Support Direct URL editable requirements #13495
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ichard26
force-pushed
the
feat/direct-editables
branch
from
4164131 to
47e7040
Compare
ichard26
commented
Jul 20, 2025
ichard26
force-pushed
the
feat/direct-editables
branch
from
47e7040 to
fcae387
Compare
|
Ugh, why is everything filled with so many exceptions and undocumented extensions. There is a backwards compatibility break here. I'll fix it, but I do want to take a closer look at why it's happening. |
This is crucial for the deprecation of non-bare egg URL fragments as they used to be the sole way to request an extra for a VCS editable install. I've also removed all references to egg fragments from the user docs and added further explanation of the Direct URL form in the VCS support topic. Getting the error handling right was a pain. That's why I extracted the two parsing flows into their own functions. Co-authored-by: Tzu-ping Chung <uranusjr@gmail.com>
ichard26
force-pushed
the
feat/direct-editables
branch
from
fcae387 to
8850376
Compare
|
@ichard26 is this ready for review? Hard to tell from your last comment. |
|
@notatallshaw short of the one outstanding documentation change that's noted above, this is indeed ready for review. |
sbidoul
reviewed
Oct 18, 2025
There was a problem hiding this comment.
Thanks for this work @ichard26. I made a pass on this and did a few tests. Everything works as I expected.
A few minor comments, some of which for possible followups.
I noticed a remaining #egg mention in a warning message:
pip install -e "pkgb @ file://$PWD/pkga"
WARNING: Generating metadata for package pkgb produced metadata for project name pkga. Fix your #egg=pkgb fragments.
| name = req.name | ||
| return (name, req.url, req.extras) | ||
|
|
||
| raise ValueError |
There was a problem hiding this comment.
Note: it could be convenient to support pkgname[extras] @ ./localdir as an alternative to ./localdir[extras]. But that can be discussed separately.
There was a problem hiding this comment.
I'd rather not add extensions to standard requirement syntax, but yes, this would be a follow up.
|
|
||
| package_name = link.egg_fragment | ||
| if not package_name: | ||
| # The project name can be inferred from local file URIs easily. |
There was a problem hiding this comment.
What do you mean with this comment?
There was a problem hiding this comment.
With the extraction of _parse_pip_syntax_editable(), now every editable requirement is checked that there is a known project name. This is problematic for local editable reqs like -e . or -e /local/path. Previously these cases would return early in parse_editable() skipping this check, but now they fail it. However, pip can and will infer the project name for local file URIs so we skip the check if that's the case.
|
@notatallshaw I do want to get this into the 25.3 release. I'll aim to get this updated by EOD tomorrow. |
|
@ichard26 👍, I'll try and do a quick pass over this today, but as it's so far outside my expertise it's unlikely I'll have any additional comments. |
Co-authored-by: Stéphane Bidoul <stephane.bidoul@acsone.eu>
sbidoul
approved these changes
Oct 21, 2025
There was a problem hiding this comment.
Don't forget to postpone the #egg deprecation:
pip/src/pip/_internal/models/link.py
Lines 476 to 482 in 4dd68aa
At some point this warning will also need addressing to be complete:
pip/src/pip/_internal/req/req_install.py
Lines 424 to 430 in 4dd68aa
Resolved conflict in tests/functional/test_install_reqs.py by keeping the test_nonpep517_setuptools_import_failure test and TestEditableDirectURL class from the PR branch.
The --no-use-pep517 option has been removed from pip as part of the move to PEP 517-only builds. This test is no longer valid and was causing failures. Also removed the no-longer-needed make_wheel import.
|
Thanks @ichard26 ! I'll follow up in a moment with a PR that bumps any remaining |
github-actions bot
added a commit
to LPvdT/mlflow-3-tutorials
that referenced
this pull request
Oct 26, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-merge-queue bot
pushed a commit
to google/scaaml
that referenced
this pull request
Oct 27, 2025
Bumps the dependabot group with 7 updates:
| Package | From | To |
| --- | --- | --- |
| [termcolor](https://github.com/termcolor/termcolor) | `3.1.0` |
`3.2.0` |
| [typing-extensions](https://github.com/python/typing_extensions) |
`4.13.1` | `4.15.0` |
| [pip](https://github.com/pypa/pip) | `25.2` | `25.3` |
| [build](https://github.com/pypa/build) | `1.2.1` | `1.3.0` |
| [click](https://github.com/pallets/click) | `8.2.0` | `8.3.0` |
| [pip-tools](https://github.com/jazzband/pip-tools) | `7.4.0` | `7.5.1`
|
| [tomli](https://github.com/hukkin/tomli) | `2.2.1` | `2.3.0` |
Updates `termcolor` from 3.1.0 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/termcolor/termcolor/releases">termcolor's
releases</a>.</em></p>
<blockquote>
<h2>Release 3.2.0</h2>
<h2>Added</h2>
<ul>
<li>Expose <code>can_colorize</code> as public API (<a
href="https://redirect.github.com/termcolor/termcolor/issues/114">#114</a>)
<a href="https://github.com/hugovk"><code>@hugovk</code></a></li>
<li>Add support for Python 3.15 (<a
href="https://redirect.github.com/termcolor/termcolor/issues/123">#123</a>)
<a href="https://github.com/hugovk"><code>@hugovk</code></a></li>
</ul>
<h2>Changed</h2>
<ul>
<li>Drop support for Python 3.9 (<a
href="https://redirect.github.com/termcolor/termcolor/issues/121">#121</a>)
<a href="https://github.com/hugovk"><code>@hugovk</code></a></li>
<li>Replace action-pre-commit-uv with prek-action (<a
href="https://redirect.github.com/termcolor/termcolor/issues/124">#124</a>)
<a href="https://github.com/hugovk"><code>@hugovk</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/termcolor/termcolor/commit/5a8d509d66bfb37cc9ea7fa3a54436e2d2c57bf6"><code>5a8d509</code></a>
Replace action-pre-commit-uv with prek-action (<a
href="https://redirect.github.com/termcolor/termcolor/issues/124">#124</a>)</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/fc80bde43b41806a685b8671aad97056d05861be"><code>fc80bde</code></a>
Replace tox-dev/action-pre-commit-uv with j178/prek-action</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/a47f0aff4fb133a7ee42b58868fa74608df627f5"><code>a47f0af</code></a>
Add support for Python 3.15 (<a
href="https://redirect.github.com/termcolor/termcolor/issues/123">#123</a>)</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/753484350cadaea6ac8a2a2636ecacea6253c1c9"><code>7534843</code></a>
Remove outdated coverage.py config</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/8f97fc633691ef4316c73b3dddcb3116dee547b3"><code>8f97fc6</code></a>
Add support for Python 3.15</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/e923aea7f282a2a8adb60e5f316528f0b6c277f7"><code>e923aea</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/termcolor/termcolor/issues/122">#122</a>)</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/1b9b645bb4d9c482c693fb0f17f0320781036bb3"><code>1b9b645</code></a>
Drop support for Python 3.9 (<a
href="https://redirect.github.com/termcolor/termcolor/issues/121">#121</a>)</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/c33a777d1c68224caaf1103287aa635b7f676192"><code>c33a777</code></a>
Drop support for Python 3.9</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/35c0548e930f65449ca37d63aed4c21c7f842a89"><code>35c0548</code></a>
Update github-actions (<a
href="https://redirect.github.com/termcolor/termcolor/issues/117">#117</a>)</li>
<li><a
href="https://github.com/termcolor/termcolor/commit/743d6284129907160f342babce6c2ab8e55c57c6"><code>743d628</code></a>
Update github-actions</li>
<li>Additional commits viewable in <a
href="https://github.com/termcolor/termcolor/compare/3.1.0...3.2.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `typing-extensions` from 4.13.1 to 4.15.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python/typing_extensions/releases">typing-extensions's
releases</a>.</em></p>
<blockquote>
<h2>4.15.0</h2>
<p>No user-facing changes since 4.15.0rc1.</p>
<p>New features since 4.14.1:</p>
<ul>
<li>Add the <code>@typing_extensions.disjoint_base</code> decorator, as
specified
in PEP 800. Patch by Jelle Zijlstra.</li>
<li>Add <code>typing_extensions.type_repr</code>, a backport of
<a
href="https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr"><code>annotationlib.type_repr</code></a>,
introduced in Python 3.14 (CPython PR <a
href="https://redirect.github.com/python/cpython/pull/124551">#124551</a>,
originally by Jelle Zijlstra). Patch by Semyon Moroz.</li>
<li>Fix behavior of type params in
<code>typing_extensions.evaluate_forward_ref</code>. Backport of
CPython PR <a
href="https://redirect.github.com/python/cpython/pull/137227">#137227</a>
by Jelle Zijlstra.</li>
</ul>
<h2>4.15.0rc1</h2>
<ul>
<li>Add the <code>@typing_extensions.disjoint_base</code> decorator, as
specified
in PEP 800. Patch by Jelle Zijlstra.</li>
<li>Add <code>typing_extensions.type_repr</code>, a backport of
<a
href="https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr"><code>annotationlib.type_repr</code></a>,
introduced in Python 3.14 (CPython PR <a
href="https://redirect.github.com/python/cpython/pull/124551">#124551</a>,
originally by Jelle Zijlstra). Patch by Semyon Moroz.</li>
<li>Fix behavior of type params in
<code>typing_extensions.evaluate_forward_ref</code>. Backport of
CPython PR <a
href="https://redirect.github.com/python/cpython/pull/137227">#137227</a>
by Jelle Zijlstra.</li>
</ul>
<h2>4.14.1</h2>
<h1>Release 4.14.1 (July 4, 2025)</h1>
<ul>
<li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside
other types
(e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is
not allowed by the
type system but worked on older versions, so we maintain support.</li>
</ul>
<h2>4.14.0</h2>
<p>This release adds several new features, including experimental
support for inline typed dictionaries (<a
href="https://peps.python.org/pep-0764/">PEP 764</a>) and sentinels (<a
href="https://peps.python.org/pep-0661/">PEP 661</a>), and support for
changes in Python 3.14. In addition, Python 3.8 is no longer
supported.</p>
<p>Changes since 4.14.0rc1:</p>
<ul>
<li>Remove <code>__or__</code> and <code>__ror__</code> methods from
<code>typing_extensions.Sentinel</code>
on Python versions <3.10. PEP 604 was introduced in Python 3.10, and
<code>typing_extensions</code> does not generally attempt to backport
PEP-604 methods
to prior versions.</li>
<li>Further update <code>typing_extensions.evaluate_forward_ref</code>
with changes in Python 3.14.</li>
</ul>
<p>Changes included in 4.14.0rc1:</p>
<ul>
<li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a
href="https://github.com/Viicos">Victorien Plot</a>.</li>
<li>Do not attempt to re-export names that have been removed from
<code>typing</code>,
anticipating the removal of <code>typing.no_type_check_decorator</code>
in Python 3.15.
Patch by Jelle Zijlstra.</li>
<li>Update <code>typing_extensions.Format</code>,
<code>typing_extensions.evaluate_forward_ref</code>, and
<code>typing_extensions.TypedDict</code> to align</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's
changelog</a>.</em></p>
<blockquote>
<h1>Release 4.15.0 (August 25, 2025)</h1>
<p>No user-facing changes since 4.15.0rc1.</p>
<h1>Release 4.15.0rc1 (August 18, 2025)</h1>
<ul>
<li>Add the <code>@typing_extensions.disjoint_base</code> decorator, as
specified
in PEP 800. Patch by Jelle Zijlstra.</li>
<li>Add <code>typing_extensions.type_repr</code>, a backport of
<a
href="https://docs.python.org/3.14/library/annotationlib.html#annotationlib.type_repr"><code>annotationlib.type_repr</code></a>,
introduced in Python 3.14 (CPython PR <a
href="https://redirect.github.com/python/cpython/pull/124551">#124551</a>,
originally by Jelle Zijlstra). Patch by Semyon Moroz.</li>
<li>Fix behavior of type params in
<code>typing_extensions.evaluate_forward_ref</code>. Backport of
CPython PR <a
href="https://redirect.github.com/python/cpython/pull/137227">#137227</a>
by Jelle Zijlstra.</li>
</ul>
<h1>Release 4.14.1 (July 4, 2025)</h1>
<ul>
<li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside
other types
(e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is
not allowed by the
type system but worked on older versions, so we maintain support.</li>
</ul>
<h1>Release 4.14.0 (June 2, 2025)</h1>
<p>Changes since 4.14.0rc1:</p>
<ul>
<li>Remove <code>__or__</code> and <code>__ror__</code> methods from
<code>typing_extensions.Sentinel</code>
on Python versions <3.10. PEP 604 was introduced in Python 3.10, and
<code>typing_extensions</code> does not generally attempt to backport
PEP-604 methods
to prior versions.</li>
<li>Further update <code>typing_extensions.evaluate_forward_ref</code>
with changes in Python 3.14.</li>
</ul>
<h1>Release 4.14.0rc1 (May 24, 2025)</h1>
<ul>
<li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a
href="https://github.com/Viicos">Victorien Plot</a>.</li>
<li>Do not attempt to re-export names that have been removed from
<code>typing</code>,
anticipating the removal of <code>typing.no_type_check_decorator</code>
in Python 3.15.
Patch by Jelle Zijlstra.</li>
<li>Update <code>typing_extensions.Format</code>,
<code>typing_extensions.evaluate_forward_ref</code>, and
<code>typing_extensions.TypedDict</code> to align
with changes in Python 3.14. Patches by Jelle Zijlstra.</li>
<li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li>
</ul>
<p>New features:</p>
<ul>
<li>Add support for inline typed dictionaries (<a
href="https://peps.python.org/pep-0764/">PEP 764</a>).
Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li>
<li>Add <code>typing_extensions.Reader</code> and
<code>typing_extensions.Writer</code>. Patch by
Sebastian Rittau.</li>
<li>Add support for sentinels (<a
href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by
<a href="https://github.com/Viicos">Victorien Plot</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python/typing_extensions/commit/9d1637e264b5c1a6b7acee3e907015f89b20c2c9"><code>9d1637e</code></a>
Prepare release 4.15.0 (<a
href="https://redirect.github.com/python/typing_extensions/issues/658">#658</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/4bd67c5be5d9443c7d33c314d02a56ee125eb88d"><code>4bd67c5</code></a>
Coverage: exclude some noise (<a
href="https://redirect.github.com/python/typing_extensions/issues/656">#656</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/e589a26da73b075c5276bae40b86db1af0144f84"><code>e589a26</code></a>
Coverage: add detailed report to job summary (<a
href="https://redirect.github.com/python/typing_extensions/issues/655">#655</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/67d37fed1298e050f74d5acc95b2621bd37837ad"><code>67d37fe</code></a>
Coverage: Implement fail_under (<a
href="https://redirect.github.com/python/typing_extensions/issues/654">#654</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/e9ae26f5286edee9262727755ecb9ad16e999192"><code>e9ae26f</code></a>
Don't delete previous coverage comment (<a
href="https://redirect.github.com/python/typing_extensions/issues/653">#653</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/ac80bb728a3006fc88ef7373b92f0c25cfcc7895"><code>ac80bb7</code></a>
Add Coverage workflow (<a
href="https://redirect.github.com/python/typing_extensions/issues/623">#623</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/abaaafd98c1cc7e5baf098ec287a3d22cb339670"><code>abaaafd</code></a>
Prepare release 4.15.0rc1 (<a
href="https://redirect.github.com/python/typing_extensions/issues/650">#650</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/98104053ea8d49bcdd247804e5fa9f73136acbd4"><code>9810405</code></a>
Add <code>@disjoint_base</code> (PEP 800) (<a
href="https://redirect.github.com/python/typing_extensions/issues/634">#634</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/7ee9e05fd484d06899ce56e80f5e1aa4c760fc03"><code>7ee9e05</code></a>
Backport type_params fix from CPython (<a
href="https://redirect.github.com/python/typing_extensions/issues/646">#646</a>)</li>
<li><a
href="https://github.com/python/typing_extensions/commit/1e8eb9c06ef51b3a1e1f05303a16feca13f5ed98"><code>1e8eb9c</code></a>
Do not refer to PEP 705 as being experimental (<a
href="https://redirect.github.com/python/typing_extensions/issues/648">#648</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/python/typing_extensions/compare/4.13.1...4.15.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `pip` from 25.2 to 25.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.3 (2025-10-24)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>
<p>Remove support for the legacy <code>setup.py develop</code> editable
method in setuptools
editable installs; setuptools >= 64 is now required.
(<code>[#11457](https://github.com/pypa/pip/issues/11457)
<https://github.com/pypa/pip/issues/11457></code>_)</p>
</li>
<li>
<p>Remove the deprecated <code>--global-option</code> and
<code>--build-option</code>.
<code>--config-setting</code> is now the only way to pass options to the
build backend. (<code>[#11859](https://github.com/pypa/pip/issues/11859)
<https://github.com/pypa/pip/issues/11859></code>_)</p>
</li>
<li>
<p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for
specifying build
constraints.</p>
<p>Use the <code>--build-constraint</code> option or the
<code>PIP_BUILD_CONSTRAINT</code> environment variable
instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no
longer affects isolated build
environments. To enable this behavior without specifying any build
constraints, use
<code>--use-feature=build-constraint</code>.
(<code>[#13534](https://github.com/pypa/pip/issues/13534)
<https://github.com/pypa/pip/issues/13534></code>_)</p>
</li>
<li>
<p>Remove support for non-standard legacy wheel filenames.
(<code>[#13581](https://github.com/pypa/pip/issues/13581)
<https://github.com/pypa/pip/issues/13581></code>_)</p>
</li>
<li>
<p>Remove support for the deprecated <code>setup.py bdist_wheel</code>
mechanism. Consequently,
<code>--use-pep517</code> is now always on, and
<code>--no-use-pep517</code> has been removed.
(<code>[#6334](https://github.com/pypa/pip/issues/6334)
<https://github.com/pypa/pip/issues/6334></code>_)</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>When :pep:<code>658</code> metadata is available, full distribution
files are no longer downloaded when using <code>pip lock</code> or
<code>pip install --dry-run</code>.
(<code>[#12603](https://github.com/pypa/pip/issues/12603)
<https://github.com/pypa/pip/issues/12603></code>_)</li>
<li>Add support for installing an editable requirement written as a
Direct URL (<code>PackageName @ URL</code>).
(<code>[#13495](https://github.com/pypa/pip/issues/13495)
<https://github.com/pypa/pip/issues/13495></code>_)</li>
<li>Add support for build constraints via the
<code>--build-constraint</code> option. This
allows constraining the versions of packages used during the build
process
(e.g., setuptools) without affecting the final installation.
(<code>[#13534](https://github.com/pypa/pip/issues/13534)
<https://github.com/pypa/pip/issues/13534></code>_)</li>
<li>On <code>ResolutionImpossible</code> errors, include a note about
causes with no candidates.
(<code>[#13588](https://github.com/pypa/pip/issues/13588)
<https://github.com/pypa/pip/issues/13588></code>_)</li>
<li>Building pip itself from source now uses flit-core instead of
setuptools.
This does not affect how pip installs or builds packages you use.
(<code>[#13473](https://github.com/pypa/pip/issues/13473)
<https://github.com/pypa/pip/issues/13473></code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Handle malformed <code>Version</code> metadata entries and
show a sensible error message instead of crashing.
(<code>[#13443](https://github.com/pypa/pip/issues/13443)
<https://github.com/pypa/pip/issues/13443></code>_)</li>
<li>Permit spaces between a filepath and extras in an install
requirement. (<code>[#13523](https://github.com/pypa/pip/issues/13523)
<https://github.com/pypa/pip/issues/13523></code>_)</li>
<li>Ensure the self-check files in the cache have the same permissions
as the rest of the cache.
(<code>[#13528](https://github.com/pypa/pip/issues/13528)
<https://github.com/pypa/pip/issues/13528></code>_)</li>
<li>Avoid concurrency issues and improve performance when caching
locally built wheels,
especially when the temporary build directory is on a different
filesystem than the cache.
The wheel directory passed to the build backend is now a temporary
subdirectory inside
the cache directory.
(<code>[#13540](https://github.com/pypa/pip/issues/13540)
<https://github.com/pypa/pip/issues/13540></code>_)</li>
<li>Include relevant user-supplied constraints in logs when reporting
dependency conflicts.
(<code>[#13545](https://github.com/pypa/pip/issues/13545)
<https://github.com/pypa/pip/issues/13545></code>_)</li>
<li>Fix a regression in configuration parsing that was turning a single
value
into a list and thus leading to a validation error.
(<code>[#13548](https://github.com/pypa/pip/issues/13548)
<https://github.com/pypa/pip/issues/13548></code>_)</li>
<li>For Python versions that do not support :pep:<code>706</code>, pip
will now raise an installation error for a
source distribution when it includes a symlink that points outside the
source distribution archive.
(<code>[#13550](https://github.com/pypa/pip/issues/13550)
<https://github.com/pypa/pip/issues/13550></code>_)</li>
<li>Prevent <code>--user</code> installs if
<code>site.ENABLE_USER_SITE</code> is set to <code>False</code>.
