Changelog
### 3.4.7
```
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1k.
.. _v3-4-6:
```
### 3.4.6
```
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1j.
.. _v3-4-5:
```
### 3.4.5
```
~~~~~~~~~~~~~~~~~~
* Various improvements to type hints.
* Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change
improves compatibility with system-provided Rust on several Linux
distributions.
* ``cryptography`` will be switching to a new versioning scheme with its next
feature release. More information is available in our
:doc:`/api-stability` documentation.
.. _v3-4-4:
```
### 3.4.4
```
~~~~~~~~~~~~~~~~~~
* Added a ``py.typed`` file so that ``mypy`` will know to use our type
annotations.
* Fixed an import cycle that could be triggered by certain import sequences.
.. _v3-4-3:
```
### 3.4.3
```
~~~~~~~~~~~~~~~~~~
* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
on older versions will get a clear error message.
.. _v3-4-2:
```
### 3.4.2
```
~~~~~~~~~~~~~~~~~~
* Improvements to make the rust transition a bit easier. This includes some
better error messages and small dependency fixes. If you experience
installation problems **Be sure to update pip** first, then check the
:doc:`FAQ </faq>`.
.. _v3-4-1:
```
### 3.4.1
```
~~~~~~~~~~~~~~~~~~
* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
due to outdated ``pip`` or missing ``rustc``.
.. _v3-4:
```
### 3.4
```
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
themselves will need to have the Rust toolchain installed. Users who use an
officially produced wheel will not need to make any changes. The minimum
supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
APIs. Users can begin using them to type check their code with ``mypy``.
.. _v3-3-2:
```
### 3.3.2
```
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
when symmetrically encrypting very large payloads (>2GB) could result in an
integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:**
This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL
1.1.1j.
.. _v3-3-1:
```
Links
- PyPI: https://pypi.org/project/cryptography
- Changelog: https://pyup.io/changelogs/cryptography/
- Repo: https://github.com/pyca/cryptography
Changelog
### 21.1.1
```
===================
Deprecations and Removals
-------------------------
- Temporarily set the new "Value for ... does not match" location warnings level
to *DEBUG*, to hide them from casual users. This prepares pip 21.1 for CPython
inclusion, while pip maintainers digest the first intake of location mismatch
issues for the ``distutils``-``sysconfig`` trasition. (`9912 <https://github.com/pypa/pip/issues/9912>`_)
Bug Fixes
---------
- This change fixes a bug on Python <=3.6.1 with a Typing feature added in 3.6.2 (`9831 <https://github.com/pypa/pip/issues/9831>`_)
- Fix compatibility between distutils and sysconfig when the project name is unknown outside of a virtual environment. (`9838 <https://github.com/pypa/pip/issues/9838>`_)
- Fix Python 3.6 compatibility when a PEP 517 build requirement itself needs to be
built in an isolated environment. (`9878 <https://github.com/pypa/pip/issues/9878>`_)
```
### 21.1
```
=================
Process
-------
- Start installation scheme migration from ``distutils`` to ``sysconfig``. A
warning is implemented to detect differences between the two implementations to
encourage user reports, so we can avoid breakages before they happen.
Features
--------
- Add the ability for the new resolver to process URL constraints. (`8253 <https://github.com/pypa/pip/issues/8253>`_)
- Add a feature ``--use-feature=in-tree-build`` to build local projects in-place
when installing. This is expected to become the default behavior in pip 21.3;
see `Installing from local packages <https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_
for more information. (`9091 <https://github.com/pypa/pip/issues/9091>`_)
- Bring back the "(from versions: ...)" message, that was shown on resolution failures. (`9139 <https://github.com/pypa/pip/issues/9139>`_)
- Add support for editable installs for project with only setup.cfg files. (`9547 <https://github.com/pypa/pip/issues/9547>`_)
- Improve performance when picking the best file from indexes during ``pip install``. (`9748 <https://github.com/pypa/pip/issues/9748>`_)
- Warn instead of erroring out when doing a PEP 517 build in presence of
``--build-option``. Warn when doing a PEP 517 build in presence of
``--global-option``. (`9774 <https://github.com/pypa/pip/issues/9774>`_)
Bug Fixes
---------
- Fixed ``--target`` to work with ``--editable`` installs. (`4390 <https://github.com/pypa/pip/issues/4390>`_)
- Add a warning, discouraging the usage of pip as root, outside a virtual environment. (`6409 <https://github.com/pypa/pip/issues/6409>`_)
- Ignore ``.dist-info`` directories if the stem is not a valid Python distribution
name, so they don't show up in e.g. ``pip freeze``. (`7269 <https://github.com/pypa/pip/issues/7269>`_)
- Only query the keyring for URLs that actually trigger error 401.
