Sourced from pip's changelog.
23.3 (2023-10-15)
Process
- Added reference to
vulnerability reporting guidelines <https://www.python.org/dev/security/>
_ to pip's security policy.Deprecations and Removals
- Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. (
[#12175](https://github.com/pypa/pip/issues/12175) <https://github.com/pypa/pip/issues/12175>
_)Features
- Improve extras resolution for multiple constraints on same base package. (
[#11924](https://github.com/pypa/pip/issues/11924) <https://github.com/pypa/pip/issues/11924>
_)- Improve use of datastructures to make candidate selection 1.6x faster. (
[#12204](https://github.com/pypa/pip/issues/12204) <https://github.com/pypa/pip/issues/12204>
_)- Allow
pip install --dry-run
to use platform and ABI overriding options. ([#12215](https://github.com/pypa/pip/issues/12215) <https://github.com/pypa/pip/issues/12215>
_)- Add
is_yanked
boolean entry to the installation report (--report
) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to :pep:592
. ([#12224](https://github.com/pypa/pip/issues/12224) <https://github.com/pypa/pip/issues/12224>
_)Bug Fixes
- Ignore errors in temporary directory cleanup (show a warning instead). (
[#11394](https://github.com/pypa/pip/issues/11394) <https://github.com/pypa/pip/issues/11394>
_)- Normalize extras according to :pep:
685
from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this does not solve cases where the package itself contains unnormalized extra values in the metadata. ([#11649](https://github.com/pypa/pip/issues/11649) <https://github.com/pypa/pip/issues/11649>
_)- Prevent downloading sdists twice when :pep:
658
metadata is present. ([#11847](https://github.com/pypa/pip/issues/11847) <https://github.com/pypa/pip/issues/11847>
_)- Include all requested extras in the install report (
--report
). ([#11924](https://github.com/pypa/pip/issues/11924) <https://github.com/pypa/pip/issues/11924>
_)- Removed uses of
datetime.datetime.utcnow
from non-vendored code. ([#12005](https://github.com/pypa/pip/issues/12005) <https://github.com/pypa/pip/issues/12005>
_)- Consistently report whether a dependency comes from an extra. (
[#12095](https://github.com/pypa/pip/issues/12095) <https://github.com/pypa/pip/issues/12095>
_)- Fix completion script for zsh (
[#12166](https://github.com/pypa/pip/issues/12166) <https://github.com/pypa/pip/issues/12166>
_)- Fix improper handling of the new onexc argument of
shutil.rmtree()
in Python 3.12. ([#12187](https://github.com/pypa/pip/issues/12187) <https://github.com/pypa/pip/issues/12187>
_)- Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. (
[#12225](https://github.com/pypa/pip/issues/12225) <https://github.com/pypa/pip/issues/12225>
_)- Fix crash when the git version number contains something else than digits and dots. (
[#12280](https://github.com/pypa/pip/issues/12280) <https://github.com/pypa/pip/issues/12280>
_)- Use
-r=...
instead of-r ...
to specify references with Mercurial. ([#12306](https://github.com/pypa/pip/issues/12306) <https://github.com/pypa/pip/issues/12306>
_)- Redact password from URLs in some additional places. (
[#12350](https://github.com/pypa/pip/issues/12350) <https://github.com/pypa/pip/issues/12350>
_)- pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). (
[#2984](https://github.com/pypa/pip/issues/2984) <https://github.com/pypa/pip/issues/2984>
_)Vendored Libraries
- Upgrade certifi to 2023.7.22
- Add truststore 0.8.0
- Upgrade urllib3 to 1.26.17
Improved Documentation
... (truncated)
e3dc91d
Bump for release3e85558
Update AUTHORS.txt8d02787
Reclassify news fragmentf6ecf40
Merge pull request #12350 from
sbidoul/readact-collecting-url3060865
Merge pull request #12335 from
edmorley/patch-18f0ed32
Redact URLs in Collecting... logsd1659b8
Correct issue number for NEWS entry added by #121972333ef3
Upgrade urllib3 to 1.26.17 (#12343)496b268
Update "Running Tests" documentation (#12334)d1f0981
Merge pull request #12331 from
sbidoul/update-egg-deprecation-message