Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fardin #2

Merged
merged 96 commits into from
Jan 5, 2025
Merged

Fardin #2

merged 96 commits into from
Jan 5, 2025

Conversation

fardin-developer
Copy link
Owner

No description provided.

fardin-developer and others added 30 commits December 12, 2024 00:07
@fardin-developer
Big Number side cut fixed
ef04e94
@fardin-developer
Merge branch 'apache:master' into fardin
0b1484b
@fardin-developer
lint fixed
74fc5a4
@Vitor-Avila
fix(Pivot Table): Fix column width to respect currency config (apache…
43314dc 
…#31414)
@mistercrunch
fix: pkg_resources is getting deprecated (apache#31411)
f510f42
@dpgaspar
docs: CVEs fixed on 4.1.0 v2 (apache#31422)
988da2c
@mistercrunch
feat(sqllab): giving the query history pane a facelift (apache#31316)
4ff9aac
@eschutho
fix: prevent multiple pvm errors on migration (apache#31332)
cd200f0
@villebro
fix(tags): clean up bulk create api and schema (apache#31427)
bf56a32
@geido
fix(Dashboard): Sync color configuration via dedicated endpoint (apac…
e1f98e2 
…he#31374)
@Vitor-Avila
fix(database import): Gracefully handle error to get catalog schemas (a…
21e794a 
…pache#31437)
@mistercrunch @villebro
chore: deprecate pylint in favor of ruff (apache#31262)
4bccf36 
Co-authored-by: Ville Brofeldt <[email protected]>
@gerbermichi
chore(translations): German translation update (apache#30605)
15ede02
@mistercrunch
fix: docker refactor (apache#31385)
1f17b97
@mistercrunch
chore: remove numba and llvmlite deps as they are large and we don't …
092faa0 
…use them (apache#31451)
@zero-stroke
fix(api): typo api.py (apache#31458)
04077ce
@rusackas
fix(filter options): full size list item targets (apache#31449)
48510d2
@kgabryje
fix(explore): Styling issue in Search Metrics input field (apache#31473)
8be69aa
@kgabryje
fix: Tooltip covers the date selector in native filters (apache#31472)
9b28a6e
@gerbermichi
fix(sunburst): Use metric label from verbose map (apache#31480)
a1adb7f
@mistercrunch
feat(gha): various docker / docker-compose build improvements (apache…
3375e65 
…#31386)
@kgabryje
fix: Card component background color (apache#31483)
4c380b4
@mistercrunch
fix: master docker builds fail because of multi-platform builds can't…
a5e36c9 
… --load (apache#31493)
@samraHanif0340
docs: Update new user for Careem to user's list (apache#31496)
567380f
@rusackas
chore(code owners): Update CODEOWNERS file to remove a couple inactiv…
c0feb99 
…e contributors (apache#31501)
@tarraschk
feat(country-map): add map for France with all overseas territories (a…
e788b85 
…pache#31037)

Co-authored-by: Maxime ALAY-EDDINE <[email protected]>
@fardin-developer
margin bottom added
6107bd8
@fardin-developer
Merge pull request #1 from apache/master
092a591 
pull upgraded codes
@mistercrunch
chore: deprecate fossa in favor of liccheck to validate python licens…
88cde72 
…es (apache#31515)
@mistercrunch
chore: deprecate pip-compile-multi in favor or uv (apache#31313)
9da65d6
@fardin-developer fardin-developer merged commit a083ba3 into master Jan 5, 2025
37 of 41 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 5, 2025
View reviewed changes
superset/utils/hashing.py
@@ -21,7 +21,7 @@


def md5_sha_from_str(val: str) -> str:
return hashlib.md5(val.encode("utf-8")).hexdigest()
return hashlib.md5(val.encode("utf-8")).hexdigest() # noqa: S324

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic hashing algorithm on sensitive data High

Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.

Copilot Autofix AI 15 days ago

To fix the problem, we need to replace the use of the MD5 hashing algorithm with a stronger cryptographic hash function. In this case, we can use SHA-256, which is a secure and widely recommended hash function.

  1. Replace the hashlib.md5 function with hashlib.sha256 in the md5_sha_from_str function.
  2. Ensure that the rest of the code remains unchanged to maintain existing functionality.
Suggested changeset 1
superset/utils/hashing.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/superset/utils/hashing.py b/superset/utils/hashing.py
--- a/superset/utils/hashing.py
+++ b/superset/utils/hashing.py
@@ -23,3 +23,3 @@
 def md5_sha_from_str(val: str) -> str:
-    return hashlib.md5(val.encode("utf-8")).hexdigest()  # noqa: S324
+    return hashlib.sha256(val.encode("utf-8")).hexdigest()  # noqa: S324
 
EOF
@@ -23,3 +23,3 @@
def md5_sha_from_str(val: str) -> str:
return hashlib.md5(val.encode("utf-8")).hexdigest() # noqa: S324
return hashlib.sha256(val.encode("utf-8")).hexdigest() # noqa: S324

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
api dependencies:npm doc github_actions i18n:brazilian i18n:chinese i18n:dutch i18n:french i18n:italian i18n:japanese i18n:korean i18n:portuguese i18n:russian i18n:slovak i18n:spanish i18n:traditional-chinese i18n:ukrainian i18n packages plugins risk:db-migration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.