-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit f48869b
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump pip from 25.2 to 25.3 (#11720)
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.3 (2025-10-24)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>
<p>Remove support for the legacy <code>setup.py develop</code> editable
method in setuptools
editable installs; setuptools >= 64 is now required.
(<code>[#11457](pypa/pip#11457)
<https://github.com/pypa/pip/issues/11457></code>_)</p>
</li>
<li>
<p>Remove the deprecated <code>--global-option</code> and
<code>--build-option</code>.
<code>--config-setting</code> is now the only way to pass options to the
build backend. (<code>[#11859](pypa/pip#11859)
<https://github.com/pypa/pip/issues/11859></code>_)</p>
</li>
<li>
<p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for
specifying build
constraints.</p>
<p>Use the <code>--build-constraint</code> option or the
<code>PIP_BUILD_CONSTRAINT</code> environment variable
instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no
longer affects isolated build
environments. To enable this behavior without specifying any build
constraints, use
<code>--use-feature=build-constraint</code>.
(<code>[#13534](pypa/pip#13534)
<https://github.com/pypa/pip/issues/13534></code>_)</p>
</li>
<li>
<p>Remove support for non-standard legacy wheel filenames.
(<code>[#13581](pypa/pip#13581)
<https://github.com/pypa/pip/issues/13581></code>_)</p>
</li>
<li>
<p>Remove support for the deprecated <code>setup.py bdist_wheel</code>
mechanism. Consequently,
<code>--use-pep517</code> is now always on, and
<code>--no-use-pep517</code> has been removed.
(<code>[#6334](pypa/pip#6334)
<https://github.com/pypa/pip/issues/6334></code>_)</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>When :pep:<code>658</code> metadata is available, full distribution
files are no longer downloaded when using <code>pip lock</code> or
<code>pip install --dry-run</code>.
(<code>[#12603](pypa/pip#12603)
<https://github.com/pypa/pip/issues/12603></code>_)</li>
<li>Add support for installing an editable requirement written as a
Direct URL (<code>PackageName @ URL</code>).
(<code>[#13495](pypa/pip#13495)
<https://github.com/pypa/pip/issues/13495></code>_)</li>
<li>Add support for build constraints via the
<code>--build-constraint</code> option. This
allows constraining the versions of packages used during the build
process
(e.g., setuptools) without affecting the final installation.
(<code>[#13534](pypa/pip#13534)
<https://github.com/pypa/pip/issues/13534></code>_)</li>
<li>On <code>ResolutionImpossible</code> errors, include a note about
causes with no candidates.
(<code>[#13588](pypa/pip#13588)
<https://github.com/pypa/pip/issues/13588></code>_)</li>
<li>Building pip itself from source now uses flit-core instead of
setuptools.
This does not affect how pip installs or builds packages you use.
(<code>[#13473](pypa/pip#13473)
<https://github.com/pypa/pip/issues/13473></code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Handle malformed <code>Version</code> metadata entries and
show a sensible error message instead of crashing.
(<code>[#13443](pypa/pip#13443)
<https://github.com/pypa/pip/issues/13443></code>_)</li>
<li>Permit spaces between a filepath and extras in an install
requirement. (<code>[#13523](pypa/pip#13523)
<https://github.com/pypa/pip/issues/13523></code>_)</li>
<li>Ensure the self-check files in the cache have the same permissions
as the rest of the cache.
(<code>[#13528](pypa/pip#13528)
<https://github.com/pypa/pip/issues/13528></code>_)</li>
<li>Avoid concurrency issues and improve performance when caching
locally built wheels,
especially when the temporary build directory is on a different
filesystem than the cache.
The wheel directory passed to the build backend is now a temporary
subdirectory inside
the cache directory.
(<code>[#13540](pypa/pip#13540)
<https://github.com/pypa/pip/issues/13540></code>_)</li>
<li>Include relevant user-supplied constraints in logs when reporting
dependency conflicts.
(<code>[#13545](pypa/pip#13545)
<https://github.com/pypa/pip/issues/13545></code>_)</li>
<li>Fix a regression in configuration parsing that was turning a single
value
into a list and thus leading to a validation error.
(<code>[#13548](pypa/pip#13548)
<https://github.com/pypa/pip/issues/13548></code>_)</li>
<li>For Python versions that do not support :pep:<code>706</code>, pip
will now raise an installation error for a
source distribution when it includes a symlink that points outside the
source distribution archive.
(<code>[#13550](pypa/pip#13550)
<https://github.com/pypa/pip/issues/13550></code>_)</li>
<li>Prevent <code>--user</code> installs if
<code>site.ENABLE_USER_SITE</code> is set to <code>False</code>.
(<code>[#8794](pypa/pip#8794)
<https://github.com/pypa/pip/issues/8794></code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a>
Fix up authors by adding entry to <code>.mailmap</code></li>
<li><a
href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from
sbidoul/imp-doc-pep517-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from
notatallshaw/bump-gone_in="25.3"</li>
<li><a
href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a>
Bump gone_in="25.3"</li>
<li><a
href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from
ichard26/feat/direct-editables</li>
<li><a
href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from
ShubhamNagure/fix-constraint-reporting-13545</li>
<li><a
href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from
notatallshaw/hint-on-resolution-impossible-whe...</li>
<li><a
href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from
pelson/honour_user_site</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.2...25.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 93cb864 commit f48869bCopy full SHA for f48869b
File tree
Expand file treeCollapse file tree
2 files changed
+2
-2
lines changedOpen diff view settings
Filter options
- requirements
Expand file treeCollapse file tree
2 files changed
+2
-2
lines changedOpen diff view settings
Collapse file
requirements/constraints.txt
Copy file name to clipboardExpand all lines: requirements/constraints.txt+1-1Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
286 | 286 | | |
287 | 287 | | |
288 | 288 | | |
289 | | - | |
| 289 | + | |
290 | 290 | | |
291 | 291 | | |
292 | 292 | | |
Collapse file
+1-1Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
276 | 276 | | |
277 | 277 | | |
278 | 278 | | |
279 | | - | |
| 279 | + | |
280 | 280 | | |
281 | 281 | | |
282 | 282 | | |
0 commit comments