Use the com2ann tool to convert remaining comments to annotations. Now,
no type comments remain.
https://github.com/ilevkivskyi/com2ann
Some types are not available at runtime (e.g. Literal) or require a
forward reference and so were quoted.
Clone with --filter=blob:none - as it fetches all
metadata, but only dynamically fetches the blobs as
needed by checkout. Since typically, pip only needs the blobs for
a single revision, this can be a big improvement, especially
when fetching from repositories with a lot of history,
particularly on slower network connections.
Added unit test for the rev-less path. Confirmed that both
of the if/else paths are tested by the unit tests.
Use the tool com2ann to automatically convert most type comments to type
annotations. Some type comments continue to exist where any work beyond
the automatic conversion was required (for example, additional
formatting or circular references).
For additional information on the com2ann tool, see:
https://github.com/ilevkivskyi/com2ann
After packaging drops LegacyVersion, version.parse() will no longer
guarantee to be able to parse Git versions, so we need to invent our own
parser. Since we really only care about the major and minor segments,
the logic is pretty simple.
A Python project root is now defined as containing a pyproject.toml, or
a setup.py (pre-PEP-517 legacy layout). After this patch, this logic
applies to all checks except parse_editable, where we check for setup.py
and setup.cfg instead since non-setuptools PEP 517 projects cannot be
installed as editable right now.
Pip dropped support for `git+ssh@` style requirements (see #7554)
in favour of `git+ssh://` but didn't propagate the change to
`pip freeze` which resultantly returns invalid requirements.
Fix this behaviour.
Fixes#9625.
Previously, maliciously formatted tags could be used to hijack a
commit-based pin. Using the fact that the split here allowed for
all of unicode's whitespace characters as separators -- which git allows
as a part of a tag name -- it is possible to force a different revision
to be installed; if an attacker gains access to the repository.
This change stops splitting the string on unicode characters, by forcing
the splits to happen on newlines and ASCII spaces.
The typing module has been available since Python 3.5. Guarding the
import has been unnecessary since dropping Python 2.
Some guards remain to either:
- Avoid circular imports
- Importing objects that are also guarded by typing.TYPE_CHECKING
- Avoid mypy_extensions dependency
The stdlib module has been available since Python 3.5 and the
TYPE_CHECKING constant has been available since 3.5.2.
By using stdlib, this removes the need for pip to maintain its own
Python 2 typing compatibility shim.
Now that we don't need to support git@
pseudo-urls, we can simplify the test for
valid VCS URLs based on link.is_vcs, which
is turns is based on the URL scheme.
This also means we fail earlier if a git@ pseudo
URL is used.
Since VCS requirements are not validated to be URLs
in Requirement constructors, we can simplify update_editable.
The method Subversion._get_svn_url_rev() will sometimes return None for
a remote URL. The calling code should handle this. If it is None, raise
a RemoteNotFoundError as prescribed by the parent class docstring.
Followup to 0b761a164c.
Previously, the Subversion subclass violated the parent's type signature
by returning an int, but it is now coerced to a str to match the
expected signature.
Since Python 3.3, the following classes have merged into OSError. They
remain as aliases for backward compatibility.
- EnvironmentError
- IOError
- WindowsError
https://docs.python.org/3/library/exceptions.html#OSError
Python 3 also has subclasses of OSError to help identify more specific
errors. For example, FileNotFoundError. This allows simplifying some
except blocks.