Pip

Latest version: v24.0

Safety actively analyzes 638430 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 25

22.1.2

Not secure
===================

Bug Fixes
---------

- Revert `10979 <https://github.com/pypa/pip/issues/10979>`_ since it introduced a regression in certain edge cases. (`#10979 <https://github.com/pypa/pip/issues/10979>`_)
- Fix an incorrect assertion in the logging logic, that prevented the upgrade prompt from being presented. (`11136 <https://github.com/pypa/pip/issues/11136>`_)

22.1.1

Not secure
===================

Bug Fixes
---------

- Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (`11112 <https://github.com/pypa/pip/issues/11112>`_)
- Change the build environment dependency checking to be opt-in. (`11116 <https://github.com/pypa/pip/issues/11116>`_)
- Allow using a pre-release version to satisfy a build requirement. This helps
manually populated build environments to more accurately detect build-time
requirement conflicts. (`11123 <https://github.com/pypa/pip/issues/11123>`_)

22.1

Not secure
=================

Process
-------

- Enable the ``importlib.metadata`` metadata implementation by default on
Python 3.11 (or later). The environment variable ``_PIP_USE_IMPORTLIB_METADATA``
can still be used to enable the implementation on 3.10 and earlier, or disable
it on 3.11 (by setting it to ``0`` or ``false``).

Bug Fixes
---------

- Revert `9243 <https://github.com/pypa/pip/issues/9243>`_ since it introduced a regression in certain edge cases. (`#10962 <https://github.com/pypa/pip/issues/10962>`_)
- Fix missing ``REQUESTED`` metadata when using URL constraints. (`11079 <https://github.com/pypa/pip/issues/11079>`_)
- ``pip config`` now normalizes names by converting underscores into dashes. (`9330 <https://github.com/pypa/pip/issues/9330>`_)

22.1b1

Not secure
===================

Process
-------

- Start migration of distribution metadata implementation from ``pkg_resources``
to ``importlib.metadata``. The new implementation is currently not exposed in
any user-facing way, but included in the code base for easier development.

Deprecations and Removals
-------------------------

- Drop ``--use-deprecated=out-of-tree-build``, according to deprecation message. (`11001 <https://github.com/pypa/pip/issues/11001>`_)

Features
--------

- Add option to install and uninstall commands to opt-out from running-as-root warning. (`10556 <https://github.com/pypa/pip/issues/10556>`_)
- Include Project-URLs in ``pip show`` output. (`10799 <https://github.com/pypa/pip/issues/10799>`_)
- Improve error message when ``pip config edit`` is provided an editor that
doesn't exist. (`10812 <https://github.com/pypa/pip/issues/10812>`_)
- Add a user interface for supplying config settings to build backends. (`11059 <https://github.com/pypa/pip/issues/11059>`_)
- Add support for Powershell autocompletion. (`9024 <https://github.com/pypa/pip/issues/9024>`_)
- Explains why specified version cannot be retrieved when *Requires-Python* is not satisfied. (`9615 <https://github.com/pypa/pip/issues/9615>`_)
- Validate build dependencies when using ``--no-build-isolation``. (`9794 <https://github.com/pypa/pip/issues/9794>`_)

Bug Fixes
---------

- Fix conditional checks to prevent ``pip.exe`` from trying to modify itself, on Windows. (`10560 <https://github.com/pypa/pip/issues/10560>`_)
- Fix uninstall editable from Windows junction link. (`10696 <https://github.com/pypa/pip/issues/10696>`_)
- Fallback to pyproject.toml-based builds if ``setup.py`` is present in a project, but ``setuptools`` cannot be imported. (`10717 <https://github.com/pypa/pip/issues/10717>`_)
- When checking for conflicts in the build environment, correctly skip requirements
containing markers that do not match the current environment. (`10883 <https://github.com/pypa/pip/issues/10883>`_)
- Disable brotli import in vendored urllib3 so brotli could be uninstalled/upgraded by pip. (`10950 <https://github.com/pypa/pip/issues/10950>`_)
- Prioritize URL credentials over netrc. (`10979 <https://github.com/pypa/pip/issues/10979>`_)
- Filter available distributions using hash declarations from constraints files. (`9243 <https://github.com/pypa/pip/issues/9243>`_)
- Fix an error when trying to uninstall packages installed as editable from a network drive. (`9452 <https://github.com/pypa/pip/issues/9452>`_)
- Fix pip install issues using a proxy due to an inconsistency in how Requests is currently handling variable precedence in session. (`9691 <https://github.com/pypa/pip/issues/9691>`_)

Vendored Libraries
------------------

- Upgrade CacheControl to 0.12.11
- Upgrade distro to 1.7.0
- Upgrade platformdirs to 2.5.2
- Remove ``progress`` from vendored dependencies.
- Upgrade ``pyparsing`` to 3.0.8 for startup performance improvements.
- Upgrade rich to 12.2.0
- Upgrade tomli to 2.0.1
- Upgrade typing_extensions to 4.2.0

Improved Documentation
----------------------

- Add more dedicated topic and reference pages to the documentation. (`10899 <https://github.com/pypa/pip/issues/10899>`_)
- Capitalise Y as the default for "Proceed (y/n)?" when uninstalling. (`10936 <https://github.com/pypa/pip/issues/10936>`_)
- Add ``scheme://`` requirement to ``--proxy`` option's description (`10951 <https://github.com/pypa/pip/issues/10951>`_)
- The wheel command now references the build interface section instead of stating the legacy
setuptools behavior as the default. (`10972 <https://github.com/pypa/pip/issues/10972>`_)
- Improved usefulness of ``pip config --help`` output. (`11074 <https://github.com/pypa/pip/issues/11074>`_)

22.0.4

Not secure
===================

Deprecations and Removals
-------------------------

- Drop the doctype check, that presented a warning for index pages that use non-compliant HTML 5. (`10903 <https://github.com/pypa/pip/issues/10903>`_)

Vendored Libraries
------------------

- Downgrade distlib to 0.3.3.

22.0.3

Not secure
===================

Features
--------

- Print the exception via ``rich.traceback``, when running with ``--debug``. (`10791 <https://github.com/pypa/pip/issues/10791>`_)

Bug Fixes
---------

- Only calculate topological installation order, for packages that are going to be installed/upgraded.

This fixes an `AssertionError` that occurred when determining installation order, for a very specific combination of upgrading-already-installed-package + change of dependencies + fetching some packages from a package index. This combination was especially common in Read the Docs' builds. (`10851 <https://github.com/pypa/pip/issues/10851>`_)
- Use ``html.parser`` by default, instead of falling back to ``html5lib`` when ``--use-deprecated=html5lib`` is not passed. (`10869 <https://github.com/pypa/pip/issues/10869>`_)

Improved Documentation
----------------------

- Clarify that using per-requirement overrides disables the usage of wheels. (`9674 <https://github.com/pypa/pip/issues/9674>`_)

Page 4 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.