Skip to content

Commit a5a46d8

Browse files
committed
Merge remote-tracking branch 'origin/master' into HEAD
2 parents 8ed6894 + 3c23394 commit a5a46d8

142 files changed

Lines changed: 20954 additions & 6234 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/dependabot.yml

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ updates:
1010

1111
- package-ecosystem: "npm"
1212
ignore:
13-
- dependency-name: "@rjsf/*"
1413
# TODO: remove below entries once the application supports React >= 19.0.0
1514
- dependency-name: "react"
1615
update-types: ["version-update:semver-major"]
@@ -49,6 +48,28 @@ updates:
4948
labels:
5049
- npm
5150
- dependabot
51+
groups:
52+
rjsf:
53+
patterns:
54+
- "@rjsf/*"
55+
typescript-eslint:
56+
patterns:
57+
- "@typescript-eslint/*"
58+
- "typescript-eslint"
59+
babel:
60+
patterns:
61+
- "@babel/*"
62+
deckgl:
63+
patterns:
64+
- "@deck.gl/*"
65+
lumagl:
66+
patterns:
67+
- "@luma.gl/*"
68+
storybook:
69+
patterns:
70+
- "@storybook/*"
71+
- "storybook"
72+
- "eslint-plugin-storybook"
5273
open-pull-requests-limit: 30
5374
versioning-strategy: increase
5475
cooldown:
@@ -83,6 +104,22 @@ updates:
83104
directory: "/docs/"
84105
schedule:
85106
interval: "daily"
107+
groups:
108+
storybook:
109+
patterns:
110+
- "@storybook/*"
111+
- "storybook"
112+
docusaurus:
113+
patterns:
114+
- "@docusaurus/*"
115+
docusaurus-openapi:
116+
patterns:
117+
- "docusaurus-plugin-openapi-docs"
118+
- "docusaurus-theme-openapi-docs"
119+
typescript-eslint:
120+
patterns:
121+
- "@typescript-eslint/*"
122+
- "typescript-eslint"
86123
open-pull-requests-limit: 10
87124
versioning-strategy: increase
88125
cooldown:

.github/workflows/pr-lint.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,16 @@ on:
88
# Possible values: https://help.github.com/en/actions/reference/events-that-trigger-workflows#pull-request-event-pull_request
99
types: [opened, edited, reopened, synchronize]
1010

11-
# cancel previous workflow jobs for PRs
11+
# Serialize runs per PR without cancelling: the `edited` trigger means a PR
12+
# opened and then edited has two queued runs for the same head SHA. On
13+
# first-time-contributor PRs those runs start together when a maintainer
14+
# approves workflows, and cancel-in-progress lets the older run cancel the
15+
# newer one — leaving a permanently-cancelled required check on the head SHA
16+
# that blocks merging until manually re-run. This job takes seconds, so let
17+
# queued runs complete instead.
1218
concurrency:
1319
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
14-
cancel-in-progress: true
20+
cancel-in-progress: false
1521

1622
jobs:
1723
lint-check:

.github/workflows/superset-helm-lint.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,20 @@ name: "Helm: lint and test charts"
22

33
on:
44
pull_request:
5-
types: [opened, edited, reopened, synchronize]
5+
types: [opened, reopened, synchronize]
66
paths:
77
- "helm/**"
88

99
permissions:
1010
contents: read
1111

12-
# cancel previous workflow jobs for PRs
12+
# Serialize runs per PR without cancelling: when a first-time contributor's
13+
# queued runs are approved together, cancel-in-progress lets an older run
14+
# cancel a newer one, leaving a permanently-cancelled required check on the
15+
# head SHA. Queued runs are cheap here, so let them all complete.
1316
concurrency:
1417
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
15-
cancel-in-progress: true
18+
cancel-in-progress: false
1619

1720
jobs:
1821
lint-test:

.pre-commit-config.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,10 @@ repos:
3131
types-simplejson,
3232
types-python-dateutil,
3333
types-requests,
34-
# types-redis 4.6.0.5 is failing mypy
35-
# because of https://github.com/python/typeshed/pull/10531
36-
types-redis==4.6.0.4,
34+
# types-redis is intentionally absent: redis-py ships its own
35+
# bundled types (py.typed, since 4.6+/5.x), while the stub
36+
# package is unmaintained (frozen at the 4.6.0.x API surface).
37+
# Installing the stub would shadow the accurate inline types.
3738
types-pytz,
3839
types-croniter,
3940
types-PyYAML,

