./devel/py-pip, Installs Python packages as an easy_install replacement

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 19.2.2, Package name: py37-pip-19.2.2, Maintainer: pkgsrc-users

pip is a replacement for easy_install. It uses mostly the same
techniques for finding packages, so packages that were made
easy_installable should be pip-installable as well.

pip is meant to improve on easy_install. Some of the improvements:
* All packages are downloaded before installation.
Partially-completed installation doesn't occur as a result.
* Care is taken to present useful output on the console.
* The reasons for actions are kept track of. For instance, if
a package is being installed, pip keeps track of why that package
was required.
* Error messages should be useful.
* The code is relatively concise and cohesive, making it easier
to use programmatically.
* Packages don't have to be installed as egg archives, they can
be installed flat (while keeping the egg metadata).
* Native support for other version control systems (Git, Mercurial
and Bazaar)
* Uninstallation of packages.
* Simple to define fixed sets of requirements and reliably
reproduce a set of packages.

Required to run:
[devel/py-setuptools] [lang/python37]

Required to build:

Master sites:

SHA1: 7a00fe59314bd0c8f758edbb092abadc7f7ecfaa
RMD160: 83bfe81802c10b2232cc1ca82cc6cea0e1a72338
Filesize: 1344.984 KB

Version history: (Expand)

CVS history: (Expand)

   2019-08-12 09:06:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 19.2.2


Bug Fixes
- Fix handling of tokens (single part credentials) in URLs.
- Fix a regression that caused ~ expansion not to occur in --find-links
   2019-08-03 13:23:09 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 19.2.1


Bug Fixes
- Fix a NoneType AttributeError when evaluating hashes and no hashes
  are provided.


Deprecations and Removals
- Drop support for EOL Python 3.4.
- Improve deprecation messages to include the version in which the functionality \ 
will be removed.

- Credentials will now be loaded using keyring when installed.
- Fully support using --trusted-host inside requirements files.
- Update timestamps in pip's --log file to include milliseconds.
- Respect whether a file has been marked as "yanked" from a simple \ 
  (see PEP 592 <https://www.python.org/dev/peps/pep-0592/>__ for details).
- When choosing candidates to install, prefer candidates with a hash matching
  one of the user-provided hashes.
- Improve the error message when METADATA or PKG-INFO is None when
  accessing metadata.
- Add a new command pip debug that can display e.g. the list of compatible
  tags for the current Python.
- Display hint on installing with --pre when search results include pre-release \ 
- Report to Warehouse that pip is running under CI if the PIP_IS_CI environment \ 
variable is set.
- Allow --python-version to be passed as a dotted version string (e.g.
  3.7 or 3.7.3).
- Log the final filename and SHA256 of a .whl file when done building a
- Include the wheel's tags in the log message explanation when a candidate
  wheel link is found incompatible.
- Add a --path argument to pip freeze to support --target
- Add a --path argument to pip list to support --target

Bug Fixes
- Set sys.argv[0] to the underlying setup.py when invoking setup.py
  via the setuptools shim so setuptools doesn't think the path is -c.
- Update pip download to respect the given --python-version when checking
- Respect --global-option and --install-option when installing from
  a version control url (e.g. git).
- Make the "ascii" progress bar really be "ascii" and not \ 
- Fail elegantly when trying to set an incorrectly formatted key in config.
- Prevent DistutilsOptionError when prefix is indicated in the global \ 
environment and --target is used.
- Fix pip install to respect --ignore-requires-python when evaluating
- Fix a debug log message when freezing an editable, non-version controlled
- Extend to Subversion 1.8+ the behavior of calling Subversion in
  interactive mode when pip is run interactively.
- Prevent pip install <url> from permitting directory traversal if e.g.
  a malicious server sends a Content-Disposition header with a filename
  containing ../ or ..\\.
- Hide passwords in output when using --find-links.
- Include more details in the log message if pip freeze can't generate a
  requirement string for a particular distribution.
- Add the line number and file location to the error message when reading an
  invalid requirements file in certain situations.
- Prefer os.confstr to ctypes when extracting glibc version info.
- Improve error message printed when an invalid editable requirement is provided.
- Improve error message formatting when a command errors out in a subprocess.

Vendored Libraries
- Upgrade certifi to 2019.6.16
- Upgrade distlib to 0.2.9.post0
- Upgrade msgpack to 0.6.1
- Upgrade requests to 2.22.0
- Upgrade urllib3 to 1.25.3
- Patch vendored html5lib, to prefer using collections.abc where possible.

Improved Documentation
- Document how Python 2.7 support will be maintained.
- Upgrade Sphinx version used to build documentation.
- Fix generation of subcommand manpages.
- Mention that pip can install from git refs.
- Replace a failing example of pip installs with extras with a working one.
   2019-05-07 07:17:20 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 19.1.1


- Restore pyproject.toml handling to how it was with pip 19.0.3 to prevent
  the need to add --no-use-pep517 when installing in editable mode.

Bug Fixes
- Fix a regression that caused @ to be quoted in pypiserver links.
  This interfered with parsing the revision string from VCS urls.
   2019-04-24 10:28:33 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 19.1


- Configuration files may now also be stored under sys.prefix
- Avoid creating an unnecessary local clone of a Bazaar branch when exporting.
- Include in pip's User-Agent string whether it looks like pip is running
  under CI.
- A custom (JSON-encoded) string can now be added to pip's User-Agent
  using the PIP_USER_AGENT_USER_DATA environment variable.
- For consistency, passing --no-cache-dir no longer affects whether wheels
  will be built.  In this case, a temporary directory is used.
- Command arguments in subprocess log messages are now quoted using
- Prefix warning and error messages in log output with WARNING and ERROR.
- Using --build-options in a PEP 517 build now fails with an error,
  rather than silently ignoring the option.
- Error out with an informative message if one tries to install a
  pyproject.toml-style (PEP 517) source tree using --editable mode.
- When downloading a package, the ETA and average speed now only update once per \ 
second for better legibility.

Bug Fixes
- The stdout and stderr from VCS commands run by pip as subprocesses (e.g.
  git, hg, etc.) no longer pollute pip's stdout.
- Fix handling of requests exceptions when dependencies are debundled.
- Make pip's self version check avoid recommending upgrades to prereleases if \ 
the currently-installed version is stable.
- Fixed crash when installing a requirement from a URL that comes from a \ 
dependency without a URL.
- Improve handling of file URIs: correctly handle file://localhost/... and don't \ 
try to use UNC paths on Unix.
- Fix utils.encoding.auto_decode() LookupError with invalid encodings.
  utils.encoding.auto_decode() was broken when decoding Big Endian BOM
  byte-strings on Little Endian or vice versa.
- Fix incorrect URL quoting of IPv6 addresses.
- Redact the password from the extra index URL when using pip -v.
- The spinner no longer displays a completion message after subprocess calls
  not needing a spinner. It also no longer incorrectly reports an error after
  certain subprocess calls to Git that succeeded.
- Fix the handling of editable mode during installs when pyproject.toml is
  present but PEP 517 doesn't require the source tree to be treated as
- Fix NameError when handling an invalid requirement.

Vendored Libraries
- Updated certifi to 2019.3.9
- Updated distro to 1.4.0
- Update progress to 1.5
- Updated pyparsing to 2.4.0
- Updated pkg_resources to 41.0.1 (via setuptools)

Improved Documentation
- Make dashes render correctly when displaying long options like
  --find-links in the text.
   2019-02-21 09:32:21 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 19.0.3

Bug Fixes
- Fix an IndexError crash when a legacy build of a wheel fails.
- Fix a regression introduced in 19.0.2 where the filename in a RECORD file
  of an installed file would not be updated when installing a wheel.
   2019-02-09 18:13:59 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 19.0.2


Bug Fixes
- Fix a crash where PEP 517-based builds using --no-cache-dir would fail in
  some circumstances with an AssertionError due to not finalizing a build
  directory internally.
- Provide a better error message if attempting an editable install of a
  directory with a pyproject.toml but no setup.py.
- The implicit default backend used for projects that provide a pyproject.toml
  file without explicitly specifying build-backend now behaves more like direct
  execution of setup.py, and hence should restore compatibility with projects
  that were unable to be installed with pip 19.0. This raised the minimum
  required version of setuptools for such builds to 40.8.0.
- Allow RECORD lines with more than three elements, and display a warning.
- AdjacentTempDirectory fails on unwritable directory instead of locking up the \ 
uninstall command.
- Make failed uninstalls roll back more reliably and better at avoiding naming \ 
- Ensure the correct wheel file is copied when building PEP 517 distribution is \ 
- The Python 2 end of life warning now only shows on CPython, which is the
  implementation that has announced end of life plans.

Improved Documentation
- Re-write README and documentation index
   2019-01-24 09:29:40 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 19.0.1


Bug Fixes
- Fix a crash when using --no-cache-dir with PEP 517 distributions


Deprecations and Removals
- Deprecate support for Python 3.4
- Start printing a warning for Python 2.7 to warn of impending Python 2.7 \ 
End-of-life and
  prompt users to start migrating to Python 3.
- Remove the deprecated --process-dependency-links option.
- Remove the deprecated SVN editable detection based on dependency links
  during freeze.

- Implement PEP 517 (allow projects to specify a build backend via pyproject.toml).
- Implement manylinux2010 platform tag support.  manylinux2010 is the successor
  to manylinux1.  It allows carefully compiled binary wheels to be installed
  on compatible Linux platforms.
- Improve build isolation: handle .pth files, so namespace packages are \ 
correctly supported under Python 3.2 and earlier.
- Include the package name in a freeze warning if the package is not installed.
- Warn when dropping an --[extra-]index-url value that points to an existing \ 
local directory.
- Prefix pip's --log file lines with their timestamp.

Bug Fixes
- Avoid creating excessively long temporary paths when uninstalling packages.
- Redact the password from the URL in various log messages.
- Avoid creating excessively long temporary paths when uninstalling packages.
- Avoid printing a stack trace when given an invalid requirement.
- Present 401 warning if username/password do not work for URL
- Handle requests.exceptions.RetryError raised in PackageFinder that was causing \ 
pip to fail silently when some indexes were unreachable.
- Handle a broken stdout pipe more gracefully (e.g. when running pip list | head).
- Fix crash from setting PIP_NO_CACHE_DIR=yes.
- Fix crash from unparseable requirements when checking installed packages.
- Fix content type detection if a directory named like an archive is used as a \ 
package source.
- Fix listing of outdated packages that are not dependencies of installed \ 
packages in pip list --outdated --not-required
- Fix sorting TypeError in move_wheel_files() when installing some packages.
- Fix support for invoking pip using python src/pip ....
- Greatly reduce memory usage when installing wheels containing large files.
- Editable non-VCS installs now freeze as editable.
- Editable Git installs without a remote now freeze as editable.
- Canonicalize sdist file names so they can be matched to a canonicalized \ 
package name passed to pip install.
- Properly decode special characters in SVN URL credentials.
- Make PIP_NO_CACHE_DIR disable the cache also for truthy values like \ 
"true", "yes", "1", etc.

Vendored Libraries
- Include license text of vendored 3rd party libraries.
- Update certifi to 2018.11.29
- Update colorama to 0.4.1
- Update distlib to 0.2.8
- Update idna to 2.8
- Update packaging to 19.0
- Update pep517 to 0.5.0
- Update pkg_resources to 40.6.3 (via setuptools)
- Update pyparsing to 2.3.1
- Update pytoml to 0.1.20
- Update requests to 2.21.0
- Update six to 1.12.0
- Update urllib3 to 1.24.1

Improved Documentation
- Include the Vendoring Policy in the documentation.
- Add instructions for running pip from source to Development documentation.
- Remove references to removed #egg=<name>-<version> functionality
- Fix omission of command name in HTML usage documentation
   2018-10-07 08:47:29 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 18.1


- Allow PEP 508 URL requirements to be used as dependencies.
  As a security measure, pip will raise an exception when installing packages from
  PyPI if those packages depend on packages not also hosted on PyPI.
  In the future, PyPI will block uploading packages with such external URL \ 
dependencies directly.
- Upgrade pyparsing to 2.2.1.
- Allows dist options (--abi, --python-version, --platform, --implementation) \ 
when installing with --target
- Support passing svn+ssh URLs with a username to pip install -e.
- pip now ensures that the RECORD file is sorted when installing from a wheel file.
- Add support for Python 3.7.
- Malformed configuration files now show helpful error messages, instead of \ 

Bug Fixes
- Checkout the correct branch when doing an editable Git install.
- Run self-version-check only on commands that may access the index, instead of
  trying on every run and failing to do so due to missing options.
- Allow a Git ref to be installed over an existing installation.
- Show a better error message when a configuration option has an invalid value.
- Always revalidate cached simple API pages instead of blindly caching them for \ 
up to 10
- Avoid caching self-version-check information when cache is disabled.
- Avoid traceback printing on autocomplete after flags in the CLI.
- Fix incorrect parsing of egg names if pip needs to guess the package name.