build(deps): bump pip from 26.0.1 to 26.1 #1112 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | dependabot/pip/pip-26.1 -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | dependabot[bot] |
| State | closed |
| Commit Title | build(deps): bump pip from 26.0.1 to 26.1 |
| Commit Body | Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>26.1 (2026-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.9. (<code>[#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795></code>_)</li> </ul> <h2>Features</h2> <ul> <li>Add experimental support to read requirements from standardized pylock.toml files (<code>-r pylock.toml</code>). (<code>[#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876></code>_)</li> <li>Allow <code>--uploaded-prior-to</code> to accept a duration in days (e.g., <code>P3D</code> for 3 days ago). (<code>[#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674></code>_)</li> </ul> <h2>Enhancements</h2> <ul> <li>Speed up dependency resolution when there are complex conflicts. (<code>[#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859></code>_)</li> <li>Reduce memory usage when resolving large dependency trees. (<code>[#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843></code>_)</li> <li>Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. (<code>[#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912></code>_)</li> <li>Allow URL constraints to apply to requirements with extras. (<code>[#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018></code>_)</li> <li>Allow unpinned requirements to use hashes from constraints. Constraints like <code>{name}=={version} --hash=...</code> feeds into hash verification for a corresponding requirement. (<code>[#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243></code>_)</li> <li>Improve conflict reports that involve direct URLs. (<code>[#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932></code>_)</li> <li>Show all errors instead of first error for faulty <code>dependency_groups</code> definitions. (<code>[#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917></code>_)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Fix recovery hint for missing RECORD file to use <code>--ignore-installed</code> instead of <code>--force-reinstall</code>. (<code>[#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645></code>_)</li> <li>Fix misleading error message when a constraint file cannot be opened. (<code>[#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226></code>_)</li> <li>Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (<code>[#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494></code>_)</li> <li>Remove the adjacent <code>__pycache__</code> directory when a .py file is removed. (<code>[#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725></code>_)</li> <li>Force UTF-8 encoding for :pep:<code>723</code> metadata. (<code>[#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861></code>_)</li> <li>Minor performance improvement when filtering candidates during resolution. (<code>[#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916></code>_)</li> <li>Fix a hang on Windows when stdout is closed during verbose output. (<code>[#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927></code>_)</li> <li>Common path prefixes are determined by path segment, not character by character. (<code>[#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847></code>_)</li> <li>Fix installing <code>.tar.gz</code> source distributions that look like a zip file. (<code>[#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867></code>_)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Upgrade certifi to 2026.2.25</li> <li>Upgrade packaging to 26.2</li> <li>Upgrade requests to 2.33.1</li> <li>Upgrade tomli to 2.3.1</li> <li>Upgrade urllib3 to 2.6.3</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from sbidoul/install-from-pylock-reqs-sbi</li> <li><a href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from pypa/revert-13888-resolver-editable-links</li> <li><a href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a> Revert "Allow editable installs to satisfy direct-URL dependencies (<a href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)"</li> <li><a href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a> -r pylock.toml: add pip-wheel -r pylock.toml test</li> <li><a href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a> -r pylock.toml: proper error with remote pylock.toml containing directory ent...</li> <li><a href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from ichard26/reword-news</li> <li><a href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a> -r pylock: refine filename pylock-ness test</li> <li><a href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a> -r pylock.toml: fix crash with pip wheel and pip lock</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.