Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): Bump pip from 23.1.2 to 23.2.1 (#1426)
Bumps [pip](https:/pypa/pip) from 23.1.2 to 23.2.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https:/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.2.1 (2023-07-22)</h1> <h2>Bug Fixes</h2> <ul> <li>Disable PEP 658 metadata fetching with the legacy resolver. (<code>[#12156](pypa/pip#12156) <https:/pypa/pip/issues/12156></code>_)</li> </ul> <h1>23.2 (2023-07-15)</h1> <h2>Process</h2> <ul> <li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html></code>__.</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 <https://peps.python.org/pep-0440/></code>_ (<code>[#12063](pypa/pip#12063) <https:/pypa/pip/issues/12063></code>_)</li> <li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code> from the output when running on Python 3.12 or later, where they are not included in a virtual environment by default. Use <code>--exclude</code> if you wish to exclude any of these packages. (<code>[#4256](pypa/pip#4256) <https:/pypa/pip/issues/4256></code>_)</li> </ul> <h2>Features</h2> <ul> <li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) <https:/pypa/pip/issues/12040></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) <https:/pypa/pip/issues/11417></code>_)</li> <li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) <https:/pypa/pip/issues/11847></code>_)</li> <li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) <https:/pypa/pip/issues/11920></code>_)</li> <li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) <https:/pypa/pip/issues/11957></code>_)</li> <li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) <https:/pypa/pip/issues/11985></code>_)</li> <li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) <https:/pypa/pip/issues/12038></code>_)</li> <li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) <https:/pypa/pip/issues/12042></code>_)</li> <li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) <https:/pypa/pip/issues/12067></code>_)</li> <li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) <https:/pypa/pip/issues/12079></code>_)</li> <li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) <https:/pypa/pip/issues/12119></code>_)</li> </ul> <h2>Vendored Libraries</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https:/pypa/pip/commit/4a79e65cb6aac84505ad92d272a29f0c3c1aedce"><code>4a79e65</code></a> Bump for release</li> <li><a href="https:/pypa/pip/commit/81a0711192c32126a7b11d6898677274cdbc40b5"><code>81a0711</code></a> Update AUTHORS.txt</li> <li><a href="https:/pypa/pip/commit/1d4674c38950fe01d138a57524799473a2341bb7"><code>1d4674c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12163">#12163</a> from pfmoore/fix_12156</li> <li><a href="https:/pypa/pip/commit/39aa7ed50e26d77a4a277fa525add44b6f7b3bcd"><code>39aa7ed</code></a> Fix a direct creation of RequirementPreparer in the tests</li> <li><a href="https:/pypa/pip/commit/c12139de9b51da9947d3b36b4f0e2e0c8f467663"><code>c12139d</code></a> Disable PEP 658 for the legacy resolver</li> <li><a href="https:/pypa/pip/commit/593b85f4abd30688648436bb9baca3b8f7b32b51"><code>593b85f</code></a> Use strict optional checking in misc.py (<a href="https://redirect.github.com/pypa/pip/issues/11382">#11382</a>)</li> <li><a href="https:/pypa/pip/commit/b252ad819bc7b998508a7ed8789b60dceddfd603"><code>b252ad8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12148">#12148</a> from mtreinish/patch-1</li> <li><a href="https:/pypa/pip/commit/26814251c04f459dce8e9502aa42eebdb125ee20"><code>2681425</code></a> Correct typo in 23.2 Changelog Bug Fixes</li> <li><a href="https:/pypa/pip/commit/1d5b12063d8656a2d1c2eebaee83ed530b642e48"><code>1d5b120</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12145">#12145</a> from pfmoore/release/23.2</li> <li><a href="https:/pypa/pip/commit/b6a2670599ded25ffcebc33b5c8b583ccef87f27"><code>b6a2670</code></a> Bump for development</li> <li>Additional commits viewable in <a href="https:/pypa/pip/compare/23.1.2...23.2.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
570b3b7
commit 24bed2e