search

containerbuildsystem / atomic-reactor

Simple python library for building docker images.
BSD 3-Clause "New" or "Revised" License
135 stars 61 forks source link

Bump pip from 23.0 to 24.2 #2101

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 3 months ago

Bumps pip from 23.0 to 24.2.

Changelog

Sourced from pip's changelog.

24.2 (2024-07-28)

Deprecations and Removals

  • Deprecate pip install --editable falling back to setup.py develop when using a setuptools version that does not support :pep:660 (setuptools v63 and older). ([#11457](https://github.com/pypa/pip/issues/11457) <https://github.com/pypa/pip/issues/11457>_)

Features

  • Check unsupported packages for the current platform. ([#11054](https://github.com/pypa/pip/issues/11054) <https://github.com/pypa/pip/issues/11054>_)

  • Use system certificates and certifi certificates to verify HTTPS connections on Python 3.10+. Python 3.9 and earlier only use certifi.

    To revert to previous behaviour, pass the flag --use-deprecated=legacy-certs. ([#11647](https://github.com/pypa/pip/issues/11647) <https://github.com/pypa/pip/issues/11647>_)

  • Improve discovery performance of installed packages when the importlib.metadata backend is used to load distribution metadata (used by default under Python 3.11+). ([#12656](https://github.com/pypa/pip/issues/12656) <https://github.com/pypa/pip/issues/12656>_)

  • Improve performance when the same requirement string appears many times during resolution, by consistently caching the parsed requirement string. ([#12663](https://github.com/pypa/pip/issues/12663) <https://github.com/pypa/pip/issues/12663>_)

  • Minor performance improvement of finding applicable package candidates by not repeatedly calculating their versions ([#12664](https://github.com/pypa/pip/issues/12664) <https://github.com/pypa/pip/issues/12664>_)

  • Disable pip's self version check when invoking a pip subprocess to install PEP 517 build requirements. ([#12683](https://github.com/pypa/pip/issues/12683) <https://github.com/pypa/pip/issues/12683>_)

  • Improve dependency resolution performance by caching platform compatibility tags during wheel cache lookup. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)

  • wheel is no longer explicitly listed as a build dependency of pip. setuptools injects this dependency in the get_requires_for_build_wheel() hook and no longer needs it on newer versions. ([#12728](https://github.com/pypa/pip/issues/12728) <https://github.com/pypa/pip/issues/12728>_)

  • Ignore --require-virtualenv for pip check and pip freeze ([#12842](https://github.com/pypa/pip/issues/12842) <https://github.com/pypa/pip/issues/12842>_)

  • Improve package download and install performance.

    Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB). This reduces the frequency of updates to pip's progress bar. ([#12810](https://github.com/pypa/pip/issues/12810) <https://github.com/pypa/pip/issues/12810>_)

  • Improve pip install performance.

    Files are now extracted in 1MB blocks, or in one block matching the file size for smaller files. A decompressor is no longer instantiated when extracting 0 bytes files, it is not necessary because there is no data to decompress. ([#12803](https://github.com/pypa/pip/issues/12803) <https://github.com/pypa/pip/issues/12803>_)

Bug Fixes

  • Set no_color to global rich.Console instance. ([#11045](https://github.com/pypa/pip/issues/11045) <https://github.com/pypa/pip/issues/11045>_)
  • Fix resolution to respect --python-version when checking Requires-Python. ([#12216](https://github.com/pypa/pip/issues/12216) <https://github.com/pypa/pip/issues/12216>_)
  • Perform hash comparisons in a case-insensitive manner. ([#12680](https://github.com/pypa/pip/issues/12680) <https://github.com/pypa/pip/issues/12680>_)
  • Avoid dlopen failure for glibc detection in musl builds ([#12716](https://github.com/pypa/pip/issues/12716) <https://github.com/pypa/pip/issues/12716>_)
  • Avoid keyring logging crashes when pip is run in verbose mode. ([#12751](https://github.com/pypa/pip/issues/12751) <https://github.com/pypa/pip/issues/12751>_)

... (truncated)

Commits
  • 97146c7 Bump for release
  • ef81b2e Update AUTHORS.txt
  • 350a057 Bump the github-actions group with 2 updates (#12876)
  • 184390f Update dependabot.yml to bump group updates (#12572)
  • 48917f1 Merge pull request #12875 from hellozee/fix-unit-test
  • dd85c28 Fix invalid origin test to check all the logged messages
  • 203780b Merge pull request #12865 from pradyunsg/better-exception-handling-around-sel...
  • e503141 Properly mock _self_version_check_logic
  • 3518d32 Rework how --debug is handled in main
  • be21d82 Move exception suppression to cover more of self-version-check logic
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
mkosiarc commented 3 months ago

@dependabot rebase

mkosiarc commented 2 months ago

@dependabot rebase

dependabot[bot] commented 2 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.