When receiving a VARBINARY field out of Presto, it shows up as type
`bytes` out of the pyhive driver. Then the pre 3.15 version of
simplejson attempts to convert it to utf8 by default and it craps out.
I bumped to simplejson>=3.25.0 and set `encoding=None` as documented
here
https://simplejson.readthedocs.io/en/latest/#basic-usage so that we can
handle bytes on our own.
* Bump celery to 4.1.1
Docs reference `celery worker --app=superset.sql_lab:celery_app
--pool=gevent -Ofair` command which seems only to work with Celery 4.1.1
* Add UPDATING.md message
It appears the officially maintained fork of flask-cache is
flask-caching https://github.com/sh4nks/flask-caching . It is fully
compatible with flask-cache.
* Fix 'pip install .'
Fix error :
> flask-appbuilder 1.10.0 has requirement Flask-SQLAlchemy==2.1,
> but you'll have flask-sqlalchemy 2.3.2 which is incompatible.
> botocore 1.10.5 has requirement python-dateutil<2.7.0,>=2.1, but you'll
> have python-dateutil 2.7.2 which is incompatible.
* remove flask-sqlalchemy==2.1 from reqs.txt
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
Before this PR the only way to query lat/long is in the shape of 2
columns that contains lat and long.
Now we're adding 2 more options:
* a single column that has lat and long with a delimiter in between
* support for geohashes - geohashes are cool
* [sqllab] improve Hive support
* Fix "Transport not open" bug
* Getting progress bar to show
* Bump pyhive to 0.4.0
* Getting [Track Job] button to show
* Fix testzz