Pip

Latest version: v24.0

Safety actively analyzes 638452 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 16 of 25

7.0.3

Not secure
==================

- Fixed a regression where ``--no-cache-dir`` would raise an exception. (2855)

7.0.2

Not secure
==================

- **BACKWARD INCOMPATIBLE** Revert the change (released in v7.0.0) that
required quoting in requirements files around specifiers containing
environment markers. (2841)
- **BACKWARD INCOMPATIBLE** Revert the accidental introduction of support for
options interleaved with requirements, version specifiers etc in
``requirements`` files. (2841)
- Expand ``~`` in the cache directory when caching wheels. (2816)
- Use ``python -m pip`` instead of ``pip`` when recommending an upgrade command
to Windows users.

7.0.1

Not secure
==================

- Don't build and cache wheels for non-editable installations from VCSs.
- Allow ``--allow-all-external`` inside of a requirements.txt file, fixing a
regression in 7.0.

7.0.0

Not secure
==================

- **BACKWARD INCOMPATIBLE** Removed the deprecated ``--mirror``,
``--use-mirrors``, and ``-M`` options.
- **BACKWARD INCOMPATIBLE** Removed the deprecated ``zip`` and ``unzip``
commands.
- **BACKWARD INCOMPATIBLE** Removed the deprecated ``--no-install`` and
``--no-download`` options.
- **BACKWARD INCOMPATIBLE** No longer implicitly support an insecure origin
origin, and instead require insecure origins be explicitly trusted with the
``--trusted-host`` option.
- **BACKWARD INCOMPATIBLE** Removed the deprecated link scraping that attempted
to parse HTML comments for a specially formatted comment.
- **BACKWARD INCOMPATIBLE** Requirements in requirements files containing
markers must now be quoted due to parser changes. For example, use
``"SomeProject; python_version < '2.7'"``, not simply
``SomeProject; python_version < '2.7'`` (2697, 2725)
- `get-pip.py` now installs the "wheel" package, when it's not already
installed. (2800)
- Ignores bz2 archives if Python wasn't compiled with bz2 support. (497)
- Support ``--install-option`` and ``--global-option`` per requirement in
requirement files. (2537)
- Build Wheels prior to installing from sdist, caching them in the pip cache
directory to speed up subsequent installs. (2618)
- Allow fine grained control over the use of wheels and source builds. (2699)
- ``--no-use-wheel`` and ``--use-wheel`` are deprecated in favour of new
options ``--no-binary`` and ``--only-binary``. The equivalent of
``--no-use-wheel`` is ``--no-binary=:all:``. (2699)
- The use of ``--install-option``, ``--global-option`` or ``--build-option``
disable the use of wheels, and the autobuilding of wheels. (2711, 2677)
- Improve logging when a requirement marker doesn't match your environment.
(2735)
- Removed the temporary modifications (that began in pip v1.4 when distribute
and setuptools merged) that allowed distribute to be considered a conflict to
setuptools. ``pip install -U setuptools`` will no longer upgrade "distribute"
to "setuptools". Instead, use ``pip install -U distribute``. (2767)
- Only display a warning to upgrade pip when the newest version is a final
release and it is not a post release of the version we already have
installed. (2766)
- Display a warning when attempting to access a repository that uses HTTPS when
we don't have Python compiled with SSL support. (2761)
- Allowing using extras when installing from a file path without requiring the
use of an editable. (2785)
- Fix an infinite loop when the cache directory is stored on a file system
which does not support hard links. (2796)
- Remove the implicit debug log that was written on every invocation, instead
users will need to use ``--log`` if they wish to have one. (2798)

6.1.1

Not secure
==================

- No longer ignore dependencies which have been added to the standard library,
instead continue to install them.

6.1.0

Not secure
==================

- Fixes upgrades failing when no potential links were found for dependencies
other than the current installation. (2538, 2502)
- Use a smoother progress bar when the terminal is capable of handling it,
otherwise fallback to the original ASCII based progress bar.
- Display much less output when `pip install` succeeds, because on success,
users probably don't care about all the nitty gritty details of compiling and
installing. When `pip install` fails, display the failed install output once
instead of twice, because once is enough. (2487)
- Upgrade the bundled copy of requests to 2.6.0, fixing CVE-2015-2296.
- Display format of latest package when using ``pip list --outdated``. (2475)
- Don't use pywin32 as ctypes should always be available on Windows, using
pywin32 prevented uninstallation of pywin32 on Windows. (:pull:`2467`)
- Normalize the ``--wheel-dir`` option, expanding out constructs such as ``~``
when used. (2441)
- Display a warning when an undefined extra has been requested. (2142)
- Speed up installing a directory in certain cases by creating a sdist instead
of copying the entire directory. (2535)
- Don't follow symlinks when uninstalling files (2552)
- Upgrade the bundled copy of cachecontrol from 0.11.1 to 0.11.2. (2481, 2595)
- Attempt to more smartly choose the order of installation to try and install
dependencies before the projects that depend on them. (2616)
- Skip trying to install libraries which are part of the standard library.
(2636, 2602)
- Support arch specific wheels that are not tied to a specific Python ABI.
(2561)
- Output warnings and errors to stderr instead of stdout. (2543)
- Adjust the cache dir file checks to only check ownership if the effective
user is root. (2396)
- Install headers into a per project name directory instead of all of them into
the root directory when inside of a virtual environment. (2421)

Page 16 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.