update superset 3.1.0/3.1.1 dependency "selenium 3.141.0"

[nigzak]

Bug description

The docker inspector marks the image of superset 3.1.0 with a finding of selenium 3.141.0

https://scout.docker.com/vulnerabilities/id/CVE-2023-5590?s=pypa&n=selenium&t=pypi&vr=%3C4.14.0&utm_source=desktop&utm_medium=ExternalLink
CVSS = 7.5
fixed with 4.14.0

=> an update to 4.14.0 (or newer) should be done

How to reproduce the bug

download docker image
open in docker scout

Screenshots/recordings

Superset version

3.1.0
3.1.1

Python version

3.9

Node version

16

Browser

Chrome

Additional context

V3.0.3 is also affected

Checklist

• I have searched Superset docs and Slack and didn't find a solution to my problem.
• I have searched the GitHub issue tracker and didn't find a similar bug report.
• I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

[rusackas]

Oops... I was mistaken when I closed this, sorry.

[nigzak]

superset 3.1.1 is also affected

[nigzak]

in relation to #25933

[rusackas]

The fix seems to be deemed a breaking change, so it'll have to wait until the breaking change window opens for Superset 5.0. I added the PR to that project board for consensus. We may also consider making the move toward Playwright, and thus Selenium wouldn't be an issue any more.

[michael-s-molina]

The fix seems to be deemed a breaking change, so it'll have to wait until the breaking change window opens for Superset 5.0. I added the PR to that project board for consensus.

Thank you @rusackas for adding the ticket!

[nigzak]

Hi @michael-s-molina

this is also CVE related as the other tickets you closed, you might also want to close this ticket as the other ones?

[nigzak]

as there was no reaction now I will close this ticket now because it is based on CVE.