Project
Attention
Major and minor releases of pip also include changes listed withinprior beta releases.
Deprecate theno-python-version-warning flag as it has long done nothingsince Python 2 support was removed in pip 21.0. (#13154)
Prefer to displayPEP 639License-Expression inpipshow if metadata version is at least 2.4. (#13112)
SupportPEP 639License-Expression andLicense-File metadata fields in JSONoutput.pipinspect andpipinstall--report now emitlicense_expression andlicense_file fields in themetadata object,if the corresponding fields are present in the installedMETADATA file. (#13134)
Files in the network cache will inherit the read/write permissions of pip’s cachedirectory (in addition to the current user retaining read/write access). Thisenables a single cache to be shared among multiple users. (#11012)
Return the size, along with the number, of files cleared onpipcachepurge andpipcacheremove (#12176)
Cachepython-requires checks while filtering potential installation candidates. (#13128)
Optimize package collection by avoiding unnecessary URL parsing and other processing. (#13132)
Reorder the encoding detection when decoding a requirements file, relying onUTF-8 over the locale encoding by default, matching the documented behaviour.(#12771)
The pip version self check is disabled onEXTERNALLY-MANAGED environments. (#11820)
Fix a security bug allowing a specially crafted wheel to execute code duringinstallation. (#13079)
The inclusion ofpackaging 24.2 changes how pre-release specifiers with< and>behave. Including a pre-release version with these specifiers now impliesaccepting pre-releases (e.g.,<2.0dev can include1.0rc1). To avoidimplying pre-releases, avoid specifying them (e.g., use<2.0).The exception is!=, which never implies pre-releases. (#13163)
The--cert and--client-cert command-line options are now respected whileinstalling build dependencies. Consequently, the private_PIP_STANDALONE_CERTenvironment variable is no longer used. (#5502)
The--proxy command-line option is now respected while installing build dependencies. (#6018)
Upgrade CacheControl to 0.14.1
Upgrade idna to 3.10
Upgrade msgpack to 1.1.0
Upgrade packaging to 24.2
Upgrade platformdirs to 4.3.6
Upgrade pyproject-hooks to 1.2.0
Upgrade rich to 13.9.4
Upgrade tomli to 2.2.1
Removed section about non-existing--force-keyring flag. (#12455)
Started releasing to PyPI from a GitHub Actions CI/CD workflow that implements trusted publishing and bundlesPEP 740 digital attestations.
Allow multiple nested inclusions of the same requirements file again. (#13046)
Display a better error message when an already installed package has an invalid requirement. (#12953)
IgnorePIP_TARGET andpip.confglobal.target when preparing a build environment. (#8438)
Restore support for macOS 10.12 and older (via truststore). (#12901)
Allow installing pip in editable mode in a virtual environment on Windows. (#12666)
Upgrade certifi to 2024.8.30
Upgrade distlib to 0.3.9
Upgrade truststore to 0.10.0
Upgrade urllib3 to 1.26.20
Check unsupported packages for the current platform. (#11054)
Use system certificatesand certifi certificates to verify HTTPS connections on Python 3.10+.Python 3.9 and earlier only use certifi.
To revert to previous behaviour, pass the flag--use-deprecated=legacy-certs. (#11647)
Improve discovery performance of installed packages when theimportlib.metadatabackend is used to load distribution metadata (used by default under Python 3.11+). (#12656)
Improve performance when the same requirement string appears many times duringresolution, by consistently caching the parsed requirement string. (#12663)
Minor performance improvement of finding applicable package candidates by notrepeatedly calculating their versions (#12664)
Disable pip’s self version check when invoking a pip subprocess to installPEP 517 build requirements. (#12683)
Improve dependency resolution performance by caching platform compatibilitytags during wheel cache lookup. (#12712)
wheel is no longer explicitly listed as a build dependency ofpip.setuptools injects this dependency in theget_requires_for_build_wheel()hook and no longer needs it on newer versions. (#12728)
Ignore--require-virtualenv forpipcheck andpipfreeze (#12842)
Improve package download and install performance.
Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).This reduces the frequency of updates to pip’s progress bar. (#12810)
Improve pip install performance.
Files are now extracted in 1MB blocks, or in one block matching the file size forsmaller files. A decompressor is no longer instantiated when extracting 0 bytes files,it is not necessary because there is no data to decompress. (#12803)
Setno_color to globalrich.Console instance. (#11045)
Fix resolution to respect--python-version when checkingRequires-Python. (#12216)
Perform hash comparisons in a case-insensitive manner. (#12680)
Avoiddlopen failure for glibc detection in musl builds (#12716)
Avoid keyring logging crashes when pip is run in verbose mode. (#12751)
Fix finding hardlink targets in tar files with an ignored top-level directory. (#12781)
Improve pip install performance by only creating required parentdirectories once, instead of before extracting every file in the wheel. (#12782)
Improve pip install performance by calculating installed packages printoutin linear time instead of quadratic time. (#12791)
Remove vendored tenacity.
Update the preload list for theDEBUNDLED case, to replacepep517 that has been renamed topyproject_hooks.
Use tomllib from the stdlib if available, rather than tomli
Upgrade certifi to 2024.7.4
Upgrade platformdirs to 4.2.2
Upgrade pygments to 2.18.0
Upgrade setuptools to 70.3.0
Upgrade typing_extensions to 4.12.2
Correct—-ignore-conflicts (including an em dash) to--ignore-conflicts. (#12851)
Fix finding hardlink targets in tar files with an ignored top-level directory. (#12781)
Actually use system trust stores when the truststore feature is enabled.
Upgrade requests to 2.32.3
Upgrade truststore to 0.9.1.
Report informative messages about invalid requirements. (#12713)
Eagerly import the self version check logic to avoid crashes while upgrading or downgrading pip at the same time. (#12675)
Accommodate for mismatches between different sources of truth for extra names, for packages generated bysetuptools. (#12688)
Accommodate for development versions of CPython ending in+ in the version string. (#12691)
Upgrade packaging to 24.1
Upgrade requests to 2.32.0
Remove vendored colorama
Remove vendored six
Remove vendored webencodings
Remove vendored charset_normalizer
requests provides optional character detection support on some APIs when processing ambiguous bytes. This isn’t relevant for pip to function and we’re able to remove it due to recent upstream changes.
Drop support for EOL Python 3.7. (#11934)
Remove support for legacy versions and dependency specifiers.
Packages with non standard-compliant versions or dependency specifiers are now ignored by the resolver.Already installed packages with non standard-compliant versions or dependency specifiersmust be uninstalled before upgrading them. (#12063)
Improve performance of resolution of large dependency trees, with more caching. (#12453)
Further improve resolution performance of large dependency trees, by caching hash calculations. (#12657)
Reduce startup time of commands (e.g. show, freeze) that do not access the network by 15-30%. (#4768)
Reword and improve presentation of uninstallation errors. (#10421)
Add a ‘raw’ progress_bar type for simple and parsable download progress reports (#11508)
piplist no longer performs the pip version check unless--outdated or--uptodate is given. (#11677)
Use thedata_filter when extracting tarballs, if it’s available. (#12111)
Display the Project-URL value under key “Home-page” inpipshow when the Home-Page metadata field is not set.
The Project-URL key detection is case-insensitive, and ignores any dashes and underscores. (#11221)
Ensure-vv gets passed to anypipinstall build environment subprocesses. (#12577)
Deduplicate entries in theRequires field ofpipshow. (#12165)
Fix error on checkout for subversion and bazaar with verbose mode on. (#11050)
Fix exception with completions when COMP_CWORD is not set (#12401)
Fix intermittent “cannot locate t64.exe” errors when upgrading pip. (#12666)
Remove duplication in invalid wheel error message (#12579)
Remove the incorrect pip3.x console entrypoint from the pip wheel. This consolescript continues to be generated by pip when it installs itself. (#12536)
Gracefully skip VCS detection in pip freeze when PATH points to a non-directory path. (#12567)
Make the--proxy parameter take precedence over environment variables. (#10685)
Add charset-normalizer 3.3.2
Remove chardet
Remove pyparsing
Upgrade CacheControl to 0.14.0
Upgrade certifi to 2024.2.2
Upgrade distro to 1.9.0
Upgrade idna to 3.7
Upgrade msgpack to 1.0.8
Upgrade packaging to 24.0
Upgrade platformdirs to 4.2.1
Upgrade pygments to 2.17.2
Upgrade rich to 13.7.1
Upgrade setuptools to 69.5.1
Upgrade tenacity to 8.2.3
Upgrade typing_extensions to 4.11.0
Upgrade urllib3 to 1.26.18
Document UX research done on pip. (#10745)
Fix the direct usage of zipapp showing up aspython-mpip.pyz rather than./pip.pyz /.\pip.pyz (#12043)
Add a warning explaining that the snippet in “Fallback behavior” is not a validpyproject.toml snippet for projects, and link to setuptools documentationinstead. (#12122)
The Python Support Policy has been updated. (#12529)
Document the environment variables that correspond with CLI options. (#12576)
Update architecture documentation for command line interface. (#6831)
Removesetup.py since all the pip project metadata is now declared inpyproject.toml.
Move remaining pip development tools configurations topyproject.toml.
Retry on HTTP status code 502 (#11843)
Automatically use the setuptools PEP 517 build backend when--config-settings isused for projects withoutpyproject.toml. (#11915)
Make pip freeze and pip uninstall of legacy editable installs of packages whose namecontains_ compatible withsetuptools>=69.0.3. (#12477)
Support per requirement--config-settings for editable installs. (#12480)
Optimized usage of--find-links=<path-to-dir>, by only scanning the relevant directory once, only considering file names that are valid wheel or sdist names, and only considering files in the directory that are related to the install. (#12327)
Removedwheel from the[build-system].requires list fallbackthat is used whenpyproject.toml is absent. (#12449)
Upgrade distlib to 0.3.8
Fix explanation of how PIP_CONFIG_FILE works (#11815)
Fix outdated pip install argument description in documentation. (#12417)
Replace some links to PEPs with links to the canonical specifications on thePython Packaging User Guide (#12434)
Updated thepyproject.toml document to stop suggestingto depend onwheel as a build dependency directly. (#12449)
Update supported interpreters in development docs (#12475)
Most project metadata is now defined statically via pip’spyproject.toml file.
Added reference tovulnerability reporting guidelines to pip’s security policy.
Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. (#12175)
Improve extras resolution for multiple constraints on same base package. (#11924)
Improve use of datastructures to make candidate selection 1.6x faster. (#12204)
Allowpipinstall--dry-run to use platform and ABI overriding options. (#12215)
Addis_yanked boolean entry to the installation report (--report) to indicate whether the requirement was yanked from the index, but was still selected by pip conform toPEP 592. (#12224)
Ignore errors in temporary directory cleanup (show a warning instead). (#11394)
Normalize extras according toPEP 685 from package metadata in the resolverfor comparison. This ensures extras are correctly compared and merged as longas the package providing the extra(s) is built with values normalized accordingto the standard. Note, however, that thisdoes not solve cases where thepackage itself contains unnormalized extra values in the metadata. (#11649)
Prevent downloading sdists twice whenPEP 658 metadata is present. (#11847)
Include all requested extras in the install report (--report). (#11924)
Removed uses ofdatetime.datetime.utcnow from non-vendored code. (#12005)
Consistently report whether a dependency comes from an extra. (#12095)
Fix completion script for zsh (#12166)
Fix improper handling of the new onexc argument ofshutil.rmtree() in Python 3.12. (#12187)
Filter out yanked links from the available versions error message: “(from versions: 1.0, 2.0, 3.0)” will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. (#12225)
Fix crash when the git version number contains something else than digits and dots. (#12280)
Use-r=... instead of-r... to specify references with Mercurial. (#12306)
Redact password from URLs in some additional places. (#12350)
pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). (#2984)
Upgrade certifi to 2023.7.22
Add truststore 0.8.0
Upgrade urllib3 to 1.26.17
Deprecate support for eggs for Python 3.11 or later, when the newimportlib.metadata backend is used to load distribution metadata. This only affects the eggdistribution format (with the.egg extension); distributions using the.egg-infometadata format (but are not actually eggs) are not affected. For more information about eggs, seerelevant section in the setuptools documentation.
Deprecate legacy version and version specifiers that don’t conform to thespecification.(#12063)
freeze no longer excludes thesetuptools,distribute, andwheelfrom the output when running on Python 3.12 or later, where they are notincluded in a virtual environment by default. Use--exclude if you wish toexclude any of these packages. (#4256)
make rejection messages slightly different between 1 and 8, so the user can make the difference. (#12040)
Fixpipcompletion--zsh. (#11417)
Prevent downloading files twice whenPEP 658 metadata is present (#11847)
Add permission check before configuration (#11920)
Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (#11957)
Ignore invalid or unreadableorigin.json files in the cache of locally built wheels. (#11985)
Fix installation of packages withPEP 658 metadata using non-canonicalized names (#12038)
Correctly parsedist-info-metadata values from JSON-format index data. (#12042)
Fail with an error if the--python option is specified after the subcommand name. (#12067)
Fix slowness when usingimportlib.metadata (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (#12079)
Pass the-r flag to mercurial to be explicit that a revision is passed and protectagainsthg options injection as part of VCS URLs. Users that do not have control onVCS URLs passed to pip are advised to upgrade. (#12119)
Upgrade certifi to 2023.5.7
Upgrade platformdirs to 3.8.1
Upgrade pygments to 2.15.1
Upgrade pyparsing to 3.1.0
Upgrade Requests to 2.31.0
Upgrade rich to 13.4.2
Upgrade setuptools to 68.0.0
Updated typing_extensions to 4.6.0
Upgrade typing_extensions to 4.7.1
Upgrade urllib3 to 1.26.16
Upgrade setuptools to 67.7.2
Revert pkg_resources (via setuptools) back to 65.6.3
Update documentation to reflect the new behavior of using the cache of locallybuilt wheels in hash-checking mode. (#11967)
Remove support for the deprecated--install-options. (#11358)
--no-binary does not implysetup.pyinstall anymore. Instead a wheel will bebuilt locally and installed. (#11451)
--no-binary does not disable the cache of locally built wheels anymore. It onlymeans “don’t download wheels”. (#11453)
Deprecate--build-option and--global-option. Users are invited to switch to--config-settings. (#11859)
Using--config-settings with projects that don’t have apyproject.toml now printsa deprecation warning. In the future the presence of config settings will automaticallyenable the default build backend for legacy projects and pass the settings to it. (#11915)
Removesetup.pyinstall fallback when building a wheel failed for projects withoutpyproject.toml. (#8368)
When thewheel package is not installed, pip now uses the default build backendinstead ofsetup.pyinstall andsetup.pydevelop for project withoutpyproject.toml. (#8559)
Specify egg-link location in assertion message when it does not match installed location to provide better error message for debugging. (#10476)
Present conflict information during installation after each choice that is rejected (pass-vv topipinstall to show it) (#10937)
Display dependency chain on each Collecting/Processing log line. (#11169)
Support a per-requirement--config-settings option in requirements files. (#11325)
The--config-settings/-C option now supports using the same key multipletimes. When the same key is specified multiple times, all values are passed tothe build backend as a list, as opposed to the previous behavior, where pip wouldonly pass the last value if the same key was used multiple times. (#11681)
Add-C as a short version of the--config-settings option. (#11786)
Reduce the number of resolver rounds, since backjumping makes the resolver more efficient in finding solutions. This also makes pathological cases fail quicker. (#11908)
Warn if--hash is used on a line without requirement in a requirements file. (#11935)
Stop propagating CLI--config-settings to the build dependencies. They already didnot propagate to requirements provided in requirement files. To pass the same configsettings to several requirements, users should provide the requirements as CLIarguments. (#11941)
Support wheel cache when using--require-hashes. (#5037)
Add--keyring-provider flag. See the Authentication page in the documentation for more info. (#8719)
In the case of virtual environments, configuration files are now also included from the base installation. (#9752)
Fix grammar by changing “A new release of pip available:” to “A new release of pip is available:” in the notice used for indicating that. (#11529)
Normalize paths before checking if installed scripts are on PATH. (#11719)
Correct the way to decide if keyring is available. (#11774)
More consistent resolution backtracking by removing legacy hack related to setuptools resolution (#11837)
IncludeAUTHORS.txt in pip’s wheels. (#11882)
Theuninstall andinstall--force-reinstall commands no longer callnormalize_path() repeatedly on the same paths. Instead, these results arecached for the duration of an uninstall operation, resulting in improvedperformance, particularly on Windows. (#11889)
Fix and improve the parsing of hashes embedded in URL fragments. (#11936)
When package A depends on package B provided as a direct URL dependency including a hashembedded in the link, the--require-hashes option did not warn when user supplied hasheswere missing for package B. (#11938)
Correctly reportrequested_extras in the installation report when extras arespecified for a local directory installation. (#11946)
When installing an archive from a direct URL or local file, populatedownload_info.info.hashes in the installation report, in addition to the legacydownload_info.info.hash key. (#11948)
Upgrade msgpack to 1.0.5
Patch pkg_resources to remove dependency onjaraco.text.
Upgrade platformdirs to 3.2.0
Upgrade pygments to 2.14.0
Upgrade resolvelib to 1.0.1
Upgrade rich to 13.3.3
Upgrade setuptools to 67.6.1
Upgrade tenacity to 8.2.2
Upgrade typing_extensions to 4.5.0
Upgrade urllib3 to 1.26.15
Cross-reference the--python flag from the--prefix flag,and mention limitations of--prefix regarding script installation. (#11775)
Add SECURITY.md to make the policy official. (#11809)
Add username to Git over SSH example. (#11838)
Quote extras in the pip install docs to guard shells with default globqualifiers, like zsh. (#11842)
Make it clear that requirements/constraints file can be a URL (#11954)
Change the hashes in the installation report to be a mapping. Emit thearchive_info.hashes dictionary indirect_url.json. (#11312)
Implement logic to read theEXTERNALLY-MANAGED file as specified inPEP 668.This allows a downstream Python distributor to prevent users from using pip tomodify the externally managed environment. (#11381)
Enable the use ofkeyring found onPATH. This allowskeyringinstalled usingpipx to be used bypip. (#11589)
The inspect and installation report formats are now declared stable, and their versionhas been bumped from0 to1. (#11757)
Wheel cache behavior is restored to match previous versions, allowing thecache to find existing entries. (#11527)
Use the “venv” scheme if available to obtain prefixed lib paths. (#11598)
Deprecated a historical ambiguity in howegg fragments in URL-stylerequirements are formatted and handled.egg fragments that do not looklikePEP 508 names now produce a deprecation warning. (#11617)
Fix scripts path in isolated build environment on Debian. (#11623)
Makepipshow show the editable location if package is editable (#11638)
Stop checking thatwheel is present whenbuild-system.requiresis provided withoutbuild-system.build-backend assetuptools(which we still check for) will inject it anyway. (#11673)
Fix an issue when an already existing in-memory distribution would causeexceptions inpipinstall (#11704)
Upgrade certifi to 2022.12.7
Upgrade chardet to 5.1.0
Upgrade colorama to 0.4.6
Upgrade distro to 1.8.0
Remove pep517 from vendored packages
Upgrade platformdirs to 2.6.2
Add pyproject-hooks 1.0.0
Upgrade requests to 2.28.2
Upgrade rich to 12.6.0
Upgrade urllib3 to 1.26.14
Fixed the description of the option “--install-options” in the documentation (#10265)
Remove mention that editable installs are necessary for pip freeze to report the VCSURL. (#11675)
Clarify that the egg URL fragment is only necessary for editable VCS installs, andotherwise not necessary anymore. (#11676)
Fix entry point generation ofpip.X,pipX.Y, andeasy_install-X.Yto correctly account for multi-digit Python version segments (e.g. the “11”part of 3.11). (#11547)
Deprecate--install-options which forces pip to use the deprecatedinstallcommand ofsetuptools. (#11358)
Deprecate installation with ‘setup.py install’ when no-binary is enabled forsource distributions without ‘pyproject.toml’. (#11452)
Deprecate`--no-binary disabling the wheel cache. (#11454)
Remove--use-feature=2020-resolver opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (#11493)
Deprecate installation with ‘setup.py install’ when the ‘wheel’ package is absent forsource distributions without ‘pyproject.toml’. (#8559)
Remove the ability to usepiplist--outdated in combination with--format=freeze. (#9789)
Useshell=True for opening the editor withpipconfigedit. (#10716)
Use thedata-dist-info-metadata attribute fromPEP 658 to resolve distribution metadata without downloading the dist yet. (#11111)
Add an option to run the test suite with pip built as a zipapp. (#11250)
Add a--python option to allow pip to manage Python environments otherthan the one pip is installed in. (#11320)
Document the new (experimental) zipapp distribution of pip. (#11459)
Use the much faster ‘bzr co --lightweight’ to obtain a copy of a Bazaar tree. (#5444)
Fix--no-index when--index-url or--extra-index-url is specifiedinside a requirements file. (#11276)
Ensure that the candidatepip executable exists, when checking for a new version of pip. (#11309)
Ignore distributions with invalidName in metadata instead of crashing, whenusing theimportlib.metadata backend. (#11352)
Raise RequirementsFileParseError when parsing malformed requirements options that can’t be successfully parsed by shlex. (#11491)
Fix build environment isolation on some system Pythons. (#6264)
Upgrade certifi to 2022.9.24
Upgrade distlib to 0.3.6
Upgrade idna to 3.4
Upgrade pep517 to 0.13.0
Upgrade pygments to 2.13.0
Upgrade tenacity to 8.1.0
Upgrade typing_extensions to 4.4.0
Upgrade urllib3 to 1.26.12
Mention that --quiet must be used when writing the installation report to stdout. (#11357)
Send the pip upgrade prompt to stderr. (#11282)
Ensure that things work correctly in environments where setuptools-injecteddistutils is available by default. This is done by cooperating withsetuptools’ injection logic to ensure that pip uses thedistutils from thePython standard library instead. (#11298)
Clarify thatpipcache’s wheels-related output is about locally built wheels only. (#11300)
Add support to usetruststore as analternative SSL certificate verification backend. The backend can be enabled on Python3.10 and later by installingtruststore into the environment, and adding the--use-feature=truststore flag to various pip commands.
truststore differs from the current default verification backend (provided bycertifi) in it uses the operating system’s trust store, which can be bettercontrolled and augmented to better support non-standard certificates. Depending onfeedback, pip may switch to this as the default certificate verification backend inthe future. (#11082)
Add--dry-run option topipinstall, to let it print what it would install butnot actually change anything in the target environment. (#11096)
Record in wheel cache entries the URL of the original artifact that was downloadedto build the cached wheels. The record is namedorigin.json and uses the PEP 610Direct URL format. (#11137)
pip’s deprecation warnings now subclass the built-inDeprecationWarning, andcan be suppressed by running the Python interpreter with-Wignore::DeprecationWarning. (#11225)
Addpipinspect command to obtain the list of installed distributions and otherinformation about the Python environment, in JSON format. (#11245)
Significantly speed up isolated environment creation, by using the samesources for pip instead of creating a standalone installation for eachenvironment. (#11257)
Add an experimental--report option to the install command to generate a JSON reportof what was installed. In combination with--dry-run and--ignore-installed itcan be used to resolve the requirements. (#53)
Fixpipinstall--pre for packages with pre-release build dependencies definedboth inpyproject.toml’sbuild-system.requires andsetup.py’ssetup_requires. (#10222)
When pip rewrites the shebang line in a script during wheel installation,update the hash and size in the correspondingRECORD file entry. (#10744)
Do not consider a.dist-info directory found inside a wheel-like zip fileas metadata for an installed distribution. A package in a wheel is (bydefinition) not installed, and is not guaranteed to work due to how a wheel isstructured. (#11217)
Useimportlib.resources to read thevendor.txt file inpipdebug.This makes the command safe for use from a zipapp. (#11248)
Make the--use-pep517 option of thedownload command apply not justto the requirements specified on the command line, but to their dependencies,as well. (#9523)
Remove reliance on the stdlib cgi module, which is deprecated in Python 3.11.
Remove html5lib.
Upgrade certifi to 2022.6.15
Upgrade chardet to 5.0.0
Upgrade colorama to 0.4.5
Upgrade distlib to 0.3.5
Upgrade msgpack to 1.0.4
Upgrade pygments to 2.12.0
Upgrade pyparsing to 3.0.9
Upgrade requests to 2.28.1
Upgrade rich to 12.5.1
Upgrade typing_extensions to 4.3.0
Upgrade urllib3 to 1.26.10
Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (#11112)
Change the build environment dependency checking to be opt-in. (#11116)
Allow using a pre-release version to satisfy a build requirement. This helpsmanually populated build environments to more accurately detect build-timerequirement conflicts. (#11123)
Enable theimportlib.metadata metadata implementation by default onPython 3.11 (or later). The environment variable_PIP_USE_IMPORTLIB_METADATAcan still be used to enable the implementation on 3.10 and earlier, or disableit on 3.11 (by setting it to0 orfalse).
Start migration of distribution metadata implementation frompkg_resourcestoimportlib.metadata. The new implementation is currently not exposed inany user-facing way, but included in the code base for easier development.
Drop--use-deprecated=out-of-tree-build, according to deprecation message. (#11001)
Add option to install and uninstall commands to opt-out from running-as-root warning. (#10556)
Include Project-URLs inpipshow output. (#10799)
Improve error message whenpipconfigedit is provided an editor thatdoesn’t exist. (#10812)
Add a user interface for supplying config settings to build backends. (#11059)
Add support for Powershell autocompletion. (#9024)
Explains why specified version cannot be retrieved whenRequires-Python is not satisfied. (#9615)
Validate build dependencies when using--no-build-isolation. (#9794)
Fix conditional checks to preventpip.exe from trying to modify itself, on Windows. (#10560)
Fix uninstall editable from Windows junction link. (#10696)
Fallback to pyproject.toml-based builds ifsetup.py is present in a project, butsetuptools cannot be imported. (#10717)
When checking for conflicts in the build environment, correctly skip requirementscontaining markers that do not match the current environment. (#10883)
Disable brotli import in vendored urllib3 so brotli could be uninstalled/upgraded by pip. (#10950)
Prioritize URL credentials over netrc. (#10979)
Filter available distributions using hash declarations from constraints files. (#9243)
Fix an error when trying to uninstall packages installed as editable from a network drive. (#9452)
Fix pip install issues using a proxy due to an inconsistency in how Requests is currently handling variable precedence in session. (#9691)
Upgrade CacheControl to 0.12.11
Upgrade distro to 1.7.0
Upgrade platformdirs to 2.5.2
Removeprogress from vendored dependencies.
Upgradepyparsing to 3.0.8 for startup performance improvements.
Upgrade rich to 12.2.0
Upgrade tomli to 2.0.1
Upgrade typing_extensions to 4.2.0
Add more dedicated topic and reference pages to the documentation. (#10899)
Capitalise Y as the default for “Proceed (y/n)?” when uninstalling. (#10936)
Addscheme:// requirement to--proxy option’s description (#10951)
The wheel command now references the build interface section instead of stating the legacysetuptools behavior as the default. (#10972)
Improved usefulness ofpipconfig--help output. (#11074)
Drop the doctype check, that presented a warning for index pages that use non-compliant HTML 5. (#10903)
Downgrade distlib to 0.3.3.
Print the exception viarich.traceback, when running with--debug. (#10791)
Only calculate topological installation order, for packages that are going to be installed/upgraded.
This fixes anAssertionError that occurred when determining installation order, for a very specific combination of upgrading-already-installed-package + change of dependencies + fetching some packages from a package index. This combination was especially common in Read the Docs’ builds. (#10851)
Usehtml.parser by default, instead of falling back tohtml5lib when--use-deprecated=html5lib is not passed. (#10869)
Clarify that using per-requirement overrides disables the usage of wheels. (#9674)
Instead of failing on index pages that use non-compliant HTML 5, print a deprecation warning and fall back tohtml5lib-based parsing for now. This simplifies the migration for non-compliant index pages, by letting such indexes function with a warning. (#10847)
Deprecate alternative progress bar styles, leaving onlyon andoff as available choices. (#10462)
Drop support for Python 3.6. (#10641)
Disable location mismatch warnings on Python versions prior to 3.10.
These warnings were helping identify potential issues as part of the sysconfig -> distutils transition, and we no longer need to rely on reports from older Python versions for information on the transition. (#10840)
ChangedPackageFinder to parse HTML documents using the stdlibhtml.parser.HTMLParser class instead of thehtml5lib package.
For now, the deprecatedhtml5lib code remains and can be used with the--use-deprecated=html5lib command line option. However, it will be removed in a future pip release. (#10291)
Utiliserich for presenting pip’s default download progress bar. (#10462)
Present a better error message when an invalid wheel file is encountered, providing more context where the invalid wheel file is. (#10535)
Documents the--require-virtualenv flag forpipinstall. (#10588)
pipinstall<tab> autocompletes paths. (#10646)
Allow Python distributors to opt-out from or opt-in to thesysconfig installation scheme backend by settingsysconfig._PIP_USE_SYSCONFIG toTrue orFalse. (#10647)
Make it possible to deselect tests requiring cryptography package on systems where it cannot be installed. (#10686)
Start using Rich for presenting error messages in a consistent format. (#10703)
Improve presentation of errors from subprocesses. (#10705)
Forward pip’s verbosity configuration to VCS tools to control their output accordingly. (#8819)
Optimize installation order calculation to improve performance when installing requirements that form a complex dependency graph with a large amount of edges. (#10557)
When a package is requested by the user for upgrade, correctly identify that the extra-ed variant of that same package depended by another user-requested package is requesting the same package, and upgrade it accordingly. (#10613)
Prevent pip from installing yanked releases unless explicitly pinned via the== or=== operators. (#10617)
Stop backtracking on build failures, by instead surfacing them to the user and aborting immediately. This behaviour provides more immediate feedback when a package cannot be built due to missing build dependencies or platform incompatibility. (#10655)
SilenceValuefor<location>doesnotmatch warning caused by an erroneous patch in Slackware-distributed Python 3.9. (#10668)
Fix an issue where pip did not consider dependencies with and without extras to be equal (#9644)
Upgrade CacheControl to 0.12.10
Upgrade certifi to 2021.10.8
Upgrade distlib to 0.3.4
Upgrade idna to 3.3
Upgrade msgpack to 1.0.3
Upgrade packaging to 21.3
Upgrade platformdirs to 2.4.1
Add pygments 2.11.2 as a vendored dependency.
Tree-trim unused portions of vendored pygments, to reduce the distribution size.
Upgrade pyparsing to 3.0.7
Upgrade Requests to 2.27.1
Upgrade resolvelib to 0.8.1
Add rich 11.0.0 as a vendored dependency.
Tree-trim unused portions of vendored rich, to reduce the distribution size.
Add typing_extensions 4.0.1 as a vendored dependency.
Upgrade urllib3 to 1.26.8
Always refuse installing or building projects that have nopyproject.toml norsetup.py. (#10531)
Tweak running-as-root detection, to checkos.getuid if it exists, on Unix-y and non-Linux/non-MacOS machines. (#10565)
When installing projects with apyproject.toml in editable mode, and the buildbackend does not supportPEP 660, prepare metadata usingprepare_metadata_for_build_wheel instead ofsetup.pyegg_info. Also, refuseinstalling projects that only have asetup.cfg and nosetup.py norpyproject.toml. These restore the pre-21.3 behaviour. (#10573)
Restore compatibility of where configuration files are loaded from on MacOS (back toLibrary/ApplicationSupport/pip, instead ofPreferences/pip). (#10585)
Upgrade pep517 to 0.12.0
Improve deprecation warning regarding the copying of source trees when installing from a local directory. (#10128)
Suppress location mismatch warnings when pip is invoked from a Python sourcetree, soensurepip does not emit warnings on CPythonmakeinstall. (#10270)
On Python 3.10 or later, the installation scheme backend has been changed to usesysconfig. This is to anticipate the deprecation ofdistutils in Python3.10, and its scheduled removal in 3.12. For compatibility considerations, pipinstallations running on Python 3.9 or lower will continue to usedistutils. (#10358)
Remove the--build-dir option and aliases, one last time. (#10485)
In-tree builds are now the default.--use-feature=in-tree-build is nowignored.--use-deprecated=out-of-tree-build may be used temporarily to easethe transition. (#10495)
Un-deprecate source distribution re-installation behaviour. (#8711)
Replace vendored appdirs with platformdirs. (#10202)
SupportPEP 610 to detecteditable installs inpipfreeze andpiplist. Thepiplist column outputhas a newEditableprojectlocation column, and the JSON output has a neweditable_project_location field. (#10249)
pipfreeze will now always fallback to reporting the editable projectlocation when it encounters a VCS error while analyzing an editablerequirement. Before, it sometimes reported the requirement as non-editable. (#10410)
pipshow now sortsRequires andRequired-By alphabetically. (#10422)
Do not raise error when there are no files to remove withpipcachepurge/remove.Instead log a warning and continue (to log that we removed 0 files). (#10459)
When backtracking during dependency resolution, prefer the dependencies which are involved in the most recent conflict. This can significantly reduce the amount of backtracking required. (#10479)
Cache requirement objects, to improve performance reducing reparses of requirement strings. (#10550)
Support editable installs for projects that have apyproject.toml and use abuild backend that supportsPEP 660. (#8212)
When a revision is specified in a Git URL, use git’s partial clone feature to speed up source retrieval. (#9086)
Add a--debug flag, to enable a mode that doesn’t log errors and propagates them to the top level instead. This is primarily to aid with debugging pip’s crashes. (#9349)
If a host is explicitly specified as trusted by the user (via the --trusted-host option), cache HTTP responses from it in addition to HTTPS ones. (#9498)
Present a better error message, when afile: URL is not found. (#10263)
Fix the auth credential cache to allow for the case in whichthe index url contains the username, but the password comesfrom an external source, such as keyring. (#10269)
Fix double unescape of HTMLdata-requires-python anddata-yanked attributes. (#10378)
New resolver: Fixes depth ordering of packages during resolution, e.g. a dependency 2 levels deep will be ordered before a dependency 3 levels deep. (#10482)
Correctly indent metadata preparation messages in pip output. (#10524)
Remove appdirs as a vendored dependency.
Upgrade distlib to 0.3.3
Upgrade distro to 1.6.0
Patch pkg_resources to use platformdirs rather than appdirs.
Add platformdirs as a vendored dependency.
Upgrade progress to 1.6
Upgrade resolvelib to 0.8.0
Upgrade urllib3 to 1.26.7
Update links of setuptools as setuptools moved these documents. The Simple Repository link now points to PyPUG as that is the canonical place of packaging specification, and setuptools’seasy_install is deprecated. (#10430)
Create a “Build System Interface” reference section, for documenting how pip interacts with build systems. (#10497)
Fix 3.6.0 compatibility in link comparison logic. (#10280)
Modify thesysconfig.get_preferred_scheme function check to becompatible with CPython 3.10’s alphareleases. (#10252)
New resolver: When a package is specified with extras in constraints, and withextras in non-constraint requirements, the resolver now correctly identifies theconstraint’s existence and avoids backtracking. (#10233)
The source distribution re-installation feature removal has been delayed to 21.3.
pipfreeze,piplist, andpipshow no longer normalize underscore(_) in distribution names to dash (-). This is a side effect of themigration toimportlib.metadata, since the underscore-dash normalizationbehavior is non-standard and specific to setuptools. This should not affectother parts of pip (for example, when feeding thepipfreeze result backintopipinstall) since pip internally performs standard PEP 503normalization independently to setuptools.
Git version parsing is now done with regular expression to prepare for thepending upstream removal of non-PEP-440 version parsing logic. (#10117)
Re-enable the “Value for … does not match” location warnings to field a newround of feedback for thedistutils-sysconfig transition. (#10151)
Remove deprecated--find-links option inpipfreeze (#9069)
New resolver: Loosen URL comparison logic when checking for direct URL referenceequivalency. The logic includes the following notable characteristics:
The authentication part of the URL is explicitly ignored.
Most of the fragment part, includingegg=, is explicitly ignored. Onlysubdirectory= and hash values (e.g.sha256=) are kept.
The query part of the URL is parsed to allow ordering differences. (#10002)
Support TOML v1.0.0 syntax inpyproject.toml. (#10034)
Added a warning message for errors caused due to Long Paths being disabled on Windows. (#10045)
Change the encoding of log file from default text encoding to UTF-8. (#10071)
Log the resolved commit SHA when installing a package from a Git repository. (#10149)
Add a warning when passing an invalid requirement topipuninstall. (#4958)
Add new subcommandpipindex used to interact with indexes, and implementpipindexversion to list available versions of a package. (#7975)
When pip is asked to uninstall a project without the dist-info/RECORD fileit will no longer traceback with FileNotFoundError,but it will provide a better error message instead, such as:
ERROR:Cannotuninstallfoobar0.1,RECORDfilenotfound.Youmightbeabletorecoverfromthisvia:'pip install --force-reinstall --no-deps foobar==0.1'.
When dist-info/INSTALLER is present and contains some useful information, the info is included in the error message instead:
ERROR:Cannotuninstallfoobar0.1,RECORDfilenotfound.Hint:Thepackagewasinstalledbyrpm.
(#8954)
Add an additional level of verbosity.--verbose (and the shorthand-v) nowcontains significantly less output, and users that need complete full debug-level outputshould pass it twice (--verbose--verbose or-vv). (#9450)
New resolver: The order of dependencies resolution has been tweaked to traversethe dependency graph in a more breadth-first approach. (#9455)
Make “yes” the default choice inpipuninstall’s prompt. (#9686)
Add a special error message when users forget the-r flag when installing. (#9915)
New resolver: A distribution’sRequires-Python metadata is now checkedbefore its Python dependencies. This makes the resolver fail quicker whenthere’s an interpreter version conflict. (#9925)
Suppress “not on PATH” warning when--prefix is given. (#9931)
Includerustc version in pip’sUser-Agent, when the system hasrustc. (#9987)
Update vendored six to 1.16.0 and urllib3 to 1.26.5 (#10043)
Correctly allow PEP 517 projects to be detected without warnings inpipfreeze. (#10080)
Strip leading slash from afile:// URL built from an path with the Windowsdrive notation. This fixes bugs where thefile:// URL cannot be correctlyused as requirement, constraint, or index URLs on Windows. (#10115)
New resolver: URL comparison logic now treatsfile://localhost/ andfile:/// as equivalent to conform to RFC 8089. (#10162)
Prefer credentials from the URL over the previously-obtained credentials from URLs of the same domain, so it is possible to use different credentials on the same index server for different--extra-index-url options. (#3931)
Fix extraction of files with utf-8 encoded paths from tars. (#7667)
Skip distutils configuration parsing on encoding errors. (#8931)
New resolver: Detect an unnamed requirement is user-specified (by building itsmetadata for the project name) so it can be correctly ordered in the resolver. (#9204)
Fixpip freeze to output packagesinstalled from gitin the correctgit+protocol://git.example.com/MyProject#egg=MyProject formatrather than the old and no longer supportedgit+git@ format. (#9822)
Fix warnings about install scheme selection for Python framework buildsdistributed by Apple’s Command Line Tools. (#9844)
Relax interpreter detection to quelch a location mismatch warning where PyPyis deliberately breaking backwards compatibility. (#9845)
Upgrade certifi to 2021.05.30.
Upgrade idna to 3.2.
Upgrade packaging to 21.0
Upgrade requests to 2.26.0.
Upgrade resolvelib to 0.7.1.
Upgrade urllib3 to 1.26.6.
New resolver: Correctly exclude an already installed package if its version isknown to be incompatible to stop the dependency resolution process with a clearerror message. (#9841)
Allow ZIP to archive files with timestamps earlier than 1980. (#9910)
Emit clearer error message when a project root does not contain eitherpyproject.toml,setup.py orsetup.cfg. (#9944)
Fix detection of existing standalone pip instance for PEP 517 builds. (#9953)
Temporarily set the new “Value for … does not match” location warnings leveltoDEBUG, to hide them from casual users. This prepares pip 21.1 for CPythoninclusion, while pip maintainers digest the first intake of location mismatchissues for thedistutils-sysconfig transition. (#9912)
This change fixes a bug on Python <=3.6.1 with a Typing feature added in 3.6.2 (#9831)
Fix compatibility between distutils and sysconfig when the project name is unknown outside of a virtual environment. (#9838)
Fix Python 3.6 compatibility when a PEP 517 build requirement itself needs to bebuilt in an isolated environment. (#9878)
Start installation scheme migration fromdistutils tosysconfig. Awarning is implemented to detect differences between the two implementations toencourage user reports, so we can avoid breakages before they happen.
Add the ability for the new resolver to process URL constraints. (#8253)
Add a feature--use-feature=in-tree-build to build local projects in-placewhen installing. This is expected to become the default behavior in pip 21.3;seeInstalling from local packagesfor more information. (#9091)
Bring back the “(from versions: …)” message, that was shown on resolution failures. (#9139)
Add support for editable installs for project with only setup.cfg files. (#9547)
Improve performance when picking the best file from indexes duringpipinstall. (#9748)
Warn instead of erroring out when doing a PEP 517 build in presence of--build-option. Warn when doing a PEP 517 build in presence of--global-option. (#9774)
Fixed--target to work with--editable installs. (#4390)
Add a warning, discouraging the usage of pip as root, outside a virtual environment. (#6409)
Ignore.dist-info directories if the stem is not a valid Python distributionname, so they don’t show up in e.g.pipfreeze. (#7269)
Only query the keyring for URLs that actually trigger error 401.This prevents an unnecessary keyring unlock prompt on every pip installinvocation (even with default index URL which is not password protected). (#8090)
Prevent packages already-installed alongside with pip to be injected into anisolated build environment during build-time dependency population. (#8214)
Fixpipfreeze permission denied error in order to display an understandable error message and offer solutions. (#8418)
Correctly uninstall script files (from setuptools’scripts argument), when installed with--user. (#8733)
New resolver: When a requirement is requested both via a direct URL(req@URL) and via version specifier with extras (req[extra]), theresolver will now be able to use the URL to correctly resolve the requirementwith extras. (#8785)
New resolver: Show relevant entries from user-supplied constraint files in theerror message to improve debuggability. (#9300)
Avoid parsing version to make the version check more robust against lousilydebundled downstream distributions. (#9348)
--user is no longer suggested incorrectly when pip fails with a permissionerror in a virtual environment. (#9409)
Fix incorrect reporting onRequires-Python conflicts. (#9541)
Make wheel compatibility tag preferences more important than the build tag (#9565)
Fix pip to work with warnings converted to errors. (#9779)
SECURITY: Stop splitting on unicode separators in git references,which could be maliciously used to install a different revision on therepository. (#9827)
Update urllib3 to 1.26.4 to fix CVE-2021-28363
Remove contextlib2.
Upgrade idna to 3.1
Upgrade pep517 to 0.10.0
Upgrade vendored resolvelib to 0.7.0.
Upgrade tenacity to 7.0.0
Update “setuptools extras” link to match upstream. (#4822829F-6A45-4202-87BA-A80482DF6D4E)
Improve SSL Certificate Verification docs and--cert help text. (#6720)
Add a section in the documentation to suggest solutions to thepipfreeze permission denied issue. (#8418)
Add warning about--extra-index-url and dependency confusion (#9647)
Describe--upgrade-strategy and direct requirements explicitly; add a briefexample. (#9692)
Upgrade packaging to 20.9
Drop support for Python 2. (#6148)
Remove support for legacy wheel cache entries that were created with pipversions older than 20.0. (#7502)
Remove support for VCS pseudo URLs editable requirements. It was emittingdeprecation warning since version 20.0. (#7554)
Modernise the codebase after Python 2. (#8802)
Drop support for Python 3.5. (#9189)
Remove the VCS export feature that was used only with editable VCSrequirements and had correctness issues. (#9338)
Upgrade msgpack to 1.0.2.
Upgrade requests to 2.25.1.
Fixed hanging VCS subprocess calls when the VCS outputs a large amount of dataon stderr. Restored logging of VCS errors that was inadvertently removed in pip20.2. (#8876)
Fix error when an existing incompatibility is unable to be applied to a backtracked state. (#9180)
New resolver: Discard a faulty distribution, instead of quitting outright.This implementation is taken from 20.2.2, with a fix that always makes theresolver iterate through candidates from indexes lazily, to avoid downloadingcandidates we do not need. (#9203)
New resolver: Discard a source distribution if it fails to generate metadata,instead of quitting outright. This implementation is taken from 20.2.2, with afix that always makes the resolver iterate through candidates from indexeslazily, to avoid downloading candidates we do not need. (#9246)
Upgrade resolvelib to 0.5.4.
Revert “Skip candidate not providing valid metadata”, as that caused pip to be overeager about downloading from the package index. (#9264)
New resolver: The “Requirement already satisfied” log is not printed only oncefor each package during resolution. (#9117)
Fix crash when logic for redacting authentication information from URLsin--help is given a list of strings, instead of a single string. (#9191)
New resolver: Correctly implement PEP 592. Do not return yanked versions froman index, unless the version range can only be satisfied by yanked candidates. (#9203)
New resolver: Make constraints also apply to package variants with extras, sothe resolver correctly avoids backtracking on them. (#9232)
New resolver: Discard a candidate if it fails to provide metadata from source,or if the provided metadata is inconsistent, instead of quitting outright. (#9246)
Update vendoring to 20.8
Update documentation to reflect that pip still uses legacy resolver by default in Python 2 environments. (#9269)
The --build-dir option has been restored as a no-op, to soften the transitionfor tools that still used it. (#9193)
Remove --unstable-feature flag as it has been deprecated. (#9133)
New Resolver: Rework backtracking and state management, to avoid getting stuck in an infinite loop. (#9011)
New resolver: Check version equality withpackaging.version to avoid edgecases if a wheel used different version normalization logic in its filenameand metadata. (#9083)
New resolver: Show each requirement in the conflict error message only once to reduce cluttering. (#9101)
Fix a regression that madepipwheel generate zip files of editablerequirements in the wheel directory. (#9122)
Fix ResourceWarning in VCS subprocesses (#9156)
Redact auth from URL in help message. (#9160)
New Resolver: editable installations are done, regardless of whetherthe already-installed distribution is editable. (#9169)
Upgrade certifi to 2020.11.8
Upgrade colorama to 0.4.4
Upgrade packaging to 20.7
Upgrade pep517 to 0.9.1
Upgrade requests to 2.25.0
Upgrade resolvelib to 0.5.3
Upgrade toml to 0.10.2
Upgrade urllib3 to 1.26.2
pipfreeze will stop filtering thepip,setuptools,distribute andwheel packages frompipfreeze output in a future version.To keep the previous behavior, users should use the new--exclude option. (#4256)
Deprecate support for Python 3.5 (#8181)
Document that certain removals can be fast tracked. (#8417)
Document that Python versions are generally supported until PyPI usage falls below 5%. (#8927)
Deprecate--find-links option inpipfreeze (#9069)
Add--exclude option topipfreeze andpiplist commands to explicitly exclude packages from the output. (#4256)
Allow multiple values for --abi and --platform. (#6121)
Add option--format to subcommandlist ofpip cache, withabspath choice to output the full path of a wheel file. (#8355)
Improve error message friendliness when an environment has packages withcorrupted metadata. (#8676)
Make thesetup.pyinstall deprecation warning less noisy. We warn onlywhensetup.pyinstall succeeded andsetup.pybdist_wheel failed, assituations where both fails are most probably irrelevant to this deprecation. (#8752)
Check the download directory for existing wheels to possibly avoidfetching metadata when thefast-deps feature is used withpipwheel andpipdownload. (#8804)
When installing a git URL that refers to a commit that is not available locallyafter git clone, attempt to fetch it from the remote. (#8815)
Include http subdirectory inpipcacheinfo andpipcachepurge commands. (#8892)
Cache package listings on index packages so they are guaranteed to stay stableduring a pip command session. This also improves performance when a index pageis accessed multiple times during the command session. (#8905)
New resolver: Tweak resolution logic to improve user experience whenuser-supplied requirements conflict. (#8924)
Support Python 3.9. (#8971)
Log an informational message when backtracking takes multiple rounds on a specific package. (#8975)
Switch to the new dependency resolver by default. (#9019)
Remove the--build-dir option, as per the deprecation. (#9049)
Propagate--extra-index-url from requirements file properly to session auth,so that keyring auth will work as expected. (#8103)
Allow specifying verbosity and quiet level via configuration filesand environment variables. Previously these options were treated asboolean values when read from there while through CLI the level can bespecified. (#8578)
Only converts Windows path to unicode on Python 2 to avoid regressions when aPOSIX environment does not configure the file system encoding correctly. (#8658)
List downloaded distributions before exitingpipdownloadwhen using the new resolver to make the behavior the same asthat on the legacy resolver. (#8696)
New resolver: Pick up hash declarations in constraints files and use them tofilter available distributions. (#8792)
Avoid polluting the destination directory by resolution artifactswhen the new resolver is used forpipdownload orpipwheel. (#8827)
New resolver: If a package appears multiple times in user specification withdifferent--hash options, only hashes that present in all specificationsshould be allowed. (#8839)
Tweak the output during dependency resolution in the new resolver. (#8861)
Correctly search for installed distributions in new resolver logic in orderto not miss packages (virtualenv packages from system-wide-packages for example) (#8963)
Do not fail in pip freeze when encountering adirect_url.json metadata filewith editable=True. Render it as a non-editablefile:// URL until moderneditable installs are standardized and supported. (#8996)
Fix devendoring instructions to explicitly state thatvendor.txt should not be removed.It is mandatory forpipdebug command.
Add documentation for ‘.netrc’ support. (#7231)
Add OS tabs for OS-specific commands. (#7311)
Add note and example on keyring support for index basic-auth (#8636)
Add ux documentation (#8807)
Update user docs to reflect new resolver as default in 20.3. (#9044)
Improve migration guide to reflect changes in new resolver behavior. (#9056)
New resolver: Avoid accessing indexes when the installed candidate is preferredand considered good enough. (#8023)
Improve error message friendliness when an environment has packages withcorrupted metadata. (#8676)
Cache package listings on index packages so they are guaranteed to stay stableduring a pip command session. This also improves performance when a index pageis accessed multiple times during the command session. (#8905)
New resolver: Tweak resolution logic to improve user experience whenuser-supplied requirements conflict. (#8924)
New resolver: Correctly respectRequires-Python metadata to rejectincompatible packages in--no-deps mode. (#8758)
New resolver: Pick up hash declarations in constraints files and use them tofilter available distributions. (#8792)
New resolver: If a package appears multiple times in user specification withdifferent--hash options, only hashes that present in all specificationsshould be allowed. (#8839)
Add ux documentation (#8807)
Deprecate support for Python 3.5 (#8181)
Make thesetup.pyinstall deprecation warning less noisy. We warn onlywhensetup.pyinstall succeeded andsetup.pybdist_wheel failed, assituations where both fails are most probably irrelevant to this deprecation. (#8752)
Only attempt to use the keyring once and if it fails, don’t try again.This prevents spamming users with several keyring unlock prompts when theycannot unlock or don’t want to do so. (#8090)
Fix regression that distributions in system site-packages are not correctlyfound when a virtual environment is configured withsystem-site-packageson. (#8695)
Disable caching for range requests, which causes corrupted wheelswhen pip tries to obtain metadata using the featurefast-deps. (#8701,#8716)
Always use UTF-8 to readpyvenv.cfg to match the built-invenv. (#8717)
2020 Resolver: Correctly handle marker evaluation in constraints and excludethem if their markers do not match the current environment. (#8724)
Ignore require-virtualenv inpiplist (#8603)
Correctly find already-installed distributions with dot (.) in the nameand uninstall them when needed. (#8645)
Trace a better error message on installation failure due to invalid.datafiles in wheels. (#8654)
Fix SVN version detection for alternative SVN distributions. (#8665)
New resolver: Correctly include the base package when specified with extrasin--no-deps mode. (#8677)
Use UTF-8 to handle ZIP archive entries on Python 2 according to PEP 427, sonon-ASCII paths can be resolved as expected. (#8684)
Deprecate setup.py-based builds that do not generate an.egg-info directory. (#6998,#8617)
Disallow passing install-location-related arguments in--install-options. (#7309)
Add deprecation warning for invalid requirements format “base>=1.0[extra]” (#8288)
Deprecate legacy setup.py install when building a wheel failed for sourcedistributions without pyproject.toml (#8368)
Deprecate -b/--build/--build-dir/--build-directory. Its current behaviour is confusingand breaks in case different versions of the same distribution need to be built duringthe resolution process. Using the TMPDIR/TEMP/TMP environment variable, possiblycombined with --no-clean covers known use cases. (#8372)
Remove undocumented and deprecated option--always-unzip (#8408)
Log debugging information about pip, inpipinstall--verbose. (#3166)
Refine error messages to avoid showing Python tracebacks when an HTTP error occurs. (#5380)
Install wheel files directly instead of extracting them to a temp directory. (#6030)
Add a beta version of pip’s next-generation dependency resolver.
