* move benchmarks and add some more
* change key and paths
* parametrize tests
* more specific ignore
* rename fixture
* remove previous file
* add tests for _compile_stateful_components
* add codspeed
* add codspeed to dev deps
* poetry.lock: relock deps, no update
* add poetry run
* only compile components
* at least have something
* fix hash
* dang it darglint
* uwu
* test sorting algorithms
* test sort
* sad
* revert that guy
* add test_evaluate
* it's ruff out there
* delete test_sort
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* relock backend deps
* bump frontend library versions
* go back to react 18.3
* revert to react 18.3.1 (as it was before)
* reflex-web keep reflex from current revision, rather than main
* relock backend deps (again)
* don't check ag-grid version on main repo
* config_path is passed via `extra` to avoid pyright error when None
* bump next again
---------
Co-authored-by: Lendemor <thomas.brandeho@gmail.com>
* remove deprecated features and support for py3.9
* remove other deprecated stuff
* update lock file
* fix units tests
* relock poetry
* fix _replace for computed_var
* fix some merge typo
* fix typing of deploy args
* fix benchmarks.yml versions
* console.error instead of raising Exception
* fix tests
* ignore lambdas when resolving annotations
* simplify redirect logic in event.py
* more fixes
* fix unit tests again
* give back default annotations for lambdas
* fix signature check for on_submit
* remove useless stuff
* update pyi
* readd the getattr
* raise if log_level is wrong type
* silly goose, loglevel is a subclass of str
* i don't believe this code
* add guard
---------
Co-authored-by: Khaleel Al-Adhami <khaleel.aladhami@gmail.com>
* Allow custom app module in rxconfig
* what was that pyscopg mess?
* fix another mess
* get this working with relative imports and hot reload
* typing to named tuple
* minor refactor
* revert redis knobs positions
* fix pyright except 1
* fix pyright hopefully
* use the resolved module path
* testing workflow
* move nba-proxy job to counter job
* just cast the type
* fix tests for python 3.9
* darglint
* CR Suggestions for #4556 (#4644)
* reload_dirs: search up from app_module for last directory containing __init__
* Change custom app_module to use an import string
* preserve sys.path entries added while loading rxconfig.py
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* unbreak link _hover
* add a test to catch the error
* change tmp path for harness
* add () to fixture
* add spacer to avoid initial hover
* only install chromium browser for faster ci
---------
Co-authored-by: Lendemor <thomas.brandeho@gmail.com>
* Proxy backend requests on '/' to the frontend
If the optional extra `proxy` is installed, then the backend can handle all
requests by proxy unrecognized routes to the frontend nextjs server.
* Update lock file
* pre-commit fu
* AppHarness: set config frontend_port and backend_port
* integration: frontend port and backend port should return the same content
with proxying enabled by default in dev mode, both frontend and backend ports
on / should return the same content.
* Retry up to 100 times when proxying to frontend
* Reduce retry attempts to 25
Fix log level passing to subprocess
* scripts/wait_for_listening_port: primarily check HTTP responses
if the port is up or not, we don't really care... the HTTP request needs to
work and not return errors
* aiohttp is an optional dep
* adapt integration.sh for --backend-only (counter integration test)
* woops
* windows WTF?
* scratching my head 🎄
* double WTF windows
* Fix remaining integration tests
* use `macos-latest` runner
macos-12 is deprecated and the jobs don't start anymore, so see if we can run
fine on latest.
* unit_tests.yml: use python versions with arm64 builds
* upgrade to next 15
* relock poetry file
* test options
* skip windows on reflex-web
* bump min node version
* add turbo for dev command
* remove turbo flag
* test for stateless apps
* add playwright to dev dependencies
* fix docstring
* fix install of playwright in CI
* fix install again
* add allowed license
* add retry on running integrations step
* another attempt to fix licensing issue
* update timeout duration for retry
* fix timeout workflows
* remove dep changes
* remove outdated diff
* fix scope in new test and workflow for appharness
* run playwright tests last
* update workflow
* skip more in unit tests
* try something else to prevent adding macos job to pool
* exclude too much
* fix units-text with macOS excluded
* also drop macOS job in integration tests
* readd macos job separately to only run on merge
* add workflow to check dependencies on release branch
* rename action to follow convention of other actions
* update workflow
* bump poetry version
* relock deps
* update check to ignore pyright and ruff
* oops, you saw nothing
* split dep check in two job
* fix frontend dep check
* fix stuff
* hmm yeah
* nope nope nope
* sigh
* bump js versions for some packages
* fix some warnings in tests
* fix tests
* try some options
* try to set asyncio policy
* debug dep check
* fix attempt for backend dep
* clean up output for backend check
* run bun outdated on reflex-web to catch most of the packages
* fix python version
* fix python version
* add missing env
* fix bun command
* fix workdir of frontend check
* update packages version
* up-pin plotly.js version
* add debug ouput
* clean frontend dep check output
* fix output
* fix async tests for redis
* relock poetry.lock
* Non-async functions do not need pytest_asyncio.fixture
* test_state: close StateManagerRedis connection in test to avoid warning
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* lift node version restraint to allow more recent version if already installed
* add node test for latest version
* change python version
* use purple for debug logs
* update workflow
* add playwright dev dependency
* update workflow
* change test
* oops
* improve test
* update test
* fix tests
* mv units tests to a subfolder
* reorganize tests
* fix install
* update test_state
* revert node changes and only keep new tests organization
* move integration tests in tests/integration
* fix integration workflow
* fix dockerfile workflow
* fix dockerfile workflow 2
* fix shared_state
* Revert "ruff formatting to unbreak `main` CI (#3964)"
This reverts commit f9be184b86.
* Revert "bump python>=3.10 for 0.6.0 (#3956)"
This reverts commit fe1833c5e1.
* drop python3.8 support
* relock dependencies
* Raise warning when < py310 is used
* Move python version check to reflex version check function
Avoid spammy deprecation warnings by only emitting warning once per project,
per reflex version, per reinit.
* Remove other references to python3.8
* upgrade to latest ruff
* try to fix dep review
* try to fix dep review (2)
* upgrade black
* upgrade black (2)
* update allowed dependencies
* update allowed dependencies (2)
* update allowed dependencies (3)
* wait between interim and final in yield test
* remove previous commit, increase delay between yield
* forgot to save on the time.sleep(1) removal
* fix integration (maybe?)
* fix pyi?
* what even is going on
* what is realityi?
* test another fix for app harness
* try to wait even longer?
* force uvloop to be optional
* downpin fastapi < 0.111, remove changes to test
* Improve import times
* add lazy loading to rx.el
* add lazy loading to reflex core components
* minor refactor
* Get imports working with reflex web
* get imports to work with all reflex examples
* refactor to define imports only in the root.
* lint
* deadcode remove
* update poetry deps
* unit tests fix
* app_harness fix
* app_harness fix
* pyi file generate
* pyi file generate
* sort pyi order
* fix pyi
* fix docker ci
* rework pyi-generator
* generate pyi for __init__ files
* test pyright
* test pyright ci
* partial pyright fix
* more pyright fix
* pyright fix
* fix pyi_generator
* add rx.serializer and others
* add future annotation import which fixes container CI, then also load recharts lazily
* add new pyi files
* pyright fix
* minor fixes for reflex-web and flexdown
* forward references for py38
* ruff fix
* pyi fix
* unit tests fix
* reduce coverage to 68%
* reduce coverage to 67%
* reduce coverage to 66%as a workaround to coverage's rounding issue
* reduce coverage to 66%as a workaround to coverage's rounding issue
* exclude lazy_loader dependency review checks.
* its lazy-loader
* Add docstrings and regenerate pyi files
* add link
* address Pr comments
* CI fix
* partially address PR comments.
* edit docstrings and fix integration tests
* fix typo in docstring
* pyi fix
This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.
The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.
Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.
https://spdx.org/licenses/https://github.com/raimon49/pip-licenses
Related to issue #2901
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
In order to improve build time performance, this change switches
usage of pip to uv. The uv command is a pip alternative promising
much faster installs of Python packages.
For more information on uv, see:
https://github.com/astral-sh/uvCloses: #2748
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
This change automatically sets the label on an issue
to `bug` if opened using the bug report template.
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
