Re: [PR] feat(api-keys): add API key authentication via FAB SecurityManager [superset]

Fri, 20 Feb 2026 15:02:54 -0800 


bito-code-review[bot] commented on code in PR #37973:
URL: https://github.com/apache/superset/pull/37973#discussion_r2819724917


##########
requirements/development.txt:
##########
@@ -262,7 +262,7 @@ flask==2.3.3
     #   flask-sqlalchemy
     #   flask-testing
     #   flask-wtf
-flask-appbuilder==5.0.2
+flask-appbuilder @ 
git+https://github.com/aminghadersohi/Flask-AppBuilder@amin/ch99414/api-key-auth

Review Comment:
   <div>
   
   
   <div id="suggestion">
   <div id="issue"><b>Unpinned Git Dependency</b></div>
   <div id="fix">
   
   The git dependency references a branch that can change, potentially causing 
non-reproducible builds. Pinning to the commit hash ensures consistent 
installations.
   </div>
   
   
   <details>
   <summary>
   <b>Code suggestion</b>
   </summary>
   <blockquote>Check the AI-generated fix before applying</blockquote>
   <div id="code">
   
   
   ````suggestion
   flask-appbuilder @ 
git+https://github.com/aminghadersohi/Flask-AppBuilder@84e017b69e7d4984893a09b2776f814e42b65b82
   ````
   
   </div>
   </details>
   
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #d57b0d</i></small>
   </div><div>
   
   
   <div id="suggestion">
   <div id="issue"><b>Breaking API Key Change</b></div>
   <div id="fix">
   
   Updating FAB to this commit changes the API key lookup hash from BLAKE2b to 
scrypt, which will invalidate all existing API keys since the stored 
lookup_hash values won't match the new computation. This breaks authentication 
for any users relying on API keys. A migration is required to update the 
lookup_hash column for existing keys.
   </div>
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #b35d42</i></small>
   </div>
   
   ---
   Should Bito avoid suggestions like this for future reviews? (<a 
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
   - [ ] Yes, avoid them



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to