Pip

Latest version: v24.0

Safety actively analyzes 638466 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 14 of 25

9.0.1

Not secure
==================

- Correct the deprecation message when not specifying a --format so that it
uses the correct setting name (``format``) rather than the incorrect one
(``list_format``). (4058)
- Fix ``pip check`` to check all available distributions and not just the
local ones. (4083)
- Fix a crash on non ASCII characters from `lsb_release`. (4062)
- Fix an SyntaxError in an unused module of a vendored dependency. (4059)
- Fix UNC paths on Windows. (4064)

9.0.0

Not secure
==================

- **BACKWARD INCOMPATIBLE** Remove the attempted autodetection of requirement
names from URLs, URLs must include a name via ``egg=``.
- **DEPRECATION** ``pip install --egg`` have been deprecated and will be
removed in the future. This "feature" has a long list of drawbacks which
break nearly all of pip's other features in subtle and hard-to-diagnose
ways.
- **DEPRECATION** ``--default-vcs`` option. (4052)
- **WARNING** pip 9 cache can break forward compatibility with previous pip
versions if your package repository allows chunked responses. (4078)
- Add an ``--upgrade-strategy`` option to ``pip install``, to control how
dependency upgrades are managed. (3972)
- Add a ``pip check`` command to check installed packages dependencies. (3750)
- Add option allowing user to abort pip operation if file/directory exists
- Add Appveyor CI
- Uninstall existing packages when performing an editable installation of
the same packages. (1548)
- ``pip show`` is less verbose by default. ``--verbose`` prints multiline
fields. (3858)
- Add optional column formatting to ``pip list``. (3651)
- Add ``--not-required`` option to ``pip list``, which lists packages that are
not dependencies of other packages.
- Fix builds on systems with symlinked ``/tmp`` directory for custom
builds such as numpy. (3701)
- Fix regression in ``pip freeze``: when there is more than one git remote,
priority is given to the remote named ``origin``. (3708, 3616).
- Fix crash when calling ``pip freeze`` with invalid requirement installed.
(3704, 3681)
- Allow multiple ``--requirement`` files in ``pip freeze``. (3703)
- Implementation of pep-503 ``data-requires-python``. When this field is
present for a release link, pip will ignore the download when
installing to a Python version that doesn't satisfy the requirement.
- ``pip wheel`` now works on editable packages too (it was only working on
editable dependencies before); this allows running ``pip wheel`` on the result
of ``pip freeze`` in presence of editable requirements. (3695, 3291)
- Load credentials from ``.netrc`` files. (3715, 3569)
- Add ``--platform``, ``--python-version``, ``--implementation`` and ``--abi``
parameters to ``pip download``. These allow utilities and advanced users to
gather distributions for interpreters other than the one pip is being run on.
(3760)
- Skip scanning virtual environments, even when venv/bin/python is a dangling
symlink.
- Added ``pip completion`` support for the ``fish`` shell.
- Fix problems on Windows on Python 2 when username or hostname contains
non-ASCII characters. (3463, 3970, 4000)
- Use ``git fetch --tags`` to fetch tags in addition to everything else that
is normally fetched; this is necessary in case a git requirement url
points to a tag or commit that is not on a branch. (3791)
- Normalize package names before using in ``pip show`` (3976)
- Raise when Requires-Python do not match the running version and add
``--ignore-requires-python`` option as escape hatch. (3846)
- Report the correct installed version when performing an upgrade in some
corner cases. (2382
- Add ``-i`` shorthand for ``--index`` flag in ``pip search``.
- Do not optionally load C dependencies in requests. (1840, 2930, 3024)
- Strip authentication from SVN url prior to passing it to ``svn``.
(3697, 3209)
- Also install in platlib with ``--target`` option. (3694, 3682)
- Restore the ability to use inline comments in requirements files passed to
``pip freeze``. (3680)

8.1.2

Not secure
==================

- Fix a regression on systems with uninitialized locale. (3575)
- Use environment markers to filter packages before determining if a required
wheel is supported. (3254)
- Make glibc parsing for `manylinux1` support more robust for the variety of
glibc versions found in the wild. (3588)
- Update environment marker support to fully support legacy and PEP 508 style
environment markers. (3624)
- Always use debug logging to the ``--log`` file. (3351)
- Don't attempt to wrap search results for extremely narrow terminal windows.
(3655)

8.1.1

Not secure
==================

- Fix regression with non-ascii requirement files on Python 2 and add support
for encoding headers in requirement files. (3548, 3547)

8.1.0

Not secure
==================

- Implement PEP 513, which adds support for the manylinux1 platform tag,
allowing carefully compiled binary wheels to be installed on compatible Linux
platforms.
- Allow wheels which are not specific to a particular Python interpreter but
which are specific to a particular platform. (3202)
- Fixed an issue where ``call_subprocess`` would crash trying to print debug
data on child process failure. (3521, 3522)
- Exclude the wheel package from the `pip freeze` output (like pip and
setuptools). (2989)
- Allow installing modules from a subdirectory of a vcs repository in
non-editable mode. (3217, 3466)
- Make pip wheel and pip download work with vcs urls with subdirectory option.
(3466)
- Show classifiers in ``pip show``.
- Show PEP376 Installer in ``pip show``. (3517)
- Unhide completion command. (1810)
- Show latest version number in ``pip search`` results. (1415)
- Decode requirement files according to their BOM if present. (3485, 2865)
- Fix and deprecate package name detection from url path. (3523, 3495)
- Correct the behavior where interpreter specific tags (such as cp34) were
being used on later versions of the same interpreter instead of only for that
specific interpreter. (3472)
- Fix an issue where pip would erroneously install a 64 bit wheel on a 32 bit
Python running on a 64 bit macOS machine.
- Do not assume that all git repositories have an origin remote.
- Correctly display the line to add to a requirements.txt for an URL based
dependency when ``--require-hashes`` is enabled.

8.0.3

Not secure
==================

- Make ``install --quiet`` really quiet. (3418)
- Fix a bug when removing packages in python 3: disable INI-style parsing of the
entry_point.txt file to allow entry point names with colons. (3434)
- Normalize generated script files path in RECORD files. (3448)
- Fix bug introduced in 8.0.0 where subcommand output was not shown,
even when the user specified ``-v`` / ``--verbose``. (3486)
- Enable python -W with respect to PipDeprecationWarning. (3455)
- Upgrade distlib to 0.2.2.
- Improved support for Jython when quoting executables in output scripts.
(3467)
- Add a `--all` option to `pip freeze` to include usually skipped package
(like pip, setuptools and wheel) to the freeze output. (1610)

Page 14 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.