 2.8.0 -> 2.10.0 (@github-actions[bot])
- [#31040](https://github.com/apache/superset/pull/31040) chore(🦾): bump python et-xmlfile 1.1.0 -> 2.0.0 & remove pyhive[hive] from requirements/development.in (@github-actions[bot])
- [#30651](https://github.com/apache/superset/pull/30651) chore(legacy-plugin-chart-map-box): replace viewport-mercator-project with @math.gl/web-mercator (@birkskyum)
- [#31004](https://github.com/apache/superset/pull/31004) chore(🦾): bump python pandas subpackage(s) (@github-actions[bot])
- [#31030](https://github.com/apache/superset/pull/31030) chore: Cleanup code related to MetadataBar, fix types (@kgabryje)
- [#31029](https://github.com/apache/superset/pull/31029) chore: Refactor dashboard header to func component (@kgabryje)
- [#30998](https://github.com/apache/superset/pull/30998) chore(🦾): bump python cattrs 23.2.3 -> 24.1.2 (@github-actions[bot])
- [#30867](https://github.com/apache/superset/pull/30867) docs: Update doc about CSV upload (@seiyab)
- [#30972](https://github.com/apache/superset/pull/30972) docs: Embedded sdk (@jpchev)
- [#30981](https://github.com/apache/superset/pull/30981) chore: publish wheels (@dimbleby)
- [#31000](https://github.com/apache/superset/pull/31000) chore(🦾): bump python flask-babel subpackage(s) (@github-actions[bot])
- [#31002](https://github.com/apache/superset/pull/31002) chore(🦾): bump python cffi 1.16.0 -> 1.17.1 (@github-actions[bot])
- [#31006](https://github.com/apache/superset/pull/31006) chore(🦾): bump python numexpr 2.10.0 -> 2.10.1 (@github-actions[bot])
- [#31021](https://github.com/apache/superset/pull/31021) chore: add unit tests for `is_mutating()` (@betodealmeida)
- [#30918](https://github.com/apache/superset/pull/30918) chore(helm): bumping app version to 4.1.1 in helm chart (@lodu)
- [#30948](https://github.com/apache/superset/pull/30948) chore: add performance information to tooltip (@eschutho)
- [#30970](https://github.com/apache/superset/pull/30970) build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /docs (@dependabot[bot])
- [#30969](https://github.com/apache/superset/pull/30969) build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /superset-frontend/cypress-base (@dependabot[bot])
- [#30818](https://github.com/apache/superset/pull/30818) chore(Accessibility): Fix accessibility for 'Show x entries' dropdown in tables (@LevisNgigi)
- [#30946](https://github.com/apache/superset/pull/30946) chore(docs): Update list of supported databases to include CrateDB (@amotl)
- [#30915](https://github.com/apache/superset/pull/30915) chore: update change log, UPDATING.md and bug-report.yml for 4.1 release (@sadpandajoe)
- [#29243](https://github.com/apache/superset/pull/29243) chore(deps): Migrate from `crate[sqlalchemy]` to `sqlalchemy-cratedb` (@amotl)
- [#30930](https://github.com/apache/superset/pull/30930) docs: add Free2Move to INTHEWILD.md (@PaoloTerzi)
- [#30925](https://github.com/apache/superset/pull/30925) chore(ci): add tai and michael to helm owners (@villebro)
- [#30730](https://github.com/apache/superset/pull/30730) refactor(input): Migrate Input component to Ant Design 5 (@msyavuz)
- [#30740](https://github.com/apache/superset/pull/30740) refactor(Avatar): Migrate Avatar to Ant Design 5 (@msyavuz)
- [#30806](https://github.com/apache/superset/pull/30806) build(deps): bump remark-gfm from 3.0.1 to 4.0.0 in /superset-frontend (@dependabot[bot])
- [#29545](https://github.com/apache/superset/pull/29545) chore(AntD5): touchup on component imports/exports, theming ListViewCard (@rusackas)
- [#30775](https://github.com/apache/superset/pull/30775) chore: update help text copy on dataset settings (@yousoph)
- [#30792](https://github.com/apache/superset/pull/30792) build(deps): bump @algolia/client-search from 4.24.0 to 5.12.0 in /docs (@dependabot[bot])
- [#30770](https://github.com/apache/superset/pull/30770) docs: make it more clear that GLOBAL_ASYNC_QUERIES is experimental/beta (@mistercrunch)
- [#30883](https://github.com/apache/superset/pull/30883) perf: Prevent redundant calls to getRelevantDataMask (@kgabryje)
- [#30847](https://github.com/apache/superset/pull/30847) chore(GHA): Making the Linkinator STEP non-blocking, rather than the JOB. (@rusackas)
- [#30812](https://github.com/apache/superset/pull/30812) chore(FilterBar): Filter bar accessibility (@alexandrusoare)
- [#30854](https://github.com/apache/superset/pull/30854) chore: Chart context menu permissions cleanup (@kgabryje)
- [#30255](https://github.com/apache/superset/pull/30255) chore(scripts): purge node_modules folder on `npm prune` (@rusackas)
- [#30846](https://github.com/apache/superset/pull/30846) chore(actions): Bump Linkinator in superset-docs-verify.yml (@rusackas)
- [#30797](https://github.com/apache/superset/pull/30797) build(deps): bump @docsearch/react from 3.6.2 to 3.6.3 in /docs (@dependabot[bot])
- [#30796](https://github.com/apache/superset/pull/30796) build(deps): bump @mdx-js/react from 3.0.1 to 3.1.0 in /docs (@dependabot[bot])
- [#30793](https://github.com/apache/superset/pull/30793) build(deps-dev): bump @types/react from 18.3.10 to 18.3.12 in /docs (@dependabot[bot])
- [#30795](https://github.com/apache/superset/pull/30795) build(deps-dev): bump typescript from 5.6.2 to 5.6.3 in /docs (@dependabot[bot])
- [#30799](https://github.com/apache/superset/pull/30799) build(deps): bump @saucelabs/theme-github-codeblock from 0.2.3 to 0.3.0 in /docs (@dependabot[bot])
- [#30824](https://github.com/apache/superset/pull/30824) docs: Update INTHEWILD.md with 2070Health Org (@sanjaynayak007)
- [#30838](https://github.com/apache/superset/pull/30838) chore: Revert "build(deps): bump JustinBeckwith/linkinator-action from 1.10.4 to 1.11.0" (@rusackas)
- [#30832](https://github.com/apache/superset/pull/30832) build(deps-dev): bump webpack from 5.95.0 to 5.96.1 in /docs (@dependabot[bot])
- [#30822](https://github.com/apache/superset/pull/30822) docs: Update INTHEWILD.md (@Habeeb556)
- [#30835](https://github.com/apache/superset/pull/30835) build(deps-dev): bump eslint from 9.11.0 to 9.14.0 in /superset-websocket (@dependabot[bot])
- [#30782](https://github.com/apache/superset/pull/30782) build(deps): bump uuid from 10.0.0 to 11.0.2 in /superset-websocket (@dependabot[bot])
- [#30784](https://github.com/apache/superset/pull/30784) build(deps): bump winston from 3.13.0 to 3.15.0 in /superset-websocket (@dependabot[bot])
- [#30786](https://github.com/apache/superset/pull/30786) build(deps): bump deck.gl from 9.0.28 to 9.0.34 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#30803](https://github.com/apache/superset/pull/30803) build(deps-dev): bump eslint-plugin-react from 7.33.2 to 7.37.2 in /superset-frontend (@dependabot[bot])
- [#30781](https://github.com/apache/superset/pull/30781) build(deps-dev): bump typescript-eslint from 8.8.0 to 8.12.2 in /superset-websocket (@dependabot[bot])
- [#30809](https://github.com/apache/superset/pull/30809) build(deps-dev): bump prettier-plugin-packagejson from 2.5.2 to 2.5.3 in /superset-frontend (@dependabot[bot])
- [#30817](https://github.com/apache/superset/pull/30817) build(deps): bump webpack from 5.80.0 to 5.96.1 in /superset-frontend/cypress-base (@dependabot[bot])
- [#30794](https://github.com/apache/superset/pull/30794) build(deps): bump antd from 5.20.5 to 5.21.6 in /docs (@dependabot[bot])
- [#30811](https://github.com/apache/superset/pull/30811) build(deps): bump @rjsf/validator-ajv8 from 5.19.4 to 5.22.3 in /superset-frontend (@dependabot[bot])
- [#30804](https://github.com/apache/superset/pull/30804) build(deps): bump ace-builds from 1.35.4 to 1.36.3 in /superset-frontend (@dependabot[bot])
- [#30810](https://github.com/apache/superset/pull/30810) build(deps-dev): bump eslint-plugin-testing-library from 6.2.2 to 6.4.0 in /superset-frontend (@dependabot[bot])
- [#30805](https://github.com/apache/superset/pull/30805) build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 in /superset-frontend (@dependabot[bot])
- [#30802](https://github.com/apache/superset/pull/30802) build(deps): bump JustinBeckwith/linkinator-action from 1.10.4 to 1.11.0 (@dependabot[bot])
- [#30758](https://github.com/apache/superset/pull/30758) style(databases-upload-form): update Upload Form cosmetics (@vine-trellis)
- [#30697](https://github.com/apache/superset/pull/30697) refactor: Migrate SliceAdder to typescript (@EnxDev)
- [#30731](https://github.com/apache/superset/pull/30731) refactor(Switch): Upgrade Switch to Ant Design 5 (@alexandrusoare)
- [#30757](https://github.com/apache/superset/pull/30757) docs: Adding link to StarRocks official docs (@rusackas)
- [#30747](https://github.com/apache/superset/pull/30747) docs: Update INTHEWILD.md (@MSTartan)
- [#30753](https://github.com/apache/superset/pull/30753) docs: add Sarathi to users list (@SaiSkandaTNI)
- [#30749](https://github.com/apache/superset/pull/30749) docs: Update INTHEWILD.md with Medic (@1yuv)
- [#30355](https://github.com/apache/superset/pull/30355) chore(fe): replace deprecate aliased Jest matchers with corresponding substituents (@hainenber)
- [#30536](https://github.com/apache/superset/pull/30536) build(deps): bump cookie from 0.6.0 to 0.7.0 in /superset-websocket (@dependabot[bot])
- [#30480](https://github.com/apache/superset/pull/30480) build(deps-dev): bump webpack from 5.94.0 to 5.95.0 in /docs (@dependabot[bot])
- [#30571](https://github.com/apache/superset/pull/30571) build(deps): bump cookie, cookie-parser and express in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30738](https://github.com/apache/superset/pull/30738) docs: rename Twitter to X in the INTHEWILD.md (@wugeer)
- [#30743](https://github.com/apache/superset/pull/30743) docs(templating): Replace "true" with "1 = 1" and explain its purpose (@sfirke)
- [#30709](https://github.com/apache/superset/pull/30709) build(deps-dev): bump http-proxy-middleware from 2.0.6 to 2.0.7 in /superset-frontend (@dependabot[bot])
- [#30654](https://github.com/apache/superset/pull/30654) refactor: Migrate UndoRedoKeyListeners to typescript (@EnxDev)
- [#30653](https://github.com/apache/superset/pull/30653) refactor: Migration publishedStatus to typescript (@EnxDev)
- [#30683](https://github.com/apache/superset/pull/30683) build(deps): bump http-proxy-middleware from 2.0.6 to 2.0.7 in /docs (@dependabot[bot])
- [#30568](https://github.com/apache/superset/pull/30568) refactor: Migrate HeaderActionsDropdown to typescript (@EnxDev)
- [#30655](https://github.com/apache/superset/pull/30655) docs: frontend long build time (@CodeWithEmad)
- [#30662](https://github.com/apache/superset/pull/30662) refactor: Split FastVizSwitcher into multiple files for readability (@kgabryje)
- [#30609](https://github.com/apache/superset/pull/30609) refactor(Dashboard): Native filters form update endpoint (@geido)
- [#30613](https://github.com/apache/superset/pull/30613) chore: Enable suppressing default chart context menu (@kgabryje)
- [#30523](https://github.com/apache/superset/pull/30523) docs: Clarification on which command to use on which Ubuntu version. (@kkovacs)
- [#30599](https://github.com/apache/superset/pull/30599) chore(number-formatter): upgrade pretty-ms to 9.1.0 (@villebro)
- [#30572](https://github.com/apache/superset/pull/30572) build(deps): bump cookie, @applitools/eyes-storybook and express in /superset-frontend (@dependabot[bot])
- [#30357](https://github.com/apache/superset/pull/30357) chore(fe): uplift FE packages to latest version (@hainenber)
- [#30521](https://github.com/apache/superset/pull/30521) chore: enable lint PT009 'use regular assert over self.assert.\*' (@mistercrunch)
- [#28370](https://github.com/apache/superset/pull/28370) refactor: Migration of Chart to TypeScript (@EnxDev)
- [#30528](https://github.com/apache/superset/pull/30528) chore(fe): bump webpack-related packages to v5 (@hainenber)
- [#30526](https://github.com/apache/superset/pull/30526) chore(translations): Slovenian translation update (@dkrat7)
- [#30495](https://github.com/apache/superset/pull/30495) chore: add native filters to Covid Vaccines dashboard (@sadpandajoe)
- [#30463](https://github.com/apache/superset/pull/30463) build(deps-dev): bump typescript from 5.5.4 to 5.6.2 in /superset-websocket (@dependabot[bot])
- [#30472](https://github.com/apache/superset/pull/30472) build(deps): bump express from 4.20.0 to 4.21.0 in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30496](https://github.com/apache/superset/pull/30496) docs: fix broken links in CI (@mistercrunch)
- [#30476](https://github.com/apache/superset/pull/30476) build(deps-dev): bump typescript from 5.5.4 to 5.6.2 in /docs (@dependabot[bot])
- [#30461](https://github.com/apache/superset/pull/30461) build(deps): bump @rjsf/core from 5.19.4 to 5.21.1 in /superset-frontend (@dependabot[bot])
- [#30465](https://github.com/apache/superset/pull/30465) build(deps-dev): bump typescript-eslint from 8.6.0 to 8.8.0 in /superset-websocket (@dependabot[bot])
- [#30466](https://github.com/apache/superset/pull/30466) build(deps-dev): bump @types/node from 22.0.2 to 22.7.4 in /superset-websocket (@dependabot[bot])
- [#30467](https://github.com/apache/superset/pull/30467) build(deps): bump @types/prop-types from 15.7.5 to 15.7.13 in /superset-frontend (@dependabot[bot])
- [#30469](https://github.com/apache/superset/pull/30469) build(deps): bump @types/react-loadable from 5.5.6 to 5.5.11 in /superset-frontend (@dependabot[bot])
- [#30471](https://github.com/apache/superset/pull/30471) build(deps): bump debug from 4.3.6 to 4.3.7 in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30281](https://github.com/apache/superset/pull/30281) refactor(frontend): migrate 6 Enzyme-based tests to RTL, part 2 (@hainenber)
- [#30487](https://github.com/apache/superset/pull/30487) build(deps-dev): bump esbuild-loader from 4.1.0 to 4.2.2 in /superset-frontend (@dependabot[bot])
- [#30460](https://github.com/apache/superset/pull/30460) build(deps-dev): bump eslint-plugin-file-progress from 1.4.0 to 1.5.0 in /superset-frontend (@dependabot[bot])
- [#30459](https://github.com/apache/superset/pull/30459) build(deps-dev): bump @cypress/react from 5.12.5 to 8.0.2 in /superset-frontend (@dependabot[bot])
- [#30464](https://github.com/apache/superset/pull/30464) build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.6.0 to 8.8.0 in /superset-websocket (@dependabot[bot])
- [#30477](https://github.com/apache/superset/pull/30477) build(deps): bump re-resizable from 6.9.11 to 6.10.0 in /superset-frontend (@dependabot[bot])
- [#30473](https://github.com/apache/superset/pull/30473) build(deps-dev): bump webpack-manifest-plugin from 4.1.1 to 5.0.0 in /superset-frontend (@dependabot[bot])
- [#30481](https://github.com/apache/superset/pull/30481) build(deps-dev): bump @types/react from 18.3.5 to 18.3.10 in /docs (@dependabot[bot])
- [#30483](https://github.com/apache/superset/pull/30483) build(deps): bump @docsearch/react from 3.6.1 to 3.6.2 in /docs (@dependabot[bot])
- [#30484](https://github.com/apache/superset/pull/30484) build(deps): bump handlebars from 4.7.7 to 4.7.8 in /superset-frontend (@dependabot[bot])
- [#30485](https://github.com/apache/superset/pull/30485) build(deps-dev): bump @types/yargs from 17.0.32 to 17.0.33 in /superset-frontend (@dependabot[bot])
- [#30445](https://github.com/apache/superset/pull/30445) docs(dashboard): add docs for named and index colors (@villebro)
- [#30410](https://github.com/apache/superset/pull/30410) chore: log warnings for database tables api (@eschutho)
- [#28747](https://github.com/apache/superset/pull/28747) chore: document upper bound for python lib 'holidays' >= 0.26 (@mistercrunch)
- [#30440](https://github.com/apache/superset/pull/30440) chore(Dashboard): Unblock Global Styles (@geido)
- [#30365](https://github.com/apache/superset/pull/30365) chore: add logging for dashboards/get warnings (@eschutho)
- [#30128](https://github.com/apache/superset/pull/30128) chore(View): Remove unnecessary theme view and defer basic styles (@geido)
- [#30407](https://github.com/apache/superset/pull/30407) chore: Merge description and reproduction steps in the issue template (@michael-s-molina)
- [#30305](https://github.com/apache/superset/pull/30305) chore(legacy-plugin-chart-map-box): bump supercluster to v8 (@birkskyum)
- [#30086](https://github.com/apache/superset/pull/30086) build(deps): update @emotion/react requirement from ^11.4.1 to ^11.13.3 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#27827](https://github.com/apache/superset/pull/27827) build(deps): bump @emotion/react from 11.4.1 to 11.11.4 in /superset-frontend (@dependabot[bot])
- [#28346](https://github.com/apache/superset/pull/28346) refactor: Migration of AnnotationLayerControl to TypeScript (@EnxDev)
- [#30251](https://github.com/apache/superset/pull/30251) build(deps-dev): bump sinon from 18.0.0 to 18.0.1 in /superset-frontend (@dependabot[bot])
- [#30315](https://github.com/apache/superset/pull/30315) docs: Corrected Dremio connection string (@doernemt)
- [#30352](https://github.com/apache/superset/pull/30352) chore(docs): fix an agreement error in caching docs (@sfirke)
- [#30346](https://github.com/apache/superset/pull/30346) docs: add HANA database logo in README.md (@axuew)
- [#28290](https://github.com/apache/superset/pull/28290) build(deps): update dompurify requirement from ^3.1.0 to ^3.1.2 in /superset-frontend/plugins/legacy-preset-chart-nvd3 (@dependabot[bot])
- [#30089](https://github.com/apache/superset/pull/30089) build(deps-dev): bump @storybook/react-webpack5 from 8.1.11 to 8.2.9 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#30359](https://github.com/apache/superset/pull/30359) build(websocket): upgrade ESLint to v9 (@hainenber)
- [#30084](https://github.com/apache/superset/pull/30084) build(deps): bump deck.gl from 9.0.24 to 9.0.28 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#30300](https://github.com/apache/superset/pull/30300) build(deps): bump dompurify from 3.1.0 to 3.1.3 in /superset-frontend (@dependabot[bot])
- [#30247](https://github.com/apache/superset/pull/30247) build(deps): bump path-to-regexp from 1.8.0 to 1.9.0 in /superset-frontend/cypress-base (@dependabot[bot])
- [#30337](https://github.com/apache/superset/pull/30337) docs: sql-templating (@torgge)
- [#30333](https://github.com/apache/superset/pull/30333) docs: Update cache.mdx, add needed space (@varfigstar)
- [#30123](https://github.com/apache/superset/pull/30123) chore: correct a typo (@dl57934)
- [#30262](https://github.com/apache/superset/pull/30262) chore: bump cypress to v 11 (@eschutho)
- [#30313](https://github.com/apache/superset/pull/30313) chore(UPDATING.md): Add item to UPDATING describing translations build flag (@martyngigg)
- [#30227](https://github.com/apache/superset/pull/30227) build(deps): bump express from 4.19.2 to 4.20.0 in /docs (@dependabot[bot])
- [#30032](https://github.com/apache/superset/pull/30032) docs: HTML embedding of charts/dashboards without authentication (@lindner-tj)
- [#30254](https://github.com/apache/superset/pull/30254) style(explore): clarify ambiguously named "sort by" field (@sfirke)
