jedcunningham commented on code in PR #24762: URL: https://github.com/apache/airflow/pull/24762#discussion_r912243040
########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) Review Comment: ```suggestion We've upgraded Flask App Builder to a major version 4.* (#24399) """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" ``` Sorry, just noticed this wasn't converted to a heading yet. ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + Review Comment: ```suggestion ``` Extra newline ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + + +Bug Fixes +^^^^^^^^^ + +- Allow for ``LOGGING_LEVEL=DEBUG`` (#23360) +- Fix grid date ticks (#24738) +- Debounce status highlighting in Grid view (#24710) +- Fix Grid vertical scrolling (#24684) +- don't try to render child rows for closed groups (#24637) +- Do not calculate grid root instances (#24528) +- Maintain grid view selection on filtering upstream (#23779) +- Speed up grid_data endpoint by 10x (#24284) +- Apply per-run log templates to log handlers (#24153) +- Don't crash scheduler if exec config has old k8s objects (#24117) +- ``TI.log_url`` fix for ``map_index`` (#24335) +- Fix migration ``0080_2_0_2`` - Replace null values before setting column not null (#24585) +- Patch ``sql_alchemy_conn`` if old Postgres schemes used (#24569) +- Seed ``log_template`` table (#24511) +- Fix deprecated ``log_id_template`` value (#24506) +- Fix toast messages (#24505) +- Add indexes for CASCADE deletes for task_instance (#24488) +- Return empty dict if Pod JSON encoding fails (#24478) +- Improve grid rendering performance with a custom tooltip (#24417) +- Check for run_id for grid group summaries (#24327) +- Optimize calendar view for cron scheduled DAGs (#24262) +- Use ``get_hostname`` instead of ``socket.getfqdn`` (#24260) +- Check that edge nodes actually exist (#24166) +- Fix ``useTasks`` crash on error (#24152) +- Do not fail re-queued TIs (#23846) +- Reduce grid view API calls (#24083) +- Rename Permissions to Permission Pairs. (#24065) +- Replace ``use_task_execution_date`` with ``use_task_logical_date`` (#23983) +- Grid fix details button truncated and small UI tweaks (#23934) +- Add TaskInstance State ``REMOVED`` to finished states and success states (#23797) +- Fix mapped task immutability after clear (#23667) +- Fix permission issue for dag that has dot in name (#23510) +- Fix closing connection ``dbapi.get_pandas_df`` (#23452) +- Check bag DAG ``schedule_interval`` match timetable (#23113) +- Parse error for task added to multiple groups (#23071) +- Fix flaky order of returned dag runs (#24405) +- Migrate ``jsx`` files that affect run/task selection to ``tsx`` (#24509) +- Fix links to sources for examples (#24386) + + +Doc only changes +^^^^^^^^^^^^^^^^ + +- Alphabetizes two tables (#23923) +- Clarify that users should not use Maria DB (#24556) +- Add imports to deferring code samples (#24544) +- Add note about image regeneration in June 2022 (#24524) +- Small cleanup of ``get_current_context()`` chapter (#24482) +- Fix default 2.2.5 log_id_template (#24455) +- Update description of installing providers separately from core (#24454) +- Mention context variables and logging (#24304) + Review Comment: ```suggestion ``` ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + + +Bug Fixes +^^^^^^^^^ + +- Allow for ``LOGGING_LEVEL=DEBUG`` (#23360) +- Fix grid date ticks (#24738) +- Debounce status highlighting in Grid view (#24710) +- Fix Grid vertical scrolling (#24684) +- don't try to render child rows for closed groups (#24637) +- Do not calculate grid root instances (#24528) +- Maintain grid view selection on filtering upstream (#23779) +- Speed up grid_data endpoint by 10x (#24284) +- Apply per-run log templates to log handlers (#24153) +- Don't crash scheduler if exec config has old k8s objects (#24117) +- ``TI.log_url`` fix for ``map_index`` (#24335) +- Fix migration ``0080_2_0_2`` - Replace null values before setting column not null (#24585) +- Patch ``sql_alchemy_conn`` if old Postgres schemes used (#24569) +- Seed ``log_template`` table (#24511) +- Fix deprecated ``log_id_template`` value (#24506) +- Fix toast messages (#24505) +- Add indexes for CASCADE deletes for task_instance (#24488) +- Return empty dict if Pod JSON encoding fails (#24478) +- Improve grid rendering performance with a custom tooltip (#24417) +- Check for run_id for grid group summaries (#24327) +- Optimize calendar view for cron scheduled DAGs (#24262) +- Use ``get_hostname`` instead of ``socket.getfqdn`` (#24260) +- Check that edge nodes actually exist (#24166) +- Fix ``useTasks`` crash on error (#24152) +- Do not fail re-queued TIs (#23846) +- Reduce grid view API calls (#24083) +- Rename Permissions to Permission Pairs. (#24065) +- Replace ``use_task_execution_date`` with ``use_task_logical_date`` (#23983) +- Grid fix details button truncated and small UI tweaks (#23934) +- Add TaskInstance State ``REMOVED`` to finished states and success states (#23797) +- Fix mapped task immutability after clear (#23667) +- Fix permission issue for dag that has dot in name (#23510) +- Fix closing connection ``dbapi.get_pandas_df`` (#23452) +- Check bag DAG ``schedule_interval`` match timetable (#23113) +- Parse error for task added to multiple groups (#23071) +- Fix flaky order of returned dag runs (#24405) +- Migrate ``jsx`` files that affect run/task selection to ``tsx`` (#24509) +- Fix links to sources for examples (#24386) + + +Doc only changes +^^^^^^^^^^^^^^^^ + +- Alphabetizes two tables (#23923) +- Clarify that users should not use Maria DB (#24556) +- Add imports to deferring code samples (#24544) +- Add note about image regeneration in June 2022 (#24524) +- Small cleanup of ``get_current_context()`` chapter (#24482) +- Fix default 2.2.5 log_id_template (#24455) +- Update description of installing providers separately from core (#24454) +- Mention context variables and logging (#24304) + + +Misc/Internal +^^^^^^^^^^^^^ + +- Remove internet explorer support (#24495) +- Removing magic status code numbers from ``api_connexion`` (#24050) +- Upgrade FAB to 4.1.2 (#24619) +- Switch Markdown engine to markdown-it-py (#19702) +- Update 'rich' to latest version across the board. (#24186) +- Get rid of TimedJSONWebSignatureSerializer (#24519) +- Update flask-appbuilder ``authlib``/ ``oauth`` dependency (#24516) +- Upgrade to ``webpack`` 5 (#24485) +- Add ``typescript`` (#24337) +- The JWT claims in the request to retrieve logs have been standardized: we use ``nbf`` and ``aud`` claims for + maturity and audience of the requests. Also "filename" payload field is used to keep log name. (#24519) +- Address all ``yarn`` test warnings (#24722) +- Add tests for the ``grid_data`` endpoint (#24375) Review Comment: This should probably be a bugfix and reworded, something like "Set proper Content-Type and chartset on ``grid_data`` endpoint". ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + + +Bug Fixes +^^^^^^^^^ + +- Allow for ``LOGGING_LEVEL=DEBUG`` (#23360) +- Fix grid date ticks (#24738) +- Debounce status highlighting in Grid view (#24710) +- Fix Grid vertical scrolling (#24684) +- don't try to render child rows for closed groups (#24637) +- Do not calculate grid root instances (#24528) +- Maintain grid view selection on filtering upstream (#23779) +- Speed up grid_data endpoint by 10x (#24284) +- Apply per-run log templates to log handlers (#24153) +- Don't crash scheduler if exec config has old k8s objects (#24117) +- ``TI.log_url`` fix for ``map_index`` (#24335) +- Fix migration ``0080_2_0_2`` - Replace null values before setting column not null (#24585) +- Patch ``sql_alchemy_conn`` if old Postgres schemes used (#24569) +- Seed ``log_template`` table (#24511) +- Fix deprecated ``log_id_template`` value (#24506) +- Fix toast messages (#24505) +- Add indexes for CASCADE deletes for task_instance (#24488) +- Return empty dict if Pod JSON encoding fails (#24478) +- Improve grid rendering performance with a custom tooltip (#24417) +- Check for run_id for grid group summaries (#24327) +- Optimize calendar view for cron scheduled DAGs (#24262) +- Use ``get_hostname`` instead of ``socket.getfqdn`` (#24260) +- Check that edge nodes actually exist (#24166) +- Fix ``useTasks`` crash on error (#24152) +- Do not fail re-queued TIs (#23846) +- Reduce grid view API calls (#24083) +- Rename Permissions to Permission Pairs. (#24065) +- Replace ``use_task_execution_date`` with ``use_task_logical_date`` (#23983) +- Grid fix details button truncated and small UI tweaks (#23934) +- Add TaskInstance State ``REMOVED`` to finished states and success states (#23797) +- Fix mapped task immutability after clear (#23667) +- Fix permission issue for dag that has dot in name (#23510) +- Fix closing connection ``dbapi.get_pandas_df`` (#23452) +- Check bag DAG ``schedule_interval`` match timetable (#23113) +- Parse error for task added to multiple groups (#23071) +- Fix flaky order of returned dag runs (#24405) +- Migrate ``jsx`` files that affect run/task selection to ``tsx`` (#24509) +- Fix links to sources for examples (#24386) + + +Doc only changes +^^^^^^^^^^^^^^^^ + +- Alphabetizes two tables (#23923) +- Clarify that users should not use Maria DB (#24556) +- Add imports to deferring code samples (#24544) +- Add note about image regeneration in June 2022 (#24524) +- Small cleanup of ``get_current_context()`` chapter (#24482) +- Fix default 2.2.5 log_id_template (#24455) +- Update description of installing providers separately from core (#24454) +- Mention context variables and logging (#24304) + + +Misc/Internal +^^^^^^^^^^^^^ + +- Remove internet explorer support (#24495) +- Removing magic status code numbers from ``api_connexion`` (#24050) +- Upgrade FAB to 4.1.2 (#24619) +- Switch Markdown engine to markdown-it-py (#19702) +- Update 'rich' to latest version across the board. (#24186) +- Get rid of TimedJSONWebSignatureSerializer (#24519) +- Update flask-appbuilder ``authlib``/ ``oauth`` dependency (#24516) +- Upgrade to ``webpack`` 5 (#24485) +- Add ``typescript`` (#24337) +- The JWT claims in the request to retrieve logs have been standardized: we use ``nbf`` and ``aud`` claims for + maturity and audience of the requests. Also "filename" payload field is used to keep log name. (#24519) +- Address all ``yarn`` test warnings (#24722) +- Add tests for the ``grid_data`` endpoint (#24375) +- Remove ``framer-motion`` from custom tooltip (#24449) Review Comment: Why isn't this a bugfix? ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + + +Bug Fixes +^^^^^^^^^ + +- Allow for ``LOGGING_LEVEL=DEBUG`` (#23360) +- Fix grid date ticks (#24738) +- Debounce status highlighting in Grid view (#24710) +- Fix Grid vertical scrolling (#24684) +- don't try to render child rows for closed groups (#24637) +- Do not calculate grid root instances (#24528) +- Maintain grid view selection on filtering upstream (#23779) +- Speed up grid_data endpoint by 10x (#24284) +- Apply per-run log templates to log handlers (#24153) +- Don't crash scheduler if exec config has old k8s objects (#24117) +- ``TI.log_url`` fix for ``map_index`` (#24335) +- Fix migration ``0080_2_0_2`` - Replace null values before setting column not null (#24585) +- Patch ``sql_alchemy_conn`` if old Postgres