This prevents an unnecessary keyring unlock prompt on every pip install
invocation (even with default index URL which is not password protected). (`8090 <https://github.com/pypa/pip/issues/8090>`_)
- Prevent packages already-installed alongside with pip to be injected into an
isolated build environment during build-time dependency population. (`8214 <https://github.com/pypa/pip/issues/8214>`_)
- Fix ``pip freeze`` permission denied error in order to display an understandable error message and offer solutions. (`8418 <https://github.com/pypa/pip/issues/8418>`_)
- Correctly uninstall script files (from setuptools' ``scripts`` argument), when installed with ``--user``. (`8733 <https://github.com/pypa/pip/issues/8733>`_)
- New resolver: When a requirement is requested both via a direct URL
(``req URL``) and via version specifier with extras (``req[extra]``), the
resolver will now be able to use the URL to correctly resolve the requirement
with extras. (`8785 <https://github.com/pypa/pip/issues/8785>`_)
- New resolver: Show relevant entries from user-supplied constraint files in the
error message to improve debuggability. (`9300 <https://github.com/pypa/pip/issues/9300>`_)
- Avoid parsing version to make the version check more robust against lousily
debundled downstream distributions. (`9348 <https://github.com/pypa/pip/issues/9348>`_)
- ``--user`` is no longer suggested incorrectly when pip fails with a permission
error in a virtual environment. (`9409 <https://github.com/pypa/pip/issues/9409>`_)
- Fix incorrect reporting on ``Requires-Python`` conflicts. (`9541 <https://github.com/pypa/pip/issues/9541>`_)
- Make wheel compatibility tag preferences more important than the build tag (`9565 <https://github.com/pypa/pip/issues/9565>`_)
- Fix pip to work with warnings converted to errors. (`9779 <https://github.com/pypa/pip/issues/9779>`_)
- **SECURITY**: Stop splitting on unicode separators in git references,
which could be maliciously used to install a different revision on the
repository. (`9827 <https://github.com/pypa/pip/issues/9827>`_)
Vendored Libraries
------------------
- Update urllib3 to 1.26.4 to fix CVE-2021-28363
- Remove contextlib2.
- Upgrade idna to 3.1
- Upgrade pep517 to 0.10.0
- Upgrade vendored resolvelib to 0.7.0.
- Upgrade tenacity to 7.0.0
Improved Documentation
----------------------
- Update "setuptools extras" link to match upstream. (`4822829F-6A45-4202-87BA-A80482DF6D4E <https://github.com/pypa/pip/issues/4822829F-6A45-4202-87BA-A80482DF6D4E>`_)
- Improve SSL Certificate Verification docs and ``--cert`` help text. (`6720 <https://github.com/pypa/pip/issues/6720>`_)
- Add a section in the documentation to suggest solutions to the ``pip freeze`` permission denied issue. (`8418 <https://github.com/pypa/pip/issues/8418>`_)
- Add warning about ``--extra-index-url`` and dependency confusion (`9647 <https://github.com/pypa/pip/issues/9647>`_)
- Describe ``--upgrade-strategy`` and direct requirements explicitly; add a brief
example. (`9692 <https://github.com/pypa/pip/issues/9692>`_)
```
### 21.0.1
```
===================
Bug Fixes
---------
- commands: debug: Use packaging.version.parse to compare between versions. (`9461 <https://github.com/pypa/pip/issues/9461>`_)
- New resolver: Download and prepare a distribution only at the last possible
moment to avoid unnecessary network access when the same version is already
installed locally. (`9516 <https://github.com/pypa/pip/issues/9516>`_)
Vendored Libraries
------------------
- Upgrade packaging to 20.9
```
### 21.0
```
=================
Deprecations and Removals
-------------------------
- Drop support for Python 2. (`6148 <https://github.com/pypa/pip/issues/6148>`_)
- Remove support for legacy wheel cache entries that were created with pip
versions older than 20.0. (`7502 <https://github.com/pypa/pip/issues/7502>`_)
- Remove support for VCS pseudo URLs editable requirements. It was emitting
deprecation warning since version 20.0. (`7554 <https://github.com/pypa/pip/issues/7554>`_)
- Modernise the codebase after Python 2. (`8802 <https://github.com/pypa/pip/issues/8802>`_)
- Drop support for Python 3.5. (`9189 <https://github.com/pypa/pip/issues/9189>`_)
- Remove the VCS export feature that was used only with editable VCS
requirements and had correctness issues. (`9338 <https://github.com/pypa/pip/issues/9338>`_)
Features
--------
- Add ``--ignore-requires-python`` support to pip download. (`1884 <https://github.com/pypa/pip/issues/1884>`_)
- New resolver: Error message shown when a wheel contains inconsistent metadata
is made more helpful by including both values from the file name and internal
metadata. (`9186 <https://github.com/pypa/pip/issues/9186>`_)
Bug Fixes
---------
- Fix a regression that made ``pip wheel`` do a VCS export instead of a VCS clone
for editable requirements. This broke VCS requirements that need the VCS
information to build correctly. (`9273 <https://github.com/pypa/pip/issues/9273>`_)
- Fix ``pip download`` of editable VCS requirements that need VCS information
to build correctly. (`9337 <https://github.com/pypa/pip/issues/9337>`_)
Vendored Libraries
------------------
- Upgrade msgpack to 1.0.2.
- Upgrade requests to 2.25.1.
Improved Documentation
----------------------
- Render the unreleased pip version change notes on the news page in docs. (`9172 <https://github.com/pypa/pip/issues/9172>`_)
- Fix broken email link in docs feedback banners. (`9343 <https://github.com/pypa/pip/issues/9343>`_)
```
### 20.3.4
```
===================
Features
--------
- ``pip wheel`` now verifies the built wheel contains valid metadata, and can be
installed by a subsequent ``pip install``. This can be disabled with
``--no-verify``. (`9206 <https://github.com/pypa/pip/issues/9206>`_)
- Improve presentation of XMLRPC errors in pip search. (`9315 <https://github.com/pypa/pip/issues/9315>`_)
Bug Fixes
---------
- Fixed hanging VCS subprocess calls when the VCS outputs a large amount of data
on stderr. Restored logging of VCS errors that was inadvertently removed in pip
20.2. (`8876 <https://github.com/pypa/pip/issues/8876>`_)
- Fix error when an existing incompatibility is unable to be applied to a backtracked state. (`9180 <https://github.com/pypa/pip/issues/9180>`_)
- New resolver: Discard a faulty distribution, instead of quitting outright.
This implementation is taken from 20.2.2, with a fix that always makes the
resolver iterate through candidates from indexes lazily, to avoid downloading
candidates we do not need. (`9203 <https://github.com/pypa/pip/issues/9203>`_)
- New resolver: Discard a source distribution if it fails to generate metadata,
instead of quitting outright. This implementation is taken from 20.2.2, with a
fix that always makes the resolver iterate through candidates from indexes
lazily, to avoid downloading candidates we do not need. (`9246 <https://github.com/pypa/pip/issues/9246>`_)
Vendored Libraries
------------------
- Upgrade resolvelib to 0.5.4.
```
### 20.3.3
```
===================
Bug Fixes
---------
- Revert "Skip candidate not providing valid metadata", as that caused pip to be overeager about downloading from the package index. (`9264 <https://github.com/pypa/pip/issues/9264>`_)
```
### 20.3.2
```
===================
Features
--------
- New resolver: Resolve direct and pinned (``==`` or ``===``) requirements first
to improve resolver performance. (`9185 <https://github.com/pypa/pip/issues/9185>`_)
- Add a mechanism to delay resolving certain packages, and use it for setuptools. (`9249 <https://github.com/pypa/pip/issues/9249>`_)
Bug Fixes
---------
- New resolver: The "Requirement already satisfied" log is not printed only once
for each package during resolution. (`9117 <https://github.com/pypa/pip/issues/9117>`_)
- Fix crash when logic for redacting authentication information from URLs
in ``--help`` is given a list of strings, instead of a single string. (`9191 <https://github.com/pypa/pip/issues/9191>`_)
- New resolver: Correctly implement PEP 592. Do not return yanked versions from
an index, unless the version range can only be satisfied by yanked candidates. (`9203 <https://github.com/pypa/pip/issues/9203>`_)
- New resolver: Make constraints also apply to package variants with extras, so
the resolver correctly avoids backtracking on them. (`9232 <https://github.com/pypa/pip/issues/9232>`_)
- New resolver: Discard a candidate if it fails to provide metadata from source,
or if the provided metadata is inconsistent, instead of quitting outright. (`9246 <https://github.com/pypa/pip/issues/9246>`_)
Vendored Libraries
------------------
- Update vendoring to 20.8
Improved Documentation
----------------------
- Update documentation to reflect that pip still uses legacy resolver by default in Python 2 environments. (`9269 <https://github.com/pypa/pip/issues/9269>`_)
```
### 20.3.1
```
===================
Deprecations and Removals
-------------------------
- The --build-dir option has been restored as a no-op, to soften the transition
for tools that still used it. (`9193 <https://github.com/pypa/pip/issues/9193>`_)
```
### 20.3
```
- Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `#8377 <https://github.com/pypa/pip/issues/8377>`_)
- Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_)
- Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_)
- Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_)
- Generate PEP 376 REQUESTED metadata for user supplied requirements installed
by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_)
- Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_)
- Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_)
- Allow the new resolver to obtain dependency information through wheels
lazily downloaded using HTTP range requests. To enable this feature,
invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_)
- Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_)
Bug Fixes
---------
- Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_)
- Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_)
- The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_)
- Correctly treat non-ASCII entry point declarations in wheels so they can be
installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_)
- Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_)
- Headers provided by wheels in .data directories are now correctly installed
into the user-provided locations, such as ``--prefix``, instead of the virtual
environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_)
Vendored Libraries
------------------
- Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
- Upgrade appdirs to 1.4.4
- Upgrade certifi to 2020.6.20
- Upgrade distlib to 0.3.1
- Upgrade html5lib to 1.1
- Upgrade idna to 2.10
- Upgrade packaging to 20.4
- Upgrade requests to 2.24.0
- Upgrade six to 1.15.0
- Upgrade toml to 0.10.1
- Upgrade urllib3 to 1.25.9
Improved Documentation
----------------------
- Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_)
- List of options supported in requirements file are extracted from source of truth,
instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_)
- Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_)
- replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`#8353 <https://github.com/pypa/pip/issues/8353>`_)
- Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_)
- Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_)
- Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_)
- Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_)
```
### 20.3b1
```
===================
Deprecations and Removals
-------------------------
- ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version.
