Open
Conversation
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 5.1.4 to 5.1.5. - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v5.1.4...v5.1.5) --- updated-dependencies: - dependency-name: immutable dependency-version: 5.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
add src/lib/agents-chart/core/color-decisions.ts, undated corresponding Echarts code
…ble-5.1.5 Bump immutable from 5.1.4 to 5.1.5
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.4 to 6.5.5. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.5.4...v6.5.5) --- updated-dependencies: - dependency-name: tornado dependency-version: 6.5.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.11.0...2.12.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
fix color setting of echarts and chart.js
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Remove user: "0:0" override in docker-compose.yml — the Dockerfile already creates /home/appuser/.data_formulator and chowns it to appuser before switching to USER appuser, so the override was causing the app to run as root and write to /root/.data_formulator, bypassing the mounted volume entirely. Pass --user with host uid:gid to docker run in DockerSandbox so the sandbox container UID matches the host user that created the bind-mounted output directory. Without this, the non-root sandbox user cannot write the output parquet file, silently breaking all Docker sandbox executions.
update colors problem
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.2 to 0.6.3. - [Release notes](https://github.com/pyasn1/pyasn1/releases) - [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst) - [Commits](pyasn1/pyasn1@v0.6.2...v0.6.3) --- updated-dependencies: - dependency-name: pyasn1 dependency-version: 0.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
前端检测到匿名用户首次登录时,自动触发迁移流程并提供数据导入选项。后端实现安全的数据复制机制,确保迁移过程幂等且不删除源数据。同时添加必要的安全约束,防止非法迁移请求。
Implement workspace data migration from anonymous browser identity to authenticated user - Add migration dialog component and internationalization text - Extend workspace manager to support copying workspaces - Add /sessions/migrate API endpoint - Detect identity change after login and prompt for migration
…ndpoint Add local logout handling logic to perform local cleanup and redirect when IdP does not provide end_session_endpoint
… authenticated user migration Add local storage flag to track migration status, ensuring migration is only performed once per user
…ge management - Change anonymous workspace migration from copy to move operation, with merge functionality added - Add cleanup anonymous workspace API endpoint - Persist identity type and browser ID in local storage - Modify identity migration dialog logic to use the new cleanup API - Fix local storage state inconsistency after migration
…and cleanup fix(superset): Enhance SSO login popup handling and add documentation refactor(workspace): Change migration operation to copy-then-delete pattern docs: Add Superset SSO bridge configuration guide documentation test: Add test cases for workspace locking scenarios
Add new internationalization text and logic handling to support IdP-initiated SSO login flow. When users directly redirect from the SSO system, automatically re-initiate the standard SP flow and display corresponding waiting prompt messages.
Feature/plugin architecture
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
…ty configuration Add silent refresh capability for expired tokens in OIDC authentication, along with enhanced Flask session security configuration Add related test cases to verify token refresh and session configuration Add offline_access to OIDC scopes to support refresh tokens
…a during anonymous user migration test(IdentityMigrationDialog): Add unit tests for migration dialog refactor(DataFormulator): Refactor workspace list display logic
添加详细的数据源插件开发指南,包含后端和前端开发规范、目录结构约定、认证路由设计、CredentialVault集成、国际化、测试规范等内容,为开发者提供完整的插件开发参考
Add functionality to export tables as CSV or TSV files, with support for custom delimiters (comma or tab). Handles data deduplication and internal column filtering, and returns appropriate HTTP response with file download headers.
…bering login state - Add credential vault feature with encrypted storage of user credentials - Implement auto-login functionality for automatic login when users choose to remember credentials - Add credential expiration detection mechanism to prompt users for re-entry when credentials become invalid - Extend Superset plugin to support credential vault integration - Add multi-language support including Chinese and English prompt messages - Implement complete frontend-backend interaction flow including credential storage, retrieval, and deletion - Add comprehensive unit test and integration test coverage - Provide detailed development documentation explaining usage and security model
Feature/plugin architecture
新增 ConfinedDir 路径安全原语,统一处理路径拼接安全校验 修复 AzureBlobWorkspace 中的路径穿越漏洞 修复 HTTP 响应头注入问题 添加相关单元测试和安全文档
…onse handling Implement security-related error message sanitization and replace original error response methods across multiple routes Use unified safe_error_response function for error handling to ensure sensitive information is not leaked to clients
Feature/plugin architecture
… messages In dataset loading and authentication handling, provide more specific error messages for different types of exceptions. For dataset loading, distinguish between ValueError/TypeError and other exceptions; for authentication failures, provide different error prompts based on HTTP status codes and connection errors.
fix: Improve error handling logic to provide more user-friendly error…
- Modify safe_error_response function to prioritize caller-provided safe messages - Add default message _GENERIC_4XX for 4xx errors - Remove logic that generates client messages directly from exception objects - Unify error handling across routes using predefined safe messages - Refactor sanitize_db_error_message to use predefined pattern matching for safe errors
fix(security): Improve error message handling to enhance security
…rmation leakage - Remove error handling that directly exposes exception information, use fixed safe messages instead - Clean up unused error message handling functions - Update related tests to verify secure message handling
fix(security): Unify error message handling to prevent sensitive info…
… related tests Add pattern matching classification for LLM/external API errors, returning predefined safe user messages Update test cases to verify error classification functionality Modify error handling logic in agent_routes to use the new classification feature
feat(security): Add LLM error classification functionality and update…
docs: Add and update multiple documentation files and skills
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary
Agents & AI Pipeline
agent_py_data_rec,agent_sql_data_rec,agent_py_data_transform,agent_sql_data_transform,agent_concept_derive,agent_py_concept_derive,agent_data_clean, andagent_explorationinto three unified agents:data_agent.py,agent_data_rec.py, andagent_data_transform.pysemantic_types.pybackend module and full frontend type registry (src/lib/agents-chart/core/type-registry.ts,field-semantics.ts,semantic-types.ts) with domain shape inference, tick constraints, zero-baseline classification, and snap-to-bound heuristicsagent_chart_insight.pyfor AI-generated chart takeawaysagent_language.pyfor i18n-aware promptsagent_diagnostics.pywith unified diagnostic information builder for better error reportingVisualization
src/lib/agents-chart/, 120 files, ~44K lines) with multi-backend support for Vega-Lite, ECharts, Chart.js, and GoFish — includes template system, semantic-aware axis/domain/tick handling, color decisions, layout computation, faceting, and overflow filteringChartGallery.tsxwith expanded chart type support including pie, US map, world map, bump, candlestick, density, lollipop, pyramid, radar, rose, streamgraph, strip plot, waterfall, and moreChartRenderService.tsxreplacing static SVG rendering withvega-embedfor interactive chartsSimpleChartRecBox.tsxandchartRecommendation.tsfor improved chart suggestion workflowScoretype with small domain spans (e.g., [0,1]) no longer forces integer-only ticks, preserving intermediate decimal ticksData Thread & Workflow
DataThread.tsxrewrite, newDataThreadCards.tsx,InteractionEntryCard.tsx)useFormulateData.tsconsolidating data derivation logicTiptapReportEditor.tsx) with richer editing supportData Loading & Management
UnifiedDataUploadDialog.tsxreplacing the old table selection view — supports file upload, URL, paste, database, and sample datasets in a single dialog with loading state indicatorsMultiTablePreview.tsxfor previewing multiple tables before loadingtableThunks.tshandling all data source types with server-side workspace storageuseDataRefresh.tsxwith auto-refresh, stream data sources, andRefreshDataDialog.tsx#rowId) viaROW_NUMBER()in DuckDB and pandas paths, preserving original row positions after sortData Loaders (Database Plugins)
Datalake / Workspace Backend
datalake/package withworkspace.py,azure_blob_workspace.py,cached_azure_blob_workspace.py,file_manager.py,metadata.py,cache_manager.py,parquet_utils.py, andtable_names.pyworkspace_factory.pyfor configuration-driven workspace initializationsession_routes.pyfor session-level API endpointsSecurity
code_signing.pyfor generated code integrity verificationauth.pyfor authentication handlingurl_allowlist.pyfor URL validationsanitize.pyto prevent leaking sensitive info in error messagessandbox/package withlocal_sandbox.py,docker_sandbox.py,not_a_sandbox.py, andDockerfile.sandboxreplacing the oldpy_sandbox.pyidentity.tswith browser-based identity for multi-user supportInternationalization (i18n)
react-i18nextwith English and Chinese locale files across 7 namespaces (common, chart, encoding, messages, model, navigation, upload)TRANSLATION_GUIDE.mdfor contributorsUI & Design System
tokens.tswith centralized color, spacing, shadow, transition, and radius tokensDataFormulator.tsxandApp.tsxwithTopNavButton,AppShellnavigation, and model management UIEncodingShelfCard.tsxandEncodingShelfThread.tsxConceptCard.tsx,ConceptShelf.tsx,DerivedDataDialog.tsxModel Management
model_registry.pyfor managing model configurations server-sideModelSelectionDialog.tsxwith multi-model supportInfrastructure & DevOps
Dockerfile,docker-compose.yml,docker-compose.test.ymlwith volume permissions and sandbox user handling.devcontainer/devcontainer.jsonuv.lock, updatedpyproject.tomlandrequirements.txtTesting
vitest.config.ts,pytest.ini,conftest.py, frontend setup, andtest_plan.md