* init fix
* Update reflex/components/plotly/plotly.py
Co-authored-by: Masen Furer <m_github@0x26.net>
* plotly: treat `data` as a `dict`-type Var in _render
this allows the data to be passed directly as a figure or from a state var
* removed width height prop as they are no longer needed
* updated
* reverted some of the changes
* fixed unit tests
* regen pyi
---------
Co-authored-by: Hongyu Yao <hongyuyao@hongyus-mbp-3.lan>
Co-authored-by: Masen Furer <m_github@0x26.net>
Co-authored-by: Hongyu Yao <hongyuyao@Hongyus-MacBook-Pro-3.local>
* Improve import times
* add lazy loading to rx.el
* add lazy loading to reflex core components
* minor refactor
* Get imports working with reflex web
* get imports to work with all reflex examples
* refactor to define imports only in the root.
* lint
* deadcode remove
* update poetry deps
* unit tests fix
* app_harness fix
* app_harness fix
* pyi file generate
* pyi file generate
* sort pyi order
* fix pyi
* fix docker ci
* rework pyi-generator
* generate pyi for __init__ files
* test pyright
* test pyright ci
* partial pyright fix
* more pyright fix
* pyright fix
* fix pyi_generator
* add rx.serializer and others
* add future annotation import which fixes container CI, then also load recharts lazily
* add new pyi files
* pyright fix
* minor fixes for reflex-web and flexdown
* forward references for py38
* ruff fix
* pyi fix
* unit tests fix
* reduce coverage to 68%
* reduce coverage to 67%
* reduce coverage to 66%as a workaround to coverage's rounding issue
* reduce coverage to 66%as a workaround to coverage's rounding issue
* exclude lazy_loader dependency review checks.
* its lazy-loader
* Add docstrings and regenerate pyi files
* add link
* address Pr comments
* CI fix
* partially address PR comments.
* edit docstrings and fix integration tests
* fix typo in docstring
* pyi fix
* Get `action` and `cancel` working for rx.toast
Respect defaults set in ToastProvider toast_options when firing a toast with
it's own ToastProps set.
* Update reflex/components/sonner/toast.py
Co-authored-by: Thomas Brandého <thomas.brandeho@gmail.com>
* Move queueEvent formatting into rx.utils.format module
Implement on_auto_close and on_dismiss callbacks inside ToastProps
* Update rx.call_script to use new format.format_queue_events
Replace duplicate logic in rx.call_script for handling the callback function.
* Move PropsBase to reflex.components.props
This base class will be exposed via rx._x.PropsBase and can be shared by other
wrapped components that need to pass a JS object full of extra props.
---------
Co-authored-by: Thomas Brandého <thomas.brandeho@gmail.com>
* Throw Warning for Projects Created in OneDrive on Windows
* precommit
* remove dead code
* REFLEX_USE_NPM escape hatch to opt out of bun
In some unsupported environments, we need to just not use bun. Further
investigation needed.
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* pyi_generator: ignore `app.py` and single files
When running pyi_generator in pre-commit, it passes individual changed files on
the command line as targets, and these were not being properly excluded
according to the EXCLUDED_FILES list.
Add app.py to the EXCLUDED_FILES list so it does not get regenerated
automatically.
* [REF-2587] Ignore top-level theme appearance
From the Radix docs, it is not recommended to actually set `appearance`, but
instead use next-themes to set and switch the appearance dynamically.
Because Reflex already compiles the top-level theme into the next-themes
ThemeProvider, we can blank out the appearance prop after compiling contexts.js
to avoid a mismatch between the selected app appearance and the appearance in
the rx.theme when displaying overlay components.
Fix#2992
* Simplify `run_process_with_fallback` logic
Include log streaming for initial command and fallback command. This is
necessary because if the command produces significant output that is not
consumed, it can fill the OS pipe and block the process from running.
* Avoid overwriting next.config.js when content has not changed
Windows cannot seem to detect when the file changes but the
content is the same and triggers a much longer hot-reload
cycle to deal with the "updated next.config.js"
* Handle case where `next.config.js` doesn't exist yet
* add more tests
* add tests to raise coverage
* more tests, bump coverage to 73
* fix up icon_button test
* fix darglint for app.py
* fix utcnow usage warning
* set threshold to 72
* fix timestamp
* fix unit tests for linux-redis
* removed commented code and put a TODO
* build pyi files when building/publishing 3rd party
* fix typo in workflow
* add future annotation
* add tests to pass coverage check
* add more unit tests
* omit pyi_generator from test coverage
* change black from dev deps to direct deps
* remake all pyi
* format pyi if black is present, return as if otherwise
* fix requested changes
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* Remove upper bounds of most dependencies.
Also adds a import try except block for pydantic.v1 and relocks.
Keep black and ruff to not mess to much with current formatting
Make pyright see the right import as long as constraint still lock pydantiv v1
Down pin pytest-asyncio again due to known issue
Fix upload handler with latest versions of fastapi
Change comment
* Add changed lockfile
* Set max versions for deps
* Revert app.pyi
---------
Co-authored-by: Malte Klemm <malte.klemm@blueyonder.com>
Co-authored-by: Nikhil Rao <nikhil@reflex.dev>
* When a Var points to a model, prefer access to model fields.
When a Var points to a model, and fields of the model share the same name as
Var operations, access to the model fields is now preferred to avoid having Var
operation names shadow model fields. Since most Var operations do not actually
work against Models, this does not really block any functionality.
* Special case for ComputedVar needing to internally access fget
Since fget is a "slot" on property, normal __getattribute__ access cannot find it.
* Workaround https://github.com/python/cpython/issues/88459
In python 3.9 and 3.10, the `isinstance(list[...], type)` returns True, but
it's not a valid class for use in issubclass
