The earlier warning phrasing has some awkwardness and doesn't clearly
explain why this action is potentially harmful. The change from
"you should" to "it is recommended" is also intentional, to take a
different tone.
It looks like towncrier unconditionally writes top_line
when it is defined in the title_format configuration.
So we must not repeat it in the template.
When running towncrier with --draft, it works differently
so in that case the top line is not shown...
The resolver collects previously known incompatibilites and sends them
to the provider. But previously the provider does not correctly exclude
the currently-installed candidate if it is present in that
incompatibility list, causing the resolver to enter a loop trying that
same candidate. This patch correctly applies incompat_ids when producing
an AlreadyInstalledCandidate and exclude it if its id() is in the set.
This change ensures that when pip is executed from a wheel/zip,
standalone pip creation for build environment reuses the source.
Resolves: #9953
Co-authored-by: Tzu-ping Chung <uranusjr@gmail.com>
This adds a check before invoking 'egg_info' to make sure either setup.py or
setup.cfg actually exists, and emit a clearer error message when neither can
be found and the egg_info command can never succeed.
This fixes a compatibility issue when a PEP 517 build requirement
itself needs to be built in an isolated environment, caused by
importlib.resources not being available.
For compatibility with distutils. This is only done when pip is not
inside a virtual environment due to a quirk in pip's previous
implementation to the header path.
Previously, maliciously formatted tags could be used to hijack a
commit-based pin. Using the fact that the split here allowed for
all of unicode's whitespace characters as separators -- which git allows
as a part of a tag name -- it is possible to force a different revision
to be installed; if an attacker gains access to the repository.
This change stops splitting the string on unicode characters, by forcing
the splits to happen on newlines and ASCII spaces.
When a requirement is requested multiple times, some via a direct URL
("req @ URL") and some not but with extras ("req[extra] VERSION"), the
resolver previous could not correctly find "req[extra]" if "req" is
available in an index.
This additional logic makes the resolver, when encountering a
requirement with identifier "req[extra]", to also look for explicit
candidates listed under "req", and add them as found matches for
"req[extra]".
