[SC-72636] chore: reset fork onto upstream 26.05.0-dev (Python 3.13 + Poetry + pnpm)#96
Open
jcesarioatpeach wants to merge 666 commits intomasterfrom
Open
[SC-72636] chore: reset fork onto upstream 26.05.0-dev (Python 3.13 + Poetry + pnpm)#96jcesarioatpeach wants to merge 666 commits intomasterfrom
jcesarioatpeach wants to merge 666 commits intomasterfrom
Conversation
* fix(aws-es): fixed es auth * fixed lock * rq v1.16
…ash#6890) This combines the manual steps needed for installing the Python dependencies into a single Makefile target.
This code was supposed to be temporary, and raises an exception if REDASH_MULTI_ORG=true is set.
* consistent rq status naming and handling * test fix * make scheduled and deferred statuses cancelable
Co-authored-by: Peter Lee <yankeeguyu@gmail.com>
Use Webpack configuration for locating this asset in the same way that client/app/index.html does. This code path is when REDASH_MULTI_ORG=true. Co-authored-by: github-actions <github-actions@github.com>
Restore previous functionality. Ensure .env exists before building server. Co-authored-by: github-actions <github-actions@github.com>
The 'codecov-action@v4' requires an organization-level upload token, not a single repo upload token, so we're temporarily downgrading it until we can generate an organization-level upload token. Reference: codecov/codecov-action#1273
Thanks to substantial efforts by @andyundso, the Docker Hub images for pgautoupgrade are now multi-arch (x86_64 and ARM64). :)
* serialize errors * lint fix * cover successful case
This reverts commit bd115e7, as it turns out to be a useful security feature. In order to remove this in a better way, we'll need to replace it with something that provides equivalent functionality.
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…antd tooltip if they are defined (getredash#6582)" (getredash#6971) This reverts commit c12d450. This commit did not sort tables properly by schema, then name
updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Aggregate y-value for the same x * Fix styling error by prettier
Co-authored-by: Tsuneo Yoshioka <yoshiokatsuneo@gmail.com>
* Update Python version to 3.13 * Limit scope for supressing warning * Update td-client to 1.5.0 to avoid the warning
Signed-off-by: shunki-fujita <shunki-fujita@cybozu.co.jp> Co-authored-by: Tsuneo Yoshioka <yoshiokatsuneo@gmail.com>
* added cleint_tags added the option to pass client tags to trino clusters source * removed redundant checks * removed redundant test and fixed if condition --------- Co-authored-by: Tsuneo Yoshioka <yoshiokatsuneo@gmail.com>
…#7644) Trino ROW (struct) columns were serialized as plain arrays, losing all field name information. This converts NamedRowTuple values to dicts using the field name metadata from the trino library, so ROW fields appear as {"field": value} instead of [value]. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tsuneo Yoshioka <yoshiokatsuneo@gmail.com>
* Update changelog from wiki release notes * Apply suggestions from code review Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --------- Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
…redash#7647) * Make gunicorn bind address configurable via REDASH_GUNICORN_BIND Upstream commit d2a7d87 hardcoded the bind address to [::]:5000 for IPv6 support, but this breaks on nodes where IPv6 is disabled in the kernel. Make the bind address configurable via REDASH_GUNICORN_BIND, defaulting to 0.0.0.0:5000 for IPv4. Users needing IPv6 dual-stack can set REDASH_GUNICORN_BIND="[::]:5000". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Default REDASH_GUNICORN_BIND to [::]:5000 to preserve upstream behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tsuneo Yoshioka <yoshiokatsuneo@gmail.com>
* Snapshot: 24.07.0-dev * Snapshot: 24.08.0-dev * Snapshot: 24.09.0-dev * Snapshot: 24.10.0-dev * Snapshot: 24.11.0-dev * Snapshot: 24.12.0-dev * Snapshot: 25.01.0-dev * Snapshot: 25.02.0-dev * Snapshot: 25.03.0-dev * Snapshot: 25.04.0-dev * Upgrade Node.js version to 24 in Dockerfile and .nvmrc; update package.json engine constraints * Update major dependencies * Switch from yarn to pnpm * Switch from yarn to pnpm: ci * Update Python version to 3.13 in CI workflow * Refactor Netlify build command to remove pnpm installation step * Update ESLint configuration for improved compatibility and disable specific rules * Restyled by prettier * Add typeRoots and types to tsconfig for improved type definitions * Update Dockerfile.cypress to use Node 24 and streamline installation steps * Fixed tests * Restyled by prettier * Update Jest snapshot comments to point to the official documentation URL * viz-lib: refactor test setup and update snapshots for consistency * Add babel-jest as a dev dependency for improved testing support * Add virtual prop to visualization type selector for improved functionality * Remove CJS/ESM compatibility shim for color-rgba * Restyled by prettier * Enable ESLintPlugin conditionally based on production environment * Import d3 library in d3box.ts * Fix pip install command in CI workflow to use python -m * Replace d3 import with global declaration for compatibility with d3 v3 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Restyled.io <commits@restyled.io>
fixed typos & grammar; AppMetrica spelling, articles
* cloudflare d1 support * updated to use sessions instead of request as suggested by @arikfr * Refactor imports and remove dependency check Removed dependency check for requests_session and cleaned up imports. * Remove blank line in column info extraction Removed unnecessary blank line in the column information extraction section. * Add TYPE_DATETIME to query runner imports * fix Import block is un-sorted & Local variable 'e' * ran ruff check for fixing the lint error * fix backend-lint errors --------- Co-authored-by: Arik Fraimovich <arik@arikfr.com>
…72636] Resets peachfinance/redash onto upstream/master (2942547) — 658 upstream commits since fork diverged. All 40 fork commits were either already merged upstream (Datadog destination) or superseded by upstream's new stack (Poetry, pnpm, Python 3.13). Pre-reset rollback tag: pre-upstream-reset-2026-05-04 Fork-specific additions carried forward: - .snyk: ignore list for vulns blocked by third-party constraints - .gitignore: .claude/worktrees/ and .terraform/modules/ exclusions - .circleci/: config rewritten for Python 3.13 + Poetry + pnpm + ruff/black Snyk vuln fixes applied on top of upstream: Python (pyproject.toml): - authlib 0.15.5 → 1.6.9 (1 CRITICAL + 6 HIGH) - pyjwt 2.4.0 → 2.12.0 (1 HIGH: improper sig verification) - gunicorn 22.0.0 → 23.0.0 (1 HIGH: HTTP request smuggling) - sqlparse 0.5.0 → 0.5.4 (1 HIGH: resource exhaustion) - botocore/boto3 1.31.8/1.28.8 → >=1.35.0 (urllib3 2.x compat) - mako pinned >=1.3.11 (1 HIGH: directory traversal, transitive) - pyasn1 pinned >=0.6.3 (2 HIGH: recursion + allocation, transitive) JS (pnpm): - axios 0.27.2→0.31.1 (root), 0.28.0→0.31.1 (viz-lib): 2 CRITICAL + 4 HIGH - lodash ^4.17.10→^4.18.1 (1 HIGH: code injection) - follow-redirects forced >=1.16.0 via pnpm.overrides (1 HIGH) Snyk ignored (blocked by transitive constraints, justified in .snyk): - SNYK-PYTHON-WERKZEUG-6808933: fix needs Flask 3.x (debugger-only, prod-safe) - SNYK-PYTHON-URLLIB3-*: fix needs urllib3 2.x, blocked by advocate==1.0.0 - SNYK-PYTHON-PYOPENSSL-15674459: blocked by snowflake-connector-python==3.12.3 - SNYK-PYTHON-CRYPTOGRAPHY-15263096: blocked by snowflake-connector-python==3.12.3 Result: snyk test --severity-threshold=high → 0 vulnerable paths (3/3 projects) Post-merge action required: run `flask db upgrade` on staging then prod (6 new upstream DB migrations since fork diverged). Take DB backup first. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…usr/local/bin/pnpm)
… reset (history reset PR) # Conflicts: # requirements.txt # requirements_all_ds.txt # viz-lib/yarn.lock # yarn.lock
…updated specifiers
…build for type-check); parameterize docker_build to use DOCKER_REPOSITORY env var
…kg.dev/$GOOGLE_PROJECT_ID/peach-docker); remove DOCKER_CONTENT_TRUST (unsupported on GAR)
…ash; switch .ci/docker_build to GCP Artifact Registry
Author
|
@cursor carefully review, read only, think hard, MAXIMUM EFFORT! |
|
Now I have a complete picture. Let me create a comprehensive review document: Comprehensive Review - PR #96: Reset Fork onto Upstream 26.05.0-devExecutive SummaryThis PR represents a major strategic reset of the ✅ Strengths & Positive Observations1. Fork Reset Execution - EXCELLENT
2. Vulnerability Remediation - COMPREHENSIVEAll claimed vulnerability fixes are correctly applied: Python (pyproject.toml):
JavaScript (pnpm):
3. Fork-Specific Files - PROPERLY PRESERVED
4. Stack Migration - VERIFIED
5. Database Migrations - ACCURATELY DOCUMENTEDThe PR correctly identifies 6 new upstream migrations:
6. GCP Artifact Registry Migration - COMPLETED
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resets
peachfinance/redashonto upstreamgetredash/redashat29425475(26.05.0-dev). The fork's 40 commits were either already merged upstream (Datadog destination) or superseded by upstream's new stack. Only fork-specific files are carried forward.Rollback tag:
pre-upstream-reset-2026-05-04(points to old master, still on origin)Stack Migration
Fork-Specific Files Carried Forward
.snyk— ignore list for vulns blocked by third-party constraints + exclude globs.gitignore—.claude/worktrees/and.terraform/modules/exclusions.circleci/config.yml— rewritten for Python 3.13 + Poetry + pnpm + ruff/blackSnyk Vulnerability Fixes (applied on top of upstream)
Snyk ignored (blocked by third-party constraints, justified in
.snyk):SNYK-PYTHON-WERKZEUG-6808933— fix needs Flask 3.x; debugger-only, prod-safeSNYK-PYTHON-URLLIB3-*(3 vulns) — fix needs urllib3 2.x; blocked byadvocate==1.0.0SNYK-PYTHON-PYOPENSSL-15674459— blocked bysnowflake-connector-python==3.12.3SNYK-PYTHON-CRYPTOGRAPHY-15263096— blocked bysnowflake-connector-python==3.12.3Before / After
snyk test --severity-threshold=high --all-projects→ ok: true, 0 vulnerable paths (3/3 projects)6 new DB migrations were added in upstream since the fork diverged. Must run against staging first, then production with a backup:
Test Plan
snyk test --severity-threshold=high --all-projects→ 0 vulnerable pathspoetry install --no-rootresolves cleanly (Python 3.13)pnpm install --ignore-scriptsresolves cleanlypre-upstream-reset-2026-05-04pushed to origin.circleci/config.ymlrewritten for Python 3.13 + pnpm + Poetry + ruff/blackflask db upgraderun on stagingflask db upgraderun on production (after staging validates)🤖 Generated with Claude Code