rusackas commented on PR #40668: URL: https://github.com/apache/superset/pull/40668#issuecomment-4614312761
Extended this to round out **Part B's static controls** (SIP #40674): - Added **`EXTENSION_VERSION_POLICY`** — a per-extension minimum-version gate (PEP 440 comparison; fail-closed on unparseable versions). Complements the denylist: deny known-bad ids vs. require a patched minimum. - Consolidated the denylist + version checks into `get_extension_rejection_reason`, removing the duplicated rejection blocks across the two load paths and logging a single specific reason. - Added `UPDATING.md` notes for both controls + unit tests (`is_extension_below_min_version`, `get_extension_rejection_reason`). Both gates are opt-in (default empty). The pluggable advisory/vuln-DB provider remains a separate follow-up SIP. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
