* upgrade to latest ruff
* try to fix dep review
* try to fix dep review (2)
* upgrade black
* upgrade black (2)
* update allowed dependencies
* update allowed dependencies (2)
* update allowed dependencies (3)
* wait between interim and final in yield test
* remove previous commit, increase delay between yield
* forgot to save on the time.sleep(1) removal
* fix integration (maybe?)
* fix pyi?
* what even is going on
* what is realityi?
* test another fix for app harness
* try to wait even longer?
* force uvloop to be optional
* downpin fastapi < 0.111, remove changes to test
* Improve import times
* add lazy loading to rx.el
* add lazy loading to reflex core components
* minor refactor
* Get imports working with reflex web
* get imports to work with all reflex examples
* refactor to define imports only in the root.
* lint
* deadcode remove
* update poetry deps
* unit tests fix
* app_harness fix
* app_harness fix
* pyi file generate
* pyi file generate
* sort pyi order
* fix pyi
* fix docker ci
* rework pyi-generator
* generate pyi for __init__ files
* test pyright
* test pyright ci
* partial pyright fix
* more pyright fix
* pyright fix
* fix pyi_generator
* add rx.serializer and others
* add future annotation import which fixes container CI, then also load recharts lazily
* add new pyi files
* pyright fix
* minor fixes for reflex-web and flexdown
* forward references for py38
* ruff fix
* pyi fix
* unit tests fix
* reduce coverage to 68%
* reduce coverage to 67%
* reduce coverage to 66%as a workaround to coverage's rounding issue
* reduce coverage to 66%as a workaround to coverage's rounding issue
* exclude lazy_loader dependency review checks.
* its lazy-loader
* Add docstrings and regenerate pyi files
* add link
* address Pr comments
* CI fix
* partially address PR comments.
* edit docstrings and fix integration tests
* fix typo in docstring
* pyi fix
This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.
The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.
Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.
https://spdx.org/licenses/https://github.com/raimon49/pip-licenses
Related to issue #2901
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
In order to improve build time performance, this change switches
usage of pip to uv. The uv command is a pip alternative promising
much faster installs of Python packages.
For more information on uv, see:
https://github.com/astral-sh/uvCloses: #2748
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* build pyi files when building/publishing 3rd party
* fix typo in workflow
* add future annotation
* add tests to pass coverage check
* add more unit tests
* omit pyi_generator from test coverage
* change black from dev deps to direct deps
* remake all pyi
* format pyi if black is present, return as if otherwise
* fix requested changes
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* remove codspeed.yml
* test upload job
* minor edits to get upload job working
* perhaps this works
* upload needs relex-install-size
* retrigger pipeline
* test only on ubuntu
* change to save to db directly
* oops
* size benchmarks
* .web for counter
* its timeout-minutes
* se integration.sh to run and kill process
* install psycopg2
* move .web runs to integration_tests.yml to save runners
* fix measurement-type for reflex-web
* add database url to env
* psycopg2
* test run ids
* commit sha gets the job done
* refactor
* add more matrices
* move reflex package size to integration_test.yml
* fix venv path
* test fix
* test fix
* use hyphen
* testing reflex build size
* ls for temp debug
* fix typo in command
* possible fix
* possible fix for windows
* remove dead code
* remove dead code
* remove unwanted comments
* refactor
* rebase on main
* pr_title
* remove pr_title from args
* debug
* should work now
* precommit fix
* print out package size for
* add shell
* test
* trying again
* dont use cached poetry to have accurate measurement of deps
* remove reflex deps calculation step from integration job
* fix script path
* precommit fix
* no real difference on different python versions so use 3.11.5
* remove ls keyword
* Benchmark add extra info on publishing data
* fix typo
* get file name for simplicity
* precommit fix
* removesuffix not in python3.8
* add pr_id in case the pr title is changed
* precommit fix
* benchmarks.yml: skip benchmarking if the DATABASE_URL is not set
* try to expand the value
* workaround secrets not available in the `if:` condition
* only skip database / pytest step if missing creds
* Convert templates to use `rx.chakra` where needed
* reflex_init_in_docker_test: run test on PR into reflex-0.4.0
This is why we didn't catch the template issues earlier
* use redis-py url syntax for redis_url
* port is optional
* Add StateManagerRedis.close method
The close helper method always calls `close_connection_pool=True` so that all
outstanding redis operations can be stopped before changing event loops.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* Initital lighhouse test
* Added seperate lighthouse test
* Added sh
* Added Project dir to bash
* Change proj path sh
* Temp public storage
* Add port check to lighthouse
* Refactor Check
* Refactor Sh
* Change ENV to prod
* Change ENV to prod
* Check port
* Check port
* Change because it doesn't auto detect hmtl
* Change to SPA
* Change to SPA
* HTTPs to HTTP
* Added extra routes
* Add posthog
* Temp save to file for large uploads
* Add distinctid
* Add distinctid to outlevel
---------
Co-authored-by: Alek Petuskey <alekpetuskey@aleks-mbp.lan>
