Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically enable PEP 517 when --config-settings are used for legacy projects #11915

Closed
sbidoul opened this issue Apr 2, 2023 · 11 comments · Fixed by #11917
Closed

Automatically enable PEP 517 when --config-settings are used for legacy projects #11915

sbidoul opened this issue Apr 2, 2023 · 11 comments · Fixed by #11917
Labels
C: build logic Stuff related to metadata generation / wheel generation
Milestone
24.0

Comments

@sbidoul
Copy link
Member

sbidoul commented Apr 2, 2023

When using --config-settings with a project that does not have a pyproject.toml, they are silently ignored.

I see two possibilities:

  • warn that config settings are ignored
  • automatically enable pep517 (and warn that we are doing this)
@sbidoul sbidoul added this to the 23.1 milestone Apr 2, 2023
@pradyunsg
Copy link
Member

pradyunsg commented Apr 2, 2023
edited

Nice catch! My vote is toward auto-enabling pep517 for them.

@sbidoul sbidoul added the C: build logic Stuff related to metadata generation / wheel generation label Apr 2, 2023
@sbidoul sbidoul mentioned this issue Apr 2, 2023
Merged
@sbidoul
Copy link
Member Author

sbidoul commented Apr 2, 2023

In #11917, PEP 517 is automatically enabled when config settings are present. I decided not to warn about it because PEP 517 will become the default at some point.

@sbidoul
Copy link
Member Author

sbidoul commented Apr 2, 2023

Hmmm... actually, now that I think more about it, auto-enabling PEP 517 might be a breaking change to some extent.

Indeed CLI config settings are applied to all builds and setuptools fails when passed unknown --build-option settings .
When building a project that depends on a legacy sdist, the config settings were ignored for the legacy sdist dependency.
With #11917 they will be applied to both modern and legacy dependencies.

... Which makes me question the pertinence of propagating CLI config settings to dependencies. Not sure, maybe I'm overthinking it.

@sbidoul sbidoul mentioned this issue Apr 2, 2023
Merged
@sbidoul sbidoul modified the milestones: 23.1, 23.3 Apr 2, 2023
@sbidoul
Copy link
Member Author

sbidoul commented Apr 2, 2023

Let's make this a deprecation warning in 23.1 (#11919).

@pfmoore
Copy link
Member

pfmoore commented Apr 2, 2023

Agreed, that seems safer on reflection.

Regarding propagating config settings, I think this is something we need user input on, and probably discussion with backends. My instinct is that the safest option is to not propagate. Config settings only affect the directly requested packages - if you want to apply config settings to a dependency you should build a wheel using those config settings explicitly. It's not very friendly, but it has the value of being explicit and avoids the problem that if we propagate, there's no way to turn the config settings off for dependencies. I'm also not sure how this impacts the idea of config settings in requirement files. It probably doesn't (IIRC, the current state of that PR is that they don't propagate) but it's worth checking. In case it's not obvious, I'd prefer not to rush any decision on propagation, it should wait till after 23.1.

@sbidoul
Copy link
Member Author

sbidoul commented Apr 2, 2023
edited

I'm also not sure how this impacts the idea of config settings in requirement files.

Actually I now realize that the current per-requirements PR (#11634) introduces a breaking change too by propagating CLI config settings to requirement files (my bad).

Indeed, in 23.0 and current main, CLI config settings are passed to CLI requirements and their dependencies, but not to requirements provided via a requirements file. I should have noticed sooner because I removed the unused argument in #11876, but it is sinking only now...

My instinct is that the safest option is to not propagate.

It is also my intuition. Let me sleep on it...

@q0w sorry for the confusion, it looks like I may have misled you :/

@q0w
Copy link
Contributor

q0w commented Apr 3, 2023

So now cli and requirements config settings should not be merged?

@sbidoul
Copy link
Member Author

sbidoul commented Apr 7, 2023
edited

So, I investigated this again. Since config settings were introduced in 22.1, there is a discrepancy in their propagation. CLI config settings are propagated to dependencies of CLI requirements, but not propagated to dependencies found in requirement files:

pip/src/pip/_internal/cli/req_command.py

Lines 421 to 426 in 5f12c59

req_to_add = install_req_from_parsed_requirement(
parsed_req,
isolated=options.isolated_mode,
use_pep517=options.use_pep517,
user_supplied=True,
)

Since I knew they were propagated to dependencies I wrongly assumed it was the case for requirement files too, which caused me to propose merging CLI config settings and per-requirements config settings in #11634.

To resolve this discrepancy, I now believe we should remove the propagation to dependencies, and let CLI config settings apply only to CLI requirements, while lettings per-requirement config settings in requirement files apply to individual lines only, independently of CLI requirements.

@pfmoore
Copy link
Member

pfmoore commented Apr 7, 2023

Thanks for looking into this. When I implemented the CLI support, this wasn't something I thought particularly about (which is probably why it's inconsistent!)

I agree with your suggestion.

One thought - does this mean that if the user sets config_settings in their pip config file, or via an environment variable, that would only affect requirements directly specified on the command line? That would be logical, but might be surprising to people who expect such a setting to be "global" (in some sense). It might be worth a documentation note.

While this isn't perfect (the workaround needed to build a dependency with specific config settings is pretty clumsy) I don't think we can do much better without feedback from actual use cases where there is a practical problem to address. There's only so far we can go based on theory.

This was referenced Apr 8, 2023
Merged
Merged
@sbidoul
Copy link
Member Author

sbidoul commented Apr 9, 2023

I created #11941 to stop the propagation of CLI config settings to dependencies, including a documentation note.

the workaround needed to build a dependency with specific config settings is pretty clumsy

Not necessarily? If A depends on B, pip install --config-settings FOO=hello A B will be sufficient to pass config settings to B too.

@pfmoore
Copy link
Member

pfmoore commented Apr 9, 2023

Not necessarily? If A depends on B, pip install --config-settings FOO=hello A B will be sufficient to pass config settings to B too.

Doh. I need to send my brain in for a service. I was thinking you'd need to manually build a B wheel with the right settings. Ignore me.

@sbidoul sbidoul changed the title --config-settings are silently ignored for legacy projects Automatically enable PEP 517 when --config-settings are used for legacy projects Apr 14, 2023
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Apr 16, 2023
@dependabot
chore(deps): Bump pip from 23.0.1 to 23.1 (#1259)
53aa830 
Bumps [pip](https://github.com/pypa/pip) from 23.0.1 to 23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py
install</code> anymore. Instead a wheel will be
built locally and installed.
(<code>[#11451](pypa/pip#11451)
&lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built
wheels anymore. It only
means &quot;don't download wheels&quot;.
(<code>[#11453](pypa/pip#11453)
&lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and
<code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>.
(<code>[#11859](pypa/pip#11859)
&lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a
<code>pyproject.toml</code> now print
a deprecation warning. In the future the presence of config settings
will automatically
enable the default build backend for legacy projects and pass the
setttings to it.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel
failed for projects without
<code>pyproject.toml</code>.
(<code>[#8368](pypa/pip#8368)
&lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses
the default build backend
instead of <code>setup.py install</code> for project without
<code>pyproject.toml</code>.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not
match installed location to provide better error message for debugging.
(<code>[#10476](pypa/pip#10476)
&lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice
that is rejected (pass <code>-vv</code> to <code>pip install</code> to
show it) (<code>[#10937](pypa/pip#10937)
&lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line.
(<code>[#11169](pypa/pip#11169)
&lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in
requirements files.
(<code>[#11325](pypa/pip#11325)
&lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now
supports using the same key multiple
times. When the same key is specified multiple times, all values are
passed to
the build backend as a list, as opposed to the previous behavior, where
pip would
only pass the last value if the same key was used multiple times.
(<code>[#11681](pypa/pip#11681)
&lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the
<code>--config-settings</code> option.
(<code>[#11786](pypa/pip#11786)
&lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the
resolver more efficient in finding solutions. This also makes
pathological cases fail quicker.
(<code>[#11908](pypa/pip#11908)
&lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in
a requirements file.
(<code>[#11935](pypa/pip#11935)
&lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build
dependencies. They already did
not propagate to requirements provided in requirement files. To pass the
same config
settings to several requirements, users should provide the requirements
as CLI
arguments. (<code>[#11941](pypa/pip#11941)
&lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>.
(<code>[#5037](pypa/pip#5037)
&lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication
page in the documentation for more info.
(<code>[#8719](pypa/pip#8719)
&lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now
also included from the base installation.
(<code>[#9752](pypa/pip#9752)
&lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot;
to &quot;A new release of pip is available:&quot; in the notice used for
indicating that.
(<code>[#11529](pypa/pip#11529)
&lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH.
(<code>[#11719](pypa/pip#11719)
&lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available.
(<code>[#11774](pypa/pip#11774)
&lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
<li>More consistent resolution backtracking by removing legacy hack
related to setuptools resolution
(<code>[#11837](pypa/pip#11837)
&lt;https://github.com/pypa/pip/issues/11837&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from
sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a
href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from
sbidoul/cache-hash-checking-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a>
Further refactor is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a>
Improve test</li>
<li><a
href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a>
Introduce ireq.cached_wheel_source_link</li>
<li><a
href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a>
Add a couple of asserts</li>
<li><a
href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a>
Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a>
Cosmetics</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.0.1...23.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.0.1&new-version=23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Apr 17, 2023
@dependabot @inmantaci
Bump pip from 23.0.1 to 23.1 (PR #5838)
c538218 
Bumps [pip](https://github.com/pypa/pip) from 23.0.1 to 23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py install</code> anymore. Instead a wheel will be
built locally and installed. (<code>[#11451](pypa/pip#11451) &lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built wheels anymore. It only
means &quot;don't download wheels&quot;. (<code>[#11453](pypa/pip#11453) &lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and <code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>. (<code>[#11859](pypa/pip#11859) &lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a <code>pyproject.toml</code> now print
a deprecation warning. In the future the presence of config settings will automatically
enable the default build backend for legacy projects and pass the setttings to it. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel failed for projects without
<code>pyproject.toml</code>. (<code>[#8368](pypa/pip#8368) &lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses the default build backend
instead of <code>setup.py install</code> for project without <code>pyproject.toml</code>. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not match installed location to provide better error message for debugging. (<code>[#10476](pypa/pip#10476) &lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice that is rejected (pass <code>-vv</code> to <code>pip install</code> to show it) (<code>[#10937](pypa/pip#10937) &lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line. (<code>[#11169](pypa/pip#11169) &lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in requirements files. (<code>[#11325](pypa/pip#11325) &lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now supports using the same key multiple
times. When the same key is specified multiple times, all values are passed to
the build backend as a list, as opposed to the previous behavior, where pip would
only pass the last value if the same key was used multiple times. (<code>[#11681](pypa/pip#11681) &lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the <code>--config-settings</code> option. (<code>[#11786](pypa/pip#11786) &lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the resolver more efficient in finding solutions. This also makes pathological cases fail quicker. (<code>[#11908](pypa/pip#11908) &lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in a requirements file. (<code>[#11935](pypa/pip#11935) &lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build dependencies. They already did
not propagate to requirements provided in requirement files. To pass the same config
settings to several requirements, users should provide the requirements as CLI
arguments. (<code>[#11941](pypa/pip#11941) &lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>. (<code>[#5037](pypa/pip#5037) &lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication page in the documentation for more info. (<code>[#8719](pypa/pip#8719) &lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now also included from the base installation. (<code>[#9752](pypa/pip#9752) &lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot; to &quot;A new release of pip is available:&quot; in the notice used for indicating that. (<code>[#11529](pypa/pip#11529) &lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH. (<code>[#11719](pypa/pip#11719) &lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available. (<code>[#11774](pypa/pip#11774) &lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
<li>More consistent resolution backtracking by removing legacy hack related to setuptools resolution (<code>[#11837](pypa/pip#11837) &lt;https://github.com/pypa/pip/issues/11837&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from sbidoul/cache-hash-checking-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a> Further refactor is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a> Improve test</li>
<li><a href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a> Introduce ireq.cached_wheel_source_link</li>
<li><a href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a> Add a couple of asserts</li>
<li><a href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a> Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a> Cosmetics</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.0.1...23.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.0.1&new-version=23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Apr 17, 2023
@dependabot
chore(deps): Update pip requirement from ~=23.0 to ~=23.1 in /package…
5efb5ea 
…s/@jsii/python-runtime (#4060)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py install</code> anymore. Instead a wheel will be
built locally and installed. (<code>[#11451](pypa/pip#11451) &lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built wheels anymore. It only
means &quot;don't download wheels&quot;. (<code>[#11453](pypa/pip#11453) &lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and <code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>. (<code>[#11859](pypa/pip#11859) &lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a <code>pyproject.toml</code> now print
a deprecation warning. In the future the presence of config settings will automatically
enable the default build backend for legacy projects and pass the setttings to it. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel failed for projects without
<code>pyproject.toml</code>. (<code>[#8368](pypa/pip#8368) &lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses the default build backend
instead of <code>setup.py install</code> for project without <code>pyproject.toml</code>. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not match installed location to provide better error message for debugging. (<code>[#10476](pypa/pip#10476) &lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice that is rejected (pass <code>-vv</code> to <code>pip install</code> to show it) (<code>[#10937](pypa/pip#10937) &lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line. (<code>[#11169](pypa/pip#11169) &lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in requirements files. (<code>[#11325](pypa/pip#11325) &lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now supports using the same key multiple
times. When the same key is specified multiple times, all values are passed to
the build backend as a list, as opposed to the previous behavior, where pip would
only pass the last value if the same key was used multiple times. (<code>[#11681](pypa/pip#11681) &lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the <code>--config-settings</code> option. (<code>[#11786](pypa/pip#11786) &lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the resolver more efficient in finding solutions. This also makes pathological cases fail quicker. (<code>[#11908](pypa/pip#11908) &lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in a requirements file. (<code>[#11935](pypa/pip#11935) &lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build dependencies. They already did
not propagate to requirements provided in requirement files. To pass the same config
settings to several requirements, users should provide the requirements as CLI
arguments. (<code>[#11941](pypa/pip#11941) &lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>. (<code>[#5037](pypa/pip#5037) &lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication page in the documentation for more info. (<code>[#8719](pypa/pip#8719) &lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now also included from the base installation. (<code>[#9752](pypa/pip#9752) &lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot; to &quot;A new release of pip is available:&quot; in the notice used for indicating that. (<code>[#11529](pypa/pip#11529) &lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH. (<code>[#11719](pypa/pip#11719) &lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available. (<code>[#11774](pypa/pip#11774) &lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
<li>More consistent resolution backtracking by removing legacy hack related to setuptools resolution (<code>[#11837](pypa/pip#11837) &lt;https://github.com/pypa/pip/issues/11837&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from sbidoul/cache-hash-checking-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a> Further refactor is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a> Improve test</li>
<li><a href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a> Introduce ireq.cached_wheel_source_link</li>
<li><a href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a> Add a couple of asserts</li>
<li><a href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a> Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a> Cosmetics</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.0...23.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Apr 18, 2023
@dependabot @inmantaci
Bump pip from 23.0.1 to 23.1 (PR #5848)
f1d75e0 
Bumps [pip](https://github.com/pypa/pip) from 23.0.1 to 23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py install</code> anymore. Instead a wheel will be
built locally and installed. (<code>[#11451](pypa/pip#11451) &lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built wheels anymore. It only
means &quot;don't download wheels&quot;. (<code>[#11453](pypa/pip#11453) &lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and <code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>. (<code>[#11859](pypa/pip#11859) &lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a <code>pyproject.toml</code> now prints
a deprecation warning. In the future the presence of config settings will automatically
enable the default build backend for legacy projects and pass the setttings to it. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel failed for projects without
<code>pyproject.toml</code>. (<code>[#8368](pypa/pip#8368) &lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses the default build backend
instead of <code>setup.py install</code> and <code>setup.py develop</code> for project without
<code>pyproject.toml</code>. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not match installed location to provide better error message for debugging. (<code>[#10476](pypa/pip#10476) &lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice that is rejected (pass <code>-vv</code> to <code>pip install</code> to show it) (<code>[#10937](pypa/pip#10937) &lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line. (<code>[#11169](pypa/pip#11169) &lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in requirements files. (<code>[#11325](pypa/pip#11325) &lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now supports using the same key multiple
times. When the same key is specified multiple times, all values are passed to
the build backend as a list, as opposed to the previous behavior, where pip would
only pass the last value if the same key was used multiple times. (<code>[#11681](pypa/pip#11681) &lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the <code>--config-settings</code> option. (<code>[#11786](pypa/pip#11786) &lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the resolver more efficient in finding solutions. This also makes pathological cases fail quicker. (<code>[#11908](pypa/pip#11908) &lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in a requirements file. (<code>[#11935](pypa/pip#11935) &lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build dependencies. They already did
not propagate to requirements provided in requirement files. To pass the same config
settings to several requirements, users should provide the requirements as CLI
arguments. (<code>[#11941](pypa/pip#11941) &lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>. (<code>[#5037](pypa/pip#5037) &lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication page in the documentation for more info. (<code>[#8719](pypa/pip#8719) &lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now also included from the base installation. (<code>[#9752](pypa/pip#9752) &lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot; to &quot;A new release of pip is available:&quot; in the notice used for indicating that. (<code>[#11529](pypa/pip#11529) &lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH. (<code>[#11719](pypa/pip#11719) &lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available. (<code>[#11774](pypa/pip#11774) &lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from sbidoul/cache-hash-checking-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a> Further refactor is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a> Improve test</li>
<li><a href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a> Introduce ireq.cached_wheel_source_link</li>
<li><a href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a> Add a couple of asserts</li>
<li><a href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a> Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a> Cosmetics</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.0.1...23.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.0.1&new-version=23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
RomainBrault added a commit to RomainBrault/python-whiteprint that referenced this issue Apr 21, 2023
@dependabot @RomainBrault
ci(dependency): ⬆️ bump pip from 23.0.1 to 23.1 in /.github/workflows (
6b09834 
…#144)

Bumps [pip](https://github.com/pypa/pip) from 23.0.1 to 23.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py
install</code> anymore. Instead a wheel will be
built locally and installed.
(<code>[#11451](pypa/pip#11451)
&lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built
wheels anymore. It only
means &quot;don't download wheels&quot;.
(<code>[#11453](pypa/pip#11453)
&lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and
<code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>.
(<code>[#11859](pypa/pip#11859)
&lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a
<code>pyproject.toml</code> now prints
a deprecation warning. In the future the presence of config settings
will automatically
enable the default build backend for legacy projects and pass the
setttings to it.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel
failed for projects without
<code>pyproject.toml</code>.
(<code>[#8368](pypa/pip#8368)
&lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses
the default build backend
instead of <code>setup.py install</code> and <code>setup.py
develop</code> for project without
<code>pyproject.toml</code>.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not
match installed location to provide better error message for debugging.
(<code>[#10476](pypa/pip#10476)
&lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice
that is rejected (pass <code>-vv</code> to <code>pip install</code> to
show it) (<code>[#10937](pypa/pip#10937)
&lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line.
(<code>[#11169](pypa/pip#11169)
&lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in
requirements files.
(<code>[#11325](pypa/pip#11325)
&lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now
supports using the same key multiple
times. When the same key is specified multiple times, all values are
passed to
the build backend as a list, as opposed to the previous behavior, where
pip would
only pass the last value if the same key was used multiple times.
(<code>[#11681](pypa/pip#11681)
&lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the
<code>--config-settings</code> option.
(<code>[#11786](pypa/pip#11786)
&lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the
resolver more efficient in finding solutions. This also makes
pathological cases fail quicker.
(<code>[#11908](pypa/pip#11908)
&lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in
a requirements file.
(<code>[#11935](pypa/pip#11935)
&lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build
dependencies. They already did
not propagate to requirements provided in requirement files. To pass the
same config
settings to several requirements, users should provide the requirements
as CLI
arguments. (<code>[#11941](pypa/pip#11941)
&lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>.
(<code>[#5037](pypa/pip#5037)
&lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication
page in the documentation for more info.
(<code>[#8719](pypa/pip#8719)
&lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now
also included from the base installation.
(<code>[#9752](pypa/pip#9752)
&lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot;
to &quot;A new release of pip is available:&quot; in the notice used for
indicating that.
(<code>[#11529](pypa/pip#11529)
&lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH.
(<code>[#11719](pypa/pip#11719)
&lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available.
(<code>[#11774](pypa/pip#11774)
&lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from
sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a
href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from
sbidoul/cache-hash-checking-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a>
Further refactor is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a>
Improve test</li>
<li><a
href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a>
Introduce ireq.cached_wheel_source_link</li>
<li><a
href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a>
Add a couple of asserts</li>
<li><a
href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a>
Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a>
Cosmetics</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.0.1...23.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.0.1&new-version=23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Romain Brault <1455095+RomainBrault@users.noreply.github.com>
ludeeus pushed a commit to ludeeus/integration_blueprint that referenced this issue Apr 22, 2023
@dependabot
Update pip requirement from <23.1,>=21.0 to >=21.0,<23.2 (#100)
a577f2e 
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py
install</code> anymore. Instead a wheel will be
built locally and installed.
(<code>[#11451](pypa/pip#11451)
&lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built
wheels anymore. It only
means &quot;don't download wheels&quot;.
(<code>[#11453](pypa/pip#11453)
&lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and
<code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>.
(<code>[#11859](pypa/pip#11859)
&lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a
<code>pyproject.toml</code> now prints
a deprecation warning. In the future the presence of config settings
will automatically
enable the default build backend for legacy projects and pass the
setttings to it.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel
failed for projects without
<code>pyproject.toml</code>.
(<code>[#8368](pypa/pip#8368)
&lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses
the default build backend
instead of <code>setup.py install</code> and <code>setup.py
develop</code> for project without
<code>pyproject.toml</code>.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not
match installed location to provide better error message for debugging.
(<code>[#10476](pypa/pip#10476)
&lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice
that is rejected (pass <code>-vv</code> to <code>pip install</code> to
show it) (<code>[#10937](pypa/pip#10937)
&lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line.
(<code>[#11169](pypa/pip#11169)
&lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in
requirements files.
(<code>[#11325](pypa/pip#11325)
&lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now
supports using the same key multiple
times. When the same key is specified multiple times, all values are
passed to
the build backend as a list, as opposed to the previous behavior, where
pip would
only pass the last value if the same key was used multiple times.
(<code>[#11681](pypa/pip#11681)
&lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the
<code>--config-settings</code> option.
(<code>[#11786](pypa/pip#11786)
&lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the
resolver more efficient in finding solutions. This also makes
pathological cases fail quicker.
(<code>[#11908](pypa/pip#11908)
&lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in
a requirements file.
(<code>[#11935](pypa/pip#11935)
&lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build
dependencies. They already did
not propagate to requirements provided in requirement files. To pass the
same config
settings to several requirements, users should provide the requirements
as CLI
arguments. (<code>[#11941](pypa/pip#11941)
&lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>.
(<code>[#5037](pypa/pip#5037)
&lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication
page in the documentation for more info.
(<code>[#8719](pypa/pip#8719)
&lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now
also included from the base installation.
(<code>[#9752](pypa/pip#9752)
&lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot;
to &quot;A new release of pip is available:&quot; in the notice used for
indicating that.
(<code>[#11529](pypa/pip#11529)
&lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH.
(<code>[#11719](pypa/pip#11719)
&lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available.
(<code>[#11774](pypa/pip#11774)
&lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from
sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a
href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from
sbidoul/cache-hash-checking-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a>
Further refactor is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a>
Improve test</li>
<li><a
href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a>
Introduce ireq.cached_wheel_source_link</li>
<li><a
href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a>
Add a couple of asserts</li>
<li><a
href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a>
Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a>
Cosmetics</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...23.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fredck pushed a commit to fredck/lightener that referenced this issue May 10, 2023
@dependabot @fredck
Update pip requirement from <23.1,>=21.0 to >=21.0,<23.2 (#100)
8b796be 
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py
install</code> anymore. Instead a wheel will be
built locally and installed.
(<code>[#11451](pypa/pip#11451)
&lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built
wheels anymore. It only
means &quot;don't download wheels&quot;.
(<code>[#11453](pypa/pip#11453)
&lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and
<code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>.
(<code>[#11859](pypa/pip#11859)
&lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a
<code>pyproject.toml</code> now prints
a deprecation warning. In the future the presence of config settings
will automatically
enable the default build backend for legacy projects and pass the
setttings to it.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel
failed for projects without
<code>pyproject.toml</code>.
(<code>[#8368](pypa/pip#8368)
&lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses
the default build backend
instead of <code>setup.py install</code> and <code>setup.py
develop</code> for project without
<code>pyproject.toml</code>.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Specify egg-link location in assertion message when it does not
match installed location to provide better error message for debugging.
(<code>[#10476](pypa/pip#10476)
&lt;https://github.com/pypa/pip/issues/10476&gt;</code>_)</li>
<li>Present conflict information during installation after each choice
that is rejected (pass <code>-vv</code> to <code>pip install</code> to
show it) (<code>[#10937](pypa/pip#10937)
&lt;https://github.com/pypa/pip/issues/10937&gt;</code>_)</li>
<li>Display dependency chain on each Collecting/Processing log line.
(<code>[#11169](pypa/pip#11169)
&lt;https://github.com/pypa/pip/issues/11169&gt;</code>_)</li>
<li>Support a per-requirement <code>--config-settings</code> option in
requirements files.
(<code>[#11325](pypa/pip#11325)
&lt;https://github.com/pypa/pip/issues/11325&gt;</code>_)</li>
<li>The <code>--config-settings</code>/<code>-C</code> option now
supports using the same key multiple
times. When the same key is specified multiple times, all values are
passed to
the build backend as a list, as opposed to the previous behavior, where
pip would
only pass the last value if the same key was used multiple times.
(<code>[#11681](pypa/pip#11681)
&lt;https://github.com/pypa/pip/issues/11681&gt;</code>_)</li>
<li>Add <code>-C</code> as a short version of the
<code>--config-settings</code> option.
(<code>[#11786](pypa/pip#11786)
&lt;https://github.com/pypa/pip/issues/11786&gt;</code>_)</li>
<li>Reduce the number of resolver rounds, since backjumping makes the
resolver more efficient in finding solutions. This also makes
pathological cases fail quicker.
(<code>[#11908](pypa/pip#11908)
&lt;https://github.com/pypa/pip/issues/11908&gt;</code>_)</li>
<li>Warn if <code>--hash</code> is used on a line without requirement in
a requirements file.
(<code>[#11935](pypa/pip#11935)
&lt;https://github.com/pypa/pip/issues/11935&gt;</code>_)</li>
<li>Stop propagating CLI <code>--config-settings</code> to the build
dependencies. They already did
not propagate to requirements provided in requirement files. To pass the
same config
settings to several requirements, users should provide the requirements
as CLI
arguments. (<code>[#11941](pypa/pip#11941)
&lt;https://github.com/pypa/pip/issues/11941&gt;</code>_)</li>
<li>Support wheel cache when using <code>--require-hashes</code>.
(<code>[#5037](pypa/pip#5037)
&lt;https://github.com/pypa/pip/issues/5037&gt;</code>_)</li>
<li>Add <code>--keyring-provider</code> flag. See the Authentication
page in the documentation for more info.
(<code>[#8719](pypa/pip#8719)
&lt;https://github.com/pypa/pip/issues/8719&gt;</code>_)</li>
<li>In the case of virtual environments, configuration files are now
also included from the base installation.
(<code>[#9752](pypa/pip#9752)
&lt;https://github.com/pypa/pip/issues/9752&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix grammar by changing &quot;A new release of pip available:&quot;
to &quot;A new release of pip is available:&quot; in the notice used for
indicating that.
(<code>[#11529](pypa/pip#11529)
&lt;https://github.com/pypa/pip/issues/11529&gt;</code>_)</li>
<li>Normalize paths before checking if installed scripts are on PATH.
(<code>[#11719](pypa/pip#11719)
&lt;https://github.com/pypa/pip/issues/11719&gt;</code>_)</li>
<li>Correct the way to decide if keyring is available.
(<code>[#11774](pypa/pip#11774)
&lt;https://github.com/pypa/pip/issues/11774&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/6424ac4600265490462015c2fc7f9a402dba9ed8"><code>6424ac4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/868338f9f79b58eff34dafb168aed65480d080d5"><code>868338f</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/4f3a4f72697299da1a412cf10c919a989e0692f5"><code>4f3a4f7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11919">#11919</a> from
sbidoul/deprecate-legacy-ignore-config-setting...</li>
<li><a
href="https://github.com/pypa/pip/commit/dbf4e6842c9603792f6d3944a5c9cec17bd0a92a"><code>dbf4e68</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/11897">#11897</a> from
sbidoul/cache-hash-checking-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/efe2d27451d50b165df78093bf5885da713fbdf8"><code>efe2d27</code></a>
Further refactor is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/4beca6b4c9c510b19dbb6180e962425b89e8c839"><code>4beca6b</code></a>
Improve test</li>
<li><a
href="https://github.com/pypa/pip/commit/bd746e3136e5e1be2374a079bac66071dd967a8c"><code>bd746e3</code></a>
Introduce ireq.cached_wheel_source_link</li>
<li><a
href="https://github.com/pypa/pip/commit/caafe6e87d4f2998a77b194297e1c204cf6e10c2"><code>caafe6e</code></a>
Add a couple of asserts</li>
<li><a
href="https://github.com/pypa/pip/commit/a6ef6485be9512f18121298b058797c578f65d45"><code>a6ef648</code></a>
Rename original_link_is_in_wheel_cache to is_wheel_from_cache</li>
<li><a
href="https://github.com/pypa/pip/commit/ff8c8e38887880ad81ffd7cfc6a8373213c087b7"><code>ff8c8e3</code></a>
Cosmetics</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...23.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue May 12, 2023
@dependabot
chore(deps-dev): Bump pip from 23.0.1 to 23.1.2 in /packages/jsii-pac…
bb07f0b 
…mak/test/generated-code (#4072)

Bumps [pip](https://github.com/pypa/pip) from 23.0.1 to 23.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>23.1.2 (2023-04-26)</h1>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade setuptools to 67.7.2</li>
</ul>
<h1>23.1.1 (2023-04-22)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Revert <code>[#11487](pypa/pip#11487) &lt;https://github.com/pypa/pip/pull/11487&gt;</code><em>, as it causes issues with virtualenvs created by the Windows Store distribution of Python. (<code>[#11987](pypa/pip#11987) &lt;https://github.com/pypa/pip/issues/11987&gt;</code></em>)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Revert pkg_resources (via setuptools) back to 65.6.3</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Update documentation to reflect the new behavior of using the cache of locally
built wheels in hash-checking mode. (<code>[#11967](pypa/pip#11967) &lt;https://github.com/pypa/pip/issues/11967&gt;</code>_)</li>
</ul>
<h1>23.1 (2023-04-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Remove support for the deprecated <code>--install-options</code>. (<code>[#11358](pypa/pip#11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li><code>--no-binary</code> does not imply <code>setup.py install</code> anymore. Instead a wheel will be
built locally and installed. (<code>[#11451](pypa/pip#11451) &lt;https://github.com/pypa/pip/issues/11451&gt;</code>_)</li>
<li><code>--no-binary</code> does not disable the cache of locally built wheels anymore. It only
means &quot;don't download wheels&quot;. (<code>[#11453](pypa/pip#11453) &lt;https://github.com/pypa/pip/issues/11453&gt;</code>_)</li>
<li>Deprecate <code>--build-option</code> and <code>--global-option</code>. Users are invited to switch to
<code>--config-settings</code>. (<code>[#11859](pypa/pip#11859) &lt;https://github.com/pypa/pip/issues/11859&gt;</code>_)</li>
<li>Using <code>--config-settings</code> with projects that don't have a <code>pyproject.toml</code> now prints
a deprecation warning. In the future the presence of config settings will automatically
enable the default build backend for legacy projects and pass the setttings to it. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Remove <code>setup.py install</code> fallback when building a wheel failed for projects without
<code>pyproject.toml</code>. (<code>[#8368](pypa/pip#8368) &lt;https://github.com/pypa/pip/issues/8368&gt;</code>_)</li>
<li>When the <code>wheel</code> package is not installed, pip now uses the default build backend
instead of <code>setup.py install</code> and <code>setup.py develop</code> for project without
<code>pyproject.toml</code>. (<code>[#8559](pypa/pip#8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/3fe7e54fceac7a03bcb88ce26cfd0937acfe5e40"><code>3fe7e54</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/bc7621aaf827a992a455fe5c2c4ec59cfc26186e"><code>bc7621a</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11997">#11997</a> from pfmoore/vendoring-setuptools</li>
<li><a href="https://github.com/pypa/pip/commit/cbc92fd6dd7e0bae4ec81b87521b5c27b0601be5"><code>cbc92fd</code></a> Upgrade setuptools to 67.7.2</li>
<li><a href="https://github.com/pypa/pip/commit/4428130fbe44259562280f0601f034bb8c43bef2"><code>4428130</code></a> Suppress pkg_resources deprecation warning</li>
<li><a href="https://github.com/pypa/pip/commit/f1a7a6f942b869ae3428dbf55dfc1ca756c78d94"><code>f1a7a6f</code></a> Upgrade setuptools to 67.6.1</li>
<li><a href="https://github.com/pypa/pip/commit/51afe45cda2854d810d9714e3891e256b1509737"><code>51afe45</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11992">#11992</a> from pfmoore/release/23.1.1</li>
<li><a href="https://github.com/pypa/pip/commit/5cbf00c49e2a6974d794534d8041cf370218e98d"><code>5cbf00c</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/ee40d71817df8346af3d96051a298db8f22e52f1"><code>ee40d71</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/d5a779d96c0460f49da23abe8b4f557ce80b0a70"><code>d5a779d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/11987">#11987</a> from pfmoore/revert_56e5fa3</li>
<li><a href="https://github.com/pypa/pip/commit/b64e74de42d0a6e4f3a81a06b7fd33eea00b7160"><code>b64e74d</code></a> Add a news file</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.0.1...23.1.2">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.0.1&new-version=23.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
@jarrodmillman jarrodmillman mentioned this issue May 31, 2023
Merged
@sbidoul sbidoul removed this from the 23.3 milestone Oct 1, 2023
@sbidoul sbidoul added this to the 24.0 milestone Oct 1, 2023
@belm0 belm0 mentioned this issue Oct 11, 2023
Open
1 task
webmiche pushed a commit to xdslproject/xdsl that referenced this issue Feb 5, 2024
@dependabot
pip prod(deps): update pip requirement from <24.0 to <25.0 (#2089)
8e9ce80 
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502
(<code>[#11843](pypa/pip#11843)
&lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when
<code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of
packages whose name
contains <code>_</code> compatible with
<code>setuptools&gt;=69.0.3</code>.
(<code>[#12477](pypa/pip#12477)
&lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable
installs. (<code>[#12480](pypa/pip#12480)
&lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by
only scanning the relevant directory once, only considering file names
that are valid wheel or sdist names, and only considering files in the
directory that are related to the install.
(<code>[#12327](pypa/pip#12327)
&lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the
<code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works
(<code>[#11815](pypa/pip#11815)
&lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation.
(<code>[#12417](pypa/pip#12417)
&lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical
specifications on the :doc:<code>pypug:index</code>
(<code>[#12434](pypa/pip#12434)
&lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs
(<code>[#12475](pypa/pip#12475)
&lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's
<code>pyproject.toml</code> file.</li>
</ul>
<h1>23.3.2 (2023-12-17)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix a bug in extras handling for link requirements
(<code>[#12372](pypa/pip#12372)
&lt;https://github.com/pypa/pip/issues/12372&gt;</code>_)</li>
<li>Fix mercurial revision &quot;parse error&quot;: use
<code>--rev={ref}</code> instead of <code>-r={ref}</code>
(<code>[#12373](pypa/pip#12373)
&lt;https://github.com/pypa/pip/issues/12373&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a>
Tweak NEWS.rst</li>
<li><a
href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a>
Tweak news before release</li>
<li><a
href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from
jeanas/mailmap</li>
<li><a
href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a>
Add mailmap entry for <a
href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a
href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from
bdraco/add_502</li>
<li><a
href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a>
Update src/pip/_internal/network/session.py</li>
<li><a
href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from
sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a
href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from
VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/0.3...24.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Feb 5, 2024
@dependabot
chore(deps): Update pip requirement from ~=23.3 to ~=24.0 in /package…
6e7e501 
…s/@jsii/python-runtime (#4416)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502 (<code>[#11843](pypa/pip#11843) &lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when <code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of packages whose name
contains <code>_</code> compatible with <code>setuptools&gt;=69.0.3</code>. (<code>[#12477](pypa/pip#12477) &lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable installs. (<code>[#12480](pypa/pip#12480) &lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by only scanning the relevant directory once, only considering file names that are valid wheel or sdist names, and only considering files in the directory that are related to the install. (<code>[#12327](pypa/pip#12327) &lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the <code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works (<code>[#11815](pypa/pip#11815) &lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation. (<code>[#12417](pypa/pip#12417) &lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical specifications on the :doc:<code>pypug:index</code> (<code>[#12434](pypa/pip#12434) &lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs (<code>[#12475](pypa/pip#12475) &lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's <code>pyproject.toml</code> file.</li>
</ul>
<h1>23.3.2 (2023-12-17)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix a bug in extras handling for link requirements (<code>[#12372](pypa/pip#12372) &lt;https://github.com/pypa/pip/issues/12372&gt;</code>_)</li>
<li>Fix mercurial revision &quot;parse error&quot;: use <code>--rev={ref}</code> instead of <code>-r={ref}</code> (<code>[#12373](pypa/pip#12373) &lt;https://github.com/pypa/pip/issues/12373&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a> Tweak NEWS.rst</li>
<li><a href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a> Tweak news before release</li>
<li><a href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from jeanas/mailmap</li>
<li><a href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a> Add mailmap entry for <a href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from bdraco/add_502</li>
<li><a href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a> Update src/pip/_internal/network/session.py</li>
<li><a href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.3...24.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Feb 5, 2024
@dependabot
chore(deps-dev): Bump pip from 23.3.2 to 24.0 in /packages/jsii-pacma…
3551692 
…k/test/generated-code (#4417)

Bumps [pip](https://github.com/pypa/pip) from 23.3.2 to 24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502 (<code>[#11843](pypa/pip#11843) &lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when <code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of packages whose name
contains <code>_</code> compatible with <code>setuptools&gt;=69.0.3</code>. (<code>[#12477](pypa/pip#12477) &lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable installs. (<code>[#12480](pypa/pip#12480) &lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by only scanning the relevant directory once, only considering file names that are valid wheel or sdist names, and only considering files in the directory that are related to the install. (<code>[#12327](pypa/pip#12327) &lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the <code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works (<code>[#11815](pypa/pip#11815) &lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation. (<code>[#12417](pypa/pip#12417) &lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical specifications on the :doc:<code>pypug:index</code> (<code>[#12434](pypa/pip#12434) &lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs (<code>[#12475](pypa/pip#12475) &lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's <code>pyproject.toml</code> file.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a> Tweak NEWS.rst</li>
<li><a href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a> Tweak news before release</li>
<li><a href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from jeanas/mailmap</li>
<li><a href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a> Add mailmap entry for <a href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from bdraco/add_502</li>
<li><a href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a> Update src/pip/_internal/network/session.py</li>
<li><a href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.3.2...24.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.3.2&new-version=24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
edgarrmondragon pushed a commit to MeltanoLabs/tap-messagebird that referenced this issue Feb 5, 2024
@dependabot
ci(deps-dev): bump pip from 23.3.2 to 24.0 in /.github/workflows (#137)
76ffcdf 
Bumps [pip](https://github.com/pypa/pip) from 23.3.2 to 24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502
(<code>[#11843](pypa/pip#11843)
&lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when
<code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of
packages whose name
contains <code>_</code> compatible with
<code>setuptools&gt;=69.0.3</code>.
(<code>[#12477](pypa/pip#12477)
&lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable
installs. (<code>[#12480](pypa/pip#12480)
&lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by
only scanning the relevant directory once, only considering file names
that are valid wheel or sdist names, and only considering files in the
directory that are related to the install.
(<code>[#12327](pypa/pip#12327)
&lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the
<code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works
(<code>[#11815](pypa/pip#11815)
&lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation.
(<code>[#12417](pypa/pip#12417)
&lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical
specifications on the :doc:<code>pypug:index</code>
(<code>[#12434](pypa/pip#12434)
&lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs
(<code>[#12475](pypa/pip#12475)
&lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's
<code>pyproject.toml</code> file.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a>
Tweak NEWS.rst</li>
<li><a
href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a>
Tweak news before release</li>
<li><a
href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from
jeanas/mailmap</li>
<li><a
href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a>
Add mailmap entry for <a
href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a
href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from
bdraco/add_502</li>
<li><a
href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a>
Update src/pip/_internal/network/session.py</li>
<li><a
href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from
sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a
href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from
VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.3.2...24.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.3.2&new-version=24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Feb 5, 2024
@dependabot @inmantaci
Bump pip from 23.3.2 to 24.0 (PR #7120)
dac5809 
Bumps [pip](https://github.com/pypa/pip) from 23.3.2 to 24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502 (<code>[#11843](pypa/pip#11843) &lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when <code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>. (<code>[#11915](pypa/pip#11915) &lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of packages whose name
contains <code>_</code> compatible with <code>setuptools&gt;=69.0.3</code>. (<code>[#12477](pypa/pip#12477) &lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable installs. (<code>[#12480](pypa/pip#12480) &lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by only scanning the relevant directory once, only considering file names that are valid wheel or sdist names, and only considering files in the directory that are related to the install. (<code>[#12327](pypa/pip#12327) &lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the <code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works (<code>[#11815](pypa/pip#11815) &lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation. (<code>[#12417](pypa/pip#12417) &lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical specifications on the :doc:<code>pypug:index</code> (<code>[#12434](pypa/pip#12434) &lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly. (<code>[#12449](pypa/pip#12449) &lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs (<code>[#12475](pypa/pip#12475) &lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's <code>pyproject.toml</code> file.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a> Tweak NEWS.rst</li>
<li><a href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a> Tweak news before release</li>
<li><a href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from jeanas/mailmap</li>
<li><a href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a> Add mailmap entry for <a href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from bdraco/add_502</li>
<li><a href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a> Update src/pip/_internal/network/session.py</li>
<li><a href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.3.2...24.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.3.2&new-version=24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Feb 11, 2024
@dependabot
chore(deps): Bump pip from 23.3.2 to 24.0 (#1698)
27884e5 
Bumps [pip](https://github.com/pypa/pip) from 23.3.2 to 24.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.0 (2024-02-03)</h1>
<h2>Features</h2>
<ul>
<li>Retry on HTTP status code 502
(<code>[#11843](pypa/pip#11843)
&lt;https://github.com/pypa/pip/issues/11843&gt;</code>_)</li>
<li>Automatically use the setuptools PEP 517 build backend when
<code>--config-settings</code> is
used for projects without <code>pyproject.toml</code>.
(<code>[#11915](pypa/pip#11915)
&lt;https://github.com/pypa/pip/issues/11915&gt;</code>_)</li>
<li>Make pip freeze and pip uninstall of legacy editable installs of
packages whose name
contains <code>_</code> compatible with
<code>setuptools&gt;=69.0.3</code>.
(<code>[#12477](pypa/pip#12477)
&lt;https://github.com/pypa/pip/issues/12477&gt;</code>_)</li>
<li>Support per requirement <code>--config-settings</code> for editable
installs. (<code>[#12480](pypa/pip#12480)
&lt;https://github.com/pypa/pip/issues/12480&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Optimized usage of <code>--find-links=&lt;path-to-dir&gt;</code>, by
only scanning the relevant directory once, only considering file names
that are valid wheel or sdist names, and only considering files in the
directory that are related to the install.
(<code>[#12327](pypa/pip#12327)
&lt;https://github.com/pypa/pip/issues/12327&gt;</code>_)</li>
<li>Removed <code>wheel</code> from the
<code>[build-system].requires</code> list fallback
that is used when <code>pyproject.toml</code> is absent.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade distlib to 0.3.8</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Fix explanation of how PIP_CONFIG_FILE works
(<code>[#11815](pypa/pip#11815)
&lt;https://github.com/pypa/pip/issues/11815&gt;</code>_)</li>
<li>Fix outdated pip install argument description in documentation.
(<code>[#12417](pypa/pip#12417)
&lt;https://github.com/pypa/pip/issues/12417&gt;</code>_)</li>
<li>Replace some links to PEPs with links to the canonical
specifications on the :doc:<code>pypug:index</code>
(<code>[#12434](pypa/pip#12434)
&lt;https://github.com/pypa/pip/issues/12434&gt;</code>_)</li>
<li>Updated the <code>pyproject.toml</code> document to stop suggesting
to depend on <code>wheel</code> as a build dependency directly.
(<code>[#12449](pypa/pip#12449)
&lt;https://github.com/pypa/pip/issues/12449&gt;</code>_)</li>
<li>Update supported interpreters in development docs
(<code>[#12475](pypa/pip#12475)
&lt;https://github.com/pypa/pip/issues/12475&gt;</code>_)</li>
</ul>
<h2>Process</h2>
<ul>
<li>Most project metadata is now defined statically via pip's
<code>pyproject.toml</code> file.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/ef78c129b1a966dbbbdb8ebfffc43723e89110d1"><code>ef78c12</code></a>
Tweak NEWS.rst</li>
<li><a
href="https://github.com/pypa/pip/commit/6681c02710b81278adb874007286960108867768"><code>6681c02</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/ef56d47f90eb3881dba5134241de94d504576f1b"><code>ef56d47</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/53e5f192bab27cad793e9dbfd9849717c1ed3617"><code>53e5f19</code></a>
Tweak news before release</li>
<li><a
href="https://github.com/pypa/pip/commit/456db06c0312b6ce971d7c7a97806be8868b79b7"><code>456db06</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12507">#12507</a> from
jeanas/mailmap</li>
<li><a
href="https://github.com/pypa/pip/commit/0b93dfc7c319449a71c50233c4fb344f9c24a668"><code>0b93dfc</code></a>
Add mailmap entry for <a
href="https://github.com/jeanas"><code>@​jeanas</code></a></li>
<li><a
href="https://github.com/pypa/pip/commit/c0801efcb5251d5704d67dd77dc77b5499d900c5"><code>c0801ef</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12500">#12500</a> from
bdraco/add_502</li>
<li><a
href="https://github.com/pypa/pip/commit/aa930c49983e11c89d00d959c5d412a3211c2cbf"><code>aa930c4</code></a>
Update src/pip/_internal/network/session.py</li>
<li><a
href="https://github.com/pypa/pip/commit/99a82b7e49a1657d18c8453c42f7eff971ce1cb5"><code>99a82b7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12494">#12494</a> from
sbidoul/pass-config-settings-to-editable-in-re...</li>
<li><a
href="https://github.com/pypa/pip/commit/ff30ba86c1d04ade84843b02d251f97f1a2c3c2c"><code>ff30ba8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12501">#12501</a> from
VladimirFokow/fix-small-typo</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/23.3.2...24.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=23.3.2&new-version=24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
C: build logic Stuff related to metadata generation / wheel generation
Projects
None yet
Milestone
24.0
Development

Successfully merging a pull request may close this issue.

Let --config-settings imply PEP 517 sbidoul/pip
4 participants
@sbidoul @pfmoore @pradyunsg @q0w