Merge upstream master

.asf.yaml

@@ -66,12 +66,12 @@ github:
           - cypress-matrix (3, chrome)
           - docker-build
           - frontend-build
-          - pre-commit (3.8)
-          - python-lint (3.8)
-          - test-mysql (3.8)
-          - test-postgres (3.8)
+          - pre-commit (3.9)
+          - python-lint (3.9)
+          - test-mysql (3.9)
           - test-postgres (3.9)
-          - test-sqlite (3.8)
+          - test-postgres (3.10)
+          - test-sqlite (3.9)
 
       required_pull_request_reviews:
         dismiss_stale_reviews: false

.flaskenv

@@ -15,4 +15,4 @@
 # limitations under the License.
 #
 FLASK_APP="superset.app:create_app()"
-FLASK_ENV="development"
+FLASK_DEBUG=true

.github/CODEOWNERS

@@ -10,10 +10,20 @@
 .github/workflows/docker-ephemeral-env.yml @robdiciuccio @craig-rueda @rusackas @eschutho @dpgaspar @nytai @mistercrunch
 .github/workflows/ephemeral*.yml @robdiciuccio @craig-rueda @rusackas @eschutho @dpgaspar @nytai @mistercrunch
 
-# Notify some committers of changes in the Select component
+# Notify some committers of changes in the components
 
-/superset-frontend/src/components/Select/ @michael-s-molina @geido @ktmud
+/superset-frontend/src/components/Select/ @michael-s-molina @geido @kgabryje
+/superset-frontend/src/components/MetadataBar/ @michael-s-molina @geido @kgabryje
+/superset-frontend/src/components/DropdownContainer/ @michael-s-molina @geido @kgabryje
 
 # Notify Helm Chart maintainers about changes in it
 
 /helm/superset/ @craig-rueda @dpgaspar @villebro
+
+# Notify E2E test maintainers of changes
+
+/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida
+
+# Notify PMC members of changes to Github Actions
+
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,49 @@
+---
+name: Bug report
+about: "Create a report to help us improve Superset's stability! For feature requests please open a discussion [here](https://github.com/apache/superset/discussions/categories/ideas)."
+labels: bug
+---
+
+A clear and concise description of what the bug is.
+
+#### How to reproduce the bug
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+### Expected results
+
+what you expected to happen.
+
+### Actual results
+
+what actually happens.
+
+#### Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+
+### Environment
+
+(please complete the following information):
+
+- browser type and version:
+- superset version: `superset version`
+- python version: `python --version`
+- node.js version: `node -v`
+- any feature flags active:
+
+### Checklist
+
+Make sure to follow these steps before submitting your issue - thank you!
+
+- [ ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
+- [ ] I have reproduced the issue with at least the latest released version of superset.
+- [ ] I have checked the issue tracker for the same issue and I haven't found one similar.
+
+### Additional context
+
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/cosmetic.md

@@ -2,7 +2,6 @@
 name: Cosmetic Issue
 about: Describe a cosmetic issue with CSS, positioning, layout, labeling, or similar
 labels: "cosmetic-issue"
-
 ---
 
 ## Screenshot

.github/ISSUE_TEMPLATE/sip.md

@@ -1,14 +1,15 @@
 ---
 name: SIP
-about: Superset Improvement Proposal
-labels: "#SIP"
-
+about: "Superset Improvement Proposal. See [here](https://github.com/apache/superset/issues/5602) for details."
+labels: sip
+title: "[SIP] Your Title Here (do not add SIP number)"
+asignees: "apache/superset-committers"
 ---
 
 *Please make sure you are familiar with the SIP process documented*
-(here)[https://github.com/apache/superset/issues/5602]. The SIP number should be the next number after the latest SIP listed [here](https://github.com/apache/superset/issues?q=is%3Aissue+label%3Asip).
+(here)[https://github.com/apache/superset/issues/5602]. The SIP will be numbered by a committer upon acceptance.
 
-## [SIP-\<number>] Proposal for <title>
+## [SIP] Proposal for ...<title>
 
 ### Motivation
 

.github/SECURITY.md

@@ -0,0 +1,38 @@
+# Security Policy
+
+This is a project of the [Apache Software Foundation](https://apache.org) and follows the
+ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+## Reporting Vulnerabilities
+
+**⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️**
+
+
+Apache Software Foundation takes a rigorous standpoint in annihilating the security issues
+in its software projects. Apache Superset is highly sensitive and forthcoming to issues
+pertaining to its features and functionality.
+If you have any concern or believe you have found a vulnerability in Apache Superset,
+please get in touch with the Apache Security Team privately at
+e-mail address [[email protected]](mailto:[email protected]).
+
+More details can be found on the ASF website at
+[ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability)
+
+We kindly ask you to include the following information in your report:
+- Apache Superset version that you are using
+- A sanitized copy of your `superset_config.py` file or any config overrides
+- Detailed steps to reproduce the vulnerability
+
+Note that Apache Superset is not responsible for any third-party dependencies that may
+have security issues. Any vulnerabilities found in third-party dependencies should be
+reported to the maintainers of those projects. Results from security scans of Apache
+Superset dependencies found on its official Docker image can be remediated at release time
+by extending the image itself.
+
+**Your responsible disclosure and collaboration are invaluable.**
+
+## Extra Information
+
+ - [Apache Superset documentation](https://superset.apache.org/docs/security)
+ - [Common Vulnerabilities and Exposures by release](https://superset.apache.org/docs/security/cves)
+ - [How Security Vulnerabilities are Reported & Handled in Apache Superset (Blog)](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)

.github/dependabot.yml

@@ -7,6 +7,7 @@ updates:
     labels:
       - npm
       - dependabot
+    versioning-strategy: increase
 
   - package-ecosystem: "pip"
     directory: "/requirements/"
@@ -21,9 +22,29 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 0
+    versioning-strategy: increase
 
   - package-ecosystem: "npm"
     directory: "/docs/"
     schedule:
       interval: "daily"
     open-pull-requests-limit: 0
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-websocket/"
+    schedule:
+      interval: "daily"
+    labels:
+      - npm
+      - dependabot
+    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/superset-websocket/utils/client-ws-app/"
+    schedule:
+      interval: "daily"
+    labels:
+      - npm
+      - dependabot
+    versioning-strategy: increase

.github/workflows/bashlib.sh

@@ -40,7 +40,8 @@ default-setup-command() {
 apt-get-install() {
   say "::group::apt-get install dependencies"
   sudo apt-get update && sudo apt-get install --yes \
-    libsasl2-dev
+    libsasl2-dev \
+    libldap2-dev
   say "::endgroup::"
 }
 
@@ -159,11 +160,11 @@ cypress-run() {
 
   say "::group::Run Cypress for [$page]"
   if [[ -z $CYPRESS_KEY ]]; then
-    $cypress --spec "cypress/integration/$page" --browser "$browser"
+    $cypress --spec "cypress/e2e/$page" --browser "$browser"
   else
     export CYPRESS_RECORD_KEY=$(echo $CYPRESS_KEY | base64 --decode)
     # additional flags for Cypress dashboard recording
-    $cypress --spec "cypress/integration/$page" --browser "$browser" \
+    $cypress --spec "cypress/e2e/$page" --browser "$browser" \
       --record --group "$group" --tag "${GITHUB_REPOSITORY},${GITHUB_EVENT_NAME}" \
       --parallel --ci-build-id "${GITHUB_SHA:0:8}-${NONCE}"
   fi
@@ -183,7 +184,7 @@ cypress-run-all() {
   nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
   local flaskProcessId=$!
 
-  cypress-run "*/**/!(*.applitools.test.ts)"
+  cypress-run "*/**/*"
 
   # After job is done, print out Flask log for debugging
   say "::group::Flask log for default run"
@@ -198,7 +199,7 @@ cypress-run-all() {
   nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
   local flaskProcessId=$!
 
-  cypress-run "sqllab/!(*.applitools.test.ts)" "Backend persist"
+  cypress-run "sqllab/*" "Backend persist"
 
   # Upload code coverage separately so each page can have separate flags
   # -c will clean existing coverage reports, -F means add flags
@@ -220,14 +221,19 @@ eyes-storybook-dependencies() {
 }
 
 cypress-run-applitools() {
+  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"
+
   local flasklog="${HOME}/flask.log"
   local port=8081
+  local cypress="./node_modules/.bin/cypress run"
+  local browser=${CYPRESS_BROWSER:-chrome}
+
   export CYPRESS_BASE_URL="http://localhost:${port}"
 
   nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
   local flaskProcessId=$!
 
-  cypress-run "*/**/*.applitools.test.ts"
+  $cypress --spec "cypress/e2e/*/**/*.applitools.test.ts" --browser "$browser" --headless --config ignoreTestFiles="[]"
 
   codecov -c -F "cypress" || true
 

.github/workflows/cancel_duplicates.yml

@@ -10,11 +10,14 @@ jobs:
   cancel-duplicate-runs:
     name: Cancel duplicate workflow runs
     runs-on: ubuntu-20.04
+    permissions:
+      actions: write
+      contents: read
     steps:
       - name: Check number of queued tasks
         id: check_queued
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
           GITHUB_REPO: ${{ github.repository }}
         run: |
           get_count() {
@@ -28,12 +31,12 @@ jobs:
 
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
         if: steps.check_queued.outputs.count >= 20
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Cancel duplicate workflow runs
         if: steps.check_queued.outputs.count >= 20
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
           GITHUB_REPOSITORY: ${{ github.repository }}
         run: |
           pip install click requests typing_extensions python-dateutil

.github/workflows/check_db_migration_confict.yml

@@ -8,13 +8,16 @@ jobs:
   check_db_migration_conflict:
     name: Check DB migration conflict
     runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Check and notify
         uses: actions/github-script@v3
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
           script: |
             // API reference: https://octokit.github.io/rest.js
             const currentBranch = context.ref.replace('refs/heads/', '');