Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pip list is unable to mention architecture #11054

Closed
1 task done
ssbarnea opened this issue Apr 21, 2022 · 15 comments · Fixed by #11088
Closed
1 task done

pip list is unable to mention architecture #11054

ssbarnea opened this issue Apr 21, 2022 · 15 comments · Fixed by #11088
Labels
state: awaiting PR Feature discussed, PR is needed type: feature request Request for a new feature

Comments

@ssbarnea
Copy link
Contributor

Description

If someone happens to upgrade from intel to aarch64, pip will not be able to help him identify any packages that are using wrong architecture. They would have to either uninstall or use install --force in order to address the issue.

Expected behavior

At least the JSON output of pip list should mention architecture when that is avaiable but now it does not do this:

python -m pip list --format=json

Ideally pip should all be smart enough to detect a mismatch in architecture and ignore or warn about mismatched packages. For example pip check would be a good candidate for that too.

pip version

22.0.4

Python version

3.11.3

OS

MacOS

How to Reproduce

It might be harder to reproduce the way I got into it, as I used Apple Migration Assistant to migrate from old computer to the new one but I guess you could just force pip to install a binary wheel using a different architecture.

Once this happens, you are kinda clueless if the wheel is usable or not, at least until you try to do an import from the binary parts.

Output

No response

Code of Conduct

@ssbarnea ssbarnea added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Apr 21, 2022
@uranusjr
Copy link
Member

Unfortunately I don’t think there’s metadata recording the wheel architecture available at all, after a wheel is installed. It’s not even theoratically possible, since packages not installed from wheel (but e.g. from setup.py install) doesn’t have that metadata to begin with. So this would need

  1. A way to record wheel metadata on installation. Simpliest way is to copy WHEEL-METADATA into the dist-info directory). This may need a discussion in packaging.python.org and a standard (PEP).
  2. Remove setup.py install so we always install wheels and get that metadata. Deprecate call to setup.py install when building a wheel failed for source distributions without pyproject.toml #8368 would start the process.

@uranusjr uranusjr added type: feature request Request for a new feature resolution: needs standard Should be agreed as a standard before implementation and removed type: bug A confirmed bug or unintended behavior S: needs triage Issues/PRs that need to be triaged labels Apr 21, 2022
@domdfcoding
Copy link
Contributor

Doesn't the .dist-info/WHEEL file include the wheel tags, from which the architecture can be parsed? I can't see an explicit requirement from PEP 427 that the file be copied over from the wheel, but I think all tools do in practice.

@uranusjr
Copy link
Member

Oh I wasn’t aware of that 😆 Someone must have used a time machine. So the question (aside from eliminating setup.py install) would be how to present that message appropriately. Feel free to try it out then.

@uranusjr uranusjr added state: awaiting PR Feature discussed, PR is needed and removed resolution: needs standard Should be agreed as a standard before implementation labels Apr 21, 2022
@ssbarnea
Copy link
Contributor Author

As I successfully dropped setup.py from all projects I am active with, I am not so concerned about not having support for it. Still, I am quite interested into getting arch info when listing, it could prove very useful. For start maybe we can write an utility script that does this or just add it as a feature to pip check?

@pradyunsg
Copy link
Member

I think starting by writing a utility script for this is a good idea -- that makes it possible to demonstrate that this can be implemented and can be immediately usable for the situation you're dealing with.

That can also be adapted into pip's code, if the need to do so still exists after that. :)

@q0w
Copy link
Contributor

q0w commented Apr 28, 2022

packages = get_default_environment().iter_installed_distributions()
for p in packages:
    with open(f"{p.info_location}/WHEEL", 'r') as f:
        tags = list(map(lambda s: parse_tag(s), Parser().parse(f).get_all('Tag')))
        print(tags)

@ssbarnea
Copy link
Contributor Author

@q0w While trying to test that snipped I was not able to find any class Parser in pip source code.

