Sync upstream Superset changes#40
Merged
Merged
Conversation
…#5017) The /api/chat/[sessionId] and /api/chat/[sessionId]/stream handlers only checked that the caller was authenticated, never that they owned the session. Any logged-in user could read (GET), inject into (POST), rename (PATCH), or delete (DELETE) another organization's chat session by id. Scope every handler by createdBy (matching the secure tRPC chatRouter), returning 404 on a non-owned session so session ids aren't enumerable.
The tRPC bearer path granted a full user session to any JWT whose audience matched the API URL, without checking which OAuth client minted it (azp). Combined with unauthenticated dynamic client registration, an attacker could register a client with an attacker-controlled redirect_uri, phish a victim through the consent screen, and exchange the code for a token with aud=api.superset.sh + organizationIds — yielding full read/write tRPC access (profile, billing, etc.). Gate the bearer path to trusted first-party clients (superset-cli). Tokens minted by dynamically-registered clients (azp = random registered id) are now rejected. JWT-plugin tokens (no azp, only obtainable with an existing session or API key) and API keys are unaffected, as are the MCP path (separate verifier) and the web app (cookies).
…ites) (#5019) @upstash/redis defaults readYourWrites to true, which stamps an upstash-sync-token on every request and forces each read to block until the nearest replica has caught up to this client's latest write. Because every relay writes continuously (register/heartbeat/sweep), that token keeps advancing, so directory.lookup never gets a fast local replica read — it pays cross-region replication lag on every cross-region routing decision, defeating the per-region read replicas. The directory is eventually-consistent by design (90s TTL + sweepStale + the maybeReplay self-owner guard), so read-your-writes is not needed. Disable it so lookups serve from the nearest regional replica.
…60601 # Conflicts: # apps/api/src/app/api/chat/[sessionId]/stream/route.ts # apps/api/src/app/api/chat/lib.ts
|
The latest updates on your projects. Learn more about Vercel for GitHub.
3 Skipped Deployments
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
origin/upstreamtosuperset-sh/superset:main.sync/upstream-20260601.Upstream Range
7f3e5b342388c087551810b8ca87d9fc2172f56e9bf4052b13061710e64bf96f15c384007f1d1899superset-sh/superset 7f3e5b342388c087551810b8ca87d9fc2172f56e..9bf4052b13061710e64bf96f15c384007f1d1899origin/upstreamwas fast-forwarded and now matchessuperset/main.Conflict And Fork-Delta Notes
apps/api/src/app/api/chat/[sessionId]/stream/route.tsandapps/api/src/app/api/chat/lib.tshad import conflicts between upstream additions and O3 package scopes.o3-code-clifor the new trusted-client guard.Validation
git diff --checkpassed.bun run lint:fixpassed; final run reported no fixes applied.bun run lintpassed.bun run typecheckpassed.bun run buildpassed; final run was a Turbo cache hit replaying the successful desktop build.bun testdid not pass. Final post-build full-suite rerun exited133after PTY daemon failures:packages/pty-daemon/test/handoff.test.tstimed out inprepare-upgrade hands off live sessions to a successor binary,packages/pty-daemon/test/control-plane.test.tstimed out ininstant-exit shell still produces an exit messageanddefault close kills detached background process groups, then Bun 1.3.13 crashed withpanic(main thread): A C++ exception occurred.bun test packages/pty-daemon/test/signal-recovery.test.ts apps/desktop/src/renderer/hotkeys/display.test.tsshowedsignal-recovery.test.tspassing after build artifacts existed, whiledisplay.test.tsfailed on missingelectronTRPCglobal intrpc-electron/dist/renderer.mjs.Follow-Ups
bun testinstability around PTY daemon handoff/control-plane tests and desktop renderer tests that import electron tRPC without a preload global.