Skip to content

chore(deps-dev): bump pip from 25.0.1 to 25.1.1 #18084

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps-dev): bump pip from 25.0.1 to 25.1.1 #18084

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 5, 2025
edited
Loading

Bumps pip from 25.0.1 to 25.1.1.

Changelog

Sourced from pip's changelog.

25.1.1 (2025-05-02)

Bug Fixes

  • Fix req.source_dir AssertionError when using the legacy resolver. ([#13353](https://github.com/pypa/pip/issues/13353) <https://github.com/pypa/pip/issues/13353>_)
  • Fix crash on Python 3.9.6 and lower when pip failed to compile a Python module during installation. ([#13364](https://github.com/pypa/pip/issues/13364) <https://github.com/pypa/pip/issues/13364>_)
  • Names in dependency group includes are now normalized before lookup, which fixes incorrect Dependency group '...' not found errors. ([#13372](https://github.com/pypa/pip/issues/13372) <https://github.com/pypa/pip/issues/13372>_)

Vendored Libraries

  • Fix issues with using tomllib from the stdlib if available, rather than tomli
  • Upgrade dependency-groups to 1.3.1

25.1 (2025-04-26)

Deprecations and Removals

  • Drop support for Python 3.8. ([#12989](https://github.com/pypa/pip/issues/12989) <https://github.com/pypa/pip/issues/12989>_)
  • On python 3.14+, the pkg_resources metadata backend cannot be used anymore. ([#13010](https://github.com/pypa/pip/issues/13010) <https://github.com/pypa/pip/issues/13010>_)
  • Hide --no-python-version-warning from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. ([#13303](https://github.com/pypa/pip/issues/13303) <https://github.com/pypa/pip/issues/13303>_)
  • A warning is emitted when the deprecated pkg_resources library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default importlib.metadata backend. ([#13318](https://github.com/pypa/pip/issues/13318) <https://github.com/pypa/pip/issues/13318>_)
  • Deprecate the legacy setup.py bdist_wheel mechanism. To silence the warning, and future-proof their setup, users should enable --use-pep517 or add a pyproject.toml file to the projects they control. ([#13319](https://github.com/pypa/pip/issues/13319) <https://github.com/pypa/pip/issues/13319>_)

Features

  • Suggest checking "pip config debug" in case of an InvalidProxyURL error. ([#12649](https://github.com/pypa/pip/issues/12649) <https://github.com/pypa/pip/issues/12649>_)
  • Using --debug also enables verbose logging. ([#12710](https://github.com/pypa/pip/issues/12710) <https://github.com/pypa/pip/issues/12710>_)
  • Display a transient progress bar during package installation. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)
  • Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. ([#12873](https://github.com/pypa/pip/issues/12873) <https://github.com/pypa/pip/issues/12873>_)
  • Add a --group option which allows installation from :pep:735 Dependency Groups. --group accepts arguments of the form group or path:group, where the default path is pyproject.toml, and installs

... (truncated)

Commits
  • 01857ef Bump for release
  • 08d8bb9 Merge pull request #13374 from pfmoore/fixups
  • 2bff84e Merge pull request #13363 from sbidoul/fix-source_dir-assert
  • 644e71d News file fixups
  • 426856f Merge pull request #13364 from ichard26/bugfix/python39
  • b7e3aea Merge pull request #13356 from eli-schwartz/tomllib
  • 8c678fe Merge pull request #13373 from sirosen/update-vendored-dependency-groups
  • 7d00639 Update newsfiles for dependency-groups patch
  • 6d28bbf Update version of dependency-groups to v1.3.1
  • 94bd66d Revert StreamWrapper removal to restore Python 3.9.{0,6} compat
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 5, 2025
@dependabot dependabot bot requested a review from a team as a code owner May 5, 2025 10:29
@dependabot
chore(deps-dev): bump pip from 25.0.1 to 25.1.1
3e00c8b 
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.1.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@25.0.1...25.1.1)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: 25.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/pip-25.1.1 branch from ab70940 to 3e00c8b Compare May 6, 2025 09:05
@pypi-combine-prs pypi-combine-prs bot mentioned this pull request May 6, 2025
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants