Next | Query returned 86 messages, browsing 31 to 40 | Previous

History of commit frequency

CVS Commit History:


   2021-11-10 00:19:50 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
py-pip: update to 21.3.1, again.

Changelog in previous update commit.
   2021-11-09 23:53:16 by Thomas Klausner | Files touched by this commit (3)
Log message:
py-pip: revert previous for now

I just noticed it drops support for python 2.x
   2021-11-09 23:52:17 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
py-pip: update to 21.3.1.

21.3.1 (2021-10-22)
===================

Bug Fixes
---------

- Always refuse installing or building projects that have no ``pyproject.toml`` nor
  ``setup.py``.
- Tweak running-as-root detection, to check ``os.getuid`` if it exists, on \ 
Unix-y and non-Linux/non-MacOS machines.
- When installing projects with a ``pyproject.toml`` in editable mode, and the build
  backend does not support :pep:`660`, prepare metadata using
  ``prepare_metadata_for_build_wheel`` instead of ``setup.py egg_info``. Also, refuse
  installing projects that only have a ``setup.cfg`` and no ``setup.py`` nor
  ``pyproject.toml``. These restore the pre-21.3 behaviour.
- Restore compatibility of where configuration files are loaded from on MacOS \ 
(back to ``Library/Application Support/pip``, instead of ``Preferences/pip``).

Vendored Libraries
------------------

- Upgrade pep517 to 0.12.0

21.3 (2021-10-11)
=================

Deprecations and Removals
-------------------------

- Improve deprecation warning regarding the copying of source trees when \ 
installing from a local directory.
- Suppress location mismatch warnings when pip is invoked from a Python source
  tree, so ``ensurepip`` does not emit warnings on CPython ``make install``.
- On Python 3.10 or later, the installation scheme backend has been changed to use
  ``sysconfig``. This is to anticipate the deprecation of ``distutils`` in Python
  3.10, and its scheduled removal in 3.12. For compatibility considerations, pip
  installations running on Python 3.9 or lower will continue to use ``distutils``.
- Remove the ``--build-dir`` option and aliases, one last time.
- In-tree builds are now the default. ``--use-feature=in-tree-build`` is now
  ignored. ``--use-deprecated=out-of-tree-build`` may be used temporarily to ease
  the transition.
- Un-deprecate source distribution re-installation behaviour.

Features
--------

- Replace vendored appdirs with platformdirs.
- Support `PEP 610 <https://www.python.org/dev/peps/pep-0610/>`_ to detect
  editable installs in ``pip freeze`` and  ``pip list``. The ``pip list`` column \ 
output
  has a new ``Editable project location`` column, and the JSON output has a new
  ``editable_project_location`` field.
- ``pip freeze`` will now always fallback to reporting the editable project
  location when it encounters a VCS error while analyzing an editable
  requirement. Before, it sometimes reported the requirement as non-editable.
- ``pip show`` now sorts ``Requires`` and ``Required-By`` alphabetically.
- Do not raise error when there are no files to remove with ``pip cache \ 
purge/remove``.
  Instead log a warning and continue (to log that we removed 0 files).
- When backtracking during dependency resolution, prefer the dependencies which \ 
are involved in the most recent conflict. This can significantly reduce the \ 
amount of backtracking required.
- Cache requirement objects, to improve performance reducing reparses of \ 
requirement strings.
- Support editable installs for projects that have a ``pyproject.toml`` and use a
  build backend that supports :pep:`660`.
- When a revision is specified in a Git URL, use git's partial clone feature to \ 
speed up source retrieval.
- Add a ``--debug`` flag, to enable a mode that doesn't log errors and \ 
propagates them to the top level instead. This is primarily to aid with \ 
debugging pip's crashes.
- If a host is explicitly specified as trusted by the user (via the \ 
--trusted-host option), cache HTTP responses from it in addition to HTTPS ones.

Bug Fixes
---------

- Present a better error message, when a ``file:`` URL is not found.
- Fix the auth credential cache to allow for the case in which
  the index url contains the username, but the password comes
  from an external source, such as keyring.
- Fix double unescape of HTML ``data-requires-python`` and ``data-yanked`` \ 
attributes.
- New resolver: Fixes depth ordering of packages during resolution, e.g. a \ 
dependency 2 levels deep will be ordered before a dependecy 3 levels deep.
- Correctly indent metadata preparation messages in pip output.

Vendored Libraries
------------------

- Remove appdirs as a vendored dependency.
- Upgrade distlib to 0.3.3
- Upgrade distro to 1.6.0
- Patch pkg_resources to use platformdirs rather than appdirs.
- Add platformdirs as a vendored dependency.
- Upgrade progress to 1.6
- Upgrade resolvelib to 0.8.0
- Upgrade urllib3 to 1.26.7

Improved Documentation
----------------------

- Update links of setuptools as setuptools moved these documents. The Simple \ 
Repository link now points to PyPUG as that is the canonical place of packaging \ 
specification, and setuptools's ``easy_install`` is deprecated.
- Create a "Build System Interface" reference section, for documenting \ 
how pip interacts with build systems.

21.2.4 (2021-08-12)
===================

Bug Fixes
---------

- Fix 3.6.0 compatibility in link comparison logic.

21.2.3 (2021-08-06)
===================

Bug Fixes
---------

- Modify the ``sysconfig.get_preferred_scheme`` function check to be
  compatible with CPython 3.10’s alphareleases.

21.2.2 (2021-07-31)
===================

Bug Fixes
---------

- New resolver: When a package is specified with extras in constraints, and with
  extras in non-constraint requirements, the resolver now correctly identifies the
  constraint's existence and avoids backtracking.

21.2.1 (2021-07-25)
===================

Process
-------

- The source distribution re-installation feature removal has been delayed to 21.3.

21.2 (2021-07-24)
=================

Process
-------

- ``pip freeze``, ``pip list``, and ``pip show`` no longer normalize underscore
  (``_``) in distribution names to dash (``-``). This is a side effect of the
  migration to ``importlib.metadata``, since the underscore-dash normalization
  behavior is non-standard and specific to setuptools. This should not affect
  other parts of pip (for example, when feeding the ``pip freeze`` result back
  into ``pip install``) since pip internally performs standard PEP 503
  normalization independently to setuptools.

Deprecations and Removals
-------------------------

- Git version parsing is now done with regular expression to prepare for the
  pending upstream removal of non-PEP-440 version parsing logic.
- Re-enable the "Value for ... does not match" location warnings to \ 
field a new
  round of feedback for the ``distutils``-``sysconfig`` transition.
- Remove deprecated ``--find-links`` option in ``pip freeze``

Features
--------

- New resolver: Loosen URL comparison logic when checking for direct URL reference
  equivalency. The logic includes the following notable characteristics:

  * The authentication part of the URL is explicitly ignored.
  * Most of the fragment part, including ``egg=``, is explicitly ignored. Only
    ``subdirectory=`` and hash values (e.g. ``sha256=``) are kept.
  * The query part of the URL is parsed to allow ordering differences.
- Support TOML v1.0.0 syntax in ``pyproject.toml``.
- Added a warning message for errors caused due to Long Paths being disabled on \ 
Windows.
- Change the encoding of log file from default text encoding to UTF-8.
- Log the resolved commit SHA when installing a package from a Git repository.
- Add a warning when passing an invalid requirement to ``pip uninstall``.
- Add new subcommand ``pip index`` used to interact with indexes, and implement
  ``pip index version`` to list available versions of a package.
- When pip is asked to uninstall a project without the dist-info/RECORD file
  it will no longer traceback with FileNotFoundError,
  but it will provide a better error message instead, such as::

      ERROR: Cannot uninstall foobar 0.1, RECORD file not found. You might be \ 
able to recover from this via: 'pip install --force-reinstall --no-deps \ 
foobar==0.1'.

  When dist-info/INSTALLER is present and contains some useful information, the \ 
info is included in the error message instead::

      ERROR: Cannot uninstall foobar 0.1, RECORD file not found. Hint: The \ 
package was installed by rpm.

- Add an additional level of verbosity. ``--verbose`` (and the shorthand ``-v``) now
  contains significantly less output, and users that need complete full \ 
debug-level output
  should pass it twice (``--verbose --verbose`` or ``-vv``).
- New resolver: The order of dependencies resolution has been tweaked to traverse
  the dependency graph in a more breadth-first approach.
- Make "yes" the default choice in ``pip uninstall``'s prompt.
- Add a special error message when users forget the ``-r`` flag when installing.
- New resolver: A distribution's ``Requires-Python`` metadata is now checked
  before its Python dependencies. This makes the resolver fail quicker when
  there's an interpreter version conflict.
- Suppress "not on PATH" warning when ``--prefix`` is given.
- Include ``rustc`` version in pip's ``User-Agent``, when the system has ``rustc``.

Bug Fixes
---------

- Update vendored six to 1.16.0 and urllib3 to 1.26.5
- Correctly allow PEP 517 projects to be detected without warnings in ``pip freeze``.
- Strip leading slash from a ``file://`` URL built from an path with the Windows
  drive notation. This fixes bugs where the ``file://`` URL cannot be correctly
  used as requirement, constraint, or index URLs on Windows.
- New resolver: URL comparison logic now treats ``file://localhost/`` and
  ``file:///`` as equivalent to conform to RFC 8089.
- Prefer credentials from the URL over the previously-obtained credentials from \ 
URLs of the same domain, so it is possible to use different credentials on the \ 
same index server for different ``--extra-index-url`` options.
- Fix extraction of files with utf-8 encoded paths from tars.
- Skip distutils configuration parsing on encoding errors.
- New resolver: Detect an unnamed requirement is user-specified (by building its
  metadata for the project name) so it can be correctly ordered in the resolver.
- Fix :ref:`pip freeze` to output packages :ref:`installed from git <vcs \ 
support>`
  in the correct ``git+protocol://git.example.com/MyProject#egg=MyProject`` format
  rather than the old and no longer supported ``git+git@`` format.
- Fix warnings about install scheme selection for Python framework builds
  distributed by Apple's Command Line Tools.
- Relax interpreter detection to quelch a location mismatch warning where PyPy
  is deliberately breaking backwards compatibility.

Vendored Libraries
------------------

- Upgrade certifi to 2021.05.30.
- Upgrade idna to 3.2.
- Upgrade packaging to 21.0
- Upgrade requests to 2.26.0.
- Upgrade resolvelib to 0.7.1.
- Upgrade urllib3 to 1.26.6.

21.1.3 (2021-06-26)
===================

Bug Fixes
---------

- Remove unused optional ``tornado`` import in vendored ``tenacity`` to prevent \ 
old versions of Tornado from breaking pip.
- Require ``setup.cfg``-only projects to be built via PEP 517, by requiring an \ 
explicit dependency on setuptools declared in pyproject.toml.

21.1.2 (2021-05-23)
===================

Bug Fixes
---------

- New resolver: Correctly exclude an already installed package if its version is
  known to be incompatible to stop the dependency resolution process with a clear
  error message.
- Allow ZIP to archive files with timestamps earlier than 1980.
- Emit clearer error message when a project root does not contain either
  ``pyproject.toml``, ``setup.py`` or ``setup.cfg``.
- Fix detection of existing standalone pip instance for PEP 517 builds.

21.1.1 (2021-04-30)
===================

Deprecations and Removals
-------------------------

- Temporarily set the new "Value for ... does not match" location \ 
warnings level
  to *DEBUG*, to hide them from casual users. This prepares pip 21.1 for CPython
  inclusion, while pip maintainers digest the first intake of location mismatch
  issues for the ``distutils``-``sysconfig`` transition.

