Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to install wheel containing .data/headers using from non-writable pip installation into writable --prefix #8521

Closed
pelson opened this issue Jul 2, 2020 · 3 comments · Fixed by #8553

Comments

@pelson
Copy link
Contributor

pelson commented Jul 2, 2020

With the following scenario:

  • pip installed in a virtual environment, not owned by the executing user
  • pip install --prefix to a location that is owned by the user

pip is able to install simple wheels, but fails to install wheels with header .data (didn't check for other types of data)

I have confirmed that this is still the case on master with the following Dockerfile (placed in the pip repository root in order to copy the source and install pip):

FROM python

RUN python -m venv /opt/venv

# Install the latest pip (from source) into both the base Python, and the venv we just created.
COPY . /tmp/pip-repo
RUN python -m pip install /tmp/pip-repo
RUN /opt/venv/bin/python -m pip install /tmp/pip-repo

RUN useradd -ms /bin/bash not_root
USER not_root

# Fine
RUN /opt/venv/bin/python -m pip install --prefix $HOME/writable wheel

# Fine 
RUN python -m pip install --prefix $HOME/writable pybind11

# Not fine as it attempts to write to {venv}/include/site
RUN /opt/venv/bin/python -m pip install --prefix $HOME/writable pybind11

The output of building this Dockerfile with docker build --network=host . is:

$ git rev-parse HEAD
09f9b0030d0a3fe98cfe14e6fd9511100c3155e3

$ docker build --network=host .
Sending build context to Docker daemon  517.3MB
Step 1/10 : FROM python
 ---> b55669b4130e
Step 2/10 : RUN python -m venv /opt/venv
 ---> Using cache
 ---> 12c12f10ec01
Step 3/10 : COPY . /tmp/pip-repo
 ---> 6a2a8b641e26
Step 4/10 : RUN python -m pip install /tmp/pip-repo
 ---> Running in 50f5d4a53d52
Processing /tmp/pip-repo
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Building wheels for collected packages: pip
  Building wheel for pip (PEP 517): started
  Building wheel for pip (PEP 517): finished with status 'done'
  Created wheel for pip: filename=pip-20.2.dev1-py2.py3-none-any.whl size=1504387 sha256=c3f4a919e6797f6f477ab912ddc6567f8f7f845b10eb84a09e57b1f6ca612204
  Stored in directory: /root/.cache/pip/wheels/77/78/ae/d6e97e1b65b04ed7f7f18819f65a629c406fdfab1661304f08
Successfully built pip
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 20.0.2
    Uninstalling pip-20.0.2:
      Successfully uninstalled pip-20.0.2
Successfully installed pip-20.2.dev1
Removing intermediate container 50f5d4a53d52
 ---> 62acdf090a08
Step 5/10 : RUN /opt/venv/bin/python -m pip install /tmp/pip-repo
 ---> Running in 269e4a89a909
Processing /tmp/pip-repo
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Building wheels for collected packages: pip
  Building wheel for pip (PEP 517): started
  Building wheel for pip (PEP 517): finished with status 'done'
  Created wheel for pip: filename=pip-20.2.dev1-cp38-none-any.whl size=1504387 sha256=6646a166c762c1b13bf407b81a5c428d1df949fd36b83a5c4f9b02ef43d9616d
  Stored in directory: /root/.cache/pip/wheels/3a/92/63/e66cd23efd91ab6b7552fc37293c6076634bd7c6e5925abf50
Successfully built pip
Installing collected packages: pip
  Found existing installation: pip 19.2.3
    Uninstalling pip-19.2.3:
      Successfully uninstalled pip-19.2.3
Successfully installed pip-20.2.dev1
Removing intermediate container 269e4a89a909
 ---> d2b0273bd03d
Step 6/10 : RUN useradd -ms /bin/bash not_root
 ---> Running in dd9e454eed3d
Removing intermediate container dd9e454eed3d
 ---> e6ea8e7d10c6
Step 7/10 : USER not_root
 ---> Running in 17075cdc597b
Removing intermediate container 17075cdc597b
 ---> 09dae5d7fe5b
Step 8/10 : RUN /opt/venv/bin/python -m pip install --prefix $HOME/writable wheel
 ---> Running in 252992c43507
Collecting wheel
  Downloading wheel-0.34.2-py2.py3-none-any.whl (26 kB)
Installing collected packages: wheel
  WARNING: The script wheel is installed in '/home/not_root/writable/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed wheel-0.34.2
Removing intermediate container 252992c43507
 ---> 34705392a77b
Step 9/10 : RUN python -m pip install --prefix $HOME/writable pybind11
 ---> Running in 3d7d6e35d52a
Collecting pybind11
  Downloading pybind11-2.5.0-py2.py3-none-any.whl (296 kB)
Installing collected packages: pybind11
Successfully installed pybind11-2.5.0
Removing intermediate container 3d7d6e35d52a
 ---> 495db85a9fdb
Step 10/10 : RUN /opt/venv/bin/python -m pip install --prefix $HOME/writable pybind11
 ---> Running in f0287949ea8f
Collecting pybind11
  Using cached pybind11-2.5.0-py2.py3-none-any.whl (296 kB)
Installing collected packages: pybind11
ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/opt/venv/include/site'
Consider using the `--user` option or check the permissions.

The command '/bin/sh -c /opt/venv/bin/python -m pip install --prefix $HOME/writable pybind11' returned a non-zero code: 1

The full traceback from this command is:

