chore(deps): update all non-major docker-compose dependencies to v3.2.2

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
apache/airflow (source)	minor	3.1.8 → 3.2.2
apache/airflow (source)	minor	3.1.6 → 3.2.2

---

Release Notes

apache/airflow (apache/airflow)

v3.2.2

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

• The SMTP STARTTLS upgrade performed by airflow.utils.email.send_email now validates the SMTP server's certificate against the system's trusted CA bundle by default. Previously the starttls() call was made without an SSL context, so any certificate was accepted.
  Deployments that intentionally point Airflow at an SMTP server with a self-signed or otherwise non-validating certificate and need to preserve the previous behaviour must set email.ssl_context = "none" in airflow.cfg. The "default" value (now also the default when the option is unset) uses :func:ssl.create_default_context. Previously this option applied only to the SMTP_SSL path; it now applies to the STARTTLS path as well. (#​65346)

• In #​64963, the Airflow UI switched from full-match *_pattern REST API query parameters to the new index-friendly *_prefix_pattern parameters on list endpoints. This is a behavioral change for search-as-you-type filters in the UI: matches are prefix-based (LIKE 'term%' via a range scan) instead of substring-based (ILIKE '%term%'), which means the database can use B-tree indexes and search stays fast on large deployments. The REST API itself keeps both forms: existing *_pattern parameters still behave exactly as before.
  In #​66015, a per-search-bar "Match anywhere" toggle was added so users who relied on the previous substring behavior can opt back into it from the UI. Each search input and each text filter pill now has a small regex-icon toggle next to the value; flipping it on switches that input from *_prefix_pattern to *_pattern. (#​66015)

• Fix triggerer race condition and deadlock that caused deferred tasks to stall indefinitely

  Triggers that call synchronous SDK methods (e.g. get_task_states used by
  safe_to_cancel in several Google provider operators) could crash the triggerer's
  internal subprocess. The triggerer would then continue to heartbeat normally —
  appearing healthy to the scheduler — while silently processing zero triggers, causing
  every deferred task to time out. This was first reported in issue #​64620; a
  partial fix shipped in Airflow 3.2.1 (#​64882) but introduced a new deadlock
  with the same visible symptom under load.

  Both issues are fixed by replacing the lock-based serialization with response
  multiplexing: each request now carries a unique ID and the response is routed back to
  the correct caller, so concurrent requests from trigger threads no longer contend or
  deadlock regardless of how many triggers are running or what SDK methods they call.

  New: triggerer subprocess watchdog

  Even with the race fixed, a trigger that blocks the event loop (e.g. by calling
  time.sleep() or performing blocking I/O directly in async def run()) would
  previously leave the triggerer appearing healthy indefinitely.

  A new [triggerer] runner_health_check_threshold config option (default: 30 seconds)
  adds a watchdog: if the triggerer subprocess goes silent for longer than the threshold,
  the parent process stops updating the heartbeat so the scheduler can detect the hang and
  reassign triggers rather than waiting for them to individually time out. Set the option
  to 0 to disable the watchdog. (#​66412)

• Tighten [core] allowed_deserialization_classes_regexp to require full-string matches

  Patterns in [core] allowed_deserialization_classes_regexp are now matched
  against the entire classname using re.fullmatch() instead of re.match().
  Previously a pattern such as airflow\.models\.Variable admitted not only
  the intended class but also names that started with it
  (e.g. airflow.models.Variable_Malicious), because re.match only anchors
  at the start of the string.

  The default value of this option is empty, so out-of-the-box deployments are
  unaffected. Deployments that configured this option with patterns relying on
  prefix-match semantics — for example airflow\.models\. to mean "any class
  under airflow.models" — must add .* to the pattern
  (airflow\.models\..*) to retain the previous behaviour. (#​66499)

• Custom deadline reference classes must now be registered via the new deadline_references attribute on AirflowPlugin, matching the existing pattern for custom timetables and custom partition mappers. To use a custom DeadlineReference subclass, register it in a plugin's deadline_references list. Custom references that are not registered will raise DeadlineReferenceNotRegistered at deserialization. (#​66737)

Bug Fixes
^^^^^^^^^

• Fix Callback.handle_event triggerer crash when OpenTelemetry metrics receive dict typed tag values (#​67527) (#​67529)
• UI: Rewrite modulepreload hrefs to the api-server static path (#​67548) (#​67556)
• Correctly pre-allocate external_executor_id with multiple executors on PostgreSQL (#​67388) (#​67458)
• Return raw import-error stacktrace when a Dag file has no registered Dag (#​67465) (#​67478)
• UI: Fix Expand/Collapse All on XComs and Audit Log JSON cells (#​67316) (#​67361)
• UI: Load Monaco workers via a same-origin Blob shim (#​67352) (#​67469)
• UI: Show DAG name in browser tab title (#​67169) (#​67399)
• Require starlette>=1.0.1 for Host-header parsing fix and cadwyn>=6.1.1 for compatibility
  (#​67326) (#​67460)
• Revoke JWT on /auth/logout regardless of auth manager logout URL (#​67289) (#​67362)
• Fix deadlock in ti_update_state caused by FOR UPDATE locking dag_run (#​67246) (#​67264)
• UI: Stop polling getLatestRunInfo on paused Dags with no active runs (#​67249) (#​67256)
• Fail closed when supervisor IPC fails on a non-success terminal state (#​66573) (#​67183)
• Refuse secrets-backend fallback on Execution-API authorization deny (#​66575) (#​67173)
• Harden _collect_teams_to_check and requires_access_backfill against malformed request bodies (#​66504) (#​67182)
• Don't crash supervisor IPC loop on transient network errors (#​66572) (#​67177)
• Default-deny auth at the API and UI router level (#​66505) (#​67171)
• Apply per-Dag audit log permission to event log detail endpoint (#​67112) (#​67159)
• Fix ValueError when supervisor force-closes stuck sockets after timeout (#​67115) (#​67162)
• Redact rendered template fields while still structured to preserve nested-key masking on truncation (#​65906) (#​67117)
• Fix migration 0080 to migrate existing deadline rows on upgrade and downgrade (#​66016) (#​67129)
• Fix XCom PATCH/POST to store native values instead of json.dumps output (#​64220) (#​67116)
• Fix max_active_runs lost during Dag serialization when value equals schema default (#​65310) (#​67097)
• Fix N+1 query pattern in bulk pool delete endpoint (#​66222) (#​67108)
• Optimize DB performance of datetime range filters in API queries (#​66696) (#​67102)
• Fix serialize_template_field handling callable value in dict (#​63871) (#​67092)
• Fix scheduler to ignore stale executor success after defer reschedule (#​66431) (#​67089)
• Fix ArgNotSet repr to use stable string instead of memory address (#​65222) (#​66897)
• Fix scheduler MySQL task instance index hint (#​66785) (#​67087)
• UI: Preserve Grid limit and filters when redirecting after manual Dag trigger (#​66717) (#​66867)
• Apply reserved-key check to XCom update payload (#​65915) (#​66913)
• Fix log server path extraction to use removeprefix (#​66749) (#​66772)
• Fix macOS SIGSEGV in task execution by using fork + exec (#​64874) (#​66872)
• Fix Dag auto-pause ordering to use run_after (#​65207) (#​66863)
• Fix Dag version inflation caused by unmatched serialized result of task using re-serialized command (#​61077) (#​66861)
• Fix pod_override serialization in Dag details and executor path (#​65407) (#​66898)
• Fix async engine missing pool_recycle and pool_pre_ping configuration (#​65276) (#​66866)
• UI: Make Dag detail page scroll-able on mobile viewports (#​65899) (#​66975)
• Fix DagVersion when clearing tasks with run on latest version (#​65835) (#​66901)
• Fix millisecond floating point duration bug (#​66560) (#​66915)
• UI: Fix "Mark state as..." buttons grayed out when task or DagRun already in target state (#​66198) (#​66919)
• Fix memory leak in LocalExecutor caused by unreleased file descriptor locks (#​65121) (#​66887)
• Fix external DB manager upgrades with existing tables (#​66674) (#​66882)
• UI: Improve DagCalendarTab background color retrieval and loading overlay handling (#​64189) (#​66860)
• UI: Handle Dags state filter overflow on mobile (#​66812) (#​66847)
• UI: Fix Edit Connection dialog missing lazyMount causing JSON editor infinite loading (#​65969) (#​66828)
• UI: Fix ConnectionForm crashing when connection has invalid extra JSON (#​66593) (#​66831)
• Handle PermissionError in init_log_folder for mounted filesystems (#​63878) (#​66733)
• Fix scheduler crash by catching StaleDataError in verify_integrity (#​64503) (#​66727)
• Fix triggerer file handle leak when remote log upload fails (#​66675) (#​66684)
• Fix /tmp file leak when API server streams large task logs (#​66450) (#​66667)
• Fix XCom prior-dates lookup for duplicate run_id across Dags (#​65227) (#​66646)
• Fix HITL (Human-In-The-Loop) /required_actions listing to show mapped task instances (#​66433) (#​66482)
• Fix scheduler callback bundle_version when versioning disabled (#​66485) (#​66518)
• UI: Hide Next Run timestamp for paused Dags (#​66552) (#​66568)
• Fix task run context crash when DagRun state is expired (#​66339) (#​66347)
• Fix incorrect type warning from OTel spans (#​66559) (#​66567)
• Fix backfill to populate partition_date on partitioned backfill runs (#​65998) (#​66409)
• Fix remote_task_handler_kwargs passing handler params to RemoteLogIO (#​65957) (#​66440)
• Fix i18n translation files served stale after Airflow upgrade due to browser cache (#​65720) (#​66422)
• UI: Fix manual copy from Rendered Templates tab adding extra blank lines (#​66221) (#​66366)
• Fix slow and incomplete trigger cleanup in scheduler (#​66210) (#​66381)
• UI: Distinguish upstream_failed from failed in normal vision (#​66324) (#​66365)
• UI: Fix SearchBar input rewind (#​66284) (#​66359)
• Don't re-emit logical_date when previous data_interval is zero-length (#​66132) (#​66263)
• Fix variable access in triggerer for deferrable operators (#​63387) (#​66239)
• Fix missing autoincrement sequence on callback_request downgrade (#​65230) (#​66189)
• Restore pre/post execute log grouping in task logs (regression in 3.2.x) (#​66037) (#​66049)
• Preload source_aliases in process_executor_events (#​65422) (#​66191)
• Fix dagRuns API to honor start_date_gte filter correctly (#​66045) (#​66098)
• Fix asset-triggered Dags failing to schedule when their triggers were unassigned in the DB (#​65792) (#​66043)
• UI: Preserve config changes when re-triggering a Dag from the UI (#​65749) (#​66044)
• Fix scheduler UniqueViolation crash on downgrade from 3.2.0 to 3.1.x (#​65688) (#​66003)
• Run task cleanup hooks (on_failure_callback, listeners) when the supervisor IPC call fails on a terminal-state report (#​65714) (#​65946)
• Fix triggers with double-encoded payloads failing to deserialize (#​64823) (#​65584)
• UI: Fix log fetch crash when ti.hostname is empty (#​64285) (#​65583)
• Fix backfill marked complete before Dag runs are created (#​62561) (#​65889)
• UI: Fix date time input year field unmodifiable (#​63885) (#​65890)
• UI: Fix pools slot input behavior (#​63900) (#​65891)
• Fix TypeError crashes on /users/list and /roles/list in FAB UI caused by concurrent API schema requests (#​63986) (#​65892)
• UI: Fix toaster behavior (#​64142) (#​65893)
• Fix FAB DB manager discovery in migration-only contexts (#​64145) (#​65894)
• UI: Fix PoolBar links using wrong query params for task instances filtering (#​64182) (#​65896)
• Fix memory growth from pathlib sys.intern in long-running processes (#​65706) (#​65855)
• Pre-assign external_executor_id at queuing time to prevent duplicate execution on scheduler crash (#​65594) (#​65711)
• Handle supervisor remote log upload failures gracefully (#​65308) (#​65318)
• Fix ti.start_date showing deferral-resume time instead of original start time (#​63247) (#​65491)
• Fix task CLI map_index bounds validation (#​64133) (#​65479)
• UI: Fix mapped task XCom navigation from Grid (#​65192) (#​65322)
• Fix connection schema field not saved for providers without field behaviour (#​65263) (#​65267)
• Fix bulk task instance update for mapped TIs and auth error rendering (#​65874)
• Fix bulk task instance RBAC bypass (#​64288) (#​65846)
• Update is_url_safe to reject URLs with /// (#​65557) (#​65737)
• UI: Improve Graph view performance (#​65031) (#​65537)
• Fix backfill params not overriding existing Dag run conf (#​64939) (#​65599)
• Fix run_id_pattern pipe OR operator dropping single-term edge cases (#​65190) (#​65565)
• Filter external dependency nodes by readable Dags in structure_data endpoint (#​65342) (#​65534)
• Respect Dag processor config option to show parsing logs on stdout (#​65528) (#​65541)
• Add per-Dag authorization to partitioned_dag_runs endpoints (#​65344) (#​65538)
• UI: Register trigger and sensor graph node types (#​65167) (#​65321)
• Ensure DB migrations run in a single connection (#​65231) (#​65368)
• Fix PATCH /dags pagination bug and document wildcard dag_id_pattern (#​65309)
• Set JWT refresh cookie Secure flag when request is HTTPS (#​65348) (#​65363)
• Refuse to follow log symlinks that resolve outside the base log folder (#​65325) (#​65345)
• Enforce per-file import-error authorization using relative_fileloc and bundle (#​65329) (#​65343)
• UI: Invalidate task instances list query after clearing task instance (#​63923) (#​65304)
• Recover stuck TIs when direct terminal-state API call fails (#​66574) (#​67204)

Miscellaneous
^^^^^^^^^^^^^

• UI: Use local Monaco editor module instead of CDN (#​66647) (#​67199)
• Use a distinct redact message for import errors with no registered Dag (#​66923) (#​67176)
• Surface remote-log upload failures via structured warnings (#​66571) (#​67172)
• UI: Filter task instances by rendered map index (#​66008) (#​67163)
• Move Task Identity line into Pre Execution block in logs (#​67036) (#​67134)
• Apply requires_access_event_log to GET /eventLogs list endpoint (#​67185) (#​67211)
• UI: Preserve proxy URL on login redirect (#​66690) (#​67091)
• Keep Named*Logger.name working across structlog releases (#​66875) (#​67088)
• Two-token mechanism for task execution to prevent token expiration while tasks wait in executor queues (#​60108) (#​66989)
• Validate task identity token claims with a typed schema (#​63604) (#​66988)
• Mark Dags stale when their bundle is removed from config (#​66948) (#​66985)
• UI: Allow pasting full datetime strings into date picker inputs (#​66251) (#​66958)
• Validate Dag run conf in backfill dry-run (#​66196) (#​66935)
• Improve post-task logs to show exception in failure (#​66735) (#​66920)
• UI: Show Dag run duration in grid tooltip (#​65787) (#​66900)
• UI: Add Dag run ID to grid bar tooltip and task instance tooltip (#​65626) (#​66871)
• UI: Change queued Dag runs color to gray in Calendar (#​66623) (#​66870)
• Add configurable LRU+TTL caching for API server Dag retrieval (#​60804) (#​66862)
• UI: Use link styling for Dag tags (#​66750) (#​66855)
• UI: Add hover feedback to Checkbox (#​66714) (#​66826)
• Check sensitive key names before applying recursion-depth cutoff in secrets masker (#​65912) (#​66748)
• Adjust log message header for expandable sources (#​66570) (#​66653)
• Allow triggerer to support memray memory profiling (#​65994) (#​66643)
• Show task ID attributes (ti_id, task_id, etc.) once, not on every log line (#​66036) (#​66421)
• Propagate triggering user to child Dag runs via TriggerDagRunOperator (#​65747) (#​66378)
• UI: Add isExpanded prop on JSON expand/collapse buttons (#​66340) (#​66364)
• Pass try_number to extra links API (#​65661) (#​66171)
• UI: Serve grid TI summaries from shared cached DagBag (#​65775) (#​65966)
• Add cursor-based pagination for get_dag_runs endpoint (#​65604) (#​65746)
• Support ordering XCom entries in the REST API and UI (#​65418) (#​65600)
• UI: Add cursor-based pagination for task instances list (#​64953) (#​65542)
• Include task instance UUID in scheduler, Dag processor, triggerer, and worker logs (#​65458) (#​65476)
• Enable SQLAlchemy connection pool settings for file-based SQLite (#​64888) (#​65411)
• Add cursor-based pagination for get_task_instances endpoint (#​64845) (#​65405)
• UI: Rework Monaco editor theme to match Chakra UI palette (#​64748) (#​65228)
• UI: Add Dag runs filters for Consuming Asset (#​63624) (#​65306)
• UI: Improve grid and ti_summaries and grid runs queries (#​64034) (#​67014)
• UI: Enable queue up new tasks (#​63484) (#​66869)
• Expose queueing/scheduled time in the Gantt chart (#​63372) (#​65016)
• Export from_timestamp from Task SDK timezone module (#​67321) (#​67331)

Doc-only Changes
^^^^^^^^^^^^^^^^

• Refresh JWT authentication and security model docs with mermaid diagrams (#​67435) (#​67466)
• Fix misleading typo in plugins_manager docs (#​67101) (#​67114)
• Document supported deployment platforms in security docs (#​66931) (#​67017)
• Warn against world-accessible Kerberos ccache default in docs (#​66557) (#​67085)
• Update French (fr) UI translations to 100% coverage (#​67241)
• Close Catalan translation gap (#​67011)
• Close German translation gaps (2026-05-12) (#​66830)
• Close Korean translation gaps (May 13) (#​66873)
• Add missing Polish translations for new UI keys (#​66823)
• Update health endpoint in security docs (#​66701) (#​66739)
• Add self-diagnosis guide for Dag version inflation in FAQ (#​66697) (#​66738)
• Add Chakra UI license to airflow-core (#​66703) (#​66740)
• Document effects of create_cron_data_intervals (#​66458)
• Clarify Task Execution API coverage in Dag-author-isolation chapter (#​66194) (#​66322)
• Complete zh-TW translations (#​66401)
• Align Dag capitalization from "DAG" to "Dag" in core_api (#​66211) (#​66304)
• Word changed from "DAG" to "Dag" in airflow-core/src/airflow/api (#​66200) (#​66214)
• Change Hebrew wording for "Asset Triggered" (#​64177) (#​65895)
• Update Dag Runs document under Core Concept to be consistent with BashOperator document (#​64129) (#​65850)

v3.2.1

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

• Users who only have read access to DAGs will no longer be able to fetch data from the /dags endpoint, as it now requires additional permissions (DagAccessEntity.RUN, DagAccessEntity.HITL_DETAIL, and DagAccessEntity.TASK_INSTANCE). This change was made because the endpoint returns aggregated data from these multiple entities. Please update your custom user roles to include read access for DAG Runs, Task Instances, and HITL Details if those users should still have access to the /dags endpoint. (#​64822)

Improvements
^^^^^^^^^^^^

• Allow UI theme config with only CSS overrides, icon only, or empty {} to restore OSS defaults. The tokens field is now optional in the theme configuration. (#​64552)

Bug Fixes
^^^^^^^^^

• Fix DEFAULT_LOGGING_CONFIG to use right kwargs (#​65412) (#​65424)
• Fix zip DAG import errors being cleared during bundle refresh (#​63617) (#​65296)
• Fix dispose_orm() not disposing async engine on shutdown (#​65274) (#​65284)
• Fix get_team_name_dep creating wasted async sessions when multi_team=False (#​65275) (#​65282)
• Fix asset graph view leaking DAGs outside the user's permissions (#​65273) (#​65280)
• Fix migration: add missing disable_sqlite_fkeys to migration 0108 (#​65288) (#​65290)
• Fix heartbeat: add fast-path UPDATE to avoid row lock in the common case (#​65029) (#​65137)
• UI: Fix deactivated state not shown for stale DAGs (#​65214) (#​65218)
• Fix N+1 queries during DAG serialization with bulk prefetch (#​64929) (#​65208)
• Fix serializer for empty string extra in connection (#​65014) (#​65215)
• UI: Fix menu positioning for dropdowns in connection forms (#​65007) (#​65085) (#​65138)
• UI: Fix SearchBar value not syncing with defaultValue changes (#​65054) (#​65140)
• Fix SDK configuration to use $AIRFLOW_CONFIG env (#​64936) (#​65200)
• Fix Session staying opened between yields (#​65179) (#​65195)
• Fix Session leak from StreamingResponse API endpoints (#​65162) (#​65193)
• Fix redirect loop when stale root-path _token cookie exists from older Airflow instance (#​64955) (#​65177)
• Fix @task decorator to validate operator arg types at decoration time (#​65041) (#​65050)
• Fix CLI error handling and exit codes for failed commands (#​65052) (#​65097)
• Fix is_alive default to None in jobs list CLI (#​65065) (#​65091)
• Fix missing dag_id in get_task_instance (#​64957) (#​64968) (#​65067)
• UI: Fix cancel debounce on clear to prevent stale search value (#​64893) (#​64907)
• Fix read out-of-order issue with send method in CommsDecoder (#​64894) (#​64946)
• Fix bulk connection delete banner (#​64735) (#​64961)
• Fix migrations: move UPDATEs inside disable_sqlite_fkeys in migration 0097 (#​64876) (#​64940)
• Fix heartbeat to return 410 Gone when cleared TI exists in TIH (#​61631) (#​64693)
• Fix scheduler: skip asset-triggered Dags without SerializedDagModel (#​64322) (#​64738)
• Fix N+1 query pattern in task instance states and count endpoints (#​60352) (#​64695)
• Fix TypeError in GET /dags/{dag_id}/tasks when order_by field has None values (#​64384) (#​64587)
• UI: Fix duplicate nav sidebar when iframe navigates away from auth pages (#​63873) (#​64854)
• UI: Fix Gantt view "Error invalid date" on running DagRun (#​64752) (#​64853)
• Fix connections import returning non-zero exit code on failure (#​64416) (#​64449)
• Fix structlog positional formatting for single-dict arguments (#​62849) (#​64773)
• UI: Fix external link target and add rel attributes (#​64542) (#​64772)
• UI: Fix DagVersionSelect options not filtered by selected DagRun (#​64736) (#​64771)
• Fix spurious blank lines in filtered task log download (#​64235) (#​64640)
• Fix OTel metrics lost in forked task processes (#​64703) (#​64720)
• Fix start_date in example DAGs to avoid timezone conversion overflow (#​63882) (#​64758)
• Fix AirflowPlugin not re-exported, causing mypy errors in plugins (#​65132) (#​65163)
• Fix apache-airflow-providers-fab minimum version to prevent connexion import error on Python 3.13 (#​65523) (#​65524)
• UI: Fix graph view not auto-refreshing task states during DAG run (#​65518) (#​65522)

Miscellaneous
^^^^^^^^^^^^^

• Lock TriggerCommsDecoder sync req-res cycle (#​64882) (#​65285)
• Add write_to_os support for writing task logs to OpenSearch (#​64364) (#​65201)
• Restore OpenSearch log integration in airflow_local_settings.py (#​64764) (#​65003)

Doc-only Changes
^^^^^^^^^^^^^^^^

• Add missing Polish translations to reach 100% coverage (#​65272)
• Add FAQ entry for API server memory growth with gunicorn worker recycling (#​65036) (#​65037)
• Remove outdated reference to Dag Dependencies view (#​64787) (#​64911)
• Add JWT authentication docs and strengthen security model (#​64760) (#​64849)
• Add missing Catalan translations to reach 100% coverage (#​65078) (#​65389)
• Add missing German translations to close translation gaps (#​65332)

v3.2.0

Compare Source

Significant Changes
^^^^^^^^^^^^^^^^^^^

Asset Partitioning
""""""""""""""""""

The headline feature of Airflow 3.2.0 is asset partitioning — a major evolution of data-aware
scheduling. Instead of triggering Dags based on an entire asset, you can now schedule downstream
processing based on specific partitions of data. Only the relevant slice of data triggers downstream
work, making pipeline orchestration far more efficient and precise.

This matters when working with partitioned data lakes — date-partitioned S3 paths, Hive table
partitions, BigQuery table partitions, or any other partitioned data store. Previously, any update
to an asset triggered all downstream Dags regardless of which partition changed. Now only the right
work gets triggered at the right time.

For detailed usage instructions, see :doc:/authoring-and-scheduling/assets.

Multi-Team Deployments
""""""""""""""""""""""

Airflow 3.2 introduces multi-team support, allowing organizations to run multiple isolated teams within a single Airflow deployment.
Each team can have its own Dags, connections, variables, pools, and executors— enabling true resource and permission isolation without requiring separate Airflow instances per team.

This is particularly valuable for platform teams that serve multiple data engineering or data science teams from shared infrastructure, while maintaining strong boundaries between teams' resources and access.

For detailed usage instructions, see :doc:/core-concepts/multi-team.

.. warning::

Multi-Team Deployments are experimental in 3.2.0 and may change in future versions based on
user feedback.

Synchronous callback support for Deadline Alerts
""""""""""""""""""""""""""""""""""""""""""""""""

Deadline Alerts now support synchronous callbacks via SyncCallback in addition to the existing
asynchronous AsyncCallback. Synchronous callbacks are executed by the executor (rather than
the triggerer), and can optionally target a specific executor via the executor parameter.

A Dag can also define multiple Deadline Alerts by passing a list to the deadline parameter,
and each alert can use either callback type.

.. warning::

Deadline Alerts are experimental in 3.2.0 and may change in future versions based on
user feedback. Synchronous deadline callbacks (SyncCallback) do not currently
support Connections stored in the Airflow metadata database.

For detailed usage instructions, see :doc:/howto/deadline-alerts.

UI Enhancements & Performance
"""""""""""""""""""""""""""""

• Grid View Virtualization:
  The Grid view now uses virtualization -- only visible rows are rendered to the DOM. This dramatically improves performance when viewing Dags with large numbers of task runs, reducing render time and memory usage for complex Dags. (#​60241)

• XCom Management in the UI:
  You can now add, edit, and delete XCom values directly from the Airflow UI. This makes it much easier to debug and manage XCom state during development and day-to-day operations without needing CLI commands. (#​58921)

• HITL Detail History:
  The Human-in-the-Loop approval interface now includes a full history view, letting operators and reviewers see the complete audit trail of approvals and rejections for any task. (#​56760, #​55952)

• Gantt Chart Improvements:

  • All task tries displayed: Gantt chart now shows every attempt, not just the latest
  • Task display names in Gantt: task_display_name shown for better readability (#​61438)
  • ISO dates in Gantt: Cross-browser consistent date format (#​61250)
  • Fixed null datetime crash: Gantt chart no longer crashes on tasks with null datetime fields

New --only-idle flag for the scheduler CLI
"""""""""""""""""""""""""""""""""""""""""""""""

The airflow scheduler command has a new --only-idle flag that only counts runs when the
scheduler is idle. This helps users run the scheduler once and process all triggered Dags and
queued tasks. It requires and complements the --num-runs flag so one can set a small value
instead of guessing how many iterations the scheduler needs.

Replace per-run TI summary requests with a single NDJSON stream
""""""""""""""""

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • Between 06:00 PM and 09:59 PM, only on Friday (* 18-21 * * 5)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.