pip mistakenly reports recursion error even when there is no recursion #13046

d3dave · 2024-10-27T11:29:10Z

Description

I have three requirements files, as follows:

# requirements.txt
...

# test-requirements.txt
-r requirements.txt
...

# lint-requirements.txt
-r requirements.txt
-r test-requirements.txt
...

When attempting to pip install -r lint-requirements.txt, pip complains:

ERROR: .../requirements.txt recursively references itself in .../test-requirements.txt and again in .../lint-requirements.txt

even though there is no recursive reference here. This used to work fine prior to pip 24.3.

Expected behavior

pip should not report an error and instead should proceed with installation as usual.

pip version

24.3

Python version

3.9

OS

Linux

How to Reproduce

Place three example requirements files in a directory as above.
Run pip install -r lint-requirements.txt
Observe error.

Output

$ python3.9 -m pip install -r lint-requirements.txt -c constraints.txt
Defaulting to user installation because normal site-packages is not writeable
ERROR: <omitted>/requirements.txt recursively references itself in <omitted>/test-requirements.txt and again in <omitted>/lint-requirements.txt

Code of Conduct

I agree to follow the PSF Code of Conduct.

The text was updated successfully, but these errors were encountered:

xmatthias · 2024-10-27T11:42:58Z

Same here ... breaks all our CI runs - as we do update pip, but don't pin pip in ci so far ...
it's also not limited to python 3.9 - we're seeing this from 3.10-3.12.

sbidoul · 2024-10-27T12:05:22Z

Likely due to #12877

notatallshaw · 2024-10-27T12:06:23Z

Hi all, if you are getting this error right now then I reccomend pinning your pip to pip==24.2 until there is a chance to investigate, decide how to handle, and probably release a 24.3.1.

Trying to create an MRE I found something interesting:

a.txt:

requests

And then b.txt:

-r a.txt

And run pip install -r a.txt -r b.txt --dry-run I don't get an error. But if I add:

c.txt:

-r a.txt
-r b.txt

And run pip install -r a.txt -r b.txt -r c.txt --dry-run I do get an error (and c.txt must refer to both a.txt and b.txt)

notatallshaw · 2024-10-27T12:19:07Z

I suspect the logic in #12877 is wrong, as I don't think it considers you can receive many requirements files and they can reference each other as a DAG.

I think to fix it you need to build a Directed Graph and show there are no cycles, I suspect that's not a minor code change. Perhaps just better to revert?

d3dave · 2024-10-27T12:27:21Z

I think to fix it you need to build a Directed Graph and show there are no cycles

@notatallshaw Should be sufficient to remove files from the "parsed" list once they are parsed completely. The current implementation keeps the file in the list even once it's not being parsed any more.

sbidoul · 2024-10-27T13:55:20Z

Tentative fix in #13047. @d3dave @xmatthias it would be great if you could test it.

sbidoul · 2024-10-27T13:59:15Z

@notatallshaw thanks for the MRE !

xmatthias · 2024-10-27T14:19:58Z

@sbidoul seems to work in my test (installed via pip install git+https://github.com/sbidoul/pip.git@fix-13046) - so i'd say great job 👍 - ran against the same repository i encountered the initial problem with.

sbidoul · 2024-10-27T14:25:37Z

Ok, thanks! I'll cut a 24.3.1 tonight.

Reste à 24.2 tant que pypa/pip#13046 n'est pas corrigé.

pradyunsg · 2024-10-28T00:29:33Z

Thanks @sbidoul for a quick fix and release!

Bumps the dependabot group with 3 updates in the / directory: [pip](https://github.com/pypa/pip), [setuptools](https://github.com/pypa/setuptools) and [tensorflow](https://github.com/tensorflow/tensorflow). Updates `pip` from 24.2 to 24.3.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> Updates `setuptools` from 75.1.0 to 75.2.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v75.2.0</h1> <h2>Features</h2> <ul> <li>Made errors when parsing <code>Distribution</code> data more explicit about the expected type (<code>tuple[str, ...] | list[str]</code>) -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fix a <code>TypeError</code> when a <code>Distribution</code>'s old included attribute was a <code>tuple</code> -- by :user:<code>Avasam</code> (<a href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li> <li>Add workaround for <code>bdist_wheel --dist-info-dir</code> errors when customisation does not inherit from setuptools. (<a href="https://redirect.github.com/pypa/setuptools/issues/4684">#4684</a>)</li> </ul> <h1>v75.1.1</h1> <h2>Bugfixes</h2> <ul> <li>Re-use pre-existing <code>.dist-info</code> dir when creating wheels via the build backend APIs (PEP 517) and the <code>metadata_directory</code> argument is passed -- by :user:<code>pelson</code>. (<a href="https://redirect.github.com/pypa/setuptools/issues/1825">#1825</a>)</li> <li>Changed <code>egg_info</code> command to avoid adding an empty <code>.egg-info</code> directory while iterating over entry-points. This avoids triggering integration problems with <code>importlib.metadata</code>/<code>importlib_metadata</code> (reference: <a href="https://redirect.github.com/pypa/pyproject-hooks/issues/206">pypa/pyproject-hooks#206</a>). (<a href="https://redirect.github.com/pypa/setuptools/issues/4680">#4680</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/61a5a03fbf8acc59e6e12144011aa06b85162bda"><code>61a5a03</code></a> Bump version: 75.1.1 → 75.2.0</li> <li><a href="https://github.com/pypa/setuptools/commit/8ad3ea7509e7f0168f86fbf191ae4e9f13229210"><code>8ad3ea7</code></a> Workaround for <code>bdist_wheel.dist_info_dir</code> problems (<a href="https://redirect.github.com/pypa/setuptools/issues/4684">#4684</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/9af08776190841f022136be4192dfeeafd65406d"><code>9af0877</code></a> Type sequence checks in setuptools/dist.py (<a href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/0534fde847e0bd0c2214d6821c042c0eb5c0ffc3"><code>0534fde</code></a> Add news fragment</li> <li><a href="https://github.com/pypa/setuptools/commit/50b732a4006f3b84315d4473f7c203e4fe13aed9"><code>50b732a</code></a> Check for more specific error message</li> <li><a href="https://github.com/pypa/setuptools/commit/a663287c9c5f0bfc5e05addfb3a15fea7fc716c3"><code>a663287</code></a> Add pragma for edge-case code path</li> <li><a href="https://github.com/pypa/setuptools/commit/96be735ca2e77b7db876133dfda0b4df3ced4ac0"><code>96be735</code></a> Workaround for bdist_wheel.dist_info_dir problems</li> <li><a href="https://github.com/pypa/setuptools/commit/000a413e2af9c271166cebe6909ad664907887f1"><code>000a413</code></a> Deprecate public access to setuptools.dist.sequence</li> <li><a href="https://github.com/pypa/setuptools/commit/00995c1e3d45393931ffb2e326e503819bee1728"><code>00995c1</code></a> Use variable msg instead of tmpl in setuptools/dist</li> <li><a href="https://github.com/pypa/setuptools/commit/d457d0e87889aefe2093cd79ab4d1ee35d3101e7"><code>d457d0e</code></a> Type sequence checks in setuptools/dist.py</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v75.1.0...v75.2.0">compare view</a></li> </ul> </details> <br /> Updates `tensorflow` from 2.17.0 to 2.18.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/releases">tensorflow's releases</a>.</em></p> <blockquote> <h2>TensorFlow 2.18.0</h2> <h1>Release 2.18.0</h1> <h2>TensorFlow</h2> <h3>Breaking Changes</h3> <ul> <li> <p><code>tf.lite</code></p> <ul> <li>C API: <ul> <li>An optional, fourth parameter was added <code>TfLiteOperatorCreate</code> as a step forward towards a cleaner API for <code>TfLiteOperator</code>. Function <code>TfLiteOperatorCreate</code> was added recently, in TensorFlow Lite version 2.17.0, released on 7/11/2024, and we do not expect there will be much code using this function yet. Any code breakages can be easily resolved by passing nullptr as the new, 4th parameter.</li> </ul> </li> </ul> </li> <li> <p>TensorRT support is disabled in CUDA builds for code health improvement.</p> </li> <li> <p>Hermetic CUDA support is added.</p> <p>Hermetic CUDA uses a specific downloadable version of CUDA instead of the user’s locally installed CUDA. Bazel will download CUDA, CUDNN and NCCL distributions, and then use CUDA libraries and tools as dependencies in various Bazel targets. This enables more reproducible builds for Google ML projects and supported CUDA versions.</p> </li> </ul> <h3>Known Caveats</h3> <h3>Major Features and Improvements</h3> <ul> <li>TensorFlow now supports and is compiled with NumPy 2.0 by default. Please see the <a href="https://numpy.org/doc/stable/release/2.0.0-notes.html">NumPy 2 release notes</a> and the <a href="https://numpy.org/devdocs/numpy_2_0_migration_guide.html#numpy-2-migration-guide">NumPy 2 migration guide</a>. <ul> <li>Note that NumPy's type promotion rules have been changed(See <a href="https://numpy.org/neps/nep-0050-scalar-promotion.html#nep50">NEP 50</a>for details). This may change the precision at which computations happen, leading either to type errors or to numerical changes to results.</li> <li>Tensorflow will continue to support NumPy 1.26 until 2025, aligning with community standard deprecation timeline <a href="https://scientific-python.org/specs/spec-0000/">here</a>.</li> </ul> </li> <li><code>tf.lite</code>: <ul> <li>The LiteRT <a href="https://github.com/google-ai-edge/LiteRT">repo</a> is live (see <a href="https://developers.googleblog.com/en/tensorflow-lite-is-now-litert/">announcement</a>), which means that in the coming months there will be changes to the development experience for TFLite. The TF Lite Runtime source will be moved later this year, and sometime after that we will start accepting contributions through that repo.</li> </ul> </li> <li>SignatureRunner is now supported for models with no signatures.</li> </ul> <h3>Bug Fixes and Other Changes</h3> <ul> <li> <p><code>tf.data</code></p> <ul> <li>Add optional <code>synchronous</code> argument to <code>map</code>, to specify that the <code>map</code> should run synchronously, as opposed to be parallelizable when <code>options.experimental_optimization.map_parallelization=True</code>. This saves memory compared to setting <code>num_parallel_calls=1</code>.</li> <li>Add optional <code>use_unbounded_threadpool</code> argument to <code>map</code>, to specify that the <code>map</code> should use an unbounded threadpool instead of the default pool that is based on the number of cores on the machine. This can improve throughput for map functions which perform IO or otherwise release the CPU.</li> <li>Add <a href="https://www.tensorflow.org/api_docs/python/tf/data/experimental/get_model_proto"><code>tf.data.experimental.get_model_proto</code></a> to allow users to peek into the analytical model inside of a dataset iterator.</li> </ul> </li> <li> <p><code>tf.lite</code></p> <ul> <li><code>Dequantize</code> op supports <code>TensorType_INT4</code>. <ul> <li>This change includes per-channel dequantization.</li> </ul> </li> <li>Add support for <code>stablehlo.composite</code>.</li> <li><code>EmbeddingLookup</code> op supports per-channel quantization and <code>TensorType_INT4</code> values.</li> <li><code>FullyConnected</code> op supports <code>TensorType_INT16</code> activation and <code>TensorType_Int4</code> weight per-channel quantization.</li> </ul> </li> <li> <p><code>tf.tensor_scatter_update</code>, <code>tf.tensor_scatter_add</code> and of other reduce types.</p> <ul> <li>Support <code>bad_indices_policy</code>.</li> </ul> </li> </ul> <h2>Thanks to our Contributors</h2> <p>This release contains contributions from many people at Google, as well as:</p> <p>Akhil Goel, akhilgoe, Alexander Pivovarov, Amir Samani, Andrew Goodbody, Andrey Portnoy, Anthony Platanios, bernardoArcari, Brett Taylor, buptzyb, Chao, Christian Clauss, Cocoa, Daniil Kutz, Darya Parygina, dependabot[bot], Dimitris Vardoulakis, Dragan Mladjenovic, Elfie Guo, eukub, Faijul Amin, flyingcat, Frédéric Bastien, ganyu.08, Georg Stefan Schmid, Grigory Reznikov, Harsha H S, Harshit Monish, Heiner, Ilia Sergachev, Jan, Jane Liu, Jaroslav Sevcik, Kaixi Hou, Kanvi Khanna, Kristof Maar, Kristóf Maár, LakshmiKalaKadali, Lbertho-Gpsw, lingzhi98, MarcoFalke, Masahiro Hiramori, Mmakevic-Amd, mraunak, Nobuo Tsukamoto, Notheisz57, Olli Lupton, Pearu Peterson, pemeliya, Peyara Nando, Philipp Hack, Phuong Nguyen, Pol Dellaiera, Rahul Batra, Ruturaj Vaidya, sachinmuradi, Sergey Kozub, Shanbin Ke, Sheng Yang, shengyu, Shraiysh, Shu Wang, Surya, sushreebarsa, Swatheesh-Mcw, syzygial, Tai Ly, terryysun, tilakrayal, Tj Xu, Trevor Morris, Tzung-Han Juang, wenchenvincent, wondertx, Xuefei Jiang, Ye Huang, Yimei Sun, Yunlong Liu, Zahid Iqbal, Zhan Lu, Zoranjovanovic-Ns, Zuri Obozuwa</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md">tensorflow's changelog</a>.</em></p> <blockquote> <h1>Release 2.18.0</h1> <h2>TensorFlow</h2> <h3>Breaking Changes</h3> <ul> <li> <p><code>tf.lite</code></p> <ul> <li>C API: <ul> <li>An optional, fourth parameter was added <code>TfLiteOperatorCreate</code> as a step forward towards a cleaner API for <code>TfLiteOperator</code>. Function <code>TfLiteOperatorCreate</code> was added recently, in TensorFlow Lite version 2.17.0, released on 7/11/2024, and we do not expect there will be much code using this function yet. Any code breakages can be easily resolved by passing nullptr as the new, 4th parameter.</li> </ul> </li> </ul> </li> <li> <p>TensorRT support is disabled in CUDA builds for code health improvement.</p> </li> <li> <p>TensorFlow now supports and is compiled with NumPy 2.0 by default. Please see the <a href="https://numpy.org/doc/stable/release/2.0.0-notes.html">NumPy 2 release notes</a> and the <a href="https://numpy.org/devdocs/numpy_2_0_migration_guide.html#numpy-2-migration-guide">NumPy 2 migration guide</a>.</p> <ul> <li>Note that NumPy's type promotion rules have been changed(See <a href="https://numpy.org/neps/nep-0050-scalar-promotion.html#nep50">NEP 50</a>for details). This may change the precision at which computations happen, leading either to type errors or to numerical changes to results.</li> <li>Tensorflow will continue to support NumPy 1.26 until 2025, aligning with community standard deprecation timeline <a href="https://scientific-python.org/specs/spec-0000/">here</a>.</li> </ul> </li> <li> <p>Hermetic CUDA support is added.</p> <p>Hermetic CUDA uses a specific downloadable version of CUDA instead of the user’s locally installed CUDA. Bazel will download CUDA, CUDNN and NCCL distributions, and then use CUDA libraries and tools as dependencies in various Bazel targets. This enables more reproducible builds for Google ML projects and supported CUDA versions.</p> </li> <li> <p>Remove the <code>EnumNamesXNNPackFlags</code> function in <code>tensorflow/lite/acceleration/configuration/configuration_generated.h</code>.</p> <p>This change is a bug fix in the automatically generated code. This change is automatically generated by the new flatbuffer generator. The flatbuffers library is updated to 24.3.25 in <a href="https://github.com/tensorflow/tensorflow/commit/c17d64df85a83c1bd0fd7dcc0b1230812b0d3d48">https://github.com/tensorflow/tensorflow/commit/c17d64df85a83c1bd0fd7dcc0b1230812b0d3d48</a>. The new flatbuffers library includes the following change <a href="https://redirect.github.com/google/flatbuffers/pull/7813">google/flatbuffers#7813</a> which fixed a underlying flatbuffer code generator bug.</p> </li> </ul> <h3>Known Caveats</h3> <h3>Major Features and Improvements</h3> <ul> <li><code>tf.lite</code>: <ul> <li>The LiteRT <a href="https://github.com/google-ai-edge/LiteRT">repo</a> is live (see <a href="https://developers.googleblog.com/en/tensorflow-lite-is-now-litert/">announcement</a>), which means that in the coming months there will be changes to the development experience for TFLite. The TF Lite Runtime source will be moved later this year, and sometime after that we will start accepting contributions through that repo.</li> <li>SignatureRunner is now supported for models with no signatures.</li> </ul> </li> </ul> <h3>Bug Fixes and Other Changes</h3> <ul> <li> <p><code>tf.data</code></p> <ul> <li>Add optional <code>synchronous</code> argument to <code>map</code>, to specify that the <code>map</code> should run synchronously, as opposed to be parallelizable when <code>options.experimental_optimization.map_parallelization=True</code>. This saves memory compared to setting <code>num_parallel_calls=1</code>.</li> <li>Add optional <code>use_unbounded_threadpool</code> argument to <code>map</code>, to specify that the <code>map</code> should use an unbounded threadpool instead of the default pool that is based on the number of cores on the machine. This can improve throughput for map functions which perform IO or otherwise release the CPU.</li> <li>Add <a href="https://www.tensorflow.org/api_docs/python/tf/data/experimental/get_model_proto"><code>tf.data.experimental.get_model_proto</code></a> to allow users to peek into the analytical model inside of a dataset iterator.</li> </ul> </li> <li> <p><code>tf.lite</code></p> <ul> <li><code>Dequantize</code> op supports <code>TensorType_INT4</code>. <ul> <li>This change includes per-channel dequantization.</li> </ul> </li> <li>Add support for <code>stablehlo.composite</code>.</li> <li><code>EmbeddingLookup</code> op supports per-channel quantization and <code>TensorType_INT4</code> values.</li> <li><code>FullyConnected</code> op supports <code>TensorType_INT16</code> activation and <code>TensorType_Int4</code> weight per-channel quantization.</li> <li>Enable per-tensor quantization support in dynamic range quantization of <code>TRANSPOSE_CONV</code> layer. Fixes TFLite converter <a href="https://redirect.github.com/tensorflow/tensorflow/issues/76624">bug</a>.</li> </ul> </li> <li> <p><code>tf.tensor_scatter_update</code>, <code>tf.tensor_scatter_add</code> and of other reduce types.</p> <ul> <li>Support <code>bad_indices_policy</code>.</li> </ul> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tensorflow/tensorflow/commit/6550e4bd80223cdb8be6c3afd1f81e86a4d433c3"><code>6550e4b</code></a> Merge pull request <a href="https://redirect.github.com/tensorflow/tensorflow/issues/78464">#78464</a> from tensorflow/rtg0795-patch-1</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/7e0c244a13a8e2968dce2600960291d5ca056ee1"><code>7e0c244</code></a> Merge pull request <a href="https://redirect.github.com/tensorflow/tensorflow/issues/78463">#78463</a> from tensorflow-jenkins/version-numbers-2.18.0-21101</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/35624d2777a87fd9c335ab6e08b3f2447b233fcf"><code>35624d2</code></a> Update RELEASE.md to move TFLite SignatureRunner to the right section</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/8d2c5e150e45747385193ee5ee3ed39f704e0bca"><code>8d2c5e1</code></a> Update version numbers to 2.18.0</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/d5f4a3f5ddc60df66d732cdba0c3ad1e51b7a339"><code>d5f4a3f</code></a> Merge pull request <a href="https://redirect.github.com/tensorflow/tensorflow/issues/77589">#77589</a> from tensorflow-jenkins/version-numbers-2.18.0rc2-1...</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/7cbcbf33bb370fa5bdf423c9c6b1b6422ed20a6d"><code>7cbcbf3</code></a> Update version numbers to 2.18.0-rc2</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/84c9398c492f13618dc147f45c20e95ecfc3defe"><code>84c9398</code></a> Merge pull request <a href="https://redirect.github.com/tensorflow/tensorflow/issues/77576">#77576</a> from tensorflow/r2.18-be4f646ec43</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/8fca5e7a885e502545086f2d5fa4e458c7fd63d0"><code>8fca5e7</code></a> PR <a href="https://redirect.github.com/tensorflow/tensorflow/issues/17430">#17430</a>: [ROCm] Use unique_ptr for TupleHandle in pjrt_se_client</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/2c3c798c33a5fbb8b63b7785716702aff222f2c4"><code>2c3c798</code></a> Merge pull request <a href="https://redirect.github.com/tensorflow/tensorflow/issues/77025">#77025</a> from tensorflow-jenkins/version-numbers-2.18.0rc1-2...</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/10693a47de32350865f04d4ad422b036552702f9"><code>10693a4</code></a> Update version numbers to 2.18.0-rc1</li> <li>Additional commits viewable in <a href="https://github.com/tensorflow/tensorflow/compare/v2.17.0...v2.18.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…k/test/generated-code (#4682) Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…s/@jsii/python-runtime (#4684) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> <h1>24.2 (2024-07-28)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code> when using a setuptools version that does not support :pep:<code>660</code> (setuptools v63 and older). (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</li> </ul> <p>Features</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Cxz324 · 2024-11-01T01:53:20Z

