chore: bump celery and Flask

[dpgaspar]

SUMMARY

This PR bumps major versions on the following main packages:

Celery from 4.X to 5.X:

Breaking changes: https://docs.celeryq.dev/en/stable/history/whatsnew-5.0.html#step-5-upgrade-to-celery-5-0

Relevant CLI breaking changes, and a final "warning" to migrate configuration keys to the new standard introduced on celery 4:

https://docs.celeryq.dev/en/stable/userguide/configuration.html#conf-old-settings-map

Note: Celery is at 5.2.2 and not 5.2.3 because of celery/celery#7194 this can cause problems on newer OSes forcing setup's to pin down setuptools

Flask-AppBuilder 3.X to 4.X

• Drops python 3.6 support
• Removed config key AUTH_STRICT_RESPONSE_CODES, it's always strict now
• Removes Flask-OpenID dependency (extra dependency now)
• Major version bump on the packages bellow

Flask from 1.X to 2.X

Breaking changes: https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0

Relevant:

• JSON support no longer uses simplejson. To use another JSON module, override app.json_encoder and json_decoder. #3555

• send_file() raises a ValueError when passed an io object in text mode. Previously, it would respond with 200 OK and an empty file. #3358

No relevant changes for our users, unless using a customised/extended Superset.

flask-jwt-extended 3.X to 4.X:

Breaking changes: https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/

No relevant changes for our users, unless using a customised Security Manager that uses this extension JWT claims or using JWT_CSRF_HEADER_NAME configuration key.

pyJWT 1.X to 2.X:

Breaking changes: https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0

No relevant changes for our users, unless using a customised/extended Superset.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[dpgaspar]

https://flask.palletsprojects.com/en/2.0.x/api/#flask.send_file
attachment_filename is deprecated

[john-bodley]

Per the changelog the only breaking change which may impact us is pallets/flask#3555.

[codecov]

Codecov Report

Merging #19168 (add9a2b) into master (a08f83b) will increase coverage by 0.03%.
The diff coverage is 88.88%.

@@            Coverage Diff             @@
##           master   #19168      +/-   ##
==========================================
+ Coverage   66.64%   66.67%   +0.03%     
==========================================
  Files        1674     1675       +1     
  Lines       64614    64612       -2     
  Branches     6502     6501       -1     
==========================================
+ Hits        43061    43080      +19     
+ Misses      19868    19848      -20     
+ Partials     1685     1684       -1     

Flag	Coverage Δ
hive	52.70% <55.55%> (+0.03%)	⬆️
mysql	81.65% <88.88%> (-0.01%)	⬇️
postgres	81.70% <88.88%> (-0.01%)	⬇️
presto	52.55% <55.55%> (+0.03%)	⬆️
python	82.11% <88.88%> (-0.01%)	⬇️
sqlite	81.47% <88.88%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/cli/importexport.py	80.00% <50.00%> (ø)
superset/config.py	91.69% <100.00%> (-0.03%)	⬇️
superset/tasks/async_queries.py	91.02% <100.00%> (ø)
superset/utils/async_query_manager.py	81.18% <100.00%> (-1.06%)	⬇️
superset/views/core.py	75.87% <100.00%> (ø)
...et-frontend/src/dashboard/actions/dashboardInfo.ts	52.17% <0.00%> (-9.37%)	⬇️
superset-frontend/src/components/Select/utils.ts	52.94% <0.00%> (-4.96%)	⬇️
...erset-frontend/src/SqlLab/components/App/index.jsx	52.38% <0.00%> (-3.18%)	⬇️
...perset-frontend/src/dashboard/containers/Chart.jsx	72.72% <0.00%> (-2.28%)	⬇️
...src/BigNumber/BigNumberWithTrendline/buildQuery.ts	9.09% <0.00%> (-2.03%)	⬇️
... and 115 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a08f83b...add9a2b. Read the comment docs.

[craig-rueda]

Should we be merging this into a 2.0 branch or something? This is gonna break a lot of folks :)

[craig-rueda]

LGTM

[villebro]

A minor leftover from a merge conflict, other than that LGTM and looking forward to getting this in!

[villebro]

LGTM

[garyng]

Hi! I noticed flask_openid was removed in https://github.com/apache/superset/pull/19168/files#diff-0940fec0afe21798f617cc4522db676f15769ae28a72992b8d19216ef7b1c3b5R100-R101, but it is still being use in https://github.com/dpgaspar/Flask-AppBuilder/blob/release/4.0.0/flask_appbuilder/security/manager.py#L259.
Is the removal intentional?

[dpgaspar]

@garyng yes it's intentional, that dependency is optional on FAB 4.0.0: https://flask-appbuilder.readthedocs.io/en/latest/breaking.html#version-4-0-0

[garyng]

@dpgaspar okay, thanks!