(<code>[#8794](https://github.com/pypa/pip/issues/8794)
<https://github.com/pypa/pip/issues/8794></code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a>
Fix up authors by adding entry to <code>.mailmap</code></li>
<li><a
href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from
sbidoul/imp-doc-pep517-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from
notatallshaw/bump-gone_in="25.3"</li>
<li><a
href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a>
Bump gone_in="25.3"</li>
<li><a
href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from
ichard26/feat/direct-editables</li>
<li><a
href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from
ShubhamNagure/fix-constraint-reporting-13545</li>
<li><a
href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from
notatallshaw/hint-on-resolution-impossible-whe...</li>
<li><a
href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from
pelson/honour_user_site</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.2...25.3">compare
view</a></li>
</ul>
</details>
<br />
Updates `build` from 1.2.1 to 1.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/releases">build's
releases</a>.</em></p>
<blockquote>
<h2>1.3.0</h2>
<ul>
<li>Add <code>--config-json</code> (PR <a
href="https://redirect.github.com/pypa/build/issues/916">#916</a>, fixes
issue <a
href="https://redirect.github.com/pypa/build/issues/900">#900</a>)</li>
<li>Drop Python 3.8 (PR <a
href="https://redirect.github.com/pypa/build/issues/891">#891</a>)</li>
<li>Test on Python 3.14, colorful help on 3.14+ (PR <a
href="https://redirect.github.com/pypa/build/issues/895">#895</a>)</li>
<li>Fix <code>ModuleNotFoundError</code> when <code>pip</code> is not
installed (PR <a
href="https://redirect.github.com/pypa/build/issues/898">#898</a>)</li>
<li>Disable use of <code>pip install --python</code> for debundled pip
(PR <a
href="https://redirect.github.com/pypa/build/issues/861">#861</a>)</li>
<li>Don't pass no-wheel to virtualenv if it would warn (PR <a
href="https://redirect.github.com/pypa/build/issues/892">#892</a>)</li>
<li>Optimize our tests to run faster (PR <a
href="https://redirect.github.com/pypa/build/issues/871">#871</a>, <a
href="https://redirect.github.com/pypa/build/issues/872">#872</a>, <a
href="https://redirect.github.com/pypa/build/issues/738">#738</a>)</li>
<li>Allow running our tests without virtualenv (PR <a
href="https://redirect.github.com/pypa/build/issues/911">#911</a>)</li>
<li>Fix issues in our tests (PR <a
href="https://redirect.github.com/pypa/build/issues/824">#824</a>, <a
href="https://redirect.github.com/pypa/build/issues/918">#918</a>, <a
href="https://redirect.github.com/pypa/build/issues/870">#870</a>, <a
href="https://redirect.github.com/pypa/build/issues/915">#915</a>, <a
href="https://redirect.github.com/pypa/build/issues/862">#862</a>, <a
href="https://redirect.github.com/pypa/build/issues/863">#863</a>, <a
href="https://redirect.github.com/pypa/build/issues/899">#899</a>, <a
href="https://redirect.github.com/pypa/build/issues/896">#896</a>, <a
href="https://redirect.github.com/pypa/build/issues/854">#854</a>)</li>
<li>Use SPDX identifiers for our license metadata (PR <a
href="https://redirect.github.com/pypa/build/issues/914">#914</a>)</li>
<li>Use dependency-groups for our development (PR <a
href="https://redirect.github.com/pypa/build/issues/880">#880</a>)</li>
<li>Mention conda and update uv mention in README/docs (PR <a
href="https://redirect.github.com/pypa/build/issues/842">#842</a>, <a
href="https://redirect.github.com/pypa/build/issues/816">#816</a>, <a
href="https://redirect.github.com/pypa/build/issues/917">#917</a>)</li>
</ul>
<h2>1.2.2.post1</h2>
<!-- raw HTML omitted -->
<p>This release only makes metadata (Python 3.13 classifier), docs, and
test suite changes.</p>
<h2>What's Changed</h2>
<ul>
<li>ci: add Python 3.13 by <a
href="https://github.com/henryiii"><code>@henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/815">pypa/build#815</a></li>
<li>docs: mention conda-forge name in README by <a
href="https://github.com/henryiii"><code>@henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/816">pypa/build#816</a></li>
<li>docs: add a missing ` in README by <a
href="https://github.com/SigureMo"><code>@SigureMo</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/817">pypa/build#817</a></li>
<li>tests: fix under pyproject-hooks 1.2 by <a
href="https://github.com/layday"><code>@layday</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/824">pypa/build#824</a></li>
<li>ci: add PyPI attestations by <a
href="https://github.com/henryiii"><code>@henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/821">pypa/build#821</a></li>
<li>chore: 1.2.2.post1 by <a
href="https://github.com/henryiii"><code>@henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/820">pypa/build#820</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/SigureMo"><code>@SigureMo</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/build/pull/817">pypa/build#817</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/build/compare/1.2.2...1.2.2.post1">https://github.com/pypa/build/compare/1.2.2...1.2.2.post1</a></p>
<h2>Version 1.2.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add editable to <code>builder.get_requries_for_build</code>'s static
types
(PR <a
href="https://redirect.github.com/pypa/build/issues/764">#764</a>, fixes
issue <a
href="https://redirect.github.com/pypa/build/issues/763">#763</a>)</li>
<li>Include artifact attestations in our release
(PR <a
href="https://redirect.github.com/pypa/build/issues/782">#782</a>)</li>
<li>Fix typing compatibility with typed <code>pyproject-hooks</code>
(PR <a
href="https://redirect.github.com/pypa/build/issues/788">#788</a>)</li>
<li>Mark more tests with <code>network</code>
(PR <a
href="https://redirect.github.com/pypa/build/issues/808">#808</a>)</li>
<li>Add more intersphinx links to docs
(PR <a
href="https://redirect.github.com/pypa/build/issues/804">#804</a>)</li>
<li>Make <code>uv</code> optional for tests
(PR <a href="https://redirect.github.com/pypa/build/issues/807">#807</a>
and <a
href="https://redirect.github.com/pypa/build/issues/813">#813</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/blob/main/CHANGELOG.rst">build's
changelog</a>.</em></p>
<blockquote>
<h1>1.3.0 (2025-08-01)</h1>
<ul>
<li>Add <code>--config-json</code>
(PR :pr:<code>916</code>, fixes issue :issue:<code>900</code>)</li>
<li>Drop Python 3.8
(PR :pr:<code>891</code>)</li>
<li>Test on Python 3.14, colorful help on 3.14+
(PR :pr:<code>895</code>)</li>
<li>Fix <code>ModuleNotFoundError</code> when <code>pip</code> is not
installed
(PR :pr:<code>898</code>)</li>
<li>Disable use of <code>pip install --python</code> for debundled pip
(PR :pr:<code>861</code>)</li>
<li>Don't pass no-wheel to virtualenv if it would warn
(PR :pr:<code>892</code>)</li>
<li>Optimize our tests to run faster
(PR :pr:<code>871</code>, :pr:<code>872</code>,
:pr:<code>738</code>)</li>
<li>Allow running our tests without virtualenv
(PR :pr:<code>911</code>)</li>
<li>Fix issues in our tests
(PR :pr:<code>824</code>, :pr:<code>918</code>, :pr:<code>870</code>,
:pr:<code>915</code>, :pr:<code>862</code>, :pr:<code>863</code>,
:pr:<code>899</code>, :pr:<code>896</code>, :pr:<code>854</code>)</li>
<li>Use SPDX identifiers for our license metadata
(PR :pr:<code>914</code>)</li>
<li>Use dependency-groups for our development
(PR :pr:<code>880</code>)</li>
<li>Mention conda and update uv mention in README/docs
(PR :pr:<code>842</code>, :pr:<code>816</code>,
:pr:<code>917</code>)</li>
</ul>
<h1>1.2.2 (2024-09-06)</h1>
<ul>
<li>Add editable to <code>builder.get_requries_for_build</code>'s static
types
(PR :pr:<code>764</code>, fixes issue :issue:<code>763</code>)</li>
<li>Include artifact attestations in our release
(PR :pr:<code>782</code>)</li>
<li>Fix typing compatibility with typed <code>pyproject-hooks</code>
(PR :pr:<code>788</code>)</li>
<li>Mark more tests with <code>network</code>
(PR :pr:<code>808</code>)</li>
<li>Add more intersphinx links to docs
(PR :pr:<code>804</code>)</li>
<li>Make <code>uv</code> optional for tests
(PR :pr:<code>807</code> and :pr:<code>813</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/build/commit/60e8752f69178d2b2c3563e9c8fa17aa6e11b12c"><code>60e8752</code></a>
chore: bump to 1.3.0 (<a
href="https://redirect.github.com/pypa/build/issues/919">#919</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/807cfba618bc4f7b13e938ffa395fffd82494383"><code>807cfba</code></a>
feat: add --config-json (<a
href="https://redirect.github.com/pypa/build/issues/916">#916</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/bf54ad04ffe30e7f7847ea0bcbc081b550830950"><code>bf54ad0</code></a>
