Log message:
py-pip: updated to 23.3

23.3 (2023-10-15)
=================

Process
-------

- Added reference to `vulnerability reporting guidelines \ 
<https://www.python.org/dev/security/>`_ to pip's security policy.

Deprecations and Removals
-------------------------

- Drop a fallback to using SecureTransport on macOS. It was useful when pip \ 
detected OpenSSL older than 1.0.1, but the current pip does not support any \ 
Python version supporting such old OpenSSL versions.

Features
--------

- Improve extras resolution for multiple constraints on same base package.
- Improve use of datastructures to make candidate selection 1.6x faster
- Allow ``pip install --dry-run`` to use platform and ABI overriding options \ 
similar to ``--target``.
- Add ``is_yanked`` boolean entry to the installation report (``--report``) to \ 
indicate whether the requirement was yanked from the index, but was still \ 
selected by pip conform to PEP 592.

Bug Fixes
---------

- Ignore errors in temporary directory cleanup (show a warning instead).
- Normalize extras according to :pep:`685` from package metadata in the resolver
  for comparison. This ensures extras are correctly compared and merged as long
  as the package providing the extra(s) is built with values normalized according
  to the standard. Note, however, that this *does not* solve cases where the
  package itself contains unnormalized extra values in the metadata.
- Prevent downloading sdists twice when PEP 658 metadata is present.
- Include all requested extras in the install report (``--report``).
- Removed uses of ``datetime.datetime.utcnow`` from non-vendored code.
- Consistently report whether a dependency comes from an extra.
- Fix completion script for zsh
- Fix improper handling of the new onexc argument of ``shutil.rmtree()`` in \ 
Python 3.12.
- Filter out yanked links from the available versions error message: "(from \ 
versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. \ 
The yanked versions (if any) will be mentioned in a separate error message.
- Fix crash when the git version number contains something else than digits and dots.
- Use ``-r=...`` instead of ``-r ...`` to specify references with Mercurial.
- Redact password from URLs in some additional places.
- pip uses less memory when caching large packages. As a result, there is a new \ 
on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2).

Vendored Libraries
------------------

- Upgrade certifi to 2023.7.22
- Add truststore 0.8.0
- Upgrade urllib3 to 1.26.17

Improved Documentation
----------------------

- Document that ``pip search`` support has been removed from PyPI
- Clarify --prefer-binary in CLI and docs
- Document that using OS-provided Python can cause pip's test suite to report \ 
false failures.

Log message:
py-pip: updated to 23.2.1

23.2.1 (2023-07-22)

Bug Fixes
- Disable PEP 658 metadata fetching with the legacy resolver.

Log message:
py-pip: updated to 23.2

23.2 (2023-07-15)
=================

Process
-------

- Deprecate support for eggs for Python 3.11 or later, when the new \ 
``importlib.metadata`` backend is used to load distribution metadata. This only \ 
affects the egg *distribution format* (with the ``.egg`` extension); \ 
distributions using the ``.egg-info`` *metadata format* (but are not actually \ 
eggs) are not affected. For more information about eggs, see `relevant section \ 
in the setuptools documentation \ 
<https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html>`__.

Deprecations and Removals
-------------------------

- Deprecate legacy version and version specifiers that don't conform to `PEP 440
  <https://peps.python.org/pep-0440/>`_
- ``freeze`` no longer excludes the ``setuptools``, ``distribute``, and ``wheel``
  from the output when running on Python 3.12 or later, where they are not
  included in a virtual environment by default. Use ``--exclude`` if you wish to
  exclude any of these packages.

Features
--------

- make rejection messages slightly different between 1 and 8, so the user can \ 
make the difference.

Bug Fixes
---------

- Fix ``pip completion --zsh``.
- Prevent downloading files twice when PEP 658 metadata is present
- Add permission check before configuration
- Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
- Ignore invalid or unreadable ``origin.json`` files in the cache of locally \ 
built wheels.
- Fix installation of packages with PEP658 metadata using non-canonicalized names
- Correctly parse ``dist-info-metadata`` values from JSON-format index data.
- Fail with an error if the ``--python`` option is specified after the \ 
subcommand name.
- Fix slowness when using ``importlib.metadata`` (the default way for pip to \ 
read metadata in Python 3.11+) and there is a large overlap between already \ 
installed and to-be-installed packages.
- Pass the ``-r`` flag to mercurial to be explicit that a revision is passed and \ 
protect
  against ``hg`` options injection as part of VCS URLs. Users that do not have \ 
control on
  VCS URLs passed to pip are advised to upgrade.

Vendored Libraries
------------------

- Upgrade certifi to 2023.5.7
- Upgrade platformdirs to 3.8.1
- Upgrade pygments to 2.15.1
- Upgrade pyparsing to 3.1.0
- Upgrade Requests to 2.31.0
- Upgrade rich to 13.4.2
- Upgrade setuptools to 68.0.0
- Updated typing_extensions to 4.6.0
- Upgrade typing_extensions to 4.7.1
- Upgrade urllib3 to 1.26.16

Log message:
py-pip: Allow `pip install --executable=/path' to set #! in scripts.

Log message:
py-pip: updated to 23.1.2

23.1.2 (2023-04-26)
===================

Vendored Libraries
------------------
- Upgrade setuptools to 67.7.2

Log message:
py-pip: updated to 23.1.1

23.1.1 (2023-04-22)
===================

Bug Fixes
---------
- Revert <https://github.com/pypa/pip/pull/11487>, as it causes issues \ 
with virtualenvs created by the Windows Store distribution of Python.

Vendored Libraries
------------------
- Revert pkg_resources (via setuptools) back to 65.6.3

Improved Documentation
----------------------
- Update documentation to reflect the new behavior of using the cache of locally
  built wheels in hash-checking mode.

Log message:
py-pip: updated to 23.1

23.1 (2023-04-15)
=================

Deprecations and Removals
-------------------------
- Remove support for the deprecated ``--install-options``.
- ``--no-binary`` does not imply ``setup.py install`` anymore. Instead a wheel \ 
will be
  built locally and installed.
- ``--no-binary`` does not disable the cache of locally built wheels anymore. It only
  means "don't download wheels".
- Deprecate ``--build-option`` and ``--global-option``. Users are invited to \ 
switch to
  ``--config-settings``.
- Using ``--config-settings`` with projects that don't have a ``pyproject.toml`` \ 
now print
  a deprecation warning. In the future the presence of config settings will \ 
automatically
  enable the default build backend for legacy projects and pass the setttings to it.
- Remove ``setup.py install`` fallback when building a wheel failed for projects \ 
without
  ``pyproject.toml``.
- When the ``wheel`` package is not installed, pip now uses the default build backend
  instead of ``setup.py install`` for project without ``pyproject.toml``.

Features
--------
- Specify egg-link location in assertion message when it does not match \ 
installed location to provide better error message for debugging.
- Present conflict information during installation after each choice that is \ 
rejected (pass ``-vv`` to ``pip install`` to show it)
- Display dependency chain on each Collecting/Processing log line.
- Support a per-requirement ``--config-settings`` option in requirements files.
- The ``--config-settings``/``-C`` option now supports using the same key multiple
  times. When the same key is specified multiple times, all values are passed to
  the build backend as a list, as opposed to the previous behavior, where pip would
  only pass the last value if the same key was used multiple times.
- Add ``-C`` as a short version of the ``--config-settings`` option.
- Reduce the number of resolver rounds, since backjumping makes the resolver \ 
more efficient in finding solutions. This also makes pathological cases fail \ 
quicker.
- Warn if ``--hash`` is used on a line without requirement in a requirements file.
- Stop propagating CLI ``--config-settings`` to the build dependencies. They \ 
already did
  not propagate to requirements provided in requirement files. To pass the same \ 
config
  settings to several requirements, users should provide the requirements as CLI
  arguments.
- Support wheel cache when using ``--require-hashes``.
- Add ``--keyring-provider`` flag. See the Authentication page in the \ 
documentation for more info.
- In the case of virtual environments, configuration files are now also included \ 
from the base installation.

Bug Fixes
---------
- Fix grammar by changing "A new release of pip available:" to "A \ 
new release of pip is available:" in the notice used for indicating that.
- Normalize paths before checking if installed scripts are on PATH.
- Correct the way to decide if keyring is available.
- More consistent resolution backtracking by removing legacy hack related to \ 
setuptools resolution
- Include ``AUTHORS.txt`` in pip's wheels.
- The ``uninstall`` and ``install --force-reinstall`` commands no longer call
  ``normalize_path()`` repeatedly on the same paths. Instead, these results are
  cached for the duration of an uninstall operation, resulting in improved
  performance, particularly on Windows.
- Fix and improve the parsing of hashes embedded in URL fragments.
- When package A depends on package B provided as a direct URL dependency \ 
including a hash
  embedded in the link, the ``--require-hashes`` option did not warn when user \ 
supplied hashes
  were missing for package B.
- Correctly report ``requested_extras`` in the installation report when extras are
  specified for a local directory installation.
- When installing an archive from a direct URL or local file, populate
  ``download_info.info.hashes`` in the installation report, in addition to the legacy
  ``download_info.info.hash`` key.

Vendored Libraries
------------------
- Upgrade msgpack to 1.0.5
- Patch pkg_resources to remove dependency on ``jaraco.text``.
- Upgrade platformdirs to 3.2.0
- Upgrade pygments to 2.14.0
- Upgrade resolvelib to 1.0.1
- Upgrade rich to 13.3.3
- Upgrade setuptools to 67.6.1
- Upgrade tenacity to 8.2.2
- Upgrade typing_extensions to 4.5.0
- Upgrade urllib3 to 1.26.15

Improved Documentation
----------------------
- Cross-reference the ``--python`` flag from the ``--prefix`` flag,
  and mention limitations of ``--prefix`` regarding script installation.
- Add SECURITY.md to make the policy offical.
- Add username to Git over SSH example.
- Quote extras in the pip install docs to guard shells with default glob
  qualifiers, like zsh.
- Make it clear that requirements/constraints file can be a URL

Log message:
*: use PYTHON_VERSION instead of _PYTHON_VERSION

Log message:
py-pip: adapt patch for upstream changes

sysconfig is not imported any longer.

Reported by Gaige B Paulsen in https://github.com/TritonDataCenter/pkgsrc/issues/357

Bump PKGREVISION.

Log message:
py-pip: updated to 23.0.1

23.0.1 (2023-02-17)
===================

Features
--------

- Ignore PIP_REQUIRE_VIRTUALENV for ``pip index``
- Implement ``--break-system-packages`` to permit installing packages into
  ``EXTERNALLY-MANAGED`` Python installations.

Bug Fixes
---------

- Improve handling of isolated build environments on platforms that
  customize the Python's installation schemes, such as Debian and
  Homebrew.
- Do not crash in presence of misformatted hash field in ``direct_url.json``.

23.0 (2023-01-30)
=================

Features
--------

- Change the hashes in the installation report to be a mapping. Emit the
  ``archive_info.hashes`` dictionary in ``direct_url.json``.
- Implement logic to read the ``EXTERNALLY-MANAGED`` file as specified in PEP 668.
  This allows a downstream Python distributor to prevent users from using pip to
  modify the externally managed environment.
- Enable the use of ``keyring`` found on ``PATH``. This allows ``keyring``
  installed using ``pipx`` to be used by ``pip``.
- The inspect and installation report formats are now declared stabled, and \ 
their version
  has been bumped from ``0`` to ``1``.

Bug Fixes
---------

- Wheel cache behavior is restored to match previous versions, allowing the
  cache to find existing entries.
- Use the "venv" scheme if available to obtain prefixed lib paths.
- Deprecated a historical ambiguity in how ``egg`` fragments in URL-style
  requirements are formatted and handled. ``egg`` fragments that do not look
  like PEP 508 names now produce a deprecation warning.
- Fix scripts path in isolated build environment on Debian.
- Make ``pip show`` show the editable location if package is editable
- Stop checking that ``wheel`` is present when ``build-system.requires``
  is provided without ``build-system.build-backend`` as ``setuptools``
  (which we still check for) will inject it anyway.
- Fix an issue when an already existing in-memory distribution would cause
  exceptions in ``pip install``

Vendored Libraries
------------------

- Upgrade certifi to 2022.12.7
- Upgrade chardet to 5.1.0
- Upgrade colorama to 0.4.6
- Upgrade distro to 1.8.0
- Remove pep517 from vendored packages
- Upgrade platformdirs to 2.6.2
- Add pyproject-hooks 1.0.0
- Upgrade requests to 2.28.2
- Upgrade rich to 12.6.0
- Upgrade urllib3 to 1.26.14

Improved Documentation
----------------------

- Fixed the description of the option "--install-options" in the \ 
documentation
- Remove mention that editable installs are necessary for pip freeze to report \ 
the VCS
  URL.
- Clarify that the egg URL fragment is only necessary for editable VCS installs, and
  otherwise not necessary anymore.