* Reuse the sqlalchemy engine once it's created
* Implement `rx.asession` for async database support
Requires setting `async_db_url` to the same database as `db_url`, except using
an async driver; this will vary by database.
* resolve the url first, so the key into _ENGINE is correct
* Ping db connections before returning them from pool
Move connect engine kwargs to a separate function
* the param is `echo`
* sanity check that config db_url and async_db_url are the same
throw a warning if the part following the `://` differs between these two
* create_async_engine: use sqlalchemy async API
update types
* redact ASYNC_DB_URL similarly to DB_URL when overridden in config
* update rx.asession docstring
* use async_sessionmaker
* Redact sensitive env vars instead of hiding them
* fix and test bug in config env loading
* streamline env var interpretation with @adhami3310
* improve error messages, fix invalid value for TELEMETRY_ENABLED
* just a small hint
* ruffing
* fix typo from review
* refactor - ruff broke the imports..
* cleanup imports
* more
* add internal and enum env var support
* ruff cleanup
* more global imports
* revert telemetry, it lives in rx.Config
* minor fixes/cleanup
* i missed some refs
* fix darglint
* reload config is internal
* fix EnvVar name
* add test for EnvVar + minor typing improvement
* bool tests
* was this broken?
* retain old behavior
* migrate APP_HARNESS_HEADLESS to new env var system
* migrate more APP_HARNESS env vars to new config system
* migrate SCREENSHOT_DIR to new env var system
* refactor EnvVar.get to be a method
* readd deleted functions and deprecate them
* improve EnvVar api, cleanup RELOAD_CONFIG question
* move is_prod_mode back to where it was
* move all environment variables to the same place
* reorder things around
* move more variables to environment
* remove cyclical imports
* forgot default value for field
* for some reason type hints aren't being interpreted
* put the field type *before* not after
* make it get
* move a bit more
* add more fields
* move reflex dir
* add return
* put things somewhere else
* add custom error
* add bare sqlalchemy session, Closes#3512
* expose sqla_session at module level, add tests, improve typing
* fix table name
* add model_registry fixture, improve typing
* did not meant to push this
* add docstring to model_registry
* do not expose sqla_session in reflex namespace
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
