Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate and remove --no-python-version-warning as Python 2 is dead #13154

Open
ichard26 opened this issue Jan 12, 2025 · 10 comments
Open

Deprecate and remove --no-python-version-warning as Python 2 is dead #13154

ichard26 opened this issue Jan 12, 2025 · 10 comments
Labels
type: deprecation Related to deprecation / removal.
Milestone
25.1

Comments

@ichard26
Copy link
Member

The Python 2 days are behind us, thus we can kill off the --no-python-version-warning flag which disabled the "Python 2 is sunsetting support" warnings :)

If you're using this flag, you can simply stop. It does nothing today.
@ichard26 ichard26 added the type: deprecation Related to deprecation / removal. label Jan 12, 2025
@ichard26 ichard26 mentioned this issue Jan 12, 2025
Merged
@ichard26 ichard26 added this to the 25.1 milestone Jan 12, 2025
@ichard26 ichard26 mentioned this issue Jan 26, 2025
Open
@jsirois
Copy link
Contributor

jsirois commented Jan 26, 2025

FWIW the help text says nothing at all about Python 2 and suggests the option is useful today to - for example - warn that Python 3.8 support is going away:

pip/src/pip/_internal/cli/cmdoptions.py

Lines 987 to 994 in 0d609f7

no_python_version_warning: Callable[..., Option] = partial(
Option,
"--no-python-version-warning",
dest="no_python_version_warning",
action="store_true",
default=False,
help="Silence deprecation warnings for upcoming unsupported Pythons.",
)

@ichard26
Copy link
Member Author

Yeah.. we've never done that other than for the Python 2 sunset. We could start warning, but seems unnecessary, especially as we're more on the conservative side when it comes to dropping Python versions. Once we drop a Python version, it probably has fallen out of major use (and the folks still using it can't be using the latest and greatest for other parts of the ecosystem already).

github-merge-queue bot pushed a commit to MeltanoLabs/target-csv that referenced this issue Jan 27, 2025
@dependabot
ci: Bump pip from 24.3.1 to 25.0 in /.github/workflows in the ci group (
89dcc15 
#172)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
frenzymadness added a commit to sclorg/s2i-python-container that referenced this issue Jan 27, 2025
@frenzymadness
Remove deprecated --no-python-version-warning option from pip
b778f44 
Discussion: pypa/pip#13154
@frenzymadness frenzymadness mentioned this issue Jan 27, 2025
Merged
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Jan 27, 2025
@dependabot
Bump pip from 24.3.1 to 25.0 (#10361)
b1fd346 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
frenzymadness added a commit to sclorg/s2i-python-container that referenced this issue Jan 27, 2025
@frenzymadness
Remove deprecated --no-python-version-warning option from pip
cc1e973 
Discussion: pypa/pip#13154
mergify bot pushed a commit to aws/jsii that referenced this issue Jan 27, 2025
@dependabot
chore(deps): Update pip requirement from ~=24.3 to ~=25.0 in /package…
d4fc4b0 
…s/@jsii/python-runtime (#4752)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3...25.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
This was referenced Jan 27, 2025
Merged
Merged
mergify bot pushed a commit to aws/jsii that referenced this issue Jan 27, 2025
@dependabot
chore(deps-dev): Bump pip from 24.3.1 to 25.0 in /packages/jsii-pacma…
3de0a76 
…k/test/generated-code (#4753)

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
github-merge-queue bot pushed a commit to meltano/meltano that referenced this issue Jan 27, 2025
@dependabot
ci: bump pip from 24.3.1 to 25.0 in /.github/workflows (#9049)
3568876 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to meltano/tap-smoke-test that referenced this issue Jan 27, 2025
@dependabot
ci: Bump pip from 24.3.1 to 25.0 in /.github/workflows in the ci group (
ddd8d49 
#225)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@vasudev-gm vasudev-gm mentioned this issue Jan 27, 2025
Merged
github-merge-queue bot pushed a commit to MeltanoLabs/tap-postgres that referenced this issue Jan 27, 2025
@dependabot
build(deps): Bump the ci group in /.github/workflows with 2 updates (#…
10e622a 
…573)

Bumps the ci group in /.github/workflows with 2 updates:
[pip](https://github.com/pypa/pip) and
[tox](https://github.com/tox-dev/tox).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tox` from 4.23.2 to 4.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases">tox's
releases</a>.</em></p>
<blockquote>
<h2>4.24.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Adds ability to configure stderr output color by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p>
<h2>4.24.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>fix docs config typo by <a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li>Allow users to disable use of pre-commit-uv by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li>
<li>Pass nix-ld related variables by default in pass_env (fixes <a
href="https://github.com/tox-dev/tox/issues/3425">#3425</a>) by
<a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
in <a
href="https://github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li>Improve testenv docs consistency by <a
href="https://github.com/thatch"><code>@​thatch</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li>Display exception name when subprocesses raise them by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li>
<li>Fix the CI after setuptools 75.6 change by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li>
<li>Update pre-commit hooks with mypy fix by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li>
<li>Fix a typo in a code block in the User Guide by <a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li>Update pre-commit hooks by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li>
<li>💅 Make SVG image compatible with Firefox by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li>
<li>feat: adding a json schema command by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li><a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
made their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li><a href="https://github.com/thatch"><code>@​thatch</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li><a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li><a href="https://github.com/henryiii"><code>@​henryiii</code></a>
made their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
changelog</a>.</em></p>
<blockquote>
<h2>v4.24.1 (2025-01-21)</h2>
<p>Misc - 4.24.1</p>
<pre><code>- :issue:`3426`
<h2>v4.24.0 (2025-01-21)</h2>
<p>Features - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Add a <code>schema</code> command to produce a JSON Schema for tox
and the current plugins.</p>
<ul>
<li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
</ul>
</li>
</ul>
<p>Bugfixes - 4.24.0</p>
<pre><code>- Log exception name when subprocess execution produces one.
<ul>
<li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
</ul>
<p>Improved Documentation - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to
<code>{:}</code>.</p>
<ul>
<li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li>
</ul>
</li>
<li>
<p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code>
variables by default in <code>pass_env</code> to make generic binaries
work under Nix/NixOS.</p>
<ul>
<li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a>
release 4.24.1</li>
<li><a
href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a>
Adds ability to configure stderr output color (<a
href="https://github.com/tox-dev/tox/issues/3426">#3426</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a>
release 4.24.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://github.com/tox-dev/tox/issues/3464">#3464</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a>
feat: adding a json schema command (<a
href="https://github.com/tox-dev/tox/issues/3446">#3446</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a>
💅 Make SVG image compatible with Firefox (<a
href="https://github.com/tox-dev/tox/issues/3466">#3466</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a>
Bump astral-sh/setup-uv from 4 to 5 (<a
href="https://github.com/tox-dev/tox/issues/3463">#3463</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a>
Update pre-commit hooks (<a
href="https://github.com/tox-dev/tox/issues/3460">#3460</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a>
Fix a typo in a code block in the User Guide (<a
href="https://github.com/tox-dev/tox/issues/3462">#3462</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a>
Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a
href="https://github.com/tox-dev/tox/issues/3459">#3459</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-stackexchange that referenced this issue Jan 27, 2025
@dependabot
ci: Bump the ci group in /.github/workflows with 2 updates (#504)
a6d85ce 
Bumps the ci group in /.github/workflows with 2 updates:
[pip](https://github.com/pypa/pip) and
[tox](https://github.com/tox-dev/tox).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tox` from 4.23.2 to 4.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases">tox's
releases</a>.</em></p>
<blockquote>
<h2>4.24.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Adds ability to configure stderr output color by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p>
<h2>4.24.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>fix docs config typo by <a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li>Allow users to disable use of pre-commit-uv by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li>
<li>Pass nix-ld related variables by default in pass_env (fixes <a
href="https://github.com/tox-dev/tox/issues/3425">#3425</a>) by
<a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
in <a
href="https://github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li>Improve testenv docs consistency by <a
href="https://github.com/thatch"><code>@​thatch</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li>Display exception name when subprocesses raise them by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li>
<li>Fix the CI after setuptools 75.6 change by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li>
<li>Update pre-commit hooks with mypy fix by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li>
<li>Fix a typo in a code block in the User Guide by <a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li>Update pre-commit hooks by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li>
<li>💅 Make SVG image compatible with Firefox by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li>
<li>feat: adding a json schema command by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li><a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
made their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li><a href="https://github.com/thatch"><code>@​thatch</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li><a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> made
their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li><a href="https://github.com/henryiii"><code>@​henryiii</code></a>
made their first contribution in <a
href="https://github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
changelog</a>.</em></p>
<blockquote>
<h2>v4.24.1 (2025-01-21)</h2>
<p>Misc - 4.24.1</p>
<pre><code>- :issue:`3426`
<h2>v4.24.0 (2025-01-21)</h2>
<p>Features - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Add a <code>schema</code> command to produce a JSON Schema for tox
and the current plugins.</p>
<ul>
<li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
</ul>
</li>
</ul>
<p>Bugfixes - 4.24.0</p>
<pre><code>- Log exception name when subprocess execution produces one.
<ul>
<li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
</ul>
<p>Improved Documentation - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to
<code>{:}</code>.</p>
<ul>
<li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li>
</ul>
</li>
<li>
<p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code>
variables by default in <code>pass_env</code> to make generic binaries
work under Nix/NixOS.</p>
<ul>
<li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a>
release 4.24.1</li>
<li><a
href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a>
Adds ability to configure stderr output color (<a
href="https://github.com/tox-dev/tox/issues/3426">#3426</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a>
release 4.24.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://github.com/tox-dev/tox/issues/3464">#3464</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a>
feat: adding a json schema command (<a
href="https://github.com/tox-dev/tox/issues/3446">#3446</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a>
💅 Make SVG image compatible with Firefox (<a
href="https://github.com/tox-dev/tox/issues/3466">#3466</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a>
Bump astral-sh/setup-uv from 4 to 5 (<a
href="https://github.com/tox-dev/tox/issues/3463">#3463</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a>
Update pre-commit hooks (<a
href="https://github.com/tox-dev/tox/issues/3460">#3460</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a>
Fix a typo in a code block in the User Guide (<a
href="https://github.com/tox-dev/tox/issues/3462">#3462</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a>
Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a
href="https://github.com/tox-dev/tox/issues/3459">#3459</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Hind-M Hind-M mentioned this issue Jan 27, 2025
Merged
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jan 27, 2025
@dependabot @inmantaci
Bump pip from 24.3.1 to 25.0 (PR #8682)
9377313 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Jan 28, 2025
@dependabot
Bump pip from 24.3.1 to 25.0 (#10365)
b5c1415 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-circle-ci that referenced this issue Feb 1, 2025
@dependabot
ci: Bump pip from 24.3.1 to 25.0 in /.github/workflows in the ci group (
675277a 
#216)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@hugovk hugovk mentioned this issue Feb 2, 2025
Merged
@vasudev-gm vasudev-gm mentioned this issue Feb 6, 2025
Merged
@basnijholt
Copy link

One issue will be that libmamba, which is used in the entire conda ecosystem was using this flag until 2 weeks ago: https://github.com/mamba-org/mamba/pull/3770/files

I suspect this is going to cause a lot of issues for folks that don't update their Conda / Mamba / micromamba.

@pfmoore
Copy link
Member

pfmoore commented Feb 7, 2025

If they are using the environment variable (which is what it looks like), it'll just get ignored.

@edgarrmondragon edgarrmondragon mentioned this issue Feb 13, 2025
Open
@aswordok aswordok mentioned this issue Feb 18, 2025
Open
@ichard26
Copy link
Member Author

ichard26 commented Feb 21, 2025
edited
Loading

OK, more people are relying on this flag than I thought. I still want people to stop using it as it does nothing, and I suspect that the modern uses of the flag (e.g., Hatch) are due to the reasonable but wrong assumption it still does something (another reason to remove it). However, we could probably just hide the flag from our help output, remove the tests, but otherwise leave the flag be as a no-op.

I'd rather not cause churn over this. Thoughts?

Stormheg added a commit to Stormheg/Willow that referenced this issue Feb 25, 2025
@Stormheg
Remove deprecated PIP_NO_PYTHON_VERSION_WARNING
4a8a5dc 
> DEPRECATION: --no-python-version-warning is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to remove the flag as it's a no-op. Discussion can be found at pypa/pip#13154
@Stormheg Stormheg mentioned this issue Feb 25, 2025
Open
@Kaniska244 Kaniska244 mentioned this issue Mar 4, 2025
Merged
@ichard26 ichard26 mentioned this issue Mar 7, 2025
Open
@mocher72 mocher72 mentioned this issue Mar 9, 2025
Open
1 task
miguelinux added a commit to miguelinux/hatch that referenced this issue Mar 18, 2025
@miguelinux
drop no-python-version-warning from pip install
67b3058 
When using `hatch sell` with `pip` 25.0.1 at the first time, a deprecation
warning is showed:

> $ hatch shell
> DEPRECATION: --no-python-version-warning is deprecated. pip 25.1 will
>  enforce this behaviour change. A possible replacement is to remove the
>  flag as it's a no-op. Discussion can be found at
>  pypa/pip#13154
> You are about to enter a new shell, exit as you usually would e.g. by
>  typing `exit` or pressing `ctrl+d`...

Looking at pypa/pip#13154 it said:

> The Python 2 days are behind us, thus we can kill off the
> --no-python-version-warning flag which disabled the
> "Python 2 is sunsetting support" warnings :)
>
> If you're using this flag, you can simply stop. It does nothing today.

So, lets remove it to not show the warning
@miguelinux miguelinux mentioned this issue Mar 18, 2025
Open
jaraco added a commit to jaraco/skeleton that referenced this issue Mar 22, 2025
@jaraco
Remove PIP_NO_PYTHON_VERSION_WARNING.
80eee55 
Ref pypa/pip#13154
@jaraco
Copy link
Member

jaraco commented Mar 22, 2025

I'm in favor of removing it, but also not breaking things. It's a difficult tradeoff. Some churn is going to be required to remove it. It looks like at least some people are addressing the deprecation. My instinct is that it can be removed with modest churn, but maybe not in 25.1.

jaraco added a commit to jaraco/skeleton that referenced this issue Mar 22, 2025
@jaraco
Remove PIP_NO_PYTHON_VERSION_WARNING.
979e626 
Ref pypa/pip#13154
@pfmoore
Copy link
Member

pfmoore commented Mar 22, 2025

Let's stick to our standard deprecation period of 6 months and remove in 25.2. There's no rush. But equally, there's no reason to extend beyond our standard 6 months.

potiuk added a commit to potiuk/hatch that referenced this issue Mar 23, 2025
@potiuk
Remove --no-python-version-warning switch from pip commands
8a2b7a2 
Pip 25.1 will remove the flag and 25.0 already raises a deprecation
warning when hatch build command is used. This will make current
hatch version to fail when `pip` 25.1 is released.

See pypa/pip#13154
@potiuk potiuk mentioned this issue Mar 23, 2025
Closed
@ichard26 ichard26 mentioned this issue Mar 28, 2025
Open
@ichard26
Copy link
Member Author

Hi all, I've since realized that fully removing this flag would be more disruptive I initially thought.

I propose that we simply remove the tests and documentation for the flag. It's already a no-op so there's no point to break people who are passing it for legacy reasons. That we can minimize the code we're maintaining, but also avoid unnecessary breakage (which I'd like to avoid, especially in light of the setuptools fiasco).

#13308

@piotr-dobrogost
Copy link

@ichard26

especially in light of the setuptools fiasco

I've been not followng pip for a while. What fiasco do mean here?

@ichard26
Copy link
Member Author

Setuptools has recently made a string of backwards incompatible changes/removals that have caused considerable breakage. The community backlash has spilled beyond setuptools' issue tracker. If you're interested, you can take a look at the most recently active issues on setuptools. The specifics aren't important (and I'd rather not bring over discussions being held on setuptools here).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: deprecation Related to deprecation / removal.
Projects
None yet
Milestone
25.1
Development

No branches or pull requests
7 participants
@piotr-dobrogost @jsirois @jaraco @pfmoore @basnijholt @ichard26 and others