Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pip mistakenly reports recursion error even when there is no recursion #13046

Closed
1 task done
d3dave opened this issue Oct 27, 2024 · 11 comments · Fixed by #13047
Closed
1 task done

pip mistakenly reports recursion error even when there is no recursion #13046

d3dave opened this issue Oct 27, 2024 · 11 comments · Fixed by #13047
Labels
C: requirement file Using `requirements.txt` type: bug A confirmed bug or unintended behavior
Milestone

Comments

@d3dave
Copy link

d3dave commented Oct 27, 2024

Description

I have three requirements files, as follows:

# requirements.txt
...
# test-requirements.txt
-r requirements.txt
...
# lint-requirements.txt
-r requirements.txt
-r test-requirements.txt
...

When attempting to pip install -r lint-requirements.txt, pip complains:

ERROR: .../requirements.txt recursively references itself in .../test-requirements.txt and again in .../lint-requirements.txt

even though there is no recursive reference here. This used to work fine prior to pip 24.3.

Expected behavior

pip should not report an error and instead should proceed with installation as usual.

pip version

24.3

Python version

3.9

OS

Linux

How to Reproduce

  1. Place three example requirements files in a directory as above.
  2. Run pip install -r lint-requirements.txt
  3. Observe error.

Output

$ python3.9 -m pip install -r lint-requirements.txt -c constraints.txt
Defaulting to user installation because normal site-packages is not writeable
ERROR: <omitted>/requirements.txt recursively references itself in <omitted>/test-requirements.txt and again in <omitted>/lint-requirements.txt

Code of Conduct

@d3dave d3dave added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Oct 27, 2024
@xmatthias
Copy link

xmatthias commented Oct 27, 2024

Same here ... breaks all our CI runs - as we do update pip, but don't pin pip in ci so far ...
it's also not limited to python 3.9 - we're seeing this from 3.10-3.12.

@sbidoul
Copy link
Member

sbidoul commented Oct 27, 2024

Likely due to #12877

@notatallshaw
Copy link
Member

notatallshaw commented Oct 27, 2024

Hi all, if you are getting this error right now then I reccomend pinning your pip to pip==24.2 until there is a chance to investigate, decide how to handle, and probably release a 24.3.1.

Trying to create an MRE I found something interesting:

a.txt:

requests

And then b.txt:

-r a.txt

And run pip install -r a.txt -r b.txt --dry-run I don't get an error. But if I add:

c.txt:

-r a.txt
-r b.txt

And run pip install -r a.txt -r b.txt -r c.txt --dry-run I do get an error (and c.txt must refer to both a.txt and b.txt)

@notatallshaw
Copy link
Member

notatallshaw commented Oct 27, 2024

I suspect the logic in #12877 is wrong, as I don't think it considers you can receive many requirements files and they can reference each other as a DAG.

I think to fix it you need to build a Directed Graph and show there are no cycles, I suspect that's not a minor code change. Perhaps just better to revert?

@d3dave
Copy link
Author

d3dave commented Oct 27, 2024

I think to fix it you need to build a Directed Graph and show there are no cycles

@notatallshaw Should be sufficient to remove files from the "parsed" list once they are parsed completely. The current implementation keeps the file in the list even once it's not being parsed any more.

@sbidoul
Copy link
Member

sbidoul commented Oct 27, 2024

Tentative fix in #13047. @d3dave @xmatthias it would be great if you could test it.

@sbidoul
Copy link
Member

sbidoul commented Oct 27, 2024

@notatallshaw thanks for the MRE !

@sbidoul sbidoul added C: requirement file Using `requirements.txt` and removed S: needs triage Issues/PRs that need to be triaged labels Oct 27, 2024
@sbidoul sbidoul added this to the 24.3 milestone Oct 27, 2024
@xmatthias
Copy link

xmatthias commented Oct 27, 2024

@sbidoul seems to work in my test (installed via pip install git+https://github.com/sbidoul/pip.git@fix-13046) - so i'd say great job 👍 - ran against the same repository i encountered the initial problem with.

@sbidoul
Copy link
Member

sbidoul commented Oct 27, 2024

Ok, thanks! I'll cut a 24.3.1 tonight.

philippemilink added a commit to philippemilink/zds-site that referenced this issue Oct 27, 2024
Reste à 24.2 tant que pypa/pip#13046 n'est pas
corrigé.
Situphen pushed a commit to zestedesavoir/zds-site that referenced this issue Oct 27, 2024
Reste à 24.2 tant que pypa/pip#13046 n'est pas
corrigé.
@pradyunsg
Copy link
Member

Thanks @sbidoul for a quick fix and release!

github-merge-queue bot pushed a commit to google/scaaml that referenced this issue Oct 28, 2024
Bumps the dependabot group with 3 updates in the / directory:
[pip](https://github.com/pypa/pip),
[setuptools](https://github.com/pypa/setuptools) and
[tensorflow](https://github.com/tensorflow/tensorflow).

Updates `pip` from 24.2 to 24.3.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `setuptools` from 75.1.0 to 75.2.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v75.2.0</h1>
<h2>Features</h2>
<ul>
<li>Made errors when parsing <code>Distribution</code> data more
explicit about the expected type (<code>tuple[str, ...] |
list[str]</code>) -- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fix a <code>TypeError</code> when a <code>Distribution</code>'s old
included attribute was a <code>tuple</code> -- by
:user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li>
<li>Add workaround for <code>bdist_wheel --dist-info-dir</code> errors
when customisation does not inherit from setuptools. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4684">#4684</a>)</li>
</ul>
<h1>v75.1.1</h1>
<h2>Bugfixes</h2>
<ul>
<li>Re-use pre-existing <code>.dist-info</code> dir when creating wheels
via the build backend APIs (PEP 517) and the
<code>metadata_directory</code> argument is passed -- by
:user:<code>pelson</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/1825">#1825</a>)</li>
<li>Changed <code>egg_info</code> command to avoid adding an empty
<code>.egg-info</code> directory
while iterating over entry-points.
This avoids triggering integration problems with
<code>importlib.metadata</code>/<code>importlib_metadata</code>
(reference: <a
href="https://redirect.github.com/pypa/pyproject-hooks/issues/206">pypa/pyproject-hooks#206</a>).
(<a
href="https://redirect.github.com/pypa/setuptools/issues/4680">#4680</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/setuptools/commit/61a5a03fbf8acc59e6e12144011aa06b85162bda"><code>61a5a03</code></a>
Bump version: 75.1.1 → 75.2.0</li>
<li><a
href="https://github.com/pypa/setuptools/commit/8ad3ea7509e7f0168f86fbf191ae4e9f13229210"><code>8ad3ea7</code></a>
Workaround for <code>bdist_wheel.dist_info_dir</code> problems (<a
href="https://redirect.github.com/pypa/setuptools/issues/4684">#4684</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/9af08776190841f022136be4192dfeeafd65406d"><code>9af0877</code></a>
Type sequence checks in setuptools/dist.py (<a
href="https://redirect.github.com/pypa/setuptools/issues/4578">#4578</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/0534fde847e0bd0c2214d6821c042c0eb5c0ffc3"><code>0534fde</code></a>
Add news fragment</li>
<li><a
href="https://github.com/pypa/setuptools/commit/50b732a4006f3b84315d4473f7c203e4fe13aed9"><code>50b732a</code></a>
Check for more specific error message</li>
<li><a
href="https://github.com/pypa/setuptools/commit/a663287c9c5f0bfc5e05addfb3a15fea7fc716c3"><code>a663287</code></a>
Add pragma for edge-case code path</li>
<li><a
href="https://github.com/pypa/setuptools/commit/96be735ca2e77b7db876133dfda0b4df3ced4ac0"><code>96be735</code></a>
Workaround for bdist_wheel.dist_info_dir problems</li>
<li><a
href="https://github.com/pypa/setuptools/commit/000a413e2af9c271166cebe6909ad664907887f1"><code>000a413</code></a>
Deprecate public access to setuptools.dist.sequence</li>
<li><a
href="https://github.com/pypa/setuptools/commit/00995c1e3d45393931ffb2e326e503819bee1728"><code>00995c1</code></a>
Use variable msg instead of tmpl in setuptools/dist</li>
<li><a
href="https://github.com/pypa/setuptools/commit/d457d0e87889aefe2093cd79ab4d1ee35d3101e7"><code>d457d0e</code></a>
Type sequence checks in setuptools/dist.py</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v75.1.0...v75.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tensorflow` from 2.17.0 to 2.18.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/releases">tensorflow's
releases</a>.</em></p>
<blockquote>
<h2>TensorFlow 2.18.0</h2>
<h1>Release 2.18.0</h1>
<h2>TensorFlow</h2>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>tf.lite</code></p>
<ul>
<li>C API:
<ul>
<li>An optional, fourth parameter was added
<code>TfLiteOperatorCreate</code> as a step forward towards a cleaner
API for <code>TfLiteOperator</code>. Function
<code>TfLiteOperatorCreate</code> was added recently, in TensorFlow Lite
version 2.17.0, released on 7/11/2024, and we do not expect there will
be much code using this function yet. Any code breakages can be easily
resolved by passing nullptr as the new, 4th parameter.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>TensorRT support is disabled in CUDA builds for code health
improvement.</p>
</li>
<li>
<p>Hermetic CUDA support is added.</p>
<p>Hermetic CUDA uses a specific downloadable version of CUDA instead of
the user’s locally installed CUDA. Bazel will download CUDA, CUDNN and
NCCL distributions, and then use CUDA libraries and tools as
dependencies in various Bazel targets. This enables more reproducible
builds for Google ML projects and supported CUDA versions.</p>
</li>
</ul>
<h3>Known Caveats</h3>
<h3>Major Features and Improvements</h3>
<ul>
<li>TensorFlow now supports and is compiled with NumPy 2.0 by default.
Please see the <a
href="https://numpy.org/doc/stable/release/2.0.0-notes.html">NumPy 2
release notes</a> and the <a
href="https://numpy.org/devdocs/numpy_2_0_migration_guide.html#numpy-2-migration-guide">NumPy
2 migration guide</a>.
<ul>
<li>Note that NumPy's type promotion rules have been changed(See <a
href="https://numpy.org/neps/nep-0050-scalar-promotion.html#nep50">NEP
50</a>for details). This may change the precision at which computations
happen, leading either to type errors or to numerical changes to
results.</li>
<li>Tensorflow will continue to support NumPy 1.26 until 2025, aligning
with community standard deprecation timeline <a
href="https://scientific-python.org/specs/spec-0000/">here</a>.</li>
</ul>
</li>
<li><code>tf.lite</code>:
<ul>
<li>The LiteRT <a
href="https://github.com/google-ai-edge/LiteRT">repo</a> is live (see <a
href="https://developers.googleblog.com/en/tensorflow-lite-is-now-litert/">announcement</a>),
which means that in the coming months there will be changes to the
development experience for TFLite. The TF Lite Runtime source will be
moved later this year, and sometime after that we will start accepting
contributions through that repo.</li>
</ul>
</li>
<li>SignatureRunner is now supported for models with no signatures.</li>
</ul>
<h3>Bug Fixes and Other Changes</h3>
<ul>
<li>
<p><code>tf.data</code></p>
<ul>
<li>Add optional <code>synchronous</code> argument to <code>map</code>,
to specify that the <code>map</code> should run synchronously, as
opposed to be parallelizable when
<code>options.experimental_optimization.map_parallelization=True</code>.
This saves memory compared to setting
<code>num_parallel_calls=1</code>.</li>
<li>Add optional <code>use_unbounded_threadpool</code> argument to
<code>map</code>, to specify that the <code>map</code> should use an
unbounded threadpool instead of the default pool that is based on the
number of cores on the machine. This can improve throughput for map
functions which perform IO or otherwise release the CPU.</li>
<li>Add <a
href="https://www.tensorflow.org/api_docs/python/tf/data/experimental/get_model_proto"><code>tf.data.experimental.get_model_proto</code></a>
to allow users to peek into the analytical model inside of a dataset
iterator.</li>
</ul>
</li>
<li>
<p><code>tf.lite</code></p>
<ul>
<li><code>Dequantize</code> op supports <code>TensorType_INT4</code>.
<ul>
<li>This change includes per-channel dequantization.</li>
</ul>
</li>
<li>Add support for <code>stablehlo.composite</code>.</li>
<li><code>EmbeddingLookup</code> op supports per-channel quantization
and <code>TensorType_INT4</code> values.</li>
<li><code>FullyConnected</code> op supports
<code>TensorType_INT16</code> activation and
<code>TensorType_Int4</code> weight per-channel quantization.</li>
</ul>
</li>
<li>
<p><code>tf.tensor_scatter_update</code>,
<code>tf.tensor_scatter_add</code> and of other reduce types.</p>
<ul>
<li>Support <code>bad_indices_policy</code>.</li>
</ul>
</li>
</ul>
<h2>Thanks to our Contributors</h2>
<p>This release contains contributions from many people at Google, as
well as:</p>
<p>Akhil Goel, akhilgoe, Alexander Pivovarov, Amir Samani, Andrew
Goodbody, Andrey Portnoy, Anthony Platanios, bernardoArcari, Brett
Taylor, buptzyb, Chao, Christian Clauss, Cocoa, Daniil Kutz, Darya
Parygina, dependabot[bot], Dimitris Vardoulakis, Dragan Mladjenovic,
Elfie Guo, eukub, Faijul Amin, flyingcat, Frédéric Bastien, ganyu.08,
Georg Stefan Schmid, Grigory Reznikov, Harsha H S, Harshit Monish,
Heiner, Ilia Sergachev, Jan, Jane Liu, Jaroslav Sevcik, Kaixi Hou, Kanvi
Khanna, Kristof Maar, Kristóf Maár, LakshmiKalaKadali, Lbertho-Gpsw,
lingzhi98, MarcoFalke, Masahiro Hiramori, Mmakevic-Amd, mraunak, Nobuo
Tsukamoto, Notheisz57, Olli Lupton, Pearu Peterson, pemeliya, Peyara
Nando, Philipp Hack, Phuong Nguyen, Pol Dellaiera, Rahul Batra, Ruturaj
Vaidya, sachinmuradi, Sergey Kozub, Shanbin Ke, Sheng Yang, shengyu,
Shraiysh, Shu Wang, Surya, sushreebarsa, Swatheesh-Mcw, syzygial, Tai
Ly, terryysun, tilakrayal, Tj Xu, Trevor Morris, Tzung-Han Juang,
wenchenvincent, wondertx, Xuefei Jiang, Ye Huang, Yimei Sun, Yunlong
Liu, Zahid Iqbal, Zhan Lu, Zoranjovanovic-Ns, Zuri Obozuwa</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md">tensorflow's
changelog</a>.</em></p>
<blockquote>
<h1>Release 2.18.0</h1>
<h2>TensorFlow</h2>
<h3>Breaking Changes</h3>
<ul>
<li>
<p><code>tf.lite</code></p>
<ul>
<li>C API:
<ul>
<li>An optional, fourth parameter was added
<code>TfLiteOperatorCreate</code> as a step forward towards a cleaner
API for <code>TfLiteOperator</code>. Function
<code>TfLiteOperatorCreate</code> was added recently, in TensorFlow Lite
version 2.17.0, released on 7/11/2024, and we do not expect there will
be much code using this function yet. Any code breakages can be easily
resolved by passing nullptr as the new, 4th parameter.</li>
</ul>
</li>
</ul>
</li>
<li>
<p>TensorRT support is disabled in CUDA builds for code health
improvement.</p>
</li>
<li>
<p>TensorFlow now supports and is compiled with NumPy 2.0 by default.
Please see the <a
href="https://numpy.org/doc/stable/release/2.0.0-notes.html">NumPy 2
release notes</a> and the <a
href="https://numpy.org/devdocs/numpy_2_0_migration_guide.html#numpy-2-migration-guide">NumPy
2 migration guide</a>.</p>
<ul>
<li>Note that NumPy's type promotion rules have been changed(See <a
href="https://numpy.org/neps/nep-0050-scalar-promotion.html#nep50">NEP
50</a>for details). This may change the precision at which computations
happen, leading either to type errors or to numerical changes to
results.</li>
<li>Tensorflow will continue to support NumPy 1.26 until 2025, aligning
with community standard deprecation timeline <a
href="https://scientific-python.org/specs/spec-0000/">here</a>.</li>
</ul>
</li>
<li>
<p>Hermetic CUDA support is added.</p>
<p>Hermetic CUDA uses a specific downloadable version of CUDA instead of
the user’s locally installed CUDA. Bazel will download CUDA, CUDNN and
NCCL distributions, and then use CUDA libraries and tools as
dependencies in various Bazel targets. This enables more reproducible
builds for Google ML projects and supported CUDA versions.</p>
</li>
<li>
<p>Remove the <code>EnumNamesXNNPackFlags</code> function in
<code>tensorflow/lite/acceleration/configuration/configuration_generated.h</code>.</p>
<p>This change is a bug fix in the automatically generated code. This
change is automatically generated by the new flatbuffer generator. The
flatbuffers library is updated to 24.3.25 in <a
href="https://github.com/tensorflow/tensorflow/commit/c17d64df85a83c1bd0fd7dcc0b1230812b0d3d48">https://github.com/tensorflow/tensorflow/commit/c17d64df85a83c1bd0fd7dcc0b1230812b0d3d48</a>.
The new flatbuffers library includes the following change <a
href="https://redirect.github.com/google/flatbuffers/pull/7813">google/flatbuffers#7813</a>
which fixed a underlying flatbuffer code generator bug.</p>
</li>
</ul>
<h3>Known Caveats</h3>
<h3>Major Features and Improvements</h3>
<ul>
<li><code>tf.lite</code>:
<ul>
<li>The LiteRT <a
href="https://github.com/google-ai-edge/LiteRT">repo</a> is live (see <a
href="https://developers.googleblog.com/en/tensorflow-lite-is-now-litert/">announcement</a>),
which means that in the coming months there will be changes to the
development experience for TFLite. The TF Lite Runtime source will be
moved later this year, and sometime after that we will start accepting
contributions through that repo.</li>
<li>SignatureRunner is now supported for models with no signatures.</li>
</ul>
</li>
</ul>
<h3>Bug Fixes and Other Changes</h3>
<ul>