UPDATING.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ in a later major version.
112112

113113
- [41044](https://github.com/apache/superset/issues/41044): Removes the deprecated `AVOID_COLORS_COLLISION` feature flag (it defaulted to `True`). Color-collision avoidance is now permanently enabled; any config override setting it to `False` is ignored.
114114

115+
- [41813](https://github.com/apache/superset/pull/41813): `redis` (the Python client, `redis-py`) is bumped from 5.3.1 to 8.0.1. redis-py 8 changes several connection defaults; Superset's own Redis-backed features (`GLOBAL_ASYNC_QUERIES_CACHE_BACKEND`, `DISTRIBUTED_COORDINATION_CONFIG`, and the MCP Redis store) explicitly pin the pre-upgrade behavior so this bump is a no-op for them: the wire protocol stays RESP2 (not the new RESP3 default, which requires Redis/Sentinel 6+ to speak `HELLO`) and there is still no socket timeout by default (redis-py 8 defaults to 5s, which could otherwise newly time out large cached payloads or slow networks). The no-timeout default can now be overridden via two new config keys, `CACHE_REDIS_SOCKET_TIMEOUT` / `CACHE_REDIS_SOCKET_CONNECT_TIMEOUT`, on any `CacheConfig` dict using `CACHE_TYPE: RedisCache` or `RedisSentinelCache`. Separately, redis-py 6+ changed the default for `ssl_check_hostname` from `False` to `True` for SSL connections using `ssl_cert_reqs="required"` (the default) — this is a security improvement, so it has **not** been reverted; deployments with `CACHE_REDIS_SSL=True` whose certificates lack a hostname matching the connection address should set `CACHE_REDIS_SSL_CERT_REQS="none"` (disables cert verification entirely, matching hostname-check bypass) or replace the certificate. General-purpose cache/results backends configured via `CACHE_CONFIG` / `DATA_CACHE_CONFIG` / `RESULTS_BACKEND` with `CACHE_TYPE: RedisCache` go through `flask-caching`'s own Redis backend (outside Superset's code) and are subject to the same new defaults; pass `socket_timeout` / `protocol` via `CACHE_OPTIONS` there if needed. Celery broker and result-backend connections (built by `kombu`, also outside Superset's code) keep their no-socket-timeout behavior (`kombu` passes `socket_timeout=None` explicitly) but do **not** pin the wire protocol, so they follow redis-py's RESP3 default — which requires a Redis server new enough to speak `HELLO` (Redis 6+). Deployments using a pre-6.0 Redis server (EOL) as a Celery broker should upgrade the server before taking this bump.
116+
115117
- [39925](https://github.com/apache/superset/pull/39925): URL prefixing for `SUPERSET_APP_ROOT` subdirectory deployments is now handled automatically by helpers in `src/utils/navigationUtils` (`openInNewTab`, `redirect`, `getShareableUrl`, `<AppLink>`). Direct imports of `ensureAppRoot` / `makeUrl` from `src/utils/pathUtils` are forbidden outside `navigationUtils.ts` (enforced by a static-invariant test); contributors writing new code should use the focused helpers instead. No runtime behaviour change for existing callers — all 19 prior call sites have been migrated and four pre-existing double-prefix and missing-prefix bugs are fixed as part of the migration.
116118

117119
- [39925](https://github.com/apache/superset/pull/39925): `SupersetClient.getUrl()` now strips a single leading application-root segment from the supplied `endpoint` before building the request URL, so a caller that accidentally pre-prefixes its endpoint (for example by wrapping it with `ensureAppRoot` before passing it to the client) no longer produces a doubled `/superset/superset/...` URL under subdirectory deployment. The strip is **single-pass** — a genuine `/superset/superset/<slug>` route is preserved, not collapsed — and **silent** (no console warning); the static-invariant test remains the primary signal for pre-prefixing at the call site, and this runtime strip is a safety net beneath it. Code that intentionally targeted a literal `/<app_root>/<app_root>/...` endpoint through `getUrl` (a configuration that has no legitimate use under the prefixing model) would have its first redundant segment removed.
@@ -192,6 +194,10 @@ helm upgrade <release-name> superset/superset
192194

