Deprecate pip install --editable falling back to setup.py develop
when using a setuptools version that does not support :pep:660
(setuptools v63 and older). ([#11457](https://github.com/pypa/pip/issues/11457) <https://github.com/pypa/pip/issues/11457>_)
Features
Check unsupported packages for the current platform. ([#11054](https://github.com/pypa/pip/issues/11054) <https://github.com/pypa/pip/issues/11054>_)
Use system certificates and certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.
To revert to previous behaviour, pass the flag --use-deprecated=legacy-certs. ([#11647](https://github.com/pypa/pip/issues/11647) <https://github.com/pypa/pip/issues/11647>_)
Improve discovery performance of installed packages when the importlib.metadata
backend is used to load distribution metadata (used by default under Python 3.11+). ([#12656](https://github.com/pypa/pip/issues/12656) <https://github.com/pypa/pip/issues/12656>_)
Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. ([#12663](https://github.com/pypa/pip/issues/12663) <https://github.com/pypa/pip/issues/12663>_)
Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions ([#12664](https://github.com/pypa/pip/issues/12664) <https://github.com/pypa/pip/issues/12664>_)
Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. ([#12683](https://github.com/pypa/pip/issues/12683) <https://github.com/pypa/pip/issues/12683>_)
Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)
wheel is no longer explicitly listed as a build dependency of pip.
setuptools injects this dependency in the get_requires_for_build_wheel()
hook and no longer needs it on newer versions. ([#12728](https://github.com/pypa/pip/issues/12728) <https://github.com/pypa/pip/issues/12728>_)
Ignore --require-virtualenv for pip check and pip freeze ([#12842](https://github.com/pypa/pip/issues/12842) <https://github.com/pypa/pip/issues/12842>_)
Improve package download and install performance.
Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. ([#12810](https://github.com/pypa/pip/issues/12810) <https://github.com/pypa/pip/issues/12810>_)
Improve pip install performance.
Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. ([#12803](https://github.com/pypa/pip/issues/12803) <https://github.com/pypa/pip/issues/12803>_)
Bug Fixes
Set no_color to global rich.Console instance. ([#11045](https://github.com/pypa/pip/issues/11045) <https://github.com/pypa/pip/issues/11045>_)
Fix resolution to respect --python-version when checking Requires-Python. ([#12216](https://github.com/pypa/pip/issues/12216) <https://github.com/pypa/pip/issues/12216>_)
Perform hash comparisons in a case-insensitive manner. ([#12680](https://github.com/pypa/pip/issues/12680) <https://github.com/pypa/pip/issues/12680>_)
Avoid dlopen failure for glibc detection in musl builds ([#12716](https://github.com/pypa/pip/issues/12716) <https://github.com/pypa/pip/issues/12716>_)
Avoid keyring logging crashes when pip is run in verbose mode. ([#12751](https://github.com/pypa/pip/issues/12751) <https://github.com/pypa/pip/issues/12751>_)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coverage: 91.624%. remained the same
when pulling b24142775eb453f8656546c4c3e69706d4bd0c4c on dependabot/pip/dot-github/pip-24.2
into 9c07453e7de6d3a9f72796ef000864c90760b5bc on main.
Bumps pip from 24.0 to 24.2.
Changelog
Sourced from pip's changelog.
... (truncated)
Commits
97146c7
Bump for releaseef81b2e
Update AUTHORS.txt350a057
Bump the github-actions group with 2 updates (#12876)184390f
Update dependabot.yml to bump group updates (#12572)48917f1
Merge pull request #12875 from hellozee/fix-unit-testdd85c28
Fix invalid origin test to check all the logged messages203780b
Merge pull request #12865 from pradyunsg/better-exception-handling-around-sel...e503141
Properly mock_self_version_check_logic
3518d32
Rework how--debug
is handled inmain
be21d82
Move exception suppression to cover more of self-version-check logicDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show