@q0w
Copy link
Contributor

q0w commented Apr 28, 2022

@ssbarnea its from stdlib email.parser

@ssbarnea
Copy link
Contributor Author

ssbarnea commented Apr 28, 2022

New version of the script:

#!/usr/bin/env python
from os.path import isfile
from email.parser import Parser
from pip._internal.metadata import get_default_environment
from pip._internal.utils.compatibility_tags import get_supported
from pip._vendor.packaging.tags import parse_tag

supported = get_supported()
packages = get_default_environment().iter_installed_distributions()
for p in packages:
    wheel_file = f"{p.info_location}/WHEEL"
    if isfile(wheel_file):
        with open(wheel_file, 'r', encoding="utf-8") as f:
            # aaa = [parse_tag(x) for x in Parser().parse(f).get_all('Tag')]
            # print(aaa)
            for entry in list(map(parse_tag, Parser().parse(f).get_all('Tag'))):
                for tag in entry:
                    # pylint: disable=protected-access
                    platform = tag._platform
                    if tag in supported or platform == 'any':
                        continue
                    print(f"{p} is using unsupported platform {platform}")

Now, the question is if it would be seen acceptable to include this inside pip check. @pradyunsg WDYT?

Some example from a local run:

$ pip-doctor        
yarl 1.7.2 is using unsupported platform macosx_10_9_x86_64
wrapt 1.14.0 is using unsupported platform macosx_10_9_x86_64
PyYAML 6.0 is using unsupported platform macosx_10_9_x86_64
psutil 5.9.0 is using unsupported platform macosx_10_9_x86_64
multidict 6.0.2 is using unsupported platform macosx_10_9_x86_64
MarkupSafe 2.1.1 is using unsupported platform macosx_10_9_x86_64
lazy-object-proxy 1.7.1 is using unsupported platform macosx_10_9_x86_64
frozenlist 1.3.0 is using unsupported platform macosx_10_9_x86_64
cryptography 36.0.2 is using unsupported platform macosx_10_10_x86_64
coverage 6.2 is using unsupported platform macosx_10_9_x86_64
black 22.3.0 is using unsupported platform macosx_10_9_x86_64
aiohttp 3.8.1 is using unsupported platform macosx_10_9_x86_64

Apparently doing pip uninstall pip install can sort the issue.

@domdfcoding
Copy link
Contributor

For completeness here is a standalone version I made before going on holiday (and getting waylaid with other things on my return).

@uranusjr
Copy link
Member

uranusjr commented May 4, 2022

Personally I am +1 to adding this to pip check.

@q0w
Copy link
Contributor

q0w commented May 4, 2022

Check only platform tags or also interpreter, abi compatibility?

@uranusjr
Copy link
Member

I think we should check all of them, but we don’t necessarily have to implement them all at once.

@sbidoul
Copy link
Member

sbidoul commented May 30, 2022

Cross linking #11097 as this makes me reflect on the json output format.

mergify bot pushed a commit to aws/jsii that referenced this issue Jul 29, 2024
…k/test/generated-code (#4584)

Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code>
when using a setuptools version that does not support :pep:<code>660</code>
(setuptools v63 and older). (<code>[#11457](pypa/pip#11457) &lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform. (<code>[#11054](pypa/pip#11054) &lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag <code>--use-deprecated=legacy-certs</code>. (<code>[#11647](pypa/pip#11647) &lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the <code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under Python 3.11+). (<code>[#12656](pypa/pip#12656) &lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. (<code>[#12663](pypa/pip#12663) &lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions (<code>[#12664](pypa/pip#12664) &lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. (<code>[#12683](pypa/pip#12683) &lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the <code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions. (<code>[#12728](pypa/pip#12728) &lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code> and <code>pip freeze</code> (<code>[#12842](pypa/pip#12842) &lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. (<code>[#12810](pypa/pip#12810) &lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. (<code>[#12803](pypa/pip#12803) &lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code> instance. (<code>[#11045](pypa/pip#11045) &lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when checking <code>Requires-Python</code>. (<code>[#12216](pypa/pip#12216) &lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner. (<code>[#12680](pypa/pip#12680) &lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds (<code>[#12716](pypa/pip#12716) &lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode. (<code>[#12751](pypa/pip#12751) &lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a> Update dependabot.yml to bump group updates (<a href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from hellozee/fix-unit-test</li>
<li><a href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a> Fix invalid origin test to check all the logged messages</li>
<li><a href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from pradyunsg/better-exception-handling-around-sel...</li>
<li><a href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a> Properly mock <code>_self_version_check_logic</code></li>
<li><a href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a> Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a> Move exception suppression to cover more of self-version-check logic</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.1.2...24.2">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 29, 2024
…s/@jsii/python-runtime (#4588)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code>
when using a setuptools version that does not support :pep:<code>660</code>
(setuptools v63 and older). (<code>[#11457](pypa/pip#11457) &lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform. (<code>[#11054](pypa/pip#11054) &lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag <code>--use-deprecated=legacy-certs</code>. (<code>[#11647](pypa/pip#11647) &lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the <code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under Python 3.11+). (<code>[#12656](pypa/pip#12656) &lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. (<code>[#12663](pypa/pip#12663) &lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions (<code>[#12664](pypa/pip#12664) &lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. (<code>[#12683](pypa/pip#12683) &lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the <code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions. (<code>[#12728](pypa/pip#12728) &lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code> and <code>pip freeze</code> (<code>[#12842](pypa/pip#12842) &lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. (<code>[#12810](pypa/pip#12810) &lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. (<code>[#12803](pypa/pip#12803) &lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code> instance. (<code>[#11045](pypa/pip#11045) &lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when checking <code>Requires-Python</code>. (<code>[#12216](pypa/pip#12216) &lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner. (<code>[#12680](pypa/pip#12680) &lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds (<code>[#12716](pypa/pip#12716) &lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode. (<code>[#12751](pypa/pip#12751) &lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a> Update dependabot.yml to bump group updates (<a href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from hellozee/fix-unit-test</li>
<li><a href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a> Fix invalid origin test to check all the logged messages</li>
<li><a href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from pradyunsg/better-exception-handling-around-sel...</li>
<li><a href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a> Properly mock <code>_self_version_check_logic</code></li>
<li><a href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a> Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a> Move exception suppression to cover more of self-version-check logic</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.1...24.2">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 29, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code>
when using a setuptools version that does not support :pep:<code>660</code>
(setuptools v63 and older). (<code>[#11457](pypa/pip#11457) &lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform. (<code>[#11054](pypa/pip#11054) &lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag <code>--use-deprecated=legacy-certs</code>. (<code>[#11647](pypa/pip#11647) &lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the <code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under Python 3.11+). (<code>[#12656](pypa/pip#12656) &lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. (<code>[#12663](pypa/pip#12663) &lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions (<code>[#12664](pypa/pip#12664) &lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. (<code>[#12683](pypa/pip#12683) &lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the <code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions. (<code>[#12728](pypa/pip#12728) &lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code> and <code>pip freeze</code> (<code>[#12842](pypa/pip#12842) &lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. (<code>[#12810](pypa/pip#12810) &lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. (<code>[#12803](pypa/pip#12803) &lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code> instance. (<code>[#11045](pypa/pip#11045) &lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when checking <code>Requires-Python</code>. (<code>[#12216](pypa/pip#12216) &lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner. (<code>[#12680](pypa/pip#12680) &lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds (<code>[#12716](pypa/pip#12716) &lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode. (<code>[#12751](pypa/pip#12751) &lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a> Update dependabot.yml to bump group updates (<a href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from hellozee/fix-unit-test</li>
<li><a href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a> Fix invalid origin test to check all the logged messages</li>
<li><a href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from pradyunsg/better-exception-handling-around-sel...</li>
<li><a href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a> Properly mock <code>_self_version_check_logic</code></li>
<li><a href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a> Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a> Move exception suppression to cover more of self-version-check logic</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.1.2...24.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 29, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code>
when using a setuptools version that does not support :pep:<code>660</code>
(setuptools v63 and older). (<code>[#11457](pypa/pip#11457) &lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform. (<code>[#11054](pypa/pip#11054) &lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag <code>--use-deprecated=legacy-certs</code>. (<code>[#11647](pypa/pip#11647) &lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the <code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under Python 3.11+). (<code>[#12656](pypa/pip#12656) &lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. (<code>[#12663](pypa/pip#12663) &lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions (<code>[#12664](pypa/pip#12664) &lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. (<code>[#12683](pypa/pip#12683) &lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the <code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions. (<code>[#12728](pypa/pip#12728) &lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code> and <code>pip freeze</code> (<code>[#12842](pypa/pip#12842) &lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. (<code>[#12810](pypa/pip#12810) &lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. (<code>[#12803](pypa/pip#12803) &lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code> instance. (<code>[#11045](pypa/pip#11045) &lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when checking <code>Requires-Python</code>. (<code>[#12216](pypa/pip#12216) &lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner. (<code>[#12680](pypa/pip#12680) &lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds (<code>[#12716](pypa/pip#12716) &lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode. (<code>[#12751](pypa/pip#12751) &lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a> Update dependabot.yml to bump group updates (<a href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from hellozee/fix-unit-test</li>
<li><a href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a> Fix invalid origin test to check all the logged messages</li>
<li><a href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from pradyunsg/better-exception-handling-around-sel...</li>
<li><a href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a> Properly mock <code>_self_version_check_logic</code></li>
<li><a href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a> Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a> Move exception suppression to cover more of self-version-check logic</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.1.2...24.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@filbranden
Copy link

filbranden commented Jul 30, 2024

UPDATE: Reported as #12884

We ran into issues with this new pip check feature in some packages we push.

First three are on Python 3.10 on Linux

  • catboost-1.1.1.dist-info/WHEEL lists no Tag's:
Wheel-Version: 1.0
Root-Is-Purelib: false
  • xgboost-1.6.1.dist-info/WHEEL has Tag's for cp39-cp39-manylinux_2_17_x86_64 and cp39-cp39-manylinux2014_x86_64, but looking at the list in get_supported() Python 3.10 only lists cp39 with abi3 as the second component, it has cp39-abi3-manylinux_2_17_x86_64 and cp39-abi3-manylinux2014_x86_64 which do not match exactly. Contents of xgboost-1.6.1.dist-info/WHEEL below:
Wheel-Version: 1.0
Generator: bdist_wheel (0.37.1)
Root-Is-Purelib: false
Tag: cp39-cp39-manylinux_2_17_x86_64
Tag: cp39-cp39-manylinux2014_x86_64
  • ninja-1.11.1.1.dist-info/WHEEL has a newline above the Tag's, which makes email.parser used in pip return no Tag's since it's expecting no blank lines between header lines:
Wheel-Version: 1.0
Generator: skbuild 0.17.6
Root-Is-Purelib: false

Tag: py2-none-manylinux1_x86_64
Tag: py2-none-manylinux_2_5_x86_64
Tag: py3-none-manylinux1_x86_64
Tag: py3-none-manylinux_2_5_x86_64
  • We also encountered this issue with the extra blank line on frozendict-2.3.8.dist-info/WHEEL on a Python 3.11 setup:
Wheel-Version: 1.0
Generator: bdist_wheel (0.40.0)
Root-Is-Purelib: true

Tag: py311-none-any

I understand some of these could be blamed on the packages and how they were built, but it's still unfortunate that we'll start getting pip check warnings for these, so I thought I would report my findings here. (Also, it was not very easy to troubleshoot the issue, essentially I had to reproduce the commands in this PR to understand what was really going on, since there was no useful output or debug logging to help understand the breakage.)

