Pip-tools

27 Sep 2017

Features:

- `--generate-hashes` now generates hashes for all wheels, not only wheels for the
currently running platform ([520](https://github.com/jazzband/pip-tools/pull/520)).
Thanks jdufresne
- Added a `-q`/`--quiet` argument to the pip-sync command to reduce log output.

Bug Fixes:

- Fixed bug where unsafe packages would get pinned in generated requirements files when
`--allow-unsafe` was not set.
([517](https://github.com/jazzband/pip-tools/pull/517)). Thanks dschaller
- Fixed bug where editable PyPI dependencies would have a `download_dir` and be exposed
to `git-checkout-index`, (thus losing their VCS directory) and
`python setup.py egg_info` fails.
([385](https://github.com/jazzband/pip-tools/pull/385#) and
[538](https://github.com/jazzband/pip-tools/pull/538)). Thanks blueyed and dfee
- Fixed bug where some primary dependencies were annotated with "via" info comments.
([542](https://github.com/jazzband/pip-tools/pull/542)). Thanks quantus
- Fixed bug where pkg-resources would be removed by pip-sync in Ubuntu.
([555](https://github.com/jazzband/pip-tools/pull/555)). Thanks cemsbr
- Fixed bug where the resolver would sometime not stabilize on requirements specifying
extras. ([566](https://github.com/jazzband/pip-tools/pull/566)). Thanks vphilippon
- Fixed an unicode encoding error when distribution package contains non-ASCII file
names ([567](https://github.com/jazzband/pip-tools/pull/567)). Thanks suutari
- Fixed package hashing doing unnecessary unpacking
([557](https://github.com/jazzband/pip-tools/pull/557)). Thanks suutari-ai

12 Apr 2017

Features:

- Added ability to read requirements from `setup.py` instead of just `requirements.in`
([418](https://github.com/jazzband/pip-tools/pull/418)). Thanks to tysonclugg and
majuscule.
- Added a `--max-rounds` argument to the pip-compile command to allow for solving large
requirement sets ([472](https://github.com/jazzband/pip-tools/pull/472)). Thanks
derek-miller.
- Exclude unsafe packages' dependencies when `--allow-unsafe` is not in use
([441](https://github.com/jazzband/pip-tools/pull/441)). Thanks jdufresne.
- Exclude irrelevant pip constraints
([471](https://github.com/jazzband/pip-tools/pull/471)). Thanks derek-miller.
- Allow control over emitting trusted-host to the compiled requirements.
([448](https://github.com/jazzband/pip-tools/pull/448)). Thanks tonyseek.
- Allow running as a Python module
([461](https://github.com/jazzband/pip-tools/pull/461)). Thanks AndreLouisCaron.
- Preserve environment markers in generated requirements.txt.
([460](https://github.com/jazzband/pip-tools/pull/460)). Thanks barrywhart.

Bug Fixes:

- Fixed the --upgrade-package option to respect the given package list to update
([491](https://github.com/jazzband/pip-tools/pull/491)).
- Fixed the default output file name when the source file has no extension
([488](https://github.com/jazzband/pip-tools/pull/488)). Thanks vphilippon
- Fixed crash on editable requirements introduced in 1.8.2.
- Fixed duplicated --trusted-host, --extra-index-url and --index-url in the generated
requirements.

28 Mar 2017

- Regression fix: editable reqs were losing their dependencies after first round
([476](https://github.com/jazzband/pip-tools/pull/476)) Thanks mattlong
- Remove duplicate index urls in generated requirements.txt
([468](https://github.com/jazzband/pip-tools/pull/468)) Thanks majuscule

22 Mar 2017

- Recalculate secondary dependencies between rounds (378)
- Calculated dependencies could be left with wrong candidates when toplevel requirements
happen to be also pinned in sub-dependencies (450)
- Fix duplicate entries that could happen in generated requirements.txt (427)
- Gracefully report invalid pip version (457)
- Fix capitalization in the generated requirements.txt, packages will always be
lowercased (452)

17 Nov 2016

- Adds support for upgrading individual packages with a new option `--upgrade-package`.
To upgrade a _specific_ package to the latest or a specific version use
`--upgrade-package <pkg>`. To upgrade all packages, you can still use
`pip-compile --upgrade`. (409)
- Adds support for pinning dependencies even further by including the hashes found on
PyPI at compilation time, which will be re-checked when dependencies are installed at
installation time. This adds protection against packages that are tampered with.
(383)
- Improve support for extras, like `hypothesis[django]`
- Drop support for pip < 8

20 Oct 2016

- Add `--allow-unsafe` option (377)