schemes used (#24569) +- Seed ``log_template`` table (#24511) +- Fix deprecated ``log_id_template`` value (#24506) +- Fix toast messages (#24505) +- Add indexes for CASCADE deletes for task_instance (#24488) +- Return empty dict if Pod JSON encoding fails (#24478) +- Improve grid rendering performance with a custom tooltip (#24417) +- Check for run_id for grid group summaries (#24327) +- Optimize calendar view for cron scheduled DAGs (#24262) +- Use ``get_hostname`` instead of ``socket.getfqdn`` (#24260) +- Check that edge nodes actually exist (#24166) +- Fix ``useTasks`` crash on error (#24152) +- Do not fail re-queued TIs (#23846) +- Reduce grid view API calls (#24083) +- Rename Permissions to Permission Pairs. (#24065) +- Replace ``use_task_execution_date`` with ``use_task_logical_date`` (#23983) +- Grid fix details button truncated and small UI tweaks (#23934) +- Add TaskInstance State ``REMOVED`` to finished states and success states (#23797) +- Fix mapped task immutability after clear (#23667) +- Fix permission issue for dag that has dot in name (#23510) +- Fix closing connection ``dbapi.get_pandas_df`` (#23452) +- Check bag DAG ``schedule_interval`` match timetable (#23113) +- Parse error for task added to multiple groups (#23071) +- Fix flaky order of returned dag runs (#24405) +- Migrate ``jsx`` files that affect run/task selection to ``tsx`` (#24509) +- Fix links to sources for examples (#24386) + Review Comment: ```suggestion ``` ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) Review Comment: ```suggestion * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ ``` ########## RELEASE_NOTES.rst: ########## @@ -21,7 +21,126 @@ .. towncrier release notes start -Airflow 2.3.2 (2021-06-04) + +Airflow 2.3.3 (2022-07-04) +-------------------------- + +Significant Changes +^^^^^^^^^^^^^^^^^^^ + +- We've upgraded Flask App Builder to a major version 4.*. (#24399) + + Flask App Builder is one of the important components of Airflow Webserver, as + it uses a lot of dependencies that are essential to run the webserver and integrate it + in enterprise environments - especially authentication. + + The FAB 4.* upgrades a number of dependencies to major releases, which upgrades them to versions + that have a number of security issues fixed. A lot of tests were performed to bring the dependencies + in a backwards-compatible way, however the dependencies themselves implement breaking changes in their + internals so it might be that some of those changes might impact the users in case they are using the + libraries for their own purposes. + + One important change that you likely will need to apply to Oauth configuration is to add + ``server_metadata_url`` or ``jwks_uri`` and you can read about it more + in `this issue <https://github.com/dpgaspar/Flask-AppBuilder/issues/1861>`_. + + Here is the list of breaking changes in dependencies that comes together with FAB 4: + + * ``Flask`` from 1.X to 2.X `breaking changes <https://flask.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``flask-jwt-extended`` 3.X to 4.X `breaking changes: <https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/>`__ + + * ``Jinja2`` 2.X to 3.X `breaking changes: <https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-0>`__ + + * ``Werkzeug`` 1.X to 2.X `breaking changes <https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-0>`__ + + * ``pyJWT`` 1.X to 2.X `breaking changes: <https://pyjwt.readthedocs.io/en/stable/changelog.html#v2-0-0>`__ + + * ``Click`` 7.X to 8.X `breaking changes: <https://click.palletsprojects.com/en/8.0.x/changes/#version-8-0-0>`__ + + * ``itsdangerous`` 1.X to 2.X `breaking changes <https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst#version-200>`__ (#24399) + + +Bug