Log Message:
py-pip: updated to 23.1

23.1 (2023-04-15)
=================

Deprecations and Removals
-------------------------
- Remove support for the deprecated ``--install-options``.
- ``--no-binary`` does not imply ``setup.py install`` anymore. Instead a wheel \ 
will be
  built locally and installed.
- ``--no-binary`` does not disable the cache of locally built wheels anymore. It only
  means "don't download wheels".
- Deprecate ``--build-option`` and ``--global-option``. Users are invited to \ 
switch to
  ``--config-settings``.
- Using ``--config-settings`` with projects that don't have a ``pyproject.toml`` \ 
now print
  a deprecation warning. In the future the presence of config settings will \ 
automatically
  enable the default build backend for legacy projects and pass the setttings to it.
- Remove ``setup.py install`` fallback when building a wheel failed for projects \ 
without
  ``pyproject.toml``.
- When the ``wheel`` package is not installed, pip now uses the default build backend
  instead of ``setup.py install`` for project without ``pyproject.toml``.

Features
--------
- Specify egg-link location in assertion message when it does not match \ 
installed location to provide better error message for debugging.
- Present conflict information during installation after each choice that is \ 
rejected (pass ``-vv`` to ``pip install`` to show it)
- Display dependency chain on each Collecting/Processing log line.
- Support a per-requirement ``--config-settings`` option in requirements files.
- The ``--config-settings``/``-C`` option now supports using the same key multiple
  times. When the same key is specified multiple times, all values are passed to
  the build backend as a list, as opposed to the previous behavior, where pip would
  only pass the last value if the same key was used multiple times.
- Add ``-C`` as a short version of the ``--config-settings`` option.
- Reduce the number of resolver rounds, since backjumping makes the resolver \ 
more efficient in finding solutions. This also makes pathological cases fail \ 
quicker.
- Warn if ``--hash`` is used on a line without requirement in a requirements file.
- Stop propagating CLI ``--config-settings`` to the build dependencies. They \ 
already did
  not propagate to requirements provided in requirement files. To pass the same \ 
config
  settings to several requirements, users should provide the requirements as CLI
  arguments.
- Support wheel cache when using ``--require-hashes``.
- Add ``--keyring-provider`` flag. See the Authentication page in the \ 
documentation for more info.
- In the case of virtual environments, configuration files are now also included \ 
from the base installation.

Bug Fixes
---------
- Fix grammar by changing "A new release of pip available:" to "A \ 
new release of pip is available:" in the notice used for indicating that.
- Normalize paths before checking if installed scripts are on PATH.
- Correct the way to decide if keyring is available.
- More consistent resolution backtracking by removing legacy hack related to \ 
setuptools resolution
- Include ``AUTHORS.txt`` in pip's wheels.
- The ``uninstall`` and ``install --force-reinstall`` commands no longer call
  ``normalize_path()`` repeatedly on the same paths. Instead, these results are
  cached for the duration of an uninstall operation, resulting in improved
  performance, particularly on Windows.
- Fix and improve the parsing of hashes embedded in URL fragments.
- When package A depends on package B provided as a direct URL dependency \ 
including a hash
  embedded in the link, the ``--require-hashes`` option did not warn when user \ 
supplied hashes
  were missing for package B.
- Correctly report ``requested_extras`` in the installation report when extras are
  specified for a local directory installation.
- When installing an archive from a direct URL or local file, populate
  ``download_info.info.hashes`` in the installation report, in addition to the legacy
  ``download_info.info.hash`` key.

Vendored Libraries
------------------
- Upgrade msgpack to 1.0.5
- Patch pkg_resources to remove dependency on ``jaraco.text``.
- Upgrade platformdirs to 3.2.0
- Upgrade pygments to 2.14.0
- Upgrade resolvelib to 1.0.1
- Upgrade rich to 13.3.3
- Upgrade setuptools to 67.6.1
- Upgrade tenacity to 8.2.2
- Upgrade typing_extensions to 4.5.0
- Upgrade urllib3 to 1.26.15

Improved Documentation
----------------------
- Cross-reference the ``--python`` flag from the ``--prefix`` flag,
  and mention limitations of ``--prefix`` regarding script installation.
- Add SECURITY.md to make the policy offical.
- Add username to Git over SSH example.
- Quote extras in the pip install docs to guard shells with default glob
  qualifiers, like zsh.
- Make it clear that requirements/constraints file can be a URL