To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_)
- Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_)
- Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_)
- Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_)
- Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_)
Features
--------
- Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_)
- Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_)
- Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_)
- Improve error message friendliness when an environment has packages with
corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_)
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_)
- Check the download directory for existing wheels to possibly avoid
fetching metadata when the ``fast-deps`` feature is used with
``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_)
- When installing a git URL that refers to a commit that is not available locally
after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_)
- Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_)
- Cache package listings on index packages so they are guarenteed to stay stable
during a pip command session. This also improves performance when a index page
is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_)
- New resolver: Tweak resolution logic to improve user experience when
user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_)
- Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_)
- Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_)
- Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_)
- Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_)
Bug Fixes
---------
- Propagate ``--extra-index-url`` from requirements file properly to session auth,
so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_)
- Allow specifying verbosity and quiet level via configuration files
and environment variables. Previously these options were treated as
boolean values when read from there while through CLI the level can be
specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_)
- Only converts Windows path to unicode on Python 2 to avoid regressions when a
POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_)
- List downloaded distributions before exiting ``pip download``
when using the new resolver to make the behavior the same as
that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_)
- New resolver: Pick up hash declarations in constraints files and use them to
filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_)
- Avoid polluting the destination directory by resolution artifacts
when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_)
- New resolver: If a package appears multiple times in user specification with
different ``--hash`` options, only hashes that present in all specifications
should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_)
- Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_)
- Correctly search for installed distributions in new resolver logic in order
to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_)
- Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file
with editable=True. Render it as a non-editable ``file://`` URL until modern
editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_)
Vendored Libraries
------------------
- Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed.
It is mandatory for ``pip debug`` command.
Improved Documentation
----------------------
- Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_)
- Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_)
- Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_)
- Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `#8848 <https://github.com/pypa/pip/issues/8848>`_)
- Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_)
- Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_)
- Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_)
```
Links
- PyPI: https://pypi.org/project/pip
- Changelog: https://pyup.io/changelogs/pip/
- Homepage: https://pip.pypa.io/
Update cryptography from 3.3.1 to 3.4.7.
Changelog
### 3.4.7 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with OpenSSL 1.1.1k. .. _v3-4-6: ``` ### 3.4.6 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with OpenSSL 1.1.1j. .. _v3-4-5: ``` ### 3.4.5 ``` ~~~~~~~~~~~~~~~~~~ * Various improvements to type hints. * Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change improves compatibility with system-provided Rust on several Linux distributions. * ``cryptography`` will be switching to a new versioning scheme with its next feature release. More information is available in our :doc:`/api-stability` documentation. .. _v3-4-4: ``` ### 3.4.4 ``` ~~~~~~~~~~~~~~~~~~ * Added a ``py.typed`` file so that ``mypy`` will know to use our type annotations. * Fixed an import cycle that could be triggered by certain import sequences. .. _v3-4-3: ``` ### 3.4.3 ``` ~~~~~~~~~~~~~~~~~~ * Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users on older versions will get a clear error message. .. _v3-4-2: ``` ### 3.4.2 ``` ~~~~~~~~~~~~~~~~~~ * Improvements to make the rust transition a bit easier. This includes some better error messages and small dependency fixes. If you experience installation problems **Be sure to update pip** first, then check the :doc:`FAQ </faq>`. .. _v3-4-1: ``` ### 3.4.1 ``` ~~~~~~~~~~~~~~~~~~ * Fixed a circular import issue. * Added additional debug output to assist users seeing installation errors due to outdated ``pip`` or missing ``rustc``. .. _v3-4: ``` ### 3.4 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed. * We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. * ``cryptography`` now incorporates Rust code. Users building ``cryptography`` themselves will need to have the Rust toolchain installed. Users who use an officially produced wheel will not need to make any changes. The minimum supported Rust version is 1.45.0. * ``cryptography`` now has :pep:`484` type hints on nearly all of of its public APIs. Users can begin using them to type check their code with ``mypy``. .. _v3-3-2: ``` ### 3.3.2 ``` ~~~~~~~~~~~~~~~~~~ * **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:** This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL 1.1.1j. .. _v3-3-1: ```Links
- PyPI: https://pypi.org/project/cryptography - Changelog: https://pyup.io/changelogs/cryptography/ - Repo: https://github.com/pyca/cryptographyUpdate Jinja2 from 2.10.3 to 2.11.3.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/jinja2 - Homepage: https://palletsprojects.com/p/jinja/Update PyYAML from 5.3.1 to 5.4.1.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
- PyPI: https://pypi.org/project/pyyaml - Homepage: https://pyyaml.org/Update pip from 20.2.4 to 21.1.1.
