Bug Fixes:
- Strip line number annotations such as "(line XX)" from file requirements, to prevent diff noise when modifying input requirement files (#1075). Thanks @adamchainz
Improved Documentation:
- Updated
README
example outputs for primary requirement annotations (#1072). Thanks @richafrank
Features:
- Primary requirements and VCS dependencies are now get annotated with any source
.in
files and reverse dependencies (#1058). Thanks @AndydeCleyre
Bug Fixes:
- Always use normalized path for cache directory as it is required in newer versions of
pip
(#1062). Thanks @kammala
Improved Documentation:
- Replace outdated link in the
README
with rationale for pinning (#1053). Thanks @m-aciek
Bug Fixes:
- Fix a bug where
pip-compile
would keep outdated options fromrequirements.txt
(#1029). Thanks @atugushev - Fix the
No handlers could be found for logger "pip.*"
error by configuring the builtin logging module (#1035). Thanks @vphilippon - Fix a bug where dependencies of relevant constraints may be missing from output file (#1037). Thanks @jeevb
- Upgrade the minimal version of
click
from6.0
to7.0
version insetup.py
(#1039). Thanks @hramezani - Ensure that depcache considers the python implementation such that (for example)
cpython3.6
does not poison the results ofpypy3.6
(#1050). Thanks @asottile
Improved Documentation:
- Make the
README
more imperative about installing into a project's virtual environment to avoid confusion (#1023). Thanks @tekumara - Add a note to the
README
about how to install requirements on different stages to Workflow for layered requirements section (#1044). Thanks @hramezani
Features:
- Add
--cache-dir
option topip-compile
(#1022). Thanks @richafrank - Add
pip>=20.0
support (#1024). Thanks @atugushev
Bug Fixes:
- Fix a bug where
pip-compile --upgrade-package
would upgrade those passed packages not already required according to the*.in
and*.txt
files (#1031). Thanks @AndydeCleyre
Features:
- Add Python 3.8 support (#956). Thanks @hramezani
- Unpin commented out unsafe packages in
requirements.txt
(#975). Thanks @atugushev
Bug Fixes:
- Fix
pip-compile
doesn't copy--trusted-host
fromrequirements.in
torequirements.txt
(#964). Thanks @atugushev - Add compatibility with
pip>=20.0
(#953 and #978). Thanks @atugushev - Fix a bug where the resolver wouldn't clean up the ephemeral wheel cache (#968). Thanks @atugushev
Improved Documentation:
- Add a note to
README
aboutrequirements.txt
file, which would possibly interfere if you're compiling from scratch (#959). Thanks @hramezani
Features:
- Add
--ask
option topip-sync
(#913). Thanks @georgek
Bug Fixes:
- Add compatibility with
pip>=19.3
(#864, #904, #910, #912 and #915). Thanks @atugushev - Ensure
pip-compile --no-header <blank requirements.in>
creates/overwritesrequirements.txt
(#909). Thanks @AndydeCleyre - Fix
pip-compile --upgrade-package
removes «via» annotation (#931). Thanks @hramezani
Improved Documentation:
- Add info to
README
about layered requirements files and-c
flag (#905). Thanks @jamescooke
Features:
- Add
--no-emit-find-links
option topip-compile
(#873). Thanks @jacobtolar
Bug Fixes:
- Prevent
--dry-run
log message from being printed with--quiet
option inpip-compile
(#861). Thanks @ddormer - Fix resolution of requirements from Git URLs without
-e
(#879). Thanks @andersk
Backwards Incompatible Changes:
- Drop support for EOL Python 3.4 (#803). Thanks @auvipy
Bug Fixes:
- Fix
pip>=19.2
compatibility (#857). Thanks @atugushev
Features:
- Print provenance information when
pip-compile
fails (#837). Thanks @jakevdp
Bug Fixes:
- Output all logging to stderr instead of stdout (#834). Thanks @georgek
- Fix output file update with
--dry-run
option inpip-compile
(#842). Thanks @shipmints and @atugushev
Features:
- Options
--upgrade
and--upgrade-package
are no longer mutually exclusive (#831). Thanks @adamchainz
Bug Fixes:
- Fix
--generate-hashes
with bare VCS URLs (#812). Thanks @jcushman - Fix issues with
UnicodeError
when installingpip-tools
from source in some systems (#816). Thanks @AbdealiJK - Respect
--pre
option in the input file (#822). Thanks @atugushev - Option
--upgrade-package
now works even if the output file does not exist (#831). Thanks @adamchainz
Features:
- Show progressbar on generation hashes in
pip-compile
verbose mode (#743). Thanks @atugushev - Add options
--cert
and--client-cert
