Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pip upgrade prompt is not sent to stderr anymore #11282

Closed
1 task done
JohanLorenzo opened this issue Jul 21, 2022 · 4 comments · Fixed by #11287
Closed
1 task done

Pip upgrade prompt is not sent to stderr anymore #11282

JohanLorenzo opened this issue Jul 21, 2022 · 4 comments · Fixed by #11287
Labels
type: bug A confirmed bug or unintended behavior
Milestone

Comments

@JohanLorenzo
Copy link

JohanLorenzo commented Jul 21, 2022

Description

Hello there! 👋

This is my first bug report to pip 😃 I've written Python for more than 10 years and it's always been a pleasure to install packages with pip. We, at Mozilla, use Python intensively for our CI/CD and pip is the cornerstone of our package management. Today, we ran into an issue that blocked our entire CI/CD. We parse the output of pip freeze and today, some lines couldn't be parsed. These were lines about a pip upgrade.

After looking into the pip code, we realized this fairly recent PR #10959 changed the formatting of the upgrade prompt, but also it now redirects the prompt to stdout instead of stderr. Based on the patch, I get the feeling this is unexpected behavior.

There's been 4 releases since this PR got merged. There are 2 reasons why we just noticed it today:

  1. I upgraded pip in our infra from 21.1.3 to 22.1.2, 12 days ago
  2. 22.2 got released 3 hours ago.

Shoutout to @jcristau who was instrumental in narrowing down the bug to #10959

Expected behavior

For the sake of remaining parseable, I believe the upgrade prompt should remain in stderr. I'm happy to discuss this though 🙂

pip version

21.1

Python version

N/A

OS

N/A

How to Reproduce

Steps to reproduce:

  1. VERSION='22.0.4'; pip install "$VERSION" && pip list --format freeze > "$VERSION".stdout.txt 2> "$VERSION".stderr.txt
  2. Change the version number to 22.1.2 and rerun the same command
  3. head *.txt

See the output below: it shows there's nothing anymore in stderr and the prompt got moved to stdout.

Output

==> 22.0.4.stderr.txt <==
WARNING: You are using pip version 22.0.4; however, version 22.2 is available.
You should consider upgrading via the '/private/tmp/pip/.env/bin/python -m pip install --upgrade pip' command.

==> 22.0.4.stdout.txt <==
pip==22.0.4
setuptools==62.6.0
wheel==0.37.1

==> 22.1.2.stderr.txt <==

==> 22.1.2.stdout.txt <==
pip==22.1.2
setuptools==62.6.0
wheel==0.37.1

[notice] A new release of pip available: 22.1.2 -> 22.2
[notice] To update, run: pip install --upgrade pip

Code of Conduct

@JohanLorenzo JohanLorenzo added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jul 21, 2022
@JohanLorenzo
Copy link
Author

cc @pradyunsg @pfmoore @uranusjr

@sbidoul sbidoul removed the S: needs triage Issues/PRs that need to be triaged label Jul 21, 2022
@sbidoul
Copy link
Member

sbidoul commented Jul 21, 2022

Looks like a bug in the previous version that is being revealed by today's release.

@pfmoore
Copy link
Member

pfmoore commented Jul 21, 2022

Agreed. A PR to change the output destination of this message back to stderr would be welcomed.

@kdeldycke
Copy link

kdeldycke commented Jul 21, 2022

FWIW, I confirm the issue on Ubuntu, Windows and macOS, as in my meta-package-manager tool, any call to pip commands with a --format=json option will end up with output to stdout that is unparseable by a json.loads() method (as done here: https://github.com/kdeldycke/meta-package-manager/blob/main/meta_package_manager/managers/pip.py#L102-L105 ).

@sbidoul sbidoul added this to the 22.2.1 milestone Jul 21, 2022
kdeldycke added a commit to kdeldycke/meta-package-manager that referenced this issue Jul 22, 2022
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 28, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.2 to 22.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.2.1 (2022-07-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Send the pip upgrade prompt to stderr. (<code>[#11282](pypa/pip#11282) &lt;https://github.com/pypa/pip/issues/11282&gt;</code>_)</li>
<li>Ensure that things work correctly in environments where setuptools-injected
<code>distutils</code> is available by default. This is done by cooperating with
setuptools' injection logic to ensure that pip uses the <code>distutils</code> from the
Python standard library instead. (<code>[#11298](pypa/pip#11298) &lt;https://github.com/pypa/pip/issues/11298&gt;</code>_)</li>
<li>Clarify that <code>pip cache</code>'s wheels-related output is about locally built wheels only. (<code>[#11300](pypa/pip#11300) &lt;https://github.com/pypa/pip/issues/11300&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/61bdbe0d66ad472372f67c7bce05629027bdfc2b"><code>61bdbe0</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/fcb0c84116dc40e0de2f0f79af9cbbb68350e2b9"><code>fcb0c84</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11298">#11298</a> from pradyunsg/remove-distutils-shim</li>
<li><a href="https://github.com/pypa/pip/commit/a14f1412ce269cd0869f56b589e8e3209b7ac215"><code>a14f141</code></a> 📰</li>
<li><a href="https://github.com/pypa/pip/commit/b728bdad2a4fe29f2eedb8f37bdeefc1f60e756d"><code>b728bda</code></a> Remove the setuptools-provided distutils hack, if using distutils</li>
<li><a href="https://github.com/pypa/pip/commit/0231a1d9b69e4e1db9b158d112451a934355c869"><code>0231a1d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11303">#11303</a> from vanschelven/clarify-pip-cache-output</li>
<li><a href="https://github.com/pypa/pip/commit/80c3b9615fd3137208b72649071a08f85660b3ca"><code>80c3b96</code></a> Textual: &quot;locally built&quot; rather than &quot;built&quot;</li>
<li><a href="https://github.com/pypa/pip/commit/d57c5dd1eea3caf099190f34ca0c21e088f7b28e"><code>d57c5dd</code></a> Fixed the tests</li>
<li><a href="https://github.com/pypa/pip/commit/f2c49cdbad84323956df48a7d9c81b86faf263b4"><code>f2c49cd</code></a> Add news article</li>
<li><a href="https://github.com/pypa/pip/commit/906b87727b2a79277f2bf81e34e44afece06bdbd"><code>906b877</code></a> Clarify pip cache output</li>
<li><a href="https://github.com/pypa/pip/commit/c4606b3572529625762f0586dda134302cf6122c"><code>c4606b3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11283">#11283</a> from pfmoore/classifier_311</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2...22.2.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2&new-version=22.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 28, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.2 to 22.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.2.1 (2022-07-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Send the pip upgrade prompt to stderr. (<code>[#11282](pypa/pip#11282) &lt;https://github.com/pypa/pip/issues/11282&gt;</code>_)</li>
<li>Ensure that things work correctly in environments where setuptools-injected
<code>distutils</code> is available by default. This is done by cooperating with
setuptools' injection logic to ensure that pip uses the <code>distutils</code> from the
Python standard library instead. (<code>[#11298](pypa/pip#11298) &lt;https://github.com/pypa/pip/issues/11298&gt;</code>_)</li>
<li>Clarify that <code>pip cache</code>'s wheels-related output is about locally built wheels only. (<code>[#11300](pypa/pip#11300) &lt;https://github.com/pypa/pip/issues/11300&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/61bdbe0d66ad472372f67c7bce05629027bdfc2b"><code>61bdbe0</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/fcb0c84116dc40e0de2f0f79af9cbbb68350e2b9"><code>fcb0c84</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11298">#11298</a> from pradyunsg/remove-distutils-shim</li>
<li><a href="https://github.com/pypa/pip/commit/a14f1412ce269cd0869f56b589e8e3209b7ac215"><code>a14f141</code></a> 📰</li>
<li><a href="https://github.com/pypa/pip/commit/b728bdad2a4fe29f2eedb8f37bdeefc1f60e756d"><code>b728bda</code></a> Remove the setuptools-provided distutils hack, if using distutils</li>
<li><a href="https://github.com/pypa/pip/commit/0231a1d9b69e4e1db9b158d112451a934355c869"><code>0231a1d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11303">#11303</a> from vanschelven/clarify-pip-cache-output</li>
<li><a href="https://github.com/pypa/pip/commit/80c3b9615fd3137208b72649071a08f85660b3ca"><code>80c3b96</code></a> Textual: &quot;locally built&quot; rather than &quot;built&quot;</li>
<li><a href="https://github.com/pypa/pip/commit/d57c5dd1eea3caf099190f34ca0c21e088f7b28e"><code>d57c5dd</code></a> Fixed the tests</li>
<li><a href="https://github.com/pypa/pip/commit/f2c49cdbad84323956df48a7d9c81b86faf263b4"><code>f2c49cd</code></a> Add news article</li>
<li><a href="https://github.com/pypa/pip/commit/906b87727b2a79277f2bf81e34e44afece06bdbd"><code>906b877</code></a> Clarify pip cache output</li>
<li><a href="https://github.com/pypa/pip/commit/c4606b3572529625762f0586dda134302cf6122c"><code>c4606b3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11283">#11283</a> from pfmoore/classifier_311</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2...22.2.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2&new-version=22.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
kdeldycke added a commit to kdeldycke/meta-package-manager that referenced this issue Aug 7, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants