Conda

Latest version: v4.3.16

Safety actively analyzes 682457 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 31

4.3.2

Deprecations/Breaking Changes
* Further refine conda channels specification. To verify if the url of a channel
represents a valid conda channel, we check that `noarch/repodata.json` and/or
`noarch/repodata.json.bz2` exist, even if empty. (3739)

Improvements
* add new 'path_conflict' and 'clobber' configuration options (4119)
* separate fetch/extract pass for explicit URLs (4125)
* update conda homepage to conda.io (4180)

Bug Fixes
* fix pre/post unlink/link scripts (4113)
* fix package version regex and bug in create_link (4132)
* fix history tracking (4143)
* fix index creation order (4131)
* fix 4152 conda env export failure (4175)
* fix 3779 channel UNC path encoding errors on windows (4190)
* fix progress bar (4191)
* use context.channels instead of args.channel (4199)
* don't use local cached repodata for file:// urls (4209)

Non-User-Facing Changes
* xfail anaconda token test if local token is found (4124)
* fix open-ended test failures relating to python 3.6 release (4145)
* extend timebomb for test_multi_channel_export (4169)
* don't unlink dists that aren't in the index (4130)
* add python 3.6 and new conda-build test targets (4194)

4.3.1

Improvements
* additional pre-transaction validation (4090)
* export FileMode enum for conda-build (4080)
* memoize disk permissions tests (4091)
* local caching of repodata without remote server calls; new 'repodata_timeout_secs'
configuration parameter (4094)
* performance tuning (4104)
* add additional fields to dist object serialization (4102)

Bug Fixes
* fix a noarch install bug on windows (4071)
* fix a spec mismatch that resulted in python versions getting mixed during packaging (4079)
* fix rollback linked record (4092)
* fix 4097 keep split in PREFIX_PLACEHOLDER (4100)

4.3.0

New Features
* **Unlink and Link Packages in a Single Transaction**: In the past, conda hasn't always been safe
and defensive with its disk-mutating actions. It has gleefully clobbered existing files, and
mid-operation failures leave environments completely broken. In some of the most severe examples,
conda can appear to "uninstall itself." With this release, the unlinking and linking of packages
for an executed command is done in a single transaction. If a failure occurs for any reason
while conda is mutating files on disk, the environment will be returned its previous state.
While we've implemented some pre-transaction checks (verifying package integrity for example),
it's impossible to anticipate every failure mechanism. In some circumstances, OS file
permissions cannot be fully known until an operation is attempted and fails. And conda itself
is not without bugs. Moving forward, unforeseeable failures won't be catastrophic. (3833, 4030)

* **Progressive Fetch and Extract Transactions**: Like package unlinking and linking, the
download and extract phases of package handling have also been given transaction-like behavior.
The distinction is the rollback on error is limited to a single package. Rather than rolling back
the download and extract operation for all packages, the single-package rollback prevents the
need for having to re-download every package if an error is encountered. (4021, 4030)

* **Generic- and Python-Type Noarch/Universal Packages**: Along with conda-build 2.1.0, a
noarch/universal type for python packages is officially supported. These are much like universal
python wheels. Files in a python noarch package are linked into a prefix just like any other
conda package, with the following additional features
1. conda maps the `site-packages` directory to the correct location for the python version
in the environment,
2. conda maps the python-scripts directory to either $PREFIX/bin or $PREFIX/Scripts depending
on platform,
3. conda creates the python entry points specified in the conda-build recipe, and
4. conda compiles pyc files at install time when prefix write permissions are guaranteed.

Python noarch packages must be "fully universal." They cannot have OS- or
python version-specific dependencies. They cannot have OS- or python version-specific "scripts"
files. If these features are needed, traditional conda packages must be used. (3712)

* **Multi-User Package Caches**: While the on-disk package cache structure has been preserved,
the core logic implementing package cache handling has had a complete overhaul. Writable and
read-only package caches are fully supported. (4021)

* **Python API Module**: An oft requested feature is the ability to use conda as a python library,
obviating the need to "shell out" to another python process. Conda 4.3 includes a
`conda.cli.python_api` module that facilitates this use case. While we maintain the user-facing
command-line interface, conda commands can be executed in-process. There is also a
`conda.exports` module to facilitate longer-term usage of conda as a library across conda
conda releases. However, conda's python code *is* considered internal and private, subject
to change at any time across releases. At the moment, conda will not install itself into
environments other than its original install environment. (4028)

* **Remove All Locks**: Locking has never been fully effective in conda, and it often created a
false sense of security. In this release, multi-user package cache support has been
implemented for improved safety by hard-linking packages in read-only caches to the user's
primary user package cache. Still, users are cautioned that undefined behavior can result when
conda is running in multiple process and operating on the same package caches and/or
environments. (3862)

Deprecations/Breaking Changes
* Conda will refuse to clobber existing files that are not within the unlink instructions of
the transaction. At the risk of being user-hostile, it's a step forward for conda. We do
anticipate some growing pains. For example, conda will not clobber packages that have been
installed with pip (or any other package manager). In other instances, conda packages that
contain overlapping file paths but are from different package families will not install at
the same time. The `--force` command line flag is the escape hatch. Using `--force` will
let your operation proceed, but also makes clear that you want conda to do something it
considers unsafe.
* Conda signed packages have been removed in 4.3. Vulnerabilities existed. An illusion of security
is worse than not having the feature at all. We will be incorporating The Update Framework
into conda in a future feature release. (4064)
* Conda 4.4 will drop support for older versions of conda-build.

Improvements
* create a new "trace" log level enabled by `-v -v -v` or `-vvv` (3833)
* allow conda to be installed with pip, but only when used as a library/dependency (4028)
* the 'r' channel is now part of defaults (3677)
* private environment support for conda (3988)
* support v1 info/paths.json file (3927, 3943)
* support v1 info/package_metadata.json (4030)
* improved solver hint detection, simplified filtering (3597)
* cache VersionOrder objects to improve performance (3596)
* fix documentation and typos (3526, 3572, 3627)
* add multikey configuration validation (3432)
* some Fish autocompletions (2519)
* reduce priority for packages removed from the index (3703)
* add user-agent, uid, gid to conda info (3671)
* add conda.exports module (3429)
* make http timeouts configurable (3832)
* add a pkgs_dirs config parameter (3691)
* add an 'always_softlink' option (3870, 3876)
* pre-checks for diskspace, etc for fetch and extract (4007)
* address 3879 don't print activate message when quiet config is enabled (3886)
* add zos-z subdir (4060)
* add elapsed time to HTTP errors (3942)

Bug Fixes
* account for the Windows Python 2.7 os.environ unicode aversion (3363)
* fix link field in record object (3424)
* anaconda api token bug fix; additional tests (3673)
* fix 3667 unicode literals and unicode decode (3682)
* add conda-env entrypoint (3743)
* fix 3807 json dump on conda config --show --json (3811)
* fix 3801 location of temporary hard links of index.json (3813)
* fix invalid yml example (3849)
* add arm platforms back to subdirs (3852)
* fix 3771 better error message for assertion errors (3802)
* fix 3999 spaces in shebang replacement (4008)
* config --show-sources shouldn't show force by default (3891)
* fix 3881 don't install conda-env in clones of root (3899)
* conda-build dist compatibility (3909)

Non-User-Facing Changes
* remove unnecessary eval (3428)
* remove dead install_tar function (3641)
* apply PEP-8 to conda-env (3653)
* refactor dist into an object (3616)
* vendor appdirs; remove conda's dependency on anaconda-client import (3675)
* revert boto patch from 2380 (3676)
* move and update ROOT_NO_RM (3697)
* integration tests for conda clean (3695, 3699)
* disable coverage on s3 and ftp requests adapters (3696, 3701)
* github repo hygiene (3705, 3706)
* major install refactor (3712)
* remove test timebombs (4012)
* LinkType refactor (3882)
* move CrossPlatformStLink and make available as export (3887)
* make Record immutable (3965)
* project housekeeping (3994, 4065)
* context-dependent setup.py files (4057)

4.2.17

Improvements
* silence pre-link warning for old noarch 4.2.x backport (4453)

Bug Fixes
* remove incorrect elision of delete_prefix_from_linked_data() (4813)
* fix CB 1825 context clobbering (4867)
* fix 5101 api->conda regex substitution for Anaconda API channels (5100)

Non-User-Facing Changes
* build 4.2.x against conda-build 2.1.2 and enforce passing (4462)

4.2.16

Improvements
* vendor url parsing from urllib3 (4289)
* workaround for symlink race conditions on activate (4346)

Bug Fixes
* do not replace \ with / in file:// URLs on Windows (4269)
* include aliases for first command-line argument (4279)
* fix for multi-line FTP status codes (4276)
* fix errors with unknown type channels (4291)
* change sys.exit to raise UpgradeError when info/files not found (4388)

Non-User-Facing Changes
* start using doctests in test runs and coverage (4304)
* additional package pinning tests (4312)

4.2.15

Improvements
* use 'post' instead of 'dev' for commits according to PEP-440 (4234)
* do not use IFS to find activate/deactivate scripts to source (4243)
* fix relative path to python in activate.bat (4244)

Bug Fixes
* replace sed with python for activate and deactivate 4257

Page 4 of 31

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.