From 27884e58b95a8d01dee00577e8de8ed4b6e0a8de Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Feb 2024 21:59:20 +0100
Subject: [PATCH] chore(deps): Bump pip from 23.3.2 to 24.0 (#1698)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [pip](https://github.com/pypa/pip) from 23.3.2 to 24.0.
Changelog
Sourced from pip's
changelog.
24.0 (2024-02-03)
Features
- Retry on HTTP status code 502
(
[#11843](https://github.com/pypa/pip/issues/11843)
<https://github.com/pypa/pip/issues/11843>_)
- Automatically use the setuptools PEP 517 build backend when
--config-settings is
used for projects without pyproject.toml.
([#11915](https://github.com/pypa/pip/issues/11915)
<https://github.com/pypa/pip/issues/11915>_)
- Make pip freeze and pip uninstall of legacy editable installs of
packages whose name
contains
_ compatible with
setuptools>=69.0.3.
([#12477](https://github.com/pypa/pip/issues/12477)
<https://github.com/pypa/pip/issues/12477>_)
- Support per requirement
--config-settings for editable
installs. ([#12480](https://github.com/pypa/pip/issues/12480)
<https://github.com/pypa/pip/issues/12480>_)
Bug Fixes
- Optimized usage of
--find-links=<path-to-dir>, by
only scanning the relevant directory once, only considering file names
that are valid wheel or sdist names, and only considering files in the
directory that are related to the install.
([#12327](https://github.com/pypa/pip/issues/12327)
<https://github.com/pypa/pip/issues/12327>_)
- Removed
wheel from the
[build-system].requires list fallback
that is used when pyproject.toml is absent.
([#12449](https://github.com/pypa/pip/issues/12449)
<https://github.com/pypa/pip/issues/12449>_)
Vendored Libraries
Improved Documentation
- Fix explanation of how PIP_CONFIG_FILE works
(
[#11815](https://github.com/pypa/pip/issues/11815)
<https://github.com/pypa/pip/issues/11815>_)
- Fix outdated pip install argument description in documentation.
(
[#12417](https://github.com/pypa/pip/issues/12417)
<https://github.com/pypa/pip/issues/12417>_)
- Replace some links to PEPs with links to the canonical
specifications on the :doc:
pypug:index
([#12434](https://github.com/pypa/pip/issues/12434)
<https://github.com/pypa/pip/issues/12434>_)
- Updated the
pyproject.toml document to stop suggesting
to depend on wheel as a build dependency directly.
([#12449](https://github.com/pypa/pip/issues/12449)
<https://github.com/pypa/pip/issues/12449>_)
- Update supported interpreters in development docs
(
[#12475](https://github.com/pypa/pip/issues/12475)
<https://github.com/pypa/pip/issues/12475>_)
Process
- Most project metadata is now defined statically via pip's
pyproject.toml file.
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
poetry.lock | 8 ++++----
pyproject.toml | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/poetry.lock b/poetry.lock
index 8e949a6d..27aa959e 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1142,13 +1142,13 @@ ptyprocess = ">=0.5"
[[package]]
name = "pip"
-version = "23.3.2"
+version = "24.0"
description = "The PyPA recommended tool for installing Python packages."
optional = false
python-versions = ">=3.7"
files = [
- {file = "pip-23.3.2-py3-none-any.whl", hash = "sha256:5052d7889c1f9d05224cd41741acb7c5d6fa735ab34e339624a614eaaa7e7d76"},
- {file = "pip-23.3.2.tar.gz", hash = "sha256:7fd9972f96db22c8077a1ee2691b172c8089b17a5652a44494a9ecb0d78f9149"},
+ {file = "pip-24.0-py3-none-any.whl", hash = "sha256:ba0d021a166865d2265246961bec0152ff124de910c5cc39f1156ce3fa7c69dc"},
+ {file = "pip-24.0.tar.gz", hash = "sha256:ea9bd1a847e8c5774a5777bb398c19e80bcd4e2aa16a4b301b718fe6f593aba2"},
]
[[package]]
@@ -2269,4 +2269,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
[metadata]
lock-version = "2.0"
python-versions = "^3.8"
-content-hash = "8a68b4f510670b1793cece18832b404c94bfe2d4baec5de9693f95ebf02d385a"
+content-hash = "2a28494b68cbd45d6fca03d7dc9059b6cd0b419c653317f3d27339bee79c8a0e"
diff --git a/pyproject.toml b/pyproject.toml
index 081a8e68..f9032455 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -51,7 +51,7 @@ ruff = ">=0.0.269,<0.2.2"
nox = {version = "^2023.4.22", python = "3.8"}
poetry = {version = "^1.4.2", python = "3.8"}
pipx = {version = "^1.2.0", python = "3.8"}
-pip = {version = "^23.1.2", python = "3.8"}
+pip = {version = ">=23.1.2,<25.0.0", python = "3.8"}
[tool.coverage.paths]
source = ["src"]