Description

I have three requirements files, as follows:
# requirements.txt
...
# test-requirements.txt
-r requirements.txt
...
# lint-requirements.txt
-r requirements.txt
-r test-requirements.txt
...
When attempting to pip install -r lint-requirements.txt, pip complains:
ERROR: .../requirements.txt recursively references itself in .../test-requirements.txt and again in .../lint-requirements.txt
even though there is no recursive reference here. This used to work fine prior to pip 24.3.

Expected behavior

pip should not report an error and instead should proceed with installation as usual.

pip version

24.3

Python version

3.9

OS

Linux

How to Reproduce

Place three example requirements files in a directory as above.

Run pip install -r lint-requirements.txt

Observe error.

Output
$ python3.9 -m pip install -r lint-requirements.txt -c constraints.txt
Defaulting to user installation because normal site-packages is not writeable
ERROR: <omitted>/requirements.txt recursively references itself in <omitted>/test-requirements.txt and again in <omitted>/lint-requirements.txt
Code of Conduct

I agree to follow the PSF Code of Conduct.

Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [hatch](https://github.com/pypa/hatch). Updates `pip` from 24.2 to 24.3.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> Updates `hatch` from 1.12.0 to 1.13.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/hatch/releases">hatch's releases</a>.</em></p> <blockquote> <h2>Hatchling v1.13.0</h2> <p><em><strong>Added:</strong></em></p> <ul> <li>Update the set of known trove classifiers to version 2023.2.8</li> </ul> <h2>Hatch v1.13.0</h2> <p><em><strong>Added:</strong></em></p> <ul> <li>Support managing Python 3.13 distributions</li> </ul> <h2>Hatchling v1.12.2</h2> <p><em><strong>Fixed:</strong></em></p> <ul> <li>Add <code>macos-max-compat</code> option to the <code>wheel</code> target that is enabled by default to support the latest version 22.0 of the <code>packaging</code> library</li> </ul> <h2>Hatchling v1.12.1</h2> <p><em><strong>Fixed:</strong></em></p> <ul> <li>Fix minor regression in the PEP 517/660 function signatures that was discovered by Fedora</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/hatch/commit/4e3c515bb15fd5533ced963c70308e2a271905d9"><code>4e3c515</code></a> release Hatch v1.13.0</li> <li><a href="https://github.com/pypa/hatch/commit/204c0cdc30990c0b5a983f5705967867e727982e"><code>204c0cd</code></a> Support managing Python 3.13 distributions (<a href="https://redirect.github.com/pypa/hatch/issues/1753">#1753</a>)</li> <li>See full diff in <a href="https://github.com/pypa/hatch/compare/hatch-v1.12.0...hatch-v1.13.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

@Zeitsperre

Bumps [pip](https://github.com/pypa/pip) from 24.2.0 to 24.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> <h1>24.2 (2024-07-28)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code> when using a setuptools version that does not support :pep:<code>660</code> (setuptools v63 and older). (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</li> </ul> <p>Features</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2.0&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @Zeitsperre. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

@overload

Bumps the dependabot group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [packaging](https://github.com/pypa/packaging) | `24.1` | `24.2` | | [tomli](https://github.com/hukkin/tomli) | `2.0.1` | `2.1.0` | | [wheel](https://github.com/pypa/wheel) | `0.44.0` | `0.45.0` | | [zipp](https://github.com/jaraco/zipp) | `3.20.0` | `3.21.0` | | [pip](https://github.com/pypa/pip) | `24.2` | `24.3.1` | | [setuptools](https://github.com/pypa/setuptools) | `75.2.0` | `75.5.0` | | [mypy](https://github.com/python/mypy) | `1.12.1` | `1.13.0` | Updates `packaging` from 24.1 to 24.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>24.2</h2> <h2>What's Changed</h2> <ul> <li>The source is auto-formatted with ruff, not black by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/798">pypa/packaging#798</a></li> <li>Bump the github-actions group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/813">pypa/packaging#813</a></li> <li>Apply ruff rules (RUF) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/800">pypa/packaging#800</a></li> <li>Fix typo in Version <code>__str__</code> by <a href="https://github.com/aryanpingle"><code>@aryanpingle</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/817">pypa/packaging#817</a></li> <li>Bump the github-actions group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/819">pypa/packaging#819</a></li> <li>Get rid of duplicate test cases by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/821">pypa/packaging#821</a></li> <li>Fix doc for canonicalize_version and a typo in a docstring by <a href="https://github.com/Laurent-Dx"><code>@Laurent-Dx</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/801">pypa/packaging#801</a></li> <li>docs: public/base_version comparison by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/818">pypa/packaging#818</a></li> <li>Apply ruff/bugbear rules (B) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/787">pypa/packaging#787</a></li> <li>Apply ruff/pyupgrade rules (UP) by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/786">pypa/packaging#786</a></li> <li>Add a changelog entry for dropping Python 3.7 support by <a href="https://github.com/alexwlchan"><code>@alexwlchan</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/824">pypa/packaging#824</a></li> <li>Patch python_full_version unconditionally by <a href="https://github.com/jaraco"><code>@jaraco</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/825">pypa/packaging#825</a></li> <li>Refactor canonicalize_version by <a href="https://github.com/jaraco"><code>@jaraco</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/793">pypa/packaging#793</a></li> <li>Allow creating a SpecifierSet from a list of specifiers by <a href="https://github.com/pfmoore"><code>@pfmoore</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/777">pypa/packaging#777</a></li> <li>Fix uninformative error message by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/830">pypa/packaging#830</a></li> <li>Fix prerelease detection for <code>></code> and <code><</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/794">pypa/packaging#794</a></li> <li>Bump the github-actions group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/839">pypa/packaging#839</a></li> <li>Add support for PEP 730 iOS tags. by <a href="https://github.com/freakboy3742"><code>@freakboy3742</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/832">pypa/packaging#832</a></li> <li>Update the changelog to reflect 24.1 changes by <a href="https://github.com/pradyunsg"><code>@pradyunsg</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/840">pypa/packaging#840</a></li> <li>Mention updating changelog in release process by <a href="https://github.com/pradyunsg"><code>@pradyunsg</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/841">pypa/packaging#841</a></li> <li>Add a comment as to why <code>Metadata.name</code> isn't normalized by <a href="https://github.com/brettcannon"><code>@brettcannon</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/842">pypa/packaging#842</a></li> <li>Use !r formatter for error messages with filenames. by <a href="https://github.com/Carreau"><code>@Carreau</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/844">pypa/packaging#844</a></li> <li>PEP 639: Implement License-Expression and License-File by <a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/828">pypa/packaging#828</a></li> <li>Bump the github-actions group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/852">pypa/packaging#852</a></li> <li>Upgrade to latest mypy by <a href="https://github.com/hauntsaninja"><code>@hauntsaninja</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/853">pypa/packaging#853</a></li> <li>Extraneous quotes by <a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/848">pypa/packaging#848</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aryanpingle"><code>@aryanpingle</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/817">pypa/packaging#817</a></li> <li><a href="https://github.com/Laurent-Dx"><code>@Laurent-Dx</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/801">pypa/packaging#801</a></li> <li><a href="https://github.com/alexwlchan"><code>@alexwlchan</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/824">pypa/packaging#824</a></li> <li><a href="https://github.com/jaraco"><code>@jaraco</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/825">pypa/packaging#825</a></li> <li><a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/794">pypa/packaging#794</a></li> <li><a href="https://github.com/freakboy3742"><code>@freakboy3742</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/832">pypa/packaging#832</a></li> <li><a href="https://github.com/Carreau"><code>@Carreau</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/844">pypa/packaging#844</a></li> <li><a href="https://github.com/ewdurbin"><code>@ewdurbin</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/828">pypa/packaging#828</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/packaging/compare/24.1...24.2">https://github.com/pypa/packaging/compare/24.1...24.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>24.2 - 2024-11-08</p> <pre><code> * PEP 639: Implement License-Expression and License-File (:issue:`828`) * Use ``!r`` formatter for error messages with filenames (:issue:`844`) * Add support for PEP 730 iOS tags (:issue:`832`) * Fix prerelease detection for ``>`` and ``<`` (:issue:`794`) * Fix uninformative error message (:issue:`830`) * Refactor ``canonicalize_version`` (:issue:`793`) * Patch python_full_version unconditionally (:issue:`825`) * Fix doc for ``canonicalize_version`` to mention ``strip_trailing_zero`` and a typo in a docstring (:issue:`801`) * Fix typo in Version ``__str__`` (:issue:`817`) * Support creating a ``SpecifierSet`` from an iterable of ``Specifier`` objects (:issue:`775`) </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/d8e3b31b734926ebbcaff654279f6855a73e052f"><code>d8e3b31</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/2de393d910926a0408496ac5583f733c4b9f0f5e"><code>2de393d</code></a> Update changelog for release</li> <li><a href="https://github.com/pypa/packaging/commit/9c66f5c844bf3262f560c1521a0e6837079b16ff"><code>9c66f5c</code></a> Remove extraneous quotes in f-strings by using <code>!r</code> (<a href="https://redirect.github.com/pypa/packaging/issues/848">#848</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/4dc334c86d43f83371b194ca91618ed99e0e49ca"><code>4dc334c</code></a> Upgrade to latest mypy (<a href="https://redirect.github.com/pypa/packaging/issues/853">#853</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/d1a9f938343de11f7322151c1f6de25cbb61718b"><code>d1a9f93</code></a> Bump the github-actions group with 4 updates (<a href="https://redirect.github.com/pypa/packaging/issues/852">#852</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/029f41580098bcf52b69684843bdc7ea37959a7e"><code>029f415</code></a> PEP 639: Implement License-Expression and License-File (<a href="https://redirect.github.com/pypa/packaging/issues/828">#828</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/6c338a8425803476769151953cc5de5548e2befa"><code>6c338a8</code></a> Use !r formatter for error messages with filenames. (<a href="https://redirect.github.com/pypa/packaging/issues/844">#844</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/28e7da78f6f73b4856260e24051b35a4517c0149"><code>28e7da7</code></a> Add a comment as to why <code>Metadata.name</code> isn't normalized (<a href="https://redirect.github.com/pypa/packaging/issues/842">#842</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/ce0d79c5ab6d27e856a059fbc24c0b0a7c9d8581"><code>ce0d79c</code></a> Mention updating changelog in release process (<a href="https://redirect.github.com/pypa/packaging/issues/841">#841</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/ac5bdf3605ddcbfa1f672f7cf93a19fd6d3d77ea"><code>ac5bdf3</code></a> Update the changelog to reflect 24.1 changes (<a href="https://redirect.github.com/pypa/packaging/issues/840">#840</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/24.1...24.2">compare view</a></li> </ul> </details> <br /> Updates `tomli` from 2.0.1 to 2.1.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hukkin/tomli/blob/master/CHANGELOG.md">tomli's changelog</a>.</em></p> <blockquote> <h2>2.1.0</h2> <ul> <li>Deprecated <ul> <li>Instantiating <code>TOMLDecodeError</code> with free-form arguments. <code>msg</code>, <code>doc</code> and <code>pos</code> arguments should be given.</li> </ul> </li> <li>Added <ul> <li><code>msg</code>, <code>doc</code>, <code>pos</code>, <code>lineno</code> and <code>colno</code> attributes to <code>TOMLDecodeError</code></li> </ul> </li> </ul> <h2>2.0.2</h2> <ul> <li>Removed <ul> <li>Python 3.7 support</li> </ul> </li> <li>Improved <ul> <li>Make <code>loads</code> raise <code>TypeError</code> not <code>AttributeError</code> on bad input types that do not have the <code>replace</code> attribute. Improve error message when <code>bytes</code> is received.</li> </ul> </li> <li>Type annotations <ul> <li>Type annotate <code>load</code> input as <code>typing.IO[bytes]</code> (previously <code>typing.BinaryIO</code>).</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hukkin/tomli/commit/d6e045b1e6b36c56271d9f003794d915d713f962"><code>d6e045b</code></a> Bump version: 2.0.2 → 2.1.0</li> <li><a href="https://github.com/hukkin/tomli/commit/d1d6a8571b06b18005af8bf9078c1d37de5353e1"><code>d1d6a85</code></a> Add attributes to TOMLDecodeError. Deprecate free-form <code>__init__</code> args (<a href="https://redirect.github.com/hukkin/tomli/issues/238">#238</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/59ed9efb3d6bb7ec71454601a72088b0a6853b8c"><code>59ed9ef</code></a> Add a comment about implicit lru_cache bound</li> <li><a href="https://github.com/hukkin/tomli/commit/9d25b3f99e37426d33eb8b5513890d723fefd441"><code>9d25b3f</code></a> Test against Python 3.13 final (<a href="https://redirect.github.com/hukkin/tomli/issues/237">#237</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/f57fb669e9147bc69e2681ce7eeea2ed6294c039"><code>f57fb66</code></a> Add test coverage for text mode error (<a href="https://redirect.github.com/hukkin/tomli/issues/231">#231</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/4be816b4070f1705e19231166aedf9256aa38086"><code>4be816b</code></a> Convert tox config to native TOML</li> <li><a href="https://github.com/hukkin/tomli/commit/e2f8d2dd15313d5ffca65dd8d1aaf70e6386dddc"><code>e2f8d2d</code></a> Merge pull request <a href="https://redirect.github.com/hukkin/tomli/issues/233">#233</a> from hukkin/version-2.0.2</li> <li><a href="https://github.com/hukkin/tomli/commit/3ec6775b118f2ae030d5b12c90939c7f65668e7e"><code>3ec6775</code></a> Bump version: 2.0.1 → 2.0.2</li> <li><a href="https://github.com/hukkin/tomli/commit/1dcd317c62e905655090f3e18f57c93860086904"><code>1dcd317</code></a> Add v2.0.2 changelog</li> <li><a href="https://github.com/hukkin/tomli/commit/c94ee6904bb93b84364be502fe219e849d5f9120"><code>c94ee69</code></a> Fix GitHub Actions badge</li> <li>Additional commits viewable in <a href="https://github.com/hukkin/tomli/compare/2.0.1...2.1.0">compare view</a></li> </ul> </details> <br /> Updates `wheel` from 0.44.0 to 0.45.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.45.0</h2> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>0.45.0 (2024-11-08)</strong></p> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> <p><strong>0.44.0 (2024-08-04)</strong></p> <ul> <li>Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)</li> <li>Deprecated the <code>bdist_wheel</code> module, as the code was migrated to <code>setuptools</code> itself</li> </ul> <p><strong>0.43.0 (2024-03-11)</strong></p> <ul> <li>Dropped support for Python 3.7</li> <li>Updated vendored <code>packaging</code> to 24.0</li> </ul> <p><strong>0.42.0 (2023-11-26)</strong></p> <ul> <li>Allowed removing build tag with <code>wheel tags --build ""</code></li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing updated <code>WHEEL</code> fields after a blank line, causing other tools to ignore them</li> <li>Fixed <code>wheel pack</code> and <code>wheel tags</code> writing <code>WHEEL</code> with CRLF line endings or a mix of CRLF and LF</li> <li>Fixed <code>wheel pack --build-number ""</code> not removing build tag from <code>WHEEL</code> (above changes by Benjamin Gilbert)</li> </ul> <p><strong>0.41.3 (2023-10-30)</strong></p> <ul> <li>Updated vendored <code>packaging</code> to 23.2</li> <li>Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)</li> </ul> <p><strong>0.41.2 (2023-08-22)</strong></p> <ul> <li>Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)</li> <li>Fixed <code>wheel tags</code> to not list directories in <code>RECORD</code> files (PR by Mike Taves)</li> <li>Fixed ABI tag generation for GraalPy (PR by Michael Simacek)</li> </ul> <p><strong>0.41.1 (2023-08-05)</strong></p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/d78f0e372199f8294556345d867af4d3cf118418"><code>d78f0e3</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/f064c699209e36ec2948537b7cadabf84a110c30"><code>f064c69</code></a> Added license files for vendored <code>packaging</code></li> <li><a href="https://github.com/pypa/wheel/commit/68387afcd33cb514a4da811d2fc5de73c8797e48"><code>68387af</code></a> Only configure setuptools logging if bdist_wheel is imported (<a href="https://redirect.github.com/pypa/wheel/issues/641">#641</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/c81f5c954a8ca7698e6df9de39cf0013295949fa"><code>c81f5c9</code></a> Refactored the <code>wheel convert</code> command to not require setuptools (<a href="https://redirect.github.com/pypa/wheel/issues/640">#640</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/e43464d32feaddddb235ffe21b4bf13c1193465d"><code>e43464d</code></a> Adjusted target Python versions in GitHub CI</li> <li><a href="https://github.com/pypa/wheel/commit/e9894e71bc62e5808710bc8c2c268de51aef52d4"><code>e9894e7</code></a> Tweaked pytest settings to make the tracebacks easier to read</li> <li><a href="https://github.com/pypa/wheel/commit/baf6bf89562cb42a0ca71cc1e804600b161952eb"><code>baf6bf8</code></a> Removed Cirrus CI configuration</li> <li><a href="https://github.com/pypa/wheel/commit/28c1ba1e2a6d08edc03c73e29293a571888981f9"><code>28c1ba1</code></a> Improved compatibility with future versions of <code>setuptools</code> (<a href="https://redirect.github.com/pypa/wheel/issues/638">#638</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/9254a4f9f8d9475c9f4d00a854694ddf1834ba5b"><code>9254a4f</code></a> Exclude <code>@overload</code> and <code>if TYPE_CHECKING:</code> from coverage checks</li> <li><a href="https://github.com/pypa/wheel/commit/d841597258d04f10346fbcc0ce95f9278b38ef08"><code>d841597</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/wheel/issues/635">#635</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/wheel/compare/0.44.0...0.45.0">compare view</a></li> </ul> </details> <br /> Updates `zipp` from 3.20.0 to 3.21.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's changelog</a>.</em></p> <blockquote> <h1>v3.21.0</h1> <h2>Features</h2> <ul> <li>Improve performances of :meth:<code>zipfile.Path.open</code> for non-reading modes. (1a1928d)</li> <li>Rely on cached_property to cache values on the instance.</li> <li>Rely on save_method_args to save method args.</li> </ul> <h1>v3.20.2</h1> <h2>Bugfixes</h2> <ul> <li>Make zipp.compat.overlay.zipfile hashable. (<a href="https://redirect.github.com/jaraco/zipp/issues/126">#126</a>)</li> </ul> <h1>v3.20.1</h1> <h2>Bugfixes</h2> <ul> <li><code>python/cpython#123270</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jaraco/zipp/commit/45b7f675c0bcaa4f3f9d15b4399fc71e74f2408c"><code>45b7f67</code></a> Finalize</li> <li><a href="https://github.com/jaraco/zipp/commit/71ddd8d4f4ab200af870f0060d9ee8c6b7056681"><code>71ddd8d</code></a> Skip <code>zipfile.Path.exists</code><code>python/cpython#126576</code></li> <li><a href="https://github.com/jaraco/zipp/commit/9a2705ee2a376a948f1e89320c8c7356829a42eb"><code>9a2705e</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/5c34e69568f23a524af4fa9dad3f5e80f22ec3e6"><code>5c34e69</code></a> Use extend for proper workaround.</li> <li><a href="https://github.com/jaraco/zipp/commit/ee027f698c9cc629fb0018bc55cbb73267db2817"><code>ee027f6</code></a> Merge <a href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li> <li><a href="https://github.com/jaraco/zipp/commit/750a1891ec4a1c0602050e3463e9593a8c13aa14"><code>750a189</code></a> Require Python 3.9 or later now that Python 3.8 is EOL.</li> <li><a href="https://github.com/jaraco/zipp/commit/e61a9df7cdc9c8d1b56c30b7b3f94a7cdac14414"><code>e61a9df</code></a> Include pyproject.toml in ruff.toml.</li> <li><a href="https://github.com/jaraco/zipp/commit/db4dfc495552aca8d6f05ed58441fa65fdc2ed9c"><code>db4dfc4</code></a><code>jaraco/skeleton#151</code></li> <li><a href="https://github.com/jaraco/zipp/commit/62b6678a32087ed3bfc8ff19761764340295834e"><code>62b6678</code></a> Bump pre-commit hook for ruff to avoid clashes with pytest-ruff (jaraco/skele...</li> <li><a href="https://github.com/jaraco/zipp/commit/466f53538bd84cefcca39c5a42775fef6a1bf346"><code>466f535</code></a> Merge pull request <a href="https://redirect.github.com/jaraco/zipp/issues/109">#109</a> from jaraco/feature/functools</li> <li>Additional commits viewable in <a href="https://github.com/jaraco/zipp/compare/v3.20.0...v3.21.0">compare view</a></li> </ul> </details> <br /> Updates `pip` from 24.2 to 24.3.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li> </ul> </details> <br /> Updates `setuptools` from 75.2.0 to 75.5.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v75.5.0</h1> <h2>Features</h2> <ul> <li>Removed support for <code>SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION</code>, as it is deemed prone to errors. (<a href="https://redirect.github.com/pypa/setuptools/issues/4746">#4746</a>)</li> </ul> <h1>v75.4.0</h1> <h2>Features</h2> <ul> <li> <p>Added support for the environment variable <code>SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true</code>, allowing users to bypass the validation of <code>pyproject.toml</code>. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that <code>pyproject.toml</code> complies with setuptools requirements. (<a href="https://redirect.github.com/pypa/setuptools/issues/4611">#4611</a>)</p> <p>.. attention:: This environment variable was removed in a later version of <code>setuptools</code>.</p> </li> <li> <p>Require Python 3.9 or later. (<a href="https://redirect.github.com/pypa/setuptools/issues/4718">#4718</a>)</p> </li> <li> <p>Remove dependency on <code>importlib_resources</code> and the vendored copy of the library. Instead, <code>setuptools</code> consistently rely on stdlib's <code>importlib.resources</code> (available on Python 3.9+). (<a href="https://redirect.github.com/pypa/setuptools/issues/4718">#4718</a>)</p> </li> <li> <p>Setuptools' <code>bdist_wheel</code> implementation no longer produces wheels with the <code>m</code> SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:<code>sys.abiflags</code>). (<a href="https://redirect.github.com/pypa/setuptools/issues/4718">#4718</a>)</p> </li> <li> <p>Updated vendored packaging version to 24.2. (<a href="https://redirect.github.com/pypa/setuptools/issues/4740">#4740</a>)</p> </li> </ul> <h2>Bugfixes</h2> <ul> <li>Merge with pypa/distutils@251797602, including fix for dirutil.mkpath handling in <a href="https://redirect.github.com/pypa/distutils/issues/304">pypa/distutils#304</a>.</li> </ul> <h1>v75.3.0</h1> <h2>Features</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/540001561bc2c6766940ba5fd6247735c1a3a290"><code>5400015</code></a> Bump version: 75.4.0 → 75.5.0</li> <li><a href="https://github.com/pypa/setuptools/commit/01b9f208110da1db8e8aec0debbffd15ea30a38c"><code>01b9f20</code></a> Add note about removed variable in NEWS.rst</li> <li><a href="https://github.com/pypa/setuptools/commit/57ed6f0e3967b5d6d7a0e7190a8465b38919c084"><code>57ed6f0</code></a> Revert "Allow user to skip validation of pyproject.toml via env var" (<a href="https://redirect.github.com/pypa/setuptools/issues/4746">#4746</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/36e945e5a12ed552b33c523ba8ede4fa5a38d553"><code>36e945e</code></a> Add news fragment</li> <li><a href="https://github.com/pypa/setuptools/commit/f6c9fdb5489ab49856cb1f4c237f02651c16b05f"><code>f6c9fdb</code></a> Revert "Allow user to skip validation of pyproject.toml via env var"</li> <li><a href="https://github.com/pypa/setuptools/commit/8f5559c859309a170c2056e04020ea9679fc7517"><code>8f5559c</code></a> Bump version: 75.3.0 → 75.4.0</li> <li><a href="https://github.com/pypa/setuptools/commit/6cc5f08e58aa244d08b93f8f890e4d864ee7d008"><code>6cc5f08</code></a> Update mypy requirement from ==1.12.* to >=1.12,<1.14 (<a href="https://redirect.github.com/pypa/setuptools/issues/4700">#4700</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/748c8513c91087248cf436b9fae94043e310aa9c"><code>748c851</code></a> Update mypy requirement from ==1.12.* to >=1.12,<1.14</li> <li><a href="https://github.com/pypa/setuptools/commit/c9d980f8a63f0d31144830599152e0ce60389fc8"><code>c9d980f</code></a> Refactor/unify/extract <code>shutil.rmtree</code> callbacks (and avoid repetition) (<a href="https://redirect.github.com/pypa/setuptools/issues/4682">#4682</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/db2b2065bfc20c9edf1c5d8ea9ad0ae68e64acdd"><code>db2b206</code></a> Extract test for shutil.rmtree callback to its own file</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v75.2.0...v75.5.0">compare view</a></li> </ul> </details> <br /> Updates `mypy` from 1.12.1 to 1.13.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Next release</h2> <h3>Change to enum membership semantics</h3> <p>As per the updated <a href="https://typing.readthedocs.io/en/latest/spec/enums.html#defining-members">typing specification for enums</a>, enum members must be left unannotated.</p> <pre lang="python"><code>class Pet(Enum): CAT = 1 # Member attribute DOG = 2 # Member attribute WOLF: int = 3 # New error: Enum members must be left unannotated <pre><code>species: str # Considered a non-member attribute </code></pre> <p></code></pre></p> <p>In particular, the specification change can result in issues in type stubs (<code>.pyi</code> files), since historically it was common to leave the value absent:</p> <pre lang="python"><code># In a type stub (.pyi file) <p>class Pet(Enum):<br /> # Change in semantics: previously considered members, now non-member attributes<br /> CAT: int<br /> DOG: int</p> <pre><code># Mypy will now issue a warning if it detects this situation in type stubs: # &gt; Detected enum &quot;Pet&quot; in a type stub with zero members. # &gt; There is a chance this is due to a recent change in the semantics of enum membership. # &gt; If so, use `member = value` to mark an enum member, instead of `member: type` </code></pre> <p>class Pet(Enum):<br /> # As per the specification, you should now do one of the following:<br /> DOG = 1 # Member attribute with value 1 and known type<br /> WOLF = cast(int, ...) # Member attribute with unknown value but known type<br /> LION = ... # Member attribute with unknown value and unknown type<br /> </code></pre></p> <p>Contributed by Terence Honles in PR <a href="https://redirect.github.com/python/mypy/pull/17207">17207</a> and Shantanu Jain in PR <a href="https://redirect.github.com/python/mypy/pull/18068">18068</a>.</p> <h2>Mypy 1.13</h2> <p>We’ve just uploaded mypy 1.13 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/eb310343be0399ea6755fabc259755ce1f6711e8"><code>eb31034</code></a> Bump version to 1.13.0</li> <li><a href="https://github.com/python/mypy/commit/2eeb5880184970ae1c0b20c0e06855b6d311bc19"><code>2eeb588</code></a> Update changelog for 1.12.1 (<a href="https://redirect.github.com/python/mypy/issues/17999">#17999</a>)</li> <li><a href="https://github.com/python/mypy/commit/bc0386b7f96aa131cbf345698a22a9d4b79e9cb4"><code>bc0386b</code></a> Changelog for 1.13 (<a href="https://redirect.github.com/python/mypy/issues/18000">#18000</a>)</li> <li><a href="https://github.com/python/mypy/commit/5c4d2db7009fa9035b8b3fcffe25182aaa4dc846"><code>5c4d2db</code></a> Add faster-cache extra, test in CI (<a href="https://redirect.github.com/python/mypy/issues/17978">#17978</a>)</li> <li><a href="https://github.com/python/mypy/commit/854ad189ab7c4f487950ad34e142fd327dce3227"><code>854ad18</code></a> Make is_sub_path faster (<a href="https://redirect.github.com/python/mypy/issues/17962">#17962</a>)</li> <li><a href="https://github.com/python/mypy/commit/50aa4ca8425d0bb668d514b8ee5c6aeacb605b27"><code>50aa4ca</code></a> Speed up stubs suggestions (<a href="https://redirect.github.com/python/mypy/issues/17965">#17965</a>)</li> <li><a href="https://github.com/python/mypy/commit/7c27808a0be2fc205788a826be83cbb0a68f89e1"><code>7c27808</code></a> Use orjson instead of json, when available (<a href="https://redirect.github.com/python/mypy/issues/17955">#17955</a>)</li> <li><a href="https://github.com/python/mypy/commit/2cd2406117e86838de36a9f73ba47c67fa763e1a"><code>2cd2406</code></a> Use fast path in modulefinder more often (<a href="https://redirect.github.com/python/mypy/issues/17950">#17950</a>)</li> <li><a href="https://github.com/python/mypy/commit/e20aaeeaa215b2e617d460599c4310427ba8f902"><code>e20aaee</code></a> Let mypyc optimise os.path.join (<a href="https://redirect.github.com/python/mypy/issues/17949">#17949</a>)</li> <li><a href="https://github.com/python/mypy/commit/159974cc59de459cfb3e31ba3e1d8f279734f66d"><code>159974c</code></a> Use sha1 for hashing (<a href="https://redirect.github.com/python/mypy/issues/17953">#17953</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/mypy/compare/v1.12.1...v1.13.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>24.3.1 (2024-10-27)</h1> <h2>Bug Fixes</h2> <ul> <li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) <https://github.com/pypa/pip/issues/13046></code>_)</li> </ul> <h1>24.3 (2024-10-27)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) <https://github.com/pypa/pip/issues/12918></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Detect recursively referencing requirements files and help users identify the source. (<code>[#12653](pypa/pip#12653) <https://github.com/pypa/pip/issues/12653></code>_)</li> <li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) <https://github.com/pypa/pip/issues/12961></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) <https://github.com/pypa/pip/issues/12953></code>_)</li> <li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) <https://github.com/pypa/pip/issues/8438></code>_)</li> <li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) <https://github.com/pypa/pip/issues/12901></code>_)</li> <li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) <https://github.com/pypa/pip/issues/12666></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2024.8.30</li> <li>Upgrade distlib to 0.3.9</li> <li>Upgrade truststore to 0.10.0</li> <li>Upgrade urllib3 to 1.26.20</li> </ul> <h1>24.2 (2024-07-28)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code> when using a setuptools version that does not support :pep:<code>660</code> (setuptools v63 and older). (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</li> </ul> <p>Features</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li> <li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li> <li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li> <li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li> <li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li> <li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.1.1...24.3.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

d3dave added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Oct 27, 2024

xmatthias mentioned this issue Oct 27, 2024

Release 24.3 #12941

Closed

sbidoul mentioned this issue Oct 27, 2024

Detect recursively referencing requirements files #12877

Merged

potiuk mentioned this issue Oct 27, 2024

Add an easy way to test pip from GitHub URL apache/airflow#43414

Merged

sbidoul mentioned this issue Oct 27, 2024

Don't fail when the same req file is included more than once #13047

Merged

sbidoul added C: requirement file Using `requirements.txt` and removed S: needs triage Issues/PRs that need to be triaged labels Oct 27, 2024

sbidoul added this to the 24.3 milestone Oct 27, 2024

philippemilink added a commit to philippemilink/zds-site that referenced this issue Oct 27, 2024

Gèle la version de pip

53e209a

Reste à 24.2 tant que pypa/pip#13046 n'est pas corrigé.

philippemilink mentioned this issue Oct 27, 2024

Fige la version de pip zestedesavoir/zds-site#6675

Merged

Situphen pushed a commit to zestedesavoir/zds-site that referenced this issue Oct 27, 2024

Gèle la version de pip

34e2307

Reste à 24.2 tant que pypa/pip#13046 n'est pas corrigé.

sbidoul closed this as completed in #13047 Oct 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pip mistakenly reports recursion error even when there is no recursion #13046

pip mistakenly reports recursion error even when there is no recursion #13046

d3dave commented Oct 27, 2024

xmatthias commented Oct 27, 2024 •

edited

Loading

sbidoul commented Oct 27, 2024

notatallshaw commented Oct 27, 2024 •

edited

Loading

notatallshaw commented Oct 27, 2024 •

edited

Loading

d3dave commented Oct 27, 2024

sbidoul commented Oct 27, 2024

sbidoul commented Oct 27, 2024

xmatthias commented Oct 27, 2024 •

edited

Loading

sbidoul commented Oct 27, 2024

pradyunsg commented Oct 28, 2024

Cxz324 commented Nov 1, 2024

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Code of Conduct

pip mistakenly reports recursion error even when there is no recursion #13046

pip mistakenly reports recursion error even when there is no recursion #13046

Comments

d3dave commented Oct 27, 2024

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Code of Conduct

xmatthias commented Oct 27, 2024 • edited Loading

sbidoul commented Oct 27, 2024

notatallshaw commented Oct 27, 2024 • edited Loading

notatallshaw commented Oct 27, 2024 • edited Loading

d3dave commented Oct 27, 2024

sbidoul commented Oct 27, 2024

sbidoul commented Oct 27, 2024

xmatthias commented Oct 27, 2024 • edited Loading

sbidoul commented Oct 27, 2024

pradyunsg commented Oct 28, 2024

Cxz324 commented Nov 1, 2024

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Code of Conduct

xmatthias commented Oct 27, 2024 •

edited

Loading

notatallshaw commented Oct 27, 2024 •

edited

Loading

notatallshaw commented Oct 27, 2024 •

edited

Loading

xmatthias commented Oct 27, 2024 •

edited

Loading