Deprecate the setup.py bdist_wheel code path
#13319
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sbidoul
force-pushed
the
deprecate-bdist_wheel-sbi
branch
from
a7a3ff5 to
5fcc5d2
Compare
1 task
|
About the timeline, would it make sense to remove support for |
sbidoul
force-pushed
the
deprecate-bdist_wheel-sbi
branch
from
5fcc5d2 to
799716c
Compare
|
I am strongly -1 on an accelerated deprecation period (normal period is two releases, e.g. 25.1 -> 25.3), uv is keeping track of projects they have encountered that don't work with PEP 517: astral-sh/uv#2252, there are likely many more that don't use uv or aren't public, what is special about this that we are not giving them a normal notice period to fix their projects? Here are some more details about why thee setuptools/wheel issue still occurs under PEP 517: #13314 (comment) |
sbidoul
force-pushed
the
deprecate-bdist_wheel-sbi
branch
2 times, most recently
from
11cbf9b to
66b9924
Compare
notatallshaw
reviewed
Apr 5, 2025
|
It is important to note that The main source of breakage will be build isolation by default. At some point, I was considering to use PEP 517 without build isolation by default for projects without pyproject.toml, but in the end I think it would introduce an additional variation and source of confusion. |
|
Should we consider the release planning of Python 3.14 to decide on the timeline for this deprecation? |
|
Why will that make a difference? Are you thinking about whether Python 3.14 ships with a version of pip that drops the legacy code path? I'd hope that most people would upgrade their existing pip much more quickly than they'd upgrade their Python version - especially people who are still using the legacy code path (and I therefore assume to be relatively cautious in their upgrade policy). IMO, we either follow our normal process (25.3, in October), or accelerate (25.2, in July). Python 3.14 is scheduled for release on 7th October, so 25.2 would be well in advance of 3.14, whereas 25.3 would be fairly shortly after. I would expect 3.14 to ship with 25.2, on that basis. |
|
FWIW, the spec says there should be some user options to workaround package backend issues, but not something that package authors can rely on:
Pip provides |
sbidoul
force-pushed
the
deprecate-bdist_wheel-sbi
branch
from
66b9924 to
04a8116
Compare
|
Alright, I have updated to 25.3, and aligned the removal of |
sbidoul
force-pushed
the
deprecate-bdist_wheel-sbi
branch
from
04a8116 to
d6cb790
Compare
notatallshaw
approved these changes
Apr 6, 2025
ichard26
reviewed
Apr 13, 2025
There was a problem hiding this comment.
I'm not convinced that six months will be enough, but I'm fine with getting the ball rolling.
The linked deprecation issue is going to need a good write-up since I suspect this will be one of our frequently-hit deprecations. I'm happy to write one, but I won't have time until at the bare minimum Wednesday.
Agreed. Currently it's @pfmoore 's original #6334 from 6 years ago. We can either update it, or create another one. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
|
@pradyunsg I see you self assigned this for review. So... last call before departure to 25.1 :) |
pradyunsg
approved these changes
Apr 22, 2025
|
I drafted a first set of recommendations in #6334. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
github-merge-queue bot
pushed a commit
to MeltanoLabs/target-csv
that referenced
this pull request
Apr 28, 2025
#193) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to MeltanoLabs/tap-pulumi-cloud
that referenced
this pull request
Apr 28, 2025
#248) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to google/scaaml
that referenced
this pull request
Apr 28, 2025
Bumps the dependabot group with 4 updates: [setuptools](https://github.com/pypa/setuptools), [certifi](https://github.com/certifi/python-certifi), [pip](https://github.com/pypa/pip) and [importlib-metadata](https://github.com/python/importlib_metadata). Updates `setuptools` from 79.0.0 to 80.0.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v80.0.0</h1> <h2>Bugfixes</h2> <ul> <li>Update test to honor new behavior in importlib_metadata 8.7. (<a href="https://github.com/pypa/setuptools/issues/4961">#4961</a>)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Removed support for the easy_install command including the sandbox module. (<a href="https://github.com/pypa/setuptools/issues/2908">#2908</a>)</li> <li>Develop command no longer uses easy_install, but instead defers execution to pip (which then will re-invoke Setuptools via PEP 517 to build the editable wheel). Most of the options to develop are dropped. This is the final warning before the command is dropped completely in a few months. Use-cases relying on 'setup.py develop' should pin to older Setuptools version or migrate to modern build tooling. (<a href="https://github.com/pypa/setuptools/issues/4955">#4955</a>)</li> </ul> <h1>v79.0.1</h1> <h2>Bugfixes</h2> <ul> <li>Merge with pypa/distutils@24bd3179b including fix for <a href="https://github.com/pypa/distutils/issues/355">pypa/distutils#355</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/aeea79266d82f99dbe556126b90b64215a663a2c"><code>aeea792</code></a> Bump version: 79.0.1 → 80.0.0</li> <li><a href="https://github.com/pypa/setuptools/commit/2c874e78f4240963f74debcaadcccb97cb302ded"><code>2c874e7</code></a> Merge pull request <a href="https://github.com/pypa/setuptools/issues/4962">#4962</a> from pypa/bugfix/4961-validated-eps</li> <li><a href="https://github.com/pypa/setuptools/commit/82c588aedd8142e7615031358e2d2640213a351d"><code>82c588a</code></a> Update test to honor new behavior in importlib_metadata 8.7</li> <li><a href="https://github.com/pypa/setuptools/commit/ef4cd2960d75f2d49f40f5495347523be62d20e5"><code>ef4cd29</code></a> Merge pull request <a href="https://github.com/pypa/setuptools/issues/2908">#2908</a> from pypa/debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/85bbad4945d874a2444e4531c74c5074cdeca010"><code>85bbad4</code></a> Merge branch 'main' into debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/9653305c35a143b8d1bad2c190f918887dd1e6d5"><code>9653305</code></a> Merge pull request <a href="https://github.com/pypa/setuptools/issues/4955">#4955</a> from pypa/debt/develop-uses-pip</li> <li><a href="https://github.com/pypa/setuptools/commit/da119e7e996b00b6e26f79995bec55684a3fabbe"><code>da119e7</code></a> Set a due date 6 months in advance.</li> <li><a href="https://github.com/pypa/setuptools/commit/a7603da5d3c709f6f01c8df8031ba7a7ae7959a0"><code>a7603da</code></a> Rename news fragment to reference the pull request for better precise locality.</li> <li><a href="https://github.com/pypa/setuptools/commit/018a20cb130e9357f39c176b59c83738a09d7daa"><code>018a20c</code></a> Restore a few of the options to develop.</li> <li><a href="https://github.com/pypa/setuptools/commit/a5f02fe88d46e963bc470a60a9f8613d7f889d49"><code>a5f02fe</code></a> Remove another test relying on setup.py develop.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v79.0.0...v80.0.0">compare view</a></li> </ul> </details> <br /> Updates `certifi` from 2025.1.31 to 2025.4.26 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/275c9eb55733a464589c15fb4566fddd4598e5b2"><code>275c9eb</code></a> 2025.04.26 (<a href="https://github.com/certifi/python-certifi/issues/347">#347</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/37883310b51e56570919cdc2d44becc1c6940559"><code>3788331</code></a> Bump actions/setup-python from 5.4.0 to 5.5.0 (<a href="https://github.com/certifi/python-certifi/issues/346">#346</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/9d1f1b782000baedf57026de5b79e193bcb7ef7b"><code>9d1f1b7</code></a> Bump actions/download-artifact from 4.1.9 to 4.2.1 (<a href="https://github.com/certifi/python-certifi/issues/344">#344</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/96b97a5afe26bc1adef98cb0bfe68e34948a73b6"><code>96b97a5</code></a> Bump actions/upload-artifact from 4.6.1 to 4.6.2 (<a href="https://github.com/certifi/python-certifi/issues/343">#343</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c054ed3ac3d3505efc929b71cfd87a257bbdb6b3"><code>c054ed3</code></a> Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (<a href="https://github.com/certifi/python-certifi/issues/342">#342</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/44547fc77121b12bb276b44b3b2b49cfcbeac06f"><code>44547fc</code></a> Bump actions/download-artifact from 4.1.8 to 4.1.9 (<a href="https://github.com/certifi/python-certifi/issues/341">#341</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/5ea51247afecf1bf4ebfa8f2db3082e89a8bfaed"><code>5ea5124</code></a> Bump actions/upload-artifact from 4.6.0 to 4.6.1 (<a href="https://github.com/certifi/python-certifi/issues/340">#340</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/2f142b7ae0b2d13fee4ba4b9fbd73a9cd5069060"><code>2f142b7</code></a> Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (<a href="https://github.com/certifi/python-certifi/issues/339">#339</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/80d2ebdc77d2d005f408f789fe2fb1fe5f4e0265"><code>80d2ebd</code></a> Bump actions/setup-python from 5.3.0 to 5.4.0 (<a href="https://github.com/certifi/python-certifi/issues/337">#337</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26">compare view</a></li> </ul> </details> <br /> Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> Updates `importlib-metadata` from 8.6.1 to 8.7.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's changelog</a>.</em></p> <blockquote> <h1>v8.7.0</h1> <h2>Features</h2> <ul> <li><code>.metadata()</code> (and <code>Distribution.metadata</code>) can now return <code>None</code> if the metadata directory exists but not metadata file is present. (<a href="https://github.com/python/importlib_metadata/issues/493">#493</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Raise consistent ValueError for invalid EntryPoint.value (<a href="https://github.com/python/importlib_metadata/issues/518">#518</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/importlib_metadata/commit/708dff4f1ab89bdd126e3e8c56098d04282c5809"><code>708dff4</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/b3065f03cc3395f46ed575e612e213f92a064879"><code>b3065f0</code></a> Merge pull request <a href="https://github.com/python/importlib_metadata/issues/519">#519</a> from python/bugfix/493-metadata-missing</li> <li><a href="https://github.com/python/importlib_metadata/commit/e4351c226765f53a40316fa6aab50488aee8a90f"><code>e4351c2</code></a> Add a new test capturing the new expectation.</li> <li><a href="https://github.com/python/importlib_metadata/commit/5a657051f7386de6f0560c200d78e941be2c8058"><code>5a65705</code></a> Refactor the casting into a wrapper for brevity and to document its purpose.</li> <li><a href="https://github.com/python/importlib_metadata/commit/0830c39b8a23e48024365120c0e97a6f7c36c5ec"><code>0830c39</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/22bb567692d8e7bd216f864a9d8dee1272ee8674"><code>22bb567</code></a> Fix type errors where metadata could be None.</li> <li><a href="https://github.com/python/importlib_metadata/commit/57f31d77e18fef11dfadfd44775f253971c36920"><code>57f31d7</code></a> Allow metadata to return None when there is no metadata present.</li> <li><a href="https://github.com/python/importlib_metadata/commit/b9c4be4253250ad604610db66204e5fa70fa2455"><code>b9c4be4</code></a> Merge pull request <a href="https://github.com/python/importlib_metadata/issues/518">#518</a> from python/bugfix/488-bad-ep-value</li> <li><a href="https://github.com/python/importlib_metadata/commit/9f8af013635833cf3ac348413c9ac63b37caa3dd"><code>9f8af01</code></a> Prefer a cached property, as the property is likely to be retrieved at least ...</li> <li><a href="https://github.com/python/importlib_metadata/commit/f179e28888b2c6caf12baaf5449ff1cd82513dfe"><code>f179e28</code></a> Also raise ValueError on construction if the value is invalid.</li> <li>Additional commits viewable in <a href="https://github.com/python/importlib_metadata/compare/v8.6.1...v8.7.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot
pushed a commit
to aio-libs/aiohttp
that referenced
this pull request
Apr 28, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot
pushed a commit
to aio-libs/aiohttp
that referenced
this pull request
Apr 28, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
Apr 28, 2025
…k/test/generated-code (#4819) Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
Apr 28, 2025
…s/@jsii/python-runtime (#4820) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0...25.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-merge-queue bot
pushed a commit
to MeltanoLabs/tap-postgres
that referenced
this pull request
Apr 28, 2025
…e ci group (#622) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Towards #6334
Towards #9175
Towards #11859