[DEPRECATION] Moving away from html5lib to html.parser

[pradyunsg]

Starting with pip 22.0, the HTML parsing is done using html.parser instead of html5lib by default. Along with this, there's an additional check to ensure that a valid HTML 5 doctype declaration is present in the document.

If you're here from a warning/error from pip's output:

• Please reach out to the provider of the package index you're using and ask them to change the index pages to be valid HTML 5 documents (declaring doctype, having the correct structure etc).
• You may pass --use-deprecated=html5lib until pip 22.2 (i.e. start of Q3 2022), when this flag will be dropped. This will suppress the warning for now, however you will no longer be able to pass this flag once pip 22.2 is released (and will need to fix the index pages to suppress the warning).

---

This behaviour change is motivated by two major factors:

• html5lib is the reason that pip pulls in dropping various other libraries, as part of its own dependency graph. Dropping html5lib and its dependencies from pip, enables reducing the maintainance workload on pip's maintainers and helps reduce the size of pip's distributions.
• The Python standard library's html.parser is more than sufficient for parsing the pages that pip needs to parse (see https://pypi.org/simple/pip/ for example).

Barring major surprises, the flag to use html5lib will be removed in 22.1. There were surprises.

• The initial implementation of the html.parser-based parsing enforced that the page contains a doctype, throwing an error if it did not. Turns out, many third-party package indexes did not include a <!doctype html> in their index pages.
• With pip 22.0.1, certain bugs in the fallback logic were fixed, for pages that did not include the doctype.
• With pip 22.0.2, a fallback to the legacy html5lib logic was introduced, for pages that don't start with <!doctype html> (case-insensitive) with a warning presented to the user.
• With pip 22.0.3, the fallback to the legacy html5lib logic has been removed and the strict error in the html.parser logic has been relaxed to be a warning.
• With pip 22.0.4, the warning has been removed. Users will no longer get a warning on an invalid or missing doctype. However, this should still be fixed since a future version of pip may start rejecting such pages (after a deprecation period of ~3-6 months).

[astrojuanlu]

Got an error while trying to use https://www.piwheels.org/simple/.

Before:

$ pip install -U tox -i https://www.piwheels.org/simple/
Looking in indexes: https://www.piwheels.org/simple/
Collecting tox
  Downloading https://www.piwheels.org/simple/tox/tox-3.24.5-py2.py3-none-any.whl (85 kB)
     |████████████████████████████████| 85 kB 981 kB/s             
^CERROR: Operation cancelled by user

After:

$ pip install -U tox -i https://www.piwheels.org/simple/
Looking in indexes: https://www.piwheels.org/simple/
ERROR: Exception:
Traceback (most recent call last):
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/cli/base_command.py", line 165, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/cli/req_command.py", line 205, in wrapper
    return func(self, options, args)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/commands/install.py", line 340, in run
    reqs, check_supported_wheels=not options.target_dir
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 95, in resolve
    collected.requirements, max_rounds=try_to_avoid_resolution_too_deep
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_vendor/resolvelib/resolvers.py", line 481, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_vendor/resolvelib/resolvers.py", line 348, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_vendor/resolvelib/resolvers.py", line 172, in _add_to_criteria
    if not criterion.candidates:
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_vendor/resolvelib/structs.py", line 151, in __bool__
    return bool(self._sequence)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 155, in __bool__
    return any(self)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 143, in <genexpr>
    return (c for c in iterator if id(c) not in self._incompatible_ids)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 44, in _iter_built
    for version, func in infos:
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 297, in iter_index_candidate_infos
    hashes=hashes,
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/package_finder.py", line 868, in find_best_candidate
    candidates = self.find_all_candidates(project_name)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/package_finder.py", line 809, in find_all_candidates
    page_candidates = list(page_candidates_it)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/sources.py", line 134, in page_candidates
    yield from self._candidates_from_page(self._link)
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/package_finder.py", line 773, in process_project_url
    page_links = list(parse_links(html_page, self._use_deprecated_html5lib))
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/collector.py", line 310, in wrapper_wrapper
    return list(fn(page, use_deprecated_html5lib))
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/collector.py", line 350, in parse_links
    parser.feed(page.content.decode(encoding))
  File "/usr/lib/python3.7/html/parser.py", line 111, in feed
    self.goahead(0)
  File "/usr/lib/python3.7/html/parser.py", line 179, in goahead
    k = self.parse_html_declaration(i)
  File "/usr/lib/python3.7/html/parser.py", line 270, in parse_html_declaration
    self.handle_decl(rawdata[i+2:gtpos])
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/collector.py", line 405, in handle_decl
    self._raise_error()
  File "/home/juanlu/Projects/Other/tutor-53-bot/.venv/lib/python3.7/site-packages/pip/_internal/index/collector.py", line 427, in _raise_error
    "HTML doctype missing or incorrect. Expected <!DOCTYPE html>.\n\n"
ValueError: HTML doctype missing or incorrect. Expected <!DOCTYPE html>.

If you believe this error to be incorrect, try passing the command line option --use-deprecated=html5lib and please leave a comment on the pip issue at https://github.com/pypa/pip/issues/10825.

This is how the index page looks like:

$ curl -r 0-100 https://www.piwheels.org/simple/
<!doctype html>
<html>
<head>
<meta name="api-version" value="2" />
<title>piwheels - Simple index

[pradyunsg]

AHAHAAH. From https://www.w3resource.com/html5/doctype.php:

'DOCTYPE' keyword is not case sensitive. So, <!doctype html> or <!DOCTYPE html>, both will do.

I've filed #10844 for this. /cc @bennuttall so that he's aware of the bug on our end which affects piwheels users.

@astrojuanlu Can you confirm that the workaround noted above, passing --allow-deprecated=html5lib, works?

[astrojuanlu]

Yep, I confirm it fixes the issue @pradyunsg!

[matthew-s-walker]

We're hitting this with pip caches served from Artifactory, it doesn't include DOCTYPE in the response at all. The allow-deprecated flag does work though.

[pradyunsg]

@matthew-s-walker Could you go ahead and reach out to the Artifactory (JFrog?) folks about that? The fix for that needs to happen on their end.

[suman4ds]

Got the error while upgrading pip from 19.2.3 to the latest version(22.0) on docker. I tried --use-deprecated=html5lib, did not work.

Getting an error for this:
pip3 install --no-cache --upgrade pip setuptools wheel

Specifying 21.3.1 solved my issue:
pip3 install --no-cache --upgrade pip==21.3.1 setuptools wheel

[06:28:07 PM]  Installing collected packages: pip, setuptools, wheel
[06:28:07 PM]    Found existing installation: pip 19.2.3
[06:28:07 PM]      Uninstalling pip-19.2.3:
[06:28:07 PM]        Successfully uninstalled pip-19.2.3
[06:28:09 PM]    Found existing installation: setuptools 41.2.0
[06:28:09 PM]      Uninstalling setuptools-41.2.0:
[06:28:09 PM]        Successfully uninstalled setuptools-41.2.0
[06:28:09 PM]  Successfully installed pip-22.0 setuptools-60.5.0 wheel-0.37.1
[06:28:09 PM]  Looking in indexes: https://mbartft:****@artifactory.corp.adobe.com/artifactory/api/pypi/pypi-asr-python-release-local/simple, https://pypi.python.org/simple
[06:28:09 PM]  ERROR: Exception:
[06:28:09 PM]  Traceback (most recent call last):
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 165, in exc_logging_wrapper
[06:28:09 PM]      status = run_func(*args)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/cli/req_command.py", line 205, in wrapper
[06:28:09 PM]      return func(self, options, args)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 339, in run
[06:28:09 PM]      requirement_set = resolver.resolve(
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 94, in resolve
[06:28:09 PM]      result = self._result = resolver.resolve(
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 481, in resolve
[06:28:09 PM]      state = resolution.resolve(requirements, max_rounds=max_rounds)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 348, in resolve
[06:28:09 PM]      self._add_to_criteria(self.state.criteria, r, parent=None)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 172, in _add_to_criteria
[06:28:09 PM]      if not criterion.candidates:
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_vendor/resolvelib/structs.py", line 151, in __bool__
[06:28:09 PM]      return bool(self._sequence)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 155, in __bool__
[06:28:09 PM]      return any(self)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 143, in <genexpr>
[06:28:09 PM]      return (c for c in iterator if id(c) not in self._incompatible_ids)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 44, in _iter_built
[06:28:09 PM]      for version, func in infos:
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 294, in iter_index_candidate_infos
[06:28:09 PM]      result = self._finder.find_best_candidate(
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 868, in find_best_candidate
[06:28:09 PM]      candidates = self.find_all_candidates(project_name)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 809, in find_all_candidates
[06:28:09 PM]      page_candidates = list(page_candidates_it)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/sources.py", line 134, in page_candidates
[06:28:09 PM]      yield from self._candidates_from_page(self._link)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 773, in process_project_url
[06:28:09 PM]      page_links = list(parse_links(html_page, self._use_deprecated_html5lib))
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 310, in wrapper_wrapper
[06:28:09 PM]      return list(fn(page, use_deprecated_html5lib))
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 350, in parse_links
[06:28:09 PM]      parser.feed(page.content.decode(encoding))
[06:28:09 PM]    File "/usr/lib/python3.8/html/parser.py", line 111, in feed
[06:28:09 PM]      self.goahead(0)
[06:28:09 PM]    File "/usr/lib/python3.8/html/parser.py", line 171, in goahead
[06:28:09 PM]      k = self.parse_starttag(i)
[06:28:09 PM]    File "/usr/lib/python3.8/html/parser.py", line 345, in parse_starttag
[06:28:09 PM]      self.handle_starttag(tag, attrs)
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 410, in handle_starttag
[06:28:09 PM]      self._raise_error()
[06:28:09 PM]    File "/usr/src/venv/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 426, in _raise_error
[06:28:09 PM]      raise ValueError(
[06:28:09 PM]  ValueError: HTML doctype missing or incorrect. Expected <!DOCTYPE html>.
[06:28:09 PM]  
[06:28:09 PM]  If you believe this error to be incorrect, try passing the command line option --use-deprecated=html5lib and please leave a comment on the pip issue at https://github.com/pypa/pip/issues/10825.

[matthew-s-walker]

@pradyunsg I've raised a ticket in their support portal :)

[Arksine]

FWIW, passing --use-deprecated=html5lib does not work for my project. When attempting to install a pinned version of tornado from a requirements file I get the following response:

ERROR: Could not find a version that satisfies the requirement tornado==6.1.0 (from versions: none)
ERROR: No matching distribution found for tornado==6.1.0

[nadav-yo]

Hi, Nadav from JFrog.
We're on it. https://www.jfrog.com/jira/browse/RTFACT-26750

[VarIr]

Installing PyTorch CPU-only packages (described here) seems to be affected as well:

pip3 install torch==1.10.1+cpu  -f https://download.pytorch.org/whl/cpu/torch_stable.html

The --use-deprecated=html5lib work-around results in the same error that @Arksine reported:

ERROR: Could not find a version that satisfies the requirement torch==1.10.1+cpu (from versions: none)
ERROR: No matching distribution found for torch==1.10.1+cpu

[pradyunsg]

If you're getting ERROR: No matching distribution found -- you are hitting a separate issue related to the package and its compatibility with your system, which is unrelated to this. You're likely going to need to go to the relevant project's documentation/issue tracker to find guidance. :)

This was a bug. See #10846.

[wiggin15]

This is affecting entire companies. Is it possible to pull pip version 22.0 until the issues in JFrog and pip are resolved?

[Necropaw]

Can't even downgrade pip successfully:

pip3 install --no-cache --upgrade  --use-deprecated=html5lib  pip==21.3.1
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
ERROR: Could not find a version that satisfies the requirement pip==21.3.1 (from versions: none)
ERROR: No matching distribution found for pip==21.3.1

[notatallshaw]

@pradyunsg I see you are already making the check case insensitive in #10844 , but could this check be removed entirely? Is it an issue in the index returns an HTML fragment rather than a complete HTML document?

I'm going to chase JFrog via my corporate channels but given the life cycle of them updating and corporate roll out if this check is left in place I'd appreciate if --use-deprecated=html5lib is kept for at least the next year.

[gjermund66]

Azure DevOps, running Linux/Python 3.8.12:

Successfully installed pip-22.0 setuptools-60.5.0 wheel-0.37.1
...

Collecting mysql-connector-python==8.0.28
  Using cached mysql_connector_python-8.0.28-cp38-cp38-manylinux1_x86_64.whl (37.6 MB)
ERROR: Exception:
Traceback (most recent call last):
...

  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 426, in _raise_error
    raise ValueError(
ValueError: HTML doctype missing or incorrect. Expected <!DOCTYPE html>.
...

Collecting numexpr==2.8.1
  Using cached numexpr-2.8.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (381 kB)
ERROR: Exception:
Traceback (most recent call last):
...

  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 426, in _raise_error
    raise ValueError(
ValueError: HTML doctype missing or incorrect. Expected <!DOCTYPE html>.


```

[notatallshaw]

Hi all I have created a separate issue with this ERROR: No matching distribution found: #10845 . Please add info there if you have more details (please don't comment if you have no further info, maybe up vote it or something).

If you're getting ERROR: No matching distribution found -- you are hitting a separate issue related to the package and its compatibility with your system, which is unrelated to this. You're likely going to need to go to the relevant project's documentation/issue tracker to find guidance. :)

@pradyunsg I am able to reproduce on JFrog using Pip 22.0 with --use-deprecated=html5lib trying to install requests and it works fine on Pip 21.3, it's definitely not a package/platform compatibility issue.

[nadav-yo]

@Necropaw You can downgrade using
pip3 install --no-cache --upgrade pip==21.3.1 -i https://pypi.org/simple/

[notatallshaw]

@Necropaw You can downgrade using pip3 install --no-cache --upgrade pip==21.3.1 -i https://pypi.org/simple/

FYI for those trying this inside a corporate network, access to https://pypi.org/simple/ may be blocked. You likely are better doing a fresh install of Python: #10825 (comment) (@pradyunsg has a less destructive solution).

And as someone who maintains a Python installer in a large company please run your projects in a virtual env (or conda env) so you can destroy and recreate them without any hassle in the future.

[pradyunsg]

You likely are better doing a fresh install of Python.

Uhh... No? Use python -m pip uninstall pip && python -m ensurepip to get a version of pip that was bundled with your Python version.

[pradyunsg]

I am able to reproduce on JFrog using Pip 22.0 with --use-deprecated=html5lib trying to install requests and it works fine on Pip 21.3, it's definitely not a package/platform compatibility issue.

Ah, curious!

https://download.pytorch.org/whl/cpu/torch_stable.html

@VarIr Could you file an issue against pytorch to flag this on their end?

[n1vgabay]

Hi guys,

We also have the same issue in our GitHub Actions CI

Can you please assist me solve this issue with the commands above of pip install ?

[pradyunsg]

Is it an issue in the index returns an HTML fragment rather than a complete HTML document?

Well... yes. The relevant standards clearly state that these pages need to be valid HTML5 documents. From PEP 503:

This URL must respond with a valid HTML5 page with a single anchor element per file for the project.

So far, pip has been really relaxed in accepting invalid documents like (similar to how browsers parse things). As discussed in #10291, switching to being stricter about what pip accepts is necessary to ensure that alternative clients for Python package interaction don't need to implement all the same HTML relaxations as browsers do (and pip does via html5lib).

Is it possible to pull pip version 22.0 until the issues in JFrog and pip are resolved?

It's certainly possible, but I don't think this is widespread enough to justify that. If you can prevent pip 22.0 from being used internally, by blocking pip 22.0 on your Artifactory instance, please feel free to do so. Worst case, we'll cut a 22.0.1 sometime next week that drops some of these validation checks.

---

Can you please assist me solve this issue with the commands above of pip install ?

I don't think we have the capacity to provide 1:1 support here. :)

Consider reaching out to GitHub, if you're using GitHub Packages. If not, it's unclear to me what alternative index you're using, and I believe that is implicated in the failure.

Also, posting screenshots of error messages is a bad idea in general. It makes it difficult for people to read the errors (since it'll ignore their browser's font size configuration, color preferences etc) and also makes it impossible to copy-paste from the output (at least, without running some sort of OCR, which no one's going to do).

---

I am able to reproduce on JFrog using Pip 22.0 with --use-deprecated=html5lib trying to install requests and it works fine on Pip 21.3, it's definitely not a package/platform compatibility issue.

Cool, let's chat about this in #10845. /cc @DonMyrmi

---

@gjermund66 Can you please share the full output? It's unclear to me what index is being used since you've effectively trimmed out all the useful parts of the output. Consider reaching out to Azure's support channels, so that they're aware and make the requisite changes.

[srittau]

Since NGinx doesn't include a doctype in its auto index pages, we now auto-generate a super simple index when uploading a new package. We use these scripts, maybe they are useful to some:

# release.sh

set -e -o pipefail

SFTP_HOST=foo@example.com
SFTP_PATH=/srv/foo

# Build and upload the wheel
# ...

sftp -qb - "$SFTP_HOST" >package-list <<EOD
@cd "$SFTP_PATH"
@ls -1
EOD
grep -v index.html package-list | python3 create-package-index.py >index.html
scp index.html "$SFTP_HOST:$SFTP_PATH"
rm package-list index.html

#!/usr/bin/env python3
# create-package-index.py

import sys
from html import escape

PREAMBLE = """<!DOCTYPE html>
<html>
<head><title>Package Index</title></head>
<body>
<h1>Package Index</h1>
<ul>
"""

POSTAMBLE = "</ul></body></html>"

print(PREAMBLE)
for line in sys.stdin:
    filename = escape(line.strip())
    print(f'<li><a href="{filename}">{filename}</a></li>')
print(POSTAMBLE)

[jrobbins-LiveData]

@pradyunsg AWS got back to me and they have updated CodeArtifact to include the required declaration.

[lambacck]

Given the merging of #10903 can the issue description at the top of this page be modified to more clearly call out the removal of the doctype checking please?

[pradyunsg]

No, because that's not in a release yet. I'll update that as and when there's a user facing update to the status quo.

[pradyunsg]

Alright, 22.0.4 removes the doctype warning; in line with what we've said earlier.

I consider it an oversight in pip's code, that it did not have strict=True in our html5lib.parse call, but that's water under the bridge now. The "reject invalid HTML pages" is something we might do in the future, albeit with a 3-6 month deprecation period -- platform vendors and users should still update their code to serve valid HTML 5 pages.