<li>
<p><code>tf.data</code></p>
<ul>
<li>Add optional <code>synchronous</code> argument to <code>map</code>,
to specify that the <code>map</code> should run synchronously, as
opposed to be parallelizable when
<code>options.experimental_optimization.map_parallelization=True</code>.
This saves memory compared to setting
<code>num_parallel_calls=1</code>.</li>
<li>Add optional <code>use_unbounded_threadpool</code> argument to
<code>map</code>, to specify that the <code>map</code> should use an
unbounded threadpool instead of the default pool that is based on the
number of cores on the machine. This can improve throughput for map
functions which perform IO or otherwise release the CPU.</li>
<li>Add <a
href="https://www.tensorflow.org/api_docs/python/tf/data/experimental/get_model_proto"><code>tf.data.experimental.get_model_proto</code></a>
to allow users to peek into the analytical model inside of a dataset
iterator.</li>
</ul>
</li>
<li>
<p><code>tf.lite</code></p>
<ul>
<li><code>Dequantize</code> op supports <code>TensorType_INT4</code>.
<ul>
<li>This change includes per-channel dequantization.</li>
</ul>
</li>
<li>Add support for <code>stablehlo.composite</code>.</li>
<li><code>EmbeddingLookup</code> op supports per-channel quantization
and <code>TensorType_INT4</code> values.</li>
<li><code>FullyConnected</code> op supports
<code>TensorType_INT16</code> activation and
<code>TensorType_Int4</code> weight per-channel quantization.</li>
<li>Enable per-tensor quantization support in dynamic range quantization
of <code>TRANSPOSE_CONV</code> layer. Fixes TFLite converter <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/76624">bug</a>.</li>
</ul>
</li>
<li>
<p><code>tf.tensor_scatter_update</code>,
<code>tf.tensor_scatter_add</code> and of other reduce types.</p>
<ul>
<li>Support <code>bad_indices_policy</code>.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/6550e4bd80223cdb8be6c3afd1f81e86a4d433c3"><code>6550e4b</code></a>
Merge pull request <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/78464">#78464</a>
from tensorflow/rtg0795-patch-1</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/7e0c244a13a8e2968dce2600960291d5ca056ee1"><code>7e0c244</code></a>
Merge pull request <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/78463">#78463</a>
from tensorflow-jenkins/version-numbers-2.18.0-21101</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/35624d2777a87fd9c335ab6e08b3f2447b233fcf"><code>35624d2</code></a>
Update RELEASE.md to move TFLite SignatureRunner to the right
section</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/8d2c5e150e45747385193ee5ee3ed39f704e0bca"><code>8d2c5e1</code></a>
Update version numbers to 2.18.0</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/d5f4a3f5ddc60df66d732cdba0c3ad1e51b7a339"><code>d5f4a3f</code></a>
Merge pull request <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/77589">#77589</a>
from tensorflow-jenkins/version-numbers-2.18.0rc2-1...</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/7cbcbf33bb370fa5bdf423c9c6b1b6422ed20a6d"><code>7cbcbf3</code></a>
Update version numbers to 2.18.0-rc2</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/84c9398c492f13618dc147f45c20e95ecfc3defe"><code>84c9398</code></a>
Merge pull request <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/77576">#77576</a>
from tensorflow/r2.18-be4f646ec43</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/8fca5e7a885e502545086f2d5fa4e458c7fd63d0"><code>8fca5e7</code></a>
PR <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/17430">#17430</a>:
[ROCm] Use unique_ptr for TupleHandle in pjrt_se_client</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/2c3c798c33a5fbb8b63b7785716702aff222f2c4"><code>2c3c798</code></a>
Merge pull request <a
href="https://redirect.github.com/tensorflow/tensorflow/issues/77025">#77025</a>
from tensorflow-jenkins/version-numbers-2.18.0rc1-2...</li>
<li><a
href="https://github.com/tensorflow/tensorflow/commit/10693a47de32350865f04d4ad422b036552702f9"><code>10693a4</code></a>
Update version numbers to 2.18.0-rc1</li>
<li>Additional commits viewable in <a
href="https://github.com/tensorflow/tensorflow/compare/v2.17.0...v2.18.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Oct 28, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this issue Oct 28, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Oct 28, 2024
…k/test/generated-code (#4682)

Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) &lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) &lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users identify
the source. (<code>[#12653](pypa/pip#12653) &lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) &lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) &lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) &lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) &lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) &lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li>
<li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li>
<li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li>
<li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li>
<li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Oct 28, 2024
…s/@jsii/python-runtime (#4684)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) &lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) &lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users identify
the source. (<code>[#12653](pypa/pip#12653) &lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) &lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) &lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) &lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) &lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) &lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to <code>setup.py develop</code>
when using a setuptools version that does not support :pep:<code>660</code>
(setuptools v63 and older). (<code>[#11457](pypa/pip#11457) &lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<p>Features</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li>
<li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li>
<li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li>
<li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li>
<li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 28, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) &lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) &lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users identify
the source. (<code>[#12653](pypa/pip#12653) &lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) &lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) &lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) &lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) &lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) &lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li>
<li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li>
<li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li>
<li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li>
<li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Oct 28, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file again. (<code>[#13046](pypa/pip#13046) &lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with :pep:<code>440</code>. (<code>[#12918](pypa/pip#12918) &lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users identify
the source. (<code>[#12653](pypa/pip#12653) &lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels. (<code>[#12961](pypa/pip#12961) &lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has an invalid requirement. (<code>[#12953](pypa/pip#12953) &lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code> <code>global.target</code> when preparing a build environment. (<code>[#8438](pypa/pip#8438) &lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore). (<code>[#12901](pypa/pip#12901) &lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on Windows. (<code>[#12666](pypa/pip#12666) &lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from sbidoul/fix-13046</li>
<li><a href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a> Don't fail when the same req file is included more than once</li>
<li><a href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from sbidoul/release/24.3</li>
<li><a href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a> Bump for development</li>
<li><a href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from sbidoul/vendoring-24.3-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from sethmlarson/truststore-0.10.0</li>
<li><a href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a> Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
edgarrmondragon pushed a commit to MeltanoLabs/tap-gohighlevel that referenced this issue Oct 29, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Cxz324
Copy link

Cxz324 commented Nov 1, 2024

Description

I have three requirements files, as follows:

# requirements.txt
...
# test-requirements.txt
-r requirements.txt
...
# lint-requirements.txt
-r requirements.txt
-r test-requirements.txt
...

When attempting to pip install -r lint-requirements.txt, pip complains:

ERROR: .../requirements.txt recursively references itself in .../test-requirements.txt and again in .../lint-requirements.txt

even though there is no recursive reference here. This used to work fine prior to pip 24.3.

Expected behavior

pip should not report an error and instead should proceed with installation as usual.

pip version

24.3

Python version

3.9

OS

Linux

How to Reproduce

  1. Place three example requirements files in a directory as above.
  2. Run pip install -r lint-requirements.txt
  3. Observe error.

Output

$ python3.9 -m pip install -r lint-requirements.txt -c constraints.txt
Defaulting to user installation because normal site-packages is not writeable
ERROR: <omitted>/requirements.txt recursively references itself in <omitted>/test-requirements.txt and again in <omitted>/lint-requirements.txt

Code of Conduct

github-merge-queue bot pushed a commit to reservoir-data/tap-canny that referenced this issue Nov 1, 2024
Bumps the ci group in /.github/workflows with 2 updates:
[pip](https://github.com/pypa/pip) and
[hatch](https://github.com/pypa/hatch).

