Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DO NOT MERGE: test 4.1 release #29693

Draft
wants to merge 1,059 commits into
base: 4.0
Choose a base branch
from
Draft

DO NOT MERGE: test 4.1 release #29693

wants to merge 1,059 commits into from

Conversation

eschutho
Copy link
Member

SUMMARY

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

dpgaspar and others added 30 commits June 27, 2024 10:25
@dpgaspar
ci: remove update repo on issue comment (#29388)
59d1eea
@jansule
docs: fix typo in docker compose doc (#29390)
9c5c124
@rusackas
fix(readme): changing video from mp4 to webm format (#29392)
c70a9d0
@geido
feat: Add Ant Design 5 Theme (#29328)
2a587a7
@geido
chore(Table): Add aria-label to Table page size selector (#29391)
66bc8ce
@dependabot
chore(deps): bump scroll-into-view-if-needed from 2.2.28 to 3.1.0 in …
ed3c66b 
…/superset-frontend (#28816)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@jansule
docs: fix typos (#29400)
f128718
@hainenber @michael-s-molina
refactor(src/explore/comp/controls/metricControl): migrate Enzyme tes…
a3f0d00 
…t to RTL syntax (#29380)

Signed-off-by: hainenber <[email protected]>
Co-authored-by: Michael S. Molina <[email protected]>
@john-bodley
chore(dao/command): Add transaction decorator to try to enforce "unit…
8fb8199 
… of work" (#24969)
@hainenber
chore(frontend): remove obsolete ESLint rules in tests (#29405)
e274925 
Signed-off-by: hainenber <[email protected]>
@ari-jane
docs: update INTHEWILD.md with bluquist (#29399)
5c9352f
@TheShubhendra
docs: Update INTHEWILD.md with Aveti Learning (#29413)
ba405ba
@hexcafe
fix: SQL label missing for non-group-by queries (#29420)
179cf26
@dependabot
chore(deps): bump stream from 0.0.2 to 0.0.3 in /docs (#29431)
42773b9 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 in /docs (#29432)
cfe2940 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump rehype-raw from 6.1.1 to 7.0.0 in /superset-frontend (
5aac1b5 
#29433)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump eslint-import-resolver-typescript from 2.5.0 to…
7727b9d 
… 3.6.1 in /superset-frontend (#29435)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump ts-jest from 29.1.2 to 29.1.5 in /superset-webs…
0cf676b 
…ocket (#29423)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@villebro
chore(key-value): convert command to dao (#29344)
7d6e933
@saghatelian
chore: Added 10Web to the list of organizations that use Apache Super…
0286650 
…set (#29442)
@mistercrunch
chore: move all GHAs to ubuntu-22.04 (#29447)
446a3b2
@dependabot
chore(deps): bump react-markdown from 8.0.3 to 8.0.7 in /superset-fro…
839ca82 
…ntend (#29439)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump @algolia/client-search from 4.23.3 to 4.24.0 in /do…
1e73820 
…cs (#29428)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump webpack from 5.91.0 to 5.92.1 in /docs (#29429)
cf031bb 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump actions/checkout from 2 to 4 (#29434)
7a0ae36 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @rusackas
chore(deps-dev): update @types/lodash requirement from ^4.17.4 to ^4.…
3449b8f 
…17.6 in /superset-frontend/plugins/plugin-chart-handlebars (#29425)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evan Rusackas <[email protected]>
@dependabot
chore(deps): bump deck.gl from 9.0.12 to 9.0.20 in /superset-frontend…
7bb7fc0 
…/plugins/legacy-preset-chart-deckgl (#29426)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@villebro
fix(metastore-cache): import dao in methods (#29451)
7f3c8ef
@sadpandajoe
fix: re-add missing code from PR #28132 (#29446)
fb1f2c4
@betodealmeida
fix: OAuth2 in async DBs (#29461)
d5c0506
@sadpandajoe
Copy link
Member

/testenv up

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 2, 2024

@sadpandajoe Ephemeral environment spinning up at http://54.184.232.53:8080. Credentials are admin/admin. Please allow several minutes for bootstrapping and startup.

sfirke and others added 17 commits November 13, 2024 11:56
@sfirke @sadpandajoe
docs(contributing): fix broken link to translations sub-section (#29768)
5faaaf9 
(cherry picked from commit c22dfa1)
@rusackas @sadpandajoe
docs: Check markdown files for bad links using linkinator (#28424)
f7cfd91 
(cherry picked from commit c3702be)
@hainenber @sadpandajoe
fix(frontend/docker, ci): fix borked Docker build due to Lerna v8 upl…
72df46a 
…ift (#29725)

Signed-off-by: hainenber <[email protected]>
(cherry picked from commit 8891f04)
@rusackas @sadpandajoe
fix: Fixing incomplete string escaping. (#29772)
0d0b430 
(cherry picked from commit 2bce20f)
@rusackas @sadpandajoe
fix(translations): Translate embedded errors (#29782)
66fe0b0 
(cherry picked from commit 0d62bb2)
@rtexelm @sadpandajoe
refactor(controls): Migrate MetricDefinitionValue.test to RTL (#29845)
aaecec2 
(cherry picked from commit 27c08d0)
@rtexelm @sadpandajoe
refactor(controls): Migrate AdhocMetricOption.test to RTL (#29843)
cfd24e3 
(cherry picked from commit 819597f)
@rtexelm @sadpandajoe
refactor(ChartCreation): Migrate tests to RTL (#29674)
9e84e13 
(cherry picked from commit 6bc8567)
@geido @sadpandajoe
refactor(Slider): Upgrade Slider to Antd 5 (#29786)
2787167 
(cherry picked from commit d877d46)
@rusackas @sadpandajoe
fix(capitalization): Capitalizing a button. (#29867)
bc2e51d 
(cherry picked from commit 052b38b)
@michael-s-molina @sadpandajoe
fix: Graph chart colors (#30851)
234f8c9 
(cherry picked from commit 0e165c1)
@sadpandajoe
fix: don't show metadata for embedded dashboards (#30875)
fd4c3dc 
(cherry picked from commit ac3a10d)
@geido @sadpandajoe
fix(TimezoneSelector): Failing unit tests due to timezone change (#30828
7953c89 
)

(cherry picked from commit 5820d31)
@ayush-couchbase @sadpandajoe
fix: Rename database from 'couchbasedb' to 'couchbase' in documentati…
29c76ef 
…on and db_engine_specs (#29911)

(cherry picked from commit f5d614d)
@eschutho @sadpandajoe
chore: add link to Superset when report error (#30576)
af44b14 
(cherry picked from commit 4d5f70c)
@mistercrunch @sadpandajoe
fix(explore): column data type tooltip format (#30588)
bdfd5cd 
(cherry picked from commit 73768f6)
@geido @sadpandajoe
fix(package.json): Pin luxon version to unblock master (#30859)
f704b0f 
(cherry picked from commit de8282c)
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2024
View reviewed changes
superset-frontend/src/features/home/Menu.tsx
<img src={brand.icon} alt={brand.alt} />
</GenericLink>
) : (
<a className="navbar-brand" href={brand.path}>
<a className="navbar-brand" href={brand.path} tabIndex={-1}>

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 6 days ago

To fix the problem, we need to ensure that the brand.path value is properly sanitized before being used in the href attribute. This can be achieved by using a library like DOMPurify to sanitize the URL. This will prevent any malicious content from being executed as part of the URL.

  1. Install the DOMPurify library.
  2. Import DOMPurify in the Menu.tsx file.
  3. Sanitize the brand.path value before using it in the href attribute.
Suggested changeset 2
superset-frontend/src/features/home/Menu.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/superset-frontend/src/features/home/Menu.tsx b/superset-frontend/src/features/home/Menu.tsx
--- a/superset-frontend/src/features/home/Menu.tsx
+++ b/superset-frontend/src/features/home/Menu.tsx
@@ -19,2 +19,3 @@
 import { useState, useEffect } from 'react';
+import DOMPurify from 'dompurify';
 import { styled, css, useTheme, SupersetTheme } from '@superset-ui/core';
@@ -318,3 +319,3 @@
             ) : (
-              <a className="navbar-brand" href={brand.path} tabIndex={-1}>
+              <a className="navbar-brand" href={DOMPurify.sanitize(brand.path)} tabIndex={-1}>
                 <img src={brand.icon} alt={brand.alt} />
EOF
@@ -19,2 +19,3 @@
import { useState, useEffect } from 'react';
import DOMPurify from 'dompurify';
import { styled, css, useTheme, SupersetTheme } from '@superset-ui/core';
@@ -318,3 +319,3 @@
) : (
<a className="navbar-brand" href={brand.path} tabIndex={-1}>
<a className="navbar-brand" href={DOMPurify.sanitize(brand.path)} tabIndex={-1}>
<img src={brand.icon} alt={brand.alt} />
superset-frontend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/superset-frontend/package.json b/superset-frontend/package.json
--- a/superset-frontend/package.json
+++ b/superset-frontend/package.json
@@ -207,3 +207,4 @@
     "use-query-params": "^1.1.9",
-    "yargs": "^17.7.2"
+    "yargs": "^17.7.2",
+    "dompurify": "^3.2.1"
   },
EOF
@@ -207,3 +207,4 @@
"use-query-params": "^1.1.9",
"yargs": "^17.7.2"
"yargs": "^17.7.2",
"dompurify": "^3.2.1"
},
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@villebro villebro Awaiting requested review from villebro villebro is a code owner

@rusackas rusackas Awaiting requested review from rusackas rusackas is a code owner

@michael-s-molina michael-s-molina Awaiting requested review from michael-s-molina michael-s-molina is a code owner

@geido geido Awaiting requested review from geido geido is a code owner

@betodealmeida betodealmeida Awaiting requested review from betodealmeida betodealmeida is a code owner

@nytai nytai Awaiting requested review from nytai nytai is a code owner

@mistercrunch mistercrunch Awaiting requested review from mistercrunch mistercrunch is a code owner

@craig-rueda craig-rueda Awaiting requested review from craig-rueda craig-rueda is a code owner

@john-bodley john-bodley Awaiting requested review from john-bodley john-bodley is a code owner

@kgabryje kgabryje Awaiting requested review from kgabryje kgabryje is a code owner

@dpgaspar dpgaspar Awaiting requested review from dpgaspar dpgaspar is a code owner

@jinghua-qa jinghua-qa Awaiting requested review from jinghua-qa jinghua-qa is a code owner

Assignees
No one assigned
Labels
api Related to the REST API dependencies:npm dependencies:python doc Namespace | Anything related to documentation embedded github_actions Pull requests that update GitHub Actions code i18n:brazilian i18n:chinese Translation related to Chinese language i18n:dutch i18n:french Translation related to French language i18n:italian Translation related to Italian language i18n:japanese Translation related to Japanese language i18n:korean Translation related to Korean language i18n:portuguese i18n:russian Translation related to Russian language i18n:slovak i18n:spanish Translation related to Spanish language i18n:ukrainian i18n Namespace | Anything related to localization packages plugins review:draft risk:db-migration PRs that require a DB migration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.