Merge branch 'main' into extra-normalization

pypa · Sep 10, 2023 · 0db5d95 · 0db5d95
2 parents 4aa6d88 + 83ca10a
commit 0db5d95
Show file tree

Hide file tree

Showing 195 changed files with 5,676 additions and 2,605 deletions.
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
@@ -0,0 +1,36 @@
+917b41d6d73535c090fc312668dff353cdaef906  # Blacken docs/html/conf.py
+ed383dd8afa8fe0250dcf9b8962927ada0e21c89  # Blacken docs/pip_sphinxext.py
+228405e62451abe8a66233573035007df4be575f  # Blacken noxfile.py
+f477a9f490e978177b71c9dbaa5465c51ea21129  # Blacken setup.py
+e59ba23468390217479465019f8d78e724a23550  # Blacken src/pip/__main__.py
+d7013db084e9a52242354ee5754dc5d19ccf062e  # Blacken src/pip/_internal/build_env.py
+30e9ffacae75378fc3e3df48f754dabad037edb9  # Blacken src/pip/_internal/cache.py
+8341d56b46776a805286218ac5fb0e7850fd9341  # Blacken src/pip/_internal/cli/autocompletion.py
+3d3461ed65208656358b3595e25d8c31c5c89470  # Blacken src/pip/_internal/cli/base_command.py
+d489b0f1b104bc936b0fb17e6c33633664ebdc0e  # Blacken src/pip/_internal/cli/cmdoptions.py
+591fe4841aefe9befa0530f2a54f820c4ecbb392  # Blacken src/pip/_internal/cli/command_context.py
+9265b28ef7248ae1847a80384dbeeb8119c3e2f5  # Blacken src/pip/_internal/cli/main.py
+847a369364878c38d210c90beed2737bb6fb3a85  # Blacken src/pip/_internal/cli/main_parser.py
+ec97119067041ae58b963935ff5f0e5d9fead80c  # Blacken src/pip/_internal/cli/parser.py
+6e3b8de22fa39fa3073599ecf9db61367f4b3b32  # Blacken src/pip/_internal/cli/progress_bars.py
+55405227de983c5bd5bf0858ea12dbe537d3e490  # Blacken src/pip/_internal/cli/req_command.py
+d5ca5c850cae9a0c64882a8f49d3a318699a7e2e  # Blacken src/pip/_internal/cli/spinners.py
+9747cb48f8430a7a91b36fe697dd18dbddb319f0  # Blacken src/pip/_internal/commands/__init__.py
+1c09fd6f124df08ca36bed68085ad68e89bb1957  # Blacken src/pip/_internal/commands/cache.py
+315e93d7eb87cd476afcc4eaf0f01a7b56a5037f  # Blacken src/pip/_internal/commands/check.py
+8ae3b96ed7d24fd24024ccce4840da0dcf635f26  # Blacken src/pip/_internal/commands/completion.py
+42ca4792202f26a293ee48380718743a80bbee37  # Blacken src/pip/_internal/commands/configuration.py
+790ad78fcd43d41a5bef9dca34a3c128d05eb02c  # Blacken src/pip/_internal/commands/debug.py
+a6fcc8f045afe257ce321f4012fc8fcb4be01eb3  # Blacken src/pip/_internal/commands/download.py
+920e735dfc60109351fbe2f4c483c2f6ede9e52d  # Blacken src/pip/_internal/commands/freeze.py
+053004e0fcf0851238b1064fbce13aea87b24e9c  # Blacken src/pip/_internal/commands/hash.py
+a6b6ae487e52c2242045b64cb8962e0a992cfd76  # Blacken src/pip/_internal/commands/help.py
+2495cf95a6c7eb61ccf1f9f0e8b8d736af914e53  # Blacken __main__.py
+c7ee560e00b85f7486b452c14ff49e4737996eda  # Blacken tools/
+8e2e1964a4f0a060f7299a96a911c9e116b2283d  # Blacken src/pip/_internal/commands/
+1bc0eef05679e87f45540ab0a294667cb3c6a88e  # Blacken src/pip/_internal/network/
+069b01932a7d64a81c708c6254cc93e1f89e6783  # Blacken src/pip/_internal/req
+1897784d59e0d5fcda2dd75fea54ddd8be3d502a  # Blacken src/pip/_internal/index
+94999255d5ede440c37137d210666fdf64302e75  # Reformat the codebase, with black
+585037a80a1177f1fa92e159a7079855782e543e  # Cleanup implicit string concatenation
+8a6f6ac19b80a6dc35900a47016c851d9fcd2ee2  # Blacken src/pip/_internal/resolution directory
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -91,7 +91,7 @@ jobs:
       - run: git diff --exit-code
 
   tests-unix:
-    name: tests / ${{ matrix.python }} / ${{ matrix.os }}
+    name: tests / ${{ matrix.python.key || matrix.python }} / ${{ matrix.os }}
     runs-on: ${{ matrix.os }}-latest
 
     needs: [packaging, determine-changes]
@@ -109,12 +109,14 @@ jobs:
           - "3.9"
           - "3.10"
           - "3.11"
+          - "3.12"
 
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python }}
+          allow-prereleases: true
 
       - name: Install Ubuntu dependencies
         if: matrix.os == 'Ubuntu'
@@ -129,12 +131,12 @@ jobs:
       # Main check
       - name: Run unit tests
         run: >-
-          nox -s test-${{ matrix.python }} --
+          nox -s test-${{ matrix.python.key || matrix.python }} --
           -m unit
           --verbose --numprocesses auto --showlocals
       - name: Run integration tests
         run: >-
-          nox -s test-${{ matrix.python }} --
+          nox -s test-${{ matrix.python.key || matrix.python }} --
           -m integration
           --verbose --numprocesses auto --showlocals
           --durations=5
@@ -167,24 +169,13 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
 
-      # We use a RAMDisk on Windows, since filesystem IO is a big slowdown
-      # for our tests.
-      - name: Create a RAMDisk
-        run: ./tools/ci/New-RAMDisk.ps1 -Drive R -Size 1GB
-
-      - name: Setup RAMDisk permissions
-        run: |
-          mkdir R:\Temp
-          $acl = Get-Acl "R:\Temp"
-          $rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
-              "Everyone", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
-          )
-          $acl.AddAccessRule($rule)
-          Set-Acl "R:\Temp" $acl
-
+      # We use C:\Temp (which is already available on the worker)
+      # as a temporary directory for all of the tests because the
+      # default value (under the user dir) is more deeply nested
+      # and causes tests to fail with "path too long" errors.
       - run: pip install nox
         env:
-          TEMP: "R:\\Temp"
+          TEMP: "C:\\Temp"
 
       # Main check
       - name: Run unit tests
@@ -194,7 +185,7 @@ jobs:
           -m unit
           --verbose --numprocesses auto --showlocals
         env:
-          TEMP: "R:\\Temp"
+          TEMP: "C:\\Temp"
 
       - name: Run integration tests (group 1)
         if: matrix.group == 1
@@ -203,7 +194,7 @@ jobs:
           -m integration -k "not test_install"
           --verbose --numprocesses auto --showlocals
         env:
-          TEMP: "R:\\Temp"
+          TEMP: "C:\\Temp"
 
       - name: Run integration tests (group 2)
         if: matrix.group == 2
@@ -212,7 +203,7 @@ jobs:
           -m integration -k "test_install"
           --verbose --numprocesses auto --showlocals
         env:
-          TEMP: "R:\\Temp"
+          TEMP: "C:\\Temp"
 
   tests-zipapp:
     name: tests / zipapp

diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -17,26 +17,15 @@ repos:
     exclude: .patch
 
 - repo: https://github.com/psf/black
-  rev: 23.1.0
+  rev: 23.7.0
   hooks:
   - id: black
 
-- repo: https://github.com/PyCQA/flake8
-  rev: 6.0.0
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  # Ruff version.
+  rev: v0.0.287
   hooks:
-  - id: flake8
-    additional_dependencies: [
-        'flake8-bugbear',
-        'flake8-logging-format',
-        'flake8-implicit-str-concat',
-    ]
-    exclude: tests/data
-
-- repo: https://github.com/PyCQA/isort
-  rev: 5.12.0
-  hooks:
-  - id: isort
-    files: \.py$
+    - id: ruff
 
 - repo: https://github.com/pre-commit/mirrors-mypy
   rev: v0.961

diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -1,10 +1,14 @@
 version: 2
 
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
 sphinx:
-  builder: htmldir
+  builder: dirhtml
   configuration: docs/html/conf.py
 
 python:
-  version: 3.8
   install:
     - requirements: docs/requirements.txt
diff --git a/AUTHORS.txt b/AUTHORS.txt
@@ -71,6 +71,7 @@ atse
 Atsushi Odagiri
 Avinash Karhana
 Avner Cohen
+Awit (Ah-Wit) Ghirmai
 Baptiste Mispelon
 Barney Gale
 barneygale
@@ -126,6 +127,7 @@ Chih-Hsuan Yen
 Chris Brinker
 Chris Hunt
 Chris Jerdonek
+Chris Kuehl
 Chris McDonough
 Chris Pawley
 Chris Pryer
@@ -330,6 +332,8 @@ Jarek Potiuk
 jarondl
 Jason Curtis
 Jason R. Coombs
+JasonMo
+JasonMo1
 Jay Graves
 Jean-Christophe Fillion-Robin
 Jeff Barber
@@ -344,6 +348,7 @@ Jim Fisher
 Jim Garrison
 Jiun Bae
 Jivan Amara
+Joe Bylund
 Joe Michelini
 John Paton
 John T. Wodder II
@@ -441,6 +446,7 @@ Matthew Einhorn
 Matthew Feickert
 Matthew Gilliard
 Matthew Iversen
+Matthew Treinish
 Matthew Trumbell
 Matthew Willson
 Matthias Bussonnier
@@ -582,6 +588,7 @@ Rishi
 RobberPhex
 Robert Collins
 Robert McGibbon
+Robert Pollak
 Robert T. McGibbon
 robin elisha robinson
 Roey Berman
@@ -614,6 +621,7 @@ SeongSoo Cho
 Sergey Vasilyev
 Seth Michael Larson
 Seth Woodworth
+Shantanu
 shireenrao
 Shivansh-007
 Shlomi Fish
@@ -638,6 +646,7 @@ Steve Barnes
 Steve Dower
 Steve Kowalik
 Steven Myint
+Steven Silvester
 stonebig
 Stéphane Bidoul
 Stéphane Bidoul (ACSONE)
@@ -707,6 +716,7 @@ Wilson Mo
 wim glenn
 Winson Luk
 Wolfgang Maier
+Wu Zhenyu
 XAMES3
 Xavier Fernandez
 xoviat

diff --git a/MANIFEST.in b/MANIFEST.in
@@ -14,6 +14,7 @@ recursive-include  src/pip/_vendor *COPYING*
 include docs/docutils.conf
 include docs/requirements.txt
 
+exclude .git-blame-ignore-revs
 exclude .coveragerc
 exclude .mailmap
 exclude .appveyor.yml

diff --git a/NEWS.rst b/NEWS.rst
@@ -9,6 +9,69 @@
 
 .. towncrier release notes start
 
+23.2.1 (2023-07-22)
+===================
+
+Bug Fixes
+---------
+
+- Disable PEP 658 metadata fetching with the legacy resolver. (`#12156 <https://github.com/pypa/pip/issues/12156>`_)
+
+
+23.2 (2023-07-15)
+=================
+
+Process
+-------
+
+- Deprecate support for eggs for Python 3.11 or later, when the new ``importlib.metadata`` backend is used to load distribution metadata. This only affects the egg *distribution format* (with the ``.egg`` extension); distributions using the ``.egg-info`` *metadata format* (but are not actually eggs) are not affected. For more information about eggs, see `relevant section in the setuptools documentation <https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html>`__.
+
+Deprecations and Removals
+-------------------------
+
+- Deprecate legacy version and version specifiers that don't conform to `PEP 440
+  <https://peps.python.org/pep-0440/>`_ (`#12063 <https://github.com/pypa/pip/issues/12063>`_)
+- ``freeze`` no longer excludes the ``setuptools``, ``distribute``, and ``wheel``
+  from the output when running on Python 3.12 or later, where they are not
+  included in a virtual environment by default. Use ``--exclude`` if you wish to
+  exclude any of these packages. (`#4256 <https://github.com/pypa/pip/issues/4256>`_)
+
+Features
+--------
+
+- make rejection messages slightly different between 1 and 8, so the user can make the difference. (`#12040 <https://github.com/pypa/pip/issues/12040>`_)
+
+Bug Fixes
+---------
+
+- Fix ``pip completion --zsh``. (`#11417 <https://github.com/pypa/pip/issues/11417>`_)
+- Prevent downloading files twice when PEP 658 metadata is present (`#11847 <https://github.com/pypa/pip/issues/11847>`_)
+- Add permission check before configuration (`#11920 <https://github.com/pypa/pip/issues/11920>`_)
+- Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (`#11957 <https://github.com/pypa/pip/issues/11957>`_)
+- Ignore invalid or unreadable ``origin.json`` files in the cache of locally built wheels. (`#11985 <https://github.com/pypa/pip/issues/11985>`_)
+- Fix installation of packages with PEP658 metadata using non-canonicalized names (`#12038 <https://github.com/pypa/pip/issues/12038>`_)
+- Correctly parse ``dist-info-metadata`` values from JSON-format index data. (`#12042 <https://github.com/pypa/pip/issues/12042>`_)
+- Fail with an error if the ``--python`` option is specified after the subcommand name. (`#12067 <https://github.com/pypa/pip/issues/12067>`_)
+- Fix slowness when using ``importlib.metadata`` (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (`#12079 <https://github.com/pypa/pip/issues/12079>`_)
+- Pass the ``-r`` flag to mercurial to be explicit that a revision is passed and protect
+  against ``hg`` options injection as part of VCS URLs. Users that do not have control on
+  VCS URLs passed to pip are advised to upgrade. (`#12119 <https://github.com/pypa/pip/issues/12119>`_)
+
+Vendored Libraries
+------------------
+
+- Upgrade certifi to 2023.5.7
+- Upgrade platformdirs to 3.8.1
+- Upgrade pygments to 2.15.1
+- Upgrade pyparsing to 3.1.0
+- Upgrade Requests to 2.31.0
+- Upgrade rich to 13.4.2
+- Upgrade setuptools to 68.0.0
+- Updated typing_extensions to 4.6.0
+- Upgrade typing_extensions to 4.7.1
+- Upgrade urllib3 to 1.26.16
+
+
 23.1.2 (2023-04-26)
 ===================
 
@@ -53,7 +116,7 @@ Deprecations and Removals
   ``--config-settings``. (`#11859 <https://github.com/pypa/pip/issues/11859>`_)
 - Using ``--config-settings`` with projects that don't have a ``pyproject.toml`` now prints
   a deprecation warning. In the future the presence of config settings will automatically
-  enable the default build backend for legacy projects and pass the setttings to it. (`#11915 <https://github.com/pypa/pip/issues/11915>`_)
+  enable the default build backend for legacy projects and pass the settings to it. (`#11915 <https://github.com/pypa/pip/issues/11915>`_)
 - Remove ``setup.py install`` fallback when building a wheel failed for projects without
   ``pyproject.toml``. (`#8368 <https://github.com/pypa/pip/issues/8368>`_)
 - When the ``wheel`` package is not installed, pip now uses the default build backend

diff --git a/README.rst b/README.rst
@@ -19,8 +19,6 @@ We release updates regularly, with a new version every 3 months. Find more detai
 * `Release notes`_
 * `Release process`_
 
-In pip 20.3, we've `made a big improvement to the heart of pip`_; `learn more`_. We want your input, so `sign up for our user experience research studies`_ to help us do it right.
-
 **Note**: pip 21.0, in January 2021, removed Python 2 support, per pip's `Python 2 support policy`_. Please migrate to Python 3.
 
 If you find bugs, need help, or want to talk to the developers, please use our mailing lists or chat rooms:
@@ -49,9 +47,6 @@ rooms, and mailing lists is expected to follow the `PSF Code of Conduct`_.
 .. _Release process: https://pip.pypa.io/en/latest/development/release-process/
 .. _GitHub page: https://github.com/pypa/pip
 .. _Development documentation: https://pip.pypa.io/en/latest/development
-.. _made a big improvement to the heart of pip: https://pyfound.blogspot.com/2020/11/pip-20-3-new-resolver.html
-.. _learn more: https://pip.pypa.io/en/latest/user_guide/#changes-to-the-pip-dependency-resolver-in-20-3-2020
-.. _sign up for our user experience research studies: https://pyfound.blogspot.com/2020/03/new-pip-resolver-to-roll-out-this-year.html
 .. _Python 2 support policy: https://pip.pypa.io/en/latest/development/release-process/#python-2-support
 .. _Issue tracking: https://github.com/pypa/pip/issues
 .. _Discourse channel: https://discuss.python.org/c/packaging

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,3 +1,10 @@
-# Security and Vulnerability Reporting
+# Security Policy
 
-If you find any security issues, please report to [[email protected]](mailto:[email protected])
+## Reporting a Vulnerability
+
+Please read the guidelines on reporting security issues [on the
+official website](https://www.python.org/dev/security/) for
+instructions on how to report a security-related problem to
+the Python Security Response Team responsibly.
+
+To reach the response team, email `security at python dot org`.