Updates `pip` from 24.2 to 24.3.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `hatch` from 1.12.0 to 1.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/hatch/releases">hatch's
releases</a>.</em></p>
<blockquote>
<h2>Hatchling v1.13.0</h2>
<p><em><strong>Added:</strong></em></p>
<ul>
<li>Update the set of known trove classifiers to version 2023.2.8</li>
</ul>
<h2>Hatch v1.13.0</h2>
<p><em><strong>Added:</strong></em></p>
<ul>
<li>Support managing Python 3.13 distributions</li>
</ul>
<h2>Hatchling v1.12.2</h2>
<p><em><strong>Fixed:</strong></em></p>
<ul>
<li>Add <code>macos-max-compat</code> option to the <code>wheel</code>
target that is enabled by default to support the latest version 22.0 of
the <code>packaging</code> library</li>
</ul>
<h2>Hatchling v1.12.1</h2>
<p><em><strong>Fixed:</strong></em></p>
<ul>
<li>Fix minor regression in the PEP 517/660 function signatures that was
discovered by Fedora</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/hatch/commit/4e3c515bb15fd5533ced963c70308e2a271905d9"><code>4e3c515</code></a>
release Hatch v1.13.0</li>
<li><a
href="https://github.com/pypa/hatch/commit/204c0cdc30990c0b5a983f5705967867e727982e"><code>204c0cd</code></a>
Support managing Python 3.13 distributions (<a
href="https://redirect.github.com/pypa/hatch/issues/1753">#1753</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/hatch/compare/hatch-v1.12.0...hatch-v1.13.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Nov 4, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Zeitsperre added a commit to Ouranosinc/miranda that referenced this issue Nov 4, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.2.0 to 24.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.3.1 (2024-10-27)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Allow multiple nested inclusions of the same requirements file
again. (<code>[#13046](pypa/pip#13046)
&lt;https://github.com/pypa/pip/issues/13046&gt;</code>_)</li>
</ul>
<h1>24.3 (2024-10-27)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate wheel filenames that are not compliant with
:pep:<code>440</code>.
(<code>[#12918](pypa/pip#12918)
&lt;https://github.com/pypa/pip/issues/12918&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Detect recursively referencing requirements files and help users
identify
the source. (<code>[#12653](pypa/pip#12653)
&lt;https://github.com/pypa/pip/issues/12653&gt;</code>_)</li>
<li>Support for :pep:<code>730</code> iOS wheels.
(<code>[#12961](pypa/pip#12961)
&lt;https://github.com/pypa/pip/issues/12961&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Display a better error message when an already installed package has
an invalid requirement.
(<code>[#12953](pypa/pip#12953)
&lt;https://github.com/pypa/pip/issues/12953&gt;</code>_)</li>
<li>Ignore <code>PIP_TARGET</code> and <code>pip.conf</code>
<code>global.target</code> when preparing a build environment.
(<code>[#8438](pypa/pip#8438)
&lt;https://github.com/pypa/pip/issues/8438&gt;</code>_)</li>
<li>Restore support for macOS 10.12 and older (via truststore).
(<code>[#12901](pypa/pip#12901)
&lt;https://github.com/pypa/pip/issues/12901&gt;</code>_)</li>
<li>Allow installing pip in editable mode in a virtual environment on
Windows. (<code>[#12666](pypa/pip#12666)
&lt;https://github.com/pypa/pip/issues/12666&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2024.8.30</li>
<li>Upgrade distlib to 0.3.9</li>
<li>Upgrade truststore to 0.10.0</li>
<li>Upgrade urllib3 to 1.26.20</li>
</ul>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](pypa/pip#11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<p>Features</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/05293b6b55eca86490b7c2944bcc558a56064f0d"><code>05293b6</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/6a5db8b107bb0063c69dc5ccd39dbfef14ca7a32"><code>6a5db8b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13047">#13047</a> from
sbidoul/fix-13046</li>
<li><a
href="https://github.com/pypa/pip/commit/7be54ced1cca2c850e79e8fbe9ec2b76947b2b6f"><code>7be54ce</code></a>
Don't fail when the same req file is included more than once</li>
<li><a
href="https://github.com/pypa/pip/commit/4f6aeb17ed540e181b9ad1dea8d7b5389effd21b"><code>4f6aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13044">#13044</a> from
sbidoul/release/24.3</li>
<li><a
href="https://github.com/pypa/pip/commit/e1b1d51fe8d0f4b84b77206173ceb656caa2edeb"><code>e1b1d51</code></a>
Bump for development</li>
<li><a
href="https://github.com/pypa/pip/commit/cdba22f49b425fe4a57a8daf992fd6335c8010a1"><code>cdba22f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/27f8374e8dd49141bd2397c0e8e8093cf3676ff7"><code>27f8374</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/c79d01953357913f421f192f51ffa9bab0a75ba0"><code>c79d019</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13033">#13033</a> from
sbidoul/vendoring-24.3-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/3ca89215a96f9b05619fc52bb778c19f26b84a9f"><code>3ca8921</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13041">#13041</a> from
sethmlarson/truststore-0.10.0</li>
<li><a
href="https://github.com/pypa/pip/commit/0cc7375ff0a42ddfa19f23f42cb96d6d7c06d29b"><code>0cc7375</code></a>
Upgrade vendored truststore to 0.10.0</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.2...24.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.2.0&new-version=24.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@Zeitsperre.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C: requirement file Using `requirements.txt` type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants