You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/08/31 11:56:22 UTC
[superset] branch 3.0 updated (798b493f3a -> 372004d0e6)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a change to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
from 798b493f3a docs: Update UPDATING.md regarding potential breaking change to `ab_user.email` column (#25115)
new e2f89d7aa8 fix(DB Connection): Update placeholder values for Snowflake connection (#25119)
new 46e6d32260 refactor(frontend): make "Search" box the first filter for charts and datasets (#25129)
new 372004d0e6 fix: Bumps Flask Caching to fix RCE vulnerability (#25090)
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CONTRIBUTING.md | 88 +++++++++++-----------
docker/pythonpath_dev/superset_config.py | 2 +-
docs/docs/installation/async-queries-celery.mdx | 4 +-
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 2 +-
helm/superset/templates/_helpers.tpl | 2 +-
requirements/base.txt | 6 +-
setup.cfg | 2 +-
setup.py | 3 +-
.../DatabaseConnectionForm/ValidatedInputField.tsx | 4 +-
.../src/features/databases/DatabaseModal/index.tsx | 7 +-
superset-frontend/src/pages/ChartList/index.tsx | 14 ++--
superset-frontend/src/pages/DatasetList/index.tsx | 14 ++--
superset/config.py | 2 +-
superset/extensions/__init__.py | 2 +-
tests/integration_tests/cachekeys/api_tests.py | 5 ++
tests/integration_tests/core_tests.py | 1 +
17 files changed, 79 insertions(+), 81 deletions(-)
[superset] 03/03: fix: Bumps Flask Caching to fix RCE vulnerability (#25090)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 372004d0e67b044cfe3fed4c2cd197759fa7e8fd
Author: Michael S. Molina <70...@users.noreply.github.com>
AuthorDate: Thu Aug 31 08:44:48 2023 -0300
fix: Bumps Flask Caching to fix RCE vulnerability (#25090)
---
CONTRIBUTING.md | 88 ++++++++++++-------------
docker/pythonpath_dev/superset_config.py | 2 +-
docs/docs/installation/async-queries-celery.mdx | 4 +-
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 2 +-
helm/superset/templates/_helpers.tpl | 2 +-
requirements/base.txt | 6 +-
setup.cfg | 2 +-
setup.py | 3 +-
superset/config.py | 2 +-
superset/extensions/__init__.py | 2 +-
tests/integration_tests/cachekeys/api_tests.py | 5 ++
tests/integration_tests/core_tests.py | 1 +
13 files changed, 62 insertions(+), 59 deletions(-)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 91f224bc03..94573f2a9e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -578,6 +578,7 @@ npm ci
```
Note that Superset uses [Scarf](https://docs.scarf.sh) to capture telemetry/analytics about versions being installed, including the `scarf-js` npm package. As noted elsewhere in this documentation, Scarf gathers aggregated stats for the sake of security/release strategy, and does not capture/retain PII. [You can read here](https://docs.scarf.sh/package-analytics/) about the package, and various means to opt out of it, but one easy way to opt out is to add this setting in `superset-fronte [...]
+
```json
// your-package/package.json
{
@@ -598,10 +599,13 @@ There are three types of assets you can build:
3. `npm run build-instrumented`: instrumented application code for collecting code coverage from Cypress tests
If this type of error comes while building assets(i.e using above commands):
+
```bash
Error: You must provide the URL of lib/mappings.wasm by calling SourceMapConsumer.initialize
```
+
Then put this:
+
```bash
export NODE_OPTIONS=--no-experimental-fetch
```
@@ -925,28 +929,22 @@ For debugging locally using VSCode, you can configure a launch configuration fil
```json
{
- "version": "0.2.0",
- "configurations": [
- {
- "name": "Python: Flask",
- "type": "python",
- "request": "launch",
- "module": "flask",
- "env": {
- "FLASK_APP": "superset",
- "SUPERSET_ENV": "development"
- },
- "args": [
- "run",
- "-p 8088",
- "--with-threads",
- "--reload",
- "--debugger"
- ],
- "jinja": true,
- "justMyCode": true
- }
- ]
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "name": "Python: Flask",
+ "type": "python",
+ "request": "launch",
+ "module": "flask",
+ "env": {
+ "FLASK_APP": "superset",
+ "SUPERSET_ENV": "development"
+ },
+ "args": ["run", "-p 8088", "--with-threads", "--reload", "--debugger"],
+ "jinja": true,
+ "justMyCode": true
+ }
+ ]
}
```
@@ -1031,24 +1029,24 @@ You are now ready to attach a debugger to the process. Using VSCode you can conf
```json
{
- "version": "0.2.0",
- "configurations": [
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "name": "Attach to Superset App in Docker Container",
+ "type": "python",
+ "request": "attach",
+ "connect": {
+ "host": "127.0.0.1",
+ "port": 5678
+ },
+ "pathMappings": [
{
- "name": "Attach to Superset App in Docker Container",
- "type": "python",
- "request": "attach",
- "connect": {
- "host": "127.0.0.1",
- "port": 5678
- },
- "pathMappings": [
- {
- "localRoot": "${workspaceFolder}",
- "remoteRoot": "/app"
- }
- ]
- },
- ]
+ "localRoot": "${workspaceFolder}",
+ "remoteRoot": "/app"
+ }
+ ]
+ }
+ ]
}
```
@@ -1349,7 +1347,7 @@ To do this, you'll need to:
but perfect for testing (stores cache in `/tmp`)
```python
- from cachelib.file import FileSystemCache
+ from flask_caching.backends.filesystemcache import FileSystemCache
RESULTS_BACKEND = FileSystemCache('/tmp/sqllab')
```
@@ -1415,11 +1413,11 @@ Note not all fields are correctly categorized. The fields vary based on visualiz
### Time
-| Field | Type | Notes |
-| ------------------ | -------- | ------------------------------------- |
-| `granularity_sqla` | _string_ | The SQLA **Time Column** widget |
-| `time_grain_sqla` | _string_ | The SQLA **Time Grain** widget |
-| `time_range` | _string_ | The **Time range** widget |
+| Field | Type | Notes |
+| ------------------ | -------- | ------------------------------- |
+| `granularity_sqla` | _string_ | The SQLA **Time Column** widget |
+| `time_grain_sqla` | _string_ | The SQLA **Time Grain** widget |
+| `time_range` | _string_ | The **Time range** widget |
### GROUP BY
diff --git a/docker/pythonpath_dev/superset_config.py b/docker/pythonpath_dev/superset_config.py
index 794f7c910f..005cc600ae 100644
--- a/docker/pythonpath_dev/superset_config.py
+++ b/docker/pythonpath_dev/superset_config.py
@@ -23,8 +23,8 @@
import logging
import os
-from cachelib.file import FileSystemCache
from celery.schedules import crontab
+from flask_caching.backends.filesystemcache import FileSystemCache
logger = logging.getLogger()
diff --git a/docs/docs/installation/async-queries-celery.mdx b/docs/docs/installation/async-queries-celery.mdx
index f6c0dbcc3d..49f1ce72a8 100644
--- a/docs/docs/installation/async-queries-celery.mdx
+++ b/docs/docs/installation/async-queries-celery.mdx
@@ -66,7 +66,7 @@ celery --app=superset.tasks.celery_app:app beat
```
To setup a result backend, you need to pass an instance of a derivative of from
-cachelib.base.BaseCache to the RESULTS_BACKEND configuration key in your superset_config.py. You can
+from flask_caching.backends.base import BaseCache to the RESULTS_BACKEND configuration key in your superset_config.py. You can
use Memcached, Redis, S3 (https://pypi.python.org/pypi/s3werkzeugcache), memory or the file system
(in a single server-type setup or for testing), or to write your own caching interface. Your
`superset_config.py` may look something like:
@@ -79,7 +79,7 @@ S3_CACHE_KEY_PREFIX = 'sql_lab_result'
RESULTS_BACKEND = S3Cache(S3_CACHE_BUCKET, S3_CACHE_KEY_PREFIX)
# On Redis
-from cachelib.redis import RedisCache
+from flask_caching.backends.rediscache import RedisCache
RESULTS_BACKEND = RedisCache(
host='localhost', port=6379, key_prefix='superset_results')
```
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 7582c560c4..8af3ae4acf 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.10.5
+version: 0.10.6
dependencies:
- name: postgresql
version: 12.1.6
diff --git a/helm/superset/README.md b/helm/superset/README.md
index cfc307d5fa..c3a46fbec4 100644
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
# superset
-
+
Apache Superset is a modern, enterprise-ready business intelligence web application
diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl
index f7b23634e1..b450ec3ef0 100644
--- a/helm/superset/templates/_helpers.tpl
+++ b/helm/superset/templates/_helpers.tpl
@@ -63,7 +63,7 @@ Create chart name and version as used by the chart label.
{{- define "superset-config" }}
import os
-from cachelib.redis import RedisCache
+from flask_caching.backends.rediscache import RedisCache
def env(key, default=None):
return os.getenv(key, default)
diff --git a/requirements/base.txt b/requirements/base.txt
index 49425ed5d3..1a971fdab4 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -27,8 +27,8 @@ billiard==3.6.4.0
# via celery
brotli==1.0.9
# via flask-compress
-cachelib==0.4.1
- # via apache-superset
+cachelib==0.6.0
+ # via flask-caching
celery==5.2.2
# via apache-superset
cffi==1.15.1
@@ -92,7 +92,7 @@ flask-appbuilder==4.3.6
# via apache-superset
flask-babel==1.0.0
# via flask-appbuilder
-flask-caching==1.10.1
+flask-caching==1.11.1
# via apache-superset
flask-compress==1.13
# via apache-superset
diff --git a/setup.cfg b/setup.cfg
index bc704c5b6c..fc98b22708 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -30,7 +30,7 @@ combine_as_imports = true
include_trailing_comma = true
line_length = 88
known_first_party = superset
-known_third_party =alembic,apispec,backoff,cachelib,celery,click,colorama,cron_descriptor,croniter,cryptography,dateutil,deprecation,flask,flask_appbuilder,flask_babel,flask_caching,flask_compress,flask_jwt_extended,flask_login,flask_migrate,flask_sqlalchemy,flask_talisman,flask_testing,flask_wtf,freezegun,geohash,geopy,holidays,humanize,isodate,jinja2,jwt,markdown,markupsafe,marshmallow,msgpack,nh3,numpy,pandas,parameterized,parsedatetime,pgsanity,pkg_resources,polyline,prison,progress, [...]
+known_third_party =alembic,apispec,backoff,celery,click,colorama,cron_descriptor,croniter,cryptography,dateutil,deprecation,flask,flask_appbuilder,flask_babel,flask_caching,flask_compress,flask_jwt_extended,flask_login,flask_migrate,flask_sqlalchemy,flask_talisman,flask_testing,flask_wtf,freezegun,geohash,geopy,holidays,humanize,isodate,jinja2,jwt,markdown,markupsafe,marshmallow,msgpack,nh3,numpy,pandas,parameterized,parsedatetime,pgsanity,pkg_resources,polyline,prison,progress,pyarrow,s [...]
multi_line_output = 3
order_by_type = false
diff --git a/setup.py b/setup.py
index b97dfb131a..060ea19732 100644
--- a/setup.py
+++ b/setup.py
@@ -71,7 +71,6 @@ setup(
},
install_requires=[
"backoff>=1.8.0",
- "cachelib>=0.4.1,<0.5",
"celery>=5.2.2, <6.0.0",
"click>=8.0.3",
"click-option-group",
@@ -82,7 +81,7 @@ setup(
"deprecation>=2.1.0, <2.2.0",
"flask>=2.2.5, <3.0.0",
"flask-appbuilder>=4.3.6, <5.0.0",
- "flask-caching>=1.10.1, <2.0",
+ "flask-caching>=1.11.1, <2.0",
"flask-compress>=1.13, <2.0",
"flask-talisman>=1.0.0, <2.0",
"flask-login>=0.6.0, < 1.0",
diff --git a/superset/config.py b/superset/config.py
index a2ce1174a1..98718e731e 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -36,10 +36,10 @@ from email.mime.multipart import MIMEMultipart
from typing import Any, Callable, Literal, TYPE_CHECKING, TypedDict
import pkg_resources
-from cachelib.base import BaseCache
from celery.schedules import crontab
from flask import Blueprint
from flask_appbuilder.security.manager import AUTH_DB
+from flask_caching.backends.base import BaseCache
from pandas import Series
from pandas._libs.parsers import STR_NA_VALUES # pylint: disable=no-name-in-module
from sqlalchemy.orm.query import Query
diff --git a/superset/extensions/__init__.py b/superset/extensions/__init__.py
index c2e84f700f..70d8576a95 100644
--- a/superset/extensions/__init__.py
+++ b/superset/extensions/__init__.py
@@ -19,9 +19,9 @@ import os
from typing import Any, Callable, Optional
import celery
-from cachelib.base import BaseCache
from flask import Flask
from flask_appbuilder import AppBuilder, SQLA
+from flask_caching.backends.base import BaseCache
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_wtf.csrf import CSRFProtect
diff --git a/tests/integration_tests/cachekeys/api_tests.py b/tests/integration_tests/cachekeys/api_tests.py
index c867ce7f51..db2c51d124 100644
--- a/tests/integration_tests/cachekeys/api_tests.py
+++ b/tests/integration_tests/cachekeys/api_tests.py
@@ -27,6 +27,10 @@ from tests.integration_tests.base_tests import (
SupersetTestCase,
post_assert_metric,
)
+from tests.integration_tests.fixtures.birth_names_dashboard import (
+ load_birth_names_dashboard_with_slices,
+ load_birth_names_data,
+)
@pytest.fixture
@@ -95,6 +99,7 @@ def test_invalidate_cache_bad_request(invalidate):
assert rv.status_code == 400
+@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
def test_invalidate_existing_caches(invalidate):
schema = get_example_default_schema() or ""
bn = SupersetTestCase.get_birth_names_dataset()
diff --git a/tests/integration_tests/core_tests.py b/tests/integration_tests/core_tests.py
index 9b22db7013..63805b6c63 100644
--- a/tests/integration_tests/core_tests.py
+++ b/tests/integration_tests/core_tests.py
@@ -442,6 +442,7 @@ class TestCore(SupersetTestCase, InsertChartMixin):
self.get_json_resp(f"/superset/warm_up_cache?slice_id={slc.id}")
ck = db.session.query(CacheKey).order_by(CacheKey.id.desc()).first()
assert ck.datasource_uid == f"{slc.table.id}__table"
+ db.session.delete(ck)
app.config["STORE_CACHE_KEYS_IN_METADATA_DB"] = store_cache_keys
def test_redirect_invalid(self):
[superset] 02/03: refactor(frontend): make "Search" box the first filter for charts and datasets (#25129)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 46e6d3226045dd62d444f4279b2d47a28adf0469
Author: Sam Firke <sf...@users.noreply.github.com>
AuthorDate: Wed Aug 30 17:34:03 2023 -0400
refactor(frontend): make "Search" box the first filter for charts and datasets (#25129)
(cherry picked from commit eeecd59c9d8156f2883ace2a8aa8c833a483fefe)
---
superset-frontend/src/pages/ChartList/index.tsx | 14 +++++++-------
superset-frontend/src/pages/DatasetList/index.tsx | 14 +++++++-------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/superset-frontend/src/pages/ChartList/index.tsx b/superset-frontend/src/pages/ChartList/index.tsx
index e94dc426b1..e47f479811 100644
--- a/superset-frontend/src/pages/ChartList/index.tsx
+++ b/superset-frontend/src/pages/ChartList/index.tsx
@@ -589,6 +589,13 @@ function ChartList(props: ChartListProps) {
const filters: Filters = useMemo(() => {
const filters_list = [
+ {
+ Header: t('Search'),
+ key: 'search',
+ id: 'slice_name',
+ input: 'search',
+ operator: FilterOperator.chartAllText,
+ },
{
Header: t('Owner'),
key: 'owner',
@@ -705,13 +712,6 @@ function ChartList(props: ChartListProps) {
fetchSelects: loadTags,
});
}
- filters_list.push({
- Header: t('Search'),
- key: 'search',
- id: 'slice_name',
- input: 'search',
- operator: FilterOperator.chartAllText,
- });
return filters_list;
}, [addDangerToast, favoritesFilter, props.user]);
diff --git a/superset-frontend/src/pages/DatasetList/index.tsx b/superset-frontend/src/pages/DatasetList/index.tsx
index 0f3fb84ab1..76d96757c0 100644
--- a/superset-frontend/src/pages/DatasetList/index.tsx
+++ b/superset-frontend/src/pages/DatasetList/index.tsx
@@ -521,6 +521,13 @@ const DatasetList: FunctionComponent<DatasetListProps> = ({
const filterTypes: Filters = useMemo(
() => [
+ {
+ Header: t('Search'),
+ key: 'search',
+ id: 'table_name',
+ input: 'search',
+ operator: FilterOperator.contains,
+ },
{
Header: t('Owner'),
key: 'owner',
@@ -598,13 +605,6 @@ const DatasetList: FunctionComponent<DatasetListProps> = ({
{ label: t('No'), value: false },
],
},
- {
- Header: t('Search'),
- key: 'search',
- id: 'table_name',
- input: 'search',
- operator: FilterOperator.contains,
- },
],
[user],
);
[superset] 01/03: fix(DB Connection): Update placeholder values for Snowflake connection (#25119)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit e2f89d7aa87b8b2f7a4d4c71e7234edb1423d518
Author: Vitor Avila <96...@users.noreply.github.com>
AuthorDate: Wed Aug 30 09:16:31 2023 -0300
fix(DB Connection): Update placeholder values for Snowflake connection (#25119)
(cherry picked from commit 46a0a6e08af1b66bb617d5ebe1324b77251aee15)
---
.../DatabaseModal/DatabaseConnectionForm/ValidatedInputField.tsx | 4 ++--
superset-frontend/src/features/databases/DatabaseModal/index.tsx | 7 +------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/ValidatedInputField.tsx b/superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/ValidatedInputField.tsx
index a00b3ba935..ec2e239ac4 100644
--- a/superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/ValidatedInputField.tsx
+++ b/superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/ValidatedInputField.tsx
@@ -24,9 +24,9 @@ import { FieldPropTypes } from '.';
const FIELD_TEXT_MAP = {
account: {
helpText: t(
- 'Copy the account name of that database you are trying to connect to.',
+ 'Copy the identifier of the account you are trying to connect to.',
),
- placeholder: t('e.g. world_population'),
+ placeholder: t('e.g. xy12345.us-east-2.aws'),
},
warehouse: {
placeholder: t('e.g. compute_wh'),
diff --git a/superset-frontend/src/features/databases/DatabaseModal/index.tsx b/superset-frontend/src/features/databases/DatabaseModal/index.tsx
index dd2e405350..13566662c6 100644
--- a/superset-frontend/src/features/databases/DatabaseModal/index.tsx
+++ b/superset-frontend/src/features/databases/DatabaseModal/index.tsx
@@ -666,12 +666,7 @@ const DatabaseModal: FunctionComponent<DatabaseModalProps> = ({
const getPlaceholder = (field: string) => {
if (field === 'database') {
- switch (db?.engine) {
- case Engines.Snowflake:
- return t('e.g. xy12345.us-east-2.aws');
- default:
- return t('e.g. world_population');
- }
+ return t('e.g. world_population');
}
return undefined;
};