- [#30321](https://github.com/apache/superset/pull/30321) chore(explore): Medium font weight for section headers (@kasiazjc)
- [#30261](https://github.com/apache/superset/pull/30261) chore: remove redundant code (@villebro)
- [#25910](https://github.com/apache/superset/pull/25910) chore(deps): bump dremio deps (@gnought)
- [#30268](https://github.com/apache/superset/pull/30268) docs: Update kubernetes.mdx (@nyandajr)
- [#29771](https://github.com/apache/superset/pull/29771) chore(docker): move mysql os-level deps (GPL) to dev image only (@mistercrunch)
- [#30151](https://github.com/apache/superset/pull/30151) refactor(frontend): migrate 6 tests from Enzyme to RTL (@hainenber)
- [#30253](https://github.com/apache/superset/pull/30253) chore(build): remove extraneous prettier step in superset-frontend CI (@hainenber)
- [#30257](https://github.com/apache/superset/pull/30257) build(ci): make linkinator advisory (@rusackas)
- [#30242](https://github.com/apache/superset/pull/30242) build(deps, deps-dev): upgrade major versions for dependencies of `@superset/embedded-sdk` (@hainenber)
- [#30228](https://github.com/apache/superset/pull/30228) build(deps): bump send and express in /superset-frontend (@dependabot[bot])
- [#30229](https://github.com/apache/superset/pull/30229) build(deps): bump serve-static and express in /superset-frontend (@dependabot[bot])
- [#30232](https://github.com/apache/superset/pull/30232) refactor(explore): Migrate MetricsControl test suite to RTL (@rtexelm)
- [#30226](https://github.com/apache/superset/pull/30226) build(deps): bump serve-static and express in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30225](https://github.com/apache/superset/pull/30225) build(deps): bump send and express in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#30091](https://github.com/apache/superset/pull/30091) build(deps): update @babel/runtime requirement from ^7.1.2 to ^7.25.6 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#25452](https://github.com/apache/superset/pull/25452) chore(frontend): Spelling (@jsoref)
- [#30103](https://github.com/apache/superset/pull/30103) build(deps-dev): update @babel/types requirement from ^7.25.2 to ^7.25.6 in /superset-frontend/plugins/plugin-chart-pivot-table (@dependabot[bot])
- [#30199](https://github.com/apache/superset/pull/30199) chore(docs): Removing dead link from INTHEWILD.md (@rusackas)
- [#30101](https://github.com/apache/superset/pull/30101) build(deps-dev): bump @types/react from 18.3.3 to 18.3.5 in /docs (@dependabot[bot])
- [#30036](https://github.com/apache/superset/pull/30036) build(deps-dev): bump webpack from 5.93.0 to 5.94.0 in /docs (@dependabot[bot])
- [#30179](https://github.com/apache/superset/pull/30179) build(deps): bump antd from 5.20.0 to 5.20.5 in /docs (@dependabot[bot])
- [#30166](https://github.com/apache/superset/pull/30166) build(deps): bump @types/node from 20.12.7 to 22.5.4 in /superset-frontend (@dependabot[bot])
- [#30097](https://github.com/apache/superset/pull/30097) build(deps-dev): bump typescript from 4.9.5 to 5.5.4 in /superset-websocket (@dependabot[bot])
- [#30088](https://github.com/apache/superset/pull/30088) build(deps): bump core-js from 3.37.1 to 3.38.1 in /superset-frontend/packages/superset-ui-demo (@dependabot[bot])
- [#29963](https://github.com/apache/superset/pull/29963) build(dev-deps, deps): upgrade major versions for FE deps (@hainenber)
- [#30167](https://github.com/apache/superset/pull/30167) chore(docs): bump docusaurus from 3.4.0 to 3.5.2 (@villebro)
- [#30094](https://github.com/apache/superset/pull/30094) build(deps): bump ws and @types/ws in /superset-websocket (@dependabot[bot])
- [#30105](https://github.com/apache/superset/pull/30105) build(deps-dev): bump @docusaurus/module-type-aliases from 3.4.0 to 3.5.2 in /docs (@dependabot[bot])
- [#30111](https://github.com/apache/superset/pull/30111) build(deps): bump react-ultimate-pagination and @types/react-ultimate-pagination in /superset-frontend (@dependabot[bot])
- [#30106](https://github.com/apache/superset/pull/30106) build(deps): bump prism-react-renderer from 2.3.1 to 2.4.0 in /docs (@dependabot[bot])
- [#30107](https://github.com/apache/superset/pull/30107) build(deps-dev): bump @docusaurus/tsconfig from 3.4.0 to 3.5.2 in /docs (@dependabot[bot])
- [#30108](https://github.com/apache/superset/pull/30108) build(deps): bump react-svg-pan-zoom from 3.12.1 to 3.13.1 in /docs (@dependabot[bot])
- [#30095](https://github.com/apache/superset/pull/30095) build(deps-dev): bump ts-jest from 29.1.5 to 29.2.5 in /superset-websocket (@dependabot[bot])
- [#30096](https://github.com/apache/superset/pull/30096) build(deps): bump uuid and @types/uuid in /superset-websocket (@dependabot[bot])
- [#30143](https://github.com/apache/superset/pull/30143) build(deps): bump cryptography from 42.0.7 to 42.0.8 (@dependabot[bot])
- [#30118](https://github.com/apache/superset/pull/30118) build(deps-dev): bump prettier-plugin-packagejson from 2.4.10 to 2.5.2 in /superset-frontend (@dependabot[bot])
- [#30127](https://github.com/apache/superset/pull/30127) docs: Fixing missing 'c' in installation guide documentation (@JordanTB)
- [#30155](https://github.com/apache/superset/pull/30155) chore(docs): replace http with https (@villebro)
- [#30072](https://github.com/apache/superset/pull/30072) chore(tests): skip extremely flaky gaq test (@villebro)
- [#30153](https://github.com/apache/superset/pull/30153) chore(docs): update xendit link (@villebro)
- [#30021](https://github.com/apache/superset/pull/30021) chore: accelerate docker compose by skipping frontend build (@mistercrunch)
- [#30090](https://github.com/apache/superset/pull/30090) build(deps): bump aws-actions/amazon-ecs-deploy-task-definition from 1 to 2 (@dependabot[bot])
- [#30037](https://github.com/apache/superset/pull/30037) build(deps-dev): bump webpack from 5.76.0 to 5.94.0 in /superset-embedded-sdk (@dependabot[bot])
- [#30038](https://github.com/apache/superset/pull/30038) build(deps-dev): bump webpack from 5.93.0 to 5.94.0 in /superset-frontend (@dependabot[bot])
- [#30102](https://github.com/apache/superset/pull/30102) build(deps-dev): bump eslint-plugin-react-prefer-function-component from 0.0.7 to 3.3.0 in /superset-frontend (@dependabot[bot])
- [#30117](https://github.com/apache/superset/pull/30117) build(deps): bump d3-time-format and @types/d3-time-format in /superset-frontend (@dependabot[bot])
- [#30116](https://github.com/apache/superset/pull/30116) build(deps-dev): bump eslint-plugin-no-only-tests from 2.4.0 to 3.3.0 in /superset-frontend (@dependabot[bot])
- [#30027](https://github.com/apache/superset/pull/30027) refactor(databases): Create constants.ts, move interface to types.ts (@rtexelm)
- [#30030](https://github.com/apache/superset/pull/30030) chore(docs): docker instructions use `docker compose` instead of the deprecated `docker-compose` (@rusackas)
- [#30057](https://github.com/apache/superset/pull/30057) chore(docs): clean up a few md errors (@villebro)
- [#29586](https://github.com/apache/superset/pull/29586) chore(translations): Arabic translations (@abdilra7eem)
- [#30011](https://github.com/apache/superset/pull/30011) chore(deps): bump core-js (@rusackas)
- [#30007](https://github.com/apache/superset/pull/30007) chore(deps): bump cross-env (@rusackas)
- [#30008](https://github.com/apache/superset/pull/30008) build(deps): bump micromatch from 4.0.4 to 4.0.8 in /superset-frontend/cypress-base (@dependabot[bot])
- [#30009](https://github.com/apache/superset/pull/30009) build(deps): bump micromatch from 4.0.5 to 4.0.8 in /docs (@dependabot[bot])
- [#27832](https://github.com/apache/superset/pull/27832) build(deps): bump remark-gfm from 3.0.1 to 4.0.0 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#28292](https://github.com/apache/superset/pull/28292) build(deps): bump d3-time from 1.1.0 to 3.1.0 in /superset-frontend/packages/superset-ui-core (@dependabot[bot])
- [#29990](https://github.com/apache/superset/pull/29990) chore(init): adding link to secret key instructions (@rusackas)
- [#29947](https://github.com/apache/superset/pull/29947) build(deps): bump ws and @applitools/eyes-cypress in /superset-frontend/cypress-base (@dependabot[bot])
- [#29988](https://github.com/apache/superset/pull/29988) build(node): Bumping to Node 20 (@rusackas)
- [#25454](https://github.com/apache/superset/pull/25454) chore(tests): Spelling (@jsoref)
- [#29970](https://github.com/apache/superset/pull/29970) docs: improve pre-commit docs and discoverability when CI fails (@mistercrunch)
- [#29964](https://github.com/apache/superset/pull/29964) build(deps-dev): bump eslint-plugin-cypress from 2.11.2 to 3.4.0 in /superset-frontend + corresponding refactor (@hainenber)
- [#29969](https://github.com/apache/superset/pull/29969) chore(antd): straightening out button import paths (@rusackas)
- [#29948](https://github.com/apache/superset/pull/29948) chore(deps): bump micromatch (@rusackas)
- [#29952](https://github.com/apache/superset/pull/29952) chore: add additional code owners to migrations (@sadpandajoe)
- [#29945](https://github.com/apache/superset/pull/29945) build(deps): bump axios from 1.6.8 to 1.7.4 in /docs (@dependabot[bot])
- [#29949](https://github.com/apache/superset/pull/29949) build(deps-dev): bump axios from 1.7.3 to 1.7.4 in /superset-frontend (@dependabot[bot])
- [#29946](https://github.com/apache/superset/pull/29946) build(deps-dev): bump axios from 1.6.0 to 1.7.4 in /superset-embedded-sdk (@dependabot[bot])
- [#29904](https://github.com/apache/superset/pull/29904) chore: Changes the migrations owners (@michael-s-molina)
- [#29868](https://github.com/apache/superset/pull/29868) chore: remove useless GitHub action (@mistercrunch)
- [#29869](https://github.com/apache/superset/pull/29869) chore: remove useless GitHub action required check (@mistercrunch)
- [#29859](https://github.com/apache/superset/pull/29859) chore(deps): bumping underscore via npm override (@rusackas)
- [#29876](https://github.com/apache/superset/pull/29876) chore(docs): reorder fs users (@villebro)
- [#29841](https://github.com/apache/superset/pull/29841) chore(deps): bumping jquery (@rusackas)
- [#29870](https://github.com/apache/superset/pull/29870) docs: add unit to companies list (@amitmiran137)
- [#29652](https://github.com/apache/superset/pull/29652) chore(build): uplift several outdated frontend packages (@hainenber)
- [#29866](https://github.com/apache/superset/pull/29866) chore: pre-matrixify pre-commit check (@mistercrunch)
- [#29844](https://github.com/apache/superset/pull/29844) chore(cleanup): Removing bootstrap (experimental) (@rusackas)
- [#29863](https://github.com/apache/superset/pull/29863) chore: describe timezone issue with alerts and reports scheduler in UPDATING.md (@danielli-ziprecruiter)
- [#29855](https://github.com/apache/superset/pull/29855) perf: Lazy load rehype-raw and react-markdown (@kgabryje)
- [#29788](https://github.com/apache/superset/pull/29788) perf: Remove antd-with-locales import (@kgabryje)
- [#29791](https://github.com/apache/superset/pull/29791) perf: Lazy load moment-timezone (@kgabryje)
- [#29808](https://github.com/apache/superset/pull/29808) build(deps-dev): update @babel/types requirement from ^7.24.5 to ^7.25.2 in /superset-frontend/plugins/plugin-chart-pivot-table (@dependabot[bot])
- [#29838](https://github.com/apache/superset/pull/29838) chore(deps): npm audit fix results (@rusackas)
- [#28294](https://github.com/apache/superset/pull/28294) build(deps): bump react-bootstrap-slider from 2.1.5 to 3.0.0 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#29756](https://github.com/apache/superset/pull/29756) build(deps): bump react-diff-viewer-continued from 3.2.5 to 3.4.0 in /superset-frontend (@dependabot[bot])
- [#29759](https://github.com/apache/superset/pull/29759) build(deps-dev): bump eslint-plugin-file-progress from 1.2.0 to 1.4.0 in /superset-frontend (@dependabot[bot])
- [#29812](https://github.com/apache/superset/pull/29812) build(deps): bump @fontsource/inter from 5.0.19 to 5.0.20 in /superset-frontend (@dependabot[bot])
- [#29813](https://github.com/apache/superset/pull/29813) build(deps): bump chrono-node from 2.7.5 to 2.7.6 in /superset-frontend (@dependabot[bot])
- [#29815](https://github.com/apache/superset/pull/29815) build(deps): bump mustache from 2.3.2 to 4.2.0 in /superset-frontend (@dependabot[bot])
- [#29816](https://github.com/apache/superset/pull/29816) build(deps-dev): bump @types/react-syntax-highlighter from 15.5.11 to 15.5.13 in /superset-frontend (@dependabot[bot])
- [#29820](https://github.com/apache/superset/pull/29820) build(deps-dev): bump style-loader from 3.3.4 to 4.0.0 in /superset-frontend (@dependabot[bot])
- [#29821](https://github.com/apache/superset/pull/29821) build(deps): bump memoize-one from 5.1.1 to 5.2.1 in /superset-frontend (@dependabot[bot])
- [#29809](https://github.com/apache/superset/pull/29809) build(deps-dev): bump @types/jest from 27.0.2 to 29.5.12 in /superset-websocket (@dependabot[bot])
- [#29811](https://github.com/apache/superset/pull/29811) build(deps-dev): bump @types/node from 22.0.0 to 22.0.2 in /superset-websocket (@dependabot[bot])
- [#29758](https://github.com/apache/superset/pull/29758) build(deps): bump rimraf from 3.0.2 to 6.0.1 in /superset-frontend (@dependabot[bot])
- [#29787](https://github.com/apache/superset/pull/29787) perf: Antd icons tree shaking (@kgabryje)
- [#29796](https://github.com/apache/superset/pull/29796) perf: Lazy load React Ace (@kgabryje)
- [#29792](https://github.com/apache/superset/pull/29792) chore: deleting vestigial EMAIL_NOTIFICATIONS (@rusackas)
- [#29673](https://github.com/apache/superset/pull/29673) style: remove uppercase from labels, buttons, tabs to align with design system (@mistercrunch)
- [#29755](https://github.com/apache/superset/pull/29755) build(deps): bump @types/lodash from 4.17.0 to 4.17.7 in /superset-frontend (@dependabot[bot])
- [#29765](https://github.com/apache/superset/pull/29765) build(deps-dev): bump webpack from 5.89.0 to 5.93.0 in /superset-frontend (@dependabot[bot])
- [#29794](https://github.com/apache/superset/pull/29794) chore(deps): bump dayjs to unblock CI. (@rusackas)
- [#29790](https://github.com/apache/superset/pull/29790) chore(docs): remove mention of MariaDB in dev environment setup (@sfirke)
- [#29738](https://github.com/apache/superset/pull/29738) build(deps-dev): bump @types/node from 20.13.0 to 22.0.0 in /superset-websocket (@dependabot[bot])
- [#29748](https://github.com/apache/superset/pull/29748) build(deps): bump @ant-design/icons from 5.3.7 to 5.4.0 in /docs (@dependabot[bot])
- [#29747](https://github.com/apache/superset/pull/29747) build(deps-dev): bump webpack from 5.92.1 to 5.93.0 in /docs (@dependabot[bot])
- [#29427](https://github.com/apache/superset/pull/29427) chore(deps): bump abortcontroller-polyfill from 1.2.1 to 1.7.5 in /superset-frontend (@dependabot[bot])
- [#28820](https://github.com/apache/superset/pull/28820) chore(deps): bump d3-hierarchy from 1.1.9 to 3.1.2 in /superset-frontend (@dependabot[bot])
- [#29740](https://github.com/apache/superset/pull/29740) build(deps-dev): update @types/lodash requirement from ^4.17.6 to ^4.17.7 in /superset-frontend/plugins/plugin-chart-handlebars (@dependabot[bot])
- [#29743](https://github.com/apache/superset/pull/29743) build(deps): update underscore requirement from ^1.13.6 to ^1.13.7 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#29763](https://github.com/apache/superset/pull/29763) build(deps-dev): bump history from 4.10.1 to 5.3.0 in /superset-frontend (@dependabot[bot])
- [#29760](https://github.com/apache/superset/pull/29760) build(deps-dev): bump ts-loader from 7.0.5 to 9.5.1 in /superset-frontend (@dependabot[bot])
- [#28297](https://github.com/apache/superset/pull/28297) build(deps-dev): update @babel/types requirement from ^7.24.0 to ^7.24.5 in /superset-frontend/plugins/plugin-chart-pivot-table (@dependabot[bot])
- [#29767](https://github.com/apache/superset/pull/29767) build(deps): bump fast-xml-parser from 4.2.7 to 4.4.1 in /superset-frontend (@dependabot[bot])
- [#29739](https://github.com/apache/superset/pull/29739) build(deps): bump debug from 4.3.5 to 4.3.6 in /superset-websocket/utils/client-ws-app (@dependabot[bot])
- [#29742](https://github.com/apache/superset/pull/29742) build(deps-dev): bump prettier from 3.2.5 to 3.3.3 in /superset-websocket (@dependabot[bot])
- [#29744](https://github.com/apache/superset/pull/29744) build(deps): bump deck.gl from 9.0.21 to 9.0.24 in /superset-frontend/plugins/legacy-preset-chart-deckgl (@dependabot[bot])
- [#29746](https://github.com/apache/superset/pull/29746) build(deps): bump @types/lodash from 4.17.4 to 4.17.7 in /superset-websocket (@dependabot[bot])
- [#29750](https://github.com/apache/superset/pull/29750) build(deps-dev): bump typescript from 5.5.2 to 5.5.4 in /docs (@dependabot[bot])
- [#29751](https://github.com/apache/superset/pull/29751) build(deps): bump @docsearch/react from 3.6.0 to 3.6.1 in /docs (@dependabot[bot])
- [#29753](https://github.com/apache/superset/pull/29753) build(deps-dev): bump mini-css-extract-plugin from 2.7.6 to 2.9.0 in /superset-frontend (@dependabot[bot])
- [#29754](https://github.com/apache/superset/pull/29754) build(deps-dev): bump @svgr/webpack from 8.0.1 to 8.1.0 in /superset-frontend (@dependabot[bot])
- [#29762](https://github.com/apache/superset/pull/29762) build(deps): bump ace-builds from 1.4.14 to 1.35.4 in /superset-frontend (@dependabot[bot])
- [#29731](https://github.com/apache/superset/pull/29731) chore(build): pin Storybook-related packages to 8.1.11 as further v8+ version requires React 18 (@hainenber)
- [#26557](https://github.com/apache/superset/pull/26557) build(deps-dev): bump thread-loader from 3.0.4 to 4.0.2 in /superset-frontend (@dependabot[bot])
--- a/CHANGELOG/6.0.0.md
+++ b/CHANGELOG/6.0.0.md
--- a/CHATBOT_SIP.md
+++ b/CHATBOT_SIP.md
@@ -1,895 +0,0 @@
-Chatbot extensions
-Author: Enzo Martellucci
-Team: Preset
-Status: Draft | Under Review | Completed
-Day: May, 2026
-
-1. Introduction
-   This SIP proposes a new extension point that enables third-party chatbot integrations to be embedded directly into the Superset user interface through the existing extension framework.
-   The goal is to provide a stable, supported mechanism for chatbot providers to integrate with Superset without requiring direct access to internal application state, Redux stores, or implementation-specific frontend modules. Chatbot extensions should interact with Superset through the same extension-oriented principles already established for other extension surfaces, such as SQL Lab.
-   The proposal focuses on three core concerns:
-   • Defining how chatbot extensions are registered and rendered.
-   • Defining how chatbot extensions receive contextual information about the currently active application surface.
-   • Defining how administrators manage chatbot availability and select the active chatbot when multiple chatbot extensions are installed.
-   This SIP intentionally does not prescribe any specific chatbot implementation, user experience, LLM provider, or backend architecture.
-   1.1 Motivation