topip-sync
(#798). Thanks @atugushev - Add support for
--find-links
inpip-compile
output (#793). Thanks @estan and @atugushev - Normalize «command to run» in
pip-compile
headers (#800). Thanks @atugushev - Support URLs as packages (#807). Thanks @jcushman, @nim65s and @toejough
Bug Fixes:
- Fix replacing password to asterisks in
pip-compile
(#808). Thanks @atugushev
Bug Fixes:
- Fix
pip>=19.1
compatibility (#795). Thanks @atugushev
Features:
- Show less output on
pip-sync
with--quiet
option (#765). Thanks @atugushev - Support the flag
--trusted-host
inpip-sync
(#777). Thanks @firebirdberlin
Features:
- Show default index url provided by
pip
(#735). Thanks @atugushev - Add an option to allow enabling/disabling build isolation (#758). Thanks @atugushev
Bug Fixes:
- Fix the output file for
pip-compile
with an explicitsetup.py
as source file (#731). Thanks @atugushev - Fix order issue with generated lock file when
hashes
andmarkers
are used together (#763). Thanks @milind-shakya-sp
Features:
- Add option
--quiet
topip-compile
(#720). Thanks @bendikro - Emit the original command to the
pip-compile
's header (#733). Thanks @atugushev
Bug Fixes:
- Fix
pip-sync
to use pip script depending on a python version (#737). Thanks @atugushev
Bug Fixes:
- Fix
pip-sync
with a temporary requirement file on Windows (#723). Thanks @atugushev - Fix
pip-sync
to prevent uninstall of stdlib and dev packages (#718). Thanks @atugushev
- Re-release of 3.3.0 after fixing the deployment pipeline (#716). Thanks @atugushev
(Unreleased - Deployment pipeline issue, see 3.3.1)
Features:
- Added support of
pip
19.0 (#715). Thanks @atugushev - Add
--allow-unsafe
to update instructions in the generatedrequirements.txt
(#708). Thanks @richafrank
Bug Fixes:
- Fix
pip-sync
to check hashes (#706). Thanks @atugushev
Features:
- Apply version constraints specified with package upgrade option (
-P, --upgrade-package
) (#694). Thanks @richafrank
Features:
- Added support of
pip
18.1 (#689). Thanks @vphilippon
Major changes:
- Update
pip-tools
for nativepip
8, 9, 10 and 18 compatibility, un-vendoringpip
to use the user-installedpip
(#657 and #672). Thanks to @techalchemy, @suutari, @tysonclugg and @vphilippon for contributing on this.
Features:
- Removed the dependency on the external library
first
(#676). Thanks @jdufresne
Bug Fixes:
- Added clearer error reporting when skipping pre-releases (#655). Thanks @WoLpH
Bug Fixes:
- Added missing package data from vendored pip, such as missing cacert.pem file. Thanks @vphilippon
Major changes:
- Vendored
pip
9.0.3 to keep compatibility for users withpip
10.0.0 (#644). Thanks @vphilippon
Features:
- Improved the speed of pip-compile --generate-hashes by caching the hashes from an existing output file (#641). Thanks @justicz
- Added a
pip-sync --user
option to restrict attention to user-local directory (#642). Thanks @jbergknoff-10e - Removed the hard dependency on setuptools (#645). Thanks @vphilippon
Bug fixes:
- The pip environment markers on top-level requirements in the source file (requirements.in) are now properly handled and will only be processed in the right environment (#647). Thanks @JoergRittinger
Features:
- Allow editable packages in requirements.in with
pip-compile --generate-hashes
(#524). Thanks @jdufresne - Allow for CA bundles with
pip-compile --cert
(#612). Thanks @khwilson - Improved
pip-compile
duration with large locally available editable requirement by skipping a copy to the cache (#583). Thanks @costypetrisor - Slightly improved the
NoCandidateFound
error message on potential causes (#614). Thanks @vphilippon
Bug Fixes:
- Add
-markerlib
to the list ofPACKAGES_TO_IGNORE
ofpip-sync
(#613).
Bug Fixes:
- Fixed bug causing dependencies from invalid wheels for the current platform to be included (#571).
pip-sync
will respect environment markers in the requirements.txt (600). Thanks @hazmat345- Converted the ReadMe to have a nice description rendering on PyPI. Thanks @bittner
Bug Fixes:
- Fixed bug breaking
pip-sync
on Python 3, raisingTypeError: '<' not supported between instances of 'InstallRequirement' and 'InstallRequirement'
(#570).
Features:
--generate-hashes
now generates hashes for all wheels, not only wheels for the currently running platform (#520). Thanks @jdufresne- Added a
-q
/--quiet
argument to the pip-sync command to reduce log output.
Bug Fixes:
- Fixed bug where unsafe packages would get pinned in generated requirements files
when
--allow-unsafe
was not set. (#517). Thanks @dschaller - Fixed bug where editable PyPI dependencies would have a
download_dir
and be exposed togit-checkout-index
, (thus losing their VCS directory) andpython setup.py egg_info
fails. (#385 and #538). Thanks @blueyed and @dfee - Fixed bug where some primary dependencies were annotated with "via" info comments. (#542). Thanks @quantus
- Fixed bug where pkg-resources would be removed by pip-sync in Ubuntu. (#555). Thanks @cemsbr
- Fixed bug where the resolver would sometime not stabilize on requirements specifying extras. (#566). Thanks @vphilippon
- Fixed an unicode encoding error when distribution package contains non-ASCII file names (#567). Thanks @suutari
- Fixed package hashing doing unnecessary unpacking (#557). Thanks @suutari-ai
Features:
- Added ability to read requirements from
setup.py
instead of justrequirements.in
(#418). Thanks to @tysonclugg and @majuscule. - Added a
--max-rounds
argument to the pip-compile command to allow for solving large requirement sets (#472). Thanks @derek-miller. - Exclude unsafe packages' dependencies when
--allow-unsafe
is not in use (#441). Thanks @jdufresne. - Exclude irrelevant pip constraints (#471). Thanks @derek-miller.
- Allow control over emitting trusted-host to the compiled requirements. (#448). Thanks @tonyseek.
- Allow running as a Python module (#461). Thanks @AndreLouisCaron.
- Preserve environment markers in generated requirements.txt. (#460). Thanks @barrywhart.
Bug Fixes:
- Fixed the --upgrade-package option to respect the given package list to update (#491).
- Fixed the default output file name when the source file has no extension (#488). Thanks @vphilippon
- Fixed crash on editable requirements introduced in 1.8.2.
- Fixed duplicated --trusted-host, --extra-index-url and --index-url in the generated requirements.
- Regression fix: editable reqs were loosing their dependencies after first round (#476) Thanks @mattlong
- Remove duplicate index urls in generated requirements.txt (#468) Thanks @majuscule
- Recalculate secondary dependencies between rounds (#378)
- Calculated dependencies could be left with wrong candidates when toplevel requirements happen to be also pinned in sub-dependencies (#450)
- Fix duplicate entries that could happen in generated requirements.txt (#427)
- Gracefully report invalid pip version (#457)
- Fix capitalization in the generated requirements.txt, packages will always be lowercased (#452)
- Adds support for upgrading individual packages with a new option
--upgrade-package
. To upgrade a specific package to the latest or a specific version use--upgrade-package <pkg>
. To upgrade all packages, you can still usepip-compile --upgrade
. (#409) - Adds support for pinning dependencies even further by including the hashes found on PyPI at compilation time, which will be re-checked when dependencies are installed at installation time. This adds protection against packages that are tampered with. (#383)
- Improve support for extras, like
hypothesis[django]
- Drop support for pip < 8
- Add
--allow-unsafe
option (#377)
- Add compatibility with pip >= 8.1.2 (#374) Thanks so much, @jmbowman!
- Add warning that pip >= 8.1.2 is not supported until 1.7.x is out
- Incorporate fix for atomic file saving behaviour on the Windows platform (see #351)
- PyPI won't let me upload 1.6.2
- Respect pip configuration from pip.{ini,conf}
- Fixes for atomic-saving of output files on Windows (see #351)
Minor changes:
- pip-sync now supports being invoked from within and outside an activated virtualenv (see #317)
- pip-compile: support -U as a shorthand for --upgrade
- pip-compile: support pip's --no-binary and --binary-only flags
Fixes:
- Change header format of output files to mention all input files
Major change:
- pip-compile will by default try to fulfill package specs by looking at
a previously compiled output file first, before checking PyPI. This means
pip-compile will only update the requirements.txt when it absolutely has to.
To get the old behaviour (picking the latest version of all packages from
PyPI), use the new
--upgrade
option.
Minor changes:
- Bugfix where pip-compile would lose "via" info when on pip 8 (see #313)
- Ensure cache dir exists (see #315)
- Add support for pip >= 8
- Drop support for pip < 7
- Fix bug where
pip-sync
fails to uninstall packages if you're using the--no-index
(or other) flags
- Add
--no-index
flag topip-compile
to avoid emitting--index-url
into the output (useful if you have configured a different index in your global ~/.pip/pip.conf, for example) - Fix: ignore stdlib backport packages, like
argparse
, when listing which packages will be installed/uninstalled (#286) - Fix pip-sync failed uninstalling packages when using
--find-links
(#298) - Explicitly error when pip-tools is used with pip 8.0+ (for now)
- Fix: unintended change in behaviour where packages installed by
pip-sync
could accidentally get upgraded under certain conditions, even though the requirements.txt would dictate otherwise (see #290)
- Fix: add
--index-url
and--extra-index-url
options topip-sync
- Fix: always install using
--upgrade
flag when runningpip-sync
- Fix bug where umask was ignored when writing requirement files (#268)
- Fix bug where successive invocations of pip-sync with editables kept uninstalling/installing them (fixes #270)
- Add command line option -f / --find-links
- Add command line option --no-index
- Add command line alias -n (for --dry-run)
- Fix a unicode issue
- Support multiple requirement files to pip-compile
- Support requirements from stdin for pip-compile
- Support --output-file option on pip-compile, to redirect output to a file (or stdout)
- Add CHANGELOG :)
- Support pip-sync'ing editable requirements
- Support extras properly (i.e. package[foo] syntax)
(Anything before 1.2.0 was not recorded.)