Skip to content

Mark pip index versions as no longer experimental #13188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
krishanbhasin-px opened this issue Jan 28, 2025 · 5 comments
Closed
1 task done

Mark pip index versions as no longer experimental #13188

krishanbhasin-px opened this issue Jan 28, 2025 · 5 comments
Labels
S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature

Comments

@krishanbhasin-px
Copy link
Contributor

krishanbhasin-px commented Jan 28, 2025
edited
Loading

What's the problem this feature will solve?

Since the pip install pip== "hack" stopped working, I do not believe there is a "stable" pip-centric way to list all the versions of a package. It is possible to query the HTTP API, but this may not be desirable for all users.

I myself have been asking colleagues to use the command when helping them debug the versions they have available to them and in their environments. I have found it stable and easy to use, and would love to be able to use it more widely without worry that it could be unexpectedly removed.

pip index versions was introduced over 4 years ago in #8978, and viewing the commit history, it does not appear to have changed very much since then.

In relevant issues such as #12852, it was mentioned that a PR to remove the experimental status may well be considered and possibly merged, so I am proposing it here.

Describe the solution you'd like

  1. remove the warning about pip index versions being experimental
  2. add documentation on the command
  3. add a --json flag

The code for the --json flag could be something like:

            if options.json:
                env = get_default_environment()
                dist = env.get_distribution(query)
                structured_output = {
                        "name": query,
                        "versions": formatted_versions,
                        "latest": latest,
                    }

                if dist is not None:
                    structured_output["installed_version"] = dist.version

                write_output(structured_output)
                return

resulting in an output like:

{
    "name": "package-name",
    "versions": ["1.0.0", "1.0.1", ...],
    "latest": "2.0.0",
    "installed_version": "1.0.0"  // if installed
}

Alternative Solutions

Not making any change to pip

Additional context

This would be an entirely backwards-compatible change.

I'm happy to bring this PR!

Code of Conduct
@krishanbhasin-px krishanbhasin-px added S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature labels Jan 28, 2025
@pfmoore
Copy link
Member

pfmoore commented Jan 28, 2025

I'm happy to bring this PR!

Seems reasonable to me - thanks for the offer!

@krishanbhasin-px krishanbhasin-px mentioned this issue Jan 28, 2025
Closed
@KrishanBhasin KrishanBhasin mentioned this issue Jan 30, 2025
Merged
@leimao
Copy link

leimao commented Feb 1, 2025

Should this issue be closed given the key MR has been merged?

@leimao
Copy link

leimao commented Feb 1, 2025

Oh, my apology. The MR was closed instead of merged. This issue remains.

@KrishanBhasin KrishanBhasin mentioned this issue Feb 10, 2025
Merged
@notatallshaw
Copy link
Member

Completed in #13219

github-merge-queue bot pushed a commit to MeltanoLabs/target-csv that referenced this issue Apr 28, 2025
@dependabot
ci: bump pip from 25.0.1 to 25.1 in /.github/workflows in the ci group (
b814dd5 
#193)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-pulumi-cloud that referenced this issue Apr 28, 2025
@dependabot
ci: bump pip from 25.0.1 to 25.1 in /.github/workflows in the ci group (
15e7ecd 
#248)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to google/scaaml that referenced this issue Apr 28, 2025
@dependabot
Bump the dependabot group with 4 updates (#375)
61332fa 
Bumps the dependabot group with 4 updates:
[setuptools](https://github.com/pypa/setuptools),
[certifi](https://github.com/certifi/python-certifi),
[pip](https://github.com/pypa/pip) and
[importlib-metadata](https://github.com/python/importlib_metadata).