Changelog
### 21.1.1 ``` =================== Deprecations and Removals ------------------------- - Temporarily set the new "Value for ... does not match" location warnings level to *DEBUG*, to hide them from casual users. This prepares pip 21.1 for CPython inclusion, while pip maintainers digest the first intake of location mismatch issues for the ``distutils``-``sysconfig`` trasition. (`9912 <https://github.com/pypa/pip/issues/9912>`_) Bug Fixes --------- - This change fixes a bug on Python <=3.6.1 with a Typing feature added in 3.6.2 (`9831 <https://github.com/pypa/pip/issues/9831>`_) - Fix compatibility between distutils and sysconfig when the project name is unknown outside of a virtual environment. (`9838 <https://github.com/pypa/pip/issues/9838>`_) - Fix Python 3.6 compatibility when a PEP 517 build requirement itself needs to be built in an isolated environment. (`9878 <https://github.com/pypa/pip/issues/9878>`_) ``` ### 21.1 ``` ================= Process ------- - Start installation scheme migration from ``distutils`` to ``sysconfig``. A warning is implemented to detect differences between the two implementations to encourage user reports, so we can avoid breakages before they happen. Features -------- - Add the ability for the new resolver to process URL constraints. (`8253 <https://github.com/pypa/pip/issues/8253>`_) - Add a feature ``--use-feature=in-tree-build`` to build local projects in-place when installing. This is expected to become the default behavior in pip 21.3; see `Installing from local packages <https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_ for more information. (`9091 <https://github.com/pypa/pip/issues/9091>`_) - Bring back the "(from versions: ...)" message, that was shown on resolution failures. (`9139 <https://github.com/pypa/pip/issues/9139>`_) - Add support for editable installs for project with only setup.cfg files. (`9547 <https://github.com/pypa/pip/issues/9547>`_) - Improve performance when picking the best file from indexes during ``pip install``. (`9748 <https://github.com/pypa/pip/issues/9748>`_) - Warn instead of erroring out when doing a PEP 517 build in presence of ``--build-option``. Warn when doing a PEP 517 build in presence of ``--global-option``. (`9774 <https://github.com/pypa/pip/issues/9774>`_) Bug Fixes --------- - Fixed ``--target`` to work with ``--editable`` installs. (`4390 <https://github.com/pypa/pip/issues/4390>`_) - Add a warning, discouraging the usage of pip as root, outside a virtual environment. (`6409 <https://github.com/pypa/pip/issues/6409>`_) - Ignore ``.dist-info`` directories if the stem is not a valid Python distribution name, so they don't show up in e.g. ``pip freeze``. (`7269 <https://github.com/pypa/pip/issues/7269>`_) - Only query the keyring for URLs that actually trigger error 401. This prevents an unnecessary keyring unlock prompt on every pip install invocation (even with default index URL which is not password protected). (`8090 <https://github.com/pypa/pip/issues/8090>`_) - Prevent packages already-installed alongside with pip to be injected into an isolated build environment during build-time dependency population. (`8214 <https://github.com/pypa/pip/issues/8214>`_) - Fix ``pip freeze`` permission denied error in order to display an understandable error message and offer solutions. (`8418 <https://github.com/pypa/pip/issues/8418>`_) - Correctly uninstall script files (from setuptools' ``scripts`` argument), when installed with ``--user``. (`8733 <https://github.com/pypa/pip/issues/8733>`_) - New resolver: When a requirement is requested both via a direct URL (``req URL``) and via version specifier with extras (``req[extra]``), the resolver will now be able to use the URL to correctly resolve the requirement with extras. (`8785 <https://github.com/pypa/pip/issues/8785>`_) - New resolver: Show relevant entries from user-supplied constraint files in the error message to improve debuggability. (`9300 <https://github.com/pypa/pip/issues/9300>`_) - Avoid parsing version to make the version check more robust against lousily debundled downstream distributions. (`9348 <https://github.com/pypa/pip/issues/9348>`_) - ``--user`` is no longer suggested incorrectly when pip fails with a permission error in a virtual environment. (`9409 <https://github.com/pypa/pip/issues/9409>`_) - Fix incorrect reporting on ``Requires-Python`` conflicts. (`9541 <https://github.com/pypa/pip/issues/9541>`_) - Make wheel compatibility tag preferences more important than the build tag (`9565 <https://github.com/pypa/pip/issues/9565>`_) - Fix pip to work with warnings converted to errors. (`9779 <https://github.com/pypa/pip/issues/9779>`_) - **SECURITY**: Stop splitting on unicode separators in git references, which could be maliciously used to install a different revision on the repository. (`9827 <https://github.com/pypa/pip/issues/9827>`_) Vendored Libraries ------------------ - Update urllib3 to 1.26.4 to fix CVE-2021-28363 - Remove contextlib2. - Upgrade idna to 3.1 - Upgrade pep517 to 0.10.0 - Upgrade vendored resolvelib to 0.7.0. - Upgrade tenacity to 7.0.0 Improved Documentation ---------------------- - Update "setuptools extras" link to match upstream. (`4822829F-6A45-4202-87BA-A80482DF6D4E <https://github.com/pypa/pip/issues/4822829F-6A45-4202-87BA-A80482DF6D4E>`_) - Improve SSL Certificate Verification docs and ``--cert`` help text. (`6720 <https://github.com/pypa/pip/issues/6720>`_) - Add a section in the documentation to suggest solutions to the ``pip freeze`` permission denied issue. (`8418 <https://github.com/pypa/pip/issues/8418>`_) - Add warning about ``--extra-index-url`` and dependency confusion (`9647 <https://github.com/pypa/pip/issues/9647>`_) - Describe ``--upgrade-strategy`` and direct requirements explicitly; add a brief example. (`9692 <https://github.com/pypa/pip/issues/9692>`_) ``` ### 21.0.1 ``` =================== Bug Fixes --------- - commands: debug: Use packaging.version.parse to compare between versions. (`9461 <https://github.com/pypa/pip/issues/9461>`_) - New resolver: Download and prepare a distribution only at the last possible moment to avoid unnecessary network access when the same version is already installed locally. (`9516 <https://github.com/pypa/pip/issues/9516>`_) Vendored Libraries ------------------ - Upgrade packaging to 20.9 ``` ### 21.0 ``` ================= Deprecations and Removals ------------------------- - Drop support for Python 2. (`6148 <https://github.com/pypa/pip/issues/6148>`_) - Remove support for legacy wheel cache entries that were created with pip versions older than 20.0. (`7502 <https://github.com/pypa/pip/issues/7502>`_) - Remove support for VCS pseudo URLs editable requirements. It was emitting deprecation warning since version 20.0. (`7554 <https://github.com/pypa/pip/issues/7554>`_) - Modernise the codebase after Python 2. (`8802 <https://github.com/pypa/pip/issues/8802>`_) - Drop support for Python 3.5. (`9189 <https://github.com/pypa/pip/issues/9189>`_) - Remove the VCS export feature that was used only with editable VCS requirements and had correctness issues. (`9338 <https://github.com/pypa/pip/issues/9338>`_) Features -------- - Add ``--ignore-requires-python`` support to pip download. (`1884 <https://github.com/pypa/pip/issues/1884>`_) - New resolver: Error message shown when a wheel contains inconsistent metadata is made more helpful by including both values from the file name and internal metadata. (`9186 <https://github.com/pypa/pip/issues/9186>`_) Bug Fixes --------- - Fix a regression that made ``pip wheel`` do a VCS export instead of a VCS clone for editable requirements. This broke VCS requirements that need the VCS information to build correctly. (`9273 <https://github.com/pypa/pip/issues/9273>`_) - Fix ``pip download`` of editable VCS requirements that need VCS information to build correctly. (`9337 <https://github.com/pypa/pip/issues/9337>`_) Vendored Libraries ------------------ - Upgrade msgpack to 1.0.2. - Upgrade requests to 2.25.1. Improved Documentation ---------------------- - Render the unreleased pip version change notes on the news page in docs. (`9172 <https://github.com/pypa/pip/issues/9172>`_) - Fix broken email link in docs feedback banners. (`9343 <https://github.com/pypa/pip/issues/9343>`_) ``` ### 20.3.4 ``` =================== Features -------- - ``pip wheel`` now verifies the built wheel contains valid metadata, and can be installed by a subsequent ``pip install``. This can be disabled with ``--no-verify``. (`9206 <https://github.com/pypa/pip/issues/9206>`_) - Improve presentation of XMLRPC errors in pip search. (`9315 <https://github.com/pypa/pip/issues/9315>`_) Bug Fixes --------- - Fixed hanging VCS subprocess calls when the VCS outputs a large amount of data on stderr. Restored logging of VCS errors that was inadvertently removed in pip 20.2. (`8876 <https://github.com/pypa/pip/issues/8876>`_) - Fix error when an existing incompatibility is unable to be applied to a backtracked state. (`9180 <https://github.com/pypa/pip/issues/9180>`_) - New resolver: Discard a faulty distribution, instead of quitting outright. This implementation is taken from 20.2.2, with a fix that always makes the resolver iterate through candidates from indexes lazily, to avoid downloading candidates we do not need. (`9203 <https://github.com/pypa/pip/issues/9203>`_) - New resolver: Discard a source distribution if it fails to generate metadata, instead of quitting outright. This implementation is taken from 20.2.2, with a fix that always makes the resolver iterate through candidates from indexes lazily, to avoid downloading candidates we do not need. (`9246 <https://github.com/pypa/pip/issues/9246>`_) Vendored Libraries ------------------ - Upgrade resolvelib to 0.5.4. ``` ### 20.3.3 ``` =================== Bug Fixes --------- - Revert "Skip candidate not providing valid metadata", as that caused pip to be overeager about downloading from the package index. (`9264 <https://github.com/pypa/pip/issues/9264>`_) ``` ### 20.3.2 ``` =================== Features -------- - New resolver: Resolve direct and pinned (``==`` or ``===``) requirements first to improve resolver performance. (`9185 <https://github.com/pypa/pip/issues/9185>`_) - Add a mechanism to delay resolving certain packages, and use it for setuptools. (`9249 <https://github.com/pypa/pip/issues/9249>`_) Bug Fixes --------- - New resolver: The "Requirement already satisfied" log is not printed only once for each package during resolution. (`9117 <https://github.com/pypa/pip/issues/9117>`_) - Fix crash when logic for redacting authentication information from URLs in ``--help`` is given a list of strings, instead of a single string. (`9191 <https://github.com/pypa/pip/issues/9191>`_) - New resolver: Correctly implement PEP 592. Do not return yanked versions from an index, unless the version range can only be satisfied by yanked candidates. (`9203 <https://github.com/pypa/pip/issues/9203>`_) - New resolver: Make constraints also apply to package variants with extras, so the resolver correctly avoids backtracking on them. (`9232 <https://github.com/pypa/pip/issues/9232>`_) - New resolver: Discard a candidate if it fails to provide metadata from source, or if the provided metadata is inconsistent, instead of quitting outright. (`9246 <https://github.com/pypa/pip/issues/9246>`_) Vendored Libraries ------------------ - Update vendoring to 20.8 Improved Documentation ---------------------- - Update documentation to reflect that pip still uses legacy resolver by default in Python 2 environments. (`9269 <https://github.com/pypa/pip/issues/9269>`_) ``` ### 20.3.1 ``` =================== Deprecations and Removals ------------------------- - The --build-dir option has been restored as a no-op, to soften the transition for tools that still used it. (`9193 <https://github.com/pypa/pip/issues/9193>`_) ``` ### 20.3 ``` - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 <https://github.com/pypa/pip/issues/8546>`_, `#8377 <https://github.com/pypa/pip/issues/8377>`_) - Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 <https://github.com/pypa/pip/issues/6741>`_) - Warn if index pages have unexpected content-type (`6754 <https://github.com/pypa/pip/issues/6754>`_) - Allow specifying ``--prefer-binary`` option in a requirements file (`7693 <https://github.com/pypa/pip/issues/7693>`_) - Generate PEP 376 REQUESTED metadata for user supplied requirements installed by pip. (`7811 <https://github.com/pypa/pip/issues/7811>`_) - Warn if package url is a vcs or an archive url with invalid scheme (`8128 <https://github.com/pypa/pip/issues/8128>`_) - Parallelize network operations in ``pip list``. (`8504 <https://github.com/pypa/pip/issues/8504>`_) - Allow the new resolver to obtain dependency information through wheels lazily downloaded using HTTP range requests. To enable this feature, invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 <https://github.com/pypa/pip/issues/8588>`_) - Support ``--use-feature`` in requirements files (`8601 <https://github.com/pypa/pip/issues/8601>`_) Bug Fixes --------- - Use canonical package names while looking up already installed packages. (`5021 <https://github.com/pypa/pip/issues/5021>`_) - Fix normalizing path on Windows when installing package on another logical disk. (`7625 <https://github.com/pypa/pip/issues/7625>`_) - The VCS commands run by pip as subprocesses don't merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 <https://github.com/pypa/pip/issues/7968>`_) - Correctly treat non-ASCII entry point declarations in wheels so they can be installed on Windows. (`8342 <https://github.com/pypa/pip/issues/8342>`_) - Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 <https://github.com/pypa/pip/issues/8454>`_) - Headers provided by wheels in .data directories are now correctly installed into the user-provided locations, such as ``--prefix``, instead of the virtual environment pip is running in. (`8521 <https://github.com/pypa/pip/issues/8521>`_) Vendored Libraries ------------------ - Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3. - Upgrade appdirs to 1.4.4 - Upgrade certifi to 2020.6.20 - Upgrade distlib to 0.3.1 - Upgrade html5lib to 1.1 - Upgrade idna to 2.10 - Upgrade packaging to 20.4 - Upgrade requests to 2.24.0 - Upgrade six to 1.15.0 - Upgrade toml to 0.10.1 - Upgrade urllib3 to 1.25.9 Improved Documentation ---------------------- - Add ``--no-input`` option to pip docs (`7688 <https://github.com/pypa/pip/issues/7688>`_) - List of options supported in requirements file are extracted from source of truth, instead of being maintained manually. (`7908 <https://github.com/pypa/pip/issues/7908>`_) - Fix pip config docstring so that the subcommands render correctly in the docs (`8072 <https://github.com/pypa/pip/issues/8072>`_) - replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`#8353 <https://github.com/pypa/pip/issues/8353>`_) - Fix example for defining multiple values for options which support them (`8373 <https://github.com/pypa/pip/issues/8373>`_) - Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 <https://github.com/pypa/pip/issues/8459>`_) - Add feature flags to docs (`8512 <https://github.com/pypa/pip/issues/8512>`_) - Document how to install package extras from git branch and source distributions. (`8576 <https://github.com/pypa/pip/issues/8576>`_) ``` ### 20.3b1 ``` =================== Deprecations and Removals ------------------------- - ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version. To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Deprecate support for Python 3.5 (`8181 <https://github.com/pypa/pip/issues/8181>`_) - Document that certain removals can be fast tracked. (`8417 <https://github.com/pypa/pip/issues/8417>`_) - Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 <https://github.com/pypa/pip/issues/8927>`_) - Deprecate ``--find-links`` option in ``pip freeze`` (`9069 <https://github.com/pypa/pip/issues/9069>`_) Features -------- - Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 <https://github.com/pypa/pip/issues/4256>`_) - Allow multiple values for --abi and --platform. (`6121 <https://github.com/pypa/pip/issues/6121>`_) - Add option ``--format`` to subcommand ``list`` of ``pip cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 <https://github.com/pypa/pip/issues/8355>`_) - Improve error message friendliness when an environment has packages with corrupted metadata. (`8676 <https://github.com/pypa/pip/issues/8676>`_) - Make the ``setup.py install`` deprecation warning less noisy. We warn only when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as situations where both fails are most probably irrelevant to this deprecation. (`8752 <https://github.com/pypa/pip/issues/8752>`_) - Check the download directory for existing wheels to possibly avoid fetching metadata when the ``fast-deps`` feature is used with ``pip wheel`` and ``pip download``. (`8804 <https://github.com/pypa/pip/issues/8804>`_) - When installing a git URL that refers to a commit that is not available locally after git clone, attempt to fetch it from the remote. (`8815 <https://github.com/pypa/pip/issues/8815>`_) - Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 <https://github.com/pypa/pip/issues/8892>`_) - Cache package listings on index packages so they are guarenteed to stay stable during a pip command session. This also improves performance when a index page is accessed multiple times during the command session. (`8905 <https://github.com/pypa/pip/issues/8905>`_) - New resolver: Tweak resolution logic to improve user experience when user-supplied requirements conflict. (`8924 <https://github.com/pypa/pip/issues/8924>`_) - Support Python 3.9. (`8971 <https://github.com/pypa/pip/issues/8971>`_) - Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 <https://github.com/pypa/pip/issues/8975>`_) - Switch to the new dependency resolver by default. (`9019 <https://github.com/pypa/pip/issues/9019>`_) - Remove the ``--build-dir`` option, as per the deprecation. (`9049 <https://github.com/pypa/pip/issues/9049>`_) Bug Fixes --------- - Propagate ``--extra-index-url`` from requirements file properly to session auth, so that keyring auth will work as expected. (`8103 <https://github.com/pypa/pip/issues/8103>`_) - Allow specifying verbosity and quiet level via configuration files and environment variables. Previously these options were treated as boolean values when read from there while through CLI the level can be specified. (`8578 <https://github.com/pypa/pip/issues/8578>`_) - Only converts Windows path to unicode on Python 2 to avoid regressions when a POSIX environment does not configure the file system encoding correctly. (`8658 <https://github.com/pypa/pip/issues/8658>`_) - List downloaded distributions before exiting ``pip download`` when using the new resolver to make the behavior the same as that on the legacy resolver. (`8696 <https://github.com/pypa/pip/issues/8696>`_) - New resolver: Pick up hash declarations in constraints files and use them to filter available distributions. (`8792 <https://github.com/pypa/pip/issues/8792>`_) - Avoid polluting the destination directory by resolution artifacts when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 <https://github.com/pypa/pip/issues/8827>`_) - New resolver: If a package appears multiple times in user specification with different ``--hash`` options, only hashes that present in all specifications should be allowed. (`8839 <https://github.com/pypa/pip/issues/8839>`_) - Tweak the output during dependency resolution in the new resolver. (`8861 <https://github.com/pypa/pip/issues/8861>`_) - Correctly search for installed distributions in new resolver logic in order to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 <https://github.com/pypa/pip/issues/8963>`_) - Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file with editable=True. Render it as a non-editable ``file://`` URL until modern editable installs are standardized and supported. (`8996 <https://github.com/pypa/pip/issues/8996>`_) Vendored Libraries ------------------ - Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed. It is mandatory for ``pip debug`` command. Improved Documentation ---------------------- - Add documentation for '.netrc' support. (`7231 <https://github.com/pypa/pip/issues/7231>`_) - Add OS tabs for OS-specific commands. (`7311 <https://github.com/pypa/pip/issues/7311>`_) - Add note and example on keyring support for index basic-auth (`8636 <https://github.com/pypa/pip/issues/8636>`_) - Added initial UX feedback widgets to docs. (`8783 <https://github.com/pypa/pip/issues/8783>`_, `#8848 <https://github.com/pypa/pip/issues/8848>`_) - Add ux documentation (`8807 <https://github.com/pypa/pip/issues/8807>`_) - Update user docs to reflect new resolver as default in 20.3. (`9044 <https://github.com/pypa/pip/issues/9044>`_) - Improve migration guide to reflect changes in new resolver behavior. (`9056 <https://github.com/pypa/pip/issues/9056>`_) ```Links
- PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/