Pip

Latest version: v24.0

Safety actively analyzes 638437 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 20 of 25

1.3.1

Not secure
==================

- Fixed a major backward incompatible change of parsing URLs to externally
hosted packages that got accidentally included in 1.3.

1.3

Not secure
================

- SSL Cert Verification; Make https the default for PyPI access. Thanks
James Cleveland, Giovanni Bajo, Marcus Smith and many others.
(791, CVE-2013-1629)
- Added "pip list" for listing installed packages and the latest version
available. Thanks Rafael Caricio, Miguel Araujo, Dmitry Gladkov. (752)
- Fixed security issues with pip's use of temp build directories.
Thanks David (d1b) and Thomas Guttler. (780, CVE-2013-1888)
- Improvements to sphinx docs and cli help. (773)
- Fixed an issue dealing with macOS temp dir handling, which was causing global
NumPy installs to fail. (707, 768)
- Split help output into general vs command-specific option groups.
Thanks Georgi Valkov. (744, 721)
- Fixed dependency resolution when installing from archives with uppercase
project names. (724)
- Fixed problem where re-installs always occurred when using file:// find-links.
(683, 702)
- "pip install -v" now shows the full download url, not just the archive name.
Thanks Marc Abramowitz (687)
- Fix to prevent unnecessary PyPI redirects. Thanks Alex Gronholm (695)
- Fixed an install failure under Python 3 when the same version of a package is
found under 2 different URLs. Thanks Paul Moore (670, 671)
- Fix git submodule recursive updates. Thanks Roey Berman. (674)
- Explicitly ignore rel='download' links while looking for html pages. Thanks
Maxime R. (677)
- --user/--upgrade install options now work together. Thanks 'eevee' for
discovering the problem. (705)
- Added check in ``install --download`` to prevent re-downloading if the target
file already exists. Thanks Andrey Bulgakov. (669)
- Added support for bare paths (including relative paths) as argument to
`--find-links`. Thanks Paul Moore for draft patch.
- Added support for --no-index in requirements files.
- Added "pip show" command to get information about an installed package.
Thanks Kelsey Hightower and Rafael Caricio. (131)
- Added `--root` option for "pip install" to specify root directory. Behaves
like the same option in distutils but also plays nice with pip's egg-info.
Thanks Przemek Wrzos. (253, 693)

1.2.1

Not secure
==================

- Fixed a regression introduced in 1.2 about raising an exception when
not finding any files to uninstall in the current environment. Thanks for
the fix, Marcus Smith.

1.2

Not secure
================

- **Dropped support for Python 2.4** The minimum supported Python version is
now Python 2.5.
- Fixed PyPI mirror support being broken on some DNS responses. Thanks
philwhin. (605)
- Fixed pip uninstall removing files it didn't install. Thanks pjdelport.
(355)
- Fixed a number of issues related to improving support for the user
installation scheme. Thanks Marcus Smith. (493, 494, 440, 573)
- Write failure log to temp file if default location is not writable. Thanks
andreigc.
- Pull in submodules for git editable checkouts. Thanks Hsiaoming Yang and
Markus Hametner. (289, 421)
- Use a temporary directory as the default build location outside of a
virtualenv. Thanks Ben Rosser. (339, 381)
- Added support for specifying extras with local editables. Thanks Nick
Stenning.
- Added ``--egg`` flag to request egg-style rather than flat installation.
Thanks Kamal Bin Mustafa. (3)
- Prevent e.g. ``gmpy2-2.0.tar.gz`` from matching a request to
``pip install gmpy``; sdist filename must begin with full project name
followed by a dash. Thanks casevh for the report. (510)
- Allow package URLS to have querystrings. Thanks W. Trevor King. (504)
- pip freeze now falls back to non-editable format rather than blowing up if it
can't determine the origin repository of an editable. Thanks Rory McCann.
(58)
- Added a `__main__.py` file to enable `python -m pip` on Python versions
that support it. Thanks Alexey Luchko.
- Fixed upgrading from VCS url of project that does exist on index. Thanks
Andrew Knapp for the report. (487)
- Fix upgrade from VCS url of project with no distribution on index.
Thanks Andrew Knapp for the report. (486)
- Add a clearer error message on a malformed VCS url. Thanks Thomas Fenzl.
(427)
- Added support for using any of the built in guaranteed algorithms in
``hashlib`` as a checksum hash.
- Raise an exception if current working directory can't be found or accessed.
(321)
- Removed special casing of the user directory and use the Python default
instead. (82)
- Only warn about version conflicts if there is actually one. This re-enables
using ``==dev`` in requirements files. (436)
- Moved tests to be run on Travis CI: https://travis-ci.org/pypa/pip
- Added a better help formatter.

1.1

Not secure
================

- Don't crash when a package's setup.py emits UTF-8 and then fails. Thanks
Marc Abramowitz. (326)
- Added ``--target`` option for installing directly to arbitrary directory.
Thanks Stavros Korokithakis.
- Added support for authentication with Subversion repositories. Thanks
Qiangning Hong.
- ``--download`` now downloads dependencies as well. Thanks Qiangning Hong.
(315)
- Errors from subprocesses will display the current working directory.
Thanks Antti Kaihola.
- Fixed compatibility with Subversion 1.7. Thanks Qiangning Hong. Note that
setuptools remains incompatible with Subversion 1.7; to get the benefits of
pip's support you must use Distribute rather than setuptools. (369)
- Ignore py2app-generated macOS mpkg zip files in finder. Thanks Rene Dudfield.
(57)
- Log to ~/Library/Logs/ by default on macOS framework installs. Thanks
Dan Callahan for report and patch. (182)
- Understand version tags without minor version ("py3") in sdist filenames.
Thanks Stuart Andrews for report and Olivier Girardot for patch. (310)
- pip now supports optionally installing setuptools "extras" dependencies; e.g.
"pip install Paste[openid]". Thanks Matt Maker and Olivier Girardot. (7)
- freeze no longer borks on requirements files with --index-url or --find-links.
Thanks Herbert Pfennig. (391)
- Handle symlinks properly. Thanks lebedov for the patch. (288)
- pip install -U no longer reinstalls the same versions of packages. Thanks
iguananaut for the pull request. (49)
- Removed ``-E``/``--environment`` option and ``PIP_RESPECT_VIRTUALENV``;
both use a restart-in-venv mechanism that's broken, and neither one is
useful since every virtualenv now has pip inside it. Replace ``pip -E
path/to/venv install Foo`` with ``virtualenv path/to/venv &&
path/to/venv/pip install Foo``.
- Fixed pip throwing an IndexError when it calls `scraped_rel_links`. (366)
- pip search should set and return a useful shell status code. (22)
- Added global ``--exists-action`` command line option to easier script file
exists conflicts, e.g. from editable requirements from VCS that have a
changed repo URL. (351, 365)

1.0.2

Not secure
==================

- Fixed docs issues.
- Reinstall a package when using the ``install -I`` option. (295)
- Finds a Git tag pointing to same commit as origin/master. (283)
- Use absolute path for path to docs in setup.py. (279)
- Correctly handle exceptions on Python3. (314)
- Correctly parse ``--editable`` lines in requirements files. (320)

Page 20 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.