-   AI-powered assistants are becoming a common way for users to interact with analytical applications. Superset should provide a standardized extension mechanism that allows community-built chatbot integrations to participate in the platform without depending on internal frontend implementation details.
-   Today, chatbot integrations must either be embedded through custom application modifications or rely on unsupported access to internal application state. Both approaches create maintenance challenges and make integrations fragile when frontend architecture evolves.
-
-This SIP introduces a stable extension contract that:
-• Enables chatbot integrations to be distributed as standard Superset extensions.
-• Preserves separation between host and extension responsibilities.
-• Allows chatbot implementations to access contextual information about the current page and entity being viewed.
-• Keeps authorization and permission enforcement aligned with existing Superset APIs.
-• Remains compatible with future frontend architecture changes.
-1.2 Goals
-The goals of this SIP are:
-Introduce a dedicated chatbot extension point within the Superset application shell.
-Provide chatbot extensions with host-managed, permission-aligned page context.
-Establish stable extension-facing APIs for dashboard, explore, dataset, and navigation context.
-Support deployment-wide administration of chatbot availability and selection.
-Maintain isolation between chatbot implementations and Superset internals.
-Preserve compatibility with future extension capabilities and AI-related initiatives.
-1.3 Out of Scope
-The following capabilities are explicitly out of scope for this SIP.
-Client Actions and Agentic UI Manipulation
-This SIP defines how chatbot extensions are mounted and how they receive context from the host application.
-It does not define how a chatbot performs actions within the user interface, such as:
-• Modifying chart configuration.
-• Updating dashboard layouts.
-• Editing SQL queries.
-• Triggering frontend workflows.
-These capabilities are deferred to the proposed Client Actions SIP.
-Chatbot User Experience
-The chatbot user interface remains entirely owned by the extension.
-This SIP does not prescribe:
-• Visual design.
-• Conversation experience.
-• Streaming behavior.
-• Message persistence.
-• Prompting strategy.
-• Accessibility implementation details.
-• Branding or styling.
-LLM and Backend Infrastructure
-The following concerns remain extension-specific:
-• Model providers.
-• MCP implementations.
-• Agent frameworks.
-• Tool execution systems.
-• Prompt orchestration.
-• Backend services.
-Superset acts only as the host application and context provider.
-
-2. Requirements
-
-  2.1 Functional Requirements
-  Registration and Rendering
-  The platform must allow extensions to register chatbot providers through the standard extension system.
-  The host must:
-    • Support registration of chatbot extensions.
-    • Render a chatbot UI contributed by an extension.
-    • Maintain a single active chatbot instance at any given time.
-    • Make the chatbot available across supported application surfaces.
-    • Support fully custom chatbot user interfaces.
-
-Context Sharing
-The platform must provide chatbot extensions with contextual information about the user's current application state.
-At minimum, the host must expose:
-• Current page type (`home`, `dashboard`, `explore`, `sqllab`, `dataset`, `other`).
-• Dashboard context.
-• Explore/chart context.
-• Dataset identity context.
-• SQL Lab context.
-• Navigation events.
-The chatbot must be notified of relevant context changes without polling.
-Examples include:
-• Route changes.
-• Dashboard changes.
-• Chart changes.
-• Dataset changes.
-• Title changes.
-• Filter changes.
-Host-Owned Context
-Context exposed to extensions must be computed by the host application.
-Extensions must not be required to:
-• Read Redux state.
-• Access internal application modules.
-• Depend on component-level implementation details.
-• Reconstruct semantic context from frontend internals.
-Instead, extensions consume stable namespace APIs provided by the host.
-Conversation State
-The conversation state remains entirely owned by the chatbot extension.
-This includes:
-• Message history.
-• Tool execution state.
-• Streaming buffers.
-• Conversation persistence.
-• Session management.
-The host is responsible only for exposing contextual information.
-2.2 Non-Functional Requirements
-Security and Authorization
-Context shared with chatbot extensions must remain aligned with Superset's existing authorization model.
-The host must not expose:
-• Entities the current user cannot access.
-• Metadata outside the user's permission scope.
-• Datasource-derived information unavailable through existing APIs.
-Authorization remains enforced by backend APIs. The extension-facing APIs defined by this SIP operate on data that has already been scoped to the current user.
-Stable Extension Contracts
-Extension-facing APIs must remain independent of frontend implementation details.
-Extensions should rely on documented namespace contracts rather than:
-• Redux slices.
-• Internal selectors.
-• Component state.
-• Routing implementation details.
-This allows frontend architecture to evolve without breaking extensions.
-Performance
-The architecture must minimize impact on existing application performance.
-In particular:
-• Context APIs must avoid unnecessary application re-renders.
-• Context change notifications must not rely on polling.
-• Chatbot integrations should not introduce additional work for unrelated surfaces.
-Fault Isolation
-Failures within chatbot extensions must not affect the stability of the host application.
-Errors originating from third-party chatbot implementations should be isolated to the chatbot mount boundary.
-Extensibility
-The architecture should support future:
-• Application surfaces.
-• AI-related capabilities.
-• Extension APIs.
-• Context providers.
-without requiring redesign of the chatbot extension model.
-Vendor Neutrality
-The architecture must remain independent of any specific:
-• LLM provider.
-• AI platform.
-• Agent framework.
-• Backend implementation.
-
-3. Administration
-   3.1 Overview
-   Administrators can manage chatbot availability and select the active chatbot when multiple chatbot extensions are installed.
-   Administration is exposed through the existing Extensions management interface.
-   For chatbot extensions, administrators can:
-   • Enable or disable individual chatbot extensions.
-   • Select the default chatbot when multiple chatbot providers are available.
-   Only one chatbot may be active at a time.
-   3.2 Default Chatbot Selection
-   Extensions that contribute a chatbot view participate in a deployment-wide chatbot selection process.
-   The host discovers available chatbot candidates from the chatbot contribution location and allows administrators to designate a single active chatbot.
-
-When multiple chatbot extensions are installed:
-Administrators select the preferred chatbot.
-The host resolves the active chatbot using the configured selection.
-Only the selected chatbot is rendered.
-Changes are applied dynamically without requiring a page reload.
-3.3 Scope of Administration
-The administration model introduced by this SIP is deployment-wide.
-Administrative settings answer the question:
-"Which chatbot integrations are available within this Superset deployment?"
-They do not answer:
-"Which chatbot integrations does a specific user prefer to use?"
-This distinction is intentional.
-Deployment administrators determine which integrations are available across the environment, while user-specific preferences remain a separate concern.
-3.4 Future User Preferences
-Per-user chatbot preferences are considered an important future capability but are intentionally out of scope for this SIP.
-This proposal does not introduce user-scoped extension availability.
-Instead, future user preferences should be layered on top of deployment availability using the following model:
-Effective Availability = Deployment Availability AND User Preference
-The recommended persistence layer for future user preferences is the Extension Storage API, which provides user-scoped extension storage and aligns with the architecture established by SIP-127 (User Preferences).
-This separation preserves a clear distinction between:
-• Deployment configuration.
-• User customization.
-and avoids introducing multiple ownership models for extension availability.
-Consequently, this SIP focuses exclusively on deployment-wide administration and active chatbot selection. 4. Proposed Extension Point
-4.1 Overview
-This SIP introduces a single extension point that allows chatbot providers to integrate directly into the Superset application shell.
-Extension Point
-Contribution Location
-Registration API
-Cardinality
-Chatbot Bubble
-superset.chatbot
-views.registerView()
-Singleton
-
-The chatbot contribution point is application-wide and persists across supported Superset surfaces, including dashboards, Explore, SQL Lab, and dataset-related pages.
-Unlike most contribution locations, which allow multiple contributions to be rendered simultaneously, the chatbot location is intentionally exclusive and renders a single active provider.
-
-4.2 Chatbot Contribution Location
-Contribution Area
-The contribution location introduced by this SIP is:
-superset.chatbot
-The host provides a fixed mount point within the application shell and renders the active chatbot provider at that location.
-The mount point persists across route changes, allowing chatbot conversations and UI state to remain available while users navigate between application surfaces.
-The chatbot extension contributes a single React component representing the entire chatbot experience.
-Manifest Support
-The current contribution manifest schema is focused on SQL Lab contribution locations and does not provide an application-shell-level contribution scope.
-To support chatbot integrations, the manifest schema must be extended with an application-level contribution scope capable of declaring:
-{
-"views": {
-"app": [
-{
-"location": "superset.chatbot"
-}
-]
-}
-}
-This is a schema-level change and requires updates to both:
-• Manifest validation.
-• Runtime registration infrastructure.
-The runtime registration API alone is not sufficient because chatbot contributions must also be discoverable through extension manifests.
-4.3 Singleton Rendering Model
-The chatbot location is intentionally exclusive.
-Only one chatbot may be active at a time.
-This differs from other contribution locations that allow multiple views to be rendered simultaneously.
-Motivation
-Chatbot interactions are inherently conversational and user-focused.
-Rendering multiple chatbot providers simultaneously would:
-• Create competing user experiences.
-• Introduce ambiguity regarding which chatbot should respond.
-• Increase UI complexity.
-• Reduce discoverability.
-For these reasons, chatbot rendering is treated as a deployment-level selection rather than a multi-provider composition model.
-Resolution Rules
-The host applies the following behavior:
-Installed Chatbots
-Behavior
-None
-No chatbot is rendered
-One
-The chatbot is rendered automatically
-Multiple
-The administrator-selected chatbot is rendered
-
-The singleton policy is implemented entirely by the host.
-Extensions continue to register normally through the existing view registry.
-4.4 Provider Isolation
-A key architectural principle of this SIP is that extensions may discover registrations but may not invoke another extension's rendering logic.
-Public View Discovery
-The existing registry exposes:
-getViews(location);
-This API returns metadata describing registered views:
-interface View {
-id: string;
-name: string;
-description?: string;
-icon?: string;
-}
-The returned descriptors are intentionally passive metadata.
-They allow extensions and host components to:
-• Discover available contributions.
-• Display contribution information.
-• Populate administration interfaces.
-They do not allow rendering.
-Why Providers Are Not Exposed
-The view provider is executable rendering logic.
-If providers were exposed through the public registry:
-• Extensions could render another extension's UI.
-• Extensions could bypass host lifecycle management.
-• Extensions could circumvent fault-isolation boundaries.
-• Rendering ownership would become ambiguous.
-This would violate the separation between extension discovery and extension execution.
-For this reason:
-"Extensions may discover registered views, but only the host may render registered views."
-Host-Managed Resolution
-The host uses internal APIs to resolve the active chatbot provider.
-These APIs are not exposed through the public extension surface.
-Conceptually:
-const provider = getViewProvider("superset.chatbot", selectedId);
-The active chatbot is determined through a host-managed resolution policy:
-const chatbot = getActiveChatbot(adminSelectedId, enabledMap);
-This policy considers:
-• Enabled state.
-• Administrative selection.
-• Runtime settings.
-• Registration state.
-
-before rendering any provider.
-As a result, chatbot selection is implemented as a host-side rendering policy rather than a new registration primitive.
-4.5 Chatbot Lifecycle
-Host Responsibilities
-The host is responsible for:
-• Providing the chatbot mount point.
-• Resolving the active chatbot provider.
-• Loading chatbot extensions.
-• Managing chatbot lifecycle integration.
-• Handling activation and deactivation.
-• Maintaining fault isolation boundaries.
-• Preserving chatbot availability across route changes.
-• Providing context APIs defined by this SIP.
-The host also provides fixed positioning and layering behavior to ensure chatbot visibility remains consistent throughout the application.
-Fault Isolation
-Chatbot providers execute within a host-managed boundary.
-Failures originating from a chatbot extension must not affect the rest of the application.
-Examples include:
-• Module Federation loading failures.
-• Runtime exceptions.
-• Provider initialization errors.
-If a chatbot fails to load, the host logs the failure, surfaces an appropriate notification, and continues operating normally.
-The application shell remains functional even when the chatbot provider is unavailable.
-
-4.6 Extension Responsibilities
-The registered chatbot component owns the complete chatbot experience.
-The extension is responsible for:
-User Interface
-• Collapsed bubble UI.
-• Expanded panel UI.
-• Branding.
-• Icons and badges.
-• Layout.
-• Responsiveness.
-Interaction Model
-• Open and close behavior.
-• Keyboard shortcuts.
-• Focus management.
-• Accessibility behavior.
-• Conversation navigation.
-Conversation Runtime
-• Message history.
-• Streaming state.
-• Tool execution.
-• Persistence.
-• Session management.
-Backend Integration
-• LLM communication.
-• MCP integration.
-• Agent orchestration.
-• Tool invocation.
-The host does not manage any chatbot-specific runtime state.
-
-4.7 Registration Example
-Chatbot extensions register a single provider through the existing view registration API.
-import { views, type ExtensionContext } from '@apache-superset/core';
-import { ChatbotApp } from './ChatbotApp';
-
-export function activate(context: ExtensionContext) {
-const disposable = views.registerView(
-{
-id: 'acme.chatbot',
-name: 'Acme Chatbot',
-icon: 'Bubble',
-},
-'superset.chatbot',
-() => <ChatbotApp />,
-);
-context.subscriptions.push(disposable);
-}
-The registration process remains consistent with existing extension contribution patterns.
-The only difference is that the host applies singleton resolution before selecting the provider to render.
-
-4.8 Chatbot Descriptor Metadata
-Chatbot registrations may include an optional icon descriptor.
-{
-id: 'acme.chatbot',
-name: 'Acme Chatbot',
-icon: 'Bubble',
-}
-This metadata is used by:
-• Extension administration interfaces.
-• Chatbot selection interfaces.
-• Extension discovery surfaces.
-Design Decision
-The icon descriptor is treated as static registration metadata.
-Runtime UI state such as:
-• Notification indicators.
-• Unread counts.
-• Loading states.
-• Thinking indicators.
-belongs to the chatbot component itself rather than the registration descriptor.
-This keeps the registry simple while allowing chatbot implementations complete control over their user experience.
-If future requirements emerge for host-visible dynamic icon updates, that capability can be introduced independently without expanding the registration model defined by this SIP. 5. Context and Namespace Model
-5.1 Overview
-Chatbot extensions require access to contextual information about the user's current activity within Superset. This SIP introduces a namespace-based context model that allows extensions to consume stable, host-managed APIs rather than depending on internal frontend implementation details.
-The host exposes context through a set of surface-specific namespaces. Each namespace owns the context for a particular application surface and provides:
-• Synchronous state getters.
-• Event-based change notifications.
-• Stable extension-facing contracts.
-• Context aligned with the current user's authorized application view.
-Extensions consume these namespaces and compose them into higher-level context models tailored to their own use cases.
-5.2 Design Principles
-The namespace model is guided by the following principles.
-Stable Extension Contracts
-Extensions must depend on documented APIs rather than frontend implementation details.
-In particular, extensions must not depend on:
-• Redux slices.
-• Store shape.
-• Selectors.
-• Component-local state.
-• Routing implementation details.
-This allows Superset to evolve its frontend architecture without breaking extension integrations.
-Host-Owned Context Normalization
-The host is responsible for transforming application state into semantic extension-facing contracts.
-Extensions consume normalized context rather than deriving it from raw frontend state.
-Backend-Authorized Context
-Authorization remains a backend responsibility.
-Namespaces expose context that has already been scoped by backend APIs according to the current user's permissions.
-Namespaces do not implement authorization logic themselves and should not be considered security boundaries.
-Event-Driven Updates
-Context changes are propagated through events rather than polling.
-Extensions can subscribe to context updates and react immediately when relevant application state changes.
-5.3 Available Namespaces
-The following namespaces are available to chatbot extensions.
-Namespace
-Status
-Purpose
-sqlLab
-Existing
-SQL Lab context and events
-authentication
-Existing
-Current user and session context
-commands
-Existing
-Host actions and commands
-dashboard
-New
-Dashboard context
-explore
-New
-Explore/chart context
-dataset
-New
-Dataset identity context
-navigation
-New
-Routing and page context
-
-The new namespaces introduced by this SIP follow the same high-level contract pattern established by the existing sqlLab namespace.
-5.4 Namespace API Shape
-Each namespace follows a common structure:
-const current = namespace.getCurrent();
-const disposable = namespace.onDidChange((next) => {
-// react to updates
-});
-The exact contracts differ by surface, but every namespace provides:
-• One or more synchronous getters.
-• Event-based change notifications.
-• Stable semantic contracts.
-This pattern allows extensions to remain synchronized with application state without polling.
-
-5.5 Dashboard Namespace
-The dashboard namespace provides contextual information about the currently active dashboard.
-API
-dashboard.getCurrentDashboard();
-Contract
-interface DashboardContext {
-dashboardId: number;
-title: string;
-filters: FilterValue[];
-charts: ChartSummary[];
-}
-
-interface ChartSummary {
-chartId: number;
-chartName: string;
-vizType: string;
-datasourceId: number | null;
-datasourceName: string | null;
-isVisible: boolean;}
-The context includes:
-• Dashboard identity.
-• Active filter state.
-• Dashboard charts.
-• Per-chart visibility information.
-Returning all charts while exposing visibility allows chatbot implementations to answer both:
-• "Which charts are currently visible?"
-• "Find the chart named Revenue by Region."
-without requiring additional lookups.
-Normalization Requirements
-The namespace must expose semantic dashboard context rather than raw application state.
-For example:
-dashboard.getCurrentDashboard();
-returns a normalized contract rather than Redux slices or internal entities.
-This abstraction layer preserves compatibility as frontend implementation details evolve.
-Page-Type Guarding
-The getter returns undefined when the current page is not a dashboard.
-Conceptually:
-if (navigation.getPageType() !== "dashboard") {
-return undefined;
-}
-This prevents stale dashboard state from leaking across application surfaces.
-5.6 Explore Namespace
-The explore namespace provides context for the currently active Explore session.
-API
-explore.getCurrentChart();
-Contract
-interface ChartContext {
-chartId: number | null;
-chartName: string | null;
-datasourceId: number | null;
-datasourceName: string | null;
-vizType: string;
-}
-
-The namespace exposes:
-• Chart identity. `chartId` and `chartName` are null for a new, unsaved chart that has not yet been persisted.
-• Saved chart metadata (name, datasource, viz type)
-• Current Explore context: `vizType` reflects the type currently selected in the editor, so the value tracks the live session rather than only the last saved state.
-The contract is intentionally focused on chart-specific information relevant to chatbot integrations.
-Reflecting the live editing session — rather than reconstructing chart state from
-the route alone — is the primary reason this SIP exposes frontend context
-directly (see §6.2, Option C).
-
-Page-Type Guarding
-The getter returns undefined when the current page is not an Explore surface.
-Conceptually:
-if (navigation.getPageType() !== "explore") {
-return undefined;
-}
-This ensures the namespace reflects only active Explore context.
-5.7 Dataset Namespace
-The dataset namespace exposes the dataset currently being viewed or edited.
-API
-dataset.getCurrentDataset();
-Contract
-interface DatasetContext {
-datasetId: number;
-datasetName: string;
-schema: string | null;
-catalog: string | null;
-databaseName: string | null;
-isVirtual: boolean;}
-This contract is intentionally identity-focused.
-It answers:
-• Which dataset is currently in focus?
-• Is the dataset virtual or physical?
-• Which database and schema does it belong to?
-It does not expose:
-• Column definitions.
-• Lineage information.
-• Dataset dependencies.
-Those concerns are expected to be resolved by backend services using the dataset identifier.
-Producer-Backed Context
-Unlike dashboard and explore namespaces, dataset pages do not currently expose a shared source of truth suitable for namespace consumption.
-For this reason, dataset context is published by dataset pages through a host-managed producer mechanism.
-Dataset pages publish the active dataset as it loads, and:
-dataset.getCurrentDataset();
-returns the most recently published value.
-Until dataset information has been published, the getter returns:
-undefined;
-This design keeps the public contract stable without requiring the introduction of a dedicated Redux slice.
-
-Example Use Cases
-The dataset namespace enables chatbot workflows such as:
-• Explain this dataset.
-• Summarize this dataset's purpose.
-• Show lineage for this dataset.
-• Which charts depend on this dataset?
-The namespace provides the identity required to perform those lookups while avoiding duplication of backend metadata.
-5.8 Navigation Namespace
-The navigation namespace provides routing-related context.
-API
-navigation.getPageType();
-Events
-navigation.onDidChangePage(...)
-
-Contract
-type PageType =
-| "home"
-| "dashboard"
-| "explore"
-| "sqllab"
-| "dataset"
-| "other";
-The namespace answers a single question:
-"Which application surface is currently active?"
-It intentionally does not expose entity-specific information.
-Entity context remains owned by the corresponding surface namespace.
-Examples:
-dashboard.getCurrentDashboard();
-explore.getCurrentChart();
-dataset.getCurrentDataset();
-This separation preserves clear ownership boundaries and prevents duplication across namespaces.
-
-5.9 Context Composition
-This SIP intentionally does not introduce a host-owned aggregate context object.
-Instead, extensions compose the context they require from individual namespaces.
-For example:
-const pageContext = {
-pageType: navigation.getPageType(),
-dashboard: dashboard.getCurrentDashboard(),
-chart: explore.getCurrentChart(),
-dataset: dataset.getCurrentDataset(),
-sqlLab: sqlLab.getCurrentTab(),
-};
-The extension assembles a higher-level context tailored to its own requirements.
-The host remains responsible for:
-• Context ownership.
-• Context normalization.
-• Authorization alignment.
-The extension remains responsible for:
-• Context composition.
-• Prompt construction.
-• Application-specific interpretation.
-This separation avoids introducing a centralized context abstraction while allowing new surfaces to be added incrementally over time.
-
-5.10 Compatibility and Evolution
-Namespace contracts are part of the public Superset extension API surface.
-Breaking changes require standard compatibility and deprecation processes.
-Extensions should depend only on documented namespace contracts and must not rely on implementation details behind those contracts.
-As new application surfaces become extension-aware, additional namespaces may be introduced without affecting existing integrations.
-This additive model allows the extension ecosystem to evolve while preserving backward compatibility.
-
-6. Design Decisions
-   This section consolidates the key architectural decisions made by this SIP and summarizes the alternatives that were evaluated.
-   The goal is to capture the rationale behind the extension model so that future contributors can understand not only what was selected, but why alternative approaches were rejected.
-   6.1 Decision Summary
-   Decision
-   Topic
-   Selected Approach
-   D1
-   Page Context Model
-   Extension-composed context from host-provided namespaces
-   D2
-   Chatbot Resolution
-   Host-managed singleton resolution
-   D3
-   Descriptor Metadata
-   Static icon metadata
-   D4
-   Administration Scope
-   Deployment-wide administration
-   D5
-   Per-Page Visibility
-   Deferred - open question, see §8
-   D6
-   Generalized Floating Slots
-   Deferred - open question, see §8
-
-6.2 D1 — Page Context Model
-A central design question is how chatbot extensions obtain contextual information about the currently active application surface.
-Three approaches were considered.
-Option A — Host-Owned Aggregate Context
-The host exposes a single API:
-context.getPageContext();
-which returns a fully assembled context object containing dashboard, chart, dataset, navigation, and SQL Lab information.
-Rejected Because
-• The host becomes responsible for understanding every application surface.
-• The aggregate contract grows whenever a new surface is introduced.
-• Changes in any surface can trigger unnecessary recomputation.
-• The host becomes coupled to a single canonical context model.
-• Ownership boundaries become unclear over time.
-Option B — Surface Namespaces Composed by Extensions (Selected)
-The host exposes independent namespaces:
-• dashboard
-• explore
-• dataset
-• navigation
-• sqlLab
-Extensions compose these primitives into their own application-specific context.
-Advantages
-• Clear ownership boundaries.
-• Independent evolution of namespaces.
-• Additive extensibility.
-• Reduced coupling between surfaces.
-• Extensions subscribe only to the context they require.
-Option C — Route-Only Context
-The host exposes only routing information.
-Chatbot providers independently reconstruct context through APIs or backend services.
-Rejected Because
-This approach cannot reliably represent transient frontend state.
-Examples include:
-• Unsaved chart edits.
-• Temporary dashboard filters.
-• Active dashboard tabs.
-• SQL editor state.
-• Draft configuration changes.
-As a result, chatbot context would frequently drift from what the user is actually viewing.
-Decision
-Option B is selected.
-The host owns context normalization while extensions own context composition.
-This preserves separation of concerns, minimizes coupling, and provides a stable foundation for future extension capabilities.
-6.3 D2 — Singleton Chatbot Resolution
-When multiple chatbot extensions are installed, the host must determine which chatbot is rendered.
-This decision shapes both the rendering model and the extension isolation model.
-Option A — Expose Providers Through getViews()
-Allow:
-getViews(location);
-to return both metadata and rendering providers.
-Rejected Because
-Rendering providers are executable logic.
-Exposing providers would allow one extension to:
-• Render another extension.
-• Bypass host lifecycle management.
-• Circumvent fault isolation.
-• Assume ownership of another extension's UI.
-This violates a deliberate separation between extension discovery and extension execution.
-Option B — Host-Managed Provider Resolution (Selected)
-The host exposes only metadata publicly while retaining provider resolution internally.
-Conceptually:
-const provider = getViewProvider("superset.chatbot", selectedId);
-Chatbot selection is handled through a host-managed policy:
-const chatbot = getActiveChatbot(adminSelectedId, enabledMap);
-Advantages
-• Preserves extension isolation.
-• Preserves host ownership of rendering.
-• Supports administrative selection.
-• Supports enablement checks.
-• Supports future policy evolution.
-Option C — Reuse resolveView()
-Use the existing rendering helper:
-resolveView(id);
-to render chatbot providers.
-Rejected Because
-resolveView() assumes the caller already knows which view should be rendered.
-It does not account for:
-• Administrative selection.
-• Enablement state.
-• Settings synchronization.
-• Chatbot-specific resolution policy.
-Decision
-Option B is selected.
-The host owns chatbot selection and rendering.
-The registry remains a discovery mechanism rather than a rendering mechanism.
-Architectural Principle
-A core principle established by this SIP is:
-"Extensions may discover registered views, but only the host may render registered views."
-This preserves extension isolation and prevents cross-extension rendering dependencies.
-6.4 D3 — Descriptor Metadata Ownership
-Chatbot registrations may include metadata used by administrative and discovery interfaces.
-A key question is whether descriptor metadata should be static or runtime-updatable.
-
-Option A — Static Descriptor Metadata (Selected)
-Metadata is defined at registration time and remains unchanged for the lifetime of the registration.
-Example:
-{
-id: 'acme.chatbot',
-name: 'Acme Chatbot',
-icon: 'Bubble',
-}
-Advantages
-• Simpler registry implementation.
-• Clear ownership model.
-• Consistent administration UI.
-• No registry update lifecycle.
-Option B — Runtime-Updatable Metadata
-Extensions can update descriptor metadata after registration.
-Examples:
-• Notification badges.
-• Thinking indicators.
-• Dynamic branding.
-Rejected Because
-These states belong to the chatbot user interface rather than the registration descriptor.
-Supporting dynamic metadata would:
-• Increase registry complexity.
-• Introduce update synchronization concerns.
-• Provide limited benefit for current consumers.
-Decision
-Option A is selected.
-Descriptor metadata remains static.
-Dynamic UI state remains the responsibility of the chatbot component.
-Future requirements for dynamic metadata can be addressed independently if needed.
-6.5 D4 — Administration Scope
-This SIP introduces deployment-wide chatbot administration.
-A key question is whether availability should be deployment-scoped or user-scoped.
-Option A — Deployment-Wide Administration (Selected)
-Administrators manage:
-• Extension availability.
-• Default chatbot selection.
-These settings apply to the entire deployment.
-Advantages
-• Clear administrative ownership.
-• Simple operational model.
-• Consistent with existing extension administration patterns.
-• Avoids introducing multiple configuration layers.
-Option B — User-Scoped Availability
-Availability and chatbot selection become user-specific settings.
-Rejected Because
-Administrative availability and user preference represent different concerns.
-Administrators answer:
-"Which integrations are available in this deployment?"
-Users answer:
-"Which available integrations do I prefer?"
-Combining these concerns into a single model creates unclear ownership and duplicated configuration responsibilities.
-
-Decision
-Option A is selected.
-This SIP introduces only deployment-wide administration.
-Future user preferences should be layered on top using the following model:
-Effective Availability = Deployment Availability AND User Preference
-The recommended persistence mechanism for user-specific preferences is the Extension Storage API.
-This approach aligns with SIP-127 and preserves a clear separation between administrative configuration and user customization.
-
-7. Risks and Future Considerations
-The selected architecture introduces several tradeoffs.
-Namespace Maintenance
-As additional application surfaces become extension-aware, new namespaces may be required.
-This increases the maintenance burden of the extension API surface.
-Contract Evolution
-Namespace contracts are intended to be stable.
-Over time, extensions may require additional context that is not initially exposed.
-Future additions must preserve compatibility and avoid leaking implementation details.
-Context Growth
-Dashboard and chart context may become increasingly rich over time.
-Care must be taken to ensure context APIs remain focused and do not evolve into large aggregate objects.
-Extension Expectations
-Chatbot vendors may request direct access to internal application state for convenience.
-This SIP intentionally rejects that approach in favor of stable semantic contracts.
-Maintaining that boundary may require additional namespace evolution over time. 8. Open Questions
-D5 — Per-Page Visibility
-Should chatbot extensions be able to declare page visibility constraints?
-Two approaches remain possible.
-Extension-Controlled Visibility
-Extensions observe:
-navigation.onDidChangePage(...)
-and decide whether to render themselves.
-Host-Enforced Visibility
-Extensions declare supported page types through manifest metadata and the host enforces visibility.
-Recommendation
-Defer this decision.
-The current architecture already supports extension-controlled visibility without requiring additional platform capabilities.
-
-D6 — Generalized Floating Contribution Areas
-The current proposal introduces a chatbot-specific contribution location:
-superset.chatbot
-A future question is whether this should evolve into a more generic floating-widget framework.
-Examples might include:
-• Chatbots.
-• Guided tours.
-• Notification centers.
-• Productivity assistants.
-Recommendation
-Keep the contribution area chatbot-specific.
-If broader floating-widget requirements emerge, introduce a dedicated abstraction rather than expanding the scope of this SIP.
-
-9. Related Documents
-   Contribution types
-   Client actions
-
-The following proposals are related to this SIP.
-Extension Storage API
-Add storage API for extensions (#39171)
-Introduces namespace-isolated storage for extensions with support for:
-• Local storage.
-• Session storage.
-• Ephemeral server storage.
-• Persistent database-backed storage.
-This proposal is complementary to the administration model defined by this SIP and is the recommended foundation for future user-specific extension preferences.
-
-SIP-127 — User Preferences
-[SIP-127] User Preferences (#28047)
-Establishes the per-user preference model used by Superset core.
-The Extension Storage API serves as the extension-scoped equivalent of this pattern and provides the recommended approach for future user-specific chatbot preferences. 10. Migration Plan
-Base branch enxdev/chat-prototype
-Branch for testing test/chatbot-local
-The following capabilities are required to fully realize this SIP.
-Core Platform Changes
-Implemented
-• superset.chatbot contribution location.
-• Host-side chatbot resolution.
-• Administration UI for chatbot selection.
-• Dashboard namespace.
-• Explore namespace.
-• Navigation namespace.
-• Runtime settings synchronization.
-Pending
-• Dataset namespace implementation.
-• Dashboard chart visibility context.
-• Permission-scoped dashboard context endpoint.
-• Manifest support for application-level contribution scopes.
-• Optional descriptor icon support.
-
-11. Implementation Phases
-    Phase 1 — Chatbot Mount Point
-    • Chatbot contribution location.
-    • Host-side rendering.
-    • Lifecycle management.
-    • Fault isolation.
-    Status: Complete
-    Phase 2 — Administration
-    • Enable/disable support.
-    • Default chatbot selection.
-    • Runtime synchronization.
-    Status: Complete
-    Phase 3 — Context APIs
-    • Dashboard namespace.
-    • Explore namespace.
-    • Navigation namespace.
-    • Dataset namespace.
-    Status: Partially Complete
-    Remaining work:
-    • Dataset namespace.
-    • Dashboard chart visibility context.
-    • Dashboard context endpoint.
-    Phase 4 — Client Actions
-    Client actions and agentic UI interactions remain outside the scope of this SIP and are expected to be addressed through a separate proposal.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,23 +16,9 @@
 specific language governing permissions and limitations
 under the License.
 -->
-# Contributing to Apache Superset
-
 Contributions are welcome and are greatly appreciated! Every
 little bit helps, and credit will always be given.

-## Developer Portal
-
-All developer and contribution documentation has moved to the Apache Superset Developer Portal:
-
-**[📚 View the Developer Portal →](https://superset.apache.org/developer_portal/)**
-
-The Developer Portal includes comprehensive guides for:
- [Contributing Overview](https://superset.apache.org/developer_portal/contributing/overview)
- [Development Setup](https://superset.apache.org/developer_portal/contributing/development-setup)
- [Submitting Pull Requests](https://superset.apache.org/developer_portal/contributing/submitting-pr)
- [Contribution Guidelines](https://superset.apache.org/developer_portal/contributing/guidelines)
- [Code Review Process](https://superset.apache.org/developer_portal/contributing/code-review)
- [Development How-tos](https://superset.apache.org/developer_portal/contributing/howtos)
-
-Source for the Developer Portal documentation is [located here](https://github.com/apache/superset/tree/master/docs/developer_portal).
+All matters related to contributions have moved to [this section of
+the official Superset documentation](https://superset.apache.org/docs/contributing/). Source for the documentation is
+[located here](https://github.com/apache/superset/tree/master/docs/docs).
--- a/377
+++ b/377
@@ -18,53 +18,47 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.14-slim-trixie
+ARG PY_VER=3.10-slim-bookworm

-# If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
+# if BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
+FROM --platform=${BUILDPLATFORM} node:20-bullseye-slim AS superset-node

