Subject: CVS commit: pkgsrc/devel/py-pip
From: Adam Ciarcinski
Date: 2020-06-01 18:27:17
Message id: 20200601162717.A8BD8FB27@cvs.NetBSD.org

Log Message:
py-pip: updated to 20.1.1

20.1.1
======

Deprecations and Removals
-------------------------
- Revert building of local directories in place, restoring the pre-20.1
  behaviour of copying to a temporary directory.
- Drop parallelization from ``pip list --outdated``.

Bug Fixes
---------
- Fix metadata permission issues when umask has the executable bit set.
- Avoid unnecessary message about the wheel package not being installed
  when a wheel would not have been built. Additionally, clarify the message.

20.1
====

Process
-------
- Document that pip 21.0 will drop support for Python 2.7.

Features
--------
- Add ``pip cache dir`` to show the cache directory.

Bug Fixes
---------
- Abort pip cache commands early when cache is disabled.
- Correctly set permissions on metadata files during wheel installation,
  to permit non-privileged users to read from system site-packages.

20.1b1
======

Deprecations and Removals
-------------------------
- Remove emails from AUTHORS.txt to prevent usage for spamming, and only \ 
populate names in AUTHORS.txt at time of release
- Remove deprecated ``--skip-requirements-regex`` option.
- Building of local directories is now done in place, instead of a temporary
  location containing a copy of the directory tree.
- Remove unused ``tests/scripts/test_all_pip.py`` test script and the \ 
``tests/scripts`` folder.

Features
--------
- pip now implements PEP 610, so ``pip freeze`` has better fidelity
  in presence of distributions installed from Direct URL requirements.
- Add ``pip cache`` command for inspecting/managing pip's wheel cache.
- Raise error if ``--user`` and ``--target`` are used together in ``pip install``
- Significantly improve performance when ``--find-links`` points to a very large \ 
HTML page.
- Indicate when wheel building is skipped, due to lack of the ``wheel`` package.
- Change default behaviour to always cache responses from trusted-host source.
- An alpha version of a new resolver is available via \ 
``--unstable-feature=resolver``.

Bug Fixes
---------
- Correctly freeze a VCS editable package when it is nested inside another VCS \ 
repository.
- Correctly handle ``%2F`` in URL parameters to avoid accidentally unescape them
  into ``/``.
- Reject VCS URLs with an empty revision.
- Warn when an invalid URL is passed with ``--index-url``
- Use better mechanism for handling temporary files, when recording metadata
  about installed files (RECORD) and the installer (INSTALLER).
- Correctly detect global site-packages availability of virtual environments
  created by PyPA’s virtualenv>=20.0.
- Remove current directory from ``sys.path`` when invoked as ``python -m pip \ 
<command>``
- Stop failing uninstallation, when trying to remove non-existent files.
- Prevent an infinite recursion with ``pip wheel`` when ``$TMPDIR`` is within \ 
the source directory.
- Significantly speedup ``pip list --outdated`` by parallelizing index interaction.
- Improve Windows compatibility when detecting writability in folder.

Vendored Libraries
------------------
- Update semi-supported debundling script to reflect that appdirs is vendored.
- Add ResolveLib as a vendored dependency.
- Upgrade certifi to 2020.04.05.1
- Upgrade contextlib2 to 0.6.0.post1
- Upgrade distro to 1.5.0.
- Upgrade idna to 2.9.
- Upgrade msgpack to 1.0.0.
- Upgrade packaging to 20.3.
- Upgrade pep517 to 0.8.2.
- Upgrade pyparsing to 2.4.7.
- Remove pytoml as a vendored dependency.
- Upgrade requests to 2.23.0.
- Add toml as a vendored dependency.
- Upgrade urllib3 to 1.25.8.

Improved Documentation
----------------------
- Emphasize that VCS URLs using git, git+git and git+http are insecure due to
  lack of authentication and encryption
- Clarify the usage of --no-binary command.
- Clarify the usage of freeze command in the example of Using pip in your program
- Add a "Copyright" page.
- Added example of defining multiple values for options which support them

20.0.2
======

Bug Fixes
---------
- Fix a regression in generation of compatibility tags.

Vendored Libraries
------------------
- Upgrade packaging to 20.1

20.0.1
======

Bug Fixes
---------
- Rename an internal module, to avoid ImportErrors due to improper uninstallation.

20.0
====

Process
-------
- Switch to a dedicated CLI tool for vendoring dependencies.

Deprecations and Removals
-------------------------
- Remove wheel tag calculation from pip and use ``packaging.tags``. This
  should provide more tags ordered better than in prior releases.
- Deprecate setup.py-based builds that do not generate an ``.egg-info`` directory.
- The pip>=20 wheel cache is not retro-compatible with previous versions. Until
  pip 21.0, pip will continue to take advantage of existing legacy cache
  entries.
- Deprecate undocumented ``--skip-requirements-regex`` option.
- Deprecate passing install-location-related options via ``--install-option``.
- Use literal "abi3" for wheel tag on CPython 3.x, to align with PEP 384
  which only defines it for this platform.
- Remove interpreter-specific major version tag e.g. ``cp3-none-any``
  from consideration. This behavior was not documented strictly, and this
  tag in particular is `not useful \ 
<https://snarky.ca/the-challenges-in-designing-a-library-for-pep-425/>`_.
  Anyone with a use case can create an issue with pypa/packaging.
- Wheel processing no longer permits wheels containing more than one top-level
  .dist-info directory.
- Support for the ``git+git@`` form of VCS requirement is being deprecated and
  will be removed in pip 21.0. Switch to ``git+https://`` or
  ``git+ssh://``. ``git+git://`` also works but its use is discouraged as it is
  insecure.

Features
--------
- Default to doing a user install (as if ``--user`` was passed) when the main
  site-packages directory is not writeable and user site-packages are enabled.
- Warn if a path in PATH starts with tilde during ``pip install``.
- Cache wheels built from Git requirements that are considered immutable,
  because they point to a commit hash.
- Add option ``--no-python-version-warning`` to silence warnings
  related to deprecation of Python versions.
- Cache wheels that ``pip wheel`` built locally, matching what
  ``pip install`` does. This particularly helps performance in workflows where
  ``pip wheel`` is used for `building before installing
  <https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_.
  Users desiring the original behavior can use ``pip wheel --no-cache-dir``.
- Display CA information in ``pip debug``.
- Show only the filename (instead of full URL), when downloading from PyPI.
- Suggest a more robust command to upgrade pip itself to avoid confusion when the
  current pip command is not available as ``pip``.
- Define all old pip console script entrypoints to prevent import issues in
  stale wrapper scripts.
- The build step of ``pip wheel`` now builds all wheels to a cache first,
  then copies them to the wheel directory all at once.
  Before, it built them to a temporary directory and moved
  them to the wheel directory one by one.
- Expand ``~`` prefix to user directory in path options, configs, and
  environment variables. Values that may be either URL or path are not
  currently supported, to avoid ambiguity:

  * ``--find-links``
  * ``--constraint``, ``-c``
  * ``--requirement``, ``-r``
  * ``--editable``, ``-e``

Bug Fixes
---------
- Correctly handle system site-packages, in virtual environments created with \ 
venv (PEP 405).
- Fix case sensitive comparison of pip freeze when used with -r option.
- Enforce PEP 508 requirement format in ``pyproject.toml``
  ``build-system.requires``.
- Make ``ensure_dir()`` also ignore ``ENOTEMPTY`` as seen on Windows.
- Fix building packages which specify ``backend-path`` in pyproject.toml.
- Do not attempt to run ``setup.py clean`` after a ``pep517`` build error,
  since a ``setup.py`` may not exist in that case.
- Fix passwords being visible in the index-url in
  "Downloading <url>" message.
- Change method from shutil.remove to shutil.rmtree in noxfile.py.
- Skip running tests which require subversion, when svn isn't installed
- Fix not sending client certificates when using ``--trusted-host``.
- Make sure ``pip wheel`` never outputs pure python wheels with a
  python implementation tag.
- Include ``subdirectory`` URL fragments in cache keys.
- Fix typo in warning message when any of ``--build-option``, ``--global-option``
  and ``--install-option`` is used in requirements.txt
- Fix the logging of cached HTTP response shown as downloading.
- Effectively disable the wheel cache when it is not writable, as is the
  case with the http cache.
- Correctly handle relative cache directory provided via --cache-dir.

Vendored Libraries
------------------
- Upgrade CacheControl to 0.12.5
- Upgrade certifi to 2019.9.11
- Upgrade colorama to 0.4.1
- Upgrade distlib to 0.2.9.post0
- Upgrade ipaddress to 1.0.22
- Update packaging to 20.0.
- Upgrade pkg_resources (via setuptools) to 44.0.0
- Upgrade pyparsing to 2.4.2
- Upgrade six to 1.12.0
- Upgrade urllib3 to 1.25.6

Improved Documentation
----------------------
- Document that "coding: utf-8" is supported in requirements.txt
- Explain how to get pip's source code in `Getting Started \ 
<https://pip.pypa.io/en/stable/development/getting-started/>`_
- Describe how basic authentication credentials in URLs work.
- Add more clear installation instructions
- Fix documentation links for index options
- Better document the requirements file format

Files:
RevisionActionfile
1.31modifypkgsrc/devel/py-pip/distinfo
1.25modifypkgsrc/devel/py-pip/PLIST
1.37modifypkgsrc/devel/py-pip/Makefile