diff --git a/AUTHORS.txt b/AUTHORS.txt index 8ccefbc6e59..f42daec02e2 100644 --- a/AUTHORS.txt +++ b/AUTHORS.txt @@ -125,6 +125,7 @@ burrows Bussonnier Matthias bwoodsend c22 +Caleb Brown Caleb Martinez Calvin Smith Carl Meyer @@ -134,6 +135,7 @@ Carter Thayer Cass Chandrasekhar Atina Charlie Marsh +charwick Chih-Hsuan Yen Chris Brinker Chris Hunt @@ -403,18 +405,22 @@ Josh Cannon Josh Hansen Josh Schneier Joshua +JoshuaPerdue Juan Luis Cano Rodríguez Juanjo Bazán Judah Rand Julian Berman Julian Gethmann Julien Demoor +July Tikhonov Jussi Kukkonen +Justin van Heek jwg4 Jyrki Pulliainen Kai Chen Kai Mueller Kamal Bin Mustafa +Karolina Surma kasium kaustav haldar keanemind @@ -625,6 +631,7 @@ R. David Murray Rafael Caricio Ralf Schmitt Ran Benita +Randy Döring Razzi Abuissa rdb Reece Dunham diff --git a/NEWS.rst b/NEWS.rst index 2fd470a4065..9b1387666bd 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -9,6 +9,71 @@ .. towncrier release notes start +25.0 (2025-01-26) +================= + +Deprecations and Removals +------------------------- + +- Deprecate the ``no-python-version-warning`` flag as it has long done nothing + since Python 2 support was removed in pip 21.0. (`#13154 `_) + +Features +-------- + +- Prefer to display :pep:`639` ``License-Expression`` in ``pip show`` if metadata version is at least 2.4. (`#13112 `_) +- Support :pep:`639` ``License-Expression`` and ``License-File`` metadata fields in JSON + output. ``pip inspect`` and ``pip install --report`` now emit + ``license_expression`` and ``license_file`` fields in the ``metadata`` object, + if the corresponding fields are present in the installed ``METADATA`` file. (`#13134 `_) +- Files in the network cache will inherit the read/write permissions of pip's cache + directory (in addition to the current user retaining read/write access). This + enables a single cache to be shared among multiple users. (`#11012 `_) +- Return the size, along with the number, of files cleared on ``pip cache purge`` and ``pip cache remove`` (`#12176 `_) +- Cache ``python-requires`` checks while filtering potential installation candidates. (`#13128 `_) +- Optimize package collection by avoiding unnecessary URL parsing and other processing. (`#13132 `_) + +Bug Fixes +--------- + +- Reorder the encoding detection when decoding a requirements file, relying on + UTF-8 over the locale encoding by default, matching the documented behaviour. + (`#12771 `_) +- The pip version self check is disabled on ``EXTERNALLY-MANAGED`` environments. (`#11820 `_) +- Fix a security bug allowing a specially crafted wheel to execute code during + installation. (`#13079 `_) +- The inclusion of ``packaging`` 24.2 changes how pre-release specifiers with ``<`` and ``>`` + behave. Including a pre-release version with these specifiers now implies + accepting pre-releases (e.g., ``<2.0dev`` can include ``1.0rc1``). To avoid + implying pre-releases, avoid specifying them (e.g., use ``<2.0``). + The exception is ``!=``, which never implies pre-releases. (`#13163 `_) +- The ``--cert`` and ``--client-cert`` command-line options are now respected while + installing build dependencies. Consequently, the private ``_PIP_STANDALONE_CERT`` + environment variable is no longer used. (`#5502 `_) +- The ``--proxy`` command-line option is now respected while installing build dependencies. (`#6018 `_) + +Vendored Libraries +------------------ + +- Upgrade CacheControl to 0.14.1 +- Upgrade idna to 3.10 +- Upgrade msgpack to 1.1.0 +- Upgrade packaging to 24.2 +- Upgrade platformdirs to 4.3.6 +- Upgrade pyproject-hooks to 1.2.0 +- Upgrade rich to 13.9.4 +- Upgrade tomli to 2.2.1 + +Improved Documentation +---------------------- + +- Removed section about non-existing ``--force-keyring`` flag. (`#12455 `_) + +Process +------- + +- Started releasing to PyPI from a GitHub Actions CI/CD workflow that implements trusted publishing and bundles :pep:`740` digital attestations. + 24.3.1 (2024-10-27) =================== diff --git a/news/11012.feature.rst b/news/11012.feature.rst deleted file mode 100644 index d913306c176..00000000000 --- a/news/11012.feature.rst +++ /dev/null @@ -1,3 +0,0 @@ -Files in the network cache will inherit the read/write permissions of pip's cache -directory (in addition to the current user retaining read/write access). This -enables a single cache to be shared among multiple users. diff --git a/news/11820.bugfix.rst b/news/11820.bugfix.rst deleted file mode 100644 index 68b23ef11ec..00000000000 --- a/news/11820.