chore: bump werkzeug and Flask

requirements/base.txt

@@ -35,7 +35,7 @@ cffi==1.15.1
     # via
     #   cryptography
     #   pynacl
-click==8.0.4
+click==8.1.3
     # via
     #   apache-superset
     #   celery
@@ -75,7 +75,7 @@ dnspython==2.1.0
     # via email-validator
 email-validator==1.1.3
     # via flask-appbuilder
-flask==2.1.3
+flask==2.2.5
     # via
     #   apache-superset
     #   flask-appbuilder
@@ -144,11 +144,11 @@ importlib-resources==5.12.0
     # via limits
 isodate==0.6.0
     # via apache-superset
-itsdangerous==2.1.1
+itsdangerous==2.1.2
     # via
     #   flask
     #   flask-wtf
-jinja2==3.0.3
+jinja2==3.1.2
     # via
     #   flask
     #   flask-babel
@@ -170,6 +170,7 @@ markupsafe==2.1.1
     # via
     #   jinja2
     #   mako
+    #   werkzeug
     #   wtforms
 marshmallow==3.13.0
     # via
@@ -306,7 +307,7 @@ vine==5.0.0
     #   kombu
 wcwidth==0.2.5
     # via prompt-toolkit
-werkzeug==2.1.2
+werkzeug==2.3.3
     # via
     #   flask
     #   flask-jwt-extended

requirements/integration.txt

@@ -11,9 +11,7 @@ cachetools==5.3.0
     # via tox
 cfgv==3.3.1
     # via pre-commit
-chardet==5.1.0
-    # via tox
-click==8.0.4
+click==8.1.3
     # via
     #   pip-compile-multi
     #   pip-tools
@@ -46,17 +44,19 @@ pluggy==1.0.0
     # via tox
 pre-commit==3.3.1
     # via -r requirements/integration.in
+py==1.10.0
 pyproject-api==1.5.1
     # via tox
 pyproject-hooks==1.0.0
     # via build
 pyyaml==5.4.1
     # via pre-commit
+six==1.16.0
+    # via tox
+toml==0.10.2
+    # via tox
 tomli==2.0.1
-    # via
-    #   build
-    #   pyproject-api
-    #   tox
+    # via build
 toposort==1.10
     # via pip-compile-multi
 tox==4.5.1

setup.py

@@ -82,7 +82,7 @@ def get_git_sha() -> str:
         "cron-descriptor",
         "cryptography>=39.0.1, <40",
         "deprecation>=2.1.0, <2.2.0",
-        "flask>=2.1.3, <2.2",
+        "flask>=2.2.5, <3.0.0",
         "flask-appbuilder>=4.3.0, <5.0.0",
         "flask-caching>=1.10.1, <1.11",
         "flask-compress>=1.13, <2.0",

superset/charts/api.py

@@ -805,7 +805,7 @@ def export(self, **kwargs: Any) -> Response:
             buf,
             mimetype="application/zip",
             as_attachment=True,
-            attachment_filename=filename,
+            download_name=filename,
         )
         if token:
             response.set_cookie(token, "done", max_age=600)

superset/dashboards/api.py

@@ -819,7 +819,7 @@ def export(self, **kwargs: Any) -> Response:
                 buf,
                 mimetype="application/zip",
                 as_attachment=True,
-                attachment_filename=filename,
+                download_name=filename,
             )
             if token:
                 response.set_cookie(token, "done", max_age=600)

superset/databases/api.py

@@ -1058,7 +1058,7 @@ def export(self, **kwargs: Any) -> Response:
             buf,
             mimetype="application/zip",
             as_attachment=True,
-            attachment_filename=filename,
+            download_name=filename,
         )
         if token:
             response.set_cookie(token, "done", max_age=600)

superset/datasets/api.py

@@ -524,7 +524,7 @@ def export(self, **kwargs: Any) -> Response:
                 buf,
                 mimetype="application/zip",
                 as_attachment=True,
-                attachment_filename=filename,
+                download_name=filename,
             )
             if token:
                 response.set_cookie(token, "done", max_age=600)

superset/importexport/api.py

@@ -87,7 +87,7 @@ def export(self) -> Response:
             buf,
             mimetype="application/zip",
             as_attachment=True,
-            attachment_filename=filename,
+            download_name=filename,
         )
         return response
 

superset/queries/saved_queries/api.py

@@ -284,7 +284,7 @@ def export(self, **kwargs: Any) -> Response:
             buf,
             mimetype="application/zip",
             as_attachment=True,
-            attachment_filename=filename,
+            download_name=filename,
         )
         if token:
             response.set_cookie(token, "done", max_age=600)

superset/views/base.py

@@ -490,7 +490,7 @@ def show_http_exception(ex: HTTPException) -> FlaskResponse:
         and ex.code in {404, 500}
     ):
         path = resource_filename("superset", f"static/assets/{ex.code}.html")
-        return send_file(path, cache_timeout=0), ex.code
+        return send_file(path, max_age=0), ex.code
 
     return json_errors_response(
         errors=[
@@ -512,7 +512,7 @@ def show_command_errors(ex: CommandException) -> FlaskResponse:
     logger.warning("CommandException", exc_info=True)
     if "text/html" in request.accept_mimetypes and not config["DEBUG"]:
         path = resource_filename("superset", "static/assets/500.html")
-        return send_file(path, cache_timeout=0), 500
+        return send_file(path, max_age=0), 500
 
     extra = ex.normalized_messages() if isinstance(ex, CommandInvalidError) else {}
     return json_errors_response(
@@ -534,7 +534,7 @@ def show_unexpected_exception(ex: Exception) -> FlaskResponse:
     logger.exception(ex)
     if "text/html" in request.accept_mimetypes and not config["DEBUG"]:
         path = resource_filename("superset", "static/assets/500.html")
-        return send_file(path, cache_timeout=0), 500
+        return send_file(path, max_age=0), 500
 
     return json_errors_response(
         errors=[

tests/integration_tests/async_events/api_tests.py

@@ -33,6 +33,7 @@ def fetch_events(self, last_id: Optional[str] = None):
 
     @mock.patch("uuid.uuid4", return_value=UUID)
     def test_events(self, mock_uuid4):
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login(username="admin")
         with mock.patch.object(async_query_manager._redis, "xrange") as mock_xrange:
@@ -46,6 +47,7 @@ def test_events(self, mock_uuid4):
 
     @mock.patch("uuid.uuid4", return_value=UUID)
     def test_events_last_id(self, mock_uuid4):
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login(username="admin")
         with mock.patch.object(async_query_manager._redis, "xrange") as mock_xrange:
@@ -59,6 +61,7 @@ def test_events_last_id(self, mock_uuid4):
 
     @mock.patch("uuid.uuid4", return_value=UUID)
     def test_events_results(self, mock_uuid4):
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login(username="admin")
         with mock.patch.object(async_query_manager._redis, "xrange") as mock_xrange:
@@ -107,6 +110,7 @@ def test_events_results(self, mock_uuid4):
         self.assertEqual(response, expected)
 
     def test_events_no_login(self):
+        app._got_first_request = False
         async_query_manager.init_app(app)
         rv = self.fetch_events()
         assert rv.status_code == 401

tests/integration_tests/charts/data/api_tests.py

@@ -28,10 +28,7 @@
 from flask import Response
 from tests.integration_tests.conftest import with_feature_flags
 from superset.models.sql_lab import Query
-from tests.integration_tests.base_tests import (
-    SupersetTestCase,
-    test_client,
-)
+from tests.integration_tests.base_tests import SupersetTestCase, test_client
 from tests.integration_tests.annotation_layers.fixtures import create_annotation_layers
 from tests.integration_tests.fixtures.birth_names_dashboard import (
     load_birth_names_dashboard_with_slices,
@@ -626,6 +623,7 @@ def test_when_where_parameter_is_template_and_query_result_type__query_is_templa
     @pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
     def test_chart_data_async(self):
         self.logout()
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login("admin")
         rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data")
@@ -643,6 +641,7 @@ def test_chart_data_async_cached_sync_response(self):
         Chart data API: Test chart data query returns results synchronously
         when results are already cached.
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
 
         class QueryContext:
@@ -672,6 +671,7 @@ def test_chart_data_async_results_type(self):
         """
         Chart data API: Test chart data query non-JSON format (async)
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.query_context_payload["result_type"] = "results"
         rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data")
@@ -683,6 +683,7 @@ def test_chart_data_async_invalid_token(self):
         """
         Chart data API: Test chart data query (async)
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
         test_client.set_cookie(
             "localhost", app.config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME"], "foo"
@@ -998,6 +999,7 @@ def test_chart_data_cache(self, cache_loader):
         """
         Chart data cache API: Test chart data async cache request
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
         cache_loader.load.return_value = self.query_context_payload
         orig_run = ChartDataCommand.run
@@ -1024,6 +1026,7 @@ def test_chart_data_cache_run_failed(self, cache_loader):
         """
         Chart data cache API: Test chart data async cache request with run failure
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
         cache_loader.load.return_value = self.query_context_payload
         rv = self.get_assert_metric(
@@ -1041,8 +1044,9 @@ def test_chart_data_cache_no_login(self, cache_loader):
         """
         Chart data cache API: Test chart data async cache request (no login)
         """
-        self.logout()
+        app._got_first_request = False
         async_query_manager.init_app(app)
+        self.logout()
         cache_loader.load.return_value = self.query_context_payload
         orig_run = ChartDataCommand.run
 
@@ -1063,6 +1067,7 @@ def test_chart_data_cache_key_error(self):
         """
         Chart data cache API: Test chart data async cache request with invalid cache key
         """
+        app._got_first_request = False
         async_query_manager.init_app(app)
         rv = self.get_assert_metric(
             f"{CHART_DATA_URI}/test-cache-key", "data_from_cache"
@@ -1188,10 +1193,10 @@ def test_data_cache_default_timeout(
 
 
 def test_chart_cache_timeout(
+    load_energy_table_with_slice: List[Slice],
     test_client,
     login_as_admin,
     physical_query_context,
-    load_energy_table_with_slice: List[Slice],
 ):
     # should override datasource cache timeout
 
@@ -1210,7 +1215,6 @@ def test_chart_cache_timeout(
     db.session.commit()
 
     physical_query_context["form_data"] = {"slice_id": slice_with_cache_timeout.id}
-
     rv = test_client.post(CHART_DATA_URI, json=physical_query_context)
     assert rv.json["result"][0]["cache_timeout"] == 20
 

tests/integration_tests/core_tests.py

@@ -1088,6 +1088,7 @@ def test_explore_json_async(self):
             "groupby": ["gender"],
             "row_limit": 100,
         }
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login(username="admin")
         rv = self.client.post(
@@ -1119,6 +1120,7 @@ def test_explore_json_async_results_format(self):
             "groupby": ["gender"],
             "row_limit": 100,
         }
+        app._got_first_request = False
         async_query_manager.init_app(app)
         self.login(username="admin")
         rv = self.client.post(

tests/integration_tests/dashboards/permalink/api_tests.py

@@ -66,7 +66,7 @@ def permalink_salt() -> Iterator[str]:
 
 
 def test_post(
-    test_client, login_as_admin, dashboard_id: int, permalink_salt: str
+    dashboard_id: int, permalink_salt: str, test_client, login_as_admin
 ) -> None:
     resp = test_client.post(f"api/v1/dashboard/{dashboard_id}/permalink", json=STATE)
     assert resp.status_code == 201
@@ -93,14 +93,14 @@ def test_post_access_denied(test_client, login_as, dashboard_id: int):
     assert resp.status_code == 404
 
 
-def test_post_invalid_schema(test_client, login_as_admin, dashboard_id: int):
+def test_post_invalid_schema(dashboard_id: int, test_client, login_as_admin):
     resp = test_client.post(
         f"api/v1/dashboard/{dashboard_id}/permalink", json={"foo": "bar"}
     )
     assert resp.status_code == 400
 
 
-def test_get(test_client, login_as_admin, dashboard_id: int, permalink_salt: str):
+def test_get(dashboard_id: int, permalink_salt: str, test_client, login_as_admin):
     key = test_client.post(
         f"api/v1/dashboard/{dashboard_id}/permalink", json=STATE
     ).json["key"]

tests/integration_tests/datasource_tests.py

@@ -543,7 +543,7 @@ def test_get_samples_with_filters(test_client, login_as_admin, virtual_dataset):
         f"/datasource/samples?datasource_id={virtual_dataset.id}&datasource_type=table"
     )
     rv = test_client.post(uri, json=None)
-    assert rv.status_code == 400
+    assert rv.status_code == 415
 
     rv = test_client.post(uri, json={})
     assert rv.status_code == 200