-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revisit displaying setuptools in pip freeze
?
#4256
Comments
Is |
I'm suggesting that setuptools be excluded from the non- |
I don't think in a general case, setuptools deserves a special case over the other items there (pip, wheel, distribute), so I'd equivocate that to suggesting that the |
|
pip freeze
/ pip list
?pip freeze
?
Given that post-PEP 517, we're gonna have no special casing for setuptools or even wheel, I'm a +1 to @Ivoz's suggestion, if it's not implemented yet. |
I'm gonna assign this to myself but if anyone wants to try their hand at this before I get too, you're more than welcome to do so. |
I've been suggesting |
I also agree that it would make sense for The other question is how should we handle the transition ?
At least, removing the |
I see the problem entirely the other way around. All the issues linked in OP have one common trait: they are all using a very old version of pip (or some installation that’s even older). Recent versions of pip do not cause the frustration, and adding setuptools to
Edit to clarify: I don’t object to including setuptools in |
New transition planPhase 1:
Phase 2:
|
All approaches here feel weird to me right now. That isn't to say that we shouldn't pick any of them, but is mostly just me stating my thoughts. With the above transition plan, we'd create busy-work for users who want to constantly "do the right thing" and address warnings they get from the tool.
I don't imagine most folks care about this additional pinning -- they won't see see any direct benefits from this change and we eat into a bit of our "churn budget". #9068 also feels weird, partly because I think it's a good idea. I guess the only thing it's missing is an escape hatch -- as proposed here to be called It feels like the best approach might be "make a breaking change without much noise, and properly communicate/fix things", and I really don't want to say "let's do that". :( |
As a middle ground, I've pushed https://github.com/pypa/pip/pull/9073/files which implement Phase 1 without the warning. |
@xavfernandez I have mixed feeling with this idea of making In most cases, applications that are installed in a virtualenv do not depend on pip, setuptools nor wheel, so it is not necessary to include these in pinned requirements. When you do, and use
So the pinning of pip, setuptools and wheel is actually misleading because on the initial install from OTOH when the application depends on setuptools or wheel (or pip), not freezing them by default is incorrect. What would be more natural IMO, is that |
I remained vague in https://github.com/pypa/pip/pull/9073/files#diff-429186493476e02aaccfb73ba9d42328c0a6b04528054a8a42ca4de2b11e9b6a by mentioning a future version, this could easily be a year or more :) With the generalization of PEP-517, I'm hopeful the inclusion of
I agree that this would be somewhat "cleaner" but it would also mean:
and I would not call this "natural" ^^ |
Hm... yes, maybe trying to be that smart is out of scope for pip freeze indeed, and that should be the role of higher level tools that know more about the user intent and context. |
Isn't the big problem here that virtualenv installs setuptools and wheel? If it weren't for that, project environments would only ever contain the packages that the project actually depended on, and build dependencies would be in So maybe we should do something like:
Yes, this is awkward, but with isolated builds, there should be no reason to install build tools in environments anyway. So we're working round other projects' (incorrect?) ideas of what "everyone needs" - which is always awkward... ¹ And maybe we need to consider conda environments as another case 🙁 |
195: Update pip to 20.3 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**. <details> <summary>Changelog</summary> ### 20.3 ``` - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `8377 <https://github.com/pypa/pip/issues/8377>`_) - Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_) - Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_) - Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_) - Generate PEP 376 REQUESTED metadata for user supplied requirements installed by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_) - Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_) - Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_) - Allow the new resolver to obtain dependency information through wheels lazily downloaded using HTTP range requests. To enable this feature, invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_) - Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_) Bug Fixes --------- - Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_) - Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_) - The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_) - Correctly treat non-ASCII entry point declarations in wheels so they can be installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_) - Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_) - Headers provided by wheels in .data directories are now correctly installed into the user-provided locations, such as ``--prefix``, instead of the virtual environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_) Vendored Libraries ------------------ - Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3. - Upgrade appdirs to 1.4.4 - Upgrade certifi to 2020.6.20 - Upgrade distlib to 0.3.1 - Upgrade html5lib to 1.1 - Upgrade idna to 2.10 - Upgrade packaging to 20.4 - Upgrade requests to 2.24.0 - Upgrade six to 1.15.0 - Upgrade toml to 0.10.1 - Upgrade urllib3 to 1.25.9 Improved Documentation ---------------------- - Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_) - List of options supported in requirements file are extracted from source of truth, instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_) - Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_) - replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 <https://github.com/pypa/pip/issues/8353>`_) - Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_) - Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_) - Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_) - Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_) ``` ### 20.3b1 ``` =================== Deprecations and Removals ------------------------- - ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version. To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_) - Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_) - Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_) - Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_) Features -------- - Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_) - Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_) - Improve error message friendliness when an environment has packages with corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_) - Make the ``setup.py install`` deprecation warning less noisy. We warn only when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_) - Check the download directory for existing wheels to possibly avoid fetching metadata when the ``fast-deps`` feature is used with ``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_) - When installing a git URL that refers to a commit that is not available locally after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_) - Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_) - Cache package listings on index packages so they are guarenteed to stay stable during a pip command session. This also improves performance when a index page is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_) - New resolver: Tweak resolution logic to improve user experience when user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_) - Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_) - Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_) - Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_) - Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_) Bug Fixes --------- - Propagate ``--extra-index-url`` from requirements file properly to session auth, so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_) - Allow specifying verbosity and quiet level via configuration files and environment variables. Previously these options were treated as boolean values when read from there while through CLI the level can be specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_) - Only converts Windows path to unicode on Python 2 to avoid regressions when a POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_) - List downloaded distributions before exiting ``pip download`` when using the new resolver to make the behavior the same as that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_) - New resolver: Pick up hash declarations in constraints files and use them to filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_) - Avoid polluting the destination directory by resolution artifacts when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_) - New resolver: If a package appears multiple times in user specification with different ``--hash`` options, only hashes that present in all specifications should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_) - Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_) - Correctly search for installed distributions in new resolver logic in order to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_) - Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file with editable=True. Render it as a non-editable ``file://`` URL until modern editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_) Vendored Libraries ------------------ - Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed. It is mandatory for ``pip debug`` command. Improved Documentation ---------------------- - Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_) - Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_) - Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_) - Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `8848 <https://github.com/pypa/pip/issues/8848>`_) - Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_) - Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_) - Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <[email protected]>
195: Update pip to 20.3 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**. <details> <summary>Changelog</summary> ### 20.3 ``` - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `8377 <https://github.com/pypa/pip/issues/8377>`_) - Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_) - Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_) - Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_) - Generate PEP 376 REQUESTED metadata for user supplied requirements installed by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_) - Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_) - Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_) - Allow the new resolver to obtain dependency information through wheels lazily downloaded using HTTP range requests. To enable this feature, invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_) - Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_) Bug Fixes --------- - Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_) - Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_) - The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_) - Correctly treat non-ASCII entry point declarations in wheels so they can be installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_) - Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_) - Headers provided by wheels in .data directories are now correctly installed into the user-provided locations, such as ``--prefix``, instead of the virtual environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_) Vendored Libraries ------------------ - Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3. - Upgrade appdirs to 1.4.4 - Upgrade certifi to 2020.6.20 - Upgrade distlib to 0.3.1 - Upgrade html5lib to 1.1 - Upgrade idna to 2.10 - Upgrade packaging to 20.4 - Upgrade requests to 2.24.0 - Upgrade six to 1.15.0 - Upgrade toml to 0.10.1 - Upgrade urllib3 to 1.25.9 Improved Documentation ---------------------- - Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_) - List of options supported in requirements file are extracted from source of truth, instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_) - Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_) - replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 <https://github.com/pypa/pip/issues/8353>`_) - Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_) - Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_) - Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_) - Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_) ``` ### 20.3b1 ``` =================== Deprecations and Removals ------------------------- - ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version. To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_) - Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_) - Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_) - Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_) Features -------- - Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_) - Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_) - Improve error message friendliness when an environment has packages with corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_) - Make the ``setup.py install`` deprecation warning less noisy. We warn only when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_) - Check the download directory for existing wheels to possibly avoid fetching metadata when the ``fast-deps`` feature is used with ``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_) - When installing a git URL that refers to a commit that is not available locally after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_) - Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_) - Cache package listings on index packages so they are guarenteed to stay stable during a pip command session. This also improves performance when a index page is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_) - New resolver: Tweak resolution logic to improve user experience when user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_) - Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_) - Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_) - Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_) - Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_) Bug Fixes --------- - Propagate ``--extra-index-url`` from requirements file properly to session auth, so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_) - Allow specifying verbosity and quiet level via configuration files and environment variables. Previously these options were treated as boolean values when read from there while through CLI the level can be specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_) - Only converts Windows path to unicode on Python 2 to avoid regressions when a POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_) - List downloaded distributions before exiting ``pip download`` when using the new resolver to make the behavior the same as that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_) - New resolver: Pick up hash declarations in constraints files and use them to filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_) - Avoid polluting the destination directory by resolution artifacts when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_) - New resolver: If a package appears multiple times in user specification with different ``--hash`` options, only hashes that present in all specifications should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_) - Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_) - Correctly search for installed distributions in new resolver logic in order to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_) - Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file with editable=True. Render it as a non-editable ``file://`` URL until modern editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_) Vendored Libraries ------------------ - Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed. It is mandatory for ``pip debug`` command. Improved Documentation ---------------------- - Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_) - Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_) - Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_) - Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `8848 <https://github.com/pypa/pip/issues/8848>`_) - Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_) - Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_) - Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <[email protected]>
195: Update pip to 20.3 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**. <details> <summary>Changelog</summary> ### 20.3 ``` - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `8377 <https://github.com/pypa/pip/issues/8377>`_) - Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_) - Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_) - Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_) - Generate PEP 376 REQUESTED metadata for user supplied requirements installed by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_) - Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_) - Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_) - Allow the new resolver to obtain dependency information through wheels lazily downloaded using HTTP range requests. To enable this feature, invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_) - Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_) Bug Fixes --------- - Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_) - Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_) - The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_) - Correctly treat non-ASCII entry point declarations in wheels so they can be installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_) - Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_) - Headers provided by wheels in .data directories are now correctly installed into the user-provided locations, such as ``--prefix``, instead of the virtual environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_) Vendored Libraries ------------------ - Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3. - Upgrade appdirs to 1.4.4 - Upgrade certifi to 2020.6.20 - Upgrade distlib to 0.3.1 - Upgrade html5lib to 1.1 - Upgrade idna to 2.10 - Upgrade packaging to 20.4 - Upgrade requests to 2.24.0 - Upgrade six to 1.15.0 - Upgrade toml to 0.10.1 - Upgrade urllib3 to 1.25.9 Improved Documentation ---------------------- - Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_) - List of options supported in requirements file are extracted from source of truth, instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_) - Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_) - replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 <https://github.com/pypa/pip/issues/8353>`_) - Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_) - Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_) - Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_) - Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_) ``` ### 20.3b1 ``` =================== Deprecations and Removals ------------------------- - ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version. To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_) - Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_) - Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_) - Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_) Features -------- - Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_) - Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_) - Improve error message friendliness when an environment has packages with corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_) - Make the ``setup.py install`` deprecation warning less noisy. We warn only when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_) - Check the download directory for existing wheels to possibly avoid fetching metadata when the ``fast-deps`` feature is used with ``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_) - When installing a git URL that refers to a commit that is not available locally after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_) - Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_) - Cache package listings on index packages so they are guarenteed to stay stable during a pip command session. This also improves performance when a index page is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_) - New resolver: Tweak resolution logic to improve user experience when user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_) - Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_) - Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_) - Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_) - Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_) Bug Fixes --------- - Propagate ``--extra-index-url`` from requirements file properly to session auth, so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_) - Allow specifying verbosity and quiet level via configuration files and environment variables. Previously these options were treated as boolean values when read from there while through CLI the level can be specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_) - Only converts Windows path to unicode on Python 2 to avoid regressions when a POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_) - List downloaded distributions before exiting ``pip download`` when using the new resolver to make the behavior the same as that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_) - New resolver: Pick up hash declarations in constraints files and use them to filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_) - Avoid polluting the destination directory by resolution artifacts when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_) - New resolver: If a package appears multiple times in user specification with different ``--hash`` options, only hashes that present in all specifications should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_) - Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_) - Correctly search for installed distributions in new resolver logic in order to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_) - Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file with editable=True. Render it as a non-editable ``file://`` URL until modern editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_) Vendored Libraries ------------------ - Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed. It is mandatory for ``pip debug`` command. Improved Documentation ---------------------- - Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_) - Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_) - Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_) - Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `8848 <https://github.com/pypa/pip/issues/8848>`_) - Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_) - Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_) - Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <[email protected]>
194: Update pytest-pylint to 0.18.0 r=duckinator a=pyup-bot This PR updates [pytest-pylint](https://pypi.org/project/pytest-pylint) from **0.17.0** to **0.18.0**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pytest-pylint - Changelog: https://pyup.io/changelogs/pytest-pylint/ - Repo: https://github.com/carsongee/pytest-pylint </details> 197: Update pip to 20.3.1 r=duckinator a=pyup-bot This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3.1**. <details> <summary>Changelog</summary> ### 20.3.1 ``` =================== Deprecations and Removals ------------------------- - The --build-dir option has been restored as a no-op, to soften the transition for tools that still used it. (`9193 <https://github.com/pypa/pip/issues/9193>`_) ``` ### 20.3 ``` - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `8377 <https://github.com/pypa/pip/issues/8377>`_) - Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_) - Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_) - Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_) - Generate PEP 376 REQUESTED metadata for user supplied requirements installed by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_) - Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_) - Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_) - Allow the new resolver to obtain dependency information through wheels lazily downloaded using HTTP range requests. To enable this feature, invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_) - Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_) Bug Fixes --------- - Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_) - Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_) - The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_) - Correctly treat non-ASCII entry point declarations in wheels so they can be installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_) - Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_) - Headers provided by wheels in .data directories are now correctly installed into the user-provided locations, such as ``--prefix``, instead of the virtual environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_) Vendored Libraries ------------------ - Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3. - Upgrade appdirs to 1.4.4 - Upgrade certifi to 2020.6.20 - Upgrade distlib to 0.3.1 - Upgrade html5lib to 1.1 - Upgrade idna to 2.10 - Upgrade packaging to 20.4 - Upgrade requests to 2.24.0 - Upgrade six to 1.15.0 - Upgrade toml to 0.10.1 - Upgrade urllib3 to 1.25.9 Improved Documentation ---------------------- - Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_) - List of options supported in requirements file are extracted from source of truth, instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_) - Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_) - replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 <https://github.com/pypa/pip/issues/8353>`_) - Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_) - Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_) - Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_) - Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_) ``` ### 20.3b1 ``` =================== Deprecations and Removals ------------------------- - ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version. To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_) - Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_) - Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_) - Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_) Features -------- - Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_) - Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_) - Improve error message friendliness when an environment has packages with corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_) - Make the ``setup.py install`` deprecation warning less noisy. We warn only when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_) - Check the download directory for existing wheels to possibly avoid fetching metadata when the ``fast-deps`` feature is used with ``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_) - When installing a git URL that refers to a commit that is not available locally after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_) - Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_) - Cache package listings on index packages so they are guarenteed to stay stable during a pip command session. This also improves performance when a index page is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_) - New resolver: Tweak resolution logic to improve user experience when user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_) - Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_) - Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_) - Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_) - Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_) Bug Fixes --------- - Propagate ``--extra-index-url`` from requirements file properly to session auth, so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_) - Allow specifying verbosity and quiet level via configuration files and environment variables. Previously these options were treated as boolean values when read from there while through CLI the level can be specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_) - Only converts Windows path to unicode on Python 2 to avoid regressions when a POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_) - List downloaded distributions before exiting ``pip download`` when using the new resolver to make the behavior the same as that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_) - New resolver: Pick up hash declarations in constraints files and use them to filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_) - Avoid polluting the destination directory by resolution artifacts when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_) - New resolver: If a package appears multiple times in user specification with different ``--hash`` options, only hashes that present in all specifications should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_) - Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_) - Correctly search for installed distributions in new resolver logic in order to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_) - Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file with editable=True. Render it as a non-editable ``file://`` URL until modern editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_) Vendored Libraries ------------------ - Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed. It is mandatory for ``pip debug`` command. Improved Documentation ---------------------- - Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_) - Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_) - Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_) - Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `8848 <https://github.com/pypa/pip/issues/8848>`_) - Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_) - Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_) - Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> Co-authored-by: pyup-bot <[email protected]> Co-authored-by: Ellen Marie Dash <[email protected]>
Perhaps now that ensurepip and virtualenv no longer install setuptools/wheel when used with Python 3.12+, pip can also stop excluding these projects from freeze output when used with 3.12+? |
I was thinking the same when I saw the issue title in my notification (before reading the content)! Personally I’d be more than happy to approve such a pull request. |
Bumps [pip](https://github.com/pypa/pip) from 22.3.1 to 23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.3.1...23.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.3.1&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…s/@jsii/python-runtime (#4182) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1...23.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…k/test/generated-code (#4183) Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2023.5.7</li> <li>Upgrade platformdirs to 3.8.1</li> <li>Upgrade pygments to 2.15.1</li> <li>Upgrade pyparsing to 3.1.0</li> <li>Upgrade Requests to 2.31.0</li> <li>Upgrade rich to 13.4.2</li> <li>Upgrade setuptools to 68.0.0</li> <li>Updated typing_extensions to 4.6.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li> <li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li> <li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li> <li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li> <li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li> <li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li> <li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2.1 (2023-07-22)</h1> <h2>Bug Fixes</h2> <ul> <li>Disable PEP 658 metadata fetching with the legacy resolver. (<code>[#12156](pypa/pip#12156) <https://github.com/pypa/pip/issues/12156></code>_)</li> </ul> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https://github.com/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https://github.com/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https://github.com/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https://github.com/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https://github.com/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https://github.com/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https://github.com/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https://github.com/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https://github.com/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https://github.com/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https://github.com/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https://github.com/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https://github.com/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from pfmoore/fix_12156</li> <li><a href="https://github.com/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a> Fix a direct creation of RequirementPreparer in the tests</li> <li><a href="https://github.com/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a> Disable PEP 658 for the legacy resolver</li> <li><a href="https://github.com/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a> Use strict optional checking in misc.py (<a href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li> <li><a href="https://github.com/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from mtreinish/patch-1</li> <li><a href="https://github.com/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a> Correct typo in 23.2 Changelog Bug Fixes</li> <li><a href="https://github.com/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from pfmoore/release/23.2</li> <li><a href="https://github.com/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a> Bump for development</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Given the frustration with setuptools 34 is it perhaps a good time to reconsider the display of setuptools in pip freeze? At least at $work, it is a strong suggestion to pin everything in applications (you can see our full set of tooling here), even setuptools / pip / wheel for repeatable builds -- perhaps setuptools and its new dependencies should be included as well (without needing our own implementation of pip freeze which includes them).
The text was updated successfully, but these errors were encountered: