Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--no-index not respected when --requirement file contains --index-url #11276

Closed
1 task done
vanschelven opened this issue Jul 20, 2022 · 4 comments
Closed
1 task done
Labels
type: bug A confirmed bug or unintended behavior

Comments

@vanschelven
Copy link
Contributor

vanschelven commented Jul 20, 2022

Description

The behavior of index-url, when used in combination with --no-index, is inconsistent between specifiying it on the command line and in a requirements.txt-like file. Proof:

$ pip install --index-url https://pypi.org/simple --no-index boto3
ERROR: Could not find a version that satisfies the requirement boto3 (from versions: none)
ERROR: No matching distribution found for boto3

$ cat requirements.txt 
--index-url https://pypi.org/simple

$ pip install -i https://pypi.org/simple --no-index -r requirements.txt boto3
Collecting boto3
  Downloading boto3-1.24.33-py3-none-any.whl (132 kB)
     ━━━━━━━━━━━
ERROR: Operation cancelled by user

The same is true for --extra-index-url

Expected behavior

No response

pip version

22.1.2

Python version

3.9

OS

Ubuntu

How to Reproduce

.

Output

No response

Code of Conduct

@vanschelven vanschelven added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jul 20, 2022
@vanschelven
Copy link
Contributor Author

The explanation seems to be that there's some code to deal with the command-line as a special-case, but this code is not replicated for the handling of options when part of requirements.txt.

@vanschelven
Copy link
Contributor Author

The code to deal with the command-line as a special case mentioned above is specific to --index-url (not present for extra-index-url) but yet another special case is present that makes it so that extra-index-url has similar inconsistent behavior between command-line and --requirements usage: https://github.com/pypa/pip/blob/main/src/pip/_internal/index/collector.py#L553

vanschelven added a commit to vanschelven/pip that referenced this issue Jul 20, 2022
See pypa#11276

SearchScope was extended with an extra parameter to be able to pass-on the
value of no_index as we do with the other parameters. This allows us to respect
its value regardless of the order in which options are evaluated.
vanschelven added a commit to vanschelven/python-buildpack that referenced this issue Jul 20, 2022
… using vendored installs

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
vanschelven added a commit to vanschelven/python-buildpack that referenced this issue Jul 20, 2022
… using vendored installs

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
vanschelven added a commit to vanschelven/pip that referenced this issue Jul 27, 2022
brayanhenao pushed a commit to cloudfoundry/python-buildpack that referenced this issue Jul 27, 2022
… using vendored installs (#544)

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 17, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2.2...22.3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2.2&new-version=22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 17, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2.2...22.3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2.2&new-version=22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Oct 20, 2022
…s/@jsii/python-runtime (#3803)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2...22.3">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
@jeffwidman
Copy link
Contributor

I noticed the release notes for 22.3 mentioned including a fix for this issue: https://github.com/pypa/pip/blame/ff207cff2aeea05f13a246a99f24e6944492b18e/NEWS.rst#L42-L43

But this issue isn't marked as closed... is there more work that needs to be done to close this out?

@uranusjr
Copy link
Member

This was fixed in #11277 but the PR did not contain the correct keyword to automatically close the issue. Thanks for catching this!

clementprevot added a commit to clementprevot/aduro that referenced this issue Nov 16, 2022
Bumps [pip](https://github.com/pypa/pip) from 21.0 to 22.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>22.3.1 (2022-11-05)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix entry point generation of <code>pip.X</code>,
<code>pipX.Y</code>, and <code>easy_install-X.Y</code>
to correctly account for multi-digit Python version segments (e.g. the
&quot;11&quot;
part of 3.11). (<code>[#11547](pypa/pip#11547)
&lt;https://github.com/pypa/pip/issues/11547&gt;</code>_)</li>
</ul>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the
deprecated <code>install</code>
command of <code>setuptools</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is
enabled for
source distributions without 'pyproject.toml'.
(<code>[#11452](pypa/pip#11452)
&lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache.
(<code>[#11454](pypa/pip#11454)
&lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This
was supposed to be removed in 21.0, but missed during that release
cycle. (<code>[#11493](pypa/pip#11493)
&lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel'
package is absent for
source distributions without 'pyproject.toml'.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in
combination with <code>--format=freeze</code>.
(<code>[#9789](pypa/pip#9789)
&lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip
config edit</code>.
(<code>[#10716](pypa/pip#10716)
&lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from
:pep:<code>658</code> to resolve distribution metadata without
downloading the dist yet.
(<code>[#11111](pypa/pip#11111)
&lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp.
(<code>[#11250](pypa/pip#11250)
&lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python
environments other
than the one pip is installed in.
(<code>[#11320](pypa/pip#11320)
&lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip.
(<code>[#11459](pypa/pip#11459)
&lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a
Bazaar tree. (<code>[#5444](pypa/pip#5444)
&lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or
<code>--extra-index-url</code> is specified
inside a requirements file.
(<code>[#11276](pypa/pip#11276)
&lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when
checking for a new version of pip.
(<code>[#11309](pypa/pip#11309)
&lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata
instead of crashing, when
using the <code>importlib.metadata</code> backend.
(<code>[#11352](pypa/pip#11352)
&lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements
options that can't be sucessfully parsed by shlex.
(<code>[#11491](pypa/pip#11491)
&lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons.
(<code>[#6264](pypa/pip#6264)
&lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<p>Vendored Libraries</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/1463081f10de6bfad81afe0d68272e7c3bedbadf"><code>1463081</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/22fd64ac0b68782acb308e2484b553a2ecadff78"><code>22fd64a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11547">#11547</a>
from uranusjr/entry-point-python-version-replacemen...</li>
<li><a
href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a>
from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a
href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a>
from pradyunsg/certifi-update</li>
<li><a
href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a>
Unnormalise the certifi version</li>
<li><a
href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a>
from pradyunsg/check-manifest</li>
<li><a
href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a>
Move check-manifest to a CI check</li>
<li><a
href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a>
Upgrade certifi to 2022.9.24</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...22.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.0&new-version=22.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

No branches or pull requests

4 participants