Switch to a dedicated CLI tool for vendoring dependencies.
Deprecations and Removals
Remove wheel tag calculation from pip and use packaging.tags. This should provide more tags ordered better than in prior releases. (#6908)
Deprecate setup.py-based builds that do not generate an .egg-info directory. (#6998)
The pip>=20 wheel cache is not retro-compatible with previous versions. Until pip 21.0, pip will continue to take advantage of existing legacy cache entries. (#7296)
Deprecate passing install-location-related options via --install-option. (#7309)
Use literal "abi3" for wheel tag on CPython 3.x, to align with PEP 384 which only defines it for this platform. (#7327)
Remove interpreter-specific major version tag e.g. cp3-none-any from consideration. This behavior was not documented strictly, and this tag in particular is not useful. Anyone with a use case can create an issue with pypa/packaging. (#7355)
Wheel processing no longer permits wheels containing more than one top-level .dist-info directory. (#7487)
Support for the git+git@ form of VCS requirement is being deprecated and will be removed in pip 21.0. Switch to git+https:// or git+ssh://. git+git:// also works but its use is discouraged as it is insecure. (#7543)
Features
Default to doing a user install (as if --user was passed) when the main site-packages directory is not writeable and user site-packages are enabled. (#1668)
Warn if a path in PATH starts with tilde during pip install. (#6414)
Cache wheels built from Git requirements that are considered immutable, because they point to a commit hash. (#6640)
Add option --no-python-version-warning to silence warnings related to deprecation of Python versions. (#6673)
Cache wheels that pip wheel built locally, matching what pip install does. This particularly helps performance in workflows where pip wheel is used for building before installing. Users desiring the original behavior can use pip wheel --no-cache-dir. (#6852)
Show only the filename (instead of full URL), when downloading from PyPI. (#7225)
Suggest a more robust command to upgrade pip itself to avoid confusion when the current pip command is not available as pip. (#7376)
Define all old pip console script entrypoints to prevent import issues in stale wrapper scripts. (#7498)
The build step of pip wheel now builds all wheels to a cache first, then copies them to the wheel directory all at once. Before, it built them to a temporary direcory and moved them to the wheel directory one by one. (#7517)
Expand ~ prefix to user directory in path options, configs, and environment variables. Values that may be either URL or path are not currently supported, to avoid ambiguity:
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in the `.dependabot/config.yml` file in this repo:
- Update frequency
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps pip from 19.3.1 to 20.0.
Changelog
Sourced from pip's changelog.
Commits
8ad871a
Bump for release6a41ea3
Update AUTHORS.txtbd02564
Vendoring Updates for Jan 2020 (#7618)7b2f0aa
Upgrade pkg_resources (via setuptools) to 44.0.01176591
Add the required NEWS fragments947fceb
Upgrade six to 1.14.0501e00c
Upgrade urllib3 to 1.25.7022f0e2
Upgrade certifi to 2019.11.287770dc2
Upgrade pyparsing to 2.4.69bce54e
Upgrade ipaddress to 1.0.23Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in the `.dependabot/config.yml` file in this repo: - Update frequency - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)