Step 10/10 : RUN /opt/venv/bin/python -m pip -vvv install --prefix $HOME/writable pybind11
 ---> Running in fcd054a27042
Non-user install due to --prefix or --target option
Created temporary directory: /tmp/pip-ephem-wheel-cache-4jufpvad
Created temporary directory: /tmp/pip-req-tracker-4g9cr9c4
Initialized build tracking at /tmp/pip-req-tracker-4g9cr9c4
Created build tracker: /tmp/pip-req-tracker-4g9cr9c4
Entered build tracker: /tmp/pip-req-tracker-4g9cr9c4
Created temporary directory: /tmp/pip-install-c8x570pg
1 location(s) to search for versions of pybind11:
* https://pypi.org/simple/pybind11/
Fetching project page and analyzing links: https://pypi.org/simple/pybind11/
Getting page https://pypi.org/simple/pybind11/
Found index url https://pypi.org/simple
Looking up "https://pypi.org/simple/pybind11/" in the cache
Request header has "max_age" as 0, cache bypassed
Starting new HTTPS connection (1): pypi.org:443
https://pypi.org:443 "GET /simple/pybind11/ HTTP/1.1" 304 0
  Found link 
... snip ...
Given no hashes to check 46 links for project 'pybind11': discarding no candidates
Using version 2.5.0 (newest of versions: 1.0, 1.2, 1.3, 1.4, 1.5, 1.7, 1.8, 1.8.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0)
Collecting pybind11
  Created temporary directory: /tmp/pip-unpack-w_3s0md1
  Looking up "https://files.pythonhosted.org/packages/89/e3/d576f6f02bc75bacbc3d42494e8f1d063c95617d86648dba243c2cb3963e/pybind11-2.5.0-py2.py3-none-any.whl" in the cache
  Current age based on date: 2
  Ignoring unknown cache-control directive: immutable
  Freshness lifetime from max-age: 365000000
  The response is "fresh", returning cached response
  365000000 > 2
  Using cached pybind11-2.5.0-py2.py3-none-any.whl (296 kB)
  Added pybind11 from https://files.pythonhosted.org/packages/89/e3/d576f6f02bc75bacbc3d42494e8f1d063c95617d86648dba243c2cb3963e/pybind11-2.5.0-py2.py3-none-any.whl#sha256=205d9f9615eac190811cb8c3c2b2f95f6844ddba0fa0a1d45d00793338741601 to build tracker '/tmp/pip-req-tracker-4g9cr9c4'
  Removed pybind11 from https://files.pythonhosted.org/packages/89/e3/d576f6f02bc75bacbc3d42494e8f1d063c95617d86648dba243c2cb3963e/pybind11-2.5.0-py2.py3-none-any.whl#sha256=205d9f9615eac190811cb8c3c2b2f95f6844ddba0fa0a1d45d00793338741601 from build tracker '/tmp/pip-req-tracker-4g9cr9c4'
Installing collected packages: pybind11
  Created temporary directory: /tmp/pip-unpacked-wheel-m2gac4cg

ERROR: Could not install packages due to an EnvironmentError.
Consider using the `--user` option or check the permissions.
Traceback (most recent call last):
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 393, in run
    installed = install_given_reqs(
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/req/__init__.py", line 71, in install_given_reqs
    requirement.install(
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/req/req_install.py", line 819, in install
    install_wheel(
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/operations/install/wheel.py", line 683, in install_wheel
    install_unpacked_wheel(
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/operations/install/wheel.py", line 497, in install_unpacked_wheel
    clobber(
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/operations/install/wheel.py", line 404, in clobber
    ensure_dir(dest)  # common for the 'include' path
  File "/opt/venv/lib/python3.8/site-packages/pip/_internal/utils/misc.py", line 111, in ensure_dir
    os.makedirs(path)
  File "/usr/local/lib/python3.8/os.py", line 213, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.8/os.py", line 213, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/local/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/opt/venv/include/site'
Removed build tracker: '/tmp/pip-req-tracker-4g9cr9c4'
The command '/bin/sh -c /opt/venv/bin/python -m pip -vvv install --prefix $HOME/writable pybind11' returned a non-zero code: 1
@triage-new-issues triage-new-issues bot added the S: needs triage Issues/PRs that need to be triaged label Jul 2, 2020
@uranusjr
Copy link
Member

uranusjr commented Jul 3, 2020

From a quick glance, it seems like something in the wheel installation logic does not correctly respect --prefix, and wants to install into the “real” scheme of the host Python. I’m guessing similar flags like --target may also have the same issue.

@chrahunt
Copy link
Member

chrahunt commented Jul 7, 2020

Here we unconditionally use sys.prefix when calculating the header path when running under virtualenv (or venv). That's definitely not the right thing to do when someone provides --prefix explicitly. I don't have a good answer for what we should do, though.

@uranusjr
Copy link
Member

uranusjr commented Jul 7, 2020

The prefix argument looks suspecious…

bors bot added a commit to duckinator/emanate that referenced this issue Dec 1, 2020
195: Update pip to 20.3 r=duckinator a=pyup-bot


This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**.



<details>
  <summary>Changelog</summary>
  
  
   ### 20.3
   ```
   - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 &lt;https://github.com/pypa/pip/issues/8546&gt;`_, `8377 &lt;https://github.com/pypa/pip/issues/8377&gt;`_)
- Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 &lt;https://github.com/pypa/pip/issues/6741&gt;`_)
- Warn if index pages have unexpected content-type (`6754 &lt;https://github.com/pypa/pip/issues/6754&gt;`_)
- Allow specifying ``--prefer-binary`` option in a requirements file (`7693 &lt;https://github.com/pypa/pip/issues/7693&gt;`_)
- Generate PEP 376 REQUESTED metadata for user supplied requirements installed
  by pip. (`7811 &lt;https://github.com/pypa/pip/issues/7811&gt;`_)
- Warn if package url is a vcs or an archive url with invalid scheme (`8128 &lt;https://github.com/pypa/pip/issues/8128&gt;`_)
- Parallelize network operations in ``pip list``. (`8504 &lt;https://github.com/pypa/pip/issues/8504&gt;`_)
- Allow the new resolver to obtain dependency information through wheels
  lazily downloaded using HTTP range requests.  To enable this feature,
  invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 &lt;https://github.com/pypa/pip/issues/8588&gt;`_)
- Support ``--use-feature`` in requirements files (`8601 &lt;https://github.com/pypa/pip/issues/8601&gt;`_)

Bug Fixes
---------

- Use canonical package names while looking up already installed packages. (`5021 &lt;https://github.com/pypa/pip/issues/5021&gt;`_)
- Fix normalizing path on Windows when installing package on another logical disk. (`7625 &lt;https://github.com/pypa/pip/issues/7625&gt;`_)
- The VCS commands run by pip as subprocesses don&#39;t merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 &lt;https://github.com/pypa/pip/issues/7968&gt;`_)
- Correctly treat non-ASCII entry point declarations in wheels so they can be
  installed on Windows. (`8342 &lt;https://github.com/pypa/pip/issues/8342&gt;`_)
- Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 &lt;https://github.com/pypa/pip/issues/8454&gt;`_)
- Headers provided by wheels in .data directories are now correctly installed
  into the user-provided locations, such as ``--prefix``, instead of the virtual
  environment pip is running in. (`8521 &lt;https://github.com/pypa/pip/issues/8521&gt;`_)

Vendored Libraries
------------------

- Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
- Upgrade appdirs to 1.4.4
- Upgrade certifi to 2020.6.20
- Upgrade distlib to 0.3.1
- Upgrade html5lib to 1.1
- Upgrade idna to 2.10
- Upgrade packaging to 20.4
- Upgrade requests to 2.24.0
- Upgrade six to 1.15.0
- Upgrade toml to 0.10.1
- Upgrade urllib3 to 1.25.9

Improved Documentation
----------------------

- Add ``--no-input`` option to pip docs (`7688 &lt;https://github.com/pypa/pip/issues/7688&gt;`_)
- List of options supported in requirements file are extracted from source of truth,
  instead of being maintained manually. (`7908 &lt;https://github.com/pypa/pip/issues/7908&gt;`_)
- Fix pip config docstring so that the subcommands render correctly in the docs (`8072 &lt;https://github.com/pypa/pip/issues/8072&gt;`_)
- replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 &lt;https://github.com/pypa/pip/issues/8353&gt;`_)
- Fix example for defining multiple values for options which support them (`8373 &lt;https://github.com/pypa/pip/issues/8373&gt;`_)
- Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 &lt;https://github.com/pypa/pip/issues/8459&gt;`_)
- Add feature flags to docs (`8512 &lt;https://github.com/pypa/pip/issues/8512&gt;`_)
- Document how to install package extras from git branch and source distributions. (`8576 &lt;https://github.com/pypa/pip/issues/8576&gt;`_)
   ```
   
