Re: [PR] feat(api-keys): add API key authentication via FAB SecurityManager [superset]

Tue, 17 Feb 2026 16:30:38 -0800 


bito-code-review[bot] commented on code in PR #37973:
URL: https://github.com/apache/superset/pull/37973#discussion_r2819724917


##########
requirements/development.txt:
##########
@@ -262,7 +262,7 @@ flask==2.3.3
     #   flask-sqlalchemy
     #   flask-testing
     #   flask-wtf
-flask-appbuilder==5.0.2
+flask-appbuilder @ 
git+https://github.com/aminghadersohi/Flask-AppBuilder@amin/ch99414/api-key-auth

Review Comment:
   <div>
   
   
   <div id="suggestion">
   <div id="issue"><b>Unpinned Git Dependency</b></div>
   <div id="fix">
   
   The git dependency references a branch that can change, potentially causing 
non-reproducible builds. Pinning to the commit hash ensures consistent 
installations.
   </div>
   
   
   <details>
   <summary>
   <b>Code suggestion</b>
   </summary>
   <blockquote>Check the AI-generated fix before applying</blockquote>
   <div id="code">
   
   
   ````suggestion
   flask-appbuilder @ 
git+https://github.com/aminghadersohi/Flask-AppBuilder@84e017b69e7d4984893a09b2776f814e42b65b82
   ````
   
   </div>
   </details>
   
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #d57b0d</i></small>
   </div>
   
   ---
   Should Bito avoid suggestions like this for future reviews? (<a 
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
   - [ ] Yes, avoid them



##########
requirements/development.txt:
##########
@@ -262,7 +262,7 @@ flask==2.3.3
     #   flask-sqlalchemy
     #   flask-testing
     #   flask-wtf
-flask-appbuilder==5.0.2
+flask-appbuilder @ 
git+https://github.com/aminghadersohi/Flask-AppBuilder@amin/ch99414/api-key-auth

Review Comment:
   <div>
   
   
   <div id="suggestion">
   <div id="issue"><b>Dependency from Personal Fork</b></div>
   <div id="fix">
   
   Using a dependency from a personal GitHub fork may introduce security risks 
and maintenance overhead. Since the official Flask-AppBuilder does not support 
API key authentication, ensure this fork is necessary and consider upstreaming 
the changes.
   </div>
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #d57b0d</i></small>
   </div>
   
   ---
   Should Bito avoid suggestions like this for future reviews? (<a 
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
   - [ ] Yes, avoid them



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to