Deprecate and remove `--no-python-version-warning` as Python 2 is dead #13154

ichard26 · 2025-01-12T05:11:30Z

The Python 2 days are behind us, thus we can kill off the --no-python-version-warning flag which disabled the "Python 2 is sunsetting support" warnings :)

If you're using this flag, you can simply stop. It does nothing today.

The text was updated successfully, but these errors were encountered:

jsirois · 2025-01-26T16:36:44Z

FWIW the help text says nothing at all about Python 2 and suggests the option is useful today to - for example - warn that Python 3.8 support is going away:

pip/src/pip/_internal/cli/cmdoptions.py

Lines 987 to 994 in 0d609f7

    
           no_python_version_warning: Callable[..., Option] = partial( 
        
               Option, 
        
               "--no-python-version-warning", 
        
               dest="no_python_version_warning", 
        
               action="store_true", 
        
               default=False, 
        
               help="Silence deprecation warnings for upcoming unsupported Pythons.", 
        
           )

ichard26 · 2025-01-26T17:46:51Z

Yeah.. we've never done that other than for the Python 2 sunset. We could start warning, but seems unnecessary, especially as we're more on the conservative side when it comes to dropping Python versions. Once we drop a Python version, it probably has fallen out of major use (and the folks still using it can't be using the latest and greatest for other parts of the ecosystem already).

#172) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Discussion: pypa/pip#13154

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Discussion: pypa/pip#13154

…s/@jsii/python-runtime (#4752) Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3...25.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…k/test/generated-code (#4753) Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

#225) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…573) Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [tox](https://github.com/tox-dev/tox). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> Updates `tox` from 4.23.2 to 4.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.24.1</h2>  <h2>What's Changed</h2> <ul> <li>Adds ability to configure stderr output color by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p> <h2>4.24.0</h2>  <h2>What's Changed</h2> <ul> <li>fix docs config typo by <a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li>Allow users to disable use of pre-commit-uv by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li> <li>Pass nix-ld related variables by default in pass_env (fixes <a href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by <a href="https://github.com/albertodonato"><code>@albertodonato</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li>Improve testenv docs consistency by <a href="https://github.com/thatch"><code>@thatch</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li>Display exception name when subprocesses raise them by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li> <li>Fix the CI after setuptools 75.6 change by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li> <li>Update pre-commit hooks with mypy fix by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li> <li>Fix a typo in a code block in the User Guide by <a href="https://github.com/bryant1410"><code>@bryant1410</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li>Update pre-commit hooks by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li> <li>💅 Make SVG image compatible with Firefox by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li> <li>feat: adding a json schema command by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li><a href="https://github.com/albertodonato"><code>@albertodonato</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li><a href="https://github.com/thatch"><code>@thatch</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li><a href="https://github.com/bryant1410"><code>@bryant1410</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.24.1 (2025-01-21)</h2> <p>Misc - 4.24.1</p> <pre><code>- :issue:`3426` <h2>v4.24.0 (2025-01-21)</h2> <p>Features - 4.24.0 </code></pre></p> <ul> <li> <p>Add a <code>schema</code> command to produce a JSON Schema for tox and the current plugins.</p> <ul> <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li> </ul> </li> </ul> <p>Bugfixes - 4.24.0</p> <pre><code>- Log exception name when subprocess execution produces one. <ul> <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li> </ul> <p>Improved Documentation - 4.24.0 </code></pre></p> <ul> <li> <p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to <code>{:}</code>.</p> <ul> <li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li> </ul> </li> <li> <p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code> variables by default in <code>pass_env</code> to make generic binaries work under Nix/NixOS.</p> <ul> <li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a> release 4.24.1</li> <li><a href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a> Adds ability to configure stderr output color (<a href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a> release 4.24.0</li> <li><a href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a> feat: adding a json schema command (<a href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a> 💅 Make SVG image compatible with Firefox (<a href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a> Bump astral-sh/setup-uv from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a> Update pre-commit hooks (<a href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a> Fix a typo in a code block in the User Guide (<a href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a> Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the ci group in /.github/workflows with 2 updates: [pip](https://github.com/pypa/pip) and [tox](https://github.com/tox-dev/tox). Updates `pip` from 24.3.1 to 25.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> Updates `tox` from 4.23.2 to 4.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/releases">tox's releases</a>.</em></p> <blockquote> <h2>4.24.1</h2>  <h2>What's Changed</h2> <ul> <li>Adds ability to configure stderr output color by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p> <h2>4.24.0</h2>  <h2>What's Changed</h2> <ul> <li>fix docs config typo by <a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li>Allow users to disable use of pre-commit-uv by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li> <li>Pass nix-ld related variables by default in pass_env (fixes <a href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by <a href="https://github.com/albertodonato"><code>@albertodonato</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li>Improve testenv docs consistency by <a href="https://github.com/thatch"><code>@thatch</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li>Display exception name when subprocesses raise them by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li> <li>Fix the CI after setuptools 75.6 change by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li> <li>Update pre-commit hooks with mypy fix by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li> <li>Fix a typo in a code block in the User Guide by <a href="https://github.com/bryant1410"><code>@bryant1410</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li>Update pre-commit hooks by <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li> <li>💅 Make SVG image compatible with Firefox by <a href="https://github.com/webknjaz"><code>@webknjaz</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li> <li>feat: adding a json schema command by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wooshaun53"><code>@wooshaun53</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li> <li><a href="https://github.com/albertodonato"><code>@albertodonato</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li> <li><a href="https://github.com/thatch"><code>@thatch</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li> <li><a href="https://github.com/bryant1410"><code>@bryant1410</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li> <li><a href="https://github.com/henryiii"><code>@henryiii</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's changelog</a>.</em></p> <blockquote> <h2>v4.24.1 (2025-01-21)</h2> <p>Misc - 4.24.1</p> <pre><code>- :issue:`3426` <h2>v4.24.0 (2025-01-21)</h2> <p>Features - 4.24.0 </code></pre></p> <ul> <li> <p>Add a <code>schema</code> command to produce a JSON Schema for tox and the current plugins.</p> <ul> <li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li> </ul> </li> </ul> <p>Bugfixes - 4.24.0</p> <pre><code>- Log exception name when subprocess execution produces one. <ul> <li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li> </ul> <p>Improved Documentation - 4.24.0 </code></pre></p> <ul> <li> <p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to <code>{:}</code>.</p> <ul> <li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li> </ul> </li> <li> <p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code> variables by default in <code>pass_env</code> to make generic binaries work under Nix/NixOS.</p> <ul> <li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a> release 4.24.1</li> <li><a href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a> Adds ability to configure stderr output color (<a href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a> release 4.24.0</li> <li><a href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a> feat: adding a json schema command (<a href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a> 💅 Make SVG image compatible with Firefox (<a href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a> Bump astral-sh/setup-uv from 4 to 5 (<a href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a> Update pre-commit hooks (<a href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a> Fix a typo in a code block in the User Guide (<a href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li> <li><a href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a> Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.0 (2025-01-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) <https://github.com/pypa/pip/issues/13154></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) <https://github.com/pypa/pip/issues/13112></code>_)</li> <li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON output. <code>pip inspect</code> and <code>pip install --report</code> now emit <code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object, if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) <https://github.com/pypa/pip/issues/13134></code>_)</li> <li>Files in the network cache will inherit the read/write permissions of pip's cache directory (in addition to the current user retaining read/write access). This enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) <https://github.com/pypa/pip/issues/11012></code>_)</li> <li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) <https://github.com/pypa/pip/issues/12176></code>_)</li> <li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) <https://github.com/pypa/pip/issues/13128></code>_)</li> <li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) <https://github.com/pypa/pip/issues/13132></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Reorder the encoding detection when decoding a requirements file, relying on UTF-8 over the locale encoding by default, matching the documented behaviour. (<code>[#12771](pypa/pip#12771) <https://github.com/pypa/pip/issues/12771></code>_)</li> <li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) <https://github.com/pypa/pip/issues/11820></code>_)</li> <li>Fix a security bug allowing a specially crafted wheel to execute code during installation. (<code>[#13079](pypa/pip#13079) <https://github.com/pypa/pip/issues/13079></code>_)</li> <li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code><</code> and <code>></code> behave. Including a pre-release version with these specifiers now implies accepting pre-releases (e.g., <code><2.0dev</code> can include <code>1.0rc1</code>). To avoid implying pre-releases, avoid specifying them (e.g., use <code><2.0</code>). The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) <https://github.com/pypa/pip/issues/13163></code>_)</li> <li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code> environment variable is no longer used. (<code>[#5502](pypa/pip#5502) <https://github.com/pypa/pip/issues/5502></code>_)</li> <li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) <https://github.com/pypa/pip/issues/6018></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade CacheControl to 0.14.1</li> <li>Upgrade idna to 3.10</li> <li>Upgrade msgpack to 1.1.0</li> <li>Upgrade packaging to 24.2</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li> <li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li> <li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li> <li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li> <li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li> <li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li> <li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li> <li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ichard26 added the type: deprecation Related to deprecation / removal. label Jan 12, 2025

ichard26 mentioned this issue Jan 12, 2025

Deprecate Python 2 relic --no-python-version-warning #13155

Merged

ichard26 added this to the 25.1 milestone Jan 12, 2025

ichard26 mentioned this issue Jan 26, 2025

Remove --no-python-version-warning as Python 2 is dead #13180

Open

frenzymadness added a commit to sclorg/s2i-python-container that referenced this issue Jan 27, 2025

Remove deprecated --no-python-version-warning option from pip

b778f44

Discussion: pypa/pip#13154

frenzymadness mentioned this issue Jan 27, 2025

Remove deprecated --no-python-version-warning option from pip sclorg/s2i-python-container#729

Merged

frenzymadness added a commit to sclorg/s2i-python-container that referenced this issue Jan 27, 2025

Remove deprecated --no-python-version-warning option from pip

cc1e973

Discussion: pypa/pip#13154

This was referenced Jan 27, 2025

Remove deprecated pip flag --no-python-version-warning equinor/komodoenv#94

Merged

Remove deprecated pip flag equinor/komodo#527

Merged

vasudev-gm mentioned this issue Jan 27, 2025

Bump pip from 24.3.1 to 25.0 vasudev-gm/django_ninja_tutorial#112

Merged

Hind-M mentioned this issue Jan 27, 2025

Fix test failure due to deprecation warning mamba-org/mamba#3770

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deprecate and remove `--no-python-version-warning` as Python 2 is dead #13154

Deprecate and remove `--no-python-version-warning` as Python 2 is dead #13154

ichard26 commented Jan 12, 2025

jsirois commented Jan 26, 2025

ichard26 commented Jan 26, 2025

Deprecate and remove --no-python-version-warning as Python 2 is dead #13154

Deprecate and remove --no-python-version-warning as Python 2 is dead #13154

Comments

ichard26 commented Jan 12, 2025

jsirois commented Jan 26, 2025

ichard26 commented Jan 26, 2025

Deprecate and remove `--no-python-version-warning` as Python 2 is dead #13154

Deprecate and remove `--no-python-version-warning` as Python 2 is dead #13154