Warn when the pkg_resource metadata backend is used with Python 3.11, 3.12, 3.13 #13318
+33
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sbidoul
commented
Apr 5, 2025
| if hasattr(importlib.metadata, "_PIP_USE_IMPORTLIB_METADATA"): | ||
| # The Python distributor has set the global constant, so we don't | ||
| # warn, since it is not a user decision. | ||
| return |
There was a problem hiding this comment.
I'm not entirely sure we should not warn the user here.
There was a problem hiding this comment.
I'm not aware of any redistributor setting this attribute. Last time we reached out to our distro redistributors, none said they needed to use pkg_resources which implies that they didn't use this attribute either.
with Python 3.11, 3.12, 3.13.
sbidoul
force-pushed
the
deprecate-pkg-resources-backend
branch
from
98956d3 to
feef19f
Compare
notatallshaw
approved these changes
Apr 10, 2025
ichard26
approved these changes
Apr 12, 2025
|
Thanks for the reviews! |
github-merge-queue bot
pushed a commit
to MeltanoLabs/target-csv
that referenced
this pull request
Apr 28, 2025
#193) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://redirect.github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to MeltanoLabs/tap-pulumi-cloud
that referenced
this pull request
Apr 28, 2025
#248) Bumps the ci group in /.github/workflows with 1 update: [pip](https://github.com/pypa/pip). Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://redirect.github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to google/scaaml
that referenced
this pull request
Apr 28, 2025
Bumps the dependabot group with 4 updates: [setuptools](https://github.com/pypa/setuptools), [certifi](https://github.com/certifi/python-certifi), [pip](https://github.com/pypa/pip) and [importlib-metadata](https://github.com/python/importlib_metadata). Updates `setuptools` from 79.0.0 to 80.0.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v80.0.0</h1> <h2>Bugfixes</h2> <ul> <li>Update test to honor new behavior in importlib_metadata 8.7. (<a href="https://redirect.github.com/pypa/setuptools/issues/4961">#4961</a>)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Removed support for the easy_install command including the sandbox module. (<a href="https://redirect.github.com/pypa/setuptools/issues/2908">#2908</a>)</li> <li>Develop command no longer uses easy_install, but instead defers execution to pip (which then will re-invoke Setuptools via PEP 517 to build the editable wheel). Most of the options to develop are dropped. This is the final warning before the command is dropped completely in a few months. Use-cases relying on 'setup.py develop' should pin to older Setuptools version or migrate to modern build tooling. (<a href="https://redirect.github.com/pypa/setuptools/issues/4955">#4955</a>)</li> </ul> <h1>v79.0.1</h1> <h2>Bugfixes</h2> <ul> <li>Merge with pypa/distutils@24bd3179b including fix for <a href="https://redirect.github.com/pypa/distutils/issues/355">pypa/distutils#355</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/aeea79266d82f99dbe556126b90b64215a663a2c"><code>aeea792</code></a> Bump version: 79.0.1 → 80.0.0</li> <li><a href="https://github.com/pypa/setuptools/commit/2c874e78f4240963f74debcaadcccb97cb302ded"><code>2c874e7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/4962">#4962</a> from pypa/bugfix/4961-validated-eps</li> <li><a href="https://github.com/pypa/setuptools/commit/82c588aedd8142e7615031358e2d2640213a351d"><code>82c588a</code></a> Update test to honor new behavior in importlib_metadata 8.7</li> <li><a href="https://github.com/pypa/setuptools/commit/ef4cd2960d75f2d49f40f5495347523be62d20e5"><code>ef4cd29</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/2908">#2908</a> from pypa/debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/85bbad4945d874a2444e4531c74c5074cdeca010"><code>85bbad4</code></a> Merge branch 'main' into debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/9653305c35a143b8d1bad2c190f918887dd1e6d5"><code>9653305</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/4955">#4955</a> from pypa/debt/develop-uses-pip</li> <li><a href="https://github.com/pypa/setuptools/commit/da119e7e996b00b6e26f79995bec55684a3fabbe"><code>da119e7</code></a> Set a due date 6 months in advance.</li> <li><a href="https://github.com/pypa/setuptools/commit/a7603da5d3c709f6f01c8df8031ba7a7ae7959a0"><code>a7603da</code></a> Rename news fragment to reference the pull request for better precise locality.</li> <li><a href="https://github.com/pypa/setuptools/commit/018a20cb130e9357f39c176b59c83738a09d7daa"><code>018a20c</code></a> Restore a few of the options to develop.</li> <li><a href="https://github.com/pypa/setuptools/commit/a5f02fe88d46e963bc470a60a9f8613d7f889d49"><code>a5f02fe</code></a> Remove another test relying on setup.py develop.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v79.0.0...v80.0.0">compare view</a></li> </ul> </details> <br /> Updates `certifi` from 2025.1.31 to 2025.4.26 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/275c9eb55733a464589c15fb4566fddd4598e5b2"><code>275c9eb</code></a> 2025.04.26 (<a href="https://redirect.github.com/certifi/python-certifi/issues/347">#347</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/37883310b51e56570919cdc2d44becc1c6940559"><code>3788331</code></a> Bump actions/setup-python from 5.4.0 to 5.5.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/346">#346</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/9d1f1b782000baedf57026de5b79e193bcb7ef7b"><code>9d1f1b7</code></a> Bump actions/download-artifact from 4.1.9 to 4.2.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/344">#344</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/96b97a5afe26bc1adef98cb0bfe68e34948a73b6"><code>96b97a5</code></a> Bump actions/upload-artifact from 4.6.1 to 4.6.2 (<a href="https://redirect.github.com/certifi/python-certifi/issues/343">#343</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c054ed3ac3d3505efc929b71cfd87a257bbdb6b3"><code>c054ed3</code></a> Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (<a href="https://redirect.github.com/certifi/python-certifi/issues/342">#342</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/44547fc77121b12bb276b44b3b2b49cfcbeac06f"><code>44547fc</code></a> Bump actions/download-artifact from 4.1.8 to 4.1.9 (<a href="https://redirect.github.com/certifi/python-certifi/issues/341">#341</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/5ea51247afecf1bf4ebfa8f2db3082e89a8bfaed"><code>5ea5124</code></a> Bump actions/upload-artifact from 4.6.0 to 4.6.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/340">#340</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/2f142b7ae0b2d13fee4ba4b9fbd73a9cd5069060"><code>2f142b7</code></a> Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/339">#339</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/80d2ebdc77d2d005f408f789fe2fb1fe5f4e0265"><code>80d2ebd</code></a> Bump actions/setup-python from 5.3.0 to 5.4.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/337">#337</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26">compare view</a></li> </ul> </details> <br /> Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) <https://github.com/pypa/pip/issues/12989></code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) <https://github.com/pypa/pip/issues/13010></code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) <https://github.com/pypa/pip/issues/13303></code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) <https://github.com/pypa/pip/issues/13318></code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) <https://github.com/pypa/pip/issues/13319></code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking "pip config debug" in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) <https://github.com/pypa/pip/issues/12649></code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) <https://github.com/pypa/pip/issues/12710></code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) <https://github.com/pypa/pip/issues/12712></code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) <https://github.com/pypa/pip/issues/12873></code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) <https://github.com/pypa/pip/issues/12963></code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) <https://github.com/pypa/pip/issues/12991></code>_)</p> </li> <li> <p>Use :pep:<code>753</code> "Well-known Project URLs in Metadata" normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) <https://github.com/pypa/pip/issues/13135></code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) <https://github.com/pypa/pip/issues/13188></code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) <https://github.com/pypa/pip/issues/13194></code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) <https://github.com/pypa/pip/issues/13213></code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) <https://github.com/pypa/pip/issues/13253></code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) <https://github.com/pypa/pip/issues/13273></code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) <https://github.com/pypa/pip/issues/13282></code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) <https://github.com/pypa/pip/issues/13290></code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) <https://github.com/pypa/pip/issues/13299></code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) <https://github.com/pypa/pip/issues/5210></code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://redirect.github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> Updates `importlib-metadata` from 8.6.1 to 8.7.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's changelog</a>.</em></p> <blockquote> <h1>v8.7.0</h1> <h2>Features</h2> <ul> <li><code>.metadata()</code> (and <code>Distribution.metadata</code>) can now return <code>None</code> if the metadata directory exists but not metadata file is present. (<a href="https://redirect.github.com/python/importlib_metadata/issues/493">#493</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Raise consistent ValueError for invalid EntryPoint.value (<a href="https://redirect.github.com/python/importlib_metadata/issues/518">#518</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/importlib_metadata/commit/708dff4f1ab89bdd126e3e8c56098d04282c5809"><code>708dff4</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/b3065f03cc3395f46ed575e612e213f92a064879"><code>b3065f0</code></a> Merge pull request <a href="https://redirect.github.com/python/importlib_metadata/issues/519">#519</a> from python/bugfix/493-metadata-missing</li> <li><a href="https://github.com/python/importlib_metadata/commit/e4351c226765f53a40316fa6aab50488aee8a90f"><code>e4351c2</code></a> Add a new test capturing the new expectation.</li> <li><a href="https://github.com/python/importlib_metadata/commit/5a657051f7386de6f0560c200d78e941be2c8058"><code>5a65705</code></a> Refactor the casting into a wrapper for brevity and to document its purpose.</li> <li><a href="https://github.com/python/importlib_metadata/commit/0830c39b8a23e48024365120c0e97a6f7c36c5ec"><code>0830c39</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/22bb567692d8e7bd216f864a9d8dee1272ee8674"><code>22bb567</code></a> Fix type errors where metadata could be None.</li> <li><a href="https://github.com/python/importlib_metadata/commit/57f31d77e18fef11dfadfd44775f253971c36920"><code>57f31d7</code></a> Allow metadata to return None when there is no metadata present.</li> <li><a href="https://github.com/python/importlib_metadata/commit/b9c4be4253250ad604610db66204e5fa70fa2455"><code>b9c4be4</code></a> Merge pull request <a href="https://redirect.github.com/python/importlib_metadata/issues/518">#518</a> from python/bugfix/488-bad-ep-value</li> <li><a href="https://github.com/python/importlib_metadata/commit/9f8af013635833cf3ac348413c9ac63b37caa3dd"><code>9f8af01</code></a> Prefer a cached property, as the property is likely to be retrieved at least ...</li> <li><a href="https://github.com/python/importlib_metadata/commit/f179e28888b2c6caf12baaf5449ff1cd82513dfe"><code>f179e28</code></a> Also raise ValueError on construction if the value is invalid.</li> <li>Additional commits viewable in <a href="https://github.com/python/importlib_metadata/compare/v8.6.1...v8.7.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Towards #13317
We warn when the undocumented
_PIP_USE_IMPORTLIB_METADATAis set tofalse, causing the use of thepkg_resourcesmetadata backend on Python 3.11, 3.12, 3.13.