The resolver collects previously known incompatibilites and sends them
to the provider. But previously the provider does not correctly exclude
the currently-installed candidate if it is present in that
incompatibility list, causing the resolver to enter a loop trying that
same candidate. This patch correctly applies incompat_ids when producing
an AlreadyInstalledCandidate and exclude it if its id() is in the set.
Rust is becoming more popular for writing Python extension modules in, this information would be valuable for package maintainers to assess the ecosystem, in the same way glibc or openssl version is.
This change ensures that when pip is executed from a wheel/zip,
standalone pip creation for build environment reuses the source.
Resolves: #9953
Co-authored-by: Tzu-ping Chung <uranusjr@gmail.com>
This adds a check before invoking 'egg_info' to make sure either setup.py or
setup.cfg actually exists, and emit a clearer error message when neither can
be found and the egg_info command can never succeed.
This fixes a compatibility issue when a PEP 517 build requirement
itself needs to be built in an isolated environment, caused by
importlib.resources not being available.
The practical difference is the mismatch detection is not performed at
most once for every invocation, thus only warned once if there are any
mismatches.
For compatibility with distutils. This is only done when pip is not
inside a virtual environment due to a quirk in pip's previous
implementation to the header path.
Previously, maliciously formatted tags could be used to hijack a
commit-based pin. Using the fact that the split here allowed for
all of unicode's whitespace characters as separators -- which git allows
as a part of a tag name -- it is possible to force a different revision
to be installed; if an attacker gains access to the repository.
This change stops splitting the string on unicode characters, by forcing
the splits to happen on newlines and ASCII spaces.
The UTF-8 encoding was assumed in an sdist, but without explicit
specifying, extraction may fail on obscure systems where the default
encoding is not UTF-8.
Co-Authored-By: Chris Hunt <chrahunt@gmail.com>