  
  
   ### 20.3b1
   ```
   ===================

Deprecations and Removals
-------------------------

- ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version.
  To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Deprecate support for Python 3.5 (`8181 &lt;https://github.com/pypa/pip/issues/8181&gt;`_)
- Document that certain removals can be fast tracked. (`8417 &lt;https://github.com/pypa/pip/issues/8417&gt;`_)
- Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 &lt;https://github.com/pypa/pip/issues/8927&gt;`_)
- Deprecate ``--find-links`` option in ``pip freeze`` (`9069 &lt;https://github.com/pypa/pip/issues/9069&gt;`_)

Features
--------

- Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Allow multiple values for --abi and --platform. (`6121 &lt;https://github.com/pypa/pip/issues/6121&gt;`_)
- Add option ``--format`` to subcommand ``list`` of ``pip  cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 &lt;https://github.com/pypa/pip/issues/8355&gt;`_)
- Improve error message friendliness when an environment has packages with
  corrupted metadata. (`8676 &lt;https://github.com/pypa/pip/issues/8676&gt;`_)
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
  when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
  situations where both fails are most probably irrelevant to this deprecation. (`8752 &lt;https://github.com/pypa/pip/issues/8752&gt;`_)
- Check the download directory for existing wheels to possibly avoid
  fetching metadata when the ``fast-deps`` feature is used with
  ``pip wheel`` and ``pip download``. (`8804 &lt;https://github.com/pypa/pip/issues/8804&gt;`_)
- When installing a git URL that refers to a commit that is not available locally
  after git clone, attempt to fetch it from the remote. (`8815 &lt;https://github.com/pypa/pip/issues/8815&gt;`_)
- Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 &lt;https://github.com/pypa/pip/issues/8892&gt;`_)
- Cache package listings on index packages so they are guarenteed to stay stable
  during a pip command session. This also improves performance when a index page
  is accessed multiple times during the command session. (`8905 &lt;https://github.com/pypa/pip/issues/8905&gt;`_)
- New resolver: Tweak resolution logic to improve user experience when
  user-supplied requirements conflict. (`8924 &lt;https://github.com/pypa/pip/issues/8924&gt;`_)
- Support Python 3.9. (`8971 &lt;https://github.com/pypa/pip/issues/8971&gt;`_)
- Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 &lt;https://github.com/pypa/pip/issues/8975&gt;`_)
- Switch to the new dependency resolver by default. (`9019 &lt;https://github.com/pypa/pip/issues/9019&gt;`_)
- Remove the ``--build-dir`` option, as per the deprecation. (`9049 &lt;https://github.com/pypa/pip/issues/9049&gt;`_)

Bug Fixes
---------

- Propagate ``--extra-index-url`` from requirements file properly to session auth,
  so that keyring auth will work as expected. (`8103 &lt;https://github.com/pypa/pip/issues/8103&gt;`_)
- Allow specifying verbosity and quiet level via configuration files
  and environment variables. Previously these options were treated as
  boolean values when read from there while through CLI the level can be
  specified. (`8578 &lt;https://github.com/pypa/pip/issues/8578&gt;`_)
- Only converts Windows path to unicode on Python 2 to avoid regressions when a
  POSIX environment does not configure the file system encoding correctly. (`8658 &lt;https://github.com/pypa/pip/issues/8658&gt;`_)
- List downloaded distributions before exiting ``pip download``
  when using the new resolver to make the behavior the same as
  that on the legacy resolver. (`8696 &lt;https://github.com/pypa/pip/issues/8696&gt;`_)
- New resolver: Pick up hash declarations in constraints files and use them to
  filter available distributions. (`8792 &lt;https://github.com/pypa/pip/issues/8792&gt;`_)
- Avoid polluting the destination directory by resolution artifacts
  when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 &lt;https://github.com/pypa/pip/issues/8827&gt;`_)
- New resolver: If a package appears multiple times in user specification with
  different ``--hash`` options, only hashes that present in all specifications
  should be allowed. (`8839 &lt;https://github.com/pypa/pip/issues/8839&gt;`_)
- Tweak the output during dependency resolution in the new resolver. (`8861 &lt;https://github.com/pypa/pip/issues/8861&gt;`_)
- Correctly search for installed distributions in new resolver logic in order
  to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 &lt;https://github.com/pypa/pip/issues/8963&gt;`_)
- Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file
  with editable=True. Render it as a non-editable ``file://`` URL until modern
  editable installs are standardized and supported. (`8996 &lt;https://github.com/pypa/pip/issues/8996&gt;`_)

Vendored Libraries
------------------

- Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed.
  It is mandatory for ``pip debug`` command.

Improved Documentation
----------------------

- Add documentation for &#39;.netrc&#39; support. (`7231 &lt;https://github.com/pypa/pip/issues/7231&gt;`_)
- Add OS tabs for OS-specific commands. (`7311 &lt;https://github.com/pypa/pip/issues/7311&gt;`_)
- Add note and example on keyring support for index basic-auth (`8636 &lt;https://github.com/pypa/pip/issues/8636&gt;`_)
- Added initial UX feedback widgets to docs. (`8783 &lt;https://github.com/pypa/pip/issues/8783&gt;`_, `8848 &lt;https://github.com/pypa/pip/issues/8848&gt;`_)
- Add ux documentation (`8807 &lt;https://github.com/pypa/pip/issues/8807&gt;`_)
- Update user docs to reflect new resolver as default in 20.3. (`9044 &lt;https://github.com/pypa/pip/issues/9044&gt;`_)
- Improve migration guide to reflect changes in new resolver behavior. (`9056 &lt;https://github.com/pypa/pip/issues/9056&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
bors bot added a commit to duckinator/emanate that referenced this issue Dec 1, 2020
195: Update pip to 20.3 r=duckinator a=pyup-bot


This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**.



<details>
  <summary>Changelog</summary>
  
  
   ### 20.3
   ```
   - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 &lt;https://github.com/pypa/pip/issues/8546&gt;`_, `8377 &lt;https://github.com/pypa/pip/issues/8377&gt;`_)
- Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 &lt;https://github.com/pypa/pip/issues/6741&gt;`_)
- Warn if index pages have unexpected content-type (`6754 &lt;https://github.com/pypa/pip/issues/6754&gt;`_)
- Allow specifying ``--prefer-binary`` option in a requirements file (`7693 &lt;https://github.com/pypa/pip/issues/7693&gt;`_)
- Generate PEP 376 REQUESTED metadata for user supplied requirements installed
  by pip. (`7811 &lt;https://github.com/pypa/pip/issues/7811&gt;`_)
- Warn if package url is a vcs or an archive url with invalid scheme (`8128 &lt;https://github.com/pypa/pip/issues/8128&gt;`_)
- Parallelize network operations in ``pip list``. (`8504 &lt;https://github.com/pypa/pip/issues/8504&gt;`_)
- Allow the new resolver to obtain dependency information through wheels
  lazily downloaded using HTTP range requests.  To enable this feature,
  invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 &lt;https://github.com/pypa/pip/issues/8588&gt;`_)
- Support ``--use-feature`` in requirements files (`8601 &lt;https://github.com/pypa/pip/issues/8601&gt;`_)