Thank you!

kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Aug 5, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](pypa/pip#11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform.
(<code>[#11054](pypa/pip#11054)
&lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify
HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag
<code>--use-deprecated=legacy-certs</code>.
(<code>[#11647](pypa/pip#11647)
&lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the
<code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under
Python 3.11+). (<code>[#12656](pypa/pip#12656)
&lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many
times during
resolution, by consistently caching the parsed requirement string.
(<code>[#12663](pypa/pip#12663)
&lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package
candidates by not
repeatedly calculating their versions
(<code>[#12664](pypa/pip#12664)
&lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to
install
PEP 517 build requirements.
(<code>[#12683](pypa/pip#12683)
&lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform
compatibility
tags during wheel cache lookup.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build
dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the
<code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions.
(<code>[#12728](pypa/pip#12728)
&lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code>
and <code>pip freeze</code>
(<code>[#12842](pypa/pip#12842)
&lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and
reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar.
(<code>[#12810](pypa/pip#12810)
&lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the
file size for
smaller files. A decompressor is no longer instantiated when extracting
0 bytes files,
it is not necessary because there is no data to decompress.
(<code>[#12803](pypa/pip#12803)
&lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code>
instance. (<code>[#11045](pypa/pip#11045)
&lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when
checking <code>Requires-Python</code>.
(<code>[#12216](pypa/pip#12216)
&lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner.
(<code>[#12680](pypa/pip#12680)
&lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds
(<code>[#12716](pypa/pip#12716)
&lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode.
(<code>[#12751](pypa/pip#12751)
&lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a>
Update dependabot.yml to bump group updates (<a
href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from
hellozee/fix-unit-test</li>
<li><a
href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a>
Fix invalid origin test to check all the logged messages</li>
<li><a
href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from
pradyunsg/better-exception-handling-around-sel...</li>
<li><a
href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a>
Properly mock <code>_self_version_check_logic</code></li>
<li><a
href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a>
Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a
href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a>
Move exception suppression to cover more of self-version-check
logic</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.1.2...24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Aug 13, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](pypa/pip#11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform.
(<code>[#11054](pypa/pip#11054)
&lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify
HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag
<code>--use-deprecated=legacy-certs</code>.
(<code>[#11647](pypa/pip#11647)
&lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the
<code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under
Python 3.11+). (<code>[#12656](pypa/pip#12656)
&lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many
times during
resolution, by consistently caching the parsed requirement string.
(<code>[#12663](pypa/pip#12663)
&lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package
candidates by not
repeatedly calculating their versions
(<code>[#12664](pypa/pip#12664)
&lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to
install
PEP 517 build requirements.
(<code>[#12683](pypa/pip#12683)
&lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform
compatibility
tags during wheel cache lookup.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build
dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the
<code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions.
(<code>[#12728](pypa/pip#12728)
&lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code>
and <code>pip freeze</code>
(<code>[#12842](pypa/pip#12842)
&lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and
reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar.
(<code>[#12810](pypa/pip#12810)
&lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the
file size for
smaller files. A decompressor is no longer instantiated when extracting
0 bytes files,
it is not necessary because there is no data to decompress.
(<code>[#12803](pypa/pip#12803)
&lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code>
instance. (<code>[#11045](pypa/pip#11045)
&lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when
checking <code>Requires-Python</code>.
(<code>[#12216](pypa/pip#12216)
&lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner.
(<code>[#12680](pypa/pip#12680)
&lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds
(<code>[#12716](pypa/pip#12716)
&lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode.
(<code>[#12751](pypa/pip#12751)
&lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a>
Update dependabot.yml to bump group updates (<a
href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from
hellozee/fix-unit-test</li>
<li><a
href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a>
Fix invalid origin test to check all the logged messages</li>
<li><a
href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from
pradyunsg/better-exception-handling-around-sel...</li>
<li><a
href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a>
Properly mock <code>_self_version_check_logic</code></li>
<li><a
href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a>
Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a
href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a>
Move exception suppression to cover more of self-version-check
logic</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.1.2...24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Aug 21, 2024
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [pip](https://github.com/pypa/pip) from 23.2.1 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](pypa/pip#11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform.
(<code>[#11054](pypa/pip#11054)
&lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify
HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag
<code>--use-deprecated=legacy-certs</code>.
(<code>[#11647](pypa/pip#11647)
&lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the
<code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under
Python 3.11+). (<code>[#12656](pypa/pip#12656)
&lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many
times during
resolution, by consistently caching the parsed requirement string.
(<code>[#12663](pypa/pip#12663)
&lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package
candidates by not
repeatedly calculating their versions
(<code>[#12664](pypa/pip#12664)
&lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to
install
PEP 517 build requirements.
(<code>[#12683](pypa/pip#12683)
&lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform
compatibility
tags during wheel cache lookup.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build
dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the
<code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions.
(<code>[#12728](pypa/pip#12728)
&lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code>
and <code>pip freeze</code>
(<code>[#12842](pypa/pip#12842)
&lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and
reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar.
(<code>[#12810](pypa/pip#12810)
&lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the
file size for
smaller files. A decompressor is no longer instantiated when extracting
0 bytes files,
it is not necessary because there is no data to decompress.
(<code>[#12803](pypa/pip#12803)
&lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code>
instance. (<code>[#11045](pypa/pip#11045)
&lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when
checking <code>Requires-Python</code>.
(<code>[#12216](pypa/pip#12216)
&lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner.
(<code>[#12680](pypa/pip#12680)
&lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds
(<code>[#12716](pypa/pip#12716)
&lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode.
(<code>[#12751](pypa/pip#12751)
&lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a>
Update dependabot.yml to bump group updates (<a
href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from
hellozee/fix-unit-test</li>
<li><a
href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a>
Fix invalid origin test to check all the logged messages</li>
<li><a
href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from
pradyunsg/better-exception-handling-around-sel...</li>
<li><a
href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a>
Properly mock <code>_self_version_check_logic</code></li>
<li><a
href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a>
Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a
href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a>
Move exception suppression to cover more of self-version-check
logic</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.2.1...24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2.1&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Aug 23, 2024
Bumps [pip](https://github.com/pypa/pip) from 23.2.1 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](pypa/pip#11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform.
(<code>[#11054](pypa/pip#11054)
&lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify
HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag
<code>--use-deprecated=legacy-certs</code>.
(<code>[#11647](pypa/pip#11647)
&lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the
<code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under
Python 3.11+). (<code>[#12656](pypa/pip#12656)
&lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many
times during
resolution, by consistently caching the parsed requirement string.
(<code>[#12663](pypa/pip#12663)
&lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package
candidates by not
repeatedly calculating their versions
(<code>[#12664](pypa/pip#12664)
&lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to
install
PEP 517 build requirements.
(<code>[#12683](pypa/pip#12683)
&lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform
compatibility
tags during wheel cache lookup.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build
dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the
<code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions.
(<code>[#12728](pypa/pip#12728)
&lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code>
and <code>pip freeze</code>
(<code>[#12842](pypa/pip#12842)
&lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and
reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar.
(<code>[#12810](pypa/pip#12810)
&lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the
file size for
smaller files. A decompressor is no longer instantiated when extracting
0 bytes files,
it is not necessary because there is no data to decompress.
(<code>[#12803](pypa/pip#12803)
&lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code>
instance. (<code>[#11045](pypa/pip#11045)
&lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when
checking <code>Requires-Python</code>.
(<code>[#12216](pypa/pip#12216)
&lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner.
(<code>[#12680](pypa/pip#12680)
&lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds
(<code>[#12716](pypa/pip#12716)
&lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode.
(<code>[#12751](pypa/pip#12751)
&lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a>
Update dependabot.yml to bump group updates (<a
href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from
hellozee/fix-unit-test</li>
<li><a
href="https://github.com/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a>
Fix invalid origin test to check all the logged messages</li>
<li><a
href="https://github.com/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from
pradyunsg/better-exception-handling-around-sel...</li>
<li><a
href="https://github.com/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a>
Properly mock <code>_self_version_check_logic</code></li>
<li><a
href="https://github.com/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a>
Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a
href="https://github.com/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a>
Move exception suppression to cover more of self-version-check
logic</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.2.1...24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.2.1&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
state: awaiting PR Feature discussed, PR is needed type: feature request Request for a new feature
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants