by creating a PyPI object
Before:
$ ag --ignore=_vendor 'pypi.python.org' pip
pip/cmdoptions.py
195: default='https://pypi.python.org/simple/',
pip/commands/search.py
33: default='https://pypi.python.org/pypi',
pip/index.py
305: if page is None and 'pypi.python.org' not in str(main_index_url):
706: ).netloc.endswith("pypi.python.org")):
pip/utils/outdated.py
107: "https://pypi.python.org/pypi/pip/json",
After:
$ ag --ignore=_vendor 'pypi.python.org' pip
pip/index.py
77:PyPI = Index(url='https://pypi.python.org/', trusted=True)
* Deprecates accessing non secure origins by default, the list of
which is taken from Chrome.
* Adds a --trusted-host flag to enable users to mark a specific
host as a secure origin regardless of what we think.
* Refactors the original warning to better indicate the intent
and the new flag.
* Deprecates the --download-cache option & removes the download
cache code.
* Removes the in memory page cache on the index
* Uses CacheControl to cache all cacheable HTTP requests to the
filesystem.
* Properly handles CacheControl headers for unconditional
caching.
* Will use ETag and Last-Modified headers to attempt to do a
conditional HTTP request to speed up cache misses and turn
them into cache hits.
* Removes some concurrency unsafe code in the download cache
accesses.
* Uses a Cache-Control request header to limit the maximum
length of time a cache is valid for.
* Adds pip.appdirs to handle platform specific application
directories such as cache, config, data, etc.
Add a 'retry' option which allows to configure how many
retries pip should make before giving up on HTTP request.
When the retries count is specified by user, its value is
passed to HTTPAdapter from requests which handles all
the underlying operations.
* PEP381 Mirroring support was never fully implemented leaving
users of it trivially exploitable to a MITM or malicious mirror
operator.
* 2 out of 6 of the mirrors have been removed from the pool and
will never resolve.
* The remaining mirrors often fall behind
* The mirrors will likely never be available under HTTPS
* People who wish to use a mirror of PyPI can still do so by
manually specifying a mirror url for --index-url or
--extra-index-url which is more flexible, allowing for
mirrors to be hosted under any domain.
* Links and HTMLPages know if they are "trusted"
* File Links know if they are safe or not
* A "Safe" file Link comes from a trusted Link/HTMLPage and has
a hash allowing verification of the download
* Adds a --allow-unsafe PACKAGE argument to allow unsafe files on
a per package basis
* Optimizes scraping external sites by short circuiting if
the current trust rules won't allow using it's files anyways
* By default ignore external links
* Add the ``--allow-external`` flag that enables external links
globally
* Fallback to allowing all links if we cannot determine the
API version of the parsed page
* Inform the user of ``--allow-external`` if nothing was found
to install
