--- - branch: MAIN date: Sun Oct 15 19:37:43 UTC 2023 files: - new: '1.68' old: '1.67' path: pkgsrc/devel/py-pip/Makefile pathrev: pkgsrc/devel/py-pip/Makefile@1.68 type: modified - new: '1.40' old: '1.39' path: pkgsrc/devel/py-pip/PLIST pathrev: pkgsrc/devel/py-pip/PLIST@1.40 type: modified - new: '1.58' old: '1.57' path: pkgsrc/devel/py-pip/distinfo pathrev: pkgsrc/devel/py-pip/distinfo@1.58 type: modified - new: '1.2' old: '1.1' path: pkgsrc/devel/py-pip/patches/patch-src_pip___internal_req_req__install.py pathrev: pkgsrc/devel/py-pip/patches/patch-src_pip___internal_req_req__install.py@1.2 type: modified id: 20231015T193743Z.2f7038570cef2c54e81b082fd0ef878e21b0f6dc log: | py-pip: updated to 23.3 23.3 (2023-10-15) ================= Process ------- - Added reference to `vulnerability reporting guidelines `_ to pip's security policy. Deprecations and Removals ------------------------- - Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. Features -------- - Improve extras resolution for multiple constraints on same base package. - Improve use of datastructures to make candidate selection 1.6x faster - Allow ``pip install --dry-run`` to use platform and ABI overriding options similar to ``--target``. - Add ``is_yanked`` boolean entry to the installation report (``--report``) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. Bug Fixes --------- - Ignore errors in temporary directory cleanup (show a warning instead). - Normalize extras according to :pep:`685` from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this *does not* solve cases where the package itself contains unnormalized extra values in the metadata. - Prevent downloading sdists twice when PEP 658 metadata is present. - Include all requested extras in the install report (``--report``). - Removed uses of ``datetime.datetime.utcnow`` from non-vendored code. - Consistently report whether a dependency comes from an extra. - Fix completion script for zsh - Fix improper handling of the new onexc argument of ``shutil.rmtree()`` in Python 3.12. - Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. - Fix crash when the git version number contains something else than digits and dots. - Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial. - Redact password from URLs in some additional places. - pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). Vendored Libraries ------------------ - Upgrade certifi to 2023.7.22 - Add truststore 0.8.0 - Upgrade urllib3 to 1.26.17 Improved Documentation ---------------------- - Document that ``pip search`` support has been removed from PyPI - Clarify --prefer-binary in CLI and docs - Document that using OS-provided Python can cause pip's test suite to report false failures. module: pkgsrc subject: 'CVS commit: pkgsrc/devel/py-pip' unixtime: '1697398663' user: adam