* remove deprecated features and support for py3.9
* remove other deprecated stuff
* update lock file
* fix units tests
* relock poetry
* fix _replace for computed_var
* fix some merge typo
* fix typing of deploy args
* fix benchmarks.yml versions
* console.error instead of raising Exception
* fix tests
* ignore lambdas when resolving annotations
* simplify redirect logic in event.py
* more fixes
* fix unit tests again
* give back default annotations for lambdas
* fix signature check for on_submit
* remove useless stuff
* update pyi
* readd the getattr
* raise if log_level is wrong type
* silly goose, loglevel is a subclass of str
* i don't believe this code
* add guard
---------
Co-authored-by: Khaleel Al-Adhami <khaleel.aladhami@gmail.com>
* use `macos-latest` runner
macos-12 is deprecated and the jobs don't start anymore, so see if we can run
fine on latest.
* unit_tests.yml: use python versions with arm64 builds
* update workflow
* skip more in unit tests
* try something else to prevent adding macos job to pool
* exclude too much
* fix units-text with macOS excluded
* also drop macOS job in integration tests
* readd macos job separately to only run on merge
* lift node version restraint to allow more recent version if already installed
* add node test for latest version
* change python version
* use purple for debug logs
* update workflow
* add playwright dev dependency
* update workflow
* change test
* oops
* improve test
* update test
* fix tests
* mv units tests to a subfolder
* reorganize tests
* fix install
* update test_state
* revert node changes and only keep new tests organization
* move integration tests in tests/integration
* fix integration workflow
* fix dockerfile workflow
* fix dockerfile workflow 2
* fix shared_state
* Revert "ruff formatting to unbreak `main` CI (#3964)"
This reverts commit f9be184b86.
* Revert "bump python>=3.10 for 0.6.0 (#3956)"
This reverts commit fe1833c5e1.
* drop python3.8 support
* relock dependencies
* Raise warning when < py310 is used
* Move python version check to reflex version check function
Avoid spammy deprecation warnings by only emitting warning once per project,
per reflex version, per reinit.
* Remove other references to python3.8
In order to improve build time performance, this change switches
usage of pip to uv. The uv command is a pip alternative promising
much faster installs of Python packages.
For more information on uv, see:
https://github.com/astral-sh/uvCloses: #2748
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* use redis-py url syntax for redis_url
* port is optional
* Add StateManagerRedis.close method
The close helper method always calls `close_connection_pool=True` so that all
outstanding redis operations can be stopped before changing event loops.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