Move pip’s new resolver into beta, remove the--unstable-feature=resolver flag, and enable the--use-feature=2020-resolver flag. The new resolver issignificantly stricter and more consistent when it receivesincompatible instructions, and reduces support for certain kinds ofConstraints Files, so some workarounds and workflows maybreak. More details about how to test and migrate, and how to reportissues, atChanges to the pip dependency resolver in 20.3 (2020) . Maintainers are preparing torelease pip 20.3, with the new resolver on by default, in October. (#6536)
Introduce a new ResolutionImpossible error, raised when pip encounters un-satisfiable dependency conflicts (#8546,#8377)
Add a subcommanddebug topipconfig to list available configuration sources and the key-value pairs defined in them. (#6741)
Warn if index pages have unexpected content-type (#6754)
Allow specifying--prefer-binary option in a requirements file (#7693)
Generate PEP 376 REQUESTED metadata for user supplied requirements installedby pip. (#7811)
Warn if package url is a vcs or an archive url with invalid scheme (#8128)
Parallelize network operations inpiplist. (#8504)
Allow the new resolver to obtain dependency information through wheelslazily downloaded using HTTP range requests. To enable this feature,invokepip with--use-feature=fast-deps. (#8588)
Support--use-feature in requirements files (#8601)
Use canonical package names while looking up already installed packages. (#5021)
Fix normalizing path on Windows when installing package on another logical disk. (#7625)
The VCS commands run by pip as subprocesses don’t merge stdout and stderr anymore, improving the output parsing by subsequent commands. (#7968)
Correctly treat non-ASCII entry point declarations in wheels so they can beinstalled on Windows. (#8342)
Update author email in config and tests to reflect decommissioning of pypa-dev list. (#8454)
Headers provided by wheels in .data directories are now correctly installedinto the user-provided locations, such as--prefix, instead of the virtualenvironment pip is running in. (#8521)
Vendored htmlib5 no longer imports deprecated xml.etree.cElementTree on Python 3.
Upgrade appdirs to 1.4.4
Upgrade certifi to 2020.6.20
Upgrade distlib to 0.3.1
Upgrade html5lib to 1.1
Upgrade idna to 2.10
Upgrade packaging to 20.4
Upgrade requests to 2.24.0
Upgrade six to 1.15.0
Upgrade toml to 0.10.1
Upgrade urllib3 to 1.25.9
Add--no-input option to pip docs (#7688)
List of options supported in requirements file are extracted from source of truth,instead of being maintained manually. (#7908)
Fix pip config docstring so that the subcommands render correctly in the docs (#8072)
replace links to the old pypa-dev mailing list withhttps://mail.python.org/mailman3/lists/distutils-sig.python.org/ (#8353)
Fix example for defining multiple values for options which support them (#8373)
Add documentation for the ResolutionImpossible error that helps the user fix dependency conflicts (#8459)
Add feature flags to docs (#8512)
Document how to install package extras from git branch and source distributions. (#8576)
Add GitHub issue template for reporting when the dependency resolver fails (#8207)
Document that pip 21.0 will drop support for Python 2.7.
Addpipcachedir to show the cache directory. (#7350)
Remove emails from AUTHORS.txt to prevent usage for spamming, and only populate names in AUTHORS.txt at time of release (#5979)
Remove deprecated--skip-requirements-regex option. (#7297)
Building of local directories is now done in place, instead of a temporarylocation containing a copy of the directory tree. (#7555)
Remove unusedtests/scripts/test_all_pip.py test script and thetests/scripts folder. (#7680)
pip now implements PEP 610, sopipfreeze has better fidelityin presence of distributions installed from Direct URL requirements. (#609)
Addpipcache command for inspecting/managing pip’s wheel cache. (#6391)
Raise error if--user and--target are used together inpipinstall (#7249)
Significantly improve performance when--find-links points to a very large HTML page. (#7729)
Indicate when wheel building is skipped, due to lack of thewheel package. (#7768)
Change default behaviour to always cache responses from trusted-host source. (#7847)
An alpha version of a new resolver is available via--unstable-feature=resolver. (#988)
Correctly freeze a VCS editable package when it is nested inside another VCS repository. (#3988)
Correctly handle%2F in URL parameters to avoid accidentally unescape theminto/. (#6446)
Reject VCS URLs with an empty revision. (#7402)
Warn when an invalid URL is passed with--index-url (#7430)
Use better mechanism for handling temporary files, when recording metadataabout installed files (RECORD) and the installer (INSTALLER). (#7699)
Correctly detect global site-packages availability of virtual environmentscreated by PyPA’s virtualenv>=20.0. (#7718)
Remove current directory fromsys.path when invoked aspython-mpip<command> (#7731)
Stop failing uninstallation, when trying to remove non-existent files. (#7856)
Prevent an infinite recursion withpipwheel when$TMPDIR is within the source directory. (#7872)
Significantly speeduppiplist--outdated by parallelizing index interaction. (#7962)
Improve Windows compatibility when detecting writability in folder. (#8013)
Update semi-supported debundling script to reflect that appdirs is vendored.
Add ResolveLib as a vendored dependency.
Upgrade certifi to 2020.04.05.1
Upgrade contextlib2 to 0.6.0.post1
Upgrade distro to 1.5.0.
Upgrade idna to 2.9.
Upgrade msgpack to 1.0.0.
Upgrade packaging to 20.3.
Upgrade pep517 to 0.8.2.
Upgrade pyparsing to 2.4.7.
Remove pytoml as a vendored dependency.
Upgrade requests to 2.23.0.
Add toml as a vendored dependency.
Upgrade urllib3 to 1.25.8.
Emphasize that VCS URLs using git, git+git and git+http are insecure due tolack of authentication and encryption (#1983)
Clarify the usage of --no-binary command. (#3191)
Clarify the usage of freeze command in the example of Using pip in your program (#7008)
Add a “Copyright” page. (#7767)
Added example of defining multiple values for options which support them (#7803)
Fix a regression in generation of compatibility tags. (#7626)
Upgrade packaging to 20.1
Rename an internal module, to avoid ImportErrors due to improper uninstallation. (#7621)
Switch to a dedicated CLI tool for vendoring dependencies.
Remove wheel tag calculation from pip and usepackaging.tags. Thisshould provide more tags ordered better than in prior releases. (#6908)
Deprecate setup.py-based builds that do not generate an.egg-info directory. (#6998)
The pip>=20 wheel cache is not retro-compatible with previous versions. Untilpip 21.0, pip will continue to take advantage of existing legacy cacheentries. (#7296)
Deprecate undocumented--skip-requirements-regex option. (#7297)
Deprecate passing install-location-related options via--install-option. (#7309)
Use literal “abi3” for wheel tag on CPython 3.x, to align with PEP 384which only defines it for this platform. (#7327)
Remove interpreter-specific major version tag e.g.cp3-none-anyfrom consideration. This behavior was not documented strictly, and thistag in particular isnot useful.Anyone with a use case can create an issue with pypa/packaging. (#7355)
Wheel processing no longer permits wheels containing more than one top-level.dist-info directory. (#7487)
Support for thegit+git@ form of VCS requirement is being deprecated andwill be removed in pip 21.0. Switch togit+https:// orgit+ssh://.git+git:// also works but its use is discouraged as it isinsecure. (#7543)
Default to doing a user install (as if--user was passed) when the mainsite-packages directory is not writeable and user site-packages are enabled. (#1668)
Warn if a path in PATH starts with tilde duringpipinstall. (#6414)
Cache wheels built from Git requirements that are considered immutable,because they point to a commit hash. (#6640)
Add option--no-python-version-warning to silence warningsrelated to deprecation of Python versions. (#6673)
Cache wheels thatpipwheel built locally, matching whatpipinstall does. This particularly helps performance in workflows wherepipwheel is used forbuilding before installing.Users desiring the original behavior can usepipwheel--no-cache-dir. (#6852)
Display CA information inpipdebug. (#7146)
Show only the filename (instead of full URL), when downloading from PyPI. (#7225)
Suggest a more robust command to upgrade pip itself to avoid confusion when thecurrent pip command is not available aspip. (#7376)
Define all old pip console script entrypoints to prevent import issues instale wrapper scripts. (#7498)
The build step ofpipwheel now builds all wheels to a cache first,then copies them to the wheel directory all at once.Before, it built them to a temporary directory and movedthem to the wheel directory one by one. (#7517)
Expand~ prefix to user directory in path options, configs, andenvironment variables. Values that may be either URL or path are notcurrently supported, to avoid ambiguity:
--find-links
--constraint,-c
--requirement,-r
--editable,-e (#980)
Correctly handle system site-packages, in virtual environments created with venv (PEP 405). (#5702,#7155)
Fix case sensitive comparison of pip freeze when used with -r option. (#5716)
Enforce PEP 508 requirement format inpyproject.tomlbuild-system.requires. (#6410)
Makeensure_dir() also ignoreENOTEMPTY as seen on Windows. (#6426)
Fix building packages which specifybackend-path in pyproject.toml. (#6599)
Do not attempt to runsetup.pyclean after apep517 build error,since asetup.py may not exist in that case. (#6642)
Fix passwords being visible in the index-url in“Downloading <url>” message. (#6783)
Change method from shutil.remove to shutil.rmtree in noxfile.py. (#7191)
Skip running tests which require subversion, when svn isn’t installed (#7193)
Fix not sending client certificates when using--trusted-host. (#7207)
Make surepipwheel never outputs pure python wheels with apython implementation tag. Better fix/workaround for#3025 byusing a per-implementation wheel cache instead of caching pure pythonwheels with an implementation tag in their name. (#7296)
Includesubdirectory URL fragments in cache keys. (#7333)
Fix typo in warning message when any of--build-option,--global-optionand--install-option is used in requirements.txt (#7340)
Fix the logging of cached HTTP response shown as downloading. (#7393)
Effectively disable the wheel cache when it is not writable, as is thecase with the http cache. (#7488)
Correctly handle relative cache directory provided via --cache-dir. (#7541)
Upgrade CacheControl to 0.12.5
Upgrade certifi to 2019.9.11
Upgrade colorama to 0.4.1
Upgrade distlib to 0.2.9.post0
Upgrade ipaddress to 1.0.22
Update packaging to 20.0.
Upgrade pkg_resources (via setuptools) to 44.0.0
Upgrade pyparsing to 2.4.2
Upgrade six to 1.12.0
Upgrade urllib3 to 1.25.6
Document that “coding: utf-8” is supported in requirements.txt (#7182)
Explain how to get pip’s source code inGetting Started (#7197)
Describe how basic authentication credentials in URLs work. (#7201)
Add more clear installation instructions (#7222)
Fix documentation links for index options (#7347)
Better document the requirements file format (#7385)
Document Python 3.8 support. (#7219)
Fix bug that prevented installation of PEP 517 packages withoutsetup.py. (#6606)
Print a better error message when--no-binary or--only-binary is givenan argument starting with-. (#3191)
Makepipshow warn about packages not found. (#6858)
Support including a port number in--trusted-host for both HTTP and HTTPS. (#6886)
Redact single-part login credentials from URLs in log messages. (#6891)
Implement manylinux2014 platform tag support. manylinux2014 is the successorto manylinux2010. It allows carefully compiled binary wheels to be installedon compatible Linux platforms. The manylinux2014 platform tag definition canbe found inPEP599. (#7102)
Abort installation if any archive contains a file which would be placedoutside the extraction location. (#3907)
pip’s CLI completion code no longer prints a Traceback if it is interrupted. (#3942)
Correct inconsistency related to thehg+file scheme. (#4358)
Fixrmtree_errorhandler to skip non-existing directories. (#4910)
Ignore errors copying socket files for local source installs (in Python 3). (#5306)
Fix requirement line parser to correctly handle PEP 440 requirements with a URLpointing to an archive file. (#6202)
Thepip-wheel-metadata directory does not need to persist between invocations of pip, use a temporary directory instead of the currentsetup.py directory. (#6213)
Fix--trusted-host processing under HTTPS to trust any port number usedwith the host. (#6705)
Switch to newdistlib wheel script template. This should be functionallyequivalent for end users. (#6763)
Skip copying .tox and .nox directories to temporary build directories (#6770)
Fix handling of tokens (single part credentials) in URLs. (#6795)
Fix a regression that caused~ expansion not to occur in--find-linkspaths. (#6804)
Fix bypassed pip upgrade warning on Windows. (#6841)
Fix ‘m’ flag erroneously being appended to ABI tag in Python 3.8 on platforms that do not provide SOABI (#6885)
Hide security-sensitive strings like passwords in log messages related toversion control system (aka VCS) command invocations. (#6890)
Correctly uninstall symlinks that were installed in a virtualenv,by tools such asflitinstall--symlink. (#6892)
Don’t fail installation using pip.exe on Windows when pip wouldn’t be upgraded. (#6924)
Use canonical distribution names when computingRequired-By inpipshow. (#6947)
Don’t use hardlinks for locking selfcheck state file. (#6954)
Ignore “require_virtualenv” inpipconfig (#6991)
Fixpipfreeze not showing correct entry for mercurial packages that use subdirectories. (#7071)
Fix a crash whensys.stdin is set toNone, such as on AWS Lambda. (#7118,#7119)
Upgrade certifi to 2019.9.11
Add contextlib2 0.6.0 as a vendored dependency.
Remove Lockfile as a vendored dependency.
Upgrade msgpack to 0.6.2
Upgrade packaging to 19.2
Upgrade pep517 to 0.7.0
Upgrade pyparsing to 2.4.2
Upgrade pytoml to 0.1.21
Upgrade setuptools to 41.4.0
Upgrade urllib3 to 1.25.6
Fix ‘m’ flag erroneously being appended to ABI tag in Python 3.8 on platforms that do not provide SOABI (#6885)
Fix aNoneTypeAttributeError when evaluating hashes and no hashesare provided. (#6772)
Credentials will now be loaded usingkeyring when installed. (#5948)
Fully support using--trusted-host inside requirements files. (#3799)
Update timestamps in pip’s--log file to include milliseconds. (#6587)
Respect whether a file has been marked as “yanked” from a simple repository(seePEP 592 for details). (#6633)
When choosing candidates to install, prefer candidates with a hash matchingone of the user-provided hashes. (#5874)
Improve the error message whenMETADATA orPKG-INFO is None whenaccessing metadata. (#5082)
Add a new commandpipdebug that can display e.g. the list of compatibletags for the current Python. (#6638)
Display hint on installing with --pre when search results include pre-release versions. (#5169)
Report to Warehouse that pip is running under CI if thePIP_IS_CI environment variable is set. (#5499)
Allow--python-version to be passed as a dotted version string (e.g.3.7 or3.7.3). (#6585)
Log the final filename and SHA256 of a.whl file when done building awheel. (#5908)
Include the wheel’s tags in the log message explanation when a candidatewheel link is found incompatible. (#6121)
Add a--path argument topipfreeze to support--targetinstallations. (#6404)
Add a--path argument topiplist to support--targetinstallations. (#6551)
Setsys.argv[0] to the underlyingsetup.py when invokingsetup.pyvia the setuptools shim so setuptools doesn’t think the path is-c. (#1890)
Updatepipdownload to respect the given--python-version when checking"Requires-Python". (#5369)
Respect--global-option and--install-option when installing froma version control url (e.g.git). (#5518)
Make the “ascii” progress bar really be “ascii” and not Unicode. (#5671)
Fail elegantly when trying to set an incorrectly formatted key in config. (#5963)
Prevent DistutilsOptionError when prefix is indicated in the global environment and--target is used. (#6008)
Fixpipinstall to respect--ignore-requires-python when evaluatinglinks. (#6371)
Fix a debug log message when freezing an editable, non-version controlledrequirement. (#6383)
Extend to Subversion 1.8+ the behavior of calling Subversion ininteractive mode when pip is run interactively. (#6386)
Preventpipinstall<url> from permitting directory traversal if e.g.a malicious server sends aContent-Disposition header with a filenamecontaining../ or..\\. (#6413)
Hide passwords in output when using--find-links. (#6489)
Include more details in the log message ifpipfreeze can’t generate arequirement string for a particular distribution. (#6513)
Add the line number and file location to the error message when reading aninvalid requirements file in certain situations. (#6527)
Preferos.confstr toctypes when extracting glibc version info. (#6543,#6675)
Improve error message printed when an invalid editable requirement is provided. (#6648)
Improve error message formatting when a command errors out in a subprocess. (#6651)
Upgrade certifi to 2019.6.16
Upgrade distlib to 0.2.9.post0
Upgrade msgpack to 0.6.1
Upgrade requests to 2.22.0
Upgrade urllib3 to 1.25.3
Patch vendored html5lib, to prefer usingcollections.abc where possible.
Restorepyproject.toml handling to how it was with pip 19.0.3 to preventthe need to add--no-use-pep517 when installing in editable mode. (#6434)
Fix a regression that caused@ to be quoted in pypiserver links.This interfered with parsing the revision string from VCS urls. (#6440)
Configuration files may now also be stored undersys.prefix (#5060)
Avoid creating an unnecessary local clone of a Bazaar branch when exporting. (#5443)
Include in pip’s User-Agent string whether it looks like pip is runningunder CI. (#5499)
A custom (JSON-encoded) string can now be added to pip’s User-Agentusing thePIP_USER_AGENT_USER_DATA environment variable. (#5549)
For consistency, passing--no-cache-dir no longer affects whether wheelswill be built. In this case, a temporary directory is used. (#5749)
Command arguments insubprocess log messages are now quoted usingshlex.quote(). (#6290)
Prefix warning and error messages in log output withWARNING andERROR. (#6298)
Using--build-options in a PEP 517 build now fails with an error,rather than silently ignoring the option. (#6305)
Error out with an informative message if one tries to install apyproject.toml-style (PEP 517) source tree using--editable mode. (#6314)
When downloading a package, the ETA and average speed now only update once per second for better legibility. (#6319)
The stdout and stderr from VCS commands run by pip as subprocesses (e.g.git,hg, etc.) no longer pollute pip’s stdout. (#1219)
Fix handling of requests exceptions when dependencies are debundled. (#4195)
Make pip’s self version check avoid recommending upgrades to prereleases if the currently-installed version is stable. (#5175)
Fixed crash when installing a requirement from a URL that comes from a dependency without a URL. (#5889)
Improve handling of file URIs: correctly handlefile://localhost/… and don’t try to use UNC paths on Unix. (#5892)
Fixutils.encoding.auto_decode()LookupError with invalid encodings.utils.encoding.auto_decode() was broken when decoding Big Endian BOMbyte-strings on Little Endian or vice versa. (#6054)
Fix incorrect URL quoting of IPv6 addresses. (#6285)
Redact the password from the extra index URL when usingpip-v. (#6295)
The spinner no longer displays a completion message after subprocess callsnot needing a spinner. It also no longer incorrectly reports an error aftercertain subprocess calls to Git that succeeded. (#6312)
Fix the handling of editable mode during installs whenpyproject.toml ispresent but PEP 517 doesn’t require the source tree to be treated aspyproject.toml-style. (#6370)
FixNameError when handling an invalid requirement. (#6419)
Updated certifi to 2019.3.9
Updated distro to 1.4.0
Update progress to 1.5
Updated pyparsing to 2.4.0
Updated pkg_resources to 41.0.1 (via setuptools)
Make dashes render correctly when displaying long options like--find-links in the text. (#6422)
Fix a crash where PEP 517-based builds using--no-cache-dir would fail insome circumstances with anAssertionError due to not finalizing a builddirectory internally. (#6197)
Provide a better error message if attempting an editable install of adirectory with apyproject.toml but nosetup.py. (#6170)
The implicit default backend used for projects that provide apyproject.tomlfile without explicitly specifyingbuild-backend now behaves more like directexecution ofsetup.py, and hence should restore compatibility with projectsthat were unable to be installed withpip 19.0. This raised the minimumrequired version ofsetuptools for such builds to 40.8.0. (#6163)
AllowRECORD lines with more than three elements, and display a warning. (#6165)
AdjacentTempDirectory fails on unwritable directory instead of locking up the uninstall command. (#6169)
Make failed uninstalls roll back more reliably and better at avoiding naming conflicts. (#6194)
Ensure the correct wheel file is copied when building PEP 517 distribution is built. (#6196)
The Python 2 end of life warning now only shows on CPython, which is theimplementation that has announced end of life plans. (#6207)
Re-write README and documentation index (#5815)
Deprecate support for Python 3.4 (#6106)
Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life andprompt users to start migrating to Python 3. (#6148)
Remove the deprecated--process-dependency-links option. (#6060)
Remove the deprecated SVN editable detection based on dependency linksduring freeze. (#5866)
Implement PEP 517 (allow projects to specify a build backend via pyproject.toml). (#5743)
Implement manylinux2010 platform tag support. manylinux2010 is the successorto manylinux1. It allows carefully compiled binary wheels to be installedon compatible Linux platforms. (#5008)
Improve build isolation: handle.pth files, so namespace packages are correctly supported under Python 3.2 and earlier. (#5656)
Include the package name in a freeze warning if the package is not installed. (#5943)
Warn when dropping an--[extra-]index-url value that points to an existing local directory. (#5827)
Prefix pip’s--log file lines with their timestamp. (#6141)
Avoid creating excessively long temporary paths when uninstalling packages. (#3055)
Redact the password from the URL in various log messages. (#4746,#6124)
Avoid creating excessively long temporary paths when uninstalling packages. (#3055)
Avoid printing a stack trace when given an invalid requirement. (#5147)
Present 401 warning if username/password do not work for URL (#4833)
Handlerequests.exceptions.RetryError raised inPackageFinder that was causing pip to fail silently when some indexes were unreachable. (#5270,#5483)
Handle a broken stdout pipe more gracefully (e.g. when runningpiplist|head). (#4170)
Fix crash from settingPIP_NO_CACHE_DIR=yes. (#5385)
Fix crash from unparsable requirements when checking installed packages. (#5839)
Fix content type detection if a directory named like an archive is used as a package source. (#5838)
Fix listing of outdated packages that are not dependencies of installed packages inpiplist--outdated--not-required (#5737)
Fix sortingTypeError inmove_wheel_files() when installing some packages. (#5868)
Fix support for invoking pip usingpythonsrc/pip.... (#5841)
Greatly reduce memory usage when installing wheels containing large files. (#5848)
Editable non-VCS installs now freeze as editable. (#5031)
Editable Git installs without a remote now freeze as editable. (#4759)
Canonicalize sdist file names so they can be matched to a canonicalized package name passed topipinstall. (#5870)
Properly decode special characters in SVN URL credentials. (#5968)
MakePIP_NO_CACHE_DIR disable the cache also for truthy values like"true","yes","1", etc. (#5735)
Include license text of vendored 3rd party libraries. (#5213)
Update certifi to 2018.11.29
Update colorama to 0.4.1
Update distlib to 0.2.8
Update idna to 2.8
Update packaging to 19.0
Update pep517 to 0.5.0
Update pkg_resources to 40.6.3 (via setuptools)
Update pyparsing to 2.3.1
Update pytoml to 0.1.20
Update requests to 2.21.0
Update six to 1.12.0
Update urllib3 to 1.24.1
Allow PEP 508 URL requirements to be used as dependencies.
As a security measure, pip will raise an exception when installing packages fromPyPI if those packages depend on packages not also hosted on PyPI.In the future, PyPI will block uploading packages with such external URL dependencies directly. (#4187)
Allows dist options (--abi, --python-version, --platform, --implementation) when installing with --target (#5355)
Support passingsvn+ssh URLs with a username topipinstall-e. (#5375)
pip now ensures that the RECORD file is sorted when installing from a wheel file. (#5525)
Add support for Python 3.7. (#5561)
Malformed configuration files now show helpful error messages, instead of tracebacks. (#5798)
Checkout the correct branch when doing an editable Git install. (#2037)
Run self-version-check only on commands that may access the index, instead oftrying on every run and failing to do so due to missing options. (#5433)
Allow a Git ref to be installed over an existing installation. (#5624)
Show a better error message when a configuration option has an invalid value. (#5644)
Always revalidate cached simple API pages instead of blindly caching them for up to 10minutes. (#5670)
Avoid caching self-version-check information when cache is disabled. (#5679)
Avoid traceback printing on autocomplete after flags in the CLI. (#5751)
Fix incorrect parsing of egg names if pip needs to guess the package name. (#5819)
Upgrade certifi to 2018.8.24
Upgrade packaging to 18.0
Upgrade pyparsing to 2.2.1
Add pep517 version 0.2
Upgrade pytoml to 0.1.19
Upgrade pkg_resources to 40.4.3 (via setuptools)
Fix “Requirements Files” reference in User Guide (#user_guide_fix_requirements_file_ref)
Switch to a Calendar based versioning scheme.
Formally document our deprecation process as a minimum of 6 months of deprecationwarnings.
Adopt and document NEWS fragment writing style.
Switch to releasing a new, non-bug fix version of pip every 3 months.
Remove the legacy format from pip list. (#3651, #3654)
Dropped support for Python 3.3. (#3796)
Remove support for cleaning up #egg fragment postfixes. (#4174)
Remove the shim for the old get-pip.py location. (#5520)
For the past 2 years, it’s only been redirecting users to use the newerhttps://bootstrap.pypa.io/get-pip.py location.
Introduce a new --prefer-binary flag, to prefer older wheels over newer source packages. (#3785)
Improve autocompletion function on file name completion after optionswhich have<file>,<dir> or<path> as metavar. (#4842, #5125)
Add support for installing PEP 518 build dependencies from source. (#5229)
Improve status message when upgrade is skipped due to only-if-needed strategy. (#5319)
Update pip’s self-check logic to not use a virtualenv specific file and honor cache-dir. (#3905)
Remove compiled pyo files for wheel packages. (#4471)
Speed up printing of newly installed package versions. (#5127)
Restrict install time dependency warnings to directly-dependant packages. (#5196, #5457)
Warning about the entire package set has resulted in users getting confused asto why pip is printing these warnings.
Improve handling of PEP 518 build requirements: support environment markers and extras. (#5230, #5265)
Remove username/password from log message when using index with basic auth. (#5249)
Remove trailing os.sep from PATH directories to avoid false negatives. (#5293)
Fix “pip wheel pip” being blocked by the “don’t use pip to modify itself” check. (#5311, #5312)
Disable pip’s version check (and upgrade message) when installed by a different package manager. (#5346)
This works better with Linux distributions where pip’s upgrade message mayresult in users running pip in a manner that modifies files that should bemanaged by the OS’s package manager.
Check for file existence and unlink first when clobbering existing files during a wheel install. (#5366)
Improve error message to be more specific when no files are found as listed in as listed in PKG-INFO. (#5381)
Always readpyproject.toml as UTF-8. This fixes Unicode handling on Windows and Python 2. (#5482)
Fix a crash that occurs when PATH not set, while generating script location warning. (#5558)
Disallow packages withpyproject.toml files that have an empty build-system table. (#5627)
Update CacheControl to 0.12.5.
Update certifi to 2018.4.16.
Update distro to 1.3.0.
Update idna to 2.7.
Update ipaddress to 1.0.22.
Update pkg_resources to 39.2.0 (via setuptools).
Update progress to 1.4.
Update pytoml to 0.1.16.
Update requests to 2.19.1.
Update urllib3 to 1.23.
Document how to use pip with a proxy server. (#512, #5574)
Document that the output of pip show is in RFC-compliant mail header format. (#5261)
Switch the default repository to the new “PyPI 2.0” running athttps://pypi.org/. (#5214)
Fix a bug that made get-pip.py unusable on Windows without renaming. (#5219)
Fix a TypeError when loading the cache on older versions of Python 2.7.(#5231)
Fix and improve error message when EnvironmentError occurs duringinstallation. (#5237)
A crash when reinstalling from VCS requirements has been fixed. (#5251)
Fix PEP 518 support when pip is installed in the user site. (#5524)
Upgrade distlib to 0.2.7
Prevent false-positive installation warnings due to incomplete namenormalization. (#5134)
Fix issue where installing from Git with a short SHA would fail. (#5140)
Accept pre-release versions when checking for conflicts with pip check or pipinstall. (#5141)
ioctl(fd,termios.TIOCGWINSZ,...) needs 8 bytes of data (#5150)
Do not warn about script location when installing to the directory containingsys.executable. This is the case when ‘pip install’ing without activating avirtualenv. (#5157)
Fix PEP 518 support. (#5188)
Don’t warn about script locations if--target is specified. (#5203)
Fixed line endings in CA Bundle - 10.0.0b1 was inadvertently released with Windowsline endings. (#5131)
Removed the deprecated--egg parameter topipinstall. (#1749)
Removed support for uninstalling projects which have been installed usingdistutils. distutils installed projects do not include metadata indicatingwhat files belong to that install and thus it is impossible toactuallyuninstall them rather than just remove the metadata saying they’ve beeninstalled while leaving all of the actual files behind. (#2386)
Removed the deprecated--download option topipinstall. (#2643)
Removed the deprecated --(no-)use-wheel flags topipinstall andpipwheel. (#2699)
Removed the deprecated--allow-external,--allow-all-external, and--allow-unverified options. (#3070)
Switch the default forpiplist to the columns format, and deprecate thelegacy format. (#3654, #3686)
Deprecate support for Python 3.3. (#3796)
Removed the deprecated--default-vcs option. (#4052)
Removed thesetup.pytest support from our sdist as it wasn’t beingmaintained as a supported means to run our tests. (#4203)
Dropped support for Python 2.6. (#4343)
Removed the --editable flag from pip download, as it did not make sense(#4362)
Deprecate SVN detection based on dependency links inpipfreeze. (#4449)
Move all of pip’s APIs into the pip._internal package, properly reflectingthe fact that pip does not currently have any public APIs. (#4696, #4700)
Add--progress-bar <progress_bar> topipdownload,pipinstall andpipwheel commands, to allow selecting a specific progress indicator or,to completely suppress, (for example in a CI environment) use--progress-baroff`. (#2369, #2756)
Add--no-color topip. All colored output is disabled if this flag isdetected. (#2449)
pip uninstall now ignores the absence of a requirement and prints a warning.(#3016, #4642)
Improved the memory and disk efficiency of the HTTP cache. (#3515)
Support for packages specifying build dependencies in pyproject.toml (seePEP 518). Packages whichspecify one or more build dependencies this way will be built into wheels inan isolated environment with those dependencies installed. (#3691)
pip now supports environment variable expansion in requirement files usingonly${VARIABLE} syntax on all platforms. (#3728)
Allowed combinations of -q and -v to act sanely. Then we don’t need warningsmentioned in the issue. (#4008)
Add--exclude-editable topipfreeze andpiplist to excludeeditable packages from installed package list. (#4015, #4016)
Improve the error message for the commonpipinstall./requirements.txtcase. (#4127)
Add support for the new@url syntax from PEP 508. (#4175)
Add setuptools version to the statistics sent to BigQuery. (#4209)
Report the line which caused the hash error when using requirement files.(#4227)
Add a pip config command for managing configuration files. (#4240)
Allowpipdownload to be used with a specific platform when--no-depsis set. (#4289)
Support build-numbers in wheel versions and support sorting withbuild-numbers. (#4299)
Change pip outdated to use PackageFinder in order to do the version lookup sothat local mirrors in Environments that do not have Internet connections canbe used as the Source of Truth for latest version. (#4336)
pip now retries on more HTTP status codes, for intermittent failures.Previously, it only retried on the standard 503. Now, it also retries on 500(transient failures on AWS S3), 520 and 527 (transient failures onCloudflare). (#4473)
pip now displays where it is looking for packages, if non-default locationsare used. (#4483)
Display a message to run the right command for modifying pip on Windows(#4490)
Add Man Pages for pip (#4491)
Make uninstall command less verbose by default (#4493)
Switch the default upgrade strategy to be ‘only-if-needed’ (#4500)
Installing from a local directory or a VCS URL now builds a wheel to install,rather than runningsetup.pyinstall. Wheels from these sources are notcached. (#4501)
Don’t log a warning when installing a dependency from Git if the name lookslike a commit hash. (#4507)
pip now displays a warning when it installs scripts from a wheel outside thePATH. These warnings can be suppressed using a new --no-warn-script-locationoption. (#4553)
Local Packages can now be referenced using forward slashes on Windows.(#4563)
pip show learnt a new Required-by field that lists currently installedpackages that depend on the shown package (#4564)
The command-line autocompletion enginepipshow now autocompletesinstalled distribution names. (#4749)
Change documentation theme to be in line with Python Documentation (#4758)
Add auto completion of short options. (#4954)
Run ‘setup.py develop’ inside pep518 build environment. (#4999)
pip install now prints an error message when it installs an incompatibleversion of a dependency. (#5000)
Added a way to distinguish between pip installed packages and those from thesystem package manager in ‘pip list’. Specifically, ‘pip list -v’ also showsthe installer of package if it has that meta data. (#949)
Show install locations when list command ran with “-v” option. (#979)
Allow pip to work if theGIT_DIR andGIT_WORK_TREE environmentvariables are set. (#1130)
Makepipinstall--force-reinstall not require passing--upgrade.(#1139)
Return a failing exit status whenpip install,pip download, orpipwheel is called with no requirements. (#2720)
Interactive setup.py files will no longer hang indefinitely. (#2732, #4982)
Correctly reset the terminal if an exception occurs while a progress bar isbeing shown. (#3015)
“Support URL-encoded characters in URL credentials.” (#3236)
Don’t assume sys.__stderr__.encoding exists (#3356)
Fixpipuninstall wheneasy-install.pth lacks a trailing newline.(#3741)
Keep install options in requirements.txt from leaking. (#3763)
pip no longer passes global options from one package to later packages in thesame requirement file. (#3830)
Support installing from Git refs (#3876)
Use pkg_resources to parse the entry points file to allow names with colons.(#3901)
-q specified once correctly sets logging level to WARNING, instead ofCRITICAL. Use-qqq to have the previous behavior back. (#3994)
Shell completion scripts now use correct executable names (e.g.,pip3instead ofpip) (#3997)
Changed vendored encodings fromutf8 toutf-8. (#4076)
Fixes destination directory of data_files whenpipinstall--target isused. (#4092)
Limit the disabling of requests’ pyopenssl to Windows only. Fixes“SNIMissingWarning / InsecurePlatformWarning not fixable with pip 9.0 /9.0.1” (for non-Windows) (#4098)
Support the installation of wheels with non-PEP 440 version in theirfilenames. (#4169)
Fall back to sys.getdefaultencoding() if locale.getpreferredencoding()returns None inpip.utils.encoding.auto_decode. (#4184)
Fix a bug whereSETUPTOOLS_SHIM got called incorrectly for relative pathrequirements by converting relative paths to absolute paths prior to callingthe shim. (#4208)
Return the latest version number in search results. (#4219)
Improve error message on permission errors (#4233)
Fail gracefully when/etc/image_version (or another distro version file)appears to exists but is not readable. (#4249)
Avoid importing setuptools in the parent pip process, to avoid a racecondition when upgrading one of setuptools dependencies. (#4264)
Fix for an incorrectfreeze warning message due to a package beingincluded in multiple requirements files that were passed tofreeze.Instead of warning incorrectly that the package is not installed, pip nowwarns that the package was declared multiple times and lists the name of eachrequirements file that contains the package in question. (#4293)
Generalize help text forcompile/no-compile flags. (#4316)
Handle the case when/etc is not readable by the current user by using ahardcoded list of possible names of release files. (#4320)
Fixed aNameError when attempting to catchFileNotFoundError onPython 2.7. (#4322)
Ensure USER_SITE is correctly initialised. (#4437)
Reinstalling an editable package from Git no longer assumes that themaster branch exists. (#4448)
This fixes an issue where when someone who tries to use git with pip but pipcan’t because git is not in the path environment variable. This clarifies theerror given to suggest to the user what might be wrong. (#4461)
Improve handling of text output from build tools (avoid Unicode errors)(#4486)
Fix a “No such file or directory” error when using --prefix. (#4495)
Allow commands to opt out of --require-venv. This allows pip help to workeven when the environment variable PIP_REQUIRE_VIRTUALENV is set. (#4496)
Fix warning message on mismatched versions during installation. (#4655)
pip now records installed files in a deterministic manner improvingreproducibility. (#4667)
Fix an issue wherepipinstall-e on a Git url would fail to update if abranch or tag name is specified that happens to match the prefix of thecurrentHEAD commit hash. (#4675)
Fix an issue where a variable assigned in a try clause was accessed in theexcept clause, resulting in an undefined variable error in the except clause.(#4811)
Use log levelinfo instead ofwarning when ignoring packages due toenvironment markers. (#4876)
Replaced typo mistake in subversion support. (#4908)
Terminal size is now correctly inferred when using Python 3 on Windows.(#4966)
Abort if reading configuration causes encoding errors. (#4976)
Add a--no-user option and use it when installing build dependencies.(#5085)
Upgraded appdirs to 1.4.3.
Upgraded CacheControl to 0.12.3.
Vendored certifi at 2017.7.27.1.
Vendored chardet at 3.0.4.
Upgraded colorama to 0.3.9.
Upgraded distlib to 0.2.6.
Upgraded distro to 1.2.0.
Vendored idna at idna==2.6.
Upgraded ipaddress to 1.0.18.
Vendored msgpack-python at 0.4.8.
Removed the vendored ordereddict.
Upgraded progress to 1.3.
Upgraded pyparsing to 2.2.0.
Upgraded pytoml to 0.1.14.
Upgraded requests to 2.18.4.
Upgraded pkg_resources (via setuptools) to 36.6.0.
Upgraded six to 1.11.0.
Vendored urllib3 at 1.22.
Upgraded webencodings to 0.5.1.
Added documentation on usage of --build command line option (#4262)
(#4358)
Document how to call pip from your code, including the fact that we do notprovide a Python API. (#4743)
Fix an error where the vendored requests was not correctly containing itselfto only the internal vendored prefix.
Restore compatibility with 2.6.
Fallback to using SecureTransport on macOS when the linked OpenSSL is too oldto support TLSv1.2.
Correct the deprecation message when not specifying a --format so that ituses the correct setting name (format) rather than the incorrect one(list_format). (#4058)
Fixpipcheck to check all available distributions and not just thelocal ones. (#4083)
Fix a crash on non ASCII characters fromlsb_release. (#4062)
Fix an SyntaxError in an unused module of a vendored dependency. (#4059)
Fix UNC paths on Windows. (#4064)
BACKWARD INCOMPATIBLE Remove the attempted autodetection of requirementnames from URLs, URLs must include a name via#egg=.
DEPRECATIONpipinstall--egg have been deprecated and will beremoved in the future. This “feature” has a long list of drawbacks whichbreak nearly all of pip’s other features in subtle and hard-to-diagnoseways.
DEPRECATION--default-vcs option. (#4052)
WARNING pip 9 cache can break forward compatibility with previous pipversions if your package repository allows chunked responses. (#4078)
Add an--upgrade-strategy option topipinstall, to control howdependency upgrades are managed. (#3972)
Add apipcheck command to check installed packages dependencies. (#3750)
Add option allowing user to abort pip operation if file/directory exists
Add Appveyor CI
Uninstall existing packages when performing an editable installation ofthe same packages. (#1548)
pipshow is less verbose by default.--verbose prints multilinefields. (#3858)
Add optional column formatting topiplist. (#3651)
Add--not-required option topiplist, which lists packages that arenot dependencies of other packages.
Fix builds on systems with symlinked/tmp directory for custombuilds such as numpy. (#3701)
Fix regression inpipfreeze: when there is more than one git remote,priority is given to the remote namedorigin. (#3708, #3616).
Fix crash when callingpipfreeze with invalid requirement installed.(#3704, #3681)
Allow multiple--requirement files inpipfreeze. (#3703)
Implementation of pep-503data-requires-python. When this field ispresent for a release link, pip will ignore the download wheninstalling to a Python version that doesn’t satisfy the requirement.
pipwheel now works on editable packages too (it was only working oneditable dependencies before); this allows runningpipwheel on the resultofpipfreeze in presence of editable requirements. (#3695, #3291)
Load credentials from.netrc files. (#3715, #3569)
Add--platform,--python-version,--implementation and--abiparameters topipdownload. These allow utilities and advanced users togather distributions for interpreters other than the one pip is being run on.(#3760)
Skip scanning virtual environments, even when venv/bin/python is a danglingsymlink.
Addedpipcompletion support for thefish shell.
Fix problems on Windows on Python 2 when username or hostname containsnon-ASCII characters. (#3463, #3970, #4000)
Usegitfetch--tags to fetch tags in addition to everything else thatis normally fetched; this is necessary in case a git requirement urlpoints to a tag or commit that is not on a branch. (#3791)
Normalize package names before using inpipshow (#3976)
Raise when Requires-Python do not match the running version and add--ignore-requires-python option as escape hatch. (#3846)
Report the correct installed version when performing an upgrade in somecorner cases. (#2382
Add-i shorthand for--index flag inpipsearch.
Do not optionally load C dependencies in requests. (#1840, #2930, #3024)
Strip authentication from SVN url prior to passing it tosvn.(#3697, #3209)
Also install in platlib with--target option. (#3694, #3682)
Restore the ability to use inline comments in requirements files passed topipfreeze. (#3680)
Fix a regression on systems with uninitialized locale. (#3575)
Use environment markers to filter packages before determining if a requiredwheel is supported. (#3254)
Make glibc parsing formanylinux1 support more robust for the variety ofglibc versions found in the wild. (#3588)
Update environment marker support to fully support legacy and PEP 508 styleenvironment markers. (#3624)
Always use debug logging to the--log file. (#3351)
Don’t attempt to wrap search results for extremely narrow terminal windows.(#3655)
Fix regression with non-ascii requirement files on Python 2 and add supportfor encoding headers in requirement files. (#3548, #3547)
Implement PEP 513, which adds support for the manylinux1 platform tag,allowing carefully compiled binary wheels to be installed on compatible Linuxplatforms.
Allow wheels which are not specific to a particular Python interpreter butwhich are specific to a particular platform. (#3202)
Fixed an issue wherecall_subprocess would crash trying to print debugdata on child process failure. (#3521, #3522)
Exclude the wheel package from thepip freeze output (like pip andsetuptools). (#2989)
Allow installing modules from a subdirectory of a vcs repository innon-editable mode. (#3217, #3466)
Make pip wheel and pip download work with vcs urls with subdirectory option.(#3466)
Show classifiers inpipshow.
Show PEP376 Installer inpipshow. (#3517)
Unhide completion command. (#1810)
Show latest version number inpipsearch results. (#1415)
Decode requirement files according to their BOM if present. (#3485, #2865)
Fix and deprecate package name detection from url path. (#3523, #3495)
Correct the behavior where interpreter specific tags (such as cp34) werebeing used on later versions of the same interpreter instead of only for thatspecific interpreter. (#3472)
Fix an issue where pip would erroneously install a 64 bit wheel on a 32 bitPython running on a 64 bit macOS machine.
Do not assume that all git repositories have an origin remote.
Correctly display the line to add to a requirements.txt for an URL baseddependency when--require-hashes is enabled.
Makeinstall--quiet really quiet. (#3418)
Fix a bug when removing packages in python 3: disable INI-style parsing of theentry_point.txt file to allow entry point names with colons. (#3434)
Normalize generated script files path in RECORD files. (#3448)
Fix bug introduced in 8.0.0 where subcommand output was not shown,even when the user specified-v /--verbose. (#3486)
Enable python -W with respect to PipDeprecationWarning. (#3455)
Upgrade distlib to 0.2.2.
Improved support for Jython when quoting executables in output scripts.(#3467)
Add a--all option topip freeze to include usually skipped package(like pip, setuptools and wheel) to the freeze output. (#1610)
Stop attempting to trust the system CA trust store because it’s extremelycommon for them to be broken, often in incompatible ways. (#3416)
Detect CAPaths in addition to CAFiles on platforms that provide them.
Installing argparse or wsgiref will no longer warn or error - pip will allowthe installation even though it may be useless (since the installed thingwill be shadowed by the standard library).
Upgrading a distutils installed item that is installed outside of a virtualenvironment, while inside of a virtual environment will no longer warn orerror.
Fix a bug where pre-releases were showing up inpiplist--outdatedwithout the--pre flag.
Switch the SOABI emulation from using RuntimeWarnings to debug logging.
Rollback the removal of the ability to uninstall distutils installed itemsuntil a future date.
BACKWARD INCOMPATIBLE Drop support for Python 3.2.
BACKWARD INCOMPATIBLE Remove the ability to find any files other than theones directly linked from the index or find-links pages.
BACKWARD INCOMPATIBLE Remove the--download-cache which had beendeprecated and no-op’d in 6.0.
BACKWARD INCOMPATIBLE Remove the--log-explicit-levels which had beendeprecated in 6.0.
BACKWARD INCOMPATIBLE Change pip wheel --wheel-dir default path from<cwd>/wheelhouse to <cwd>.
Deprecate and no-op the--allow-external,--allow-all-external, and--allow-unverified functionality that was added as part of PEP 438. Withchanges made to the repository protocol made in PEP 470, these options are nolonger functional.
Allow--trusted-host within a requirements file. (#2822)
Allow--process-dependency-links within a requirements file. (#1274)
Allow--pre within a requirements file. (#1273)
Allow repository URLs with secure transports to count as trusted. (E.g.,“git+ssh” is okay.) (#2811)
Implement a top-levelpipdownload command and deprecatepipinstall--download.
When uninstalling, look for the case of paths containing symlinkeddirectories (#3141, #3154)
When installing, if building a wheel fails, clear up the build directorybefore falling back to a source install. (#3047)
Fix user directory expansion whenHOME=/. Workaround for Python bughttps://bugs.python.org/issue14768. (#2996)
Correct reporting of requirements file line numbers. (#3009, #3125)
Fixed Exception(IOError) forpipfreeze andpiplist commands withsubversion >= 1.7. (#1062, #3346)
Provide a spinner showing that progress is happening when installing orbuilding a package viasetup.py. This will alleviate concerns thatprojects with unusually long build times have with pip appearing to stall.
Include the functionality ofpeep into pip, allowing hashes to be bakedinto a requirements file and ensuring that the packages being downloadedmatch one of those hashes. This is an additional, opt-in security measurethat, when used, removes the need to trust the repository.
Fix a bug causing pip to not select a wheel compiled against an OSX SDK laterthan what Python itself was compiled against when running on a newer versionof OSX.
Add a new--prefix option forpipinstall that supports wheels andsdists. (#3252)
Fixed issue regarding wheel building with setup.py using a different encodingthan the system. (#2042)
Drop PasteScript specific egg_info hack. (#3270)
Allow combination of pip list options --editable with --outdated/--uptodate.(#933)
Gives VCS implementations control over saying whether a project is undertheir control. (#3258)
Git detection now works whensetup.py is not at the Git repo rootand whenpackage_dir is used, sopipfreeze works in morecases. (#3258)
Correctly freeze Git develop packages in presence of the &subdirectoryoption (#3258)
The detection of editable packages now relies on the presence of.egg-linkinstead of looking for a VCS, sopiplist-e is more reliable. (#3258)
Add the--prefix flag topipinstall which allows specifying a rootprefix to use instead ofsys.prefix. (#3252)
Allow duplicate specifications in the case that only the extras differ, andunion all specified extras together. (#3198)
Fix the detection of the user’s current platform on OSX when determining theOSX SDK version. (#3232)
Prevent the automatically built wheels from mistakenly being used acrossmultiple versions of Python when they may not be correctly configured forthat by making the wheel specific to a specific version of Python andspecific interpreter. (#3225)
Emulate the SOABI support in wheels from Python 2.x on Python 2.x as closelyas we can with the information available within the interpreter. (#3075)
Don’t roundtrip to the network when git is pinned to a specific commit hashand that hash already exists locally. (#3066)
Prefer wheels built against a newer SDK to wheels built against an older SDKon OSX. (#3163)
Show entry points for projects installed via wheel. (#3122)
Improve message when an unexisting path is passed to --find-links option.(#2968)
pip freeze does not add the VCS branch/tag name in the #egg=… fragmentanymore. (#3312)
Warn on installation of editable if the provided #egg=name part does notmatch the metadata produced bysetup.py egg_info. (#3143)
Add support for .xz files for python versions supporting them (>= 3.3). (#722)
Don’t raise an error if pip is not installed when checking for the latest pipversion.
Check that the wheel cache directory is writable before we attempt to writecached files to them.
Move the pip version check untilafter any installs have been performed,thus removing the extraneous warning when upgrading pip.
Added debug logging when using a cached wheel.
Respect platlib by default on platforms that have it separated from purelib.
Upgrade packaging to 15.3.- Normalize post-release spellings for rev/r prefixes.
Upgrade distlib to 0.2.1.- Updated launchers to decode shebangs using UTF-8. This allows non-ASCIIpathnames to be correctly handled.- Ensured that the executable written to shebangs is normcased.- Changed ScriptMaker to work better under Jython.
Upgrade ipaddress to 1.0.13.
Allow constraining versions globally without having to know exactly what willbe installed by the pip command. (#2731)
Accept --no-binary and --only-binary via pip.conf. (#2867)
Allow--allow-all-external within a requirements file.
Fixed an issue where--user could not be used when--prefix was usedin a distutils configuration file.
Fixed an issue where the SOABI tags were not correctly being generated onPython 3.5.
Fixed an issue where we were advising windows users to upgrade by directlyexecuting pip, when that would always fail on Windows.
Allow~ to be expanded within a cache directory in all situations.
Fixed a regression where--no-cache-dir would raise an exception. (#2855)
BACKWARD INCOMPATIBLE Revert the change (released in v7.0.0) thatrequired quoting in requirements files around specifiers containingenvironment markers. (#2841)
BACKWARD INCOMPATIBLE Revert the accidental introduction of support foroptions interleaved with requirements, version specifiers etc inrequirements files. (#2841)
Expand~ in the cache directory when caching wheels. (#2816)
Usepython-mpip instead ofpip when recommending an upgrade commandto Windows users.
Don’t build and cache wheels for non-editable installations from VCSs.
Allow--allow-all-external inside of a requirements.txt file, fixing aregression in 7.0.
BACKWARD INCOMPATIBLE Removed the deprecated--mirror,--use-mirrors, and-M options.
BACKWARD INCOMPATIBLE Removed the deprecatedzip andunzipcommands.
BACKWARD INCOMPATIBLE Removed the deprecated--no-install and--no-download options.
BACKWARD INCOMPATIBLE No longer implicitly support an insecure originorigin, and instead require insecure origins be explicitly trusted with the--trusted-host option.
BACKWARD INCOMPATIBLE Removed the deprecated link scraping that attemptedto parse HTML comments for a specially formatted comment.
BACKWARD INCOMPATIBLE Requirements in requirements files containingmarkers must now be quoted due to parser changes. For example, use"SomeProject;python_version<'2.7'", not simplySomeProject;python_version<'2.7' (#2697, #2725)
get-pip.py now installs the “wheel” package, when it’s not alreadyinstalled. (#2800)
Ignores bz2 archives if Python wasn’t compiled with bz2 support. (#497)
Support--install-option and--global-option per requirement inrequirement files. (#2537)
Build Wheels prior to installing from sdist, caching them in the pip cachedirectory to speed up subsequent installs. (#2618)
Allow fine grained control over the use of wheels and source builds. (#2699)
--no-use-wheel and--use-wheel are deprecated in favour of newoptions--no-binary and--only-binary. The equivalent of--no-use-wheel is--no-binary=:all:. (#2699)
The use of--install-option,--global-option or--build-optiondisable the use of wheels, and the autobuilding of wheels. (#2711, #2677)
Improve logging when a requirement marker doesn’t match your environment.(#2735)
Removed the temporary modifications (that began in pip v1.4 when distributeand setuptools merged) that allowed distribute to be considered a conflict tosetuptools.pipinstall-Usetuptools will no longer upgrade “distribute”to “setuptools”. Instead, usepipinstall-Udistribute. (#2767)
Only display a warning to upgrade pip when the newest version is a finalrelease and it is not a post release of the version we already haveinstalled. (#2766)
Display a warning when attempting to access a repository that uses HTTPS whenwe don’t have Python compiled with SSL support. (#2761)
Allowing using extras when installing from a file path without requiring theuse of an editable. (#2785)
Fix an infinite loop when the cache directory is stored on a file systemwhich does not support hard links. (#2796)
Remove the implicit debug log that was written on every invocation, insteadusers will need to use--log if they wish to have one. (#2798)
No longer ignore dependencies which have been added to the standard library,instead continue to install them.
Fixes upgrades failing when no potential links were found for dependenciesother than the current installation. (#2538, #2502)
Use a smoother progress bar when the terminal is capable of handling it,otherwise fallback to the original ASCII based progress bar.
Display much less output whenpip install succeeds, because on success,users probably don’t care about all the nitty gritty details of compiling andinstalling. Whenpip install fails, display the failed install output onceinstead of twice, because once is enough. (#2487)
Upgrade the bundled copy of requests to 2.6.0, fixing CVE-2015-2296.
Display format of latest package when usingpiplist--outdated. (#2475)
Don’t use pywin32 as ctypes should always be available on Windows, usingpywin32 prevented uninstallation of pywin32 on Windows. (#2467)
Normalize the--wheel-dir option, expanding out constructs such as~when used. (#2441)
Display a warning when an undefined extra has been requested. (#2142)
Speed up installing a directory in certain cases by creating a sdist insteadof copying the entire directory. (#2535)
Don’t follow symlinks when uninstalling files (#2552)
Upgrade the bundled copy of cachecontrol from 0.11.1 to 0.11.2. (#2481, #2595)
Attempt to more smartly choose the order of installation to try and installdependencies before the projects that depend on them. (#2616)
Skip trying to install libraries which are part of the standard library.(#2636, #2602)
Support arch specific wheels that are not tied to a specific Python ABI.(#2561)
Output warnings and errors to stderr instead of stdout. (#2543)
Adjust the cache dir file checks to only check ownership if the effectiveuser is root. (#2396)
Install headers into a per project name directory instead of all of them intothe root directory when inside of a virtual environment. (#2421)
Fix an issue where the--download flag would cause pip to no longer userandomized build directories.
Fix an issue where pip did not properly unquote quoted URLs which containcharacters like PEP 440’s epoch separator (!).
Fix an issue where distutils installed projects were not actually uninstalledand deprecate attempting to uninstall them altogether.
Retry deleting directories in case a process like an antivirus is holding thedirectory open temporarily.
Fix an issue where pip would hide the cursor on Windows but would not reshowit.
Fix a regression where Numpy requires a build path without symlinks toproperly build.
Fix a broken log message when runningpipwheel without a requirement.
Don’t mask network errors while downloading the file as a hash failure.
Properly create the state file for the pip version check so it only happensonce a week.
Fix an issue where switching between Python 3 and Python 2 would evict cacheditems.
Fix a regression where pip would be unable to successfully uninstall aproject without a normalized version.
Continue the regression fix from 6.0.5 which was not a complete fix.
Fix a regression with 6.0.4 under Windows where most commands would raise anexception due to Windows not having theos.geteuid() function.
Fix an issue where ANSI escape codes would be used on Windows even though theWindows shell does not support them, causing odd characters to appear withthe progress bar.
Fix an issue where using -v would cause an exception sayingTypeError:notallargumentsconvertedduringstringformatting.
Fix an issue where using -v with dependency links would cause an exceptionsayingTypeError:'InstallationCandidate'objectisnotiterable.
Fix an issue where upgrading distribute would cause an exception sayingTypeError:expectedstringorbuffer.
Show a warning and disable the use of the cache directory when the cachedirectory is not owned by the current user, commonly caused by usingsudowithout the-H flag.
Update PEP 440 support to handle the latest changes to PEP 440, particularlythe changes to>V and<V so that they no longer imply!=V.*.
Document the default cache directories for each operating system.
Create the cache directory when the pip version check needs to save to itinstead of silently logging an error.
Fix a regression where the-q flag would not properly suppress thedisplay of the progress bars.
Fix an issue where the implicit version check new in pip 6.0 could cause pipto block for up to 75 seconds if PyPI was not accessible.
Make--no-index imply--disable-pip-version-check.
Fix an issue where the output saying that a package was installed wouldreport the old version instead of the new version during an upgrade.
Fix left over merge conflict markers in the documentation.
Document the backwards incompatible PEP 440 change in the 6.0.0 changelog.
Fix executable file permissions for Wheel files when using the distutilsscripts option.
Fix a confusing error message when an exceptions was raised at certainpoints in pip’s execution.
Fix the missing list of versions when a version cannot be found that matchesthe specifiers.
Add a warning about the possibly problematic use of > when the givenspecifier doesn’t match anything.
Fix an issue where installing from a directory would not copy over certaindirectories which were being excluded, however some build systems rely onthem.
PROCESS Version numbers are now simplyX.Y where the leading1has been dropped.
BACKWARD INCOMPATIBLE Dropped support for Python 3.1.
BACKWARD INCOMPATIBLE Removed the bundle support which was deprecated in1.4. (#1806)
BACKWARD INCOMPATIBLE File lists generated bypip show -f are nowrooted at the location reported by show, rather than one (unstated)directory lower. (#1933)
BACKWARD INCOMPATIBLE The ability to install files over the FTP protocolwas accidentally lost in pip 1.5 and it has now been decided to not restorethat ability.
BACKWARD INCOMPATIBLE PEP 440 is now fully implemented, this means thatin some cases versions will sort differently or version specifiers will beinterpreted differently than previously. The common cases should all functionsimilarly to before.
DEPRECATIONpipinstall--download-cache andpipwheel--download-cache command line flags have been deprecated andthe functionality removed. Since pip now automatically configures and usesit’s internal HTTP cache which supplants the--download-cache theexisting options have been made non functional but will still be accepteduntil their removal in pip v8.0. For more information please seehttps://pip.pypa.io/en/stable/reference/pip_install.html#caching
DEPRECATIONpipinstall--build andpipinstall--no-clean are nowNOT deprecated. This reverses the deprecation that occurred in v1.5.3.(#906)
DEPRECATION Implicitly accessing URLs which point to an origin which isnot a secure origin, instead requiring an opt-in for each host using the new--trusted-host flag (pipinstall--trusted-hostexample.comfoo).
Allow the new--trusted-host flag to also disable TLS verification fora particular hostname.
Added a--user flag topipfreeze andpiplist to check theuser site directory only.
Silence byte compile errors when installation succeed. (#1873)
Added a virtualenv-specific configuration file. (#1364)
Added site-wide configuration files. (1978)
Added an automatic check to warn if there is an updated version of pipavailable. (#2049)
wsgiref andargparse (for >py26) are now excluded frompip list andpip freeze. (#1606, #1369)
Add--client-cert option for SSL client certificates. (#1424)
pip show --files was broken for wheel installs. (#1635, #1484)
install_lib should take precedence when reading distutils config.(#1642, #1641)
SendAccept-Encoding: identity when downloading files in an attempt toconvince some servers who double compress the downloaded file to stop doingso. (#1688)
Stop breaking when given pip commands in uppercase (#1559, #1725)
pip no longer adds duplicate logging consumers, so it won’t create duplicateoutput when being called multiple times. (#1618, #1723)
pip wheel now returns an error code if any wheels fail to build. (#1769)
pip wheel wasn’t building wheels for dependencies of editable requirements.(#1775)
Allow the use of--no-use-wheel within a requirements file. (#1859)
Attempt to locate system TLS certificates to use instead of the includedCA Bundle if possible. (#1680, #1866)
Allow use of Zip64 extension in Wheels and other zip files. (#1319, #1868)
Properly handle an index or --find-links target which has a <base> without ahref attribute. (#1101, #1869)
Properly handle extras when a project is installed via Wheel. (#1885, #1896)
Added support to respect proxies inpipsearch.(#1180, #932, #1104, #1902)
pip install --download works with vcs links. (#798, #1060, #1926)
Disabled warning about insecure index host when using localhost. Based off ofGuy Rozendorn’s work in #1718. (#1456, #1967)
Allow the use of OS standard user configuration files instead of ones simplybased around$HOME. (#2021)
When installing directly from wheel paths or urls, previous versions were notuninstalled. (#1825, #804, #1838)
Detect the location of the.egg-info directory by looking for any filelocated inside of it instead of relying on the record file listing adirectory. (#2075, #2076)
Use a randomized and secure default build directory when possible.(#1964, #1935, #676, #2122, CVE-2014-8991)
Support environment markers in requirements.txt files. (#1433, #2134)
Automatically retry failed HTTP requests by default. (#1444, #2147)
Handle HTML Encoding better using a method that is more similar to howbrowsers handle it. (#1100, #1874)
Reduce the verbosity of the pip command by default. (#2175, #2177, #2178)
Fixed#2031 - Respect sys.executable on OSX when installing fromWheels.
Display the entire URL of the file that is being downloaded when downloadingfrom a non PyPI repository. (#2183)
Support setuptools style environment markers in a source distribution. (#2153)
Upgrade requests to 2.3.0 to fix an issue with proxies on Python 3.4.1.(#1821)
Uninstall issues on debianized pypy, specifically issues with setuptoolsupgrades. (#1632, #1743)
Update documentation to point athttps://bootstrap.pypa.io/get-pip.py forbootstrapping pip.
Update docs to point tohttps://pip.pypa.io/
Upgrade the bundled projects (distlib==0.1.8, html5lib==1.0b3, six==1.6.1,colorama==0.3.1, setuptools==3.4.4).
Correct deprecation warning forpipinstall--build to only notify whenthe--build value is different than the default.
DEPRECATIONpipinstall--build andpipinstall--no-clean are nowdeprecated. (#906)
Fixed being unable to download directly from wheel paths/urls, and when wheeldownloads did occur using requirement specifiers, dependencies weren’tdownloaded. (#1112, #1527)
pipwheel was not downloading wheels that already existed. (#1320, #1524)
pipinstall--download was failing using local--find-links.(#1111, #1524)
Workaround for Python bughttps://bugs.python.org/issue20053. (#1544)
Don’t pass a unicode __file__ to setup.py on Python 2.x. (#1583)
Verify that the Wheel version is compatible with this pip. (#1569)
Upgraded the vendoredpkg_resources and_markerlib to setuptools 2.1.
Fixed an error that prevented accessing PyPI when pyopenssl, ndg-httpsclient,and pyasn1 are installed.
Fixed an issue that caused trailing comments to be incorrectly included aspart of the URL in a requirements file.
pip now only requires setuptools (any setuptools, not a certain version) wheninstalling distributions from src (i.e. not from wheel). (#1434)
get-pip.py now installs setuptools, when it’s not already installed. (#1475)
Don’t decode downloaded files that have aContent-Encoding header. (#1435)
Fix to correctly parse wheel filenames with single digit versions. (#1445)
If--allow-unverified is used assume it also means--allow-external.(#1457)
BACKWARD INCOMPATIBLE pip no longer supports the--use-mirrors,-M, and--mirrors flags. The mirroring support has been removed. Inorder to use a mirror specify it as the primary index with-i or--index-url, or as an additional index with--extra-index-url.(#1098, CVE-2013-5123)
BACKWARD INCOMPATIBLE pip no longer will scrape insecure external urls bydefault nor will it install externally hosted files by default. Users may optinto installing externally hosted or insecure files or urls using--allow-externalPROJECT and--allow-unverifiedPROJECT. (#1055)
BACKWARD INCOMPATIBLE pip no longer respects dependency links by default.Users may opt into respecting them again using--process-dependency-links.
DEPRECATIONpipinstall--no-install andpipinstall--no-download are now formally deprecated. See #906 for discussion onpossible alternatives, or lack thereof, in future releases.
DEPRECATIONpipzip andpipunzip are now formally deprecated.
pip will now install Mac OSX platform wheels from PyPI. (#1278)
pip now generates the appropriate platform-specific console scripts wheninstalling wheels. (#1251)
pip now confirms a wheel is supported when installing directly from a path orurl. (#1315)
--ignore-installed now behaves again as designed, after it wasunintentionally broke in v0.8.3 when fixing #14. (#1097, #1352)
Fixed a bug where global scripts were being removed when uninstalling --userinstalled packages. (#1353)
--user wasn’t being respected when installing scripts from wheels.(#1163, #1176)
Assume ‘_’ means ‘-’ in versions from wheel filenames. (#1150, #1158)
Error when using --log with a failed install. (#219, #1205)
Fixed logging being buffered and choppy in Python 3. (#1131)
Don’t ignore --timeout. (#70, #1202)
Fixed an error when setting PIP_EXISTS_ACTION. (#772, #1201)
Added colors to the logging output in order to draw attention to importantwarnings and errors. (#1109)
Added warnings when using an insecure index, find-link, or dependency link.(#1121)
Added support for installing packages from a subdirectory using thesubdirectory editable option. (#1082)
Fixed “TypeError: bad operand type for unary” in some cases when installingwheels using --find-links. (#1192, #1218)
Archive contents are now written based on system defaults and umask (i.e.permissions are not preserved), except that regular files with any executepermissions have the equivalent of “chmod +x” applied after being written.(#1133, #317, #1146)
PreviousBuildDirError now returns a non-zero exit code and prevents theprevious build dir from being cleaned in all cases. (#1162)
Renamed --allow-insecure to --allow-unverified, however the old name willcontinue to work for a period of time. (#1257)
Fixed an error when installing local projects with symlinks in Python 3.(#1006, #1311)
The previously hidden--log-file option, is now shown as a general option.(#1316)
New Signing Key Release 1.4.1 is using a different key than normal withfingerprint: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Fixed issues with installing from pybundle files. (#1116)
Fixed error when sysconfig module throws an exception. (#1095)
Don’t ignore already installed pre-releases. (#1076)
Fixes related to upgrading setuptools. (#1092)
Fixes so that --download works with wheel archives. (#1113)
Fixes related to recognizing and cleaning global build dirs. (#1080)
BACKWARD INCOMPATIBLE pip now only installs stable versions by default,and offers a new--pre option to also find pre-release and developmentversions. (#834)
BACKWARD INCOMPATIBLE Dropped support for Python 2.5. The minimumsupported Python version for pip 1.4 is Python 2.6.
Added support for installing and building wheel archives. Thanks Daniel Holth,Marcus Smith, Paul Moore, and Michele Lacchia (#845)
Applied security patch to pip’s ssl support related to certificate DNSwildcard matching (https://bugs.python.org/issue17980).
To satisfy pip’s setuptools requirement, pip now recommends setuptools>=0.8,not distribute. setuptools and distribute are now merged into one projectcalled ‘setuptools’. (#1003)
pip will now warn when installing a file that is either hosted externally tothe index or cannot be verified with a hash. In the future pip will defaultto not installing them and will require the flags --allow-external NAME, and--allow-insecure NAME respectively. (#985)
If an already-downloaded or cached file has a bad hash, re-download it ratherthan erroring out. (#963)
pipbundle and support for installing from pybundle files is nowconsidered deprecated and will be removed in pip v1.5.
Fix a number of issues related to cleaning up and not reusing builddirectories. (#413, #709, #634, #602, #939, #865, #948)
Added a User Agent so that pip is identifiable in logs. (#901)
Added ssl and --user support to get-pip.py. Thanks Gabriel de Perthuis.(#895)
Fixed the proxy support, which was broken in pip 1.3.x (#840)
Fixed pip failing when server does not send content-type header. ThanksHugo Lopes Tavares and Kelsey Hightower. (#32, #872)
“Vendorized” distlib as pip.vendor.distlib (https://distlib.readthedocs.io/).
Fixed git VCS backend with git 1.8.3. (#967)
Fixed a major backward incompatible change of parsing URLs to externallyhosted packages that got accidentally included in 1.3.
SSL Cert Verification; Make https the default for PyPI access. ThanksJames Cleveland, Giovanni Bajo, Marcus Smith and many others.(#791, CVE-2013-1629)
Added “pip list” for listing installed packages and the latest versionavailable. Thanks Rafael Caricio, Miguel Araujo, Dmitry Gladkov. (#752)
Fixed security issues with pip’s use of temp build directories.Thanks David (d1b) and Thomas Guttler. (#780, CVE-2013-1888)
Improvements to sphinx docs and cli help. (#773)
Fixed an issue dealing with macOS temp dir handling, which was causing globalNumPy installs to fail. (#707, #768)
Split help output into general vs command-specific option groups.Thanks Georgi Valkov. (#744, #721)
Fixed dependency resolution when installing from archives with uppercaseproject names. (#724)
Fixed problem where re-installs always occurred when usingfile:// find-links.(#683, #702)
“pip install -v” now shows the full download url, not just the archive name.Thanks Marc Abramowitz (#687)
Fix to prevent unnecessary PyPI redirects. Thanks Alex Gronholm (#695)
Fixed an install failure under Python 3 when the same version of a package isfound under 2 different URLs. Thanks Paul Moore (#670, #671)
Fix git submodule recursive updates. Thanks Roey Berman. (#674)
Explicitly ignore rel=’download’ links while looking for html pages. ThanksMaxime R. (#677)
--user/--upgrade install options now work together. Thanks ‘eevee’ fordiscovering the problem. (#705)
Added check ininstall--download to prevent re-downloading if the targetfile already exists. Thanks Andrey Bulgakov. (#669)
Added support for bare paths (including relative paths) as argument to--find-links. Thanks Paul Moore for draft patch.
Added support for --no-index in requirements files.
Added “pip show” command to get information about an installed package.Thanks Kelsey Hightower and Rafael Caricio. (#131)
Added--root option for “pip install” to specify root directory. Behaveslike the same option in distutils but also plays nice with pip’s egg-info.Thanks Przemek Wrzos. (#253, #693)
Fixed a regression introduced in 1.2 about raising an exception whennot finding any files to uninstall in the current environment. Thanks forthe fix, Marcus Smith.
Dropped support for Python 2.4 The minimum supported Python version isnow Python 2.5.
Fixed PyPI mirror support being broken on some DNS responses. Thanksphilwhin. (#605)
Fixed pip uninstall removing files it didn’t install. Thanks pjdelport.(#355)
Fixed a number of issues related to improving support for the userinstallation scheme. Thanks Marcus Smith. (#493, #494, #440, #573)
Write failure log to temp file if default location is not writable. Thanksandreigc.
Pull in submodules for git editable checkouts. Thanks Hsiaoming Yang andMarkus Hametner. (#289, #421)
Use a temporary directory as the default build location outside of avirtualenv. Thanks Ben Rosser. (#339, #381)
Added support for specifying extras with local editables. Thanks NickStenning.
Added--egg flag to request egg-style rather than flat installation.Thanks Kamal Bin Mustafa. (#3)
Prevent e.g.gmpy2-2.0.tar.gz from matching a request topipinstallgmpy; sdist filename must begin with full project namefollowed by a dash. Thanks casevh for the report. (#510)
Allow package URLS to have querystrings. Thanks W. Trevor King. (#504)
pip freeze now falls back to non-editable format rather than blowing up if itcan’t determine the origin repository of an editable. Thanks Rory McCann.(#58)
Added a__main__.py file to enablepython -m pip on Python versionsthat support it. Thanks Alexey Luchko.
Fixed upgrading from VCS url of project that does exist on index. ThanksAndrew Knapp for the report. (#487)
Fix upgrade from VCS url of project with no distribution on index.Thanks Andrew Knapp for the report. (#486)
Add a clearer error message on a malformed VCS url. Thanks Thomas Fenzl.(#427)
Added support for using any of the built in guaranteed algorithms inhashlib as a checksum hash.
Raise an exception if current working directory can’t be found or accessed.(#321)
Removed special casing of the user directory and use the Python defaultinstead. (#82)
Only warn about version conflicts if there is actually one. This re-enablesusing==dev in requirements files. (#436)
Moved tests to be run on Travis CI:https://travis-ci.org/pypa/pip
Added a better help formatter.
Don’t crash when a package’s setup.py emits UTF-8 and then fails. ThanksMarc Abramowitz. (#326)
Added--target option for installing directly to arbitrary directory.Thanks Stavros Korokithakis.
Added support for authentication with Subversion repositories. ThanksQiangning Hong.
--download now downloads dependencies as well. Thanks Qiangning Hong.(#315)
Errors from subprocesses will display the current working directory.Thanks Antti Kaihola.
Fixed compatibility with Subversion 1.7. Thanks Qiangning Hong. Note thatsetuptools remains incompatible with Subversion 1.7; to get the benefits ofpip’s support you must use Distribute rather than setuptools. (#369)
Ignore py2app-generated macOS mpkg zip files in finder. Thanks Rene Dudfield.(#57)
Log to ~/Library/Logs/ by default on macOS framework installs. ThanksDan Callahan for report and patch. (#182)
Understand version tags without minor version (“py3”) in sdist filenames.Thanks Stuart Andrews for report and Olivier Girardot for patch. (#310)
pip now supports optionally installing setuptools “extras” dependencies; e.g.“pip install Paste[openid]”. Thanks Matt Maker and Olivier Girardot. (#7)
freeze no longer borks on requirements files with --index-url or --find-links.Thanks Herbert Pfennig. (#391)
Handle symlinks properly. Thanks lebedov for the patch. (#288)
pip install -U no longer reinstalls the same versions of packages. Thanksiguananaut for the pull request. (#49)
Removed-E/--environment option andPIP_RESPECT_VIRTUALENV;both use a restart-in-venv mechanism that’s broken, and neither one isuseful since every virtualenv now has pip inside it. Replacepip-Epath/to/venvinstallFoo withvirtualenvpath/to/venv&&path/to/venv/pipinstallFoo.
Fixed pip throwing an IndexError when it callsscraped_rel_links. (#366)
pip search should set and return a useful shell status code. (#22)
Added global--exists-action command line option to easier script fileexists conflicts, e.g. from editable requirements from VCS that have achanged repo URL. (#351, #365)
Fixed docs issues.
Reinstall a package when using theinstall-I option. (#295)
Finds a Git tag pointing to same commit as origin/master. (#283)
Use absolute path for path to docs in setup.py. (#279)
Correctly handle exceptions on Python3. (#314)
Correctly parse--editable lines in requirements files. (#320)
Start to use git-flow.
find_command should not raise AttributeError. (#274)
Respect Content-Disposition header. Thanks Bradley Ayers. (#273)
pathext handling on Windows. (#233)
svn+svn protocol. (#252)
multiple CLI searches. (#44)
Current working directory when running setup.py clean. (#266)
Added Python 3 support! Huge thanks to Vinay Sajip, Vitaly Babiy, KelseyHightower, and Alex Gronholm, among others.
Download progress only shown on a real TTY. Thanks Alex Morega.
Fixed finding of VCS binaries to not be fooled by same-named directories.Thanks Alex Morega.
Fixed uninstall of packages from system Python for users of Debian/Ubuntupython-setuptools package (workaround until fixed in Debian and Ubuntu).
Addedget-pip.pyinstaller. Simply download and execute it, using the Python interpreter ofyour choice:
$ curl -O https://raw.github.com/pypa/pip/master/contrib/get-pip.py$ python get-pip.py
This may have to be run as root.
Note
Make sure you havedistributeinstalled before using the installer!
Moved main repository to GitHub:https://github.com/pypa/pip
Transferred primary maintenance from Ian to Jannis Leidel, Carl Meyer,Brian Rosner
Fixed no uninstall-on-upgrade with URL package. Thanks Oliver Tonnhofer.(#14)
Fixed egg name not properly resolving. Thanks Igor Sobreira. (#163)
Fixed Non-alphabetical installation of requirements. Thanks Igor Sobreira.(#178)
Fixed documentation mentions --index instead of --index-url. ThanksKelsey Hightower (#199)
rmtree undefined in mercurial.py. Thanks Kelsey Hightower. (#204)
Fixed bug in Git vcs backend that would break during reinstallation.
Fixed bug in Mercurial vcs backend related to pip freeze and branch/tagresolution.
Fixed bug in version string parsing related to the suffix “-dev”.
Avoid redundant unpacking of bundles (from pwaller)
Fixed checking out the correct tag/branch/commit when updating an editableGit requirement. (#32, #150, #161)
Added ability to install version control requirements without making themeditable, e.g.:
pipinstallgit+https://github.com/pypa/pip/
(#49)
Correctly locate build and source directory on macOS. (#175)
Addedgit+https:// scheme to Git VCS backend.
Added global --user flag as shortcut for --install-option=”--user”. FromRonny Pfannschmidt.
Added support forPyPI mirrors asdefined inPEP 381, fromJannis Leidel.
Fixed git revisions being ignored. Thanks John-Scott Atlakson. (#138)
Fixed initial editable install of github package from a tag failing. ThanksJohn-Scott Atlakson. (#95)
Fixed installing if a directory in cwd has the same name as the packageyou’re installing. (#107)
--install-option=”--prefix=~/.local” ignored with -e. ThanksRonny Pfannschmidt and Wil Tan. (#39)
Track whichbuild/ directories pip creates, never remove directoriesit doesn’t create. From Hugo Lopes Tavares.
pip now acceptsfile:// index URLs. Thanks Dave Abrahams.
Various cleanup to make test-running more consistent and less fragile.Thanks Dave Abrahams.
Real Windows support (with passing tests). Thanks Dave Abrahams.
pip-2.7 etc. scripts are created (Python-version specific scripts)
contrib/build-standalone script creates a runnable.zip form ofpip, from Jannis Leidel
Editable git repos are updated when reinstalled
Fix problem with--editable when multiple.egg-info/ directoriesare found.
A number of VCS-related fixes forpipfreeze, from Hugo Lopes Tavares.
Significant test framework changes, from Hugo Lopes Tavares.
Set zip_safe=False to avoid problems some people are encountering wherepip is installed as a zip file.
Fixed opening of logfile with no directory name. Thanks Alexandre Conrad.
Temporary files are consistently cleaned up, especially afterinstalling bundles, also from Alex Conrad.
Tests now require at least ScriptTest 1.0.3.
Fixed uninstallation on Windows
Addedpipsearch command.
Tab-complete names of installed distributions forpipuninstall.
Support tab-completion when there is a global-option before thesubcommand.
Install header files in standard (scheme-default) location when installingoutside a virtualenv. Install them to a slightly more consistentnon-standard location inside a virtualenv (since the standard location isa non-writable symlink to the global location).
pip now logs to a central location by default (instead of creatingpip-log.txt all over the place) and constantly overwrites thefile in question. On Unix and macOS this is'$HOME/.pip/pip.log'and on Windows it’s'%HOME%\\pip\\pip.log'. You are still able tooverride this location with the$PIP_LOG_FILE environment variable.For a complete (appended) logfile use the separate'--log' command lineoption.
Fixed an issue with Git that left an editable package as a checkout of aremote branch, even if the default behaviour would have been fine, too.
Fixed installing from a Git tag with older versions of Git.
Expand “~” in logfile and download cache paths.
Speed up installing from Mercurial repositories by cloning withoutupdating the working copy multiple times.
Fixed installing directly from directories (e.g.pipinstallpath/to/dir/).
Fixed installing editable packages withsvn+ssh URLs.
Don’t print unwanted debug information when running the freeze command.
Create log file directory automatically. Thanks Alexandre Conrad.
Make test suite easier to run successfully. Thanks Dave Abrahams.
Fixed “pip install .” and “pip install ..”; better error for directorywithout setup.py. Thanks Alexandre Conrad.
Support Debian/Ubuntu “dist-packages” in zip command. Thanks duckx.
Fix relative --src folder. Thanks Simon Cross.
Handle missing VCS with an error message. Thanks Alexandre Conrad.
Added --no-download option to install; pairs with --no-install to separatedownload and installation into two steps. Thanks Simon Cross.
Fix uninstalling from requirements file containing -f, -i, or--extra-index-url.
Leftover build directories are now removed. Thanks Alexandre Conrad.
Fixed import error on Windows with regard to the backwards compatibilitypackage
Fixed uninstall when /tmp is on a different filesystem.
Fixed uninstallation of distributions with namespace packages.
Added support for thehttps andhttp-static schemes to theMercurial andftp scheme to the Bazaar backend.
Fixed uninstallation of scripts installed with easy_install.
Fixed an issue in the package finder that could result in aninfinite loop while looking for links.
Fixed issue withpipbundle and local files (which weren’t beingcopied into the bundle), from Whit Morriss.
Addpipuninstall and uninstall-before upgrade (from Carl Meyer).
Extended configurability with config files and environment variables.
Allow packages to be upgraded, e.g.,pipinstallPackage==0.1thenpipinstallPackage==0.2.
Allow installing/upgrading to Package==dev (fix “Source version does notmatch target version” errors).
Added command and option completion for bash and zsh.
Extended integration with virtualenv by providing an option toautomatically use an active virtualenv and an option to warn if no activevirtualenv is found.
Fixed a bug with pip install --download and editable packages, wheredirectories were being set with 0000 permissions, now defaults to 755.
Fixed uninstallation of easy_installed console_scripts.
Fixed uninstallation on macOS Framework layout installs
Fixed bug preventing uninstall of editables with source outside venv.
Creates download cache directory if not existing.
Fixed a couple little bugs, with git and with extensions.
Added ability to override the default log file name (pip-log.txt)with the environmental variable$PIP_LOG_FILE.
Made the freeze command print installed packages to stdout instead ofwriting them to a file. Use simple redirection (e.g.pipfreeze>stable-req.txt) to get a file with requirements.
Fixed problem with freezing editable packages from a Git repository.
Added support for base URLs using<basehref='...'> when parsingHTML pages.
Fixed installing of non-editable packages from version control systems.
Fixed issue with Bazaar’s bzr+ssh scheme.
Added --download-dir option to the install command to retrieve packagearchives. If given an editable package it will create an archive of it.
Added ability to pass local file and directory paths to--find-links,e.g.--find-links=file:///path/to/my/private/archive
Reduced the amount of console log messages when fetching a page to find adistribution was problematic. The full messages can be found in pip-log.txt.
Added--no-deps option to install ignore package dependencies
Added--no-index option to ignore the package index (PyPI) temporarily
Fixed installing editable packages from Git branches.
Fixes freezing of editable packages from Mercurial repositories.
Fixed handling read-only attributes of build files, e.g. of Subversion andBazaar on Windows.
When downloading a file from a redirect, use the redirectedlocation’s extension to guess the compression (happens specificallywhen redirecting to a bitbucket.org tip.gz file).
Editable freeze URLs now always use revision hash/id rather than tip orbranch names which could move.
Fixed comparison of repo URLs so incidental differences such aspresence/absence of final slashes or quoted/unquoted specialcharacters don’t trigger “ignore/switch/wipe/backup” choice.
Fixed handling of attempt to checkout editable install to anon-empty, non-repo directory.
Make-e work better with local hg repositories
Construct PyPI URLs the exact way easy_install constructs URLs (youmight notice this if you use a custom index that isslash-sensitive).
Improvements on Windows (fromIonel Maries Cristian).
Fixed problem with not being able to install private git repositories.
Makepipzip zip all its arguments, not just the first.
Fix some filename issues on Windows.
Allow the-i and--extra-index-url options in requirementsfiles.
Fix the way bundle components are unpacked and moved around, to makebundles work.
Adds-s option to allow the access to the global site-packages if avirtualenv is to be created.
Fixed support for Subversion 1.6.
Improved virtualenv restart and various path/cleanup problems on win32.
Fixed a regression with installing from svn repositories (when notusing-e).
Fixes when installing editable packages that put their source in asubdirectory (likesrc/).
Improvepip-h
Added support for editable packages created from Git, Mercurial and Bazaarrepositories and ability to freeze them. Refactored support for versioncontrol systems.
Do not usesys.exit() from inside the code, instead use areturn. This will make it easier to invoke programmatically.
Put the install record inPackage.egg-info/installed-files.txt(previously they went insite-packages/install-record-Package.txt).
Fix a problem withpipfreeze not including-esvn+ when ansvn structure is peculiar.
Allowpip-E to work with a virtualenv that uses a differentversion of Python than the parent environment.
Fixed Win32 virtualenv (-E) option.
Search the links passed in with-f for packages.
Detect zip files, even when the file doesn’t have a.zipextension and it is served with the wrong Content-Type.
Installing editable from existing source now works, likepipinstall-esome/path/ will install the package insome/path/.Most importantly, anything that package requires will also beinstalled by pip.
Add a--path option topipun/zip, so you can avoid zippingfiles that are outside of where you expect.
Add--simulate option topipzip.
Fixed small problem that prevented usingpip.py without actuallyinstalling pip.
Fixed--upgrade, which would download and appear to installupgraded packages, but actually just reinstall the existing package.
Fixed Windows problem with putting the install record in the rightplace, and generating thepip script with Setuptools.
Download links that include embedded spaces or other unsafecharacters (those characters get %-encoded).
Fixed use of URLs in requirement files, and problems with some blanklines.
Turn some tar file errors into warnings.
Renamed topip, and to install you now dopipinstallPACKAGE
Added commandpipzipPACKAGE andpipunzipPACKAGE. Thisis particularly intended for Google App Engine to manage librariesto stay under the 1000-file limit.
Some fixes to bundles, especially editable packages and whencreating a bundle using unnamed packages (like just an svnrepository without#egg=Package).
Added an option--install-option to pass options to passarguments tosetup.pyinstall
.svn/ directories are no longer included in bundles, as thesedirectories are specific to a version of svn -- if you build abundle on a system with svn 1.5, you can’t use the checkout on asystem with svn 1.4. Instead a filesvn-checkout.txt isincluded that notes the original location and revision, and thecommand you can use to turn it back into an svn checkout. (Probablyunpacking the bundle should, maybe optionally, recreate thisinformation -- but that is not currently implemented, and it wouldrequire network access.)
Avoid ambiguities over project name case, where for instanceMyPackage and mypackage would be considered different packages.This in particular caused problems on Macs, whereMyPackage/ andmypackage/ are the same directory.
Added support for an environmental variable$PIP_DOWNLOAD_CACHE which will cache package downloads, sofuture installations won’t require large downloads. Network accessis still required, but just some downloads will be avoided whenusing this.
Always usesvncheckout (notexport) so thattag_svn_revision settings give the revision of the package.
Don’t update checkouts that came from.pybundle files.
Improve error text when there are errors fetching HTML pages whenseeking packages.
Improve bundles: include empty directories, make them work witheditable packages.
If you use-Eenv and the environmentenv/ doesn’t exist, anew virtual environment will be created.
Fixdependency_links for finding packages.
Fixed a NameError exception when running pip outside of a virtualenvenvironment.
Added HTTP proxy support (from Prabhu Ramachandran)
Fixed use ofhashlib.md5 on python2.5+ (also from Prabhu Ramachandran)
Initial release