Pip

Latest version: v24.1

Safety actively analyzes 640549 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 17 of 25

6.1.0

Not secure
==================

- Fixes upgrades failing when no potential links were found for dependencies
other than the current installation. (2538, 2502)
- Use a smoother progress bar when the terminal is capable of handling it,
otherwise fallback to the original ASCII based progress bar.
- Display much less output when `pip install` succeeds, because on success,
users probably don't care about all the nitty gritty details of compiling and
installing. When `pip install` fails, display the failed install output once
instead of twice, because once is enough. (2487)
- Upgrade the bundled copy of requests to 2.6.0, fixing CVE-2015-2296.
- Display format of latest package when using ``pip list --outdated``. (2475)
- Don't use pywin32 as ctypes should always be available on Windows, using
pywin32 prevented uninstallation of pywin32 on Windows. (:pull:`2467`)
- Normalize the ``--wheel-dir`` option, expanding out constructs such as ``~``
when used. (2441)
- Display a warning when an undefined extra has been requested. (2142)
- Speed up installing a directory in certain cases by creating a sdist instead
of copying the entire directory. (2535)
- Don't follow symlinks when uninstalling files (2552)
- Upgrade the bundled copy of cachecontrol from 0.11.1 to 0.11.2. (2481, 2595)
- Attempt to more smartly choose the order of installation to try and install
dependencies before the projects that depend on them. (2616)
- Skip trying to install libraries which are part of the standard library.
(2636, 2602)
- Support arch specific wheels that are not tied to a specific Python ABI.
(2561)
- Output warnings and errors to stderr instead of stdout. (2543)
- Adjust the cache dir file checks to only check ownership if the effective
user is root. (2396)
- Install headers into a per project name directory instead of all of them into
the root directory when inside of a virtual environment. (2421)

6.0.8

Not secure
==================

- Fix an issue where the ``--download`` flag would cause pip to no longer use
randomized build directories.
- Fix an issue where pip did not properly unquote quoted URLs which contain
characters like PEP 440's epoch separator (``!``).
- Fix an issue where distutils installed projects were not actually uninstalled
and deprecate attempting to uninstall them altogether.
- Retry deleting directories in case a process like an antivirus is holding the
directory open temporarily.
- Fix an issue where pip would hide the cursor on Windows but would not reshow
it.

6.0.7

Not secure
==================

- Fix a regression where Numpy requires a build path without symlinks to
properly build.
- Fix a broken log message when running ``pip wheel`` without a requirement.
- Don't mask network errors while downloading the file as a hash failure.
- Properly create the state file for the pip version check so it only happens
once a week.
- Fix an issue where switching between Python 3 and Python 2 would evict cached
items.
- Fix a regression where pip would be unable to successfully uninstall a
project without a normalized version.

6.0.6

Not secure
==================

- Continue the regression fix from 6.0.5 which was not a complete fix.

6.0.5

Not secure
==================

- Fix a regression with 6.0.4 under Windows where most commands would raise an
exception due to Windows not having the ``os.geteuid()`` function.

6.0.4

Not secure
==================

- Fix an issue where ANSI escape codes would be used on Windows even though the
Windows shell does not support them, causing odd characters to appear with
the progress bar.
- Fix an issue where using -v would cause an exception saying
``TypeError: not all arguments converted during string formatting``.
- Fix an issue where using -v with dependency links would cause an exception
saying ``TypeError: 'InstallationCandidate' object is not iterable``.
- Fix an issue where upgrading distribute would cause an exception saying
``TypeError: expected string or buffer``.
- Show a warning and disable the use of the cache directory when the cache
directory is not owned by the current user, commonly caused by using ``sudo``
without the ``-H`` flag.
- Update PEP 440 support to handle the latest changes to PEP 440, particularly
the changes to ``>V`` and ``<V`` so that they no longer imply ``!=V.*``.
- Document the default cache directories for each operating system.
- Create the cache directory when the pip version check needs to save to it
instead of silently logging an error.
- Fix a regression where the ``-q`` flag would not properly suppress the
display of the progress bars.

Page 17 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.