-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Deprecate and remove --no-python-version-warning
as Python 2 is dead
#13154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
FWIW the help text says nothing at all about Python 2 and suggests the option is useful today to - for example - warn that Python 3.8 support is going away: pip/src/pip/_internal/cli/cmdoptions.py Lines 987 to 994 in 0d609f7
|
Yeah.. we've never done that other than for the Python 2 sunset. We could start warning, but seems unnecessary, especially as we're more on the conservative side when it comes to dropping Python versions. Once we drop a Python version, it probably has fallen out of major use (and the folks still using it can't be using the latest and greatest for other parts of the ecosystem already). |
#172) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s/@jsii/python-runtime (#4752) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3...25.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…k/test/generated-code (#4753) Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#225) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…573) Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [tox](https://github.com/tox-dev/tox). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> Updates `tox` from 4.23.2 to 4.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.24.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Adds ability to configure stderr output color by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p> <h2>4.24.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>fix docs config typo by <a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li>Allow users to disable use of pre-commit-uv by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li> <li>Pass nix-ld related variables by default in pass_env (fixes <a href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by <a href="https://github.com/albertodonato"><code>@albertodonato</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li>Improve testenv docs consistency by <a href="https://github.com/thatch"><code>@thatch</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li>Display exception name when subprocesses raise them by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li> <li>Fix the CI after setuptools 75.6 change by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li> <li>Update pre-commit hooks with mypy fix by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li> <li>Fix a typo in a code block in the User Guide by <a href="https://github.com/bryant1410"><code>@bryant1410</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li>Update pre-commit hooks by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li> <li>💅 Make SVG image compatible with Firefox by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li> <li>feat: adding a json schema command by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li><a href="https://github.com/albertodonato"><code>@albertodonato</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li><a href="https://github.com/thatch"><code>@thatch</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li><a href="https://github.com/bryant1410"><code>@bryant1410</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.24.1 (2025-01-21)</h2> <p>Misc - 4.24.1</p> <pre><code>- :issue:`3426` <h2>v4.24.0 (2025-01-21)</h2> <p>Features - 4.24.0 </code></pre></p> <ul> <li> <p>Add a <code>schema</code> command to produce a JSON Schema for tox and the current plugins.</p> <ul> <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li> </ul> </li> </ul> <p>Bugfixes - 4.24.0</p> <pre><code>- Log exception name when subprocess execution produces one. <ul> <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li> </ul> <p>Improved Documentation - 4.24.0 </code></pre></p> <ul> <li> <p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to <code>{:}</code>.</p> <ul> <li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li> </ul> </li> <li> <p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code> variables by default in <code>pass_env</code> to make generic binaries work under Nix/NixOS.</p> <ul> <li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a> release 4.24.1</li> <li><a href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a> Adds ability to configure stderr output color (<a href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a> release 4.24.0</li> <li><a href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a> feat: adding a json schema command (<a href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a> 💅 Make SVG image compatible with Firefox (<a href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a> Bump astral-sh/setup-uv from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a> Update pre-commit hooks (<a href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a> Fix a typo in a code block in the User Guide (<a href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a> Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [tox](https://github.com/tox-dev/tox). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> Updates `tox` from 4.23.2 to 4.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.24.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Adds ability to configure stderr output color by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p> <h2>4.24.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>fix docs config typo by <a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li>Allow users to disable use of pre-commit-uv by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li> <li>Pass nix-ld related variables by default in pass_env (fixes <a href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by <a href="https://github.com/albertodonato"><code>@albertodonato</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li>Improve testenv docs consistency by <a href="https://github.com/thatch"><code>@thatch</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li>Display exception name when subprocesses raise them by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li> <li>Fix the CI after setuptools 75.6 change by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li> <li>Update pre-commit hooks with mypy fix by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li> <li>Fix a typo in a code block in the User Guide by <a href="https://github.com/bryant1410"><code>@bryant1410</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li>Update pre-commit hooks by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li> <li>💅 Make SVG image compatible with Firefox by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li> <li>feat: adding a json schema command by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li><a href="https://github.com/albertodonato"><code>@albertodonato</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li><a href="https://github.com/thatch"><code>@thatch</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li><a href="https://github.com/bryant1410"><code>@bryant1410</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.24.1 (2025-01-21)</h2> <p>Misc - 4.24.1</p> <pre><code>- :issue:`3426` <h2>v4.24.0 (2025-01-21)</h2> <p>Features - 4.24.0 </code></pre></p> <ul> <li> <p>Add a <code>schema</code> command to produce a JSON Schema for tox and the current plugins.</p> <ul> <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li> </ul> </li> </ul> <p>Bugfixes - 4.24.0</p> <pre><code>- Log exception name when subprocess execution produces one. <ul> <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li> </ul> <p>Improved Documentation - 4.24.0 </code></pre></p> <ul> <li> <p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to <code>{:}</code>.</p> <ul> <li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li> </ul> </li> <li> <p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code> variables by default in <code>pass_env</code> to make generic binaries work under Nix/NixOS.</p> <ul> <li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a> release 4.24.1</li> <li><a href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a> Adds ability to configure stderr output color (<a href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a> release 4.24.0</li> <li><a href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a> feat: adding a json schema command (<a href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a> 💅 Make SVG image compatible with Firefox (<a href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a> Bump astral-sh/setup-uv from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a> Update pre-commit hooks (<a href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a> Fix a typo in a code block in the User Guide (<a href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a> Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#216) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
One issue will be that libmamba, which is used in the entire conda ecosystem was using this flag until 2 weeks ago: https://github.com/mamba-org/mamba/pull/3770/files I suspect this is going to cause a lot of issues for folks that don't update their Conda / Mamba / micromamba. |
If they are using the environment variable (which is what it looks like), it'll just get ignored. |
OK, more people are relying on this flag than I thought. I still want people to stop using it as it does nothing, and I suspect that the modern uses of the flag (e.g., Hatch) are due to the reasonable but wrong assumption it still does something (another reason to remove it). However, we could probably just hide the flag from our help output, remove the tests, but otherwise leave the flag be as a no-op. I'd rather not cause churn over this. Thoughts? |
> DEPRECATION: --no-python-version-warning is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to remove the flag as it's a no-op. Discussion can be found at pypa/pip#13154
When using `hatch sell` with `pip` 25.0.1 at the first time, a deprecation warning is showed: > $ hatch shell > DEPRECATION: --no-python-version-warning is deprecated. pip 25.1 will > enforce this behaviour change. A possible replacement is to remove the > flag as it's a no-op. Discussion can be found at > pypa/pip#13154 > You are about to enter a new shell, exit as you usually would e.g. by > typing `exit` or pressing `ctrl+d`... Looking at pypa/pip#13154 it said: > The Python 2 days are behind us, thus we can kill off the > --no-python-version-warning flag which disabled the > "Python 2 is sunsetting support" warnings :) > > If you're using this flag, you can simply stop. It does nothing today. So, lets remove it to not show the warning
I'm in favor of removing it, but also not breaking things. It's a difficult tradeoff. Some churn is going to be required to remove it. It looks like at least some people are addressing the deprecation. My instinct is that it can be removed with modest churn, but maybe not in 25.1. |
Let's stick to our standard deprecation period of 6 months and remove in 25.2. There's no rush. But equally, there's no reason to extend beyond our standard 6 months. |
Pip 25.1 will remove the flag and 25.0 already raises a deprecation warning when hatch build command is used. This will make current hatch version to fail when `pip` 25.1 is released. See pypa/pip#13154
Hi all, I've since realized that fully removing this flag would be more disruptive I initially thought. I propose that we simply remove the tests and documentation for the flag. It's already a no-op so there's no point to break people who are passing it for legacy reasons. That we can minimize the code we're maintaining, but also avoid unnecessary breakage (which I'd like to avoid, especially in light of the setuptools fiasco). |
I've been not followng pip for a while. What fiasco do mean here? |
Setuptools has recently made a string of backwards incompatible changes/removals that have caused considerable breakage. The community backlash has spilled beyond setuptools' issue tracker. If you're interested, you can take a look at the most recently active issues on setuptools. The specifics aren't important (and I'd rather not bring over discussions being held on setuptools here). |
xref this is breaking |
The deprecation/removal has been cancelled (see PR #13308 which I just merged). The flag will only be hidden from the CLI help and documentation. |
@ichard26 shall we close this issue? |
I was thinking that we should keep this open until pip 25.1 is released, but on second thought, we can close this now. |
