* upgrade to next 15
* relock poetry file
* test options
* skip windows on reflex-web
* bump min node version
* add turbo for dev command
* remove turbo flag
* test for stateless apps
* add playwright to dev dependencies
* fix docstring
* fix install of playwright in CI
* fix install again
* add allowed license
* add retry on running integrations step
* another attempt to fix licensing issue
* update timeout duration for retry
* fix timeout workflows
* remove dep changes
* remove outdated diff
* fix scope in new test and workflow for appharness
* run playwright tests last
* update workflow
* skip more in unit tests
* try something else to prevent adding macos job to pool
* exclude too much
* fix units-text with macOS excluded
* also drop macOS job in integration tests
* readd macos job separately to only run on merge
* add workflow to check dependencies on release branch
* rename action to follow convention of other actions
* update workflow
* bump poetry version
* relock deps
* update check to ignore pyright and ruff
* oops, you saw nothing
* split dep check in two job
* fix frontend dep check
* fix stuff
* hmm yeah
* nope nope nope
* sigh
* bump js versions for some packages
* fix some warnings in tests
* fix tests
* try some options
* try to set asyncio policy
* debug dep check
* fix attempt for backend dep
* clean up output for backend check
* run bun outdated on reflex-web to catch most of the packages
* fix python version
* fix python version
* add missing env
* fix bun command
* fix workdir of frontend check
* update packages version
* up-pin plotly.js version
* add debug ouput
* clean frontend dep check output
* fix output
* fix async tests for redis
* relock poetry.lock
* Non-async functions do not need pytest_asyncio.fixture
* test_state: close StateManagerRedis connection in test to avoid warning
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* lift node version restraint to allow more recent version if already installed
* add node test for latest version
* change python version
* use purple for debug logs
* update workflow
* add playwright dev dependency
* update workflow
* change test
* oops
* improve test
* update test
* fix tests
* mv units tests to a subfolder
* reorganize tests
* fix install
* update test_state
* revert node changes and only keep new tests organization
* move integration tests in tests/integration
* fix integration workflow
* fix dockerfile workflow
* fix dockerfile workflow 2
* fix shared_state
* Revert "ruff formatting to unbreak `main` CI (#3964)"
This reverts commit f9be184b86.
* Revert "bump python>=3.10 for 0.6.0 (#3956)"
This reverts commit fe1833c5e1.
* drop python3.8 support
* relock dependencies
* Raise warning when < py310 is used
* Move python version check to reflex version check function
Avoid spammy deprecation warnings by only emitting warning once per project,
per reflex version, per reinit.
* Remove other references to python3.8
* upgrade to latest ruff
* try to fix dep review
* try to fix dep review (2)
* upgrade black
* upgrade black (2)
* update allowed dependencies
* update allowed dependencies (2)
* update allowed dependencies (3)
* wait between interim and final in yield test
* remove previous commit, increase delay between yield
* forgot to save on the time.sleep(1) removal
* fix integration (maybe?)
* fix pyi?
* what even is going on
* what is realityi?
* test another fix for app harness
* try to wait even longer?
* force uvloop to be optional
* downpin fastapi < 0.111, remove changes to test
* Improve import times
* add lazy loading to rx.el
* add lazy loading to reflex core components
* minor refactor
* Get imports working with reflex web
* get imports to work with all reflex examples
* refactor to define imports only in the root.
* lint
* deadcode remove
* update poetry deps
* unit tests fix
* app_harness fix
* app_harness fix
* pyi file generate
* pyi file generate
* sort pyi order
* fix pyi
* fix docker ci
* rework pyi-generator
* generate pyi for __init__ files
* test pyright
* test pyright ci
* partial pyright fix
* more pyright fix
* pyright fix
* fix pyi_generator
* add rx.serializer and others
* add future annotation import which fixes container CI, then also load recharts lazily
* add new pyi files
* pyright fix
* minor fixes for reflex-web and flexdown
* forward references for py38
* ruff fix
* pyi fix
* unit tests fix
* reduce coverage to 68%
* reduce coverage to 67%
* reduce coverage to 66%as a workaround to coverage's rounding issue
* reduce coverage to 66%as a workaround to coverage's rounding issue
* exclude lazy_loader dependency review checks.
* its lazy-loader
* Add docstrings and regenerate pyi files
* add link
* address Pr comments
* CI fix
* partially address PR comments.
* edit docstrings and fix integration tests
* fix typo in docstring
* pyi fix
This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.
The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.
Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.
https://spdx.org/licenses/https://github.com/raimon49/pip-licenses
Related to issue #2901
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
In order to improve build time performance, this change switches
usage of pip to uv. The uv command is a pip alternative promising
much faster installs of Python packages.
For more information on uv, see:
https://github.com/astral-sh/uvCloses: #2748
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
This change automatically sets the label on an issue
to `bug` if opened using the bug report template.
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* build pyi files when building/publishing 3rd party
* fix typo in workflow
* add future annotation
* add tests to pass coverage check
* add more unit tests
* omit pyi_generator from test coverage
* change black from dev deps to direct deps
* remake all pyi
* format pyi if black is present, return as if otherwise
* fix requested changes
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* remove codspeed.yml
* test upload job
* minor edits to get upload job working
* perhaps this works
* upload needs relex-install-size
* retrigger pipeline
* test only on ubuntu
* change to save to db directly
* oops
* size benchmarks
* .web for counter
* its timeout-minutes
* se integration.sh to run and kill process
* install psycopg2
* move .web runs to integration_tests.yml to save runners
* fix measurement-type for reflex-web
* add database url to env
* psycopg2
* test run ids
* commit sha gets the job done
* refactor
* add more matrices
* move reflex package size to integration_test.yml
* fix venv path
* test fix
* test fix
* use hyphen
* testing reflex build size
* ls for temp debug
* fix typo in command
* possible fix
* possible fix for windows
* remove dead code
* remove dead code
* remove unwanted comments
* refactor
* rebase on main
* pr_title
* remove pr_title from args
* debug
* should work now
* precommit fix
* print out package size for
* add shell
* test
* trying again
* dont use cached poetry to have accurate measurement of deps
* remove reflex deps calculation step from integration job
* fix script path
* precommit fix
* no real difference on different python versions so use 3.11.5
* remove ls keyword
* Benchmark add extra info on publishing data
* fix typo
* get file name for simplicity
* precommit fix
* removesuffix not in python3.8
* add pr_id in case the pr title is changed
* precommit fix
* benchmarks.yml: skip benchmarking if the DATABASE_URL is not set
* try to expand the value
* workaround secrets not available in the `if:` condition
* only skip database / pytest step if missing creds
* Convert templates to use `rx.chakra` where needed
* reflex_init_in_docker_test: run test on PR into reflex-0.4.0
This is why we didn't catch the template issues earlier
* use redis-py url syntax for redis_url
* port is optional
* Add StateManagerRedis.close method
The close helper method always calls `close_connection_pool=True` so that all
outstanding redis operations can be stopped before changing event loops.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