193195
Alternatively, perform a fresh install. This is a one-time migration; subsequent upgrades are unaffected.
194196

197+
### Time-series tooltips follow the selected time grain
198+
199+
Tooltips on the Time-series and Mixed Time-series ECharts plugins now respect the chart's time grain (and any dashboard-level time-grain override delivered via `extra_form_data`) when the tooltip time format is left on Adaptive formatting (the default). Tooltips read grain-appropriate labels such as `Jan 2021` (month), `2021 Q1` (quarter), `2021` (year), and weekly date ranges, becoming grain-aware like the x-axis, though the two are formatted independently and their labels may not always match exactly. Only a custom, explicitly-set tooltip time format (a d3 format string) is unaffected — that always wins over the grain.
200+
195201
### Pivot table First/Last aggregations follow data order
196202

197203
The pivot table chart's `First` and `Last` aggregations now return the first and last value in data (query result) order, instead of effectively returning the minimum and maximum. Existing pivot tables that use these aggregations for totals/subtotals may show different values after upgrading. For deterministic results, ensure the underlying query has a stable sort order.
@@ -731,6 +737,7 @@ See `superset/mcp_service/PRODUCTION.md` for deployment guides.
731737

732738
---
733739

740+
- [38358](https://github.com/apache/superset/pull/38358): Switched CrateDB PyPI package from `crate[sqlalchemy]` to `sqlalchemy-cratedb`.
734741
- [35621](https://github.com/apache/superset/pull/35621): The default hash algorithm has changed from MD5 to SHA-256 for improved security and FedRAMP compliance. This affects cache keys for thumbnails, dashboard digests, chart digests, and filter option names. Existing cached data will be invalidated upon upgrade. To opt out of this change and maintain backward compatibility, set `HASH_ALGORITHM = "md5"` in your `superset_config.py`.
735742
- [35062](https://github.com/apache/superset/pull/35062): Changed the function signature of `setupExtensions` to `setupCodeOverrides` with options as arguments.
736743

docs/admin_docs/configuration/alerts-reports.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -361,7 +361,7 @@ This is the best source of information about the problem. In a docker compose d
361361

362362
### Check web browser and webdriver installation
363363

364-
To take a screenshot, the worker visits the dashboard or chart using a headless browser, then takes a screenshot. If you are able to send a chart as CSV or text but can't send as PNG, your problem may lie with the browser.
364+
To take a screenshot, the worker visits the dashboard or chart using a headless browser, then takes a screenshot. If you are able to send a chart as CSV, XLSX, or text but can't send as PNG, your problem may lie with the browser.
365365

366366
If you are handling the installation of the headless browser on your own, do your own verification to ensure that the headless browser opens successfully in the worker environment.
367367

docs/package.json

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@
4444
},
4545
"dependencies": {
4646
"@ant-design/icons": "^6.2.5",
47-
"@docusaurus/core": "^3.10.1",
48-
"@docusaurus/faster": "^3.10.1",
49-
"@docusaurus/plugin-client-redirects": "^3.10.1",
50-
"@docusaurus/preset-classic": "3.10.1",
51-
"@docusaurus/theme-live-codeblock": "^3.10.1",
52-
"@docusaurus/theme-mermaid": "^3.10.1",
47+
"@docusaurus/core": "^3.10.2",
48+
"@docusaurus/faster": "^3.10.2",
49+
"@docusaurus/plugin-client-redirects": "^3.10.2",
50+
"@docusaurus/preset-classic": "3.10.2",
51+
"@docusaurus/theme-live-codeblock": "^3.10.2",
52+
"@docusaurus/theme-mermaid": "^3.10.2",
5353
"@emotion/core": "^11.0.0",
5454
"@emotion/react": "^11.13.3",
5555
"@emotion/styled": "^11.14.1",
@@ -58,14 +58,14 @@
5858
"@fontsource/inter": "^5.2.8",
5959
"@mdx-js/react": "^3.1.1",
6060
"@saucelabs/theme-github-codeblock": "^0.3.0",
61-
"@storybook/addon-docs": "^10.4.5",
61+
"@storybook/addon-docs": "^10.5.0",
6262
"@superset-ui/core": "^0.20.4",
6363
"@swc/core": "^1.15.43",
6464
"antd": "^6.5.0",
6565
"baseline-browser-mapping": "^2.10.40",
6666
"caniuse-lite": "^1.0.30001803",
67-
"docusaurus-plugin-openapi-docs": "^5.1.1",
68-
"docusaurus-theme-openapi-docs": "^5.1.1",
67+
"docusaurus-plugin-openapi-docs": "^5.1.2",
68+
"docusaurus-theme-openapi-docs": "^5.1.2",
6969
"js-yaml": "^5.2.0",
7070
"json-bigint": "^1.0.0",
7171
"prism-react-renderer": "^2.4.1",
@@ -77,20 +77,20 @@
7777
"react-table": "^7.8.0",
7878
"remark-import-partial": "^0.0.2",
7979
"reselect": "^5.2.0",
80-
"storybook": "^10.4.5",
80+
"storybook": "^10.5.0",
8181
"swagger-ui-react": "^5.32.8",
8282
"swc-loader": "^0.2.7",
8383
"tinycolor2": "^1.4.2",
8484
"unist-util-visit": "^5.1.0"
8585
},
8686
"devDependencies": {
87-
"@docusaurus/module-type-aliases": "^3.10.1",
88-
"@docusaurus/tsconfig": "^3.10.1",
87+
"@docusaurus/module-type-aliases": "^3.10.2",
88+
"@docusaurus/tsconfig": "^3.10.2",
8989
"@eslint/js": "^9.39.2",
9090
"@types/js-yaml": "^4.0.9",
9191
"@types/react": "^19.1.8",
92-
"@typescript-eslint/eslint-plugin": "^8.59.3",
93-
"@typescript-eslint/parser": "^8.63.0",
92+
"@typescript-eslint/eslint-plugin": "^8.64.0",
93+
"@typescript-eslint/parser": "^8.64.0",
9494
"eslint": "^9.39.2",
9595
"eslint-config-prettier": "^10.1.8",
9696
"eslint-plugin-prettier": "^5.5.6",
@@ -124,8 +124,6 @@
124124
"serialize-javascript": "7.0.5",
125125
"d3-color": "3.1.0",
126126
"ws": "^8.21.0",
127-
"@docusaurus/core/@docusaurus/utils/gray-matter/js-yaml": "^3.15.0",
128-
"@docusaurus/core/**/js-yaml": "^4.3.0",
129127
"docusaurus-plugin-openapi-docs/**/js-yaml": "^4.3.0"
130128
},
131129
"packageManager": "yarn@1.22.22+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610"

docs/src/data/databases.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3672,7 +3672,7 @@
36723672
"drivers": [
36733673
{
36743674
"name": "crate",
3675-
"pypi_package": "crate[sqlalchemy]",
3675+
"pypi_package": "sqlalchemy-cratedb",
36763676
"connection_string": "crate://{host}:{port}",
36773677
"is_recommended": true
36783678
}

docs/user_docs_versioned_docs/version-6.0.0/configuration/alerts-reports.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -291,7 +291,7 @@ This is the best source of information about the problem. In a docker compose d
291291

292292
### Check web browser and webdriver installation
293293

294-
To take a screenshot, the worker visits the dashboard or chart using a headless browser, then takes a screenshot. If you are able to send a chart as CSV or text but can't send as PNG, your problem may lie with the browser.
294+
To take a screenshot, the worker visits the dashboard or chart using a headless browser, then takes a screenshot. If you are able to send a chart as CSV, XLSX, or text but can't send as PNG, your problem may lie with the browser.
295295

296296
Superset docker images that have a tag ending with `-dev` have the Firefox headless browser and geckodriver already installed. You can test that these are installed and in the proper path by entering your Superset worker and running `firefox --headless` and then `geckodriver`. Both commands should start those applications.
297297

0 commit comments

Comments
 (0)