superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

chore(deps): bump selenium 4.10.0+

Open gnought opened this issue 2 years ago • 7 comments

SUMMARY

This is a proper fix for the PR https://github.com/apache/superset/pull/24538.

However we have to think about how the WEBDRIVER_CONFIGURATION should be. The selenium 4.10+ only allows options and services to be passed to the WebDriver constructor. https://github.com/SeleniumHQ/selenium/blob/c14d9678990942b93cb421c5567d0da7fb29c7bd/py/selenium/webdriver/firefox/webdriver.py#L41-L46

https://github.com/apache/superset/blob/a698587e8c867f25f4cace6ec02259cccaa5986c/superset/utils/webdriver.py#L276-L279

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • [ ] Has associated issue: Fixes #26992
  • [ ] Required feature flags:
  • [ ] Changes UI
  • [ ] Includes DB Migration (follow approval process in SIP-59)
    • [ ] Migration is atomic, supports rollback & is backwards-compatible
    • [ ] Confirm DB migration upgrade and downgrade tested
    • [ ] Runtime estimates and downtime expectations provided
  • [ ] Introduces new feature or API
  • [ ] Removes existing feature or API

gnought avatar Nov 09 '23 15:11 gnought

Thanks @gnought for the change. As your point out with Selenium 4.10+ the WebDriver signature changed which means that existing WEBDRIVER_CONFIGURATION definitions (including the default) could fail and thus this would be deemed a breaking change. It seems prudent to hold off this change until when the breaking window opens for Superset 4.0.

john-bodley avatar Nov 09 '23 18:11 john-bodley

FYI: if the change is made it should be updated to 4.14.x (or newer) to fix a CVE finding (refer linked https://github.com/apache/superset/issues/26992)

nigzak avatar Feb 21 '24 10:02 nigzak

Unfortunately, I think this missed the proposal window for breaking changes, and will have to go into 5.0. I'l add it to that project board now. I'm also not sure where we stand with the potential migration to Playwright (thus tagging @kgabryje here) and if that will become the standard by 5.0. If we want to proceed with this upgrade, which seems sensible, this PR will just need a rebase and bump to 4.14.x or greater by the time that breaking window re-opens.

rusackas avatar Feb 21 '24 16:02 rusackas

This has also been updated to auto-close https://github.com/apache/superset/issues/26992 when it does become mergeable.

rusackas avatar Feb 21 '24 16:02 rusackas

Hi @rusackas the pull request here seems to update it to V4.10.x - only have in mind it should be updated to >= V4.14.x (newer as it is in this pull request)

nigzak avatar Feb 21 '24 16:02 nigzak

FYI I fixed the merge conflicts, can we remove the hold on this one?

In any case if the interface changed we should add a line in UPDATING.md as part of this PR

mistercrunch avatar Apr 03 '24 16:04 mistercrunch

FYI I fixed the merge conflicts, can we remove the hold on this one?

@mistercrunch We can't remove the hold label if the PR contains a breaking change. That will only be possible during a breaking window.

michael-s-molina avatar Apr 03 '24 16:04 michael-s-molina