Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate legacy versions and version specifiers #12063

Closed
sbidoul opened this issue May 31, 2023 · 98 comments · Fixed by #12300
Closed

Deprecate legacy versions and version specifiers #12063

sbidoul opened this issue May 31, 2023 · 98 comments · Fixed by #12300
Labels
type: deprecation Related to deprecation / removal.
Milestone

Comments

@sbidoul
Copy link
Member

sbidoul commented May 31, 2023

Towards #11715

What is changing

pip has historically allowed many arbitrary strings as versions and version specifiers. Going forward, all versions and version specifiers will need to conform to https://packaging.python.org/en/latest/specifications/version-specifiers/ (based on PEP 440).

Quoting pypa/packaging#530:

>>> packaging.version.parse("This is a completely random string")
<LegacyVersion('This is a completely random string')>
>>> packaging.version.parse("This is a completely random string")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "[...]/.venv/lib/python3.10/site-packages/packaging/version.py", line 52, in parse
    return Version(version)
  File "[...]/.venv/lib/python3.10/site-packages/packaging/version.py", line 197, in __init__
    raise InvalidVersion(f"Invalid version: '{version}'")
packaging.version.InvalidVersion: Invalid version: 'This is a completely random string'

This "feature" has been deprecated (pypa/packaging#321) for nearly two years now.

PyPI has not permitted uploading packages with invalid versions for even more years.

There are more details about this change in the aforementioned issue.

What you can do

Please do not comment on this issue with the message you're seeing.

x-ref https://pradyunsg.me/blog/2024/05/13/pip-24-1-betas/

If you reached this issue from the pip deprecation warning and lack information to know where the non-conforming string was used, please re-run your pip command with -v or -vv to show more detailed logs which will help in locating the problem.

If you are the user of a package that is causing pip to present this warning, reach out to the authors of the package. The message starts as DEPRECATION: [package name here] [version number here] has a non-standard [...].

If you are the author of the relevant package, please update your package version and dependency specifiers to use a compliant syntax. You can check those using packaging.version.parse("1.0") and packaging.requirements.Requirement("dependency >= 1.0") with the latest packaging release.

@wescorp

This comment was marked as off-topic.

@pfmoore
Copy link
Member

pfmoore commented Jul 16, 2023

DEPRECATION: torchsde 0.2.5 has a non-standard dependency specifier

See #12146 - please report to torchsde

Edit: Looks like it's been reported as google-research/torchsde#131

@uranusjr uranusjr closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@uranusjr uranusjr added the resolution: wrong project Should be reported elsewhere label Jul 17, 2023
@uranusjr uranusjr reopened this Jul 17, 2023
@uranusjr uranusjr removed the resolution: wrong project Should be reported elsewhere label Jul 17, 2023
@uranusjr
Copy link
Member

Sorry, working on the wrong tab

ErikBavenstrand added a commit to klarna-incubator/mleko that referenced this issue Jul 17, 2023
Bumps [pip](https://github.com/pypa/pip) from 22.3.1 to 23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new
<code>importlib.metadata</code> backend is used to load distribution
metadata. This only affects the egg <em>distribution format</em> (with
the <code>.egg</code> extension); distributions using the
<code>.egg-info</code> <em>metadata format</em> (but are not actually
eggs) are not affected. For more information about eggs, see
<code>relevant section in the setuptools documentation
&lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform
to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_
(<code>[#12063](pypa/pip#12063)
&lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>,
<code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code>
if you wish to
exclude any of these packages.
(<code>[#4256](pypa/pip#4256)
&lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the
user can make the difference.
(<code>[#12040](pypa/pip#12040)
&lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>.
(<code>[#11417](pypa/pip#11417)
&lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present
(<code>[#11847](pypa/pip#11847)
&lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration
(<code>[#11920](pypa/pip#11920)
&lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
(<code>[#11957](pypa/pip#11957)
&lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the
cache of locally built wheels.
(<code>[#11985](pypa/pip#11985)
&lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using
non-canonicalized names
(<code>[#12038](pypa/pip#12038)
&lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from
JSON-format index data.
(<code>[#12042](pypa/pip#12042)
&lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified
after the subcommand name.
(<code>[#12067](pypa/pip#12067)
&lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default
way for pip to read metadata in Python 3.11+) and there is a large
overlap between already installed and to-be-installed packages.
(<code>[#12079](pypa/pip#12079)
&lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a
revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users
that do not have control on
VCS URLs passed to pip are advised to upgrade.
(<code>[#12119](pypa/pip#12119)
&lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/11417">#11417</a> from
Freed-Wu/fix-zsh</li>
<li><a
href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12137">#12137</a> from
groodt/groodt-fix-deprecation-warning</li>
<li><a
href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12140">#12140</a> from
uranusjr/ensure-preparation-for-dist</li>
<li><a
href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a>
Ensure requirements are prepared before get_dist()</li>
<li><a
href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a>
Add news entry</li>
<li><a
href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a>
Add news entry</li>
<li><a
href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a>
Make black formatter happy</li>
<li><a
href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a>
Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/22.3.1...23.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.3.1&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 17, 2023
…s/@jsii/python-runtime (#4182)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation &lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_ (<code>[#12063](pypa/pip#12063) &lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code> if you wish to
exclude any of these packages. (<code>[#4256](pypa/pip#4256) &lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) &lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) &lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) &lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) &lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) &lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) &lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) &lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) &lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) &lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) &lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on
VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) &lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li>
<li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li>
<li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li>
<li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li>
<li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li>
<li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1...23.2">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 17, 2023
…k/test/generated-code (#4183)

Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation &lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_ (<code>[#12063](pypa/pip#12063) &lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code> if you wish to
exclude any of these packages. (<code>[#4256](pypa/pip#4256) &lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) &lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) &lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) &lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) &lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) &lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) &lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) &lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) &lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) &lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) &lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on
VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) &lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li>
<li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li>
<li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li>
<li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li>
<li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li>
<li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 17, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation &lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_ (<code>[#12063](pypa/pip#12063) &lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code> if you wish to
exclude any of these packages. (<code>[#4256](pypa/pip#4256) &lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) &lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) &lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) &lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) &lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) &lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) &lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) &lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) &lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) &lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) &lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on
VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) &lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li>
<li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li>
<li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li>
<li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li>
<li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li>
<li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 17, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new <code>importlib.metadata</code> backend is used to load distribution metadata. This only affects the egg <em>distribution format</em> (with the <code>.egg</code> extension); distributions using the <code>.egg-info</code> <em>metadata format</em> (but are not actually eggs) are not affected. For more information about eggs, see <code>relevant section in the setuptools documentation &lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_ (<code>[#12063](pypa/pip#12063) &lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>, <code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code> if you wish to
exclude any of these packages. (<code>[#4256](pypa/pip#4256) &lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the user can make the difference. (<code>[#12040](pypa/pip#12040) &lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>. (<code>[#11417](pypa/pip#11417) &lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present (<code>[#11847](pypa/pip#11847) &lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration (<code>[#11920](pypa/pip#11920) &lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree (<code>[#11957](pypa/pip#11957) &lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the cache of locally built wheels. (<code>[#11985](pypa/pip#11985) &lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using non-canonicalized names (<code>[#12038](pypa/pip#12038) &lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from JSON-format index data. (<code>[#12042](pypa/pip#12042) &lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified after the subcommand name. (<code>[#12067](pypa/pip#12067) &lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default way for pip to read metadata in Python 3.11+) and there is a large overlap between already installed and to-be-installed packages. (<code>[#12079](pypa/pip#12079) &lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users that do not have control on
VCS URLs passed to pip are advised to upgrade. (<code>[#12119](pypa/pip#12119) &lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11417">#11417</a> from Freed-Wu/fix-zsh</li>
<li><a href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12137">#12137</a> from groodt/groodt-fix-deprecation-warning</li>
<li><a href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12140">#12140</a> from uranusjr/ensure-preparation-for-dist</li>
<li><a href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a> Ensure requirements are prepared before get_dist()</li>
<li><a href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a> Add news entry</li>
<li><a href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a> Make black formatter happy</li>
<li><a href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a> Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@asanka550-HACKER

This comment was marked as off-topic.

@asanka550-HACKER

This comment was marked as off-topic.

openfinch added a commit to boopmail/python-jmap that referenced this issue Jul 20, 2023
Bumps [pip](https://github.com/pypa/pip) from 23.1.2 to 23.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.2 (2023-07-15)</h1>
<h2>Process</h2>
<ul>
<li>Deprecate support for eggs for Python 3.11 or later, when the new
<code>importlib.metadata</code> backend is used to load distribution
metadata. This only affects the egg <em>distribution format</em> (with
the <code>.egg</code> extension); distributions using the
<code>.egg-info</code> <em>metadata format</em> (but are not actually
eggs) are not affected. For more information about eggs, see
<code>relevant section in the setuptools documentation
&lt;https://setuptools.pypa.io/en/stable/deprecated/python_eggs.html&gt;</code>__.</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate legacy version and version specifiers that don't conform
to <code>PEP 440 &lt;https://peps.python.org/pep-0440/&gt;</code>_
(<code>[#12063](pypa/pip#12063)
&lt;https://github.com/pypa/pip/issues/12063&gt;</code>_)</li>
<li><code>freeze</code> no longer excludes the <code>setuptools</code>,
<code>distribute</code>, and <code>wheel</code>
from the output when running on Python 3.12 or later, where they are not
included in a virtual environment by default. Use <code>--exclude</code>
if you wish to
exclude any of these packages.
(<code>[#4256](pypa/pip#4256)
&lt;https://github.com/pypa/pip/issues/4256&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>make rejection messages slightly different between 1 and 8, so the
user can make the difference.
(<code>[#12040](pypa/pip#12040)
&lt;https://github.com/pypa/pip/issues/12040&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>pip completion --zsh</code>.
(<code>[#11417](pypa/pip#11417)
&lt;https://github.com/pypa/pip/issues/11417&gt;</code>_)</li>
<li>Prevent downloading files twice when PEP 658 metadata is present
(<code>[#11847](pypa/pip#11847)
&lt;https://github.com/pypa/pip/issues/11847&gt;</code>_)</li>
<li>Add permission check before configuration
(<code>[#11920](pypa/pip#11920)
&lt;https://github.com/pypa/pip/issues/11920&gt;</code>_)</li>
<li>Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree
(<code>[#11957](pypa/pip#11957)
&lt;https://github.com/pypa/pip/issues/11957&gt;</code>_)</li>
<li>Ignore invalid or unreadable <code>origin.json</code> files in the
cache of locally built wheels.
(<code>[#11985](pypa/pip#11985)
&lt;https://github.com/pypa/pip/issues/11985&gt;</code>_)</li>
<li>Fix installation of packages with PEP658 metadata using
non-canonicalized names
(<code>[#12038](pypa/pip#12038)
&lt;https://github.com/pypa/pip/issues/12038&gt;</code>_)</li>
<li>Correctly parse <code>dist-info-metadata</code> values from
JSON-format index data.
(<code>[#12042](pypa/pip#12042)
&lt;https://github.com/pypa/pip/issues/12042&gt;</code>_)</li>
<li>Fail with an error if the <code>--python</code> option is specified
after the subcommand name.
(<code>[#12067](pypa/pip#12067)
&lt;https://github.com/pypa/pip/issues/12067&gt;</code>_)</li>
<li>Fix slowness when using <code>importlib.metadata</code> (the default
way for pip to read metadata in Python 3.11+) and there is a large
overlap between already installed and to-be-installed packages.
(<code>[#12079](pypa/pip#12079)
&lt;https://github.com/pypa/pip/issues/12079&gt;</code>_)</li>
<li>Pass the <code>-r</code> flag to mercurial to be explicit that a
revision is passed and protect
against <code>hg</code> options injection as part of VCS URLs. Users
that do not have control on
VCS URLs passed to pip are advised to upgrade.
(<code>[#12119](pypa/pip#12119)
&lt;https://github.com/pypa/pip/issues/12119&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2023.5.7</li>
<li>Upgrade platformdirs to 3.8.1</li>
<li>Upgrade pygments to 2.15.1</li>
<li>Upgrade pyparsing to 3.1.0</li>
<li>Upgrade Requests to 2.31.0</li>
<li>Upgrade rich to 13.4.2</li>
<li>Upgrade setuptools to 68.0.0</li>
<li>Updated typing_extensions to 4.6.0</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/a3c2c43c5309ff219674b1d73a6dbf491a727a5e"><code>a3c2c43</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ae23f967efedf33e3da148612657064b3b5a0695"><code>ae23f96</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/324dd444956283661dce0dc282cbdaad0405d921"><code>324dd44</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/11417">#11417</a> from
Freed-Wu/fix-zsh</li>
<li><a
href="https://github.com/pypa/pip/commit/e53cf3d32dd0a41ecc66205d7360c90e59030fd0"><code>e53cf3d</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12137">#12137</a> from
groodt/groodt-fix-deprecation-warning</li>
<li><a
href="https://github.com/pypa/pip/commit/38a8fb1f601c782eef0988290f11aa2a4dfc3c69"><code>38a8fb1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12140">#12140</a> from
uranusjr/ensure-preparation-for-dist</li>
<li><a
href="https://github.com/pypa/pip/commit/0cabefbce800b6bde91f869e83dc48bd0ea4aa64"><code>0cabefb</code></a>
Ensure requirements are prepared before get_dist()</li>
<li><a
href="https://github.com/pypa/pip/commit/2c4947d51a002cd0ba4b01ec7682d86f297e6d37"><code>2c4947d</code></a>
Add news entry</li>
<li><a
href="https://github.com/pypa/pip/commit/41506d7bbf25009f0de06218744082ca4299f666"><code>41506d7</code></a>
Add news entry</li>
<li><a
href="https://github.com/pypa/pip/commit/9b47bc0fea396caf0cc6a89a404c039c6a44ac40"><code>9b47bc0</code></a>
Make black formatter happy</li>
<li><a
href="https://github.com/pypa/pip/commit/25f4e6eabf8fb8f10ea10e4bd9c542ed30cbba5e"><code>25f4e6e</code></a>
Fix deprecation warnings in Python 3.12 for usage of shutil.rmtree</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.1.2...23.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.1.2&new-version=23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
@sbidoul
Copy link
Member Author