-# Include translations in the final build
-ARG BUILD_TRANSLATIONS="false"
-
-######################################################################
-# superset-node-ci used as a base for building frontend assets and CI
-######################################################################
-FROM --platform=${BUILDPLATFORM} node:22-trixie-slim AS superset-node-ci
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-ARG DEV_MODE="false"           # Skip frontend build in dev mode
-ENV DEV_MODE=${DEV_MODE}
-
-COPY docker/ /app/docker/
-# Arguments for build configuration
 ARG NPM_BUILD_CMD="build"

-# Install system dependencies required for node-gyp
-RUN /app/docker/apt-install.sh build-essential python3 zstd
+# Include translations in the final build. The default supports en only to
+# reduce complexity and weight for those only using en
+ARG BUILD_TRANSLATIONS="false"
+
+# Used by docker-compose to skip the frontend build,
+# in dev we mount the repo and build the frontend inside docker
+ARG DEV_MODE="false"
+
+# Include headless browsers? Allows for alerts, reports & thumbnails, but bloats the images
+ARG INCLUDE_CHROMIUM="true"
+ARG INCLUDE_FIREFOX="false"
+
+# Somehow we need python3 + build-essential on this side of the house to install node-gyp
+RUN apt-get update -qq \
+    && apt-get install \
+        -yqq --no-install-recommends \
+        build-essential \
+        python3 \
+        zstd

-# Define environment variables for frontend build
 ENV BUILD_CMD=${NPM_BUILD_CMD} \
    PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+# NPM ci first, as to NOT invalidate previous steps except for when package.json changes

-# Run the frontend memory monitoring script
-RUN /app/docker/frontend-mem-nag.sh
+RUN --mount=type=bind,target=/frontend-mem-nag.sh,src=./docker/frontend-mem-nag.sh \
+    /frontend-mem-nag.sh

 WORKDIR /app/superset-frontend
-
-# Create necessary folders to avoid errors in subsequent steps
-RUN mkdir -p /app/superset/static/assets \
-             /app/superset/translations
-
-# Mount package files and install dependencies if not in dev mode
-# NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
-# ideally we'd COPY only their package.json. Here npm ci will be cached as long
-# as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that it's not possible to selectively COPY or mount using blobs.
-RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
-    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
-    --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+# Creating empty folders to avoid errors when running COPY later on
+RUN mkdir -p /app/superset/static/assets
+RUN --mount=type=bind,target=./package.json,src=./superset-frontend/package.json \
+    --mount=type=bind,target=./package-lock.json,src=./superset-frontend/package-lock.json \
+    if [ "$DEV_MODE" = "false" ]; then \
        npm ci; \
    else \
        echo "Skipping 'npm ci' in dev mode"; \
@@ -72,216 +66,161 @@ RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.j

 # Runs the webpack build process
 COPY superset-frontend /app/superset-frontend
-
-######################################################################
-# superset-node is used for compiling frontend assets
-######################################################################
-FROM superset-node-ci AS superset-node
-
-# Build the frontend if not in dev mode
-RUN --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
-        echo "Running 'npm run ${BUILD_CMD}'"; \
-        npm run ${BUILD_CMD}; \
+# This copies the .po files needed for translation
+RUN mkdir -p /app/superset/translations
+COPY superset/translations /app/superset/translations
+RUN if [ "$DEV_MODE" = "false" ]; then \
+        BUILD_TRANSLATIONS=$BUILD_TRANSLATIONS npm run ${BUILD_CMD}; \
    else \
        echo "Skipping 'npm run ${BUILD_CMD}' in dev mode"; \
-    fi;
-
-# Copy translation files
-COPY superset/translations /app/superset/translations
-
-# Build translations if enabled, then cleanup localization files
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
-        npm run build-translation; \
-    fi; \
-    rm -rf /app/superset/translations/*/*/*.[po,mo];
-
-
-######################################################################
-# Base python layer
-######################################################################
-FROM python:${PY_VER} AS python-base
-
-ARG SUPERSET_HOME="/app/superset_home"
-ENV SUPERSET_HOME=${SUPERSET_HOME}
-
-RUN mkdir -p ${SUPERSET_HOME}
-RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 ${SUPERSET_HOME} \
-    && chown -R superset:superset ${SUPERSET_HOME}
-
-# Some bash scripts needed throughout the layers
-COPY --chmod=755 docker/*.sh /app/docker/
-
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
-
-# Using uv as it's faster/simpler than pip
-RUN uv venv /app/.venv
-ENV PATH="/app/.venv/bin:${PATH}"
-
-######################################################################
-# Python translation compiler layer
-######################################################################
-FROM python-base AS python-translation-compiler
-
-ARG BUILD_TRANSLATIONS
-ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
-
-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/translations.txt requirements/
-RUN --mount=type=cache,target=/root/.cache/uv \
-    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt
-
-COPY superset/translations/ /app/translations_mo/
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
-        pybabel compile -d /app/translations_mo | true; \
-    fi; \
-    rm -f /app/translations_mo/*/*/*.[po,json]
-
-######################################################################
-# Python APP common layer
-######################################################################
-FROM python-base AS python-common
-
-ENV SUPERSET_HOME="/app/superset_home" \
-    HOME="/app/superset_home" \
-    SUPERSET_ENV="production" \
-    FLASK_APP="superset.app:create_app()" \
-    PYTHONPATH="/app/pythonpath" \
-    SUPERSET_PORT="8088"
-
-# Copy the entrypoints, make them executable in userspace
-COPY --chmod=755 docker/entrypoints /app/docker/entrypoints
-
-WORKDIR /app
-# Set up necessary directories
-RUN mkdir -p \
-      ${PYTHONPATH} \
-      superset/static \
-      requirements \
-      superset-frontend \
-      apache_superset.egg-info \
-      requirements \
-    && touch superset/static/version_info.json
-
-# Install Playwright and optionally setup headless browsers
-ENV PLAYWRIGHT_BROWSERS_PATH=/usr/local/share/playwright-browsers
-
-ARG INCLUDE_CHROMIUM="false"
-ARG INCLUDE_FIREFOX="false"
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "${INCLUDE_CHROMIUM}" = "true" ] || [ "${INCLUDE_FIREFOX}" = "true" ]; then \
-        uv pip install playwright && \
-        playwright install-deps && \
-        if [ "${INCLUDE_CHROMIUM}" = "true" ]; then playwright install chromium; fi && \
-        if [ "${INCLUDE_FIREFOX}" = "true" ]; then playwright install firefox; fi; \
-    else \
-        echo "Skipping browser installation"; \
    fi

-# Copy required files for Python build
-COPY pyproject.toml setup.py MANIFEST.in README.md ./
-COPY superset-frontend/package.json superset-frontend/
-COPY scripts/check-env.py scripts/

-# keeping for backward compatibility
-COPY --chmod=755 ./docker/entrypoints/run-server.sh /usr/bin/
-
-# Some debian libs
-RUN /app/docker/apt-install.sh \
-      curl \
-      libsasl2-dev \
-      libsasl2-modules-gssapi-mit \
-      libpq-dev \
-      libecpg-dev \
-      libldap2-dev
-
-# Create data directory for DuckDB examples database
-# The database file will be created at runtime when examples are loaded from Parquet files
-RUN mkdir -p /app/data && chown -R superset:superset /app/data
-
-# Copy compiled things from previous stages
-COPY --from=superset-node /app/superset/static/assets superset/static/assets
-# Copy service.worker.js optionall as it doesn't exist when DEV_MODE=true
-COPY --from=superset-node /app/superset/static/service-worker.j[s] superset/static/service-worker.js
-
-# TODO, when the next version comes out, use --exclude superset/translations
-COPY superset superset
-# TODO in the meantime, remove the .po files
-RUN rm superset/translations/*/*/*.po
-
-# Merging translations from backend and frontend stages
-COPY --from=superset-node /app/superset/translations superset/translations
-COPY --from=python-translation-compiler /app/translations_mo superset/translations
-
-HEALTHCHECK CMD /app/docker/docker-healthcheck.sh
-CMD ["/app/docker/entrypoints/run-server.sh"]
-EXPOSE ${SUPERSET_PORT}
+# Compiles .json files from the .po files, then deletes the .po files
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
+        npm run build-translation; \
+    else \
+        echo "Skipping translations as requested by build flag"; \
+    fi
+RUN rm /app/superset/translations/*/LC_MESSAGES/*.po
+RUN rm /app/superset/translations/messages.pot

+FROM python:${PY_VER} AS python-base
 ######################################################################
 # Final lean image...
 ######################################################################
-FROM python-common AS lean
+FROM python-base AS lean

-# Install Python dependencies using docker/pip-install.sh
-COPY requirements/base.txt requirements/
+# Include translations in the final build. The default supports en only to
+# reduce complexity and weight for those only using en
+ARG BUILD_TRANSLATIONS="false"

-# Copy superset-core package needed for editable install in base.txt
-COPY superset-core superset-core
+WORKDIR /app
+ENV LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    SUPERSET_ENV=production \
+    FLASK_APP="superset.app:create_app()" \
+    PYTHONPATH="/app/pythonpath" \
+    SUPERSET_HOME="/app/superset_home" \
+    SUPERSET_PORT=8088

-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
-RUN python -m compileall /app/superset
+RUN mkdir -p ${PYTHONPATH} superset/static requirements superset-frontend apache_superset.egg-info requirements \
+    && useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
+    && apt-get update -qq && apt-get install -yqq --no-install-recommends \
+        curl \
+        libsasl2-dev \
+        libsasl2-modules-gssapi-mit \
+        libpq-dev \
+        libecpg-dev \
+        libldap2-dev \
+    && touch superset/static/version_info.json \
+    && chown -R superset:superset ./* \
+    && rm -rf /var/lib/apt/lists/*

+COPY --chown=superset:superset pyproject.toml setup.py MANIFEST.in README.md ./
+# setup.py uses the version information in package.json
+COPY --chown=superset:superset superset-frontend/package.json superset-frontend/
+COPY --chown=superset:superset requirements/base.txt requirements/
+COPY --chown=superset:superset scripts/check-env.py scripts/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install --no-cache-dir --upgrade setuptools pip \
+    && pip install --no-cache-dir -r requirements/base.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy the compiled frontend assets
+COPY --chown=superset:superset --from=superset-node /app/superset/static/assets superset/static/assets
+
+## Lastly, let's install superset itself
+COPY --chown=superset:superset superset superset
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --no-cache-dir -e .
+
+# Copy the .json translations from the frontend layer
+COPY --chown=superset:superset --from=superset-node /app/superset/translations superset/translations
+
+# Compile translations for the backend - this generates .mo files, then deletes the .po files
+COPY ./scripts/translations/generate_mo_files.sh ./scripts/translations/
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
+        ./scripts/translations/generate_mo_files.sh \
+        && chown -R superset:superset superset/translations \
+        && rm superset/translations/messages.pot \
+        && rm superset/translations/*/LC_MESSAGES/*.po; \
+    else \
+        echo "Skipping translations as requested by build flag"; \
+    fi
+
+COPY --chmod=755 ./docker/run-server.sh /usr/bin/
 USER superset

+HEALTHCHECK CMD curl -f "http://localhost:${SUPERSET_PORT}/health"
+
+EXPOSE ${SUPERSET_PORT}
+
+CMD ["/usr/bin/run-server.sh"]
+
 ######################################################################
 # Dev image...
 ######################################################################
-FROM python-common AS dev
+FROM lean AS dev

-# Debian libs needed for dev
-RUN /app/docker/apt-install.sh \
-    git \
-    pkg-config \
-    default-libmysqlclient-dev
+USER root
+RUN apt-get update -qq \
+    && apt-get install -yqq --no-install-recommends \
+        libnss3 \
+        libdbus-glib-1-2 \
+        libgtk-3-0 \
+        libx11-xcb1 \
+        libasound2 \
+        libxtst6 \
+        git \
+        pkg-config \
+        && rm -rf /var/lib/apt/lists/*

-# Copy development requirements and install them
-COPY requirements/*.txt requirements/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install --no-cache-dir playwright
+RUN playwright install-deps

-# Copy local packages needed for editable installs in development.txt
-COPY superset-core superset-core
-COPY superset-extensions-cli superset-extensions-cli
+RUN if [ "$INCLUDE_CHROMIUM" = "true" ]; then \
+        playwright install chromium; \
+    else \
+        echo "Skipping translations in dev mode"; \
+    fi

-# Install Python dependencies using docker/pip-install.sh
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
-# Install the superset package
-RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    uv pip install -e .
+# Install GeckoDriver WebDriver
+ARG GECKODRIVER_VERSION=v0.34.0 \
+    FIREFOX_VERSION=125.0.3

-RUN uv pip install .[postgres]
-RUN python -m compileall /app/superset
+RUN if [ "$INCLUDE_FIREFOX" = "true" ]; then \
+        apt-get update -qq \
+        && apt-get install -yqq --no-install-recommends wget bzip2 \
+        && wget -q https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz -O - | tar xfz - -C /usr/local/bin \
+        && wget -q https://download-installer.cdn.mozilla.net/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/firefox-${FIREFOX_VERSION}.tar.bz2 -O - | tar xfj - -C /opt \
+        && ln -s /opt/firefox/firefox /usr/local/bin/firefox \
+        && apt-get autoremove -yqq --purge wget bzip2 && rm -rf /var/[log,tmp]/* /tmp/* /var/lib/apt/lists/*; \
+    fi
+
+# Installing mysql client os-level dependencies in dev image only because GPL
+RUN apt-get install -yqq --no-install-recommends \
+        default-libmysqlclient-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --chown=superset:superset requirements/development.txt requirements/
+RUN --mount=type=cache,target=/root/.cache/pip \
+    apt-get update -qq && apt-get install -yqq --no-install-recommends \
+      build-essential \
+    && pip install --no-cache-dir -r requirements/development.txt \
+    && apt-get autoremove -yqq --purge build-essential \
+    && rm -rf /var/lib/apt/lists/*

 USER superset
-
 ######################################################################
 # CI image...
 ######################################################################
 FROM lean AS ci
-USER root
-RUN uv pip install .[postgres,duckdb]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]

-######################################################################
-# Showtime image - lean + DuckDB for examples database
-######################################################################
-FROM lean AS showtime
-USER root
-RUN uv pip install .[duckdb]
-USER superset
-CMD ["/app/docker/entrypoints/docker-ci.sh"]
+COPY --chown=superset:superset --chmod=755 ./docker/*.sh /app/docker/
+
+CMD ["/app/docker/docker-ci.sh"]
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/GPT.md
+++ b/GPT.md
@@ -1 +0,0 @@
-AGENTS.md
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -16,20 +16,8 @@ KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
-# Installing Apache Superset
+# INSTALL / BUILD instructions for Apache Superset

-For comprehensive installation instructions, please see the Apache Superset documentation:
-
-**[📚 Installation Guide →](https://superset.apache.org/docs/installation/installation-methods)**
-
-The documentation covers:
- [Docker Compose](https://superset.apache.org/docs/installation/docker-compose) (recommended for development)
- [Kubernetes / Helm](https://superset.apache.org/docs/installation/kubernetes)
- [PyPI](https://superset.apache.org/docs/installation/pypi)
- [Docker Builds](https://superset.apache.org/docs/installation/docker-builds)
- [Architecture Overview](https://superset.apache.org/docs/installation/architecture)
-
-## Building from Source
-
-For building from a source release tarball, see the Dockerfile at:
-`RELEASING/Dockerfile.from_local_tarball`
+At this time, the docker file at RELEASING/Dockerfile.from_local_tarball
+constitutes the recipe on how to get to a working release from a source
+release tarball.
--- a/32
+++ b/32
@@ -18,7 +18,7 @@
 # Python version installed; we need 3.10-3.11
 PYTHON=`command -v python3.11 || command -v python3.10`

-.PHONY: install superset venv pre-commit up down logs ps nuke ports open
+.PHONY: install superset venv pre-commit

 install: superset pre-commit

@@ -87,11 +87,14 @@ format: py-format js-format
 py-format: pre-commit
 	pre-commit run black --all-files

+py-lint: pre-commit
+	pylint -j 0 superset
+
 js-format:
 	cd superset-frontend; npm run prettier

 flask-app:
-	flask run -p 8088 --reload --debugger
+	flask run -p 8088 --with-threads --reload --debugger

 node-app:
 	cd superset-frontend; npm run dev-server
@@ -112,28 +115,3 @@ report-celery-beat:

 admin-user:
 	superset fab create-admin
-
-# Docker Compose with auto-assigned ports (for running multiple instances)
-up:
-	./scripts/docker-compose-up.sh
-
-up-detached:
-	./scripts/docker-compose-up.sh -d
-
-down:
-	./scripts/docker-compose-up.sh down
-
-logs:
-	./scripts/docker-compose-up.sh logs -f
-
-ps:
-	./scripts/docker-compose-up.sh ps
-
-nuke:
-	./scripts/docker-compose-up.sh nuke
-
-ports:
-	./scripts/docker-compose-up.sh ports
-
-open:
-	./scripts/docker-compose-up.sh open
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Beto Dealmeida	754807b87d	WIP	2024-11-25 16:43:20 -05:00
Beto Dealmeida	782f94fe8d	Another fix	2024-11-24 18:53:14 -05:00
Beto Dealmeida	8e0c00a82e	Move integration tests to unit tests	2024-11-24 18:44:51 -05:00
Beto Dealmeida	c0c8802de9	Small fix	2024-11-24 18:03:20 -05:00
Beto Dealmeida	cd3209a600	chore (SIP-117): remove more sqlparse	2024-11-22 12:04:19 -05:00