Pip

Latest version: v24.0

Safety actively analyzes 638452 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 9 of 25

20.2.2

Not secure
===================

Bug Fixes
---------

- Only attempt to use the keyring once and if it fails, don't try again.
This prevents spamming users with several keyring unlock prompts when they
cannot unlock or don't want to do so. (`8090 <https://github.com/pypa/pip/issues/8090>`_)
- Fix regression that distributions in system site-packages are not correctly
found when a virtual environment is configured with ``system-site-packages``
on. (`8695 <https://github.com/pypa/pip/issues/8695>`_)
- Disable caching for range requests, which causes corrupted wheels
when pip tries to obtain metadata using the feature ``fast-deps``. (`8701 <https://github.com/pypa/pip/issues/8701>`_, `#8716 <https://github.com/pypa/pip/issues/8716>`_)
- Always use UTF-8 to read ``pyvenv.cfg`` to match the built-in ``venv``. (`8717 <https://github.com/pypa/pip/issues/8717>`_)
- 2020 Resolver: Correctly handle marker evaluation in constraints and exclude
them if their markers do not match the current environment. (`8724 <https://github.com/pypa/pip/issues/8724>`_)

20.2.1

Not secure
===================

Features
--------

- Ignore require-virtualenv in ``pip list`` (`8603 <https://github.com/pypa/pip/issues/8603>`_)

Bug Fixes
---------

- Correctly find already-installed distributions with dot (``.``) in the name
and uninstall them when needed. (`8645 <https://github.com/pypa/pip/issues/8645>`_)
- Trace a better error message on installation failure due to invalid ``.data``
files in wheels. (`8654 <https://github.com/pypa/pip/issues/8654>`_)
- Fix SVN version detection for alternative SVN distributions. (`8665 <https://github.com/pypa/pip/issues/8665>`_)
- New resolver: Correctly include the base package when specified with extras
in ``--no-deps`` mode. (`8677 <https://github.com/pypa/pip/issues/8677>`_)
- Use UTF-8 to handle ZIP archive entries on Python 2 according to PEP 427, so
non-ASCII paths can be resolved as expected. (`8684 <https://github.com/pypa/pip/issues/8684>`_)

Improved Documentation
----------------------

- Add details on old resolver deprecation and removal to migration documentation. (`8371 <https://github.com/pypa/pip/issues/8371>`_)
- Fix feature flag name in docs. (`8660 <https://github.com/pypa/pip/issues/8660>`_)

20.2

Not secure
=================

Deprecations and Removals
-------------------------

- Deprecate setup.py-based builds that do not generate an ``.egg-info`` directory. (`6998 <https://github.com/pypa/pip/issues/6998>`_, `#8617 <https://github.com/pypa/pip/issues/8617>`_)
- Disallow passing install-location-related arguments in ``--install-options``. (`7309 <https://github.com/pypa/pip/issues/7309>`_)
- Add deprecation warning for invalid requirements format "base>=1.0[extra]" (`8288 <https://github.com/pypa/pip/issues/8288>`_)
- Deprecate legacy setup.py install when building a wheel failed for source
distributions without pyproject.toml (`8368 <https://github.com/pypa/pip/issues/8368>`_)
- Deprecate -b/--build/--build-dir/--build-directory. Its current behaviour is confusing
and breaks in case different versions of the same distribution need to be built during
the resolution process. Using the TMPDIR/TEMP/TMP environment variable, possibly
combined with --no-clean covers known use cases. (`8372 <https://github.com/pypa/pip/issues/8372>`_)
- Remove undocumented and deprecated option ``--always-unzip`` (`8408 <https://github.com/pypa/pip/issues/8408>`_)

Features
--------

- Log debugging information about pip, in ``pip install --verbose``. (`3166 <https://github.com/pypa/pip/issues/3166>`_)
- Refine error messages to avoid showing Python tracebacks when an HTTP error occurs. (`5380 <https://github.com/pypa/pip/issues/5380>`_)
- Install wheel files directly instead of extracting them to a temp directory. (`6030 <https://github.com/pypa/pip/issues/6030>`_)
- Add a beta version of pip's next-generation dependency resolver.

Move pip's new resolver into beta, remove the
``--unstable-feature=resolver`` flag, and enable the
``--use-feature=2020-resolver`` flag. The new resolver is
significantly stricter and more consistent when it receives
incompatible instructions, and reduces support for certain kinds of
:ref:`Constraints Files`, so some workarounds and workflows may
break. More details about how to test and migrate, and how to report
issues, at :ref:`Resolver changes 2020` . Maintainers are preparing to

20.2b1

Not secure
===================

Bug Fixes
---------

- Correctly treat wheels containing non-ASCII file contents so they can be
installed on Windows. (`5712 <https://github.com/pypa/pip/issues/5712>`_)
- Prompt the user for password if the keyring backend doesn't return one (`7998 <https://github.com/pypa/pip/issues/7998>`_)

Improved Documentation
----------------------

- Add GitHub issue template for reporting when the dependency resolver fails (`8207 <https://github.com/pypa/pip/issues/8207>`_)

20.1.1

Not secure
===================

Deprecations and Removals
-------------------------

- Revert building of local directories in place, restoring the pre-20.1
behaviour of copying to a temporary directory. (`7555 <https://github.com/pypa/pip/issues/7555>`_)
- Drop parallelization from ``pip list --outdated``. (`8167 <https://github.com/pypa/pip/issues/8167>`_)

Bug Fixes
---------

- Fix metadata permission issues when umask has the executable bit set. (`8164 <https://github.com/pypa/pip/issues/8164>`_)
- Avoid unnecessary message about the wheel package not being installed
when a wheel would not have been built. Additionally, clarify the message. (`8178 <https://github.com/pypa/pip/issues/8178>`_)

20.1

Not secure
=================

Process
-------

- Document that pip 21.0 will drop support for Python 2.7.

Features
--------

- Add ``pip cache dir`` to show the cache directory. (`7350 <https://github.com/pypa/pip/issues/7350>`_)

Bug Fixes
---------

- Abort pip cache commands early when cache is disabled. (`8124 <https://github.com/pypa/pip/issues/8124>`_)
- Correctly set permissions on metadata files during wheel installation,
to permit non-privileged users to read from system site-packages. (`8139 <https://github.com/pypa/pip/issues/8139>`_)

Page 9 of 25

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.