Updates `setuptools` from 79.0.0 to 80.0.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v80.0.0</h1>
<h2>Bugfixes</h2>
<ul>
<li>Update test to honor new behavior in importlib_metadata 8.7. (<a
href="https://github.com/pypa/setuptools/issues/4961">#4961</a>)</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Removed support for the easy_install command including the sandbox
module. (<a
href="https://github.com/pypa/setuptools/issues/2908">#2908</a>)</li>
<li>Develop command no longer uses easy_install, but instead defers
execution to pip (which then will re-invoke Setuptools via PEP 517 to
build the editable wheel). Most of the options to develop are dropped.
This is the final warning before the command is dropped completely in a
few months. Use-cases relying on 'setup.py develop' should pin to older
Setuptools version or migrate to modern build tooling. (<a
href="https://github.com/pypa/setuptools/issues/4955">#4955</a>)</li>
</ul>
<h1>v79.0.1</h1>
<h2>Bugfixes</h2>
<ul>
<li>Merge with pypa/distutils@24bd3179b including fix for <a
href="https://github.com/pypa/distutils/issues/355">pypa/distutils#355</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/setuptools/commit/aeea79266d82f99dbe556126b90b64215a663a2c"><code>aeea792</code></a>
Bump version: 79.0.1 → 80.0.0</li>
<li><a
href="https://github.com/pypa/setuptools/commit/2c874e78f4240963f74debcaadcccb97cb302ded"><code>2c874e7</code></a>
Merge pull request <a
href="https://github.com/pypa/setuptools/issues/4962">#4962</a>
from pypa/bugfix/4961-validated-eps</li>
<li><a
href="https://github.com/pypa/setuptools/commit/82c588aedd8142e7615031358e2d2640213a351d"><code>82c588a</code></a>
Update test to honor new behavior in importlib_metadata 8.7</li>
<li><a
href="https://github.com/pypa/setuptools/commit/ef4cd2960d75f2d49f40f5495347523be62d20e5"><code>ef4cd29</code></a>
Merge pull request <a
href="https://github.com/pypa/setuptools/issues/2908">#2908</a>
from pypa/debt/remove-easy-install</li>
<li><a
href="https://github.com/pypa/setuptools/commit/85bbad4945d874a2444e4531c74c5074cdeca010"><code>85bbad4</code></a>
Merge branch 'main' into debt/remove-easy-install</li>
<li><a
href="https://github.com/pypa/setuptools/commit/9653305c35a143b8d1bad2c190f918887dd1e6d5"><code>9653305</code></a>
Merge pull request <a
href="https://github.com/pypa/setuptools/issues/4955">#4955</a>
from pypa/debt/develop-uses-pip</li>
<li><a
href="https://github.com/pypa/setuptools/commit/da119e7e996b00b6e26f79995bec55684a3fabbe"><code>da119e7</code></a>
Set a due date 6 months in advance.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/a7603da5d3c709f6f01c8df8031ba7a7ae7959a0"><code>a7603da</code></a>
Rename news fragment to reference the pull request for better precise
locality.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/018a20cb130e9357f39c176b59c83738a09d7daa"><code>018a20c</code></a>
Restore a few of the options to develop.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/a5f02fe88d46e963bc470a60a9f8613d7f889d49"><code>a5f02fe</code></a>
Remove another test relying on setup.py develop.</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v79.0.0...v80.0.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `certifi` from 2025.1.31 to 2025.4.26
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/275c9eb55733a464589c15fb4566fddd4598e5b2"><code>275c9eb</code></a>
2025.04.26 (<a
href="https://github.com/certifi/python-certifi/issues/347">#347</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/37883310b51e56570919cdc2d44becc1c6940559"><code>3788331</code></a>
Bump actions/setup-python from 5.4.0 to 5.5.0 (<a
href="https://github.com/certifi/python-certifi/issues/346">#346</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/9d1f1b782000baedf57026de5b79e193bcb7ef7b"><code>9d1f1b7</code></a>
Bump actions/download-artifact from 4.1.9 to 4.2.1 (<a
href="https://github.com/certifi/python-certifi/issues/344">#344</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/96b97a5afe26bc1adef98cb0bfe68e34948a73b6"><code>96b97a5</code></a>
Bump actions/upload-artifact from 4.6.1 to 4.6.2 (<a
href="https://github.com/certifi/python-certifi/issues/343">#343</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/c054ed3ac3d3505efc929b71cfd87a257bbdb6b3"><code>c054ed3</code></a>
Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (<a
href="https://github.com/certifi/python-certifi/issues/342">#342</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/44547fc77121b12bb276b44b3b2b49cfcbeac06f"><code>44547fc</code></a>
Bump actions/download-artifact from 4.1.8 to 4.1.9 (<a
href="https://github.com/certifi/python-certifi/issues/341">#341</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/5ea51247afecf1bf4ebfa8f2db3082e89a8bfaed"><code>5ea5124</code></a>
Bump actions/upload-artifact from 4.6.0 to 4.6.1 (<a
href="https://github.com/certifi/python-certifi/issues/340">#340</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/2f142b7ae0b2d13fee4ba4b9fbd73a9cd5069060"><code>2f142b7</code></a>
Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (<a
href="https://github.com/certifi/python-certifi/issues/339">#339</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/80d2ebdc77d2d005f408f789fe2fb1fe5f4e0265"><code>80d2ebd</code></a>
Bump actions/setup-python from 5.3.0 to 5.4.0 (<a
href="https://github.com/certifi/python-certifi/issues/337">#337</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26">compare
view</a></li>
</ul>
</details>
<br />

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `importlib-metadata` from 8.6.1 to 8.7.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's
changelog</a>.</em></p>
<blockquote>
<h1>v8.7.0</h1>
<h2>Features</h2>
<ul>
<li><code>.metadata()</code> (and <code>Distribution.metadata</code>)
can now return <code>None</code> if the metadata directory exists but
not metadata file is present. (<a
href="https://github.com/python/importlib_metadata/issues/493">#493</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Raise consistent ValueError for invalid EntryPoint.value (<a
href="https://github.com/python/importlib_metadata/issues/518">#518</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python/importlib_metadata/commit/708dff4f1ab89bdd126e3e8c56098d04282c5809"><code>708dff4</code></a>
Finalize</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/b3065f03cc3395f46ed575e612e213f92a064879"><code>b3065f0</code></a>
Merge pull request <a
href="https://github.com/python/importlib_metadata/issues/519">#519</a>
from python/bugfix/493-metadata-missing</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/e4351c226765f53a40316fa6aab50488aee8a90f"><code>e4351c2</code></a>
Add a new test capturing the new expectation.</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/5a657051f7386de6f0560c200d78e941be2c8058"><code>5a65705</code></a>
Refactor the casting into a wrapper for brevity and to document its
purpose.</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/0830c39b8a23e48024365120c0e97a6f7c36c5ec"><code>0830c39</code></a>
Add news fragment.</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/22bb567692d8e7bd216f864a9d8dee1272ee8674"><code>22bb567</code></a>
Fix type errors where metadata could be None.</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/57f31d77e18fef11dfadfd44775f253971c36920"><code>57f31d7</code></a>
Allow metadata to return None when there is no metadata present.</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/b9c4be4253250ad604610db66204e5fa70fa2455"><code>b9c4be4</code></a>
Merge pull request <a
href="https://github.com/python/importlib_metadata/issues/518">#518</a>
from python/bugfix/488-bad-ep-value</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/9f8af013635833cf3ac348413c9ac63b37caa3dd"><code>9f8af01</code></a>
Prefer a cached property, as the property is likely to be retrieved at
least ...</li>
<li><a
href="https://github.com/python/importlib_metadata/commit/f179e28888b2c6caf12baaf5449ff1cd82513dfe"><code>f179e28</code></a>
Also raise ValueError on construction if the value is invalid.</li>
<li>Additional commits viewable in <a
href="https://github.com/python/importlib_metadata/compare/v8.6.1...v8.7.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Apr 28, 2025
@dependabot
Bump pip from 25.0.1 to 25.1 (#10799)
299fc52 
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Apr 28, 2025
@dependabot
Bump pip from 25.0.1 to 25.1 (#10804)
ad5d139 
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Apr 28, 2025
@dependabot
chore(deps-dev): Bump pip from 25.0.1 to 25.1 in /packages/jsii-pacma…
939ed4e 
…k/test/generated-code (#4819)

Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) &lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) &lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage. (<code>[#13303](pypa/pip#13303) &lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to
inspect and discover installed packages. This warning should only be visible to
users who set an undocumented environment variable to disable the default
<code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) &lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning,
and future-proof their setup, users should enable <code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) &lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) &lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) &lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large number
of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) &lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form <code>group</code> or
<code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) &lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) &lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing <code>Home-Page</code> field
in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) &lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) &lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) &lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) &lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) &lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) &lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) &lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) &lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) &lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) &lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode during</p>
</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li>
<li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li>
<li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li>
<li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li>
<li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Apr 28, 2025
@dependabot
chore(deps): Update pip requirement from ~=25.0 to ~=25.1 in /package…
a616890 
…s/@jsii/python-runtime (#4820)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) &lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) &lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage. (<code>[#13303](pypa/pip#13303) &lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to
inspect and discover installed packages. This warning should only be visible to
users who set an undocumented environment variable to disable the default
<code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) &lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning,
and future-proof their setup, users should enable <code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) &lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) &lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) &lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large number
of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) &lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form <code>group</code> or
<code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) &lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) &lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing <code>Home-Page</code> field
in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) &lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) &lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) &lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) &lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) &lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) &lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) &lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) &lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) &lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) &lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode during</p>
</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li>
<li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li>
<li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li>
<li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li>
<li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0...25.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-postgres that referenced this issue Apr 28, 2025
@dependabot
build(deps): Bump pip from 25.0.1 to 25.1 in /.github/workflows in th…
10d8f98 
…e ci group (#622)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Apr 28, 2025
@dependabot @inmantaci
Bump pip from 25.0.1 to 25.1 (PR #8993)
2283c90 
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) &lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) &lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage. (<code>[#13303](pypa/pip#13303) &lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to
inspect and discover installed packages. This warning should only be visible to
users who set an undocumented environment variable to disable the default
<code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) &lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning,
and future-proof their setup, users should enable <code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) &lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) &lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) &lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large number
of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) &lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form <code>group</code> or
<code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) &lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) &lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing <code>Home-Page</code> field
in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) &lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) &lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) &lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) &lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) &lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) &lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) &lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) &lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) &lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) &lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li>
<li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li>
<li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li>
<li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li>
<li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Apr 28, 2025
@dependabot @inmantaci
Bump pip from 25.0.1 to 25.1 (PR #8995)
a3365ad 
Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) &lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) &lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage. (<code>[#13303](pypa/pip#13303) &lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to
inspect and discover installed packages. This warning should only be visible to
users who set an undocumented environment variable to disable the default
<code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) &lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning,
and future-proof their setup, users should enable <code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) &lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) &lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) &lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large number
of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) &lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form <code>group</code> or
<code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) &lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) &lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing <code>Home-Page</code> field
in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) &lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) &lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) &lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) &lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) &lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) &lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) &lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) &lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) &lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) &lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li>
<li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li>
<li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li>
<li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li>
<li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
github-merge-queue bot pushed a commit to meltano/tap-smoke-test that referenced this issue Apr 29, 2025
@dependabot
ci: bump pip from 25.0.1 to 25.1 in /.github/workflows in the ci group (
4f158d8 
#259)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-circle-ci that referenced this issue May 1, 2025
@dependabot
ci: bump pip from 25.0.1 to 25.1 in /.github/workflows in the ci group (
a396c08 
#238)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 25.0.1 to 25.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.1 (2025-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.8.
(<code>[#12989](pypa/pip#12989)
&lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li>
<li>On python 3.14+, the <code>pkg_resources</code> metadata backend
cannot be used anymore.
(<code>[#13010](pypa/pip#13010)
&lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li>
<li>Hide <code>--no-python-version-warning</code> from CLI help and
documentation
as it's useless since Python 2 support was removed. Despite being
formerly slated for removal, the flag will remain as a no-op to
avoid breakage.
(<code>[#13303](pypa/pip#13303)
&lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li>
<li>A warning is emitted when the deprecated <code>pkg_resources</code>
library is used to
inspect and discover installed packages. This warning should only be
visible to
users who set an undocumented environment variable to disable the
default
<code>importlib.metadata</code> backend.
(<code>[#13318](pypa/pip#13318)
&lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li>
<li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To
silence the warning,
and future-proof their setup, users should enable
<code>--use-pep517</code> or add a
<code>pyproject.toml</code> file to the projects they control.
(<code>[#13319](pypa/pip#13319)
&lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Suggest checking &quot;pip config debug&quot; in case of an
InvalidProxyURL error.
(<code>[#12649](pypa/pip#12649)
&lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p>
</li>
<li>
<p>Using <code>--debug</code> also enables verbose logging.
(<code>[#12710](pypa/pip#12710)
&lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p>
</li>
<li>
<p>Display a transient progress bar during package installation.
(<code>[#12712](pypa/pip#12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement when installing packages with a large
number
of dependencies by increasing the requirement string cache size.
(<code>[#12873](pypa/pip#12873)
&lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p>
</li>
<li>
<p>Add a <code>--group</code> option which allows installation from
:pep:<code>735</code> Dependency
Groups. <code>--group</code> accepts arguments of the form
<code>group</code> or
<code>path:group</code>, where the default path is
<code>pyproject.toml</code>, and installs
the named Dependency Group from the provided <code>pyproject.toml</code>
file. (<code>[#12963](pypa/pip#12963)
&lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p>
</li>
<li>
<p>Add support to enable resuming incomplete downloads.</p>
<p>Control the number of retry attempts using the
<code>--resume-retries</code> flag.
(<code>[#12991](pypa/pip#12991)
&lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p>
</li>
<li>
<p>Use :pep:<code>753</code> &quot;Well-known Project URLs in
Metadata&quot; normalization rules when
identifying an equivalent project URL to replace a missing
<code>Home-Page</code> field
in <code>pip show</code>.
(<code>[#13135](pypa/pip#13135)
&lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p>
</li>
<li>
<p>Remove <code>experimental</code> warning from <code>pip index
versions</code> command.
(<code>[#13188](pypa/pip#13188)
&lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p>
</li>
<li>
<p>Add a structured <code>--json</code> output to <code>pip index
versions</code>
(<code>[#13194](pypa/pip#13194)
&lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p>
</li>
<li>
<p>Add a new, <em>experimental</em>, <code>pip lock</code> command,
implementing :pep:<code>751</code>.
(<code>[#13213](pypa/pip#13213)
&lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p>
</li>
<li>
<p>Speed up resolution by first only considering the preference of
candidates that must be required to complete the resolution.
(<code>[#13253](pypa/pip#13253)
&lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p>
</li>
<li>
<p>Improved heuristics for determining the order of dependency
resolution. (<code>[#13273](pypa/pip#13273)
&lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p>
</li>
<li>
<p>Provide hint, documentation, and link to the documentation when
resolution too deep error occurs.
(<code>[#13282](pypa/pip#13282)
&lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p>
</li>
<li>
<p>Include traceback on failure to import <code>setuptools</code> when
<code>setup.py</code> is being invoked directly.
(<code>[#13290](pypa/pip#13290)
&lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p>
</li>
<li>
<p>Support for :pep:<code>738</code> Android wheels.
(<code>[#13299](pypa/pip#13299)
&lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p>
</li>
<li>
<p>Display wheel build tag in <code>pip list</code> columns output if
set. (<code>[#5210](pypa/pip#5210)
&lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p>
</li>
<li>
<p>Build environment dependencies are no longer compiled to bytecode
during</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a>
Add a news file for the pip lock command</li>
<li><a
href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13319">#13319</a> from
sbidoul</li>
<li><a
href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/13344">#13344</a> from
pypa/dependabot/pip/build-project/setuptools-7...</li>
<li><a
href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a>
Remove LRU cache from methods [ruff rule cached-instance-method] (<a
href="https://github.com/pypa/pip/issues/13306">#13306</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a>
Merge pull request <a
href="https://github.com/pypa/pip/issues/12308">#12308</a></li>
<li><a
href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a>
Clarify what the removal of the pkg_ressources backend implies</li>
<li><a
href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a>
Rename find_linked to find_legacy_editables</li>
<li><a
href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a>
Fix uninstallation of zipped eggs</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.0.1&new-version=25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@sigma67
Copy link

sigma67 commented May 2, 2025

I guess this was created as a duplicate of #12342

I will go ahead and close that one as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S: needs triage Issues/PRs that need to be triaged type: feature request Request for a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@pfmoore @notatallshaw @sigma67 @leimao @krishanbhasin-px and others