Pip

Latest version: v24.1

Safety actively analyzes 640549 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 16 of 25

7.1.0

Not secure
==================

- Allow constraining versions globally without having to know exactly what will
be installed by the pip command. (2731)
- Accept --no-binary and --only-binary via pip.conf. (2867)
- Allow ``--allow-all-external`` within a requirements file.
- Fixed an issue where ``--user`` could not be used when ``--prefix`` was used
in a distutils configuration file.
- Fixed an issue where the SOABI tags were not correctly being generated on
Python 3.5.
- Fixed an issue where we were advising windows users to upgrade by directly
executing pip, when that would always fail on Windows.
- Allow ``~`` to be expanded within a cache directory in all situations.

7.0.3

Not secure
==================

- Fixed a regression where ``--no-cache-dir`` would raise an exception. (2855)

7.0.2

Not secure
==================

- **BACKWARD INCOMPATIBLE** Revert the change (released in v7.0.0) that
required quoting in requirements files around specifiers containing
environment markers. (2841)
- **BACKWARD INCOMPATIBLE** Revert the accidental introduction of support for
options interleaved with requirements, version specifiers etc in
``requirements`` files. (2841)
- Expand ``~`` in the cache directory when caching wheels. (2816)
- Use ``python -m pip`` instead of ``pip`` when recommending an upgrade command
to Windows users.

7.0.1

Not secure
==================

- Don't build and cache wheels for non-editable installations from VCSs.
- Allow ``--allow-all-external`` inside of a requirements.txt file, fixing a
regression in 7.0.

7.0.0

Not secure
==================

- **BACKWARD INCOMPATIBLE** Removed the deprecated ``--mirror``,
``--use-mirrors``, and ``-M`` options.
- **BACKWARD INCOMPATIBLE** Removed the deprecated ``zip`` and ``unzip``
commands.
- **BACKWARD INCOMPATIBLE** Removed the deprecated ``--no-install`` and
``--no-download`` options.
- **BACKWARD INCOMPATIBLE** No longer implicitly support an insecure origin
origin, and instead require insecure origins be explicitly trusted with the
``--trusted-host`` option.
- **BACKWARD INCOMPATIBLE** Removed the deprecated link scraping that attempted
to parse HTML comments for a specially formatted comment.
- **BACKWARD INCOMPATIBLE** Requirements in requirements files containing
markers must now be quoted due to parser changes. For example, use
``"SomeProject; python_version < '2.7'"``, not simply
``SomeProject; python_version < '2.7'`` (2697, 2725)
- `get-pip.py` now installs the "wheel" package, when it's not already
installed. (2800)
- Ignores bz2 archives if Python wasn't compiled with bz2 support. (497)
- Support ``--install-option`` and ``--global-option`` per requirement in
requirement files. (2537)
- Build Wheels prior to installing from sdist, caching them in the pip cache
directory to speed up subsequent installs. (2618)
- Allow fine grained control over the use of wheels and source builds. (2699)
- ``--no-use-wheel`` and ``--use-wheel`` are deprecated in favour of new
options ``--no-binary`` and ``--only-binary``. The equivalent of
``--no-use-wheel`` is ``--no-binary=:all:``. (2699)
- The use of ``--install-option``, ``--global-option`` or ``--build-option``
disable the use of wheels, and the autobuilding of wheels. (2711, 2677)
- Improve logging when a requirement marker doesn't match your environment.
(2735)
- Removed the temporary modifications (that began in pip v1.4 when distribute
and setuptools merged) that allowed distribute to be considered a conflict to
setuptools. ``pip install -U setuptools`` will no longer upgrade "distribute"
to "setuptools". Instead, use ``pip install -U distribute``. (2767)
- Only display a warning to upgrade pip when the newest version is a final
release and it is not a post release of the version we already have
installed. (2766)
- Display a warning when attempting to access a repository that uses HTTPS when
we don't have Python compiled with SSL support. (2761)
- Allowing using extras when installing from a file path without requiring the
use of an editable. (2785)
- Fix an infinite loop when the cache directory is stored on a file system
which does not support hard links. (2796)
- Remove the implicit debug log that was written on every invocation, instead
users will need to use ``--log`` if they wish to have one. (2798)

6.1.1

Not secure
==================

- No longer ignore dependencies which have been added to the standard library,
instead continue to install them.

Page 16 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.