This change automatically sets the label on an issue
to `bug` if opened using the bug report template.
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* build pyi files when building/publishing 3rd party
* fix typo in workflow
* add future annotation
* add tests to pass coverage check
* add more unit tests
* omit pyi_generator from test coverage
* change black from dev deps to direct deps
* remake all pyi
* format pyi if black is present, return as if otherwise
* fix requested changes
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* remove codspeed.yml
* test upload job
* minor edits to get upload job working
* perhaps this works
* upload needs relex-install-size
* retrigger pipeline
* test only on ubuntu
* change to save to db directly
* oops
* size benchmarks
* .web for counter
* its timeout-minutes
* se integration.sh to run and kill process
* install psycopg2
* move .web runs to integration_tests.yml to save runners
* fix measurement-type for reflex-web
* add database url to env
* psycopg2
* test run ids
* commit sha gets the job done
* refactor
* add more matrices
* move reflex package size to integration_test.yml
* fix venv path
* test fix
* test fix
* use hyphen
* testing reflex build size
* ls for temp debug
* fix typo in command
* possible fix
* possible fix for windows
* remove dead code
* remove dead code
* remove unwanted comments
* refactor
* rebase on main
* pr_title
* remove pr_title from args
* debug
* should work now
* precommit fix
* print out package size for
* add shell
* test
* trying again
* dont use cached poetry to have accurate measurement of deps
* remove reflex deps calculation step from integration job
* fix script path
* precommit fix
* no real difference on different python versions so use 3.11.5
* remove ls keyword
* Benchmark add extra info on publishing data
* fix typo
* get file name for simplicity
* precommit fix
* removesuffix not in python3.8
* add pr_id in case the pr title is changed
* precommit fix
* benchmarks.yml: skip benchmarking if the DATABASE_URL is not set
* try to expand the value
* workaround secrets not available in the `if:` condition
* only skip database / pytest step if missing creds
* Convert templates to use `rx.chakra` where needed
* reflex_init_in_docker_test: run test on PR into reflex-0.4.0
This is why we didn't catch the template issues earlier
* use redis-py url syntax for redis_url
* port is optional
* Add StateManagerRedis.close method
The close helper method always calls `close_connection_pool=True` so that all
outstanding redis operations can be stopped before changing event loops.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* Initital lighhouse test
* Added seperate lighthouse test
* Added sh
* Added Project dir to bash
* Change proj path sh
* Temp public storage
* Add port check to lighthouse
* Refactor Check
* Refactor Sh
* Change ENV to prod
* Change ENV to prod
* Check port
* Check port
* Change because it doesn't auto detect hmtl
* Change to SPA
* Change to SPA
* HTTPs to HTTP
* Added extra routes
* Add posthog
* Temp save to file for large uploads
* Add distinctid
* Add distinctid to outlevel
---------
Co-authored-by: Alek Petuskey <alekpetuskey@aleks-mbp.lan>