Bumps the ci group with 5 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [nox](https://github.com/wntrblm/nox) | `2024.10.9` | `2025.2.9` | | [nox-poetry](https://github.com/cjolowicz/nox-poetry) | `1.0.3` | `1.2.0` | | [pip](https://github.com/pypa/pip) | `24.3.1` | `25.0.1` | | [poetry](https://github.com/python-poetry/poetry) | `2.0.1` | `2.1.1` | | [poetry-dynamic-versioning](https://github.com/mtkennerly/poetry-dynamic-versioning) | `1.7.0` | `1.7.1` | Updates `nox` from 2024.10.9 to 2025.2.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/wntrblm/nox/releases">nox's releases</a>.</em></p> <blockquote> <h2>2025.02.09 💝</h2> <p>This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the <code>pyproject.toml</code> support, including helpers for dependency-groups and Python version lists.</p> <p>We'd like to thank the following folks who contributed to this release:</p> <ul> <li><a href="https://github.com/btemplep"><code>@btemplep</code></a> (first contribution)</li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a> (first contribution)</li> <li><a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> (first contribution)</li> <li><a href="https://github.com/gschaffner"><code>@gschaffner</code></a> (first contribution)</li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a></li> <li><a href="https://github.com/oliversen"><code>@oliversen</code></a> (first contribution)</li> </ul> <p>New features:</p> <ul> <li>Support PEP 723 noxfiles by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/881">wntrblm/nox#881</a></li> <li>Expose main as <code>nox.main</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/878">wntrblm/nox#878</a> (followup fix: <a href="https://redirect.github.com/wntrblm/nox/pull/884">wntrblm/nox#884</a>)</li> <li>Support session dependencies (<code>requires</code>) by <a href="https://github.com/gschaffner"><code>@gschaffner</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/631">wntrblm/nox#631</a></li> <li>Helper to get dependency-groups by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/876">wntrblm/nox#876</a></li> <li>Helper to get the Python listing by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/877">wntrblm/nox#877</a></li> <li>Add a <code>"pyproject.toml"</code> default for <code>load_toml</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/917">wntrblm/nox#917</a></li> </ul> <p>Bugfixes:</p> <ul> <li>Correct virtualenv bin dir under mingw python by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/901">wntrblm/nox#901</a></li> <li>Allow <code>pypy-*</code> to be used as well for <code>pypy*</code> (matching GHA) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/913">wntrblm/nox#913</a></li> <li>Don't trigger a background update process for virtualenv by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/918">wntrblm/nox#918</a></li> <li>Include encoding for consistent behavior (default in Python 3.15+) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/891">wntrblm/nox#891</a></li> <li>Outer env issues fixed by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/874">wntrblm/nox#874</a></li> <li>Support noxfile being a symlink by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/829">wntrblm/nox#829</a></li> <li>Drop PyPy from the default list for the GitHub Action by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/916">wntrblm/nox#916</a></li> </ul> <p>Bugfixes related to uv support:</p> <ul> <li>Catch <code>PermissionError</code> from popen when UV is not installed by <a href="https://github.com/btemplep"><code>@btemplep</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/908">wntrblm/nox#908</a></li> <li>Use <code>uv python install</code> only with uv backend by <a href="https://github.com/oliversen"><code>@oliversen</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/900">wntrblm/nox#900</a></li> <li>Handle <code>"uvx"</code> like <code>"uv"</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/920">wntrblm/nox#920</a></li> <li>Support broken uv (via pyenv) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/922">wntrblm/nox#922</a></li> </ul> <p>Tox-to-nox script:</p> <ul> <li>Drop support for tox 3 by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/910">wntrblm/nox#910</a></li> <li>Switch pkgutil for importlib-resources by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/887">wntrblm/nox#887</a></li> <li>Correctly separate command-line arguments by <a href="https://github.com/chirizxc"><code>@chirizxc</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/906">wntrblm/nox#906</a></li> </ul> <p>Improved noxfile validation:</p> <ul> <li>Error if invalid <code>reuse_venv</code> set by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/872">wntrblm/nox#872</a></li> <li>Error with helpful message if invalid option is set via <code>nox.options</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/871">wntrblm/nox#871</a> (followup fix: <a href="https://redirect.github.com/wntrblm/nox/pull/921">wntrblm/nox#921</a>)</li> <li>Validate entries in <code>nox.config</code>, too, using attrs by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/880">wntrblm/nox#880</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wntrblm/nox/blob/main/CHANGELOG.md">nox's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>2025.02.09</h2> <p>This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the <code>pyproject.toml</code> support, including helpers for dependency-groups and Python version lists.</p> <p>We'd like to thank the following folks who contributed to this release:</p> <ul> <li><a href="https://github.com/btemplep"><code>@btemplep</code></a> (first contribution)</li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a> (first contribution)</li> <li><a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> (first contribution)</li> <li><a href="https://github.com/gschaffner"><code>@gschaffner</code></a> (first contribution)</li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a></li> <li><a href="https://github.com/oliversen"><code>@oliversen</code></a> (first contribution)</li> </ul> <p>New features:</p> <ul> <li>Support PEP 723 noxfiles by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/881">wntrblm/nox#881</a></li> <li>Expose main as <code>nox.main</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/878">wntrblm/nox#878</a> (followup fix: <a href="https://redirect.github.com/wntrblm/nox/pull/884">wntrblm/nox#884</a>)</li> <li>Support session dependencies (<code>requires</code>) by <a href="https://github.com/gschaffner"><code>@gschaffner</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/631">wntrblm/nox#631</a></li> <li>Helper to get dependency-groups by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/876">wntrblm/nox#876</a></li> <li>Helper to get the Python listing by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/877">wntrblm/nox#877</a></li> <li>Add a <code>"pyproject.toml"</code> default for <code>load_toml</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/917">wntrblm/nox#917</a></li> </ul> <p>Bugfixes:</p> <ul> <li>Correct virtualenv bin dir under mingw python by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/901">wntrblm/nox#901</a></li> <li>Allow <code>pypy-*</code> to be used as well for <code>pypy*</code> (matching GHA) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/913">wntrblm/nox#913</a></li> <li>Don't trigger a background update process for virtualenv by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/918">wntrblm/nox#918</a></li> <li>Include encoding for consistent behavior (default in Python 3.15+) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/891">wntrblm/nox#891</a></li> <li>Outer env issues fixed by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/874">wntrblm/nox#874</a></li> <li>Support noxfile being a symlink by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/829">wntrblm/nox#829</a></li> <li>Drop PyPy from the default list for the GitHub Action by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/916">wntrblm/nox#916</a></li> </ul> <p>Bugfixes related to uv support:</p> <ul> <li>Catch <code>PermissionError</code> from popen when UV is not installed by <a href="https://github.com/btemplep"><code>@btemplep</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/908">wntrblm/nox#908</a></li> <li>Use <code>uv python install</code> only with uv backend by <a href="https://github.com/oliversen"><code>@oliversen</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/900">wntrblm/nox#900</a></li> <li>Handle <code>"uvx"</code> like <code>"uv"</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/920">wntrblm/nox#920</a></li> <li>Support broken uv (via pyenv) by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/922">wntrblm/nox#922</a></li> </ul> <p>Tox-to-nox script:</p> <ul> <li>Drop support for tox 3 by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/910">wntrblm/nox#910</a></li> <li>Switch pkgutil for importlib-resources by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/887">wntrblm/nox#887</a></li> <li>Correctly separate command-line arguments by <a href="https://github.com/chirizxc"><code>@chirizxc</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/906">wntrblm/nox#906</a></li> </ul> <p>Improved noxfile validation:</p> <ul> <li>Error if invalid <code>reuse_venv</code> set by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/wntrblm/nox/pull/872">wntrblm/nox#872</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wntrblm/nox/commit/a74da2c766d4e656d6105639926c31f3aa4a6ca1"><code>a74da2c</code></a> Release 2025.02.09</li> <li><a href="https://github.com/wntrblm/nox/commit/433ad2fce100785b3ede391e7b64b2d4b08d50b5"><code>433ad2f</code></a> docs: prepare for first 2025 release (<a href="https://redirect.github.com/wntrblm/nox/issues/923">#923</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/b92b29408dd5e2761e8c23493637ad91dc482af0"><code>b92b294</code></a> ci: trusted publisher (<a href="https://redirect.github.com/wntrblm/nox/issues/924">#924</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/ae83927f28fd63d2374c73f785aa410320a8702e"><code>ae83927</code></a> ci: add some suggestions from zizmor (<a href="https://redirect.github.com/wntrblm/nox/issues/925">#925</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/c62875562eb5140431ef874ff66179ad7947c4d0"><code>c628755</code></a> fix: support broken uv (via pyenv) (<a href="https://redirect.github.com/wntrblm/nox/issues/922">#922</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/97e5a38719a2e4d9aeceda322f043ef08bbfdd0a"><code>97e5a38</code></a> fix: don't over-validate lists (<a href="https://redirect.github.com/wntrblm/nox/issues/921">#921</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/97e0fad6a4036d610591a52e9ad0cfbe74a31af3"><code>97e0fad</code></a> fix: handle uvx like uv (<a href="https://redirect.github.com/wntrblm/nox/issues/920">#920</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/223c8c692b0faf60c5ec1ff37ce6a88408b203a1"><code>223c8c6</code></a> fix: add a pyproject.toml default for load_toml (<a href="https://redirect.github.com/wntrblm/nox/issues/917">#917</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/101d7c43c6512b4d45104b0a63c9ed94ba1ff3a4"><code>101d7c4</code></a> fix(gha): drop PyPy from the default list for the GitHub Action (<a href="https://redirect.github.com/wntrblm/nox/issues/916">#916</a>)</li> <li><a href="https://github.com/wntrblm/nox/commit/beab6c32519c4aa1f18c53c3f4a9b75665e5258c"><code>beab6c3</code></a> feat: support PEP 723 noxfiles (<a href="https://redirect.github.com/wntrblm/nox/issues/881">#881</a>)</li> <li>Additional commits viewable in <a href="https://github.com/wntrblm/nox/compare/2024.10.09...2025.02.09">compare view</a></li> </ul> </details> <br /> Updates `nox-poetry` from 1.0.3 to 1.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cjolowicz/nox-poetry/releases">nox-poetry's releases</a>.</em></p> <blockquote> <h2>v1.2.0</h2> <h2>Changes</h2> <ul> <li>Release 1.2.0 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1316">#1316</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Update release workflow (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1315">#1315</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Use <code>build</code> PEP 517 build frontend to build the package (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1303">#1303</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Enable FIPS compliance by calling blake2b with usedforsecurity=False (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1307">#1307</a>) <a href="https://github.com/davemcphee"><code>@davemcphee</code></a></li> <li>Use Python 3.13 and Ubuntu 24.04 for RTD build (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1309">#1309</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Drop support for Python 3.8 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1302">#1302</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Update tested Poetry versions (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1295">#1295</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Cancel in-progress runs for the same branch or in retries of the same workflow run (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1286">#1286</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Trigger test workflow only in PRs and pushes to main (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1282">#1282</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>Fix Dependabot group patterns (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1281">#1281</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>chore: Group dependabot updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1278">#1278</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> </ul> <h2>:package: Dependencies</h2> <ul> <li>⬆️ Bump the lockfile-dev group with 2 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1314">#1314</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump actions/upload-artifact from 4.6.0 to 4.6.1 in the actions group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1312">#1312</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump sphinx from 8.2.0 to 8.2.1 in /docs in the docs group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1313">#1313</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump the lockfile-dev group across 1 directory with 6 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1311">#1311</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump sphinx from 8.1.3 to 8.2.0 in /docs in the docs group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1304">#1304</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump actions/cache from 4.2.0 to 4.2.1 in the actions group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1305">#1305</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump the lockfile-runtime group across 1 directory with 2 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1297">#1297</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump myst-parser from 4.0.0 to 4.0.1 in /docs in the docs group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1299">#1299</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump poetry from 2.0.1 to 2.1.1 in /.github/workflows in the ci group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1301">#1301</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump safety from 3.2.14 to 3.3.0 in the lockfile-dev group (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1300">#1300</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump the actions group across 1 directory with 4 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1290">#1290</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump the lockfile-dev group across 1 directory with 6 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1293">#1293</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump the ci group across 1 directory with 3 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1296">#1296</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump the actions group with 8 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1285">#1285</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump the ci group in /.github/workflows with 3 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1283">#1283</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump the lockfile-runtime group with 6 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1280">#1280</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump the docs group in /docs with 3 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1284">#1284</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ Bump the lockfile-dev group with 23 updates (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1279">#1279</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump charset-normalizer from 3.3.2 to 3.4.1 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1238">#1238</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump certifi from 2024.8.30 to 2024.12.14 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1240">#1240</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump virtualenv from 20.26.3 to 20.29.1 in /.github/workflows (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1235">#1235</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump rich from 13.9.2 to 13.9.4 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1236">#1236</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>⬆️ [dev]: Bump click from 8.1.7 to 8.1.8 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1237">#1237</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump actions/setup-python from 4.6.1 to 5.3.0 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1233">#1233</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> </ul> <h2>v1.1.0</h2> <h2>Changes</h2> <h2>Features</h2> <ul> <li>Support Poetry 2.0 and PEP 621 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1223">#1223</a>) <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a></li> <li>feat: add support for tags in session decorator (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1220">#1220</a>) <a href="https://github.com/mariuswinger"><code>@mariuswinger</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/b9b6dcf797dfda3ea2f288af8d803d5797f0bd2f"><code>b9b6dcf</code></a> 🔖 Release 1.2.0 (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1316">#1316</a>)</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/0afa26142f5f684685e8b9c8bd05375ed9ae2c45"><code>0afa261</code></a> Update release workflow (<a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1315">#1315</a>)</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/43abbd4e796b280ba732d3ec7ef17fa78d435dac"><code>43abbd4</code></a> Merge pull request <a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1314">#1314</a> from cjolowicz/dependabot/pip/lockfile-dev-9a05e95988</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/33fd3bf0fff406860456ffa76823b2603a78b0a1"><code>33fd3bf</code></a> :arrow_up: Bump the lockfile-dev group with 2 updates</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/c6a024a3671dbc26ebb3ef1333a6027888f6dbd7"><code>c6a024a</code></a> Merge pull request <a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1312">#1312</a> from cjolowicz/dependabot/github_actions/actions-19a...</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/d4df64ee653c3d4c27cbb5adf2a87a71cd634f59"><code>d4df64e</code></a> Merge pull request <a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1313">#1313</a> from cjolowicz/dependabot/pip/docs/docs-13bf812558</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/d4e3e1c82a4869acb61a12bf177e5c2731f1cf77"><code>d4e3e1c</code></a> Bump sphinx from 8.2.0 to 8.2.1 in /docs in the docs group</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/698b427f2f9972f48de15b193457af8bb355fd2a"><code>698b427</code></a> Bump actions/upload-artifact from 4.6.0 to 4.6.1 in the actions group</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/af0c06bc97306486a1c9a11920818e18637feb34"><code>af0c06b</code></a> Merge pull request <a href="https://redirect.github.com/cjolowicz/nox-poetry/issues/1311">#1311</a> from cjolowicz/dependabot/pip/lockfile-dev-c3028c24da</li> <li><a href="https://github.com/cjolowicz/nox-poetry/commit/a836160bc148a2a2f21bb76f3725d6e1a6a1f133"><code>a836160</code></a> :arrow_up: Bump the lockfile-dev group across 1 directory with 6 updates</li> <li>Additional commits viewable in <a href="https://github.com/cjolowicz/nox-poetry/compare/v1.0.3...v1.2.0">compare view</a></li> </ul> </details> <br /> Updates `pip` from 24.3.1 to 25.0.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0.1 (2025-02-09)</h1> <h2>Bug Fixes</h2> <ul> <li>Fix an unsupported type annotation on Python 3.10 and earlier. (<code>[#13181](https://github.com/pypa/pip/issues/13181) <https://github.com/pypa/pip/issues/13181></code>_)</li> <li>Fix a regression where truststore would never be used while installing build dependencies. (<code>[#13186](https://github.com/pypa/pip/issues/13186) <https://github.com/pypa/pip/issues/13186></code>_)</li> </ul> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](https://github.com/pypa/pip/issues/13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](https://github.com/pypa/pip/issues/13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](https://github.com/pypa/pip/issues/13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](https://github.com/pypa/pip/issues/11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](https://github.com/pypa/pip/issues/12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](https://github.com/pypa/pip/issues/13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](https://github.com/pypa/pip/issues/13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](https://github.com/pypa/pip/issues/12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](https://github.com/pypa/pip/issues/11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](https://github.com/pypa/pip/issues/13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](https://github.com/pypa/pip/issues/13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](https://github.com/pypa/pip/issues/5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/bc7c88cb3de9c9af769c51517833ea48bbe70d9a"><code>bc7c88c</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/ebd0a52e123af8f89b0f3e8e18627653f4c83bfe"><code>ebd0a52</code></a> Don't pass --cert to build subprocesses unless also given on CLI</li> <li><a href="https://github.com/pypa/pip/commit/aea86290d9b12ddbd2cb63f16c35d3e22f822bce"><code>aea8629</code></a> Fix locate_file() type hints for older Pythons</li> <li><a href="https://github.com/pypa/pip/commit/e612988a6155466a8da620b237639bc2682ecb68"><code>e612988</code></a> Add build-project.py compatibility note</li> <li><a href="https://github.com/pypa/pip/commit/202344eed3009a2546052b1885bdbcaee8295620"><code>202344e</code></a> Update the release process docs</li> <li><a href="https://github.com/pypa/pip/commit/dc696c28332ade10cfe7ce95bda7d6c2868f2083"><code>dc696c2</code></a> Patch out EXTERNALLY-MANAGED for self-check tests (<a href="https://redirect.github.com/pypa/pip/issues/13179">#13179</a>)</li> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0.1">compare view</a></li> </ul> </details> <br /> Updates `poetry` from 2.0.1 to 2.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-poetry/poetry/releases">poetry's releases</a>.</em></p> <blockquote> <h2>2.1.1</h2> <h3>Fixed</h3> <ul> <li>Fix an issue where <code>poetry env use python</code> does not choose the Python from the PATH (<a href="https://redirect.github.com/python-poetry/poetry/pull/10187">#10187</a>).</li> </ul> <h3>poetry-core (<a href="https://github.com/python-poetry/poetry-core/releases/tag/2.1.1"><code>2.1.1</code></a>)</h3> <ul> <li>Fix an issue where simplifying a <code>python_version</code> marker resulted in an invalid marker (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/838">#838</a>).</li> </ul> <h2>2.1.0</h2> <h3>Added</h3> <ul> <li><strong>Make <code>build</code> command build-system agnostic</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10059">#10059</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10092">#10092</a>).</li> <li>Add a <code>--config-settings</code> option to <code>poetry build</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10059">#10059</a>).</li> <li>Add support for defining <code>config-settings</code> when building dependencies (<a href="https://redirect.github.com/python-poetry/poetry/pull/10129">#10129</a>).</li> <li><strong>Add (experimental) commands to manage Python installations</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10112">#10112</a>).</li> <li>Use <code>findpython</code> to find the Python interpreters (<a href="https://redirect.github.com/python-poetry/poetry/pull/10097">#10097</a>).</li> <li>Add a <code>--no-truncate</code> option to <code>poetry show</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/9580">#9580</a>).</li> <li>Re-add support for passwords with empty usernames (<a href="https://redirect.github.com/python-poetry/poetry/pull/10088">#10088</a>).</li> <li>Add better error messages (<a href="https://redirect.github.com/python-poetry/poetry/pull/10053">#10053</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10065">#10065</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10126">#10126</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10127">#10127</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10132">#10132</a>).</li> </ul> <h3>Changed</h3> <ul> <li><strong><code>poetry new</code> defaults to "src" layout by default</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10135">#10135</a>).</li> <li>Improve performance of locking dependencies (<a href="https://redirect.github.com/python-poetry/poetry/pull/10111">#10111</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10114">#10114</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10138">#10138</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10146">#10146</a>).</li> <li>Deprecate adding sources without specifying <code>--priority</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10134">#10134</a>).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix an issue where global options were not handled correctly when positioned after command options (<a href="https://redirect.github.com/python-poetry/poetry/pull/10021">#10021</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10067">#10067</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10128">#10128</a>).</li> <li>Fix an issue where building a dependency from source failed because of a conflict between build-system dependencies that were not required for the target environment (<a href="https://redirect.github.com/python-poetry/poetry/pull/10048">#10048</a>).</li> <li>Fix an issue where <code>poetry init</code> was not able to find a package on PyPI while adding dependencies interactively (<a href="https://redirect.github.com/python-poetry/poetry/pull/10055">#10055</a>).</li> <li>Fix an issue where the <code>@latest</code> descriptor was incorrectly passed to the core requirement parser (<a href="https://redirect.github.com/python-poetry/poetry/pull/10069">#10069</a>).</li> <li>Fix an issue where Boolean environment variables set to <code>True</code> (in contrast to <code>true</code>) were interpreted as <code>false</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10080">#10080</a>).</li> <li>Fix an issue where <code>poetry env activate</code> reported a misleading error message (<a href="https://redirect.github.com/python-poetry/poetry/pull/10087">#10087</a>).</li> <li>Fix an issue where adding an optional dependency with <code>poetry add --optional</code> would not correctly update the lock file (<a href="https://redirect.github.com/python-poetry/poetry/pull/10076">#10076</a>).</li> <li>Fix an issue where <code>pip</code> was not installed/updated before other dependencies resulting in a race condition (<a href="https://redirect.github.com/python-poetry/poetry/pull/10102">#10102</a>).</li> <li>Fix an issue where Poetry freezes when multiple threads attempt to unlock the <code>keyring</code> simultaneously (<a href="https://redirect.github.com/python-poetry/poetry/pull/10062">#10062</a>).</li> <li>Fix an issue where markers with extras were not locked correctly (<a href="https://redirect.github.com/python-poetry/poetry/pull/10119">#10119</a>).</li> <li>Fix an issue where self-referential extras were not resolved correctly (<a href="https://redirect.github.com/python-poetry/poetry/pull/10106">#10106</a>).</li> <li>Fix an issue where Poetry could not be run from a <code>zipapp</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10074">#10074</a>).</li> <li>Fix an issue where installation failed with a permission error when using the system environment as a user without write access to system site packages (<a href="https://redirect.github.com/python-poetry/poetry/pull/9014">#9014</a>).</li> <li>Fix an issue where a version of a dependency that is not compatible with the project's python constraint was locked. (<a href="https://redirect.github.com/python-poetry/poetry/pull/10141">#10141</a>).</li> <li>Fix an issue where Poetry wrongly reported that the current project's supported Python range is not compatible with some of the required packages Python requirement (<a href="https://redirect.github.com/python-poetry/poetry/pull/10157">#10157</a>).</li> <li>Fix an issue where the requested extras of a dependency were ignored if the same dependency (with same extras) was specified in multiple groups (<a href="https://redirect.github.com/python-poetry/poetry/pull/10158">#10158</a>).</li> </ul> <h3>Docs</h3> <ul> <li>Sort commands by name in the CLI reference (<a href="https://redirect.github.com/python-poetry/poetry/pull/10035">#10035</a>).</li> <li>Add missing documentation for <code>env</code> commands (<a href="https://redirect.github.com/python-poetry/poetry/pull/10027">#10027</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md">poetry's changelog</a>.</em></p> <blockquote> <h2>[2.1.1] - 2025-02-16</h2> <h3>Fixed</h3> <ul> <li>Fix an issue where <code>poetry env use python</code> does not choose the Python from the PATH (<a href="https://redirect.github.com/python-poetry/poetry/pull/10187">#10187</a>).</li> </ul> <h3>poetry-core (<a href="https://github.com/python-poetry/poetry-core/releases/tag/2.1.1"><code>2.1.1</code></a>)</h3> <ul> <li>Fix an issue where simplifying a <code>python_version</code> marker resulted in an invalid marker (<a href="https://redirect.github.com/python-poetry/poetry-core/pull/838">#838</a>).</li> </ul> <h2>[2.1.0] - 2025-02-15</h2> <h3>Added</h3> <ul> <li><strong>Make <code>build</code> command build-system agnostic</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10059">#10059</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10092">#10092</a>).</li> <li>Add a <code>--config-settings</code> option to <code>poetry build</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10059">#10059</a>).</li> <li>Add support for defining <code>config-settings</code> when building dependencies (<a href="https://redirect.github.com/python-poetry/poetry/pull/10129">#10129</a>).</li> <li><strong>Add (experimental) commands to manage Python installations</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10112">#10112</a>).</li> <li>Use <code>findpython</code> to find the Python interpreters (<a href="https://redirect.github.com/python-poetry/poetry/pull/10097">#10097</a>).</li> <li>Add a <code>--no-truncate</code> option to <code>poetry show</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/9580">#9580</a>).</li> <li>Re-add support for passwords with empty usernames (<a href="https://redirect.github.com/python-poetry/poetry/pull/10088">#10088</a>).</li> <li>Add better error messages (<a href="https://redirect.github.com/python-poetry/poetry/pull/10053">#10053</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10065">#10065</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10126">#10126</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10127">#10127</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10132">#10132</a>).</li> </ul> <h3>Changed</h3> <ul> <li><strong><code>poetry new</code> defaults to "src" layout by default</strong> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10135">#10135</a>).</li> <li>Improve performance of locking dependencies (<a href="https://redirect.github.com/python-poetry/poetry/pull/10111">#10111</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10114">#10114</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10138">#10138</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10146">#10146</a>).</li> <li>Deprecate adding sources without specifying <code>--priority</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10134">#10134</a>).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix an issue where global options were not handled correctly when positioned after command options (<a href="https://redirect.github.com/python-poetry/poetry/pull/10021">#10021</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10067">#10067</a>, <a href="https://redirect.github.com/python-poetry/poetry/pull/10128">#10128</a>).</li> <li>Fix an issue where building a dependency from source failed because of a conflict between build-system dependencies that were not required for the target environment (<a href="https://redirect.github.com/python-poetry/poetry/pull/10048">#10048</a>).</li> <li>Fix an issue where <code>poetry init</code> was not able to find a package on PyPI while adding dependencies interactively (<a href="https://redirect.github.com/python-poetry/poetry/pull/10055">#10055</a>).</li> <li>Fix an issue where the <code>@latest</code> descriptor was incorrectly passed to the core requirement parser (<a href="https://redirect.github.com/python-poetry/poetry/pull/10069">#10069</a>).</li> <li>Fix an issue where Boolean environment variables set to <code>True</code> (in contrast to <code>true</code>) were interpreted as <code>false</code> (<a href="https://redirect.github.com/python-poetry/poetry/pull/10080">#10080</a>).</li> <li>Fix an issue where <code>poetry env activate</code> reported a misleading error message (<a href="https://redirect.github.com/python-poetry/poetry/pull/10087">#10087</a>).</li> <li>Fix an issue where adding an optional dependency with <code>poetry add --optional</code> would not correctly update the lock file (<a href="https://redirect.github.com/python-poetry/poetry/pull/10076">#10076</a>).</li> <li>Fix an issue where <code>pip</code> was not installed/updated before other dependencies resulting in a race condition (<a href="https://redirect.github.com/python-poetry/poetry/pull/10102">#10102</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-poetry/poetry/commit/6e61c8b25f034aea350284a426499c70be2fa816"><code>6e61c8b</code></a> release: bump version to 2.1.1</li> <li><a href="https://github.com/python-poetry/poetry/commit/b0cfe12feb2fffad97bfae357e344c71d0e25ab0"><code>b0cfe12</code></a> chore: update poetry-core (<a href="https://redirect.github.com/python-poetry/poetry/issues/10188">#10188</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/1791aa4129757188ac2dba1ee1d3a374149ac019"><code>1791aa4</code></a> fix "env use python" to use Python in PATH (<a href="https://redirect.github.com/python-poetry/poetry/issues/10187">#10187</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/36e1c639f8cb850dabcb9fdbe7dce465ce97a0ca"><code>36e1c63</code></a> release: bump version to 2.1.0</li> <li><a href="https://github.com/python-poetry/poetry/commit/0d2c606088960a3ad84d4d587f41550d10884b3b"><code>0d2c606</code></a> chore: update dependencies and actions (<a href="https://redirect.github.com/python-poetry/poetry/issues/10182">#10182</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/3986d76f42aeb49ea98974eb397034faede7ce93"><code>3986d76</code></a> Fix: Documentation/help inconsistency. (<a href="https://redirect.github.com/python-poetry/poetry/issues/10173">#10173</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/2d59bf67351f283d4f7fbd2615d1a8406cba9c6e"><code>2d59bf6</code></a> <code>--no-truncate</code> flag in show command (<a href="https://redirect.github.com/python-poetry/poetry/issues/9580">#9580</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/8a1ed35a12bd7587f2878071f0a476ceb1e133fb"><code>8a1ed35</code></a> feat(cli): introduce python management commands (<a href="https://redirect.github.com/python-poetry/poetry/issues/10112">#10112</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/4b91883e2edc4854a635281c942e88163dc9cc2b"><code>4b91883</code></a> chore: update cirrus.ci image (<a href="https://redirect.github.com/python-poetry/poetry/issues/10175">#10175</a>)</li> <li><a href="https://github.com/python-poetry/poetry/commit/26a6b8afe559ebb0571f63de033dcf4503979dfb"><code>26a6b8a</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/python-poetry/poetry/issues/10168">#10168</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python-poetry/poetry/compare/2.0.1...2.1.1">compare view</a></li> </ul> </details> <br /> Updates `poetry-dynamic-versioning` from 1.7.0 to 1.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mtkennerly/poetry-dynamic-versioning/releases">poetry-dynamic-versioning's releases</a>.</em></p> <blockquote> <h2>v1.7.1 (2025-01-22)</h2> <ul> <li>Fixed: <ul> <li>There was an intermittent <code>ValueError</code> in PEP 621 mode, related to trying to remove <code>"version"</code> from <code>project.dynamic</code> when it had already been removed.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mtkennerly/poetry-dynamic-versioning/blob/master/CHANGELOG.md">poetry-dynamic-versioning's changelog</a>.</em></p> <blockquote> <h2>v1.7.1 (2025-01-22)</h2> <ul> <li>Fixed: <ul> <li>There was an intermittent <code>ValueError</code> in PEP 621 mode, related to trying to remove <code>"version"</code> from <code>project.dynamic</code> when it had already been removed.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mtkennerly/poetry-dynamic-versioning/commit/532a60ab8ba6d03b724d5d8ebfe88f877a9a8ee2"><code>532a60a</code></a> Release v1.7.1</li> <li><a href="https://github.com/mtkennerly/poetry-dynamic-versioning/commit/099d8e47ed8d35043daac21d01246cb4d9d0b248"><code>099d8e4</code></a> <a href="https://redirect.github.com/mtkennerly/poetry-dynamic-versioning/issues/216">#216</a>: Avoid intermittent issue with value already being removed</li> <li>See full diff in <a href="https://github.com/mtkennerly/poetry-dynamic-versioning/compare/v1.7.0...v1.7.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Edgar Ramírez-Mondragón <edgarrm358@gmail.com>
Update (April 3rd, 2025) - the deprecation and removal has been cancelled. The flag is still a no-op and does not serve a purpose, but it will remain to avoid breaking old scripts and tools. The flag is more prevalent than we thought.
The Python 2 days are behind us, thus we can kill off the
--no-python-version-warning
flag which disabled the "Python 2 is sunsetting support" warnings :)If you're using this flag, you can simply stop. It does nothing today.
The text was updated successfully, but these errors were encountered: