From 8d0278771c7325b04f02cb073c8ef02827cbeb93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Sun, 15 Oct 2023 10:22:52 +0200 Subject: [PATCH 1/4] Reclassify news fragment This is not for the process category, and probably not significant enough for a feature news entry. --- news/{12155.process.rst => 12155.trivial.rst} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename news/{12155.process.rst => 12155.trivial.rst} (100%) diff --git a/news/12155.process.rst b/news/12155.trivial.rst similarity index 100% rename from news/12155.process.rst rename to news/12155.trivial.rst From 3e85558b10722598fb3353126e2f19979f7cf7dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Sun, 15 Oct 2023 10:23:01 +0200 Subject: [PATCH 2/4] Update AUTHORS.txt --- AUTHORS.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/AUTHORS.txt b/AUTHORS.txt index 77eb39a427d..49e30f69678 100644 --- a/AUTHORS.txt +++ b/AUTHORS.txt @@ -20,6 +20,7 @@ Albert-Guan albertg Alberto Sottile Aleks Bunin +Ales Erjavec Alethea Flowers Alex Gaynor Alex Grönholm @@ -30,6 +31,7 @@ Alex Stachowiak Alexander Shtyrov Alexandre Conrad Alexey Popravka +Aleš Erjavec Alli Ami Fischman Ananya Maiti @@ -196,9 +198,11 @@ David Runge David Tucker David Wales Davidovich +ddelange Deepak Sharma Deepyaman Datta Denise Yu +dependabot[bot] derwolfe Desetude Devesh Kumar Singh @@ -312,6 +316,7 @@ Ilya Baryshev Inada Naoki Ionel Cristian Mărieș Ionel Maries Cristian +Itamar Turner-Trauring Ivan Pozdeev Jacob Kim Jacob Walls @@ -338,6 +343,7 @@ Jay Graves Jean-Christophe Fillion-Robin Jeff Barber Jeff Dairiki +Jeff Widman Jelmer Vernooij jenix21 Jeremy Stanley @@ -367,6 +373,7 @@ Joseph Long Josh Bronson Josh Hansen Josh Schneier +Joshua Juan Luis Cano Rodríguez Juanjo Bazán Judah Rand @@ -397,6 +404,7 @@ KOLANICH kpinc Krishna Oza Kumar McMillan +Kurt McKee Kyle Persohn lakshmanaram Laszlo Kiss-Kollar @@ -413,6 +421,7 @@ lorddavidiii Loren Carvalho Lucas Cimon Ludovic Gasc +Lukas Geiger Lukas Juhrich Luke Macken Luo Jiebin @@ -529,6 +538,7 @@ Patrick Jenkins Patrick Lawson patricktokeeffe Patrik Kopkan +Paul Ganssle Paul Kehrer Paul Moore Paul Nasrat @@ -609,6 +619,7 @@ ryneeverett Sachi King Salvatore Rinchiera sandeepkiran-js +Sander Van Balen Savio Jomton schlamar Scott Kitterman @@ -621,6 +632,7 @@ SeongSoo Cho Sergey Vasilyev Seth Michael Larson Seth Woodworth +Shahar Epstein Shantanu shireenrao Shivansh-007 @@ -648,6 +660,7 @@ Steve Kowalik Steven Myint Steven Silvester stonebig +studioj Stéphane Bidoul Stéphane Bidoul (ACSONE) Stéphane Klein From e3dc91dad93a020b3034a87ebe59027f63370fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Sun, 15 Oct 2023 10:23:02 +0200 Subject: [PATCH 3/4] Bump for release --- NEWS.rst | 57 +++++++++++++++++++ news/11394.bugfix.rst | 1 - news/11649.bugfix.rst | 5 -- news/11847.bugfix.rst | 1 - news/11924.bugfix.rst | 1 - news/11924.feature.rst | 1 - news/12005.bugfix.rst | 1 - news/12059.doc.rst | 1 - news/12095.bugfix.rst | 1 - news/12122.doc.rst | 1 - news/12155.trivial.rst | 6 -- news/12166.bugfix.rst | 1 - news/12175.removal.rst | 1 - news/12183.trivial.rst | 1 - news/12187.bugfix.rst | 1 - news/12194.trivial.rst | 1 - news/12204.feature.rst | 1 - news/12215.feature.rst | 1 - news/12224.feature.rst | 1 - news/12225.bugfix.rst | 1 - news/12252.trivial.rst | 0 news/12254.process.rst | 1 - news/12261.trivial.rst | 0 news/12280.bugfix.rst | 1 - news/12306.bugfix.rst | 1 - news/12334.doc.rst | 1 - news/12350.bugfix.rst | 1 - ...EC-683C-4A8E-BCCB-851FCD0730B4.trivial.rst | 0 ...69-21F3-49F6-B938-AB16E326F82C.trivial.rst | 0 news/2984.bugfix.rst | 1 - ...FF-ABE1-48C7-954C-7C3EB229135F.trivial.rst | 1 - ...DE-8011-4146-8CAD-85D7756D88A6.trivial.rst | 0 ...F4-7B0F-4268-B682-E1FCA1C3ACED.trivial.rst | 0 ...60-68FF-4C1E-A2CB-CF8634829D2D.trivial.rst | 0 ...CA-A0CF-4309-B808-1210C0B54632.trivial.rst | 0 news/certifi.vendor.rst | 1 - ...28-bc23-46aa-9175-834117a42dbd.trivial.rst | 0 news/truststore.vendor.rst | 1 - news/urllib3.vendor.rst | 1 - news/zhsdgdlsjgksdfj.trivial.rst | 0 src/pip/__init__.py | 2 +- 41 files changed, 58 insertions(+), 39 deletions(-) delete mode 100644 news/11394.bugfix.rst delete mode 100644 news/11649.bugfix.rst delete mode 100644 news/11847.bugfix.rst delete mode 100644 news/11924.bugfix.rst delete mode 100644 news/11924.feature.rst delete mode 100644 news/12005.bugfix.rst delete mode 100644 news/12059.doc.rst delete mode 100644 news/12095.bugfix.rst delete mode 100644 news/12122.doc.rst delete mode 100644 news/12155.trivial.rst delete mode 100644 news/12166.bugfix.rst delete mode 100644 news/12175.removal.rst delete mode 100644 news/12183.trivial.rst delete mode 100644 news/12187.bugfix.rst delete mode 100644 news/12194.trivial.rst delete mode 100644 news/12204.feature.rst delete mode 100644 news/12215.feature.rst delete mode 100644 news/12224.feature.rst delete mode 100644 news/12225.bugfix.rst delete mode 100644 news/12252.trivial.rst delete mode 100644 news/12254.process.rst delete mode 100644 news/12261.trivial.rst delete mode 100644 news/12280.bugfix.rst delete mode 100644 news/12306.bugfix.rst delete mode 100644 news/12334.doc.rst delete mode 100644 news/12350.bugfix.rst delete mode 100644 news/12AE57EC-683C-4A8E-BCCB-851FCD0730B4.trivial.rst delete mode 100644 news/1F54AB69-21F3-49F6-B938-AB16E326F82C.trivial.rst delete mode 100644 news/2984.bugfix.rst delete mode 100644 news/4A0C40FF-ABE1-48C7-954C-7C3EB229135F.trivial.rst delete mode 100644 news/732404DE-8011-4146-8CAD-85D7756D88A6.trivial.rst delete mode 100644 news/80291DF4-7B0F-4268-B682-E1FCA1C3ACED.trivial.rst delete mode 100644 news/85F7E260-68FF-4C1E-A2CB-CF8634829D2D.trivial.rst delete mode 100644 news/E2B261CA-A0CF-4309-B808-1210C0B54632.trivial.rst delete mode 100644 news/certifi.vendor.rst delete mode 100644 news/d7179b28-bc23-46aa-9175-834117a42dbd.trivial.rst delete mode 100644 news/truststore.vendor.rst delete mode 100644 news/urllib3.vendor.rst delete mode 100644 news/zhsdgdlsjgksdfj.trivial.rst diff --git a/NEWS.rst b/NEWS.rst index fc3bb6697ad..27ac69d793a 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -9,6 +9,63 @@ .. towncrier release notes start +23.3 (2023-10-15) +================= + +Process +------- + +- Added reference to `vulnerability reporting guidelines `_ to pip's security policy. + +Deprecations and Removals +------------------------- + +- Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. (`#12175 `_) + +Features +-------- + +- Improve extras resolution for multiple constraints on same base package. (`#11924 `_) +- Improve use of datastructures to make candidate selection 1.6x faster (`#12204 `_) +- Allow ``pip install --dry-run`` to use platform and ABI overriding options similar to ``--target``. (`#12215 `_) +- Add ``is_yanked`` boolean entry to the installation report (``--report``) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. (`#12224 `_) + +Bug Fixes +--------- + +- Ignore errors in temporary directory cleanup (show a warning instead). (`#11394 `_) +- Normalize extras according to :pep:`685` from package metadata in the resolver + for comparison. This ensures extras are correctly compared and merged as long + as the package providing the extra(s) is built with values normalized according + to the standard. Note, however, that this *does not* solve cases where the + package itself contains unnormalized extra values in the metadata. (`#11649 `_) +- Prevent downloading sdists twice when PEP 658 metadata is present. (`#11847 `_) +- Include all requested extras in the install report (``--report``). (`#11924 `_) +- Removed uses of ``datetime.datetime.utcnow`` from non-vendored code. (`#12005 `_) +- Consistently report whether a dependency comes from an extra. (`#12095 `_) +- Fix completion script for zsh (`#12166 `_) +- Fix improper handling of the new onexc argument of ``shutil.rmtree()`` in Python 3.12. (`#12187 `_) +- Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. (`#12225 `_) +- Fix crash when the git version number contains something else than digits and dots. (`#12280 `_) +- Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial. (`#12306 `_) +- Redact password from URLs in some additional places. (`#12350 `_) +- pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). (`#2984 `_) + +Vendored Libraries +------------------ + +- Upgrade certifi to 2023.7.22 +- Add truststore 0.8.0 +- Upgrade urllib3 to 1.26.17 + +Improved Documentation +---------------------- + +- Document that ``pip search`` support has been removed from PyPI (`#12059 `_) +- Clarify --prefer-binary in CLI and docs (`#12122 `_) +- Document that using OS-provided Python can cause pip's test suite to report false failures. (`#12334 `_) + + 23.2.1 (2023-07-22) =================== diff --git a/news/11394.bugfix.rst b/news/11394.bugfix.rst deleted file mode 100644 index 9f2501db46c..00000000000 --- a/news/11394.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Ignore errors in temporary directory cleanup (show a warning instead). diff --git a/news/11649.bugfix.rst b/news/11649.bugfix.rst deleted file mode 100644 index 65511711f59..00000000000 --- a/news/11649.bugfix.rst +++ /dev/null @@ -1,5 +0,0 @@ -Normalize extras according to :pep:`685` from package metadata in the resolver -for comparison. This ensures extras are correctly compared and merged as long -as the package providing the extra(s) is built with values normalized according -to the standard. Note, however, that this *does not* solve cases where the -package itself contains unnormalized extra values in the metadata. diff --git a/news/11847.bugfix.rst b/news/11847.bugfix.rst deleted file mode 100644 index 1f384835fef..00000000000 --- a/news/11847.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Prevent downloading sdists twice when PEP 658 metadata is present. diff --git a/news/11924.bugfix.rst b/news/11924.bugfix.rst deleted file mode 100644 index 7a9ee3151a4..00000000000 --- a/news/11924.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Include all requested extras in the install report (``--report``). diff --git a/news/11924.feature.rst b/news/11924.feature.rst deleted file mode 100644 index 30bc60e6bce..00000000000 --- a/news/11924.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Improve extras resolution for multiple constraints on same base package. diff --git a/news/12005.bugfix.rst b/news/12005.bugfix.rst deleted file mode 100644 index 98a3e5112df..00000000000 --- a/news/12005.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Removed uses of ``datetime.datetime.utcnow`` from non-vendored code. diff --git a/news/12059.doc.rst b/news/12059.doc.rst deleted file mode 100644 index bf3a8d3e662..00000000000 --- a/news/12059.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Document that ``pip search`` support has been removed from PyPI diff --git a/news/12095.bugfix.rst b/news/12095.bugfix.rst deleted file mode 100644 index 1f5018326ba..00000000000 --- a/news/12095.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Consistently report whether a dependency comes from an extra. diff --git a/news/12122.doc.rst b/news/12122.doc.rst deleted file mode 100644 index 49a3308a25c..00000000000 --- a/news/12122.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Clarify --prefer-binary in CLI and docs diff --git a/news/12155.trivial.rst b/news/12155.trivial.rst deleted file mode 100644 index 5f77231c864..00000000000 --- a/news/12155.trivial.rst +++ /dev/null @@ -1,6 +0,0 @@ -The metadata-fetching log message is moved to the VERBOSE level and now hidden -by default. The more significant information in this message to most users are -already available in surrounding logs (the package name and version of the -metadata being fetched), while the URL to the exact metadata file is generally -too long and clutters the output. The message can be brought back with -``--verbose``. diff --git a/news/12166.bugfix.rst b/news/12166.bugfix.rst deleted file mode 100644 index 491597c7f1a..00000000000 --- a/news/12166.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fix completion script for zsh diff --git a/news/12175.removal.rst b/news/12175.removal.rst deleted file mode 100644 index bf3500f351a..00000000000 --- a/news/12175.removal.rst +++ /dev/null @@ -1 +0,0 @@ -Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. diff --git a/news/12183.trivial.rst b/news/12183.trivial.rst deleted file mode 100644 index c22e854c9a5..00000000000 --- a/news/12183.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Add test cases for some behaviors of ``install --dry-run`` and ``--use-feature=fast-deps``. diff --git a/news/12187.bugfix.rst b/news/12187.bugfix.rst deleted file mode 100644 index b4d106b974f..00000000000 --- a/news/12187.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fix improper handling of the new onexc argument of ``shutil.rmtree()`` in Python 3.12. diff --git a/news/12194.trivial.rst b/news/12194.trivial.rst deleted file mode 100644 index dfe5bbf1f06..00000000000 --- a/news/12194.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Add lots of comments to the ``BuildTracker``. diff --git a/news/12204.feature.rst b/news/12204.feature.rst deleted file mode 100644 index 6ffdf5123b1..00000000000 --- a/news/12204.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Improve use of datastructures to make candidate selection 1.6x faster diff --git a/news/12215.feature.rst b/news/12215.feature.rst deleted file mode 100644 index 407dc903ed9..00000000000 --- a/news/12215.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Allow ``pip install --dry-run`` to use platform and ABI overriding options similar to ``--target``. diff --git a/news/12224.feature.rst b/news/12224.feature.rst deleted file mode 100644 index d874265787a..00000000000 --- a/news/12224.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Add ``is_yanked`` boolean entry to the installation report (``--report``) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. diff --git a/news/12225.bugfix.rst b/news/12225.bugfix.rst deleted file mode 100644 index e1e0c323dc3..00000000000 --- a/news/12225.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. diff --git a/news/12252.trivial.rst b/news/12252.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/12254.process.rst b/news/12254.process.rst deleted file mode 100644 index e546902685b..00000000000 --- a/news/12254.process.rst +++ /dev/null @@ -1 +0,0 @@ -Added reference to `vulnerability reporting guidelines `_ to pip's security policy. diff --git a/news/12261.trivial.rst b/news/12261.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/12280.bugfix.rst b/news/12280.bugfix.rst deleted file mode 100644 index 77de283d398..00000000000 --- a/news/12280.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Fix crash when the git version number contains something else than digits and dots. diff --git a/news/12306.bugfix.rst b/news/12306.bugfix.rst deleted file mode 100644 index eb6eecaaf1b..00000000000 --- a/news/12306.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial. diff --git a/news/12334.doc.rst b/news/12334.doc.rst deleted file mode 100644 index ff3d877e5e8..00000000000 --- a/news/12334.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Document that using OS-provided Python can cause pip's test suite to report false failures. diff --git a/news/12350.bugfix.rst b/news/12350.bugfix.rst deleted file mode 100644 index 3fb16b4ed6a..00000000000 --- a/news/12350.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -Redact password from URLs in some additional places. diff --git a/news/12AE57EC-683C-4A8E-BCCB-851FCD0730B4.trivial.rst b/news/12AE57EC-683C-4A8E-BCCB-851FCD0730B4.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/1F54AB69-21F3-49F6-B938-AB16E326F82C.trivial.rst b/news/1F54AB69-21F3-49F6-B938-AB16E326F82C.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/2984.bugfix.rst b/news/2984.bugfix.rst deleted file mode 100644 index cce561815c9..00000000000 --- a/news/2984.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). diff --git a/news/4A0C40FF-ABE1-48C7-954C-7C3EB229135F.trivial.rst b/news/4A0C40FF-ABE1-48C7-954C-7C3EB229135F.trivial.rst deleted file mode 100644 index 7f6c1d5612e..00000000000 --- a/news/4A0C40FF-ABE1-48C7-954C-7C3EB229135F.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Add ruff rules ASYNC,C4,C90,PERF,PLE,PLR for minor optimizations and to set upper limits on code complexity. diff --git a/news/732404DE-8011-4146-8CAD-85D7756D88A6.trivial.rst b/news/732404DE-8011-4146-8CAD-85D7756D88A6.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/80291DF4-7B0F-4268-B682-E1FCA1C3ACED.trivial.rst b/news/80291DF4-7B0F-4268-B682-E1FCA1C3ACED.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/85F7E260-68FF-4C1E-A2CB-CF8634829D2D.trivial.rst b/news/85F7E260-68FF-4C1E-A2CB-CF8634829D2D.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/E2B261CA-A0CF-4309-B808-1210C0B54632.trivial.rst b/news/E2B261CA-A0CF-4309-B808-1210C0B54632.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/certifi.vendor.rst b/news/certifi.vendor.rst deleted file mode 100644 index aacd17183f1..00000000000 --- a/news/certifi.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade certifi to 2023.7.22 diff --git a/news/d7179b28-bc23-46aa-9175-834117a42dbd.trivial.rst b/news/d7179b28-bc23-46aa-9175-834117a42dbd.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/truststore.vendor.rst b/news/truststore.vendor.rst deleted file mode 100644 index 63c71d72d2f..00000000000 --- a/news/truststore.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Add truststore 0.8.0 diff --git a/news/urllib3.vendor.rst b/news/urllib3.vendor.rst deleted file mode 100644 index 37032f67a0e..00000000000 --- a/news/urllib3.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade urllib3 to 1.26.17 diff --git a/news/zhsdgdlsjgksdfj.trivial.rst b/news/zhsdgdlsjgksdfj.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/src/pip/__init__.py b/src/pip/__init__.py index 00ce8ad456d..62498a779d5 100644 --- a/src/pip/__init__.py +++ b/src/pip/__init__.py @@ -1,6 +1,6 @@ from typing import List, Optional -__version__ = "23.3.dev0" +__version__ = "23.3" def main(args: Optional[List[str]] = None) -> int: From c0cce3ca6048b27d80b78a88d6af1b25b10a2a2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Sun, 15 Oct 2023 10:23:09 +0200 Subject: [PATCH 4/4] Bump for development --- src/pip/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pip/__init__.py b/src/pip/__init__.py index 62498a779d5..46e56014998 100644 --- a/src/pip/__init__.py +++ b/src/pip/__init__.py @@ -1,6 +1,6 @@ from typing import List, Optional -__version__ = "23.3" +__version__ = "24.0.dev0" def main(args: Optional[List[str]] = None) -> int: