From 31d33592ef220fa968bd9fe7db30f182d120eded Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Fri, 28 Apr 2023 15:31:57 +0100
Subject: [PATCH] chore: bump wtforms and add missing flask-limiter (#23680)

---
 requirements/base.txt             | 19 ++++++++++++-------
 requirements/testing.txt          |  1 -
 setup.py                          |  2 +-
 superset/connectors/sqla/views.py |  8 ++++----
 superset/views/database/forms.py  | 18 +++++++++---------
 5 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 7b23436f2..9a8b734e8 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -136,8 +136,10 @@ humanize==3.11.0
     # via apache-superset
 idna==3.2
     # via email-validator
-importlib-metadata==6.0.0
+importlib-metadata==6.3.0
     # via flask
+importlib-resources==5.12.0
+    # via limits
 isodate==0.6.0
     # via apache-superset
 itsdangerous==2.1.1
@@ -154,7 +156,7 @@ kombu==5.2.4
     # via celery
 korean-lunar-calendar==0.2.1
     # via holidays
-limits==3.2.0
+limits==3.3.1
     # via flask-limiter
 mako==1.1.4
     # via alembic
@@ -211,7 +213,7 @@ pyarrow==10.0.1
     # via apache-superset
 pycparser==2.20
     # via cffi
-pygments==2.14.0
+pygments==2.15.0
     # via rich
 pyjwt==2.4.0
     # via
@@ -254,7 +256,7 @@ pyyaml==5.4.1
     #   apispec
 redis==4.5.4
     # via apache-superset
-rich==13.3.1
+rich==13.3.4
     # via flask-limiter
 selenium==3.141.0
     # via apache-superset
@@ -297,6 +299,7 @@ typing-extensions==4.4.0
     #   apache-superset
     #   flask-limiter
     #   limits
+    #   rich
 urllib3==1.26.6
     # via selenium
 vine==5.0.0
@@ -313,18 +316,20 @@ werkzeug==2.1.2
     #   flask-login
 wrapt==1.12.1
     # via deprecated
-wtforms==2.3.3
+wtforms==3.0.1
     # via
     #   apache-superset
     #   flask-appbuilder
     #   flask-wtf
     #   wtforms-json
-wtforms-json==0.3.3
+wtforms-json==0.3.5
     # via apache-superset
 xlsxwriter==3.0.7
     # via apache-superset
 zipp==3.15.0
-    # via importlib-metadata
+    # via
+    #   importlib-metadata
+    #   importlib-resources
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
diff --git a/requirements/testing.txt b/requirements/testing.txt
index 5312ea4f2..ead36ba3f 100644
--- a/requirements/testing.txt
+++ b/requirements/testing.txt
@@ -139,7 +139,6 @@ websocket-client==1.2.0
     # via docker
 wrapt==1.12.1
     # via astroid
-
 # The following packages are considered to be unsafe in a requirements file:
 # pip
 # setuptools
diff --git a/setup.py b/setup.py
index 8d2fdfdc4..48991ed38 100644
--- a/setup.py
+++ b/setup.py
@@ -125,7 +125,7 @@ setup(
         "tabulate>=0.8.9, <0.9",
         "typing-extensions>=4, <5",
         "waitress; sys_platform == 'win32'",
-        "wtforms>=2.3.3, <2.4",
+        "wtforms>=2.3.3, <4",
         "wtforms-json",
         "xlsxwriter>=3.0.7, <3.1",
     ],
diff --git a/superset/connectors/sqla/views.py b/superset/connectors/sqla/views.py
index dff635611..d6fa0ea08 100644
--- a/superset/connectors/sqla/views.py
+++ b/superset/connectors/sqla/views.py
@@ -20,11 +20,11 @@ import re
 
 from flask import flash, Markup, redirect
 from flask_appbuilder import CompactCRUDMixin, expose, permission_name
+from flask_appbuilder.fields import QuerySelectField
 from flask_appbuilder.fieldwidgets import Select2Widget
 from flask_appbuilder.models.sqla.interface import SQLAInterface
 from flask_appbuilder.security.decorators import has_access
 from flask_babel import lazy_gettext as _
-from wtforms.ext.sqlalchemy.fields import QuerySelectField
 from wtforms.validators import DataRequired, Regexp
 
 from superset import db
@@ -185,7 +185,7 @@ class TableColumnInlineView(  # pylint: disable=too-many-ancestors
     add_form_extra_fields = {
         "table": QuerySelectField(
             "Table",
-            query_factory=lambda: db.session.query(models.SqlaTable),
+            query_func=lambda: db.session.query(models.SqlaTable),
             allow_blank=True,
             widget=Select2Widget(extra_classes="readonly"),
         )
@@ -260,7 +260,7 @@ class SqlMetricInlineView(  # pylint: disable=too-many-ancestors
     add_form_extra_fields = {
         "table": QuerySelectField(
             "Table",
-            query_factory=lambda: db.session.query(models.SqlaTable),
+            query_func=lambda: db.session.query(models.SqlaTable),
             allow_blank=True,
             widget=Select2Widget(extra_classes="readonly"),
         )
@@ -404,7 +404,7 @@ class TableModelView(  # pylint: disable=too-many-ancestors
     edit_form_extra_fields = {
         "database": QuerySelectField(
             "Database",
-            query_factory=lambda: db.session.query(models.Database),
+            query_func=lambda: db.session.query(models.Database),
             widget=Select2Widget(extra_classes="readonly"),
         )
     }
diff --git a/superset/views/database/forms.py b/superset/views/database/forms.py
index 99b64e38a..5e2347528 100644
--- a/superset/views/database/forms.py
+++ b/superset/views/database/forms.py
@@ -17,6 +17,7 @@
 """Contains the logic to create cohesive forms on the explore view"""
 from typing import List
 
+from flask_appbuilder.fields import QuerySelectField
 from flask_appbuilder.fieldwidgets import BS3TextFieldWidget
 from flask_appbuilder.forms import DynamicForm
 from flask_babel import lazy_gettext as _
@@ -28,7 +29,6 @@ from wtforms import (
     SelectField,
     StringField,
 )
-from wtforms.ext.sqlalchemy.fields import QuerySelectField
 from wtforms.validators import DataRequired, Length, NumberRange, Optional, Regexp
 
 from superset import app, db, security_manager
@@ -43,8 +43,8 @@ config = app.config
 
 
 class UploadToDatabaseForm(DynamicForm):
-    # pylint: disable=E0211
-    def file_allowed_dbs() -> List[Database]:  # type: ignore
+    @staticmethod
+    def file_allowed_dbs() -> List[Database]:
         file_enabled_dbs = (
             db.session.query(Database).filter_by(allow_file_upload=True).all()
         )
@@ -136,8 +136,8 @@ class CsvToDatabaseForm(UploadToDatabaseForm):
     database = QuerySelectField(
         _("Database"),
         description=_("Select a database to upload the file to"),
-        query_factory=UploadToDatabaseForm.file_allowed_dbs,
-        get_pk=lambda a: a.id,
+        query_func=UploadToDatabaseForm.file_allowed_dbs,
+        get_pk_func=lambda a: a.id,
         get_label=lambda a: a.database_name,
     )
     dtype = StringField(
@@ -313,8 +313,8 @@ class ExcelToDatabaseForm(UploadToDatabaseForm):
 
     database = QuerySelectField(
         _("Database"),
-        query_factory=UploadToDatabaseForm.file_allowed_dbs,
-        get_pk=lambda a: a.id,
+        query_func=UploadToDatabaseForm.file_allowed_dbs,
+        get_pk_func=lambda a: a.id,
         get_label=lambda a: a.database_name,
     )
     schema = StringField(
@@ -444,8 +444,8 @@ class ColumnarToDatabaseForm(UploadToDatabaseForm):
 
     database = QuerySelectField(
         _("Database"),
-        query_factory=UploadToDatabaseForm.file_allowed_dbs,
-        get_pk=lambda a: a.id,
+        query_func=UploadToDatabaseForm.file_allowed_dbs,
+        get_pk_func=lambda a: a.id,
         get_label=lambda a: a.database_name,
     )
     schema = StringField(