Bug Fixes
---------

- This change fixes a bug on Python <=3.6.1 with a Typing feature added in 3.6.2
- Fix compatibility between distutils and sysconfig when the project name is \ 
unknown outside of a virtual environment.
- Fix Python 3.6 compatibility when a PEP 517 build requirement itself needs to be
  built in an isolated environment.

21.1 (2021-04-24)
=================

Process
-------

- Start installation scheme migration from ``distutils`` to ``sysconfig``. A
  warning is implemented to detect differences between the two implementations to
  encourage user reports, so we can avoid breakages before they happen.

Features
--------

- Add the ability for the new resolver to process URL constraints.
- Add a feature ``--use-feature=in-tree-build`` to build local projects in-place
  when installing. This is expected to become the default behavior in pip 21.3;
  see `Installing from local packages \ 
<https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_
  for more information.
- Bring back the "(from versions: ...)" message, that was shown on \ 
resolution failures.
- Add support for editable installs for project with only setup.cfg files.
- Improve performance when picking the best file from indexes during ``pip install``.
- Warn instead of erroring out when doing a PEP 517 build in presence of
  ``--build-option``. Warn when doing a PEP 517 build in presence of
  ``--global-option``.

Bug Fixes
---------

- Fixed ``--target`` to work with ``--editable`` installs.
- Add a warning, discouraging the usage of pip as root, outside a virtual \ 
environment.
- Ignore ``.dist-info`` directories if the stem is not a valid Python distribution
  name, so they don't show up in e.g. ``pip freeze``.
- Only query the keyring for URLs that actually trigger error 401.
  This prevents an unnecessary keyring unlock prompt on every pip install
  invocation (even with default index URL which is not password protected).
- Prevent packages already-installed alongside with pip to be injected into an
  isolated build environment during build-time dependency population.
- Fix ``pip freeze`` permission denied error in order to display an \ 
understandable error message and offer solutions.
- Correctly uninstall script files (from setuptools' ``scripts`` argument), when \ 
installed with ``--user``.
- New resolver: When a requirement is requested both via a direct URL
  (``req @ URL``) and via version specifier with extras (``req[extra]``), the
  resolver will now be able to use the URL to correctly resolve the requirement
  with extras.
- New resolver: Show relevant entries from user-supplied constraint files in the
  error message to improve debuggability.
- Avoid parsing version to make the version check more robust against lousily
  debundled downstream distributions.
- ``--user`` is no longer suggested incorrectly when pip fails with a permission
  error in a virtual environment.
- Fix incorrect reporting on ``Requires-Python`` conflicts.
- Make wheel compatibility tag preferences more important than the build tag
- Fix pip to work with warnings converted to errors.
- **SECURITY**: Stop splitting on unicode separators in git references,
  which could be maliciously used to install a different revision on the
  repository.

Vendored Libraries
------------------

- Update urllib3 to 1.26.4 to fix CVE-2021-28363
- Remove contextlib2.
- Upgrade idna to 3.1
- Upgrade pep517 to 0.10.0
- Upgrade vendored resolvelib to 0.7.0.
- Upgrade tenacity to 7.0.0

Improved Documentation
----------------------

- Update "setuptools extras" link to match upstream.
- Improve SSL Certificate Verification docs and ``--cert`` help text.
- Add a section in the documentation to suggest solutions to the ``pip freeze`` \ 
permission denied issue.
- Add warning about ``--extra-index-url`` and dependency confusion
- Describe ``--upgrade-strategy`` and direct requirements explicitly; add a brief
  example.

21.0.1 (2021-01-30)
===================

Bug Fixes
---------

- commands: debug: Use packaging.version.parse to compare between versions.
- New resolver: Download and prepare a distribution only at the last possible
  moment to avoid unnecessary network access when the same version is already
  installed locally.

Vendored Libraries
------------------

- Upgrade packaging to 20.9

21.0 (2021-01-23)
=================

Deprecations and Removals
-------------------------

- Drop support for Python 2.
- Remove support for legacy wheel cache entries that were created with pip
  versions older than 20.0.
- Remove support for VCS pseudo URLs editable requirements. It was emitting
  deprecation warning since version 20.0.
- Modernise the codebase after Python 2.
- Drop support for Python 3.5.
- Remove the VCS export feature that was used only with editable VCS
  requirements and had correctness issues.

Features
--------

- Add ``--ignore-requires-python`` support to pip download.
- New resolver: Error message shown when a wheel contains inconsistent metadata
  is made more helpful by including both values from the file name and internal
  metadata.

Bug Fixes
---------

- Fix a regression that made ``pip wheel`` do a VCS export instead of a VCS clone
  for editable requirements. This broke VCS requirements that need the VCS
  information to build correctly.
- Fix ``pip download`` of editable VCS requirements that need VCS information
  to build correctly.

Vendored Libraries
------------------

- Upgrade msgpack to 1.0.2.
- Upgrade requests to 2.25.1.

Improved Documentation
----------------------

- Render the unreleased pip version change notes on the news page in docs.
- Fix broken email link in docs feedback banners.

20.3.4 (2021-01-23)
===================

Features
--------

- ``pip wheel`` now verifies the built wheel contains valid metadata, and can be
  installed by a subsequent ``pip install``. This can be disabled with
  ``--no-verify``.
- Improve presentation of XMLRPC errors in pip search.

Bug Fixes
---------

- Fixed hanging VCS subprocess calls when the VCS outputs a large amount of data
  on stderr. Restored logging of VCS errors that was inadvertently removed in pip
  20.2.
- Fix error when an existing incompatibility is unable to be applied to a \ 
backtracked state.
- New resolver: Discard a faulty distribution, instead of quitting outright.
  This implementation is taken from 20.2.2, with a fix that always makes the
  resolver iterate through candidates from indexes lazily, to avoid downloading
  candidates we do not need.
- New resolver: Discard a source distribution if it fails to generate metadata,
  instead of quitting outright. This implementation is taken from 20.2.2, with a
  fix that always makes the resolver iterate through candidates from indexes
  lazily, to avoid downloading candidates we do not need.

Vendored Libraries
------------------

- Upgrade resolvelib to 0.5.4.
   2021-10-26 12:20:11 by Nia Alarie | Files touched by this commit (3016)
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Could not be committed due to merge conflict:
devel/py-traitlets/distinfo

The following distfiles were unfetchable (note: some may be only fetched
conditionally):

./devel/pvs/distinfo pvs-3.2-solaris.tgz
./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
   2021-10-07 15:44:44 by Nia Alarie | Files touched by this commit (3017)
Log message:
devel: Remove SHA1 hashes for distfiles
   2020-12-18 10:03:43 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 20.3.3

20.3.3 (2020-12-15)
===================

Bug Fixes
---------
- Revert "Skip candidate not providing valid metadata", as that caused \ 
pip to be overeager about downloading from the package index.

20.3.2 (2020-12-15)
===================

Features
--------
- New resolver: Resolve direct and pinned (``==`` or ``===``) requirements first
  to improve resolver performance.
- Add a mechanism to delay resolving certain packages, and use it for setuptools.

Bug Fixes
---------
- New resolver: The "Requirement already satisfied" log is not printed \ 
only once
  for each package during resolution.
- Fix crash when logic for redacting authentication information from URLs
  in ``--help`` is given a list of strings, instead of a single string.
- New resolver: Correctly implement PEP 592. Do not return yanked versions from
  an index, unless the version range can only be satisfied by yanked candidates.
- New resolver: Make constraints also apply to package variants with extras, so
  the resolver correctly avoids backtracking on them.
- New resolver: Discard a candidate if it fails to provide metadata from source,
  or if the provided metadata is inconsistent, instead of quitting outright.

Vendored Libraries
------------------
- Update vendoring to 20.8

Improved Documentation
----------------------
- Update documentation to reflect that pip still uses legacy resolver by default \ 
in Python 2 environments.
   2020-12-04 15:17:03 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 20.3.1

20.3.1 (2020-12-03)
===================

Deprecations and Removals
-------------------------
- The --build-dir option has been restored as a no-op, to soften the transition
  for tools that still used it.

20.3 (2020-11-30)
=================

Deprecations and Removals
-------------------------
- Remove --unstable-feature flag as it has been deprecated.

Features
--------
- Add support for :pep:`600`: Future 'manylinux' Platform Tags for Portable \ 
Linux Built Distributions.
- The new resolver now resolves packages in a deterministic order.
- Add support for MacOS Big Sur compatibility tags.

Bug Fixes
---------
- New Resolver: Rework backtracking and state management, to avoid getting stuck \ 
in an infinite loop.
- New resolver: Check version equality with ``packaging.version`` to avoid edge
  cases if a wheel used different version normalization logic in its filename
  and metadata.
- New resolver: Show each requirement in the conflict error message only once to \ 
reduce cluttering.
- Fix a regression that made ``pip wheel`` generate zip files of editable
  requirements in the wheel directory.
- Fix ResourceWarning in VCS subprocesses
- Redact auth from URL in help message.
- New Resolver: editable installations are done, regardless of whether
  the already-installed distribution is editable.

Vendored Libraries
------------------
- Upgrade certifi to 2020.11.8
- Upgrade colorama to 0.4.4
- Upgrade packaging to 20.7
- Upgrade pep517 to 0.9.1
- Upgrade requests to 2.25.0
- Upgrade resolvelib to 0.5.3
- Upgrade toml to 0.10.2
- Upgrade urllib3 to 1.26.2

Improved Documentation
----------------------
- Add a section to the User Guide to cover backtracking during dependency resolution.
- Reorder and revise installation instructions to make them easier to follow.
   2020-11-04 11:23:45 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-pip: updated to 20.2.4

20.2.4 (2020-10-16)
===================

Deprecations and Removals
-------------------------
- Document that certain removals can be fast tracked.
- Document that Python versions are generally supported until PyPI usage falls \ 
below 5%.

Features
--------
- New resolver: Avoid accessing indexes when the installed candidate is preferred
  and considered good enough.
- Improve error message friendliness when an environment has packages with
  corrupted metadata.
- Cache package listings on index packages so they are guarenteed to stay stable
  during a pip command session. This also improves performance when a index page
  is accessed multiple times during the command session.
- New resolver: Tweak resolution logic to improve user experience when
  user-supplied requirements conflict.

Bug Fixes
---------
- New resolver: Correctly respect ``Requires-Python`` metadata to reject
  incompatible packages in ``--no-deps`` mode.
- New resolver: Pick up hash declarations in constraints files and use them to
  filter available distributions.
- New resolver: If a package appears multiple times in user specification with
  different ``--hash`` options, only hashes that present in all specifications
  should be allowed.

Improved Documentation
----------------------
- Add ux documentation
   2020-09-09 09:26:48 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 20.2.3

20.2.3:

Deprecations and Removals
-------------------------
- Deprecate support for Python 3.5

Features
--------
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
  when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
  situations where both fails are most probably irrelevant to this deprecation.
   2020-08-26 13:50:46 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-pip: updated to 20.2.2

20.2.2

Bug Fixes
- Only attempt to use the keyring once and if it fails, don't try again.
  This prevents spamming users with several keyring unlock prompts when they
  cannot unlock or don't want to do so.
- Fix regression that distributions in system site-packages are not correctly
  found when a virtual environment is configured with ``system-site-packages``
  on.
- Disable caching for range requests, which causes corrupted wheels
  when pip tries to obtain metadata using the feature ``fast-deps``.
- Always use UTF-8 to read ``pyvenv.cfg`` to match the built-in ``venv``.
- 2020 Resolver: Correctly handle marker evaluation in constraints and exclude
  them if their markers do not match the current environment.

Next | Query returned 86 messages, browsing 31 to 40 | Previous