Skip to content

--no-index not respected when --requirement file contains --index-url #11276

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
1 task done
vanschelven opened this issue Jul 20, 2022 · 4 comments
Closed
1 task done

--no-index not respected when --requirement file contains --index-url #11276

vanschelven opened this issue Jul 20, 2022 · 4 comments
Labels
type: bug A confirmed bug or unintended behavior

Comments

@vanschelven
Copy link
Contributor

vanschelven commented Jul 20, 2022
edited
Loading

Description

The behavior of index-url, when used in combination with --no-index, is inconsistent between specifiying it on the command line and in a requirements.txt-like file. Proof:

$ pip install --index-url https://pypi.org/simple --no-index boto3
ERROR: Could not find a version that satisfies the requirement boto3 (from versions: none)
ERROR: No matching distribution found for boto3

$ cat requirements.txt 
--index-url https://pypi.org/simple

$ pip install -i https://pypi.org/simple --no-index -r requirements.txt boto3
Collecting boto3
  Downloading boto3-1.24.33-py3-none-any.whl (132 kB)
     ━━━━━━━━━━━
ERROR: Operation cancelled by user

The same is true for --extra-index-url

Expected behavior

No response

pip version

22.1.2

Python version

3.9

OS

Ubuntu

How to Reproduce

.

Output

No response

Code of Conduct
@vanschelven vanschelven added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jul 20, 2022
@vanschelven
Copy link
Contributor Author

The explanation seems to be that there's some code to deal with the command-line as a special-case, but this code is not replicated for the handling of options when part of requirements.txt.

@vanschelven
Copy link
Contributor Author

The code to deal with the command-line as a special case mentioned above is specific to --index-url (not present for extra-index-url) but yet another special case is present that makes it so that extra-index-url has similar inconsistent behavior between command-line and --requirements usage: https://github.com/pypa/pip/blob/main/src/pip/_internal/index/collector.py#L553

vanschelven added a commit to vanschelven/pip that referenced this issue Jul 20, 2022
@vanschelven
Respect --no-index from the requirements file
5d7a1a6 
See pypa#11276

SearchScope was extended with an extra parameter to be able to pass-on the
value of no_index as we do with the other parameters. This allows us to respect
its value regardless of the order in which options are evaluated.
@vanschelven vanschelven mentioned this issue Jul 20, 2022
Merged
vanschelven added a commit to vanschelven/python-buildpack that referenced this issue Jul 20, 2022
@vanschelven
Scrub multiple ways of describing index-url from requiremnts.txt when…
5a045e2 
… using vendored installs

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
vanschelven added a commit to vanschelven/python-buildpack that referenced this issue Jul 20, 2022
@vanschelven
Scrub multiple ways of describing index-url from requiremnts.txt when…
d8a8a56 
… using vendored installs

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
@vanschelven vanschelven mentioned this issue Jul 20, 2022
Merged
3 tasks
vanschelven added a commit to vanschelven/pip that referenced this issue Jul 27, 2022
@vanschelven
Add a test for 'respect --no-index'
2ec5097 
See pypa#11276
brayanhenao pushed a commit to cloudfoundry/python-buildpack that referenced this issue Jul 27, 2022
@vanschelven
Scrub multiple ways of describing index-url from requiremnts.txt when…
8734956 
… using vendored installs (#544)

See pypa/pip#11276 for the upstream problem.
A fix was already in-place in the python buildback, but it was limited
to a single notation of `index-url=...`
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 17, 2022
@dependabot @inmantaci
Bump pip from 22.2.2 to 22.3 (PR #5000)
d126590 
Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2.2...22.3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2.2&new-version=22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 17, 2022
@dependabot @inmantaci
Bump pip from 22.2.2 to 22.3 (PR #4998)
8843685 
Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2.2...22.3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2.2&new-version=22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Oct 20, 2022
@dependabot
chore(deps): Update pip requirement from ~=22.2 to ~=22.3 in /package…
a9c375b 
…s/@jsii/python-runtime (#3803)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](pypa/pip#11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](pypa/pip#11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](pypa/pip#11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](pypa/pip#9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](pypa/pip#10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](pypa/pip#11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](pypa/pip#11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](pypa/pip#11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](pypa/pip#11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](pypa/pip#5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](pypa/pip#11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](pypa/pip#11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](pypa/pip#11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](pypa/pip#11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](pypa/pip#6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2...22.3">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
@pmeier pmeier mentioned this issue Oct 23, 2022
Merged
@jeffwidman
Copy link
Contributor

I noticed the release notes for 22.3 mentioned including a fix for this issue: https://github.com/pypa/pip/blame/ff207cff2aeea05f13a246a99f24e6944492b18e/NEWS.rst#L42-L43

But this issue isn't marked as closed... is there more work that needs to be done to close this out?

@uranusjr
Copy link
Member

This was fixed in #11277 but the PR did not contain the correct keyword to automatically close the issue. Thanks for catching this!

This was referenced Nov 9, 2022
Closed
Merged
clementprevot added a commit to clementprevot/aduro that referenced this issue Nov 16, 2022
@clementprevot
Bump pip from 21.0 to 22.3.1 in /.github/workflows (#4)
22fa681 
Bumps [pip](https://github.com/pypa/pip) from 21.0 to 22.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>22.3.1 (2022-11-05)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix entry point generation of <code>pip.X</code>,
<code>pipX.Y</code>, and <code>easy_install-X.Y</code>
to correctly account for multi-digit Python version segments (e.g. the
&quot;11&quot;
part of 3.11). (<code>[#11547](pypa/pip#11547)
&lt;https://github.com/pypa/pip/issues/11547&gt;</code>_)</li>
</ul>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the
deprecated <code>install</code>
command of <code>setuptools</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is
enabled for
source distributions without 'pyproject.toml'.
(<code>[#11452](pypa/pip#11452)
&lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache.
(<code>[#11454](pypa/pip#11454)
&lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This
was supposed to be removed in 21.0, but missed during that release
cycle. (<code>[#11493](pypa/pip#11493)
&lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel'
package is absent for
source distributions without 'pyproject.toml'.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in
combination with <code>--format=freeze</code>.
(<code>[#9789](pypa/pip#9789)
&lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip
config edit</code>.
(<code>[#10716](pypa/pip#10716)
&lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from
:pep:<code>658</code> to resolve distribution metadata without
downloading the dist yet.
(<code>[#11111](pypa/pip#11111)
&lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp.
(<code>[#11250](pypa/pip#11250)
&lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python
environments other
than the one pip is installed in.
(<code>[#11320](pypa/pip#11320)
&lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip.
(<code>[#11459](pypa/pip#11459)
&lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a
Bazaar tree. (<code>[#5444](pypa/pip#5444)
&lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or
<code>--extra-index-url</code> is specified
inside a requirements file.
(<code>[#11276](pypa/pip#11276)
&lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when
checking for a new version of pip.
(<code>[#11309](pypa/pip#11309)
&lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata
instead of crashing, when
using the <code>importlib.metadata</code> backend.
(<code>[#11352](pypa/pip#11352)
&lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements
options that can't be sucessfully parsed by shlex.
(<code>[#11491](pypa/pip#11491)
&lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons.
(<code>[#6264](pypa/pip#6264)
&lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<p>Vendored Libraries</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/1463081f10de6bfad81afe0d68272e7c3bedbadf"><code>1463081</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/22fd64ac0b68782acb308e2484b553a2ecadff78"><code>22fd64a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11547">#11547</a>
from uranusjr/entry-point-python-version-replacemen...</li>
<li><a
href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a>
from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a
href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a>
from pradyunsg/certifi-update</li>
<li><a
href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a>
Unnormalise the certifi version</li>
<li><a
href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a>
from pradyunsg/check-manifest</li>
<li><a
href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a>
Move check-manifest to a CI check</li>
<li><a
href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a>
Upgrade certifi to 2022.9.24</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...22.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.0&new-version=22.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
type: bug A confirmed bug or unintended behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vanschelven @jeffwidman @uranusjr @pradyunsg