Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update pip to 19.3.1 #76

Closed
wants to merge 1 commit into from
Closed

Conversation

pyup-bot
Copy link

This PR updates pip from 8.1.2 to 19.3.1.

Changelog

19.3.1

===================

Features
--------

- Document Python 3.8 support. (`7219 <https://github.com/pypa/pip/issues/7219>`_)

Bug Fixes
---------

- Fix bug that prevented installation of PEP 517 packages without ``setup.py``. (`6606 <https://github.com/pypa/pip/issues/6606>`_)

19.3

=================

Deprecations and Removals
-------------------------

- Remove undocumented support for un-prefixed URL requirements pointing
to SVN repositories. Users relying on this can get the original behavior
by prefixing their URL with ``svn+`` (which is backwards-compatible). (`7037 <https://github.com/pypa/pip/issues/7037>`_)
- Remove the deprecated ``--venv`` option from ``pip config``. (`7163 <https://github.com/pypa/pip/issues/7163>`_)

Features
--------

- Print a better error message when ``--no-binary`` or ``--only-binary`` is given
an argument starting with ``-``. (`3191 <https://github.com/pypa/pip/issues/3191>`_)
- Make ``pip show`` warn about packages not found. (`6858 <https://github.com/pypa/pip/issues/6858>`_)
- Support including a port number in ``--trusted-host`` for both HTTP and HTTPS. (`6886 <https://github.com/pypa/pip/issues/6886>`_)
- Redact single-part login credentials from URLs in log messages. (`6891 <https://github.com/pypa/pip/issues/6891>`_)
- Implement manylinux2014 platform tag support.  manylinux2014 is the successor
to manylinux2010.  It allows carefully compiled binary wheels to be installed
on compatible Linux platforms.  The manylinux2014 platform tag definition can
be found in `PEP599 <https://www.python.org/dev/peps/pep-0599/>`_. (`7102 <https://github.com/pypa/pip/issues/7102>`_)

Bug Fixes
---------

- Abort installation if any archive contains a file which would be placed
outside the extraction location. (`3907 <https://github.com/pypa/pip/issues/3907>`_)
- pip's CLI completion code no longer prints a Traceback if it is interrupted. (`3942 <https://github.com/pypa/pip/issues/3942>`_)
- Correct inconsistency related to the ``hg+file`` scheme. (`4358 <https://github.com/pypa/pip/issues/4358>`_)
- Fix ``rmtree_errorhandler`` to skip non-existing directories. (`4910 <https://github.com/pypa/pip/issues/4910>`_)
- Ignore errors copying socket files for local source installs (in Python 3). (`5306 <https://github.com/pypa/pip/issues/5306>`_)
- Fix requirement line parser to correctly handle PEP 440 requirements with a URL
pointing to an archive file. (`6202 <https://github.com/pypa/pip/issues/6202>`_)
- The ``pip-wheel-metadata`` directory does not need to persist between invocations of pip, use a temporary directory instead of the current ``setup.py`` directory. (`6213 <https://github.com/pypa/pip/issues/6213>`_)
- Fix ``--trusted-host`` processing under HTTPS to trust any port number used
with the host. (`6705 <https://github.com/pypa/pip/issues/6705>`_)
- Switch to new ``distlib`` wheel script template. This should be functionally
equivalent for end users. (`6763 <https://github.com/pypa/pip/issues/6763>`_)
- Skip copying .tox and .nox directories to temporary build directories (`6770 <https://github.com/pypa/pip/issues/6770>`_)
- Fix handling of tokens (single part credentials) in URLs. (`6795 <https://github.com/pypa/pip/issues/6795>`_)
- Fix a regression that caused ``~`` expansion not to occur in ``--find-links``
paths. (`6804 <https://github.com/pypa/pip/issues/6804>`_)
- Fix bypassed pip upgrade warning on Windows. (`6841 <https://github.com/pypa/pip/issues/6841>`_)
- Fix 'm' flag erroneously being appended to ABI tag in Python 3.8 on platforms that do not provide SOABI (`6885 <https://github.com/pypa/pip/issues/6885>`_)
- Hide security-sensitive strings like passwords in log messages related to
version control system (aka VCS) command invocations. (`6890 <https://github.com/pypa/pip/issues/6890>`_)
- Correctly uninstall symlinks that were installed in a virtualenv,
by tools such as ``flit install --symlink``. (`6892 <https://github.com/pypa/pip/issues/6892>`_)
- Don't fail installation using pip.exe on Windows when pip wouldn't be upgraded. (`6924 <https://github.com/pypa/pip/issues/6924>`_)
- Use canonical distribution names when computing ``Required-By`` in ``pip show``. (`6947 <https://github.com/pypa/pip/issues/6947>`_)
- Don't use hardlinks for locking selfcheck state file. (`6954 <https://github.com/pypa/pip/issues/6954>`_)
- Ignore "require_virtualenv" in ``pip config`` (`6991 <https://github.com/pypa/pip/issues/6991>`_)
- Fix ``pip freeze`` not showing correct entry for mercurial packages that use subdirectories. (`7071 <https://github.com/pypa/pip/issues/7071>`_)
- Fix a crash when ``sys.stdin`` is set to ``None``, such as on AWS Lambda. (`7118 <https://github.com/pypa/pip/issues/7118>`_, `7119 <https://github.com/pypa/pip/issues/7119>`_)

Vendored Libraries
------------------

- Upgrade certifi to 2019.9.11
- Add contextlib2 0.6.0 as a vendored dependency.
- Remove Lockfile as a vendored dependency.
- Upgrade msgpack to 0.6.2
- Upgrade packaging to 19.2
- Upgrade pep517 to 0.7.0
- Upgrade pyparsing to 2.4.2
- Upgrade pytoml to 0.1.21
- Upgrade setuptools to 41.4.0
- Upgrade urllib3 to 1.25.6

Improved Documentation
----------------------

- Document caveats for UNC paths in uninstall and add .pth unit tests. (`6516 <https://github.com/pypa/pip/issues/6516>`_)
- Add architectural overview documentation. (`6637 <https://github.com/pypa/pip/issues/6637>`_)
- Document that ``--ignore-installed`` is dangerous. (`6794 <https://github.com/pypa/pip/issues/6794>`_)

19.2.3

===================

Bug Fixes
---------

- Fix 'm' flag erroneously being appended to ABI tag in Python 3.8 on platforms that do not provide SOABI (`6885 <https://github.com/pypa/pip/issues/6885>`_)

19.2.2

===================

Bug Fixes
---------

- Fix handling of tokens (single part credentials) in URLs. (`6795 <https://github.com/pypa/pip/issues/6795>`_)
- Fix a regression that caused ``~`` expansion not to occur in ``--find-links``
paths. (`6804 <https://github.com/pypa/pip/issues/6804>`_)

19.2.1

===================

Bug Fixes
---------

- Fix a ``NoneType`` ``AttributeError`` when evaluating hashes and no hashes
are provided. (`6772 <https://github.com/pypa/pip/issues/6772>`_)

19.2

=================

Deprecations and Removals
-------------------------

- Drop support for EOL Python 3.4. (`6685 <https://github.com/pypa/pip/issues/6685>`_)
- Improve deprecation messages to include the version in which the functionality will be removed. (`6549 <https://github.com/pypa/pip/issues/6549>`_)

Features
--------

- Credentials will now be loaded using `keyring` when installed. (`5948 <https://github.com/pypa/pip/issues/5948>`_)
- Fully support using ``--trusted-host`` inside requirements files. (`3799 <https://github.com/pypa/pip/issues/3799>`_)
- Update timestamps in pip's ``--log`` file to include milliseconds. (`6587 <https://github.com/pypa/pip/issues/6587>`_)
- Respect whether a file has been marked as "yanked" from a simple repository
(see `PEP 592 <https://www.python.org/dev/peps/pep-0592/>`__ for details). (`6633 <https://github.com/pypa/pip/issues/6633>`_)
- When choosing candidates to install, prefer candidates with a hash matching
one of the user-provided hashes. (`5874 <https://github.com/pypa/pip/issues/5874>`_)
- Improve the error message when ``METADATA`` or ``PKG-INFO`` is None when
accessing metadata. (`5082 <https://github.com/pypa/pip/issues/5082>`_)
- Add a new command ``pip debug`` that can display e.g. the list of compatible
tags for the current Python. (`6638 <https://github.com/pypa/pip/issues/6638>`_)
- Display hint on installing with --pre when search results include pre-release versions. (`5169 <https://github.com/pypa/pip/issues/5169>`_)
- Report to Warehouse that pip is running under CI if the ``PIP_IS_CI`` environment variable is set. (`5499 <https://github.com/pypa/pip/issues/5499>`_)
- Allow ``--python-version`` to be passed as a dotted version string (e.g.
``3.7`` or ``3.7.3``). (`6585 <https://github.com/pypa/pip/issues/6585>`_)
- Log the final filename and SHA256 of a ``.whl`` file when done building a
wheel. (`5908 <https://github.com/pypa/pip/issues/5908>`_)
- Include the wheel's tags in the log message explanation when a candidate
wheel link is found incompatible. (`6121 <https://github.com/pypa/pip/issues/6121>`_)
- Add a ``--path`` argument to ``pip freeze`` to support ``--target``
installations. (`6404 <https://github.com/pypa/pip/issues/6404>`_)
- Add a ``--path`` argument to ``pip list`` to support ``--target``
installations. (`6551 <https://github.com/pypa/pip/issues/6551>`_)

Bug Fixes
---------

- Set ``sys.argv[0]`` to the underlying ``setup.py`` when invoking ``setup.py``
via the setuptools shim so setuptools doesn't think the path is ``-c``. (`1890 <https://github.com/pypa/pip/issues/1890>`_)
- Update ``pip download`` to respect the given ``--python-version`` when checking
``"Requires-Python"``. (`5369 <https://github.com/pypa/pip/issues/5369>`_)
- Respect ``--global-option`` and ``--install-option`` when installing from
a version control url (e.g. ``git``). (`5518 <https://github.com/pypa/pip/issues/5518>`_)
- Make the "ascii" progress bar really be "ascii" and not Unicode. (`5671 <https://github.com/pypa/pip/issues/5671>`_)
- Fail elegantly when trying to set an incorrectly formatted key in config. (`5963 <https://github.com/pypa/pip/issues/5963>`_)
- Prevent DistutilsOptionError when prefix is indicated in the global environment and `--target` is used. (`6008 <https://github.com/pypa/pip/issues/6008>`_)
- Fix ``pip install`` to respect ``--ignore-requires-python`` when evaluating
links. (`6371 <https://github.com/pypa/pip/issues/6371>`_)
- Fix a debug log message when freezing an editable, non-version controlled
requirement. (`6383 <https://github.com/pypa/pip/issues/6383>`_)
- Extend to Subversion 1.8+ the behavior of calling Subversion in
interactive mode when pip is run interactively. (`6386 <https://github.com/pypa/pip/issues/6386>`_)
- Prevent ``pip install <url>`` from permitting directory traversal if e.g.
a malicious server sends a ``Content-Disposition`` header with a filename
containing ``../`` or ``..\\``. (`6413 <https://github.com/pypa/pip/issues/6413>`_)
- Hide passwords in output when using ``--find-links``. (`6489 <https://github.com/pypa/pip/issues/6489>`_)
- Include more details in the log message if ``pip freeze`` can't generate a
requirement string for a particular distribution. (`6513 <https://github.com/pypa/pip/issues/6513>`_)
- Add the line number and file location to the error message when reading an
invalid requirements file in certain situations. (`6527 <https://github.com/pypa/pip/issues/6527>`_)
- Prefer ``os.confstr`` to ``ctypes`` when extracting glibc version info. (`6543 <https://github.com/pypa/pip/issues/6543>`_, `6675 <https://github.com/pypa/pip/issues/6675>`_)
- Improve error message printed when an invalid editable requirement is provided. (`6648 <https://github.com/pypa/pip/issues/6648>`_)
- Improve error message formatting when a command errors out in a subprocess. (`6651 <https://github.com/pypa/pip/issues/6651>`_)

Vendored Libraries
------------------

- Upgrade certifi to 2019.6.16
- Upgrade distlib to 0.2.9.post0
- Upgrade msgpack to 0.6.1
- Upgrade requests to 2.22.0
- Upgrade urllib3 to 1.25.3
- Patch vendored html5lib, to prefer using `collections.abc` where possible.

Improved Documentation
----------------------

- Document how Python 2.7 support will be maintained. (`6726 <https://github.com/pypa/pip/issues/6726>`_)
- Upgrade Sphinx version used to build documentation. (`6471 <https://github.com/pypa/pip/issues/6471>`_)
- Fix generation of subcommand manpages. (`6724 <https://github.com/pypa/pip/issues/6724>`_)
- Mention that pip can install from git refs. (`6512 <https://github.com/pypa/pip/issues/6512>`_)
- Replace a failing example of pip installs with extras with a working one. (`4733 <https://github.com/pypa/pip/issues/4733>`_)

19.1.1

===================

Features
--------

- Restore ``pyproject.toml`` handling to how it was with pip 19.0.3 to prevent
the need to add ``--no-use-pep517`` when installing in editable mode. (`6434 <https://github.com/pypa/pip/issues/6434>`_)

Bug Fixes
---------

- Fix a regression that caused `` to be quoted in pypiserver links.
This interfered with parsing the revision string from VCS urls. (`6440 <https://github.com/pypa/pip/issues/6440>`_)

19.1

=================

Features
--------

- Configuration files may now also be stored under ``sys.prefix`` (`5060 <https://github.com/pypa/pip/issues/5060>`_)
- Avoid creating an unnecessary local clone of a Bazaar branch when exporting. (`5443 <https://github.com/pypa/pip/issues/5443>`_)
- Include in pip's User-Agent string whether it looks like pip is running
under CI. (`5499 <https://github.com/pypa/pip/issues/5499>`_)
- A custom (JSON-encoded) string can now be added to pip's User-Agent
using the ``PIP_USER_AGENT_USER_DATA`` environment variable. (`5549 <https://github.com/pypa/pip/issues/5549>`_)
- For consistency, passing ``--no-cache-dir`` no longer affects whether wheels
will be built.  In this case, a temporary directory is used. (`5749 <https://github.com/pypa/pip/issues/5749>`_)
- Command arguments in ``subprocess`` log messages are now quoted using
``shlex.quote()``. (`6290 <https://github.com/pypa/pip/issues/6290>`_)
- Prefix warning and error messages in log output with `WARNING` and `ERROR`. (`6298 <https://github.com/pypa/pip/issues/6298>`_)
- Using ``--build-options`` in a PEP 517 build now fails with an error,
rather than silently ignoring the option. (`6305 <https://github.com/pypa/pip/issues/6305>`_)
- Error out with an informative message if one tries to install a
``pyproject.toml``-style (PEP 517) source tree using ``--editable`` mode. (`6314 <https://github.com/pypa/pip/issues/6314>`_)
- When downloading a package, the ETA and average speed now only update once per second for better legibility. (`6319 <https://github.com/pypa/pip/issues/6319>`_)

Bug Fixes
---------

- The stdout and stderr from VCS commands run by pip as subprocesses (e.g.
``git``, ``hg``, etc.) no longer pollute pip's stdout. (`1219 <https://github.com/pypa/pip/issues/1219>`_)
- Fix handling of requests exceptions when dependencies are debundled. (`4195 <https://github.com/pypa/pip/issues/4195>`_)
- Make pip's self version check avoid recommending upgrades to prereleases if the currently-installed version is stable. (`5175 <https://github.com/pypa/pip/issues/5175>`_)
- Fixed crash when installing a requirement from a URL that comes from a dependency without a URL. (`5889 <https://github.com/pypa/pip/issues/5889>`_)
- Improve handling of file URIs: correctly handle `file://localhost/...` and don't try to use UNC paths on Unix. (`5892 <https://github.com/pypa/pip/issues/5892>`_)
- Fix ``utils.encoding.auto_decode()`` ``LookupError`` with invalid encodings.
``utils.encoding.auto_decode()`` was broken when decoding Big Endian BOM
byte-strings on Little Endian or vice versa. (`6054 <https://github.com/pypa/pip/issues/6054>`_)
- Fix incorrect URL quoting of IPv6 addresses. (`6285 <https://github.com/pypa/pip/issues/6285>`_)
- Redact the password from the extra index URL when using ``pip -v``. (`6295 <https://github.com/pypa/pip/issues/6295>`_)
- The spinner no longer displays a completion message after subprocess calls
not needing a spinner. It also no longer incorrectly reports an error after
certain subprocess calls to Git that succeeded. (`6312 <https://github.com/pypa/pip/issues/6312>`_)
- Fix the handling of editable mode during installs when ``pyproject.toml`` is
present but PEP 517 doesn't require the source tree to be treated as
``pyproject.toml``-style. (`6370 <https://github.com/pypa/pip/issues/6370>`_)
- Fix ``NameError`` when handling an invalid requirement. (`6419 <https://github.com/pypa/pip/issues/6419>`_)

Vendored Libraries
------------------

- Updated certifi to 2019.3.9
- Updated distro to 1.4.0
- Update progress to 1.5
- Updated pyparsing to 2.4.0
- Updated pkg_resources to 41.0.1 (via setuptools)

Improved Documentation
----------------------

- Make dashes render correctly when displaying long options like
``--find-links`` in the text. (`6422 <https://github.com/pypa/pip/issues/6422>`_)

19.0.3

===================

Bug Fixes
---------

- Fix an ``IndexError`` crash when a legacy build of a wheel fails. (`6252 <https://github.com/pypa/pip/issues/6252>`_)
- Fix a regression introduced in 19.0.2 where the filename in a RECORD file
of an installed file would not be updated when installing a wheel. (`6266 <https://github.com/pypa/pip/issues/6266>`_)

19.0.2

===================

Bug Fixes
---------

- Fix a crash where PEP 517-based builds using ``--no-cache-dir`` would fail in
some circumstances with an ``AssertionError`` due to not finalizing a build
directory internally. (`6197 <https://github.com/pypa/pip/issues/6197>`_)
- Provide a better error message if attempting an editable install of a
directory with a ``pyproject.toml`` but no ``setup.py``. (`6170 <https://github.com/pypa/pip/issues/6170>`_)
- The implicit default backend used for projects that provide a ``pyproject.toml``
file without explicitly specifying ``build-backend`` now behaves more like direct
execution of ``setup.py``, and hence should restore compatibility with projects
that were unable to be installed with ``pip`` 19.0. This raised the minimum
required version of ``setuptools`` for such builds to 40.8.0. (`6163 <https://github.com/pypa/pip/issues/6163>`_)
- Allow ``RECORD`` lines with more than three elements, and display a warning. (`6165 <https://github.com/pypa/pip/issues/6165>`_)
- ``AdjacentTempDirectory`` fails on unwritable directory instead of locking up the uninstall command. (`6169 <https://github.com/pypa/pip/issues/6169>`_)
- Make failed uninstalls roll back more reliably and better at avoiding naming conflicts. (`6194 <https://github.com/pypa/pip/issues/6194>`_)
- Ensure the correct wheel file is copied when building PEP 517 distribution is built. (`6196 <https://github.com/pypa/pip/issues/6196>`_)
- The Python 2 end of life warning now only shows on CPython, which is the
implementation that has announced end of life plans. (`6207 <https://github.com/pypa/pip/issues/6207>`_)

Improved Documentation
----------------------

- Re-write README and documentation index (`5815 <https://github.com/pypa/pip/issues/5815>`_)

19.0.1

===================

Bug Fixes
---------

- Fix a crash when using --no-cache-dir with PEP 517 distributions (`6158 <https://github.com/pypa/pip/issues/6158>`_, `6171 <https://github.com/pypa/pip/issues/6171>`_)

19.0

=================

Deprecations and Removals
-------------------------

- Deprecate support for Python 3.4 (`6106 <https://github.com/pypa/pip/issues/6106>`_)
- Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life and
prompt users to start migrating to Python 3. (`6148 <https://github.com/pypa/pip/issues/6148>`_)
- Remove the deprecated ``--process-dependency-links`` option. (`6060 <https://github.com/pypa/pip/issues/6060>`_)
- Remove the deprecated SVN editable detection based on dependency links
during freeze. (`5866 <https://github.com/pypa/pip/issues/5866>`_)

Features
--------

- Implement PEP 517 (allow projects to specify a build backend via pyproject.toml). (`5743 <https://github.com/pypa/pip/issues/5743>`_)
- Implement manylinux2010 platform tag support.  manylinux2010 is the successor
to manylinux1.  It allows carefully compiled binary wheels to be installed
on compatible Linux platforms. (`5008 <https://github.com/pypa/pip/issues/5008>`_)
- Improve build isolation: handle ``.pth`` files, so namespace packages are correctly supported under Python 3.2 and earlier. (`5656 <https://github.com/pypa/pip/issues/5656>`_)
- Include the package name in a freeze warning if the package is not installed. (`5943 <https://github.com/pypa/pip/issues/5943>`_)
- Warn when dropping an ``--[extra-]index-url`` value that points to an existing local directory. (`5827 <https://github.com/pypa/pip/issues/5827>`_)
- Prefix pip's ``--log`` file lines with their timestamp. (`6141 <https://github.com/pypa/pip/issues/6141>`_)

Bug Fixes
---------

- Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_)
- Redact the password from the URL in various log messages. (`4746 <https://github.com/pypa/pip/issues/4746>`_, `6124 <https://github.com/pypa/pip/issues/6124>`_)
- Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_)
- Avoid printing a stack trace when given an invalid requirement. (`5147 <https://github.com/pypa/pip/issues/5147>`_)
- Present 401 warning if username/password do not work for URL (`4833 <https://github.com/pypa/pip/issues/4833>`_)
- Handle ``requests.exceptions.RetryError`` raised in ``PackageFinder`` that was causing pip to fail silently when some indexes were unreachable. (`5270 <https://github.com/pypa/pip/issues/5270>`_, `5483 <https://github.com/pypa/pip/issues/5483>`_)
- Handle a broken stdout pipe more gracefully (e.g. when running ``pip list | head``). (`4170 <https://github.com/pypa/pip/issues/4170>`_)
- Fix crash from setting ``PIP_NO_CACHE_DIR=yes``. (`5385 <https://github.com/pypa/pip/issues/5385>`_)
- Fix crash from unparseable requirements when checking installed packages. (`5839 <https://github.com/pypa/pip/issues/5839>`_)
- Fix content type detection if a directory named like an archive is used as a package source. (`5838 <https://github.com/pypa/pip/issues/5838>`_)
- Fix listing of outdated packages that are not dependencies of installed packages in ``pip list --outdated --not-required`` (`5737 <https://github.com/pypa/pip/issues/5737>`_)
- Fix sorting ``TypeError`` in ``move_wheel_files()`` when installing some packages. (`5868 <https://github.com/pypa/pip/issues/5868>`_)
- Fix support for invoking pip using ``python src/pip ...``. (`5841 <https://github.com/pypa/pip/issues/5841>`_)
- Greatly reduce memory usage when installing wheels containing large files. (`5848 <https://github.com/pypa/pip/issues/5848>`_)
- Editable non-VCS installs now freeze as editable. (`5031 <https://github.com/pypa/pip/issues/5031>`_)
- Editable Git installs without a remote now freeze as editable. (`4759 <https://github.com/pypa/pip/issues/4759>`_)
- Canonicalize sdist file names so they can be matched to a canonicalized package name passed to ``pip install``. (`5870 <https://github.com/pypa/pip/issues/5870>`_)
- Properly decode special characters in SVN URL credentials. (`5968 <https://github.com/pypa/pip/issues/5968>`_)
- Make ``PIP_NO_CACHE_DIR`` disable the cache also for truthy values like ``"true"``, ``"yes"``, ``"1"``, etc. (`5735 <https://github.com/pypa/pip/issues/5735>`_)

Vendored Libraries
------------------

- Include license text of vendored 3rd party libraries. (`5213 <https://github.com/pypa/pip/issues/5213>`_)
- Update certifi to 2018.11.29
- Update colorama to 0.4.1
- Update distlib to 0.2.8
- Update idna to 2.8
- Update packaging to 19.0
- Update pep517 to 0.5.0
- Update pkg_resources to 40.6.3 (via setuptools)
- Update pyparsing to 2.3.1
- Update pytoml to 0.1.20
- Update requests to 2.21.0
- Update six to 1.12.0
- Update urllib3 to 1.24.1

Improved Documentation
----------------------

- Include the Vendoring Policy in the documentation. (`5958 <https://github.com/pypa/pip/issues/5958>`_)
- Add instructions for running pip from source to Development documentation. (`5949 <https://github.com/pypa/pip/issues/5949>`_)
- Remove references to removed ``egg=<name>-<version>`` functionality (`5888 <https://github.com/pypa/pip/issues/5888>`_)
- Fix omission of command name in HTML usage documentation (`5984 <https://github.com/pypa/pip/issues/5984>`_)

18.1

=================

Features
--------

- Allow PEP 508 URL requirements to be used as dependencies.

As a security measure, pip will raise an exception when installing packages from
PyPI if those packages depend on packages not also hosted on PyPI.
In the future, PyPI will block uploading packages with such external URL dependencies directly. (`4187 <https://github.com/pypa/pip/issues/4187>`_)
- Allows dist options (--abi, --python-version, --platform, --implementation) when installing with --target (`5355 <https://github.com/pypa/pip/issues/5355>`_)
- Support passing ``svn+ssh`` URLs with a username to ``pip install -e``. (`5375 <https://github.com/pypa/pip/issues/5375>`_)
- pip now ensures that the RECORD file is sorted when installing from a wheel file. (`5525 <https://github.com/pypa/pip/issues/5525>`_)
- Add support for Python 3.7. (`5561 <https://github.com/pypa/pip/issues/5561>`_)
- Malformed configuration files now show helpful error messages, instead of tracebacks. (`5798 <https://github.com/pypa/pip/issues/5798>`_)

Bug Fixes
---------

- Checkout the correct branch when doing an editable Git install. (`2037 <https://github.com/pypa/pip/issues/2037>`_)
- Run self-version-check only on commands that may access the index, instead of
trying on every run and failing to do so due to missing options. (`5433 <https://github.com/pypa/pip/issues/5433>`_)
- Allow a Git ref to be installed over an existing installation. (`5624 <https://github.com/pypa/pip/issues/5624>`_)
- Show a better error message when a configuration option has an invalid value. (`5644 <https://github.com/pypa/pip/issues/5644>`_)
- Always revalidate cached simple API pages instead of blindly caching them for up to 10
minutes. (`5670 <https://github.com/pypa/pip/issues/5670>`_)
- Avoid caching self-version-check information when cache is disabled. (`5679 <https://github.com/pypa/pip/issues/5679>`_)
- Avoid traceback printing on autocomplete after flags in the CLI. (`5751 <https://github.com/pypa/pip/issues/5751>`_)
- Fix incorrect parsing of egg names if pip needs to guess the package name. (`5819 <https://github.com/pypa/pip/issues/5819>`_)

Vendored Libraries
------------------

- Upgrade certifi to 2018.8.24
- Upgrade packaging to 18.0
- Upgrade pyparsing to 2.2.1
- Add pep517 version 0.2
- Upgrade pytoml to 0.1.19
- Upgrade pkg_resources to 40.4.3 (via setuptools)

Improved Documentation
----------------------

- Fix "Requirements Files" reference in User Guide (`user_guide_fix_requirements_file_ref <https://github.com/pypa/pip/issues/user_guide_fix_requirements_file_ref>`_)

18.0

=================

Process
-------

- Switch to a Calendar based versioning scheme.
- Formally document our deprecation process as a minimum of 6 months of deprecation
warnings.
- Adopt and document NEWS fragment writing style.
- Switch to releasing a new, non-bug fix version of pip every 3 months.

Deprecations and Removals
-------------------------

- Remove the legacy format from pip list. (3651, 3654)
- Dropped support for Python 3.3. (3796)
- Remove support for cleaning up egg fragment postfixes. (4174)
- Remove the shim for the old get-pip.py location. (5520)

For the past 2 years, it's only been redirecting users to use the newer
https://bootstrap.pypa.io/get-pip.py location.

Features
--------

- Introduce a new --prefer-binary flag, to prefer older wheels over newer source packages. (3785)
- Improve autocompletion function on file name completion after options
which have ``<file>``, ``<dir>`` or ``<path>`` as metavar. (4842, 5125)
- Add support for installing PEP 518 build dependencies from source. (5229)
- Improve status message when upgrade is skipped due to only-if-needed strategy. (5319)

Bug Fixes
---------

- Update pip's self-check logic to not use a virtualenv specific file and honor cache-dir. (3905)
- Remove compiled pyo files for wheel packages. (4471)
- Speed up printing of newly installed package versions. (5127)
- Restrict install time dependency warnings to directly-dependant packages. (5196, 5457)

Warning about the entire package set has resulted in users getting confused as
to why pip is printing these warnings.
- Improve handling of PEP 518 build requirements: support environment markers and extras. (5230, 5265)
- Remove username/password from log message when using index with basic auth. (5249)
- Remove trailing os.sep from PATH directories to avoid false negatives. (5293)
- Fix "pip wheel pip" being blocked by the "don't use pip to modify itself" check. (5311, 5312)
- Disable pip's version check (and upgrade message) when installed by a different package manager. (5346)

This works better with Linux distributions where pip's upgrade message may
result in users running pip in a manner that modifies files that should be
managed by the OS's package manager.
- Check for file existence and unlink first when clobbering existing files during a wheel install. (5366)
- Improve error message to be more specific when no files are found as listed in as listed in PKG-INFO. (5381)
- Always read ``pyproject.toml`` as UTF-8. This fixes Unicode handling on Windows and Python 2. (5482)
- Fix a crash that occurs when PATH not set, while generating script location warning. (5558)
- Disallow packages with ``pyproject.toml`` files that have an empty build-system table. (5627)

Vendored Libraries
------------------

- Update CacheControl to 0.12.5.
- Update certifi to 2018.4.16.
- Update distro to 1.3.0.
- Update idna to 2.7.
- Update ipaddress to 1.0.22.
- Update pkg_resources to 39.2.0 (via setuptools).
- Update progress to 1.4.
- Update pytoml to 0.1.16.
- Update requests to 2.19.1.
- Update urllib3 to 1.23.

Improved Documentation
----------------------

- Document how to use pip with a proxy server. (512, 5574)
- Document that the output of pip show is in RFC-compliant mail header format. (5261)

10.0.1

===================

Features
--------

- Switch the default repository to the new "PyPI 2.0" running at
https://pypi.org/. (5214)

Bug Fixes
---------

- Fix a bug that made get-pip.py unusable on Windows without renaming. (5219)
- Fix a TypeError when loading the cache on older versions of Python 2.7.
(5231)
- Fix and improve error message when EnvironmentError occurs during
installation. (5237)
- A crash when reinstalling from VCS requirements has been fixed. (5251)
- Fix PEP 518 support when pip is installed in the user site. (5524)

Vendored Libraries
------------------

- Upgrade distlib to 0.2.7

10.0.0

===================

Bug Fixes
---------

- Prevent false-positive installation warnings due to incomplete name
normalization. (5134)
- Fix issue where installing from Git with a short SHA would fail. (5140)
- Accept pre-release versions when checking for conflicts with pip check or pip
install. (5141)
- ``ioctl(fd, termios.TIOCGWINSZ, ...)`` needs 8 bytes of data (5150)
- Do not warn about script location when installing to the directory containing
sys.executable. This is the case when 'pip install'ing without activating a
virtualenv. (5157)
- Fix PEP 518 support. (5188)
- Don't warn about script locations if ``--target`` is specified. (5203)

10.0.0b2

=====================

Bug Fixes
---------

- Fixed line endings in CA Bundle - 10.0.0b1 was inadvertently released with Windows
line endings. (5131)

10.0.0b1

=====================

Deprecations and Removals
-------------------------

- Removed the deprecated ``--egg`` parameter to ``pip install``. (1749)
- Removed support for uninstalling projects which have been installed using
distutils. distutils installed projects do not include metadata indicating
what files belong to that install and thus it is impossible to *actually*
uninstall them rather than just remove the metadata saying they've been
installed while leaving all of the actual files behind. (2386)
- Removed the deprecated ``--download`` option to ``pip install``. (2643)
- Removed the deprecated --(no-)use-wheel flags to ``pip install`` and ``pip
wheel``. (2699)
- Removed the deprecated ``--allow-external``, ``--allow-all-external``, and
``--allow-unverified`` options. (3070)
- Switch the default for ``pip list`` to the columns format, and deprecate the
legacy format. (3654, 3686)
- Deprecate support for Python 3.3. (3796)
- Removed the deprecated ``--default-vcs`` option. (4052)
- Removed the ``setup.py test`` support from our sdist as it wasn't being
maintained as a supported means to run our tests. (4203)
- Dropped support for Python 2.6. (4343)
- Removed the --editable flag from pip download, as it did not make sense
(4362)
- Deprecate SVN detection based on dependency links in ``pip freeze``. (4449)
- Move all of pip's APIs into the pip._internal package, properly reflecting
the fact that pip does not currently have any public APIs. (4696, 4700)

Features
--------

- Add `--progress-bar <progress_bar>` to ``pip download``, ``pip install`` and
``pip wheel`` commands, to allow selecting a specific progress indicator or,
to completely suppress, (for example in a CI environment) use
``--progress-bar off. (2369, 2756)
- Add `--no-color` to `pip`. All colored output is disabled if this flag is
detected. (2449)
- pip uninstall now ignores the absence of a requirement and prints a warning.
(3016, 4642)
- Improved the memory and disk efficiency of the HTTP cache. (3515)
- Support for packages specifying build dependencies in pyproject.toml (see
`PEP 518 <https://www.python.org/dev/peps/pep-0518/>`__). Packages which
specify one or more build dependencies this way will be built into wheels in
an isolated environment with those dependencies installed. (3691)
- pip now supports environment variable expansion in requirement files using
only ``${VARIABLE}`` syntax on all platforms. (3728)
- Allowed combinations of -q and -v to act sanely. Then we don't need warnings
mentioned in the issue. (4008)
- Add `--exclude-editable` to ``pip freeze`` and ``pip list`` to exclude
editable packages from installed package list. (4015, 4016)
- Improve the error message for the common ``pip install ./requirements.txt``
case. (4127)
- Add support for the new `` url`` syntax from PEP 508. (4175)
- Add setuptools version to the statistics sent to BigQuery. (4209)
- Report the line which caused the hash error when using requirement files.
(4227)
- Add a pip config command for managing configuration files. (4240)
- Allow ``pip download`` to be used with a specific platform when ``--no-deps``
is set. (4289)
- Support build-numbers in wheel versions and support sorting with
build-numbers. (4299)
- Change pip outdated to use PackageFinder in order to do the version lookup so
that local mirrors in Environments that do not have Internet connections can
be used as the Source of Truth for latest version. (4336)
- pip now retries on more HTTP status codes, for intermittent failures.
Previously, it only retried on the standard 503. Now, it also retries on 500
(transient failures on AWS S3), 520 and 527 (transient failures on
Cloudflare). (4473)
- pip now displays where it is looking for packages, if non-default locations
are used. (4483)
- Display a message to run the right command for modifying pip on Windows
(4490)
- Add Man Pages for pip (4491)
- Make uninstall command less verbose by default (4493)
- Switch the default upgrade strategy to be 'only-if-needed' (4500)
- Installing from a local directory or a VCS URL now builds a wheel to install,
rather than running ``setup.py install``. Wheels from these sources are not
cached. (4501)
- Don't log a warning when installing a dependency from Git if the name looks
like a commit hash. (4507)
- pip now displays a warning when it installs scripts from a wheel outside the
PATH. These warnings can be suppressed using a new --no-warn-script-location
option. (4553)
- Local Packages can now be referenced using forward slashes on Windows.
(4563)
- pip show learnt a new Required-by field that lists currently installed
packages that depend on the shown package (4564)
- The command-line autocompletion engine ``pip show`` now autocompletes
installed distribution names. (4749)
- Change documentation theme to be in line with Python Documentation (4758)
- Add auto completion of short options. (4954)
- Run 'setup.py develop' inside pep518 build environment. (4999)
- pip install now prints an error message when it installs an incompatible
version of a dependency. (5000)
- Added a way to distinguish between pip installed packages and those from the
system package manager in 'pip list'. Specifically, 'pip list -v' also shows
the installer of package if it has that meta data. (949)
- Show install locations when list command ran with "-v" option. (979)

Bug Fixes
---------

- Allow pip to work if the ``GIT_DIR`` and ``GIT_WORK_TREE`` environment
variables are set. (1130)
- Make ``pip install --force-reinstall`` not require passing ``--upgrade``.
(1139)
- Return a failing exit status when `pip install`, `pip download`, or `pip
wheel` is called with no requirements. (2720)
- Interactive setup.py files will no longer hang indefinitely. (2732, 4982)
- Correctly reset the terminal if an exception occurs while a progress bar is
being shown. (3015)
- "Support URL-encoded characters in URL credentials." (3236)
- Don't assume sys.__stderr__.encoding exists (3356)
- Fix ``pip uninstall`` when ``easy-install.pth`` lacks a trailing newline.
(3741)
- Keep install options in requirements.txt from leaking. (3763)
- pip no longer passes global options from one package to later packages in the
same requirement file. (3830)
- Support installing from Git refs (3876)
- Use pkg_resources to parse the entry points file to allow names with colons.
(3901)
- ``-q`` specified once correctly sets logging level to WARNING, instead of
CRITICAL. Use `-qqq` to have the previous behavior back. (3994)
- Shell completion scripts now use correct executable names (e.g., ``pip3``
instead of ``pip``) (3997)
- Changed vendored encodings from ``utf8`` to ``utf-8``. (4076)
- Fixes destination directory of data_files when ``pip install --target`` is
used. (4092)
- Limit the disabling of requests' pyopenssl to Windows only. Fixes
"SNIMissingWarning / InsecurePlatformWarning not fixable with pip 9.0 /
9.0.1" (for non-Windows) (4098)
- Support the installation of wheels with non-PEP 440 version in their
filenames. (4169)
- Fall back to sys.getdefaultencoding() if locale.getpreferredencoding()
returns None in `pip.utils.encoding.auto_decode`. (4184)
- Fix a bug where `SETUPTOOLS_SHIM` got called incorrectly for relative path
requirements by converting relative paths to absolute paths prior to calling
the shim. (4208)
- Return the latest version number in search results. (4219)
- Improve error message on permission errors (4233)
- Fail gracefully when ``/etc/image_version`` (or another distro version file)
appears to exists but is not readable. (4249)
- Avoid importing setuptools in the parent pip process, to avoid a race
condition when upgrading one of setuptools dependencies. (4264)
- Fix for an incorrect ``freeze`` warning message due to a package being
included in multiple requirements files that were passed to ``freeze``.
Instead of warning incorrectly that the package is not installed, pip now
warns that the package was declared multiple times and lists the name of each
requirements file that contains the package in question. (4293)
- Generalize help text for ``compile``/``no-compile`` flags. (4316)
- Handle the case when ``/etc`` is not readable by the current user by using a
hardcoded list of possible names of release files. (4320)
- Fixed a ``NameError`` when attempting to catch ``FileNotFoundError`` on
Python 2.7. (4322)
- Ensure USER_SITE is correctly initialised. (4437)
- Reinstalling an editable package from Git no longer assumes that the
``master`` branch exists. (4448)
- This fixes an issue where when someone who tries to use git with pip but pip
can't because git is not in the path environment variable. This clarifies the
error given to suggest to the user what might be wrong. (4461)
- Improve handling of text output from build tools (avoid Unicode errors)
(4486)
- Fix a "No such file or directory" error when using --prefix. (4495)
- Allow commands to opt out of --require-venv. This allows pip help to work
even when the environment variable PIP_REQUIRE_VIRTUALENV is set. (4496)
- Fix warning message on mismatched versions during installation. (4655)
- pip now records installed files in a deterministic manner improving
reproducibility. (4667)
- Fix an issue where ``pip install -e`` on a Git url would fail to update if a
branch or tag name is specified that happens to match the prefix of the
current ``HEAD`` commit hash. (4675)
- Fix an issue where a variable assigned in a try clause was accessed in the
except clause, resulting in an undefined variable error in the except clause.
(4811)
- Use log level `info` instead of `warning` when ignoring packages due to
environment markers. (4876)
- Replaced typo mistake in subversion support. (4908)
- Terminal size is now correctly inferred when using Python 3 on Windows.
(4966)
- Abort if reading configuration causes encoding errors. (4976)
- Add a ``--no-user`` option and use it when installing build dependencies.
(5085)

Vendored Libraries
------------------

- Upgraded appdirs to 1.4.3.
- Upgraded CacheControl to 0.12.3.
- Vendored certifi at 2017.7.27.1.
- Vendored chardet at 3.0.4.
- Upgraded colorama to 0.3.9.
- Upgraded distlib to 0.2.6.
- Upgraded distro to 1.2.0.
- Vendored idna at idna==2.6.
- Upgraded ipaddress to 1.0.18.
- Vendored msgpack-python at 0.4.8.
- Removed the vendored ordereddict.
- Upgraded progress to 1.3.
- Upgraded pyparsing to 2.2.0.
- Upgraded pytoml to 0.1.14.
- Upgraded requests to 2.18.4.
- Upgraded pkg_resources (via setuptools) to 36.6.0.
- Upgraded six to 1.11.0.
- Vendored urllib3 at 1.22.
- Upgraded webencodings to 0.5.1.

Improved Documentation
----------------------

- Added documentation on usage of --build command line option (4262)
-  (4358)
- Document how to call pip from your code, including the fact that we do not
provide a Python API. (4743)

9.0.3

==================

- Fix an error where the vendored requests was not correctly containing itself
to only the internal vendored prefix.
- Restore compatibility with 2.6.

9.0.2

==================

- Fallback to using SecureTransport on macOS when the linked OpenSSL is too old
to support TLSv1.2.

9.0.1

==================

- Correct the deprecation message when not specifying a --format so that it
uses the correct setting name (``format``) rather than the incorrect one
(``list_format``). (4058)
- Fix ``pip check`` to check all available distributions and not just the
local ones. (4083)
- Fix a crash on non ASCII characters from `lsb_release`. (4062)
- Fix an SyntaxError in an unused module of a vendored dependency. (4059)
- Fix UNC paths on Windows. (4064)

9.0.0

==================

- **BACKWARD INCOMPATIBLE** Remove the attempted autodetection of requirement
names from URLs, URLs must include a name via ``egg=``.
- **DEPRECATION** ``pip install --egg`` have been deprecated and will be
removed in the future. This "feature" has a long list of drawbacks which
break nearly all of pip's other features in subtle and hard-to-diagnose
ways.
- **DEPRECATION** ``--default-vcs`` option. (4052)
- **WARNING** pip 9 cache can break forward compatibility with previous pip
versions if your package repository allows chunked responses. (4078)
- Add an ``--upgrade-strategy`` option to ``pip install``, to control how
dependency upgrades are managed. (3972)
- Add a ``pip check`` command to check installed packages dependencies. (3750)
- Add option allowing user to abort pip operation if file/directory exists
- Add Appveyor CI
- Uninstall existing packages when performing an editable installation of
the same packages. (1548)
- ``pip show`` is less verbose by default. ``--verbose`` prints multiline
fields. (3858)
- Add optional column formatting to ``pip list``. (3651)
- Add ``--not-required`` option to ``pip list``, which lists packages that are
not dependencies of other packages.
- Fix builds on systems with symlinked ``/tmp`` directory for custom
builds such as numpy. (3701)
- Fix regression in ``pip freeze``: when there is more than one git remote,
priority is given to the remote named ``origin``. (3708, 3616).
- Fix crash when calling ``pip freeze`` with invalid requirement installed.
(3704, 3681)
- Allow multiple ``--requirement`` files in ``pip freeze``. (3703)
- Implementation of pep-503 ``data-requires-python``. When this field is
present for a release link, pip will ignore the download when
installing to a Python version that doesn't satisfy the requirement.
- ``pip wheel`` now works on editable packages too (it was only working on
editable dependencies before); this allows running ``pip wheel`` on the result
of ``pip freeze`` in presence of editable requirements. (3695, 3291)
- Load credentials from ``.netrc`` files. (3715, 3569)
- Add ``--platform``, ``--python-version``, ``--implementation`` and ``--abi``
parameters to ``pip download``. These allow utilities and advanced users to
gather distributions for interpreters other than the one pip is being run on.
(3760)
- Skip scanning virtual environments, even when venv/bin/python is a dangling
symlink.
- Added ``pip completion`` support for the ``fish`` shell.
- Fix problems on Windows on Python 2 when username or hostname contains
non-ASCII characters. (3463, 3970, 4000)
- Use ``git fetch --tags`` to fetch tags in addition to everything else that
is normally fetched; this is necessary in case a git requirement url
points to a tag or commit that is not on a branch. (3791)
- Normalize package names before using in ``pip show`` (3976)
- Raise when Requires-Python do not match the running version and add
``--ignore-requires-python`` option as escape hatch. (3846)
- Report the correct installed version when performing an upgrade in some
corner cases. (2382
- Add ``-i`` shorthand for ``--index`` flag in ``pip search``.
- Do not optionally load C dependencies in requests. (1840, 2930, 3024)
- Strip authentication from SVN url prior to passing it to ``svn``.
(3697, 3209)
- Also install in platlib with ``--target`` option. (3694, 3682)
- Restore the ability to use inline comments in requirements files passed to
``pip freeze``. (3680)
Links

@pyup-bot pyup-bot mentioned this pull request Oct 18, 2019
@coveralls
Copy link

Coverage Status

Coverage remained the same at 97.087% when pulling c0213d2 on pyup-update-pip-8.1.2-to-19.3.1 into 2025029 on master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage remained the same at 97.087% when pulling c0213d2 on pyup-update-pip-8.1.2-to-19.3.1 into 2025029 on master.

@pyup-bot
Copy link
Author

Closing this in favor of #92

@pyup-bot pyup-bot closed this Jan 21, 2020
@jlmadurga jlmadurga deleted the pyup-update-pip-8.1.2-to-19.3.1 branch January 21, 2020 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants