Hi, I agree with Ville regarding the FAB bump to 2.1.13 that might introduce a regression risk and could make sense to leave it on the wild a little time longer. The security fixes are medium severity and if I'm not mistaken the OAuth issue addresses an edge case.
Regarding the polygons fix, may make sense since 0.34.1rc1 already has another fix for the polygons chart, I would say it's a minor fix on an examples chart but makes sense for the sake of context. On 2019/09/26 13:00:58, Charles Givre <cgi...@gmail.com> wrote: > Hello all, > As a mere member FWIW, I'd vote for new release, given the vulnerabilities > that are being fixed, the FAB bump and OAUTH login fix. > -- C > > > On Sep 26, 2019, at 8:47 AM, Ville Brofeldt <ville.v.brofe...@gmail.com> > > wrote: > > > > Oh, 0.34.0 is already on PyPI: https://pypi.org/project/apache-superset/ > > > > On Thu, Sep 26, 2019 at 3:21 PM Charles Givre <cgi...@gmail.com> wrote: > > > >> I'd also like to put in a vote for updating Pypi now that we got the > >> ownership situation straightened out. ;-) > >> --C > >> > >>> On Sep 26, 2019, at 7:48 AM, Ville Brofeldt <ville.v.brofe...@gmail.com> > >> wrote: > >>> > >>> Hi, > >>> > >>> Both look ok to me, I think it comes down to whether or not we want to > >>> delay 0.34.1 by kicking off a new vote on 0.34.1rc2 or defer these to the > >>> 0.34.2 release, or potentially even 0.35. I'm fine either way, as baking > >> a > >>> new release candidate should be fairly quick. However, it would be > >> helpful > >>> to get some assistance validating the FAB bump, as there's a risk that > >> that > >>> might introduce an unrelated regression. > >>> > >>> Ville > >>> > >>> On Thu, Sep 26, 2019 at 1:08 PM Daniel Gaspar <dpgas...@apache.org> > >> wrote: > >>> > >>>> Just a note: > >>>> > >>>> FAB: 2.1.13 also includes a bootstrap version bump: > >>>> > >>>> Bootstrap 3.4.1 solves the following security issues: > >>>> > >>>> CVE-2018-14040 - Medium Severity Vulnerability Publish Date: 2018-07-13 > >>>> CVE-2018-14041 - Medium Severity Vulnerability Publish Date: 2018-07-13 > >>>> CVE-2018-14042 - Medium Severity Vulnerability Publish Date: 2018-07-13 > >>>> CVE-2018-20677 - Medium Severity Vulnerability Publish Date: 2019-01-09 > >>>> CVE-2019-8331 - Medium Severity Vulnerability Publish Date: 2019-02-20 > >>>> > >>>> > >>>> On 2019/09/26 09:46:54, Paul Vickers <paul.vick...@intercom.io.INVALID> > >>>> wrote: > >>>>> If you are spinning up an update could you also consider including > >>>>> https://github.com/apache/incubator-superset/pull/8174 to fix OAuth > >>>> logins? > >>>>> > >>>>> On Thu, 26 Sep 2019 at 10:10, Daniel Gaspar <dpgas...@apache.org> > >> wrote: > >>>>> > >>>>>> > >>>>>> Looks good but I have two minor concerns: > >>>>>> > >>>>>> - Regarding #8025, the polygons chart still causes a division by zero, > >>>> can > >>>>>> we include PR #8209? > >>>>>> - On dashboards the little box that shows what we are filtering for on > >>>>>> each chart disappeared, is it supposed to be like that? > >>>>>> > >>>>>> > >>>>>> On 2019/09/23 20:33:06, Ville Brofeldt <ville.v.brofe...@gmail.com> > >>>>>> wrote: > >>>>>>> Dear all, > >>>>>>> > >>>>>>> > >>>>>>> The source release 0.34.1 RC1 for Apache Superset is baked and > >>>> available > >>>>>> at: > >>>>>>> > >>>>>>> https://dist.apache.org/repos/dist/dev/incubator/superset/, public > >>>> keys > >>>>>> are > >>>>>>> available at > >>>>>>> https://dist.apache.org/repos/dist/release/incubator/superset/KEYS > >>>>>>> > >>>>>>> > >>>>>>> This release mainly aims to fix bugs that have surfaced since the > >>>> first > >>>>>>> official release 0.34.0. For context the `0.34` release branch was > >>>> cut at > >>>>>>> SHA 9233a63, that was merged on master on Aug 8th 2019. From that > >>>> common > >>>>>>> ancestor, the following list of commit was added as cherry-picks. The > >>>>>> SHAs > >>>>>>> in the list bellow reference the cherries on the release branch, PR > >>>>>> number > >>>>>>> are available to get more details. > >>>>>>> > >>>>>>> > >>>>>>> Cherries since 0.34.0: > >>>>>>> > >>>>>>> aaed4a77 updating version to 0.34.1 > >>>>>>> > >>>>>>> 30ded7dd [sql lab] persist tables list in localStorage (#8054) > >>>>>>> > >>>>>>> 301211b5 Revert "Fixed Histogram visualization bug. (#8077)" (#8145) > >>>>>>> > >>>>>>> eb3cb955 fix: issues #8041 - bubble support for complex metrics > >>>> (#8044) > >>>>>>> > >>>>>>> 7ca58f02 adding spaces missing from string concatenations (#8126) > >>>>>>> > >>>>>>> 9e6c0ab7 Update core.py (#8191) > >>>>>>> > >>>>>>> 7326f371 [feat] Add d3 legend formatting for Arc, Polygon and Scatter > >>>>>>> deck.gl maps (#7951) > >>>>>>> > >>>>>>> 92481b7b [bugfix] Correctly quote table and schema in select_star > >>>> (#8181) > >>>>>>> > >>>>>>> c5249cef Make orderby native sqla construct (#8180) > >>>>>>> > >>>>>>> 3136af12 [bugfix] fix timegrain addon regression (#8165) > >>>>>>> > >>>>>>> a8b05484 Add check for calls to cache_key_wrapper (#8128) > >>>>>>> > >>>>>>> 20a05954 Fix to Werkzeug ProxyFix; expose ProxyFix configuration > >>>> items > >>>>>>> (#8117) > >>>>>>> > >>>>>>> 4e49b8f3 Fixed Histogram visualization bug. (#8077) > >>>>>>> > >>>>>>> 6f6e068c Set disableErrorBoundary in SuperChart to fix chart error > >>>>>> handling > >>>>>>> (#8052) > >>>>>>> > >>>>>>> 08f19f1d fix: onSave datasource raises React error (#8049) > >>>>>>> > >>>>>>> 66340f1a fix: handle case where result exists but corresponding query > >>>>>>> cannot be found (#8037) > >>>>>>> > >>>>>>> f85ba81c [bugfix] Fix deck_polygon metric bug and update examples > >>>> chart > >>>>>>> (#8025) > >>>>>>> > >>>>>>> 85f959f6 [fix] Allow dashboard viewer auto refresh dashboard (#8014) > >>>>>>> > >>>>>>> de21a7f1 Fix: There was an issue fetching the favorite status of this > >>>>>>> dashboard #6824 (#8013) > >>>>>>> > >>>>>> > >>>>> > >>>> > >> > >> > >