Bug Fixes
---------

- Use canonical package names while looking up already installed packages. (`5021 &lt;https://github.com/pypa/pip/issues/5021&gt;`_)
- Fix normalizing path on Windows when installing package on another logical disk. (`7625 &lt;https://github.com/pypa/pip/issues/7625&gt;`_)
- The VCS commands run by pip as subprocesses don&#39;t merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 &lt;https://github.com/pypa/pip/issues/7968&gt;`_)
- Correctly treat non-ASCII entry point declarations in wheels so they can be
  installed on Windows. (`8342 &lt;https://github.com/pypa/pip/issues/8342&gt;`_)
- Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 &lt;https://github.com/pypa/pip/issues/8454&gt;`_)
- Headers provided by wheels in .data directories are now correctly installed
  into the user-provided locations, such as ``--prefix``, instead of the virtual
  environment pip is running in. (`8521 &lt;https://github.com/pypa/pip/issues/8521&gt;`_)

Vendored Libraries
------------------

- Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
- Upgrade appdirs to 1.4.4
- Upgrade certifi to 2020.6.20
- Upgrade distlib to 0.3.1
- Upgrade html5lib to 1.1
- Upgrade idna to 2.10
- Upgrade packaging to 20.4
- Upgrade requests to 2.24.0
- Upgrade six to 1.15.0
- Upgrade toml to 0.10.1
- Upgrade urllib3 to 1.25.9

Improved Documentation
----------------------

- Add ``--no-input`` option to pip docs (`7688 &lt;https://github.com/pypa/pip/issues/7688&gt;`_)
- List of options supported in requirements file are extracted from source of truth,
  instead of being maintained manually. (`7908 &lt;https://github.com/pypa/pip/issues/7908&gt;`_)
- Fix pip config docstring so that the subcommands render correctly in the docs (`8072 &lt;https://github.com/pypa/pip/issues/8072&gt;`_)
- replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 &lt;https://github.com/pypa/pip/issues/8353&gt;`_)
- Fix example for defining multiple values for options which support them (`8373 &lt;https://github.com/pypa/pip/issues/8373&gt;`_)
- Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 &lt;https://github.com/pypa/pip/issues/8459&gt;`_)
- Add feature flags to docs (`8512 &lt;https://github.com/pypa/pip/issues/8512&gt;`_)
- Document how to install package extras from git branch and source distributions. (`8576 &lt;https://github.com/pypa/pip/issues/8576&gt;`_)
   ```
   
  
  
   ### 20.3b1
   ```
   ===================

Deprecations and Removals
-------------------------

- ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version.
  To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Deprecate support for Python 3.5 (`8181 &lt;https://github.com/pypa/pip/issues/8181&gt;`_)
- Document that certain removals can be fast tracked. (`8417 &lt;https://github.com/pypa/pip/issues/8417&gt;`_)
- Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 &lt;https://github.com/pypa/pip/issues/8927&gt;`_)
- Deprecate ``--find-links`` option in ``pip freeze`` (`9069 &lt;https://github.com/pypa/pip/issues/9069&gt;`_)

Features
--------

- Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Allow multiple values for --abi and --platform. (`6121 &lt;https://github.com/pypa/pip/issues/6121&gt;`_)
- Add option ``--format`` to subcommand ``list`` of ``pip  cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 &lt;https://github.com/pypa/pip/issues/8355&gt;`_)
- Improve error message friendliness when an environment has packages with
  corrupted metadata. (`8676 &lt;https://github.com/pypa/pip/issues/8676&gt;`_)
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
  when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
  situations where both fails are most probably irrelevant to this deprecation. (`8752 &lt;https://github.com/pypa/pip/issues/8752&gt;`_)
- Check the download directory for existing wheels to possibly avoid
  fetching metadata when the ``fast-deps`` feature is used with
  ``pip wheel`` and ``pip download``. (`8804 &lt;https://github.com/pypa/pip/issues/8804&gt;`_)
- When installing a git URL that refers to a commit that is not available locally
  after git clone, attempt to fetch it from the remote. (`8815 &lt;https://github.com/pypa/pip/issues/8815&gt;`_)
- Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 &lt;https://github.com/pypa/pip/issues/8892&gt;`_)
- Cache package listings on index packages so they are guarenteed to stay stable
  during a pip command session. This also improves performance when a index page
  is accessed multiple times during the command session. (`8905 &lt;https://github.com/pypa/pip/issues/8905&gt;`_)
- New resolver: Tweak resolution logic to improve user experience when
  user-supplied requirements conflict. (`8924 &lt;https://github.com/pypa/pip/issues/8924&gt;`_)
- Support Python 3.9. (`8971 &lt;https://github.com/pypa/pip/issues/8971&gt;`_)
- Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 &lt;https://github.com/pypa/pip/issues/8975&gt;`_)
- Switch to the new dependency resolver by default. (`9019 &lt;https://github.com/pypa/pip/issues/9019&gt;`_)
- Remove the ``--build-dir`` option, as per the deprecation. (`9049 &lt;https://github.com/pypa/pip/issues/9049&gt;`_)

Bug Fixes
---------

- Propagate ``--extra-index-url`` from requirements file properly to session auth,
  so that keyring auth will work as expected. (`8103 &lt;https://github.com/pypa/pip/issues/8103&gt;`_)
- Allow specifying verbosity and quiet level via configuration files
  and environment variables. Previously these options were treated as
  boolean values when read from there while through CLI the level can be
  specified. (`8578 &lt;https://github.com/pypa/pip/issues/8578&gt;`_)
- Only converts Windows path to unicode on Python 2 to avoid regressions when a
  POSIX environment does not configure the file system encoding correctly. (`8658 &lt;https://github.com/pypa/pip/issues/8658&gt;`_)
- List downloaded distributions before exiting ``pip download``
  when using the new resolver to make the behavior the same as
  that on the legacy resolver. (`8696 &lt;https://github.com/pypa/pip/issues/8696&gt;`_)
- New resolver: Pick up hash declarations in constraints files and use them to
  filter available distributions. (`8792 &lt;https://github.com/pypa/pip/issues/8792&gt;`_)
- Avoid polluting the destination directory by resolution artifacts
  when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 &lt;https://github.com/pypa/pip/issues/8827&gt;`_)
- New resolver: If a package appears multiple times in user specification with
  different ``--hash`` options, only hashes that present in all specifications
  should be allowed. (`8839 &lt;https://github.com/pypa/pip/issues/8839&gt;`_)
- Tweak the output during dependency resolution in the new resolver. (`8861 &lt;https://github.com/pypa/pip/issues/8861&gt;`_)
- Correctly search for installed distributions in new resolver logic in order
  to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 &lt;https://github.com/pypa/pip/issues/8963&gt;`_)
- Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file
  with editable=True. Render it as a non-editable ``file://`` URL until modern
  editable installs are standardized and supported. (`8996 &lt;https://github.com/pypa/pip/issues/8996&gt;`_)

Vendored Libraries
------------------

- Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed.
  It is mandatory for ``pip debug`` command.

Improved Documentation
----------------------

- Add documentation for &#39;.netrc&#39; support. (`7231 &lt;https://github.com/pypa/pip/issues/7231&gt;`_)
- Add OS tabs for OS-specific commands. (`7311 &lt;https://github.com/pypa/pip/issues/7311&gt;`_)
- Add note and example on keyring support for index basic-auth (`8636 &lt;https://github.com/pypa/pip/issues/8636&gt;`_)
- Added initial UX feedback widgets to docs. (`8783 &lt;https://github.com/pypa/pip/issues/8783&gt;`_, `8848 &lt;https://github.com/pypa/pip/issues/8848&gt;`_)
- Add ux documentation (`8807 &lt;https://github.com/pypa/pip/issues/8807&gt;`_)
- Update user docs to reflect new resolver as default in 20.3. (`9044 &lt;https://github.com/pypa/pip/issues/9044&gt;`_)
- Improve migration guide to reflect changes in new resolver behavior. (`9056 &lt;https://github.com/pypa/pip/issues/9056&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
bors bot added a commit to duckinator/emanate that referenced this issue Dec 1, 2020
195: Update pip to 20.3 r=duckinator a=pyup-bot


This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3**.



<details>
  <summary>Changelog</summary>
  
  
   ### 20.3
   ```
   - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 &lt;https://github.com/pypa/pip/issues/8546&gt;`_, `8377 &lt;https://github.com/pypa/pip/issues/8377&gt;`_)
- Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 &lt;https://github.com/pypa/pip/issues/6741&gt;`_)
- Warn if index pages have unexpected content-type (`6754 &lt;https://github.com/pypa/pip/issues/6754&gt;`_)
- Allow specifying ``--prefer-binary`` option in a requirements file (`7693 &lt;https://github.com/pypa/pip/issues/7693&gt;`_)
- Generate PEP 376 REQUESTED metadata for user supplied requirements installed
  by pip. (`7811 &lt;https://github.com/pypa/pip/issues/7811&gt;`_)
- Warn if package url is a vcs or an archive url with invalid scheme (`8128 &lt;https://github.com/pypa/pip/issues/8128&gt;`_)
- Parallelize network operations in ``pip list``. (`8504 &lt;https://github.com/pypa/pip/issues/8504&gt;`_)
- Allow the new resolver to obtain dependency information through wheels
  lazily downloaded using HTTP range requests.  To enable this feature,
  invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 &lt;https://github.com/pypa/pip/issues/8588&gt;`_)
- Support ``--use-feature`` in requirements files (`8601 &lt;https://github.com/pypa/pip/issues/8601&gt;`_)

Bug Fixes
---------

- Use canonical package names while looking up already installed packages. (`5021 &lt;https://github.com/pypa/pip/issues/5021&gt;`_)
- Fix normalizing path on Windows when installing package on another logical disk. (`7625 &lt;https://github.com/pypa/pip/issues/7625&gt;`_)
- The VCS commands run by pip as subprocesses don&#39;t merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 &lt;https://github.com/pypa/pip/issues/7968&gt;`_)
- Correctly treat non-ASCII entry point declarations in wheels so they can be
  installed on Windows. (`8342 &lt;https://github.com/pypa/pip/issues/8342&gt;`_)
- Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 &lt;https://github.com/pypa/pip/issues/8454&gt;`_)
- Headers provided by wheels in .data directories are now correctly installed
  into the user-provided locations, such as ``--prefix``, instead of the virtual
  environment pip is running in. (`8521 &lt;https://github.com/pypa/pip/issues/8521&gt;`_)

Vendored Libraries
------------------

- Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
- Upgrade appdirs to 1.4.4
- Upgrade certifi to 2020.6.20
- Upgrade distlib to 0.3.1
- Upgrade html5lib to 1.1
- Upgrade idna to 2.10
- Upgrade packaging to 20.4
- Upgrade requests to 2.24.0
- Upgrade six to 1.15.0
- Upgrade toml to 0.10.1
- Upgrade urllib3 to 1.25.9

Improved Documentation
----------------------

- Add ``--no-input`` option to pip docs (`7688 &lt;https://github.com/pypa/pip/issues/7688&gt;`_)
- List of options supported in requirements file are extracted from source of truth,
  instead of being maintained manually. (`7908 &lt;https://github.com/pypa/pip/issues/7908&gt;`_)
- Fix pip config docstring so that the subcommands render correctly in the docs (`8072 &lt;https://github.com/pypa/pip/issues/8072&gt;`_)
- replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 &lt;https://github.com/pypa/pip/issues/8353&gt;`_)
- Fix example for defining multiple values for options which support them (`8373 &lt;https://github.com/pypa/pip/issues/8373&gt;`_)
- Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 &lt;https://github.com/pypa/pip/issues/8459&gt;`_)
- Add feature flags to docs (`8512 &lt;https://github.com/pypa/pip/issues/8512&gt;`_)
- Document how to install package extras from git branch and source distributions. (`8576 &lt;https://github.com/pypa/pip/issues/8576&gt;`_)
   ```
   
  
  
   ### 20.3b1
   ```
   ===================

Deprecations and Removals
-------------------------

- ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version.
  To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Deprecate support for Python 3.5 (`8181 &lt;https://github.com/pypa/pip/issues/8181&gt;`_)
- Document that certain removals can be fast tracked. (`8417 &lt;https://github.com/pypa/pip/issues/8417&gt;`_)
- Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 &lt;https://github.com/pypa/pip/issues/8927&gt;`_)
- Deprecate ``--find-links`` option in ``pip freeze`` (`9069 &lt;https://github.com/pypa/pip/issues/9069&gt;`_)

Features
--------

- Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Allow multiple values for --abi and --platform. (`6121 &lt;https://github.com/pypa/pip/issues/6121&gt;`_)
- Add option ``--format`` to subcommand ``list`` of ``pip  cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 &lt;https://github.com/pypa/pip/issues/8355&gt;`_)
- Improve error message friendliness when an environment has packages with
  corrupted metadata. (`8676 &lt;https://github.com/pypa/pip/issues/8676&gt;`_)
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
  when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
  situations where both fails are most probably irrelevant to this deprecation. (`8752 &lt;https://github.com/pypa/pip/issues/8752&gt;`_)
- Check the download directory for existing wheels to possibly avoid
  fetching metadata when the ``fast-deps`` feature is used with
  ``pip wheel`` and ``pip download``. (`8804 &lt;https://github.com/pypa/pip/issues/8804&gt;`_)
- When installing a git URL that refers to a commit that is not available locally
  after git clone, attempt to fetch it from the remote. (`8815 &lt;https://github.com/pypa/pip/issues/8815&gt;`_)
- Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 &lt;https://github.com/pypa/pip/issues/8892&gt;`_)
- Cache package listings on index packages so they are guarenteed to stay stable
  during a pip command session. This also improves performance when a index page
  is accessed multiple times during the command session. (`8905 &lt;https://github.com/pypa/pip/issues/8905&gt;`_)
- New resolver: Tweak resolution logic to improve user experience when
  user-supplied requirements conflict. (`8924 &lt;https://github.com/pypa/pip/issues/8924&gt;`_)
- Support Python 3.9. (`8971 &lt;https://github.com/pypa/pip/issues/8971&gt;`_)
- Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 &lt;https://github.com/pypa/pip/issues/8975&gt;`_)
- Switch to the new dependency resolver by default. (`9019 &lt;https://github.com/pypa/pip/issues/9019&gt;`_)
- Remove the ``--build-dir`` option, as per the deprecation. (`9049 &lt;https://github.com/pypa/pip/issues/9049&gt;`_)

Bug Fixes
---------

- Propagate ``--extra-index-url`` from requirements file properly to session auth,
  so that keyring auth will work as expected. (`8103 &lt;https://github.com/pypa/pip/issues/8103&gt;`_)
- Allow specifying verbosity and quiet level via configuration files
  and environment variables. Previously these options were treated as
  boolean values when read from there while through CLI the level can be
  specified. (`8578 &lt;https://github.com/pypa/pip/issues/8578&gt;`_)
- Only converts Windows path to unicode on Python 2 to avoid regressions when a
  POSIX environment does not configure the file system encoding correctly. (`8658 &lt;https://github.com/pypa/pip/issues/8658&gt;`_)
- List downloaded distributions before exiting ``pip download``
  when using the new resolver to make the behavior the same as
  that on the legacy resolver. (`8696 &lt;https://github.com/pypa/pip/issues/8696&gt;`_)
- New resolver: Pick up hash declarations in constraints files and use them to
  filter available distributions. (`8792 &lt;https://github.com/pypa/pip/issues/8792&gt;`_)
- Avoid polluting the destination directory by resolution artifacts
  when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 &lt;https://github.com/pypa/pip/issues/8827&gt;`_)
- New resolver: If a package appears multiple times in user specification with
  different ``--hash`` options, only hashes that present in all specifications
  should be allowed. (`8839 &lt;https://github.com/pypa/pip/issues/8839&gt;`_)
- Tweak the output during dependency resolution in the new resolver. (`8861 &lt;https://github.com/pypa/pip/issues/8861&gt;`_)
- Correctly search for installed distributions in new resolver logic in order
  to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 &lt;https://github.com/pypa/pip/issues/8963&gt;`_)
- Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file
  with editable=True. Render it as a non-editable ``file://`` URL until modern
  editable installs are standardized and supported. (`8996 &lt;https://github.com/pypa/pip/issues/8996&gt;`_)

Vendored Libraries
------------------

- Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed.
  It is mandatory for ``pip debug`` command.

Improved Documentation
----------------------

- Add documentation for &#39;.netrc&#39; support. (`7231 &lt;https://github.com/pypa/pip/issues/7231&gt;`_)
- Add OS tabs for OS-specific commands. (`7311 &lt;https://github.com/pypa/pip/issues/7311&gt;`_)
- Add note and example on keyring support for index basic-auth (`8636 &lt;https://github.com/pypa/pip/issues/8636&gt;`_)
- Added initial UX feedback widgets to docs. (`8783 &lt;https://github.com/pypa/pip/issues/8783&gt;`_, `8848 &lt;https://github.com/pypa/pip/issues/8848&gt;`_)
- Add ux documentation (`8807 &lt;https://github.com/pypa/pip/issues/8807&gt;`_)
- Update user docs to reflect new resolver as default in 20.3. (`9044 &lt;https://github.com/pypa/pip/issues/9044&gt;`_)
- Improve migration guide to reflect changes in new resolver behavior. (`9056 &lt;https://github.com/pypa/pip/issues/9056&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
bors bot added a commit to duckinator/emanate that referenced this issue Dec 4, 2020
194: Update pytest-pylint to 0.18.0 r=duckinator a=pyup-bot


This PR updates [pytest-pylint](https://pypi.org/project/pytest-pylint) from **0.17.0** to **0.18.0**.



*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pytest-pylint
  - Changelog: https://pyup.io/changelogs/pytest-pylint/
  - Repo: https://github.com/carsongee/pytest-pylint
</details>



197: Update pip to 20.3.1 r=duckinator a=pyup-bot


This PR updates [pip](https://pypi.org/project/pip) from **20.2.4** to **20.3.1**.



<details>
  <summary>Changelog</summary>
  
  
   ### 20.3.1
   ```
   ===================

Deprecations and Removals
-------------------------

- The --build-dir option has been restored as a no-op, to soften the transition
  for tools that still used it. (`9193 &lt;https://github.com/pypa/pip/issues/9193&gt;`_)
   ```
   
  
  
   ### 20.3
   ```
   - Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (`8546 &lt;https://github.com/pypa/pip/issues/8546&gt;`_, `8377 &lt;https://github.com/pypa/pip/issues/8377&gt;`_)
- Add a subcommand ``debug`` to ``pip config`` to list available configuration sources and the key-value pairs defined in them. (`6741 &lt;https://github.com/pypa/pip/issues/6741&gt;`_)
- Warn if index pages have unexpected content-type (`6754 &lt;https://github.com/pypa/pip/issues/6754&gt;`_)
- Allow specifying ``--prefer-binary`` option in a requirements file (`7693 &lt;https://github.com/pypa/pip/issues/7693&gt;`_)
- Generate PEP 376 REQUESTED metadata for user supplied requirements installed
  by pip. (`7811 &lt;https://github.com/pypa/pip/issues/7811&gt;`_)
- Warn if package url is a vcs or an archive url with invalid scheme (`8128 &lt;https://github.com/pypa/pip/issues/8128&gt;`_)
- Parallelize network operations in ``pip list``. (`8504 &lt;https://github.com/pypa/pip/issues/8504&gt;`_)
- Allow the new resolver to obtain dependency information through wheels
  lazily downloaded using HTTP range requests.  To enable this feature,
  invoke ``pip`` with ``--use-feature=fast-deps``. (`8588 &lt;https://github.com/pypa/pip/issues/8588&gt;`_)
- Support ``--use-feature`` in requirements files (`8601 &lt;https://github.com/pypa/pip/issues/8601&gt;`_)

Bug Fixes
---------

- Use canonical package names while looking up already installed packages. (`5021 &lt;https://github.com/pypa/pip/issues/5021&gt;`_)
- Fix normalizing path on Windows when installing package on another logical disk. (`7625 &lt;https://github.com/pypa/pip/issues/7625&gt;`_)
- The VCS commands run by pip as subprocesses don&#39;t merge stdout and stderr anymore, improving the output parsing by subsequent commands. (`7968 &lt;https://github.com/pypa/pip/issues/7968&gt;`_)
- Correctly treat non-ASCII entry point declarations in wheels so they can be
  installed on Windows. (`8342 &lt;https://github.com/pypa/pip/issues/8342&gt;`_)
- Update author email in config and tests to reflect decommissioning of pypa-dev list. (`8454 &lt;https://github.com/pypa/pip/issues/8454&gt;`_)
- Headers provided by wheels in .data directories are now correctly installed
  into the user-provided locations, such as ``--prefix``, instead of the virtual
  environment pip is running in. (`8521 &lt;https://github.com/pypa/pip/issues/8521&gt;`_)

Vendored Libraries
------------------

- Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
- Upgrade appdirs to 1.4.4
- Upgrade certifi to 2020.6.20
- Upgrade distlib to 0.3.1
- Upgrade html5lib to 1.1
- Upgrade idna to 2.10
- Upgrade packaging to 20.4
- Upgrade requests to 2.24.0
- Upgrade six to 1.15.0
- Upgrade toml to 0.10.1
- Upgrade urllib3 to 1.25.9

Improved Documentation
----------------------

- Add ``--no-input`` option to pip docs (`7688 &lt;https://github.com/pypa/pip/issues/7688&gt;`_)
- List of options supported in requirements file are extracted from source of truth,
  instead of being maintained manually. (`7908 &lt;https://github.com/pypa/pip/issues/7908&gt;`_)
- Fix pip config docstring so that the subcommands render correctly in the docs (`8072 &lt;https://github.com/pypa/pip/issues/8072&gt;`_)
- replace links to the old pypa-dev mailing list with https://mail.python.org/mailman3/lists/distutils-sig.python.org/ (`8353 &lt;https://github.com/pypa/pip/issues/8353&gt;`_)
- Fix example for defining multiple values for options which support them (`8373 &lt;https://github.com/pypa/pip/issues/8373&gt;`_)
- Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (`8459 &lt;https://github.com/pypa/pip/issues/8459&gt;`_)
- Add feature flags to docs (`8512 &lt;https://github.com/pypa/pip/issues/8512&gt;`_)
- Document how to install package extras from git branch and source distributions. (`8576 &lt;https://github.com/pypa/pip/issues/8576&gt;`_)
   ```
   
  
  
   ### 20.3b1
   ```
   ===================

Deprecations and Removals
-------------------------

- ``pip freeze`` will stop filtering the ``pip``, ``setuptools``, ``distribute`` and ``wheel`` packages from ``pip freeze`` output in a future version.
  To keep the previous behavior, users should use the new ``--exclude`` option. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Deprecate support for Python 3.5 (`8181 &lt;https://github.com/pypa/pip/issues/8181&gt;`_)
- Document that certain removals can be fast tracked. (`8417 &lt;https://github.com/pypa/pip/issues/8417&gt;`_)
- Document that Python versions are generally supported until PyPI usage falls below 5%. (`8927 &lt;https://github.com/pypa/pip/issues/8927&gt;`_)
- Deprecate ``--find-links`` option in ``pip freeze`` (`9069 &lt;https://github.com/pypa/pip/issues/9069&gt;`_)

Features
--------

- Add ``--exclude`` option to ``pip freeze`` and ``pip list`` commands to explicitly exclude packages from the output. (`4256 &lt;https://github.com/pypa/pip/issues/4256&gt;`_)
- Allow multiple values for --abi and --platform. (`6121 &lt;https://github.com/pypa/pip/issues/6121&gt;`_)
- Add option ``--format`` to subcommand ``list`` of ``pip  cache``, with ``abspath`` choice to output the full path of a wheel file. (`8355 &lt;https://github.com/pypa/pip/issues/8355&gt;`_)
- Improve error message friendliness when an environment has packages with
  corrupted metadata. (`8676 &lt;https://github.com/pypa/pip/issues/8676&gt;`_)
- Make the ``setup.py install`` deprecation warning less noisy. We warn only
  when ``setup.py install`` succeeded and ``setup.py bdist_wheel`` failed, as
  situations where both fails are most probably irrelevant to this deprecation. (`8752 &lt;https://github.com/pypa/pip/issues/8752&gt;`_)
- Check the download directory for existing wheels to possibly avoid
  fetching metadata when the ``fast-deps`` feature is used with
  ``pip wheel`` and ``pip download``. (`8804 &lt;https://github.com/pypa/pip/issues/8804&gt;`_)
- When installing a git URL that refers to a commit that is not available locally
  after git clone, attempt to fetch it from the remote. (`8815 &lt;https://github.com/pypa/pip/issues/8815&gt;`_)
- Include http subdirectory in ``pip cache info`` and ``pip cache purge`` commands. (`8892 &lt;https://github.com/pypa/pip/issues/8892&gt;`_)
- Cache package listings on index packages so they are guarenteed to stay stable
  during a pip command session. This also improves performance when a index page
  is accessed multiple times during the command session. (`8905 &lt;https://github.com/pypa/pip/issues/8905&gt;`_)
- New resolver: Tweak resolution logic to improve user experience when
  user-supplied requirements conflict. (`8924 &lt;https://github.com/pypa/pip/issues/8924&gt;`_)
- Support Python 3.9. (`8971 &lt;https://github.com/pypa/pip/issues/8971&gt;`_)
- Log an informational message when backtracking takes multiple rounds on a specific package. (`8975 &lt;https://github.com/pypa/pip/issues/8975&gt;`_)
- Switch to the new dependency resolver by default. (`9019 &lt;https://github.com/pypa/pip/issues/9019&gt;`_)
- Remove the ``--build-dir`` option, as per the deprecation. (`9049 &lt;https://github.com/pypa/pip/issues/9049&gt;`_)

Bug Fixes
---------

- Propagate ``--extra-index-url`` from requirements file properly to session auth,
  so that keyring auth will work as expected. (`8103 &lt;https://github.com/pypa/pip/issues/8103&gt;`_)
- Allow specifying verbosity and quiet level via configuration files
  and environment variables. Previously these options were treated as
  boolean values when read from there while through CLI the level can be
  specified. (`8578 &lt;https://github.com/pypa/pip/issues/8578&gt;`_)
- Only converts Windows path to unicode on Python 2 to avoid regressions when a
  POSIX environment does not configure the file system encoding correctly. (`8658 &lt;https://github.com/pypa/pip/issues/8658&gt;`_)
- List downloaded distributions before exiting ``pip download``
  when using the new resolver to make the behavior the same as
  that on the legacy resolver. (`8696 &lt;https://github.com/pypa/pip/issues/8696&gt;`_)
- New resolver: Pick up hash declarations in constraints files and use them to
  filter available distributions. (`8792 &lt;https://github.com/pypa/pip/issues/8792&gt;`_)
- Avoid polluting the destination directory by resolution artifacts
  when the new resolver is used for ``pip download`` or ``pip wheel``. (`8827 &lt;https://github.com/pypa/pip/issues/8827&gt;`_)
- New resolver: If a package appears multiple times in user specification with
  different ``--hash`` options, only hashes that present in all specifications
  should be allowed. (`8839 &lt;https://github.com/pypa/pip/issues/8839&gt;`_)
- Tweak the output during dependency resolution in the new resolver. (`8861 &lt;https://github.com/pypa/pip/issues/8861&gt;`_)
- Correctly search for installed distributions in new resolver logic in order
  to not miss packages (virtualenv packages from system-wide-packages for example) (`8963 &lt;https://github.com/pypa/pip/issues/8963&gt;`_)
- Do not fail in pip freeze when encountering a ``direct_url.json`` metadata file
  with editable=True. Render it as a non-editable ``file://`` URL until modern
  editable installs are standardized and supported. (`8996 &lt;https://github.com/pypa/pip/issues/8996&gt;`_)

Vendored Libraries
------------------

- Fix devendoring instructions to explicitly state that ``vendor.txt`` should not be removed.
  It is mandatory for ``pip debug`` command.

Improved Documentation
----------------------

- Add documentation for &#39;.netrc&#39; support. (`7231 &lt;https://github.com/pypa/pip/issues/7231&gt;`_)
- Add OS tabs for OS-specific commands. (`7311 &lt;https://github.com/pypa/pip/issues/7311&gt;`_)
- Add note and example on keyring support for index basic-auth (`8636 &lt;https://github.com/pypa/pip/issues/8636&gt;`_)
- Added initial UX feedback widgets to docs. (`8783 &lt;https://github.com/pypa/pip/issues/8783&gt;`_, `8848 &lt;https://github.com/pypa/pip/issues/8848&gt;`_)
- Add ux documentation (`8807 &lt;https://github.com/pypa/pip/issues/8807&gt;`_)
- Update user docs to reflect new resolver as default in 20.3. (`9044 &lt;https://github.com/pypa/pip/issues/9044&gt;`_)
- Improve migration guide to reflect changes in new resolver behavior. (`9056 &lt;https://github.com/pypa/pip/issues/9056&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>



Co-authored-by: pyup-bot <github-bot@pyup.io>
Co-authored-by: Ellen Marie Dash <me@duckie.co>
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Feb 12, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants