From 8a34ace17ea20cab4792b9bce5b23f66064dcc04c88ecb5bd0b286bf28424aa9 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 21 Nov 2023 16:33:21 +0000 Subject: [PATCH] - Update to 23.3.1: - Bug Fixes - Handle a timezone indicator of Z when parsing dates in the self check. (#12338) - Fix bug where installing the same package at the same time with multiple pip processes could fail. (#12361) - Update to 23.3: - Process - Added reference to vulnerability reporting guidelines to pip's security policy. - Features - Improve extras resolution for multiple constraints on same base package. (#11924) - Improve use of datastructures to make candidate selection 1.6x faster. (#12204) - Allow pip install --dry-run to use platform and ABI overriding options. (#12215) - Add is_yanked boolean entry to the installation report (--report) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. (#12224) - Bug Fixes - Ignore errors in temporary directory cleanup (show a warning instead). (#11394) - Normalize extras according to PEP 685 from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this does not solve cases where the package itself contains OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pip?expand=0&rev=111 --- pip-23.2.1-gh.tar.gz | 3 -- pip-23.3.1-gh.tar.gz | 3 ++ pip-shipped-requests-cabundle.patch | 20 ++++---- python-pip.changes | 71 +++++++++++++++++++++++++++++ python-pip.spec | 4 +- 5 files changed, 84 insertions(+), 17 deletions(-) delete mode 100644 pip-23.2.1-gh.tar.gz create mode 100644 pip-23.3.1-gh.tar.gz diff --git a/pip-23.2.1-gh.tar.gz b/pip-23.2.1-gh.tar.gz deleted file mode 100644 index 3804979..0000000 --- a/pip-23.2.1-gh.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:975e6b09fe9d14927b67db05d7de3a60503a1696c8c23ca2486f114c20097ad4 -size 9370625 diff --git a/pip-23.3.1-gh.tar.gz b/pip-23.3.1-gh.tar.gz new file mode 100644 index 0000000..7205229 --- /dev/null +++ b/pip-23.3.1-gh.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4192f1ed5f8f1e01557d8c02ffd845c64d4a4567e0864ca78b74b0b5456c0f62 +size 9397023 diff --git a/pip-shipped-requests-cabundle.patch b/pip-shipped-requests-cabundle.patch index 87ed6cb..c90e180 100644 --- a/pip-shipped-requests-cabundle.patch +++ b/pip-shipped-requests-cabundle.patch @@ -1,12 +1,10 @@ --- - src/pip/_vendor/certifi/core.py | 70 ++++------------------------------------ - tests/unit/test_options.py | 5 ++ - 2 files changed, 13 insertions(+), 62 deletions(-) + src/pip/_vendor/certifi/core.py | 105 +++------------------------------------- + tests/unit/test_options.py | 5 + + 2 files changed, 13 insertions(+), 97 deletions(-) -Index: pip-22.3.1/src/pip/_vendor/certifi/core.py -=================================================================== ---- pip-22.3.1.orig/src/pip/_vendor/certifi/core.py -+++ pip-22.3.1/src/pip/_vendor/certifi/core.py +--- a/src/pip/_vendor/certifi/core.py ++++ b/src/pip/_vendor/certifi/core.py @@ -3,106 +3,17 @@ certifi.py ~~~~~~~~~~ @@ -122,10 +120,8 @@ Index: pip-22.3.1/src/pip/_vendor/certifi/core.py - return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii") +def contents() -> str: + return read_text(encoding="ascii") -Index: pip-22.3.1/tests/unit/test_options.py -=================================================================== ---- pip-22.3.1.orig/tests/unit/test_options.py -+++ pip-22.3.1/tests/unit/test_options.py +--- a/tests/unit/test_options.py ++++ b/tests/unit/test_options.py @@ -1,4 +1,5 @@ import os +import os.path @@ -140,7 +136,7 @@ Index: pip-22.3.1/tests/unit/test_options.py from tests.lib.options_helpers import AddFakeCommandMixin -@@ -619,6 +621,9 @@ class TestOptionsConfigFiles: +@@ -618,6 +620,9 @@ class TestOptionsConfigFiles: else: assert expect == cmd._determine_file(options, need_value=False) diff --git a/python-pip.changes b/python-pip.changes index c38e23f..6afa45e 100644 --- a/python-pip.changes +++ b/python-pip.changes @@ -1,3 +1,74 @@ +------------------------------------------------------------------- +Tue Nov 21 10:38:00 UTC 2023 - Matej Cepl + +- Update to 23.3.1: + - Bug Fixes + - Handle a timezone indicator of Z when parsing dates in the + self check. (#12338) + - Fix bug where installing the same package at the same time + with multiple pip processes could fail. (#12361) +- Update to 23.3: + - Process + - Added reference to vulnerability reporting guidelines to + pip's security policy. + - Features + - Improve extras resolution for multiple constraints on same + base package. (#11924) + - Improve use of datastructures to make candidate selection + 1.6x faster. (#12204) + - Allow pip install --dry-run to use platform and ABI + overriding options. (#12215) + - Add is_yanked boolean entry to the installation report + (--report) to indicate whether the requirement was yanked + from the index, but was still selected by pip conform to + PEP 592. (#12224) + - Bug Fixes + - Ignore errors in temporary directory cleanup (show a + warning instead). (#11394) + - Normalize extras according to PEP 685 from package metadata + in the resolver for comparison. This ensures extras are + correctly compared and merged as long as the package + providing the extra(s) is built with values normalized + according to the standard. Note, however, that this + does not solve cases where the package itself contains + unnormalized extra values in the metadata. (#11649) + - Prevent downloading sdists twice when PEP 658 metadata is + present. (#11847) + - Include all requested extras in the install report + (--report). (#11924) + - Removed uses of datetime.datetime.utcnow from non-vendored + code. (#12005) + - Consistently report whether a dependency comes from an + extra. (#12095) + - Fix completion script for zsh (#12166) + - Fix improper handling of the new onexc argument of + shutil.rmtree() in Python 3.12. (#12187) + - Filter out yanked links from the available versions + error message: "(from versions: 1.0, 2.0, 3.0)" will + not contain yanked versions conform PEP 592. The yanked + versions (if any) will be mentioned in a separate error + message. (#12225) + - Fix crash when the git version number contains something + else than digits and dots. (#12280) + - Use -r=... instead of -r ... to specify references with + Mercurial. (#12306, CVE-2023-5752, bsc#1217353) + - Redact password from URLs in some additional + places. (#12350) + - pip uses less memory when caching large packages. As a + result, there is a new on-disk cache format stored in a new + directory ($PIP_CACHE_DIR/http-v2). (#2984) + - Vendored Libraries + - Upgrade certifi to 2023.7.22 + - Add truststore 0.8.0 + - Upgrade urllib3 to 1.26.17 + - Improved Documentation + - Document that pip search support has been removed from PyPI + (#12059) + - Clarify --prefer-binary in CLI and docs (#12122) + - Document that using OS-provided Python can cause pip's test + suite to report false failures. (#12334) +- Adjust pip-shipped-requests-cabundle.patch. + ------------------------------------------------------------------- Mon Aug 28 03:30:09 UTC 2023 - Steve Kowalik diff --git a/python-pip.spec b/python-pip.spec index 3cd52bf..60a31c3 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -40,11 +40,11 @@ %endif %{?sle15_python_module_pythons} Name: python-pip%{psuffix} -Version: 23.2.1 +Version: 23.3.1 Release: 0 Summary: A Python package management system License: MIT -URL: http://www.pip-installer.org +URL: https://pip.pypa.io # The PyPI archive lacks the tests Source: https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz # PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package