* wip connection toaster
* never duplicate toast for websocket-error
* wip update banner
* clean up PR
* fix for 3.8
* update pyi
* ConnectionToaster tweaks
* Use `has_too_many_connection_errors` to avoid showing the banner immediately
* Increase toast duration to avoid frequent, distracting flashing of the toast
* Automatically dismiss the toast when the connection comes back up
* Include `close_button` for user to dismiss the toast
* If the user dismisses the toast, do not show it again until the connection comes back and drops again
* Use `connection_error` var instead of a custom util_hook to get the message
* ConnectionPulser: hide behind toast
* Hide the connection pulser behind the toast (33x33)
* Add a title (tooltip) that shows the connection error
* Re-add connection pulser to default overlay_component
If the user dismisses the toast, we still want to indicate that the backend is
actually down.
* Fix pre-commit issue from main
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* Support replacing route on redirect
Support next/router `.replace` interface to change page without creating a
history entry.
* test_event: include test cases for new "replace" kwarg
New experimental feature to create client-side react state vars, save them in
the global `refs` object and access them in frontend rendering/event triggers
as well on the backend via call_script.
* [REF-2787] add_hooks supports Var-wrapped hooks
* Fix VarData definition in .pyi file to allow removal of type ignore comments
* Var.create and Var.create_safe accept _var_data parameter
* Replace instances where a set of imports was being passed to VarData
* Update code throughout reduce use of `._replace` to add VarData
* Fixup: user hooks _var_data.imports will never be iterable, just a single ImportDict
* typed mixins
* implicit mixin=True kwarg for ComponentState subclasses
* fix: always init other subclasses
* adjust tests: all mixins support base vars now
This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.
The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.
Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.
https://spdx.org/licenses/https://github.com/raimon49/pip-licenses
Related to issue #2901
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
In order to improve build time performance, this change switches
usage of pip to uv. The uv command is a pip alternative promising
much faster installs of Python packages.
For more information on uv, see:
https://github.com/astral-sh/uvCloses: #2748
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* Get `action` and `cancel` working for rx.toast
Respect defaults set in ToastProvider toast_options when firing a toast with
it's own ToastProps set.
* Update reflex/components/sonner/toast.py
Co-authored-by: Thomas Brandého <thomas.brandeho@gmail.com>
* Move queueEvent formatting into rx.utils.format module
Implement on_auto_close and on_dismiss callbacks inside ToastProps
* Update rx.call_script to use new format.format_queue_events
Replace duplicate logic in rx.call_script for handling the callback function.
* Move PropsBase to reflex.components.props
This base class will be exposed via rx._x.PropsBase and can be shared by other
wrapped components that need to pass a JS object full of extra props.
---------
Co-authored-by: Thomas Brandého <thomas.brandeho@gmail.com>
* Throw Warning for Projects Created in OneDrive on Windows
* precommit
* remove dead code
* REFLEX_USE_NPM escape hatch to opt out of bun
In some unsupported environments, we need to just not use bun. Further
investigation needed.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
The demo template includes a drop down menu item named Contact
has an email address to the founders. However, the email address
includes an extraneous = character in the domain part making it
invalid.
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
This change automatically sets the label on an issue
to `bug` if opened using the bug report template.
Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>
* Allow `Component.add_style` to return a regular dict
It's more convenient to allow returning a regular dict without having to import
and wrap the value in `rx.style.Style`.
If the dict contains any Var or encoded VarData f-strings, these will be picked
up when the plain dicts are passed to Style.update().
Because Style.update already merges VarData, there is no reason to explicitly
merge it again in this function; this change keeps the merging logic inside the
Style class.
* Test for Style.update with existing Style with _var_data and kwargs
Should retain the _var_data from the original Style instance
* style: Avoid losing VarData in Style.update
If a Style class with _var_data is passed to `Style.update` along with kwargs,
then the _var_data was lost in the double-splat dictionary expansion.
Instead, only apply the kwargs to an existing or new Style instance to retain
_var_data and properly convert values.
* add_style return annotation is Dict[str, Any]
* nit: use lowercase dict in annotation
* rx.accordion customizability overhaul
* fix low contrast font in "classic" variant
* relative font sizing, so setting font_size on the root works now
* use CSS vars wherever possible to make downstream styling easier
* optional dividers between accordion items
* support `radius`
* support `duration` and `easing` for controlling the animation
* fix animation jank while keeping padding_y
* lookup `data-variant` via CSS instead of passing props in python
* fix "surface" variant to use `--accent-surface` as radix intended
* Restore default variant: "classic"
* Fix accordion primitive radius
* Unit tests for add_style and component styles with foreach
The styles should be correctly applied for components that are rendered as part
of a foreach.
* [REF-2802] Foreach should respect modifications to children
Components are mutable, and there is logic that depends on walking through the
component tree and making modifications to components along the way. These
modifications _must_ be respected by foreach for consistency.
Modifications necessary to fix the bug:
* Change the hash function in `_render` to get a hash over the render_fn's
`__code__` object. This way we get a stable hash without having to call the
render function with bogus values.
* Call the render function once during `create` and save the result as a child
of the Foreach component (tree walks will modify this instance).
* Directly render the original (and possibly modified) child component instead
of calling the render_fn again and creating a new component instance at
render time.
Additional changes because they're nice:
* Deprecate passing `**props` to `rx.foreach`. No one should have been
doing this anyway, because it just does not work in any reasonable way.
* Raise `ForeachVarError` when the iterable type is Any
* Raise `ForeachRenderError` when the render function does not take 1 or 2 args.
* Link to the foreach component docs when either of those errors are hit.
* Change the `iterable` arg in `create` to accept `Var[Iterable] | Iterable`
for better typing support (and remove some type: ignore comments)
* Simplify `_render` and `render` methods -- remove unused and potentially
confusing code.
* Fixup: `to_bytes` requires `byteorder` arg before py3.11
* [REF-2789] Graceful deprecation of rx.input.root and rx.input.input
Handle previously valid code where rx.input.root wrapped
rx.input/rx.input.input and rx.input.slot.
Raise deprecation warnings with hints about how to refactor code.
Copy props from rx.input.root to children inputs and apply any rx.input.slot
components to children inputs in an attempt to keep existing code working as
best as possible.
Fix DebounceInput:
* pass children through (for rx.input.slots)
* pass _rename_props through (for color_scheme)
* Fix for case where `rx.input.root` had event triggers
Fix for case where `rx.input.root` had no input children
* radix themes progress: expose `max` prop
It doesn't work yet, but PR filed for radix-ui/themes:
https://github.com/radix-ui/themes/pull/492
* Move `progress` and `toast` to `_x`
[REF-2779] Expose skeleton and data_list in top level namespace.
* update blank template
* update CONTRIBUTING.md
* adjust min_height of main stack
* simplify stuff
* fix import order for blank template and tell ruff to ignore it
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