tests: fix issues with ignore</li>
<li><a
href="https://github.com/pypa/build/commit/53852df8d84d1d17afaa851d4e1cc3754676bb29"><code>53852df</code></a>
docs: uv example</li>
<li><a
href="https://github.com/pypa/build/commit/b983371befe0547b312aba36083b859d923d9bfc"><code>b983371</code></a>
tests: optional virtualenv</li>
<li><a
href="https://github.com/pypa/build/commit/6cd157ad0b614a76a13374032a4f56b65048c0be"><code>6cd157a</code></a>
Adopt PEP 639 "license" field (<a
href="https://redirect.github.com/pypa/build/issues/914">#914</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/bdaea367438b8e5ed3c26a7497eafc007084fbec"><code>bdaea36</code></a>
tests: fixes for errors in CI</li>
<li><a
href="https://github.com/pypa/build/commit/14d6508679e2ddb4a511b4b41e972cb374e9dadb"><code>14d6508</code></a>
pre-commit: bump repositories</li>
<li><a
href="https://github.com/pypa/build/commit/59ac60e78e0dc5164355bd29eb99fb1cb2d7a59c"><code>59ac60e</code></a>
pre-commit: bump repositories</li>
<li><a
href="https://github.com/pypa/build/commit/48ebd63cd7049dff737093c462970262ae1ceed0"><code>48ebd63</code></a>
pre-commit: bump repositories</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/build/compare/1.2.1...1.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `click` from 8.2.0 to 8.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/click/releases">click's
releases</a>.</em></p>
<blockquote>
<h2>8.3.0</h2>
<p>This is the Click 8.3.0 feature release. A feature release may
include new features, remove previously deprecated code, add new
deprecation, or introduce potentially breaking changes.</p>
<p>We encourage everyone to upgrade. You can read more about our <a
href="https://palletsprojects.com/versions">Version Support Policy</a>
on our website.</p>
<p>PyPI: <a
href="https://pypi.org/project/click/8.3.0/">https://pypi.org/project/click/8.3.0/</a>
Changes: <a
href="https://click.palletsprojects.com/page/changes/#version-8-3-0">https://click.palletsprojects.com/page/changes/#version-8-3-0</a>
Milestone <a
href="https://github.com/pallets/click/milestone/27">https://github.com/pallets/click/milestone/27</a></p>
<ul>
<li>
<p><strong>Improved flag option handling</strong>: Reworked the
relationship between <code>flag_value</code>
and <code>default</code> parameters for better consistency:</p>
<ul>
<li>The <code>default</code> parameter value is now preserved as-is and
passed directly
to CLI functions (no more unexpected transformations)</li>
<li>Exception: flag options with <code>default=True</code> maintain
backward compatibility
by defaulting to their <code>flag_value</code></li>
<li>The <code>default</code> parameter can now be any type
(<code>bool</code>, <code>None</code>, etc.)</li>
<li>Fixes inconsistencies reported in: <a
href="https://redirect.github.com/pallets/click/issues/1992">#1992</a>
<a
href="https://redirect.github.com/pallets/click/issues/2514">#2514</a>
<a
href="https://redirect.github.com/pallets/click/issues/2610">#2610</a>
<a
href="https://redirect.github.com/pallets/click/issues/3024">#3024</a>
<a
href="https://redirect.github.com/pallets/click/issues/3030">#3030</a></li>
</ul>
</li>
<li>
<p>Allow <code>default</code> to be set on <code>Argument</code> for
<code>nargs = -1</code>. <a
href="https://redirect.github.com/pallets/click/issues/2164">#2164</a>
<a
href="https://redirect.github.com/pallets/click/issues/3030">#3030</a></p>
</li>
<li>
<p>Show correct auto complete value for <code>nargs</code> option in
combination with flag
option <a
href="https://redirect.github.com/pallets/click/issues/2813">#2813</a></p>
</li>
<li>
<p>Show correct auto complete value for nargs option in combination with
flag option <a
href="https://redirect.github.com/pallets/click/issues/2813">#2813</a></p>
</li>
<li>
<p>Fix handling of quoted and escaped parameters in Fish autocompletion.
<a
href="https://redirect.github.com/pallets/click/issues/2995">#2995</a>
<a
href="https://redirect.github.com/pallets/click/issues/3013">#3013</a></p>
</li>
<li>
<p>Lazily import <code>shutil</code>. <a
href="https://redirect.github.com/pallets/click/issues/3023">#3023</a></p>
</li>
<li>
<p>Properly forward exception information to resources registered with
<code>click.core.Context.with_resource()</code>. <a
href="https://redirect.github.com/pallets/click/issues/2447">#2447</a>
<a
href="https://redirect.github.com/pallets/click/issues/3058">#3058</a></p>
</li>
<li>
<p>Fix regression related to EOF handling in CliRunner. <a
href="https://redirect.github.com/pallets/click/issues/2939">#2939</a>
<a
href="https://redirect.github.com/pallets/click/issues/2940">#2940</a></p>
</li>
</ul>
<h2>8.2.2</h2>
<p>This is the Click 8.2.2 fix release, which fixes bugs but does not
otherwise change behavior and should not result in breaking changes
compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/click/8.2.2/">https://pypi.org/project/click/8.2.2/</a>
Changes: <a
href="https://click.palletsprojects.com/page/changes/#version-8-2-2">https://click.palletsprojects.com/page/changes/#version-8-2-2</a>
Milestone: <a
href="https://github.com/pallets/click/milestone/25">https://github.com/pallets/click/milestone/25</a></p>
<ul>
<li>Fix reconciliation of <code>default</code>, <code>flag_value</code>
and <code>type</code> parameters for
flag options, as well as parsing and normalization of environment
variables.
<a
href="https://redirect.github.com/pallets/click/issues/2952">#2952</a>
<a
href="https://redirect.github.com/pallets/click/issues/2956">#2956</a></li>
<li>Fix typing issue in <code>BadParameter</code> and
<code>MissingParameter</code> exceptions for the
parameter <code>param_hint</code> that did not allow for a sequence of
string where the
underlying functino <code>_join_param_hints</code> allows for it. <a
href="https://redirect.github.com/pallets/click/issues/2777">#2777</a>
<a
href="https://redirect.github.com/pallets/click/issues/2990">#2990</a></li>
<li>Use the value of <code>Enum</code> choices to render their default
value in help
screen. <a
href="https://redirect.github.com/pallets/click/issues/2911">#2911</a>
<a
href="https://redirect.github.com/pallets/click/issues/3004">#3004</a></li>
<li>Fix completion for the Z shell (<code>zsh</code>) for completion
items containing
colons. <a
href="https://redirect.github.com/pallets/click/issues/2703">#2703</a>
<a
href="https://redirect.github.com/pallets/click/issues/2846">#2846</a></li>
<li>Don't include envvar in error hint when not configured. <a
href="https://redirect.github.com/pallets/click/issues/2971">#2971</a>
<a
href="https://redirect.github.com/pallets/click/issues/2972">#2972</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/click/blob/main/CHANGES.rst">click's
changelog</a>.</em></p>
<blockquote>
<h2>Version 8.3.0</h2>
<p>Released 2025-09-17</p>
<ul>
<li>
<p><strong>Improved flag option handling</strong>: Reworked the
relationship between <code>flag_value</code>
and <code>default</code> parameters for better consistency:</p>
<ul>
<li>The <code>default</code> parameter value is now preserved as-is and
passed directly
to CLI functions (no more unexpected transformations)</li>
<li>Exception: flag options with <code>default=True</code> maintain
backward compatibility
by defaulting to their <code>flag_value</code></li>
<li>The <code>default</code> parameter can now be any type
(<code>bool</code>, <code>None</code>, etc.)</li>
<li>Fixes inconsistencies reported in: :issue:<code>1992</code>
:issue:<code>2514</code> :issue:<code>2610</code>
:issue:<code>3024</code> :pr:<code>3030</code></li>
</ul>
</li>
<li>
<p>Allow <code>default</code> to be set on <code>Argument</code> for
<code>nargs = -1</code>. :issue:<code>2164</code>
:pr:<code>3030</code></p>
</li>
<li>
<p>Show correct auto complete value for <code>nargs</code> option in
combination with flag
option :issue:<code>2813</code></p>
</li>
<li>
<p>Fix handling of quoted and escaped parameters in Fish autocompletion.
:issue:<code>2995</code> :pr:<code>3013</code></p>
</li>
<li>
<p>Lazily import <code>shutil</code>. :pr:<code>3023</code></p>
</li>
<li>
<p>Properly forward exception information to resources registered with
<code>click.core.Context.with_resource()</code>.
:issue:<code>2447</code> :pr:<code>3058</code></p>
</li>
<li>
<p>Fix regression related to EOF handling in <code>CliRunner</code>.
:issue:<code>2939</code> :pr:<code>2940</code></p>
</li>
</ul>
<h2>Version 8.2.2</h2>
<p>Released 2025-07-31</p>
<ul>
<li>Fix reconciliation of <code>default</code>, <code>flag_value</code>
and <code>type</code> parameters for
flag options, as well as parsing and normalization of environment
variables.
:issue:<code>2952</code> :pr:<code>2956</code></li>
<li>Fix typing issue in <code>BadParameter</code> and
<code>MissingParameter</code> exceptions for the
parameter <code>param_hint</code> that did not allow for a sequence of
string where the
underlying function <code>_join_param_hints</code> allows for it.
:issue:<code>2777</code> :pr:<code>2990</code></li>
<li>Use the value of <code>Enum</code> choices to render their default
value in help
screen. Refs :issue:<code>2911</code> :pr:<code>3004</code></li>
<li>Fix completion for the Z shell (<code>zsh</code>) for completion
items containing
colons. :issue:<code>2703</code> :pr:<code>2846</code></li>
<li>Don't include envvar in error hint when not configured.
:issue:<code>2971</code> :pr:<code>2972</code></li>
<li>Fix a rare race in <code>click.testing.StreamMixer</code>'s
finalization that manifested
as a <code>ValueError</code> on close in a multi-threaded test session.
:issue:<code>2993</code> :pr:<code>2991</code></li>
</ul>
<h2>Version 8.2.1</h2>
<p>Released 2025-05-20</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/click/commit/00fadb8904387158ce6e9aa1573be770446895c1"><code>00fadb8</code></a>
Release version 8.3.0</li>
<li><a
href="https://github.com/pallets/click/commit/2a0e3ba907927ade6951d5732b775f11b54cb766"><code>2a0e3ba</code></a>
testing/CliRunner: Fix regression related to EOF introduced in 262bdf0
(<a
href="https://redirect.github.com/pallets/click/issues/2940">#2940</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/e11a1efc3395e998a1521a0dc35672a799e78d30"><code>e11a1ef</code></a>
Merge branch 'main' into fix-cli-runner-prompt-eof-handling</li>
<li><a
href="https://github.com/pallets/click/commit/36deba8a95a2585de1a2aa4475b7f054f52830ac"><code>36deba8</code></a>
Forward exception information to resources registered in a context (<a
href="https://redirect.github.com/pallets/click/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/f2cae7ae997cd32311cab3dede4c2b89fe05e191"><code>f2cae7a</code></a>
<a
href="https://redirect.github.com/pallets/click/issues/2447">#2447</a>
Add summary of PR to changelog for 8.3.x</li>
<li><a
href="https://github.com/pallets/click/commit/7c7ec36354f49d1a092cb077fa4881ea4d70ba01"><code>7c7ec36</code></a>
<a
href="https://redirect.github.com/pallets/click/issues/2447">#2447</a>
Split resource exception handling tests in single and nested</li>
<li><a
href="https://github.com/pallets/click/commit/92129c552da88ac30b578132031efa4b003ecc46"><code>92129c5</code></a>
<a
href="https://redirect.github.com/pallets/click/issues/2447">#2447</a>
Added exception forwarding to context tests</li>
<li><a
href="https://github.com/pallets/click/commit/555fa9bb37770a6845a98be60b0c84876775552e"><code>555fa9b</code></a>
<a
href="https://redirect.github.com/pallets/click/issues/2447">#2447</a>
Forward exception data to exit stack when calling
<code>__exit__</code></li>
<li><a
href="https://github.com/pallets/click/commit/16fe802a3f96c4c8fa3cd382f1a7577fda0c5321"><code>16fe802</code></a>
Add more tests on <code>Enum</code> rendering (<a
href="https://redirect.github.com/pallets/click/issues/3053">#3053</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/d36de6fc67882f23d7a7d61cd4c0e25e0f88b0ac"><code>d36de6f</code></a>
Add more tests on Enum rendering their item's names and not values</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/click/compare/8.2.0...8.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `pip-tools` from 7.4.0 to 7.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jazzband/pip-tools/releases">pip-tools's
releases</a>.</em></p>
<blockquote>
<h2>v7.5.1</h2>
<p><em>2025-09-26</em></p>
<h3>Bug fixes</h3>
<ul>
<li>
<p>Fixed static parsing of <code>pyproject.toml</code> data when the
<code>pyproject.toml</code> is supplied as a relative path -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2215">#2215</a>,
<a
href="https://redirect.github.com/jazzband/pip-tools/issues/2221">#2221</a>,
<a
href="https://redirect.github.com/jazzband/pip-tools/issues/2233">#2233</a></p>
</li>
<li>
<p>The "via" paths in <code>pip-compile</code> output for
requirements discovered from <code>pyproject.toml</code> data are now
written in POSIX format -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2221">#2221</a></p>
</li>
<li>
<p>Fixed a bug which removed slashes from URLs in <code>-r</code> and
<code>-c</code> in the output of <code>pip-compile</code> -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2223">#2223</a></p>
</li>
<li>
<p>Fixed an incompatibility with <code>click >= 8.3</code> which made
<code>pip-compile</code> display incorrect options in the compile
command in output headers -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2235">#2235</a></p>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p><code>pip-tools</code> now officially supports <code>pip</code>
version 25.2 -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2214">#2214</a></p>
</li>
</ul>
<h3>Improved documentation</h3>
<ul>
<li>
<p>ReadTheDocs builds for <code>pip-tools</code> no longer include
htmlzip and pdf outputs -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2218">#2218</a></p>
</li>
</ul>
<h3>Contributor-facing changes</h3>
<ul>
<li>
<p><code>pip-tools</code> now tests on <code>pip</code> version 25.2 --
by <a href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2214">#2214</a></p>
</li>
<li>
<p>The changelog documentation for contributors now provides hyperlinks
to the source of each example change note -- by <a
href="https://github.com/jayaddison"><code>@jayaddison</code></a> (for
OpenCulinary).</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2217">#2217</a></p>
</li>
<li>
<p>The CPython versions tested in nightly CI runs are now separate from
branch and PR CI, and don't include very old versions -- by <a
href="https://github.com/sirosen"><code>@sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2226">#2226</a></p>
</li>
</ul>
<h2>v7.5.0</h2>
<p><em>2025-07-30</em></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md">pip-tools's
changelog</a>.</em></p>
<blockquote>
<h2>v7.5.1</h2>
<p><em>2025-09-26</em></p>
<h3>Bug fixes</h3>
<ul>
<li>
<p>Fixed static parsing of {file}<code>pyproject.toml</code> data when
the
{file}<code>pyproject.toml</code> is supplied as a relative path -- by
{user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2215</code>,
{issue}<code>2221</code>, {issue}<code>2233</code></p>
</li>
<li>
<p>The "via" paths in <code>pip-compile</code> output for
requirements discovered from
<code>pyproject.toml</code> data are now written in POSIX format -- by
{user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2221</code></p>
</li>
<li>
<p>Fixed a bug which removed slashes from URLs in <code>-r</code> and
<code>-c</code> in the output
of <code>pip-compile</code> -- by {user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2223</code></p>
</li>
<li>
<p>Fixed an incompatibility with <code>click >= 8.3</code> which made
<code>pip-compile</code> display incorrect
options in the compile command in output headers -- by
{user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2235</code></p>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p><code>pip-tools</code> now officially supports <code>pip</code>
version 25.2 -- by {user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2214</code></p>
</li>
</ul>
<h3>Improved documentation</h3>
<ul>
<li>
<p>ReadTheDocs builds for <code>pip-tools</code> no longer include
htmlzip and pdf outputs -- by {user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2218</code></p>
</li>
</ul>
<h3>Contributor-facing changes</h3>
<ul>
<li>
<p><code>pip-tools</code> now tests on <code>pip</code> version 25.2 --
by {user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2214</code></p>
</li>
<li>
<p>The changelog documentation for contributors now provides hyperlinks
to the source of each example change note -- by
{user}<code>jayaddison</code> (for OpenCulinary).</p>
<p><em>PRs and issues:</em> {issue}<code>2217</code></p>
</li>
<li>
<p>The CPython versions tested in nightly CI runs are now separate from
branch and PR CI, and don't include very old versions -- by
{user}<code>sirosen</code>.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jazzband/pip-tools/commit/1c2692b7f45a94d93e3f4bb252da3fd711ad08a9"><code>1c2692b</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2245">#2245</a>
from sirosen/release-7.5.1</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/6a863fdebc8481adcda6fd0d019e0e1cc052b6ae"><code>6a863fd</code></a>
Various small fixes to the changelog</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/e8adc41d8054c998cc1c927f1a9cddb9a13f812a"><code>e8adc41</code></a>
Update changelog for version 7.5.1</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/9b4de7d3b8f3a4f12650a00fd6d63793ff0d4d38"><code>9b4de7d</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2242">#2242</a>
from sirosen/bump-nightly-ci-job-to-310</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/cd233ddb638f555d8a05012ffd6d61d9dc2f7b5c"><code>cd233dd</code></a>
Separately control CPython versions in nightly CI</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/78020b415bf6a023d45532ddcc8f87482336b43e"><code>78020b4</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2243">#2243</a>
from openculinary/pr-2217-followup/add-changelog-entry</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/2be5b1f76a8b34f0f4555d5761bb4ec86116d461"><code>2be5b1f</code></a>
Add changelog entry for <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2217">#2217</a></li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/16c793b06897e1ab22d326ebe249780a2fac9116"><code>16c793b</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2221">#2221</a>
from sirosen/fix-relpath-static-pyproject-parse</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/76bdc77f2cc44470347921c6aaa232719aab49cf"><code>76bdc77</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2217">#2217</a>
from openculinary/pr-2203-followup/reify-changenote-...</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/a5cf40c6418fcc241078845509fb47fa04fbe2cb"><code>a5cf40c</code></a>
Link second resolved issue in changelog</li>
<li>Additional commits viewable in <a
href="https://github.com/jazzband/pip-tools/compare/7.4.0...v7.5.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `tomli` from 2.2.1 to 2.3.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hukkin/tomli/blob/master/CHANGELOG.md">tomli's
changelog</a>.</em></p>
<blockquote>
<h2>2.3.0</h2>
<ul>
<li>Added
<ul>
<li>Binary wheels for Python 3.14 (also free-threaded)</li>
</ul>
</li>
<li>Performance
<ul>
<li>Reduced import time</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hukkin/tomli/commit/3fccd16450d0f1d87c042473d95a07f60955206e"><code>3fccd16</code></a>
Bump version: 2.2.1 → 2.3.0</li>
<li><a
href="https://github.com/hukkin/tomli/commit/65040163ea9b528b2d37a1bb5df886472c310930"><code>6504016</code></a>
Add 2.3.0 changelog</li>
<li><a
href="https://github.com/hukkin/tomli/commit/0bc66fcab1f766fe410ffeebfe9ec1ec646f1681"><code>0bc66fc</code></a>
Remove now off-by-default PyPy from cibuildwheel skip list</li>
<li><a
href="https://github.com/hukkin/tomli/commit/0aa242f3188f4b892e434f1b4d23818fcd978615"><code>0aa242f</code></a>
Update license metadata to appease PEP 639</li>
<li><a
href="https://github.com/hukkin/tomli/commit/a18221eb5c3f4592285f533d48e68432132bc37b"><code>a18221e</code></a>
Bump GitHub CI actions</li>
<li><a
href="https://github.com/hukkin/tomli/commit/6fa4d90aa9bb1693b327c72fd18a6c925d1dd5d7"><code>6fa4d90</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/hukkin/tomli/issues/260">#260</a>)</li>
<li><a
href="https://github.com/hukkin/tomli/commit/b974fa13a96503546e47a895ac123d5c8425bc9a"><code>b974fa1</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/hukkin/tomli/issues/248">#248</a>)</li>
<li><a
href="https://github.com/hukkin/tomli/commit/f574f366d40b2fa0672177f06df4d6dfc4188356"><code>f574f36</code></a>
Update mypy to 1.15 and use <code>--strict</code> mode (<a
href="https://redirect.github.com/hukkin/tomli/issues/257">#257</a>)</li>
<li><a
href="https://github.com/hukkin/tomli/commit/1da01ef78fee9f491f55feb5e2d9fcf24d4977f0"><code>1da01ef</code></a>
Reduce import time by removing <code>typing</code> import (<a
href="https://redirect.github.com/hukkin/tomli/issues/251">#251</a>)</li>
<li><a
href="https://github.com/hukkin/tomli/commit/41881885a360e9f6526badafc1c5b2eec4133393"><code>4188188</code></a>
Reduce import time by removing <code>string</code> and
<code>tomli._types</code> imports</li>
<li>Additional commits viewable in <a
href="https://github.com/hukkin/tomli/compare/2.2.1...2.3.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to CQCL/tket2
that referenced
this pull request
Oct 27, 2025
#1204) Bumps the minor group with 2 updates in the / directory: [graphviz](https://github.com/xflr6/graphviz) and [pip](https://github.com/pypa/pip). Updates `graphviz` from 0.20.3 to 0.21 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xflr6/graphviz/blob/master/CHANGES.rst">graphviz's changelog</a>.</em></p> <blockquote> <h2>Version 0.21</h2> <p>Drop Python 3.8 support (end of life 2024-10-07).</p> <p>Tag Python 3.13 support.</p> <p>Add support for <code>format='svg_inline'</code>, available since upstream Graphviz 10.0.1. Produces header-less SVG suitable for inlining into HTML (see <a href="https://www.graphviz.org/docs/outputs/svg/">https://www.graphviz.org/docs/outputs/svg/</a>).</p> <p>Switch project to <code>pyproject.toml</code> and build to <code>python -m build</code>) (<a href="https://build.pypa.io">https://build.pypa.io</a>). This changes the source distribution format from <code>.zip</code> to PEP 625 compliant <code>.tar.gz</code> (<a href="https://peps.python.org/pep-0625/">https://peps.python.org/pep-0625/</a>).</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xflr6/graphviz/commit/19b16bf915c49bcc073d2b0c8aa5fc3961e75b47"><code>19b16bf</code></a> release 0.21</li> <li><a href="https://github.com/xflr6/graphviz/commit/45da7c2e6dbac98f9dc868b8019f3c4f8596f097"><code>45da7c2</code></a> document removal of Python 3.8 support and tagging of Python 3.13 support</li> <li><a href="https://github.com/xflr6/graphviz/commit/2f3204acd3b12bc26cc0020b054fb306b3b1cf07"><code>2f3204a</code></a> docmument new <code>format='svg_inline'</code> and add test coverage</li> <li><a href="https://github.com/xflr6/graphviz/commit/fb70498c93d130b34463aa6dc16b60a3aaeb7b40"><code>fb70498</code></a> bump version for switch to pyproject.toml and <a href="https://build.pypa.io">https://build.pypa.io</a></li> <li><a href="https://github.com/xflr6/graphviz/commit/bff786f06160906d7842e8ac6b304ae5e3b7af51"><code>bff786f</code></a> Add <code>svg_inline</code> to formats.py</li> <li><a href="https://github.com/xflr6/graphviz/commit/421925a5774e3f56fdd015bf80578fc03dc2cb6a"><code>421925a</code></a> update build instructions for <a href="https://build.pypa.io">https://build.pypa.io</a></li> <li><a href="https://github.com/xflr6/graphviz/commit/77769e7ffc6629024e66fc6971d28ed581b1370f"><code>77769e7</code></a> actually make lint-code.py respect pyroject.toml configuration</li> <li><a href="https://github.com/xflr6/graphviz/commit/8a3a2b79cc6b7dfd32ff6fe50ba3fb5f8cd3400e"><code>8a3a2b7</code></a> make lint-code.py respect pyroject.toml configuration</li> <li><a href="https://github.com/xflr6/graphviz/commit/ac77cf0b0b881ba2e47ea6ac10720c08c56d4f97"><code>ac77cf0</code></a> fix coverage section name</li> <li><a href="https://github.com/xflr6/graphviz/commit/115ad3459f5ea2cf0afe7fd6f546c1afad3a1d66"><code>115ad34</code></a> replace setup.py, setup.cfg, and tox.ini with pyproject.toml</li> <li>Additional commits viewable in <a href="https://github.com/xflr6/graphviz/compare/0.20.3...0.21">compare view</a></li> </ul> </details> <br /> Updates `pip` from 25.2 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Co-authored-by: Luca Mondada <luca@mondada.net>
github-actions bot
pushed a commit
to aio-libs/aiohttp
that referenced
this pull request
Oct 27, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot
pushed a commit
to aio-libs/aiohttp
that referenced
this pull request
Oct 27, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
Oct 27, 2025
…test/generated-code (#4961) Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
Oct 27, 2025
…s/@jsii/python-runtime (#4963) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
mmoayyed
pushed a commit
to mmoayyed/cas
that referenced
this pull request
Oct 27, 2025
… the pip group across 1 directory Bumps the pip group with 1 update in the /etc/loadtests/locust directory: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[apereo#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mmoayyed/cas/network/alerts). </details>
apereocas-bot
pushed a commit
to apereo/cas
that referenced
this pull request
Oct 27, 2025
… the pip group across 1 directory Bumps the pip group with 1 update in the /etc/loadtests/locust directory: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apereo/cas/network/alerts). </details>
inmantaci
pushed a commit
to inmanta/inmanta-core
that referenced
this pull request
Oct 27, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
rokatyy
pushed a commit
to nuclio/nuclio
that referenced
this pull request
Oct 27, 2025
…/python/py/requirements in the pip group across 1 directory (#3865) Bumps the pip group with 1 update in the /pkg/processor/runtime/python/py/requirements directory: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nuclio/nuclio/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to MeltanoLabs/tap-pulumi-cloud
that referenced
this pull request
Oct 27, 2025
…286) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.2 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci
pushed a commit
to inmanta/inmanta-core
that referenced
this pull request
Oct 27, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/inmanta/inmanta-core/network/alerts). </details>
inmantaci
pushed a commit
to inmanta/inmanta-core
that referenced
this pull request
Oct 27, 2025
Bumps [pip](https://github.com/pypa/pip) from 25.2 to 25.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-merge-queue bot
pushed a commit
to google/sedpack
that referenced
this pull request
Oct 28, 2025
Bumps the pip group with 1 update in the / directory: [pip](https://github.com/pypa/pip). Updates `pip` from 25.2 to 25.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.3 (2025-10-24)</h1> <h2>Deprecations and Removals</h2> <ul> <li> <p>Remove support for the legacy <code>setup.py develop</code> editable method in setuptools editable installs; setuptools >= 64 is now required. (<code>[#11457](pypa/pip#11457) <https://github.com/pypa/pip/issues/11457></code>_)</p> </li> <li> <p>Remove the deprecated <code>--global-option</code> and <code>--build-option</code>. <code>--config-setting</code> is now the only way to pass options to the build backend. (<code>[#11859](pypa/pip#11859) <https://github.com/pypa/pip/issues/11859></code>_)</p> </li> <li> <p>Deprecate the <code>PIP_CONSTRAINT</code> environment variable for specifying build constraints.</p> <p>Use the <code>--build-constraint</code> option or the <code>PIP_BUILD_CONSTRAINT</code> environment variable instead. When build constraints are used, <code>PIP_CONSTRAINT</code> no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use <code>--use-feature=build-constraint</code>. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</p> </li> <li> <p>Remove support for non-standard legacy wheel filenames. (<code>[#13581](pypa/pip#13581) <https://github.com/pypa/pip/issues/13581></code>_)</p> </li> <li> <p>Remove support for the deprecated <code>setup.py bdist_wheel</code> mechanism. Consequently, <code>--use-pep517</code> is now always on, and <code>--no-use-pep517</code> has been removed. (<code>[#6334](pypa/pip#6334) <https://github.com/pypa/pip/issues/6334></code>_)</p> </li> </ul> <h2>Features</h2> <ul> <li>When :pep:<code>658</code> metadata is available, full distribution files are no longer downloaded when using <code>pip lock</code> or <code>pip install --dry-run</code>. (<code>[#12603](pypa/pip#12603) <https://github.com/pypa/pip/issues/12603></code>_)</li> <li>Add support for installing an editable requirement written as a Direct URL (<code>PackageName @ URL</code>). (<code>[#13495](pypa/pip#13495) <https://github.com/pypa/pip/issues/13495></code>_)</li> <li>Add support for build constraints via the <code>--build-constraint</code> option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. (<code>[#13534](pypa/pip#13534) <https://github.com/pypa/pip/issues/13534></code>_)</li> <li>On <code>ResolutionImpossible</code> errors, include a note about causes with no candidates. (<code>[#13588](pypa/pip#13588) <https://github.com/pypa/pip/issues/13588></code>_)</li> <li>Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. (<code>[#13473](pypa/pip#13473) <https://github.com/pypa/pip/issues/13473></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Handle malformed <code>Version</code> metadata entries and show a sensible error message instead of crashing. (<code>[#13443](pypa/pip#13443) <https://github.com/pypa/pip/issues/13443></code>_)</li> <li>Permit spaces between a filepath and extras in an install requirement. (<code>[#13523](pypa/pip#13523) <https://github.com/pypa/pip/issues/13523></code>_)</li> <li>Ensure the self-check files in the cache have the same permissions as the rest of the cache. (<code>[#13528](pypa/pip#13528) <https://github.com/pypa/pip/issues/13528></code>_)</li> <li>Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. (<code>[#13540](pypa/pip#13540) <https://github.com/pypa/pip/issues/13540></code>_)</li> <li>Include relevant user-supplied constraints in logs when reporting dependency conflicts. (<code>[#13545](pypa/pip#13545) <https://github.com/pypa/pip/issues/13545></code>_)</li> <li>Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. (<code>[#13548](pypa/pip#13548) <https://github.com/pypa/pip/issues/13548></code>_)</li> <li>For Python versions that do not support :pep:<code>706</code>, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. (<code>[#13550](pypa/pip#13550) <https://github.com/pypa/pip/issues/13550></code>_)</li> <li>Prevent <code>--user</code> installs if <code>site.ENABLE_USER_SITE</code> is set to <code>False</code>. (<code>[#8794](pypa/pip#8794) <https://github.com/pypa/pip/issues/8794></code>_)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35"><code>a520693</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f"><code>0f2973e</code></a> Fix up authors by adding entry to <code>.mailmap</code></li> <li><a href="https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8"><code>87828dc</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453"><code>ce6a38c</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13628">#13628</a> from sbidoul/imp-doc-pep517-sbi</li> <li><a href="https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e"><code>ee16c81</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13629">#13629</a> from notatallshaw/bump-gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2"><code>3e227aa</code></a> Bump gone_in="25.3"</li> <li><a href="https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b"><code>4ad1828</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13495">#13495</a> from ichard26/feat/direct-editables</li> <li><a href="https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf"><code>66ded3b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13570">#13570</a> from ShubhamNagure/fix-constraint-reporting-13545</li> <li><a href="https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9"><code>67e8ac2</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13588">#13588</a> from notatallshaw/hint-on-resolution-impossible-whe...</li> <li><a href="https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c"><code>990ca8a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/8796">#8796</a> from pelson/honour_user_site</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.2...25.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/sedpack/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is crucial for the deprecation of non-bare egg URL fragments as they used to be the sole way to request an extra for a VCS editable install.
I've also removed all references to egg fragments from the user docs and added further explanation of the Direct URL form in the VCS support topic.
Getting the error handling right was a pain. That's why I extracted the two parsing flows into their own functions.
Towards #13157.
Towards #1289.
Supersedes #9471.