java-iban icon indicating copy to clipboard operation
java-iban copied to clipboard
verified publisher icon barend

Bump pip from 25.0.1 to 25.1.1

Open dependabot[bot] opened this issue 9 months ago • 0 comments

Bumps pip from 25.0.1 to 25.1.1.

Changelog

Sourced from pip's changelog.

25.1.1 (2025-05-02)

Bug Fixes

  • Fix req.source_dir AssertionError when using the legacy resolver. ([#13353](https://github.com/pypa/pip/issues/13353) <https://github.com/pypa/pip/issues/13353>_)
  • Fix crash on Python 3.9.6 and lower when pip failed to compile a Python module during installation. ([#13364](https://github.com/pypa/pip/issues/13364) <https://github.com/pypa/pip/issues/13364>_)
  • Names in dependency group includes are now normalized before lookup, which fixes incorrect Dependency group '...' not found errors. ([#13372](https://github.com/pypa/pip/issues/13372) <https://github.com/pypa/pip/issues/13372>_)

Vendored Libraries

  • Fix issues with using tomllib from the stdlib if available, rather than tomli
  • Upgrade dependency-groups to 1.3.1

25.1 (2025-04-26)

Deprecations and Removals

  • Drop support for Python 3.8. ([#12989](https://github.com/pypa/pip/issues/12989) <https://github.com/pypa/pip/issues/12989>_)
  • On python 3.14+, the pkg_resources metadata backend cannot be used anymore. ([#13010](https://github.com/pypa/pip/issues/13010) <https://github.com/pypa/pip/issues/13010>_)
  • Hide --no-python-version-warning from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. ([#13303](https://github.com/pypa/pip/issues/13303) <https://github.com/pypa/pip/issues/13303>_)
  • A warning is emitted when the deprecated pkg_resources library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default importlib.metadata backend. ([#13318](https://github.com/pypa/pip/issues/13318) <https://github.com/pypa/pip/issues/13318>_)
  • Deprecate the legacy setup.py bdist_wheel mechanism. To silence the warning, and future-proof their setup, users should enable --use-pep517 or add a pyproject.toml file to the projects they control. ([#13319](https://github.com/pypa/pip/issues/13319) <https://github.com/pypa/pip/issues/13319>_)

Features

  • Suggest checking "pip config debug" in case of an InvalidProxyURL error. ([#12649](https://github.com/pypa/pip/issues/12649) <https://github.com/pypa/pip/issues/12649>_)
  • Using --debug also enables verbose logging. ([#12710](https://github.com/pypa/pip/issues/12710) <https://github.com/pypa/pip/issues/12710>_)
  • Display a transient progress bar during package installation. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)
  • Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. ([#12873](https://github.com/pypa/pip/issues/12873) <https://github.com/pypa/pip/issues/12873>_)
  • Add a --group option which allows installation from :pep:735 Dependency Groups. --group accepts arguments of the form group or path:group, where the default path is pyproject.toml, and installs

... (truncated)

Commits
  • 01857ef Bump for release
  • 08d8bb9 Merge pull request #13374 from pfmoore/fixups
  • 2bff84e Merge pull request #13363 from sbidoul/fix-source_dir-assert
  • 644e71d News file fixups
  • 426856f Merge pull request #13364 from ichard26/bugfix/python39
  • b7e3aea Merge pull request #13356 from eli-schwartz/tomllib
  • 8c678fe Merge pull request #13373 from sirosen/update-vendored-dependency-groups
  • 7d00639 Update newsfiles for dependency-groups patch
  • 6d28bbf Update version of dependency-groups to v1.3.1
  • 94bd66d Revert StreamWrapper removal to restore Python 3.9.{0,6} compat
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 05 '25 15:05 dependabot[bot]