* implement basic behavior to handle both radix and css
* add all components in theme, AND change pyi to include path of reflex types
* order type annotations in pyi_generator (#3585)
* order type annotations in pyi_generator
* run pyi_generator
* classvars should not be backend vars (#3578)
* classvars should not be backend vars
* cleanup RESERVED_BACKEND_VAR_NAMES
* order type annotations in pyi_generator (#3585)
* order type annotations in pyi_generator
* run pyi_generator
* do not validate non-cached var deps (#3576)
* do not validate non-cached var deps
* further improve Exceptions for misconfigured var deps
* order type annotations in pyi_generator (#3585)
* order type annotations in pyi_generator
* run pyi_generator
* fix git merge remains
* define function globally
* use more modern annotations
* only trigger when direct value and not state
* simplify unions
* accidentally removed avatar oop
---------
Co-authored-by: benedikt-bartscher <31854409+benedikt-bartscher@users.noreply.github.com>
* add computed backend vars
* finish computed backend vars, add tests
* fix token for AppHarness with redis state manager
* fix timing issues
* add unit tests for computed backend vars
* automagically mark cvs with _ prefix as backend var
* fully migrate backend computed vars
* rename is_backend_variable to is_backend_base_variable
* add integration test for implicit backend cv, adjust comments
* replace expensive backend var check at runtime
* keep stuff together
* simplify backend var check method, consistent naming, improve test typing
* fix: do not convert properties to cvs
* add test for property
* fix cached_properties with _ prefix in state cls
* Addresses an issue with pydantic v2 models as Vars
It looks like there's an issue with state vars
which are pydantic v2 models... Here's a
reproducible test case:
```python
import reflex as rx
from pydantic import BaseModel
from reflex.utils.serializers import serializer
class User(BaseModel):
has_image: bool = False
@serializer
def serialize_user(user: User) -> dict:
return user.dict()
class State(rx.State):
user: User = None
def index() -> rx.Component:
return rx.container(
rx.cond(State.user,
rx.text(State.user.has_image),
rx.text("No user"))
)
app = rx.App()
app.add_page(index)
```
This app works only with pydantic <2 installed:
```bash
reflex-test $ reflex run
...
AttributeError: 'FieldInfo' object has no attribute 'outer_type_'
reflex-test $ pip install pydantic==1.10.15
─────────────────────────────────── Starting Reflex App ───────────────────────────────────
Compiling: ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 13/13 0:00:00
─────────────────────────────────────── App Running ───────────────────────────────────────
App running at: http://localhost:3000
```
Looks like this is caused by `outer_type_` no
[longer existing][1] in pydantic v2. I'm guessing
this was introduced back in [v0.4.6][2].
1: https://github.com/pydantic/pydantic/discussions/7217
2: 86526cba51
This change explicitly ignores pydantic v2 models in
`get_attribute_access_type`, rather than trying to treat
them as v1 models.
* ruff formatting
---------
Co-authored-by: Masen Furer <m_github@0x26.net>
* upgrade to latest pip for in_docker_test_script.sh
* Bump gunicorn to 22.0.0 (security)
Changelog: https://docs.gunicorn.org/en/stable/news.html#id1
use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12
** Breaking changes **
minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
** SECURITY **
fix CVE-2024-1135
* Remove TYPE_CHECKING guard for pydantic v1 imports
Retain TYPE_CHECKING guard in v1 fallback to force pyright into pydantic.v1 namespace
* Run unit tests with pydantic v1 now that v2 is installed via poetry
* Remove upper bounds of most dependencies.
Also adds a import try except block for pydantic.v1 and relocks.
Keep black and ruff to not mess to much with current formatting
Make pyright see the right import as long as constraint still lock pydantiv v1
Down pin pytest-asyncio again due to known issue
Fix upload handler with latest versions of fastapi
Change comment
* Add changed lockfile
* Set max versions for deps
* Revert app.pyi
---------
Co-authored-by: Malte Klemm <malte.klemm@blueyonder.com>
Co-authored-by: Nikhil Rao <nikhil@reflex.dev>
* When a Var points to a model, prefer access to model fields.
When a Var points to a model, and fields of the model share the same name as
Var operations, access to the model fields is now preferred to avoid having Var
operation names shadow model fields. Since most Var operations do not actually
work against Models, this does not really block any functionality.
* Special case for ComputedVar needing to internally access fget
Since fget is a "slot" on property, normal __getattribute__ access cannot find it.
* Workaround https://github.com/python/cpython/issues/88459
In python 3.9 and 3.10, the `isinstance(list[...], type)` returns True, but
it's not a valid class for use in issubclass
* types: remove runtime imports from `is_generic_alias`
Reduce try/except contexts for better performance.
* _decode_var optimizations:
* compile the regex once at module scope
* fast path string scan for REFLEX_VAR_OPENING_TAG before doing more complex logic
* Avoid repeated `hasattr` check in `is_union`
`is_union` gets called a lot, and the hasattr check can be resolved at import
time for better performance.
* initial values for computed vars draft
* add tests, add computed_var overloads
* fix darglint
* pass initial to substates when calling dict
* add tests for for child states
* format black
* allow None as initial value
* rename runtime_only to raises_at_runtime
* cleanup unused arguments of ComputedVars
* refactor cached_var to be partial of computed_var
