Log message:
py-pip: updated to 23.1

23.1 (2023-04-15)
=================

Deprecations and Removals
-------------------------
- Remove support for the deprecated ``--install-options``.
- ``--no-binary`` does not imply ``setup.py install`` anymore. Instead a wheel \ 
will be
  built locally and installed.
- ``--no-binary`` does not disable the cache of locally built wheels anymore. It only
  means "don't download wheels".
- Deprecate ``--build-option`` and ``--global-option``. Users are invited to \ 
switch to
  ``--config-settings``.
- Using ``--config-settings`` with projects that don't have a ``pyproject.toml`` \ 
now print
  a deprecation warning. In the future the presence of config settings will \ 
automatically
  enable the default build backend for legacy projects and pass the setttings to it.
- Remove ``setup.py install`` fallback when building a wheel failed for projects \ 
without
  ``pyproject.toml``.
- When the ``wheel`` package is not installed, pip now uses the default build backend
  instead of ``setup.py install`` for project without ``pyproject.toml``.

Features
--------
- Specify egg-link location in assertion message when it does not match \ 
installed location to provide better error message for debugging.
- Present conflict information during installation after each choice that is \ 
rejected (pass ``-vv`` to ``pip install`` to show it)
- Display dependency chain on each Collecting/Processing log line.
- Support a per-requirement ``--config-settings`` option in requirements files.
- The ``--config-settings``/``-C`` option now supports using the same key multiple
  times. When the same key is specified multiple times, all values are passed to
  the build backend as a list, as opposed to the previous behavior, where pip would
  only pass the last value if the same key was used multiple times.
- Add ``-C`` as a short version of the ``--config-settings`` option.
- Reduce the number of resolver rounds, since backjumping makes the resolver \ 
more efficient in finding solutions. This also makes pathological cases fail \ 
quicker.
- Warn if ``--hash`` is used on a line without requirement in a requirements file.
- Stop propagating CLI ``--config-settings`` to the build dependencies. They \ 
already did
  not propagate to requirements provided in requirement files. To pass the same \ 
config
  settings to several requirements, users should provide the requirements as CLI
  arguments.
- Support wheel cache when using ``--require-hashes``.
- Add ``--keyring-provider`` flag. See the Authentication page in the \ 
documentation for more info.
- In the case of virtual environments, configuration files are now also included \ 
from the base installation.

Bug Fixes
---------
- Fix grammar by changing "A new release of pip available:" to "A \ 
new release of pip is available:" in the notice used for indicating that.
- Normalize paths before checking if installed scripts are on PATH.
- Correct the way to decide if keyring is available.
- More consistent resolution backtracking by removing legacy hack related to \ 
setuptools resolution
- Include ``AUTHORS.txt`` in pip's wheels.
- The ``uninstall`` and ``install --force-reinstall`` commands no longer call
  ``normalize_path()`` repeatedly on the same paths. Instead, these results are
  cached for the duration of an uninstall operation, resulting in improved
  performance, particularly on Windows.
- Fix and improve the parsing of hashes embedded in URL fragments.
- When package A depends on package B provided as a direct URL dependency \ 
including a hash
  embedded in the link, the ``--require-hashes`` option did not warn when user \ 
supplied hashes
  were missing for package B.
- Correctly report ``requested_extras`` in the installation report when extras are
  specified for a local directory installation.
- When installing an archive from a direct URL or local file, populate
  ``download_info.info.hashes`` in the installation report, in addition to the legacy
  ``download_info.info.hash`` key.

Vendored Libraries
------------------
- Upgrade msgpack to 1.0.5
- Patch pkg_resources to remove dependency on ``jaraco.text``.
- Upgrade platformdirs to 3.2.0
- Upgrade pygments to 2.14.0
- Upgrade resolvelib to 1.0.1
- Upgrade rich to 13.3.3
- Upgrade setuptools to 67.6.1
- Upgrade tenacity to 8.2.2
- Upgrade typing_extensions to 4.5.0
- Upgrade urllib3 to 1.26.15

Improved Documentation
----------------------
- Cross-reference the ``--python`` flag from the ``--prefix`` flag,
  and mention limitations of ``--prefix`` regarding script installation.
- Add SECURITY.md to make the policy offical.
- Add username to Git over SSH example.
- Quote extras in the pip install docs to guard shells with default glob
  qualifiers, like zsh.
- Make it clear that requirements/constraints file can be a URL

Log message:
*: use PYTHON_VERSION instead of _PYTHON_VERSION

Log message:
py-pip: adapt patch for upstream changes

sysconfig is not imported any longer.

Reported by Gaige B Paulsen in https://github.com/TritonDataCenter/pkgsrc/issues/357

Bump PKGREVISION.

Log message:
py-pip: updated to 23.0.1

23.0.1 (2023-02-17)
===================

Features
--------

- Ignore PIP_REQUIRE_VIRTUALENV for ``pip index``
- Implement ``--break-system-packages`` to permit installing packages into
  ``EXTERNALLY-MANAGED`` Python installations.

Bug Fixes
---------

- Improve handling of isolated build environments on platforms that
  customize the Python's installation schemes, such as Debian and
  Homebrew.
- Do not crash in presence of misformatted hash field in ``direct_url.json``.

23.0 (2023-01-30)
=================

Features
--------

- Change the hashes in the installation report to be a mapping. Emit the
  ``archive_info.hashes`` dictionary in ``direct_url.json``.
- Implement logic to read the ``EXTERNALLY-MANAGED`` file as specified in PEP 668.
  This allows a downstream Python distributor to prevent users from using pip to
  modify the externally managed environment.
- Enable the use of ``keyring`` found on ``PATH``. This allows ``keyring``
  installed using ``pipx`` to be used by ``pip``.
- The inspect and installation report formats are now declared stabled, and \ 
their version
  has been bumped from ``0`` to ``1``.

Bug Fixes
---------

- Wheel cache behavior is restored to match previous versions, allowing the
  cache to find existing entries.
- Use the "venv" scheme if available to obtain prefixed lib paths.
- Deprecated a historical ambiguity in how ``egg`` fragments in URL-style
  requirements are formatted and handled. ``egg`` fragments that do not look
  like PEP 508 names now produce a deprecation warning.
- Fix scripts path in isolated build environment on Debian.
- Make ``pip show`` show the editable location if package is editable
- Stop checking that ``wheel`` is present when ``build-system.requires``
  is provided without ``build-system.build-backend`` as ``setuptools``
  (which we still check for) will inject it anyway.
- Fix an issue when an already existing in-memory distribution would cause
  exceptions in ``pip install``

Vendored Libraries
------------------

- Upgrade certifi to 2022.12.7
- Upgrade chardet to 5.1.0
- Upgrade colorama to 0.4.6
- Upgrade distro to 1.8.0
- Remove pep517 from vendored packages
- Upgrade platformdirs to 2.6.2
- Add pyproject-hooks 1.0.0
- Upgrade requests to 2.28.2
- Upgrade rich to 12.6.0
- Upgrade urllib3 to 1.26.14

Improved Documentation
----------------------

- Fixed the description of the option "--install-options" in the \ 
documentation
- Remove mention that editable installs are necessary for pip freeze to report \ 
the VCS
  URL.
- Clarify that the egg URL fragment is only necessary for editable VCS installs, and
  otherwise not necessary anymore.

Log message:
devel/py-pip: fix build problem with CHECK_PERMS is yes

There might be better way for python package, it works for me.

Log message:
py-pip: updated to 22.3.1

22.3.1 (2022-11-05)
===================

Bug Fixes
---------

- Fix entry point generation of ``pip.X``, ``pipX.Y``, and ``easy_install-X.Y``
  to correctly account for multi-digit Python version segments (e.g. the \ 
"11"
  part of 3.11).

Log message:
py-pip: updated to 22.3

22.3 (2022-10-15)
=================

Deprecations and Removals
-------------------------
- Deprecate ``--install-options`` which forces pip to use the deprecated ``install``
  command of ``setuptools``.
- Deprecate installation with 'setup.py install' when no-binary is enabled for
  source distributions without 'pyproject.toml'.
- Deprecate ```--no-binary`` disabling the wheel cache.
- Remove ``--use-feature=2020-resolver`` opt-in flag. This was supposed to be \ 
removed in 21.0, but missed during that release cycle.
- Deprecate installation with 'setup.py install' when the 'wheel' package is \ 
absent for
  source distributions without 'pyproject.toml'.
- Remove the ability to use ``pip list --outdated`` in combination with \ 
``--format=freeze``.

Features
--------
- Use ``shell=True`` for opening the editor with ``pip config edit``.
- Use the ``data-dist-info-metadata`` attribute from :pep:`658` to resolve \ 
distribution metadata without downloading the dist yet.
- Add an option to run the test suite with pip built as a zipapp.
- Add a ``--python`` option to allow pip to manage Python environments other
  than the one pip is installed in.
- Document the new (experimental) zipapp distribution of pip.
- Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree.

Bug Fixes
---------
- Fix ``--no-index`` when ``--index-url`` or ``--extra-index-url`` is specified
  inside a requirements file.
- Ensure that the candidate ``pip`` executable exists, when checking for a new \ 
version of pip.
- Ignore distributions with invalid ``Name`` in metadata instead of crashing, when
  using the ``importlib.metadata`` backend.
- Raise RequirementsFileParseError when parsing malformed requirements options \ 
that can't be sucessfully parsed by shlex.
- Fix build environment isolation on some system Pythons.

Vendored Libraries
------------------
- Upgrade certifi to 2022.9.24
- Upgrade distlib to 0.3.6
- Upgrade idna to 3.4
- Upgrade pep517 to 0.13.0
- Upgrade pygments to 2.13.0
- Upgrade tenacity to 8.1.0
- Upgrade typing_extensions to 4.4.0
- Upgrade urllib3 to 1.26.12

Improved Documentation
----------------------
- Mention that --quiet must be used when writing the installation report to stdout.

Log message:
py-pip: updated to 22.2.2

22.2.2 (2022-08-03)
===================

Bug Fixes
- Avoid  ``AttributeError`` when removing the setuptools-provided \ 
``_distutils_hack`` and it is missing its implementation.
- Fix import error when reinstalling pip in user site.
- Show pip deprecation warnings by default.

Log message:
py-pip: updated to 22.1.2

22.1.2 (2022-05-31)
===================

Bug Fixes
---------
- Revert <https://github.com/pypa/pip/issues/10979> since it introduced a \ 
regression in certain edge cases.
- Fix an incorrect assertion in the logging logic, that prevented the upgrade \ 
prompt from being presented.

22.1.1 (2022-05-20)
===================

Bug Fixes
---------
- Properly filter out optional dependencies (i.e. extras) when checking build \ 
environment distributions.
- Change the build environment dependency checking to be opt-in.
- Allow using a pre-release version to satisfy a build requirement. This helps
  manually populated build environments to more accurately detect build-time
  requirement conflicts.

22.1 (2022-05-11)
=================

Process
-------
- Enable the ``importlib.metadata`` metadata implementation by default on
  Python 3.11 (or later). The environment variable ``_PIP_USE_IMPORTLIB_METADATA``
  can still be used to enable the implementation on 3.10 and earlier, or disable
  it on 3.11 (by setting it to ``0`` or ``false``).

Bug Fixes
---------
- Revert <https://github.com/pypa/pip/issues/9243> since it introduced a \ 
regression in certain edge cases.
- Fix missing ``REQUESTED`` metadata when using URL constraints.
- ``pip config`` now normalizes names by converting underscores into dashes.

Log message:
py-pip: update to 22.0.4.

22.0.4 (2022-03-06)
===================

Deprecations and Removals
-------------------------

- Drop the doctype check, that presented a warning for index pages that use \ 
non-compliant HTML 5. (`#10903 \ 
<https://github.com/pypa/pip/issues/10903>`_)

Vendored Libraries
------------------

- Downgrade distlib to 0.3.3.

22.0.3 (2022-02-03)
===================

Features
--------

- Print the exception via ``rich.traceback``, when running with ``--debug``. \ 
(`#10791 <https://github.com/pypa/pip/issues/10791>`_)

Bug Fixes
---------

- Only calculate topological installation order, for packages that are going to \ 
be installed/upgraded.

  This fixes an `AssertionError` that occured when determining installation \ 
order, for a very specific combination of upgrading-already-installed-package + \ 
change of dependencies + fetching some packages from a package index. This \ 
combination was especially common in Read the Docs' builds. (`#10851 \ 
<https://github.com/pypa/pip/issues/10851>`_)
- Use ``html.parser`` by default, instead of falling back to ``html5lib`` when \ 
``--use-deprecated=html5lib`` is not passed. (`#10869 \ 
<https://github.com/pypa/pip/issues/10869>`_)

Improved Documentation
----------------------

- Clarify that using per-requirement overrides disables the usage of wheels. \ 
(`#9674 <https://github.com/pypa/pip/issues/9674>`_)

22.0.2 (2022-01-30)
===================

Deprecations and Removals
-------------------------

- Instead of failing on index pages that use non-compliant HTML 5, print a \ 
deprecation warning and fall back to ``html5lib``-based parsing for now. This \ 
simplifies the migration for non-compliant index pages, by letting such indexes \ 
function with a warning. (`#10847 \ 
<https://github.com/pypa/pip/issues/10847>`_)

22.0.1 (2022-01-30)
===================

Bug Fixes
---------

- Accept lowercase ``<!doctype html>`` on index pages. (`#10844 \ 
<https://github.com/pypa/pip/issues/10844>`_)
- Properly handle links parsed by html5lib, when using \ 
``--use-deprecated=html5lib``. (`#10846 \ 
<https://github.com/pypa/pip/issues/10846>`_)

22.0 (2022-01-29)
=================

Process
-------

- Completely replace :pypi:`tox` in our development workflow, with :pypi:`nox`.

Deprecations and Removals
-------------------------

- Deprecate alternative progress bar styles, leaving only ``on`` and ``off`` as \ 
available choices. (`#10462 <https://github.com/pypa/pip/issues/10462>`_)
- Drop support for Python 3.6. (`#10641 \ 
<https://github.com/pypa/pip/issues/10641>`_)
- Disable location mismatch warnings on Python versions prior to 3.10.

  These warnings were helping identify potential issues as part of the sysconfig \ 
-> distutils transition, and we no longer need to rely on reports from older \ 
Python versions for information on the transition. (`#10840 \ 
<https://github.com/pypa/pip/issues/10840>`_)

Features
--------

- Changed ``PackageFinder`` to parse HTML documents using the stdlib \ 
:class:`html.parser.HTMLParser` class instead of the ``html5lib`` package.

  For now, the deprecated ``html5lib`` code remains and can be used with the \ 
``--use-deprecated=html5lib`` command line option. However, it will be removed \ 
in a future pip release. (`#10291 \ 
<https://github.com/pypa/pip/issues/10291>`_)
- Utilise ``rich`` for presenting pip's default download progress bar. (`#10462 \ 
<https://github.com/pypa/pip/issues/10462>`_)
- Present a better error message when an invalid wheel file is encountered, \ 
providing more context where the invalid wheel file is. (`#10535 \ 
<https://github.com/pypa/pip/issues/10535>`_)
- Documents the ``--require-virtualenv`` flag for ``pip install``. (`#10588 \ 
<https://github.com/pypa/pip/issues/10588>`_)
- ``pip install <tab>`` autocompletes paths. (`#10646 \ 
<https://github.com/pypa/pip/issues/10646>`_)
- Allow Python distributors to opt-out from or opt-in to the ``sysconfig`` \ 
installation scheme backend by setting ``sysconfig._PIP_USE_SYSCONFIG`` to \ 
``True`` or ``False``. (`#10647 \ 
<https://github.com/pypa/pip/issues/10647>`_)
- Make it possible to deselect tests requiring cryptography package on systems \ 
where it cannot be installed. (`#10686 \ 
<https://github.com/pypa/pip/issues/10686>`_)
- Start using Rich for presenting error messages in a consistent format. \ 
(`#10703 <https://github.com/pypa/pip/issues/10703>`_)
- Improve presentation of errors from subprocesses. (`#10705 \ 
<https://github.com/pypa/pip/issues/10705>`_)
- Forward pip's verbosity configuration to VCS tools to control their output \ 
accordingly. (`#8819 <https://github.com/pypa/pip/issues/8819>`_)

Bug Fixes
---------

- Optimize installation order calculation to improve performance when installing \ 
requirements that form a complex dependency graph with a large amount of edges. \ 
(`#10557 <https://github.com/pypa/pip/issues/10557>`_)
- When a package is requested by the user for upgrade, correctly identify that \ 
the extra-ed variant of that same package depended by another user-requested \ 
package is requesting the same package, and upgrade it accordingly. (`#10613 \ 
<https://github.com/pypa/pip/issues/10613>`_)
- Prevent pip from installing yanked releases unless explicitly pinned via the \ 
``==`` or ``===`` operators. (`#10617 \ 
<https://github.com/pypa/pip/issues/10617>`_)
- Stop backtracking on build failures, by instead surfacing them to the user and \ 
aborting immediately. This behaviour provides more immediate feedback when a \ 
package cannot be built due to missing build dependencies or platform \ 
incompatibility. (`#10655 <https://github.com/pypa/pip/issues/10655>`_)
- Silence ``Value for <location> does not match`` warning caused by an \ 
erroneous patch in Slackware-distributed Python 3.9. (`#10668 \ 
<https://github.com/pypa/pip/issues/10668>`_)
- Fix an issue where pip did not consider dependencies with and without extras \ 
to be equal (`#9644 <https://github.com/pypa/pip/issues/9644>`_)

Vendored Libraries
------------------

- Upgrade CacheControl to 0.12.10
- Upgrade certifi to 2021.10.8
- Upgrade distlib to 0.3.4
- Upgrade idna to 3.3
- Upgrade msgpack to 1.0.3
- Upgrade packaging to 21.3
- Upgrade platformdirs to 2.4.1
- Add pygments 2.11.2 as a vendored dependency.
- Tree-trim unused portions of vendored pygments, to reduce the distribution size.
- Upgrade pyparsing to 3.0.7
- Upgrade Requests to 2.27.1
- Upgrade resolvelib to 0.8.1
- Add rich 11.0.0 as a vendored dependency.
- Tree-trim unused portions of vendored rich, to reduce the distribution size.
- Add typing_extensions 4.0.1 as a vendored dependency.
- Upgrade urllib3 to 1.26.8

21.3.1 (2021-10-22)
===================

Bug Fixes
---------

- Always refuse installing or building projects that have no ``pyproject.toml`` nor
  ``setup.py``. (`#10531 <https://github.com/pypa/pip/issues/10531>`_)
- Tweak running-as-root detection, to check ``os.getuid`` if it exists, on \ 
Unix-y and non-Linux/non-MacOS machines. (`#10565 \ 
<https://github.com/pypa/pip/issues/10565>`_)
- When installing projects with a ``pyproject.toml`` in editable mode, and the build
  backend does not support :pep:`660`, prepare metadata using
  ``prepare_metadata_for_build_wheel`` instead of ``setup.py egg_info``. Also, refuse
  installing projects that only have a ``setup.cfg`` and no ``setup.py`` nor
  ``pyproject.toml``. These restore the pre-21.3 behaviour. (`#10573 \ 
<https://github.com/pypa/pip/issues/10573>`_)
- Restore compatibility of where configuration files are loaded from on MacOS \ 
(back to ``Library/Application Support/pip``, instead of ``Preferences/pip``). \ 
(`#10585 <https://github.com/pypa/pip/issues/10585>`_)

Vendored Libraries
------------------

- Upgrade pep517 to 0.12.0