Fixes +^^^^^^^^^ + +- Allow for ``LOGGING_LEVEL=DEBUG`` (#23360) +- Fix grid date ticks (#24738) +- Debounce status highlighting in Grid view (#24710) +- Fix Grid vertical scrolling (#24684) +- don't try to render child rows for closed groups (#24637) +- Do not calculate grid root instances (#24528) +- Maintain grid view selection on filtering upstream (#23779) +- Speed up grid_data endpoint by 10x (#24284) +- Apply per-run log templates to log handlers (#24153) +- Don't crash scheduler if exec config has old k8s objects (#24117) +- ``TI.log_url`` fix for ``map_index`` (#24335) +- Fix migration ``0080_2_0_2`` - Replace null values before setting column not null (#24585) +- Patch ``sql_alchemy_conn`` if old Postgres schemes used (#24569) +- Seed ``log_template`` table (#24511) +- Fix deprecated ``log_id_template`` value (#24506) +- Fix toast messages (#24505) +- Add indexes for CASCADE deletes for task_instance (#24488) +- Return empty dict if Pod JSON encoding fails (#24478) +- Improve grid rendering performance with a custom tooltip (#24417) +- Check for run_id for grid group summaries (#24327) +- Optimize calendar view for cron scheduled DAGs (#24262) +- Use ``get_hostname`` instead of ``socket.getfqdn`` (#24260) +- Check that edge nodes actually exist (#24166) +- Fix ``useTasks`` crash on error (#24152) +- Do not fail re-queued TIs (#23846) +- Reduce grid view API calls (#24083) +- Rename Permissions to Permission Pairs. (#24065) +- Replace ``use_task_execution_date`` with ``use_task_logical_date`` (#23983) +- Grid fix details button truncated and small UI tweaks (#23934) +- Add TaskInstance State ``REMOVED`` to finished states and success states (#23797) +- Fix mapped task immutability after clear (#23667) +- Fix permission issue for dag that has dot in name (#23510) +- Fix closing connection ``dbapi.get_pandas_df`` (#23452) +- Check bag DAG ``schedule_interval`` match timetable (#23113) +- Parse error for task added to multiple groups (#23071) +- Fix flaky order of returned dag runs (#24405) +- Migrate ``jsx`` files that affect run/task selection to ``tsx`` (#24509) +- Fix links to sources for examples (#24386) + + +Doc only changes +^^^^^^^^^^^^^^^^ + +- Alphabetizes two tables (#23923) +- Clarify that users should not use Maria DB (#24556) +- Add imports to deferring code samples (#24544) +- Add note about image regeneration in June 2022 (#24524) +- Small cleanup of ``get_current_context()`` chapter (#24482) +- Fix default 2.2.5 log_id_template (#24455) +- Update description of installing providers separately from core (#24454) +- Mention context variables and logging (#24304) + + +Misc/Internal +^^^^^^^^^^^^^ + +- Remove internet explorer support (#24495) +- Removing magic status code numbers from ``api_connexion`` (#24050) +- Upgrade FAB to 4.1.2 (#24619) +- Switch Markdown engine to markdown-it-py (#19702) +- Update 'rich' to latest version across the board. (#24186) +- Get rid of TimedJSONWebSignatureSerializer (#24519) +- Update flask-appbuilder ``authlib``/ ``oauth`` dependency (#24516) +- Upgrade to ``webpack`` 5 (#24485) +- Add ``typescript`` (#24337) +- The JWT claims in the request to retrieve logs have been standardized: we use ``nbf`` and ``aud`` claims for + maturity and audience of the requests. Also "filename" payload field is used to keep log name. (#24519) +- Address all ``yarn`` test warnings (#24722) +- Add tests for the ``grid_data`` endpoint (#24375) +- Remove ``framer-motion`` from custom tooltip (#24449) +- Upgrade to react 18 and chakra 2 (#24430) +- Refactor ``DagRun.verify_integrity`` (#24114) +- Upgrade FAB to 4.1.1 (#24399) +- We now need at least Flask-WTF 0.15 (#24621) + Review Comment: ```suggestion ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