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -The pip version self check is disabled on ``EXTERNALLY-MANAGED`` environments. diff --git a/news/12176.feature.rst b/news/12176.feature.rst deleted file mode 100644 index 0e78f737cf8..00000000000 --- a/news/12176.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Return the size, along with the number, of files cleared on ``pip cache purge`` and ``pip cache remove`` diff --git a/news/12455.doc.rst b/news/12455.doc.rst deleted file mode 100644 index 2e0d4c1970c..00000000000 --- a/news/12455.doc.rst +++ /dev/null @@ -1 +0,0 @@ -Removed section about non-existing ``--force-keyring`` flag. diff --git a/news/12551.trivial.rst b/news/12551.trivial.rst deleted file mode 100644 index bfd5e9f1e9e..00000000000 --- a/news/12551.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Integrate ``sphinx-issues`` into the Sphinx config. diff --git a/news/12771.feature.rst b/news/12771.feature.rst deleted file mode 100644 index 68b2f14aade..00000000000 --- a/news/12771.feature.rst +++ /dev/null @@ -1,2 +0,0 @@ -Reorder the encoding detection when decoding a requirements file, relying on -UTF-8 over the locale encoding by default. diff --git a/news/13031.trivial.rst b/news/13031.trivial.rst deleted file mode 100644 index d765e810e40..00000000000 --- a/news/13031.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Correct documentation errors. diff --git a/news/13048.process.rst b/news/13048.process.rst deleted file mode 100644 index 9e19f1f8017..00000000000 --- a/news/13048.process.rst +++ /dev/null @@ -1 +0,0 @@ -Started releasing to PyPI from a GitHub Actions CI/CD workflow that implements trusted publishing and bundles :pep:`740` digital attestations. diff --git a/news/13072.trivial.rst b/news/13072.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/13079.bugfix.rst b/news/13079.bugfix.rst deleted file mode 100644 index 52db10b1781..00000000000 --- a/news/13079.bugfix.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix a security bug allowing a specially crafted wheel to execute code during -installation. diff --git a/news/13112.feature.rst b/news/13112.feature.rst deleted file mode 100644 index 1f9e44a49c6..00000000000 --- a/news/13112.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Prefer to display :pep:`639` ``License-Expression`` in ``pip show`` if metadata version is at least 2.4. diff --git a/news/13128.feature.rst b/news/13128.feature.rst deleted file mode 100644 index 6985d78b87e..00000000000 --- a/news/13128.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Cache ``python-requires`` checks while filtering potential installation candidates. diff --git a/news/13132.feature.rst b/news/13132.feature.rst deleted file mode 100644 index d8cd57e7c56..00000000000 --- a/news/13132.feature.rst +++ /dev/null @@ -1 +0,0 @@ -Optimize package collection by avoiding unnecessary URL parsing and other processing. diff --git a/news/13134.feature.rst b/news/13134.feature.rst deleted file mode 100644 index 6509c158130..00000000000 --- a/news/13134.feature.rst +++ /dev/null @@ -1,4 +0,0 @@ -Support :pep:`639` ``License-Expression`` and ``License-File`` metadata fields in JSON -output. ``pip inspect`` and ``pip install --report`` now emit -``license_expression`` and ``license_file`` fields in the ``metadata`` object, -if the corresponding fields are present in the installed ``METADATA`` file. diff --git a/news/13148.trivial.rst b/news/13148.trivial.rst deleted file mode 100644 index dcdd0bf5e8d..00000000000 --- a/news/13148.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Fix mypy 1.14.1 error diff --git a/news/13152.trivial.rst b/news/13152.trivial.rst deleted file mode 100644 index 1720322f606..00000000000 --- a/news/13152.trivial.rst +++ /dev/null @@ -1 +0,0 @@ -Switch to ubuntu-22.04 for github workflow. diff --git a/news/13154.removal.rst b/news/13154.removal.rst deleted file mode 100644 index c41e92bf1f7..00000000000 --- a/news/13154.removal.rst +++ /dev/null @@ -1,2 +0,0 @@ -Deprecate the ``no-python-version-warning`` flag as it has long done nothing -since Python 2 support was removed in pip 21.0. diff --git a/news/13163.bugfix.rst b/news/13163.bugfix.rst deleted file mode 100644 index 22d80d9a65a..00000000000 --- a/news/13163.bugfix.rst +++ /dev/null @@ -1,5 +0,0 @@ -The inclusion of packaging 24.2 changes how pre-release specifiers with ``<`` and ``>`` -behave. Including a pre-release version with these specifiers now implies -accepting pre-releases (e.g., ``<2.0dev`` can include ``1.0rc1``). To avoid -implying pre-releases, avoid specifying them (e.g., use ``<2.0``). -The exception is ``!=``, which never implies pre-releases. diff --git a/news/36c500b0-9c6e-49ca-bbdb-774ef0adbbfb.trivial.rst b/news/36c500b0-9c6e-49ca-bbdb-774ef0adbbfb.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/5502.bugfix.rst b/news/5502.bugfix.rst deleted file mode 100644 index c8d27d99b9a..00000000000 --- a/news/5502.bugfix.rst +++ /dev/null @@ -1,3 +0,0 @@ -The ``--cert`` and ``--client-cert`` command-line options are now respected while -installing build dependencies. Consequently, the private ``_PIP_STANDALONE_CERT`` -environment variable is no longer used. diff --git a/news/6018.bugfix.rst b/news/6018.bugfix.rst deleted file mode 100644 index 0171b5bbc3b..00000000000 --- a/news/6018.bugfix.rst +++ /dev/null @@ -1 +0,0 @@ -The ``--proxy`` command-line option is now respected while installing build dependencies. diff --git a/news/CacheControl.vendor.rst b/news/CacheControl.vendor.rst deleted file mode 100644 index be97db23956..00000000000 --- a/news/CacheControl.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade CacheControl to 0.14.1 diff --git a/news/a6275be8-84ca-48bf-98dc-1ccb196e7f47.trivial.rst b/news/a6275be8-84ca-48bf-98dc-1ccb196e7f47.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/ba0bd1bb-2dcc-43d0-83ff-c762e7e55bf9.trivial.rst b/news/ba0bd1bb-2dcc-43d0-83ff-c762e7e55bf9.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/c33bb4df-d6ab-4d9b-8113-55c27a237dfd.trivial.rst b/news/c33bb4df-d6ab-4d9b-8113-55c27a237dfd.trivial.rst deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/news/idna.vendor.rst b/news/idna.vendor.rst deleted file mode 100644 index ef21715c5a4..00000000000 --- a/news/idna.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade idna to 3.10 diff --git a/news/msgpack.vendor.rst b/news/msgpack.vendor.rst deleted file mode 100644 index d9efb5bc3f5..00000000000 --- a/news/msgpack.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade msgpack to 1.1.0 diff --git a/news/packaging.vendor.rst b/news/packaging.vendor.rst deleted file mode 100644 index d03b06e2c6f..00000000000 --- a/news/packaging.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade packaging to 24.2 diff --git a/news/platformdirs.vendor.rst b/news/platformdirs.vendor.rst deleted file mode 100644 index 360a631e567..00000000000 --- a/news/platformdirs.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade platformdirs to 4.3.6 diff --git a/news/pyproject-hooks.vendor.rst b/news/pyproject-hooks.vendor.rst deleted file mode 100644 index 44af87f5e58..00000000000 --- a/news/pyproject-hooks.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade pyproject-hooks to 1.2.0 diff --git a/news/rich.vendor.rst b/news/rich.vendor.rst deleted file mode 100644 index 046c0d8b43c..00000000000 --- a/news/rich.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade rich to 13.9.4 diff --git a/news/tomli.vendor.rst b/news/tomli.vendor.rst deleted file mode 100644 index 53b3bd07be4..00000000000 --- a/news/tomli.vendor.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade tomli to 2.2.1 diff --git a/src/pip/__init__.py b/src/pip/__init__.py index 4eff4299c01..72909e402d3 100644 --- a/src/pip/__init__.py +++ b/src/pip/__init__.py @@ -1,6 +1,6 @@ from typing import List, Optional -__version__ = "25.0.dev0" +__version__ = "25.1.dev0" def main(args: Optional[List[str]] = None) -> int: