Pip

Latest version: v24.0

Safety actively analyzes 638466 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 12 of 25

19.0.3

Not secure
===================

Bug Fixes
---------

- Fix an ``IndexError`` crash when a legacy build of a wheel fails. (`6252 <https://github.com/pypa/pip/issues/6252>`_)
- Fix a regression introduced in 19.0.2 where the filename in a RECORD file
of an installed file would not be updated when installing a wheel. (`6266 <https://github.com/pypa/pip/issues/6266>`_)

19.0.2

Not secure
===================

Bug Fixes
---------

- Fix a crash where PEP 517-based builds using ``--no-cache-dir`` would fail in
some circumstances with an ``AssertionError`` due to not finalizing a build
directory internally. (`6197 <https://github.com/pypa/pip/issues/6197>`_)
- Provide a better error message if attempting an editable install of a
directory with a ``pyproject.toml`` but no ``setup.py``. (`6170 <https://github.com/pypa/pip/issues/6170>`_)
- The implicit default backend used for projects that provide a ``pyproject.toml``
file without explicitly specifying ``build-backend`` now behaves more like direct
execution of ``setup.py``, and hence should restore compatibility with projects
that were unable to be installed with ``pip`` 19.0. This raised the minimum
required version of ``setuptools`` for such builds to 40.8.0. (`6163 <https://github.com/pypa/pip/issues/6163>`_)
- Allow ``RECORD`` lines with more than three elements, and display a warning. (`6165 <https://github.com/pypa/pip/issues/6165>`_)
- ``AdjacentTempDirectory`` fails on unwritable directory instead of locking up the uninstall command. (`6169 <https://github.com/pypa/pip/issues/6169>`_)
- Make failed uninstalls roll back more reliably and better at avoiding naming conflicts. (`6194 <https://github.com/pypa/pip/issues/6194>`_)
- Ensure the correct wheel file is copied when building PEP 517 distribution is built. (`6196 <https://github.com/pypa/pip/issues/6196>`_)
- The Python 2 end of life warning now only shows on CPython, which is the
implementation that has announced end of life plans. (`6207 <https://github.com/pypa/pip/issues/6207>`_)

Improved Documentation
----------------------

- Re-write README and documentation index (`5815 <https://github.com/pypa/pip/issues/5815>`_)

19.0.1

Not secure
===================

Bug Fixes
---------

- Fix a crash when using --no-cache-dir with PEP 517 distributions (`6158 <https://github.com/pypa/pip/issues/6158>`_, `#6171 <https://github.com/pypa/pip/issues/6171>`_)

19.0

Not secure
=================

Deprecations and Removals
-------------------------

- Deprecate support for Python 3.4 (`6106 <https://github.com/pypa/pip/issues/6106>`_)
- Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life and
prompt users to start migrating to Python 3. (`6148 <https://github.com/pypa/pip/issues/6148>`_)
- Remove the deprecated ``--process-dependency-links`` option. (`6060 <https://github.com/pypa/pip/issues/6060>`_)
- Remove the deprecated SVN editable detection based on dependency links
during freeze. (`5866 <https://github.com/pypa/pip/issues/5866>`_)

Features
--------

- Implement PEP 517 (allow projects to specify a build backend via pyproject.toml). (`5743 <https://github.com/pypa/pip/issues/5743>`_)
- Implement manylinux2010 platform tag support. manylinux2010 is the successor
to manylinux1. It allows carefully compiled binary wheels to be installed
on compatible Linux platforms. (`5008 <https://github.com/pypa/pip/issues/5008>`_)
- Improve build isolation: handle ``.pth`` files, so namespace packages are correctly supported under Python 3.2 and earlier. (`5656 <https://github.com/pypa/pip/issues/5656>`_)
- Include the package name in a freeze warning if the package is not installed. (`5943 <https://github.com/pypa/pip/issues/5943>`_)
- Warn when dropping an ``--[extra-]index-url`` value that points to an existing local directory. (`5827 <https://github.com/pypa/pip/issues/5827>`_)
- Prefix pip's ``--log`` file lines with their timestamp. (`6141 <https://github.com/pypa/pip/issues/6141>`_)

Bug Fixes
---------

- Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_)
- Redact the password from the URL in various log messages. (`4746 <https://github.com/pypa/pip/issues/4746>`_, `#6124 <https://github.com/pypa/pip/issues/6124>`_)
- Avoid creating excessively long temporary paths when uninstalling packages. (`3055 <https://github.com/pypa/pip/issues/3055>`_)
- Avoid printing a stack trace when given an invalid requirement. (`5147 <https://github.com/pypa/pip/issues/5147>`_)
- Present 401 warning if username/password do not work for URL (`4833 <https://github.com/pypa/pip/issues/4833>`_)
- Handle ``requests.exceptions.RetryError`` raised in ``PackageFinder`` that was causing pip to fail silently when some indexes were unreachable. (`5270 <https://github.com/pypa/pip/issues/5270>`_, `#5483 <https://github.com/pypa/pip/issues/5483>`_)
- Handle a broken stdout pipe more gracefully (e.g. when running ``pip list | head``). (`4170 <https://github.com/pypa/pip/issues/4170>`_)
- Fix crash from setting ``PIP_NO_CACHE_DIR=yes``. (`5385 <https://github.com/pypa/pip/issues/5385>`_)
- Fix crash from unparsable requirements when checking installed packages. (`5839 <https://github.com/pypa/pip/issues/5839>`_)
- Fix content type detection if a directory named like an archive is used as a package source. (`5838 <https://github.com/pypa/pip/issues/5838>`_)
- Fix listing of outdated packages that are not dependencies of installed packages in ``pip list --outdated --not-required`` (`5737 <https://github.com/pypa/pip/issues/5737>`_)
- Fix sorting ``TypeError`` in ``move_wheel_files()`` when installing some packages. (`5868 <https://github.com/pypa/pip/issues/5868>`_)
- Fix support for invoking pip using ``python src/pip ...``. (`5841 <https://github.com/pypa/pip/issues/5841>`_)
- Greatly reduce memory usage when installing wheels containing large files. (`5848 <https://github.com/pypa/pip/issues/5848>`_)
- Editable non-VCS installs now freeze as editable. (`5031 <https://github.com/pypa/pip/issues/5031>`_)
- Editable Git installs without a remote now freeze as editable. (`4759 <https://github.com/pypa/pip/issues/4759>`_)
- Canonicalize sdist file names so they can be matched to a canonicalized package name passed to ``pip install``. (`5870 <https://github.com/pypa/pip/issues/5870>`_)
- Properly decode special characters in SVN URL credentials. (`5968 <https://github.com/pypa/pip/issues/5968>`_)
- Make ``PIP_NO_CACHE_DIR`` disable the cache also for truthy values like ``"true"``, ``"yes"``, ``"1"``, etc. (`5735 <https://github.com/pypa/pip/issues/5735>`_)

Vendored Libraries
------------------

- Include license text of vendored 3rd party libraries. (`5213 <https://github.com/pypa/pip/issues/5213>`_)
- Update certifi to 2018.11.29
- Update colorama to 0.4.1
- Update distlib to 0.2.8
- Update idna to 2.8
- Update packaging to 19.0
- Update pep517 to 0.5.0
- Update pkg_resources to 40.6.3 (via setuptools)
- Update pyparsing to 2.3.1
- Update pytoml to 0.1.20
- Update requests to 2.21.0
- Update six to 1.12.0
- Update urllib3 to 1.24.1

Improved Documentation
----------------------

- Include the Vendoring Policy in the documentation. (`5958 <https://github.com/pypa/pip/issues/5958>`_)
- Add instructions for running pip from source to Development documentation. (`5949 <https://github.com/pypa/pip/issues/5949>`_)
- Remove references to removed ``egg=<name>-<version>`` functionality (`5888 <https://github.com/pypa/pip/issues/5888>`_)
- Fix omission of command name in HTML usage documentation (`5984 <https://github.com/pypa/pip/issues/5984>`_)

18.1

Not secure
=================

Features
--------

- Allow PEP 508 URL requirements to be used as dependencies.

As a security measure, pip will raise an exception when installing packages from
PyPI if those packages depend on packages not also hosted on PyPI.
In the future, PyPI will block uploading packages with such external URL dependencies directly. (`4187 <https://github.com/pypa/pip/issues/4187>`_)
- Allows dist options (--abi, --python-version, --platform, --implementation) when installing with --target (`5355 <https://github.com/pypa/pip/issues/5355>`_)
- Support passing ``svn+ssh`` URLs with a username to ``pip install -e``. (`5375 <https://github.com/pypa/pip/issues/5375>`_)
- pip now ensures that the RECORD file is sorted when installing from a wheel file. (`5525 <https://github.com/pypa/pip/issues/5525>`_)
- Add support for Python 3.7. (`5561 <https://github.com/pypa/pip/issues/5561>`_)
- Malformed configuration files now show helpful error messages, instead of tracebacks. (`5798 <https://github.com/pypa/pip/issues/5798>`_)

Bug Fixes
---------

- Checkout the correct branch when doing an editable Git install. (`2037 <https://github.com/pypa/pip/issues/2037>`_)
- Run self-version-check only on commands that may access the index, instead of
trying on every run and failing to do so due to missing options. (`5433 <https://github.com/pypa/pip/issues/5433>`_)
- Allow a Git ref to be installed over an existing installation. (`5624 <https://github.com/pypa/pip/issues/5624>`_)
- Show a better error message when a configuration option has an invalid value. (`5644 <https://github.com/pypa/pip/issues/5644>`_)
- Always revalidate cached simple API pages instead of blindly caching them for up to 10
minutes. (`5670 <https://github.com/pypa/pip/issues/5670>`_)
- Avoid caching self-version-check information when cache is disabled. (`5679 <https://github.com/pypa/pip/issues/5679>`_)
- Avoid traceback printing on autocomplete after flags in the CLI. (`5751 <https://github.com/pypa/pip/issues/5751>`_)
- Fix incorrect parsing of egg names if pip needs to guess the package name. (`5819 <https://github.com/pypa/pip/issues/5819>`_)

Vendored Libraries
------------------

- Upgrade certifi to 2018.8.24
- Upgrade packaging to 18.0
- Upgrade pyparsing to 2.2.1
- Add pep517 version 0.2
- Upgrade pytoml to 0.1.19
- Upgrade pkg_resources to 40.4.3 (via setuptools)

Improved Documentation
----------------------

- Fix "Requirements Files" reference in User Guide (`user_guide_fix_requirements_file_ref <https://github.com/pypa/pip/issues/user_guide_fix_requirements_file_ref>`_)

18.0

Not secure
=================

Process
-------

- Switch to a Calendar based versioning scheme.
- Formally document our deprecation process as a minimum of 6 months of deprecation
warnings.
- Adopt and document NEWS fragment writing style.
- Switch to releasing a new, non-bug fix version of pip every 3 months.

Deprecations and Removals
-------------------------

- Remove the legacy format from pip list. (3651, 3654)
- Dropped support for Python 3.3. (3796)
- Remove support for cleaning up egg fragment postfixes. (4174)
- Remove the shim for the old get-pip.py location. (5520)

For the past 2 years, it's only been redirecting users to use the newer
https://bootstrap.pypa.io/get-pip.py location.

Features
--------

- Introduce a new --prefer-binary flag, to prefer older wheels over newer source packages. (3785)
- Improve autocompletion function on file name completion after options
which have ``<file>``, ``<dir>`` or ``<path>`` as metavar. (4842, 5125)
- Add support for installing PEP 518 build dependencies from source. (5229)
- Improve status message when upgrade is skipped due to only-if-needed strategy. (5319)

Bug Fixes
---------

- Update pip's self-check logic to not use a virtualenv specific file and honor cache-dir. (3905)
- Remove compiled pyo files for wheel packages. (4471)
- Speed up printing of newly installed package versions. (5127)
- Restrict install time dependency warnings to directly-dependant packages. (5196, 5457)

Warning about the entire package set has resulted in users getting confused as
to why pip is printing these warnings.
- Improve handling of PEP 518 build requirements: support environment markers and extras. (5230, 5265)
- Remove username/password from log message when using index with basic auth. (5249)
- Remove trailing os.sep from PATH directories to avoid false negatives. (5293)
- Fix "pip wheel pip" being blocked by the "don't use pip to modify itself" check. (5311, 5312)
- Disable pip's version check (and upgrade message) when installed by a different package manager. (5346)

This works better with Linux distributions where pip's upgrade message may
result in users running pip in a manner that modifies files that should be
managed by the OS's package manager.
- Check for file existence and unlink first when clobbering existing files during a wheel install. (5366)
- Improve error message to be more specific when no files are found as listed in as listed in PKG-INFO. (5381)
- Always read ``pyproject.toml`` as UTF-8. This fixes Unicode handling on Windows and Python 2. (5482)
- Fix a crash that occurs when PATH not set, while generating script location warning. (5558)
- Disallow packages with ``pyproject.toml`` files that have an empty build-system table. (5627)

Vendored Libraries
------------------

- Update CacheControl to 0.12.5.
- Update certifi to 2018.4.16.
- Update distro to 1.3.0.
- Update idna to 2.7.
- Update ipaddress to 1.0.22.
- Update pkg_resources to 39.2.0 (via setuptools).
- Update progress to 1.4.
- Update pytoml to 0.1.16.
- Update requests to 2.19.1.
- Update urllib3 to 1.23.

Improved Documentation
----------------------

- Document how to use pip with a proxy server. (512, 5574)
- Document that the output of pip show is in RFC-compliant mail header format. (5261)

Page 12 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.