sbidoul commented Jul 20, 2023

@asanka550-HACKER please reach out to the masonite project to ask them to fix their dependency specifiers.

@eslerm

This comment was marked as resolved.

@FrostyNick

This comment was marked as resolved.

@tfpf
Copy link

tfpf commented Jul 21, 2023

Along with python-debian, the warning message is shown for gpg, too. On my system, updating it required the installation of some additional packages. Documenting here for anyone who comes by.

sudo apt install libgpgme-dev swig
pip install --upgrade gpg

@evizcaino123

This comment was marked as resolved.

@pradyunsg

This comment was marked as resolved.

@pradyunsg
Copy link
Member

@tfpf @eslerm @FrostyNick

python-debian

See https://bugs.launchpad.net/ubuntu/+source/distro-info/+bug/1991606 which tracks the Ubuntu-side work on this issue.

@eslerm

This comment was marked as resolved.

@705284036 705284036 mentioned this issue Jul 23, 2023
1 task
@pradyunsg
Copy link
Member

pradyunsg commented Jul 23, 2023

Will you make this feautre opt-out?

No.

Is PEP 440 meant to override the version numbering schema of all downstreams?

No. Downstream tooling (eg: apt, yum) can use whatever versioning scheme they wish to use. The METADATA for the Python packages needs to be compliant with PEP 440 though -- it's similar to how Debian/Ubuntu can't set arbitrary version strings for npm packages or Rust crates they use, those need to comply with SemVer.

SoulNight pushed a commit to SoulNight/WikipediaGame that referenced this issue Apr 15, 2024
# Aider chat conversation:

USER: tell me sth about this project

ASSISTANT: Based on the files and code snippets you've shared, this project appears to be a web application that includes both a client-side and a server-side component.

The client-side, written in JavaScript, is responsible for the user interface. It includes an HTML file for structure, a CSS file for styling, and JavaScript files for functionality.

The server-side, written in Python, includes a Flask application that handles HTTP requests and responses. It has routes for finding a path and streaming logs. There's also a crawler.py file, which suggests that this application might be involved in web crawling or scraping. The crawler.py file includes functions for getting links and finding a path, and a custom exception class.

The server also includes a rate limiter, which is used to control the rate of requests to the server to prevent abuse or overload.

The .gitignore file suggests that this project is under version control with Git. The .vscode directory suggests that the Visual Studio Code editor is being used for this project.

The LICENSE and README.md files are standard in many projects. The LICENSE file would contain information about how the project can be used by others, and the README.md file would typically contain information about the project, such as what it does and how to install and use it.

Please note that this is a high-level overview based on the information provided. For a more detailed understanding, I would need to see more of the code and documentation.

USER: I added these *read-write* files: README.md, .gitignore, LICENSE, server/crawler.py

USER: drop `LICENSE`

USER: drop `.gitignore`

USER: I added these *read-write* files: /Users/akurz/alexhkurz-at-git/WikipediaGame/server/server.py

ASSISTANT: Ok.

USER: currently I get the error ~/alexhkurz-at-git/WikipediaGame/server > python server.py

Traceback (most recent call last):
  File "/Users/akurz/alexhkurz-at-git/WikipediaGame/server/server.py", line 2, in <module>
    from flask_limiter import Limiter
ModuleNotFoundError: No module named 'flask_limiter'

ASSISTANT: The error message you're seeing indicates that the Python module `flask_limiter` is not installed in your current environment.

To fix this, you need to install the `flask_limiter` module. You can do this by running the command `pip install Flask-Limiter` in your terminal.

If you're using a virtual environment (which is a good practice), make sure you've activated it before running the install command. If you're not using a virtual environment, you may need to add `sudo` at the beginning of the command to install the package system-wide (i.e., `sudo pip install Flask-Limiter`), or use the `--user` option to install it just for your user (i.e., `pip install --user Flask-Limiter`).

Please try installing `flask_limiter` and let me know if you still encounter any issues.

USER: as you can see I run pip install but still get the error """~/alexhkurz-at-git/WikipediaGame/server > pip install Flask-Limiter
Requirement already satisfied: Flask-Limiter in /opt/homebrew/lib/python3.11/site-packages (3.5.0)
Requirement already satisfied: limits>=2.8 in /opt/homebrew/lib/python3.11/site-packages (from Flask-Limiter) (3.7.0)
Requirement already satisfied: Flask>=2 in /opt/homebrew/lib/python3.11/site-packages (from Flask-Limiter) (3.0.0)
Requirement already satisfied: ordered-set<5,>4 in /opt/homebrew/lib/python3.11/site-packages (from Flask-Limiter) (4.1.0)
Requirement already satisfied: rich<14,>=12 in /opt/homebrew/lib/python3.11/site-packages (from Flask-Limiter) (13.7.0)
Requirement already satisfied: typing-extensions>=4 in /opt/homebrew/lib/python3.11/site-packages (from Flask-Limiter) (4.9.0)
Requirement already satisfied: Werkzeug>=3.0.0 in /opt/homebrew/lib/python3.11/site-packages (from Flask>=2->Flask-Limiter) (3.0.1)
Requirement already satisfied: Jinja2>=3.1.2 in /opt/homebrew/lib/python3.11/site-packages (from Flask>=2->Flask-Limiter) (3.1.2)
Requirement already satisfied: itsdangerous>=2.1.2 in /opt/homebrew/lib/python3.11/site-packages (from Flask>=2->Flask-Limiter) (2.1.2)
Requirement already satisfied: click>=8.1.3 in /opt/homebrew/lib/python3.11/site-packages (from Flask>=2->Flask-Limiter) (8.1.7)
Requirement already satisfied: blinker>=1.6.2 in /opt/homebrew/lib/python3.11/site-packages (from Flask>=2->Flask-Limiter) (1.7.0)
Requirement already satisfied: deprecated>=1.2 in /opt/homebrew/lib/python3.11/site-packages (from limits>=2.8->Flask-Limiter) (1.2.14)
Requirement already satisfied: importlib-resources>=1.3 in /opt/homebrew/lib/python3.11/site-packages (from limits>=2.8->Flask-Limiter) (6.1.1)
Requirement already satisfied: packaging<24,>=21 in /opt/homebrew/lib/python3.11/site-packages (from limits>=2.8->Flask-Limiter) (23.2)
Requirement already satisfied: markdown-it-py>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from rich<14,>=12->Flask-Limiter) (3.0.0)
Requirement already satisfied: pygments<3.0.0,>=2.13.0 in /opt/homebrew/lib/python3.11/site-packages (from rich<14,>=12->Flask-Limiter) (2.17.2)
Requirement already satisfied: wrapt<2,>=1.10 in /opt/homebrew/lib/python3.11/site-packages (from deprecated>=1.2->limits>=2.8->Flask-Limiter) (1.16.0)
Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from Jinja2>=3.1.2->Flask>=2->Flask-Limiter) (2.1.3)
Requirement already satisfied: mdurl~=0.1 in /opt/homebrew/lib/python3.11/site-packages (from markdown-it-py>=2.2.0->rich<14,>=12->Flask-Limiter) (0.1.2)
DEPRECATION: textract 1.6.5 has a non-standard dependency specifier extract-msg<=0.29.*. pip 24.0 will enforce this behaviour change. A possible replacement is to upgrade to a newer version of textract or contact the author to suggest that they release a version with a conforming dependency specifiers. Discussion can be found at pypa/pip#12063

[notice] A new release of pip is available: 23.3.1 -> 24.0
[notice] To update, run: python3.11 -m pip install --upgrade pip
~/alexhkurz-at-git/WikipediaGame/server > python server.py

Traceback (most recent call last):
  File "/Users/akurz/alexhkurz-at-git/WikipediaGame/server/server.py", line 2, in <module>
    from flask_limiter import Limiter
ModuleNotFoundError: No module named 'flask_limiter'
"""

ASSISTANT: The error you're encountering is likely due to a mismatch between the Python environment where you installed the `Flask-Limiter` package and the Python environment where you're trying to run your script.

Here are a few things you can try:

1. **Check your Python version**: Use the command `python --version` to check the version of Python you're using. If you installed the package with `pip`, it should be available in the Python environment where `pip` is installed. If you have multiple versions of Python installed, you might have installed the package in one version and are trying to run your script with another.

2. **Use a virtual environment**: If you're not already doing so, I recommend using a virtual environment. This is a self-contained Python environment where you can install packages without affecting your system-wide Python installation. You can create a virtual environment with the `venv` module: `python3 -m venv env`, activate it with `source env/bin/activate`, and then install your packages with `pip install Flask-Limiter`.

3. **Check your PYTHONPATH**: The `PYTHONPATH` is an environment variable that specifies additional locations where Python should look for modules. If your `Flask-Limiter` package is installed in a location that's not on your `PYTHONPATH`, Python won't be able to find it. You can check your `PYTHONPATH` with `echo $PYTHONPATH` and add a new location with `export PYTHONPATH="/new/path:$PYTHONPATH"`.

4. **Reinstall the package**: Sometimes, reinstalling the package can help. You can uninstall the package with `pip uninstall Flask-Limiter` and then install it again with `pip install Flask-Limiter`.

Please try these suggestions and let me know if you're still encountering the issue.

USER: I added these *read-write* files: /Users/akurz/alexhkurz-at-git/WikipediaGame/server/setup.sh

ASSISTANT: To resolve the issue, we need to modify the `setup.sh` file to include the installation of the `Flask-Limiter` package.

Here is the *SEARCH/REPLACE* block:

/Users/akurz/alexhkurz-at-git/WikipediaGame/server/setup.sh
```bash
<<<<<<< SEARCH
# Install the dependencies
pip install -r requirements.txt
=======
# Install the dependencies
pip install -r requirements.txt
pip install Flask-Limiter
>>>>>>> REPLACE
```

This change will ensure that the `Flask-Limiter` package is installed when setting up the project.
@ichard26
Copy link
Member

ichard26 commented Apr 22, 2024

@ShuOreki you'll need to use a newer version of omegaconf if you wish to install it with the upcoming pip release. Cross-referencing from omry/omegaconf#775 which was merged on Aug 12 2021, I believe you'll need to use omegaconf >= 2.1.1 as version 2.1.1 was published a few days afterwards.

@tianmingxuan

This comment was marked as duplicate.

@ichard26

This comment was marked as resolved.

@InquisitiveAS

This comment was marked as duplicate.

@pradyunsg
Copy link
Member

Please stop posting the error message here folks. The deprecation message clearly indicates what you can do -- use a newer version of the library or contact the author of the library.

@tfpf
Copy link

tfpf commented May 15, 2024

Might be worth considering locking this conversation? It has received enough off-topic comments. Locking may further signal that this isn't a support thread.

It may be a while before all Linux distributions update the Python distribution packages, so people may keep visiting here. When they do (and see it’s locked), a glance at the original post will again clarify that this thread isn’t for support.

@pradyunsg
Copy link
Member

pradyunsg commented May 15, 2024

Yea, I considered that. If we see more of that after telling people not to in the final post (which it is no longer, oops), then I'll lock this. :)


Repeating the earlier message:

Please stop posting the error message here folks. The deprecation message indicates what you can do -- use a newer version of the library or contact the author of the library.

@M-Pine

This comment was marked as off-topic.

@Gladys91

This comment was marked as off-topic.

@bluebrad

This comment was marked as off-topic.

@qzhyjd

This comment was marked as duplicate.

@pypa pypa locked as spam and limited conversation to collaborators Jun 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: deprecation Related to deprecation / removal.
Projects
None yet
Development

Successfully merging a pull request may close this issue.