pip 25.3__py3-none-any.whl → 26.0__py3-none-any.whl

pip/_internal/index/package_finder.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import datetime
 import enum
 import functools
 import itertools
@@ -18,19 +19,22 @@ from typing import (
 from pip._vendor.packaging import specifiers
 from pip._vendor.packaging.tags import Tag
 from pip._vendor.packaging.utils import NormalizedName, canonicalize_name
-from pip._vendor.packaging.version import InvalidVersion, _BaseVersion
+from pip._vendor.packaging.version import InvalidVersion, Version, _BaseVersion
 from pip._vendor.packaging.version import parse as parse_version
 
 from pip._internal.exceptions import (
     BestVersionAlreadyInstalled,
     DistributionNotFound,
+    InstallationError,
     InvalidWheelFilename,
     UnsupportedWheel,
 )
 from pip._internal.index.collector import LinkCollector, parse_links
+from pip._internal.metadata import select_backend
 from pip._internal.models.candidate import InstallationCandidate
 from pip._internal.models.format_control import FormatControl
 from pip._internal.models.link import Link
+from pip._internal.models.release_control import ReleaseControl
 from pip._internal.models.search_scope import SearchScope
 from pip._internal.models.selection_prefs import SelectionPreferences
 from pip._internal.models.target_python import TargetPython
@@ -111,6 +115,8 @@ class LinkType(enum.Enum):
     format_invalid = enum.auto()
     platform_mismatch = enum.auto()
     requires_python_mismatch = enum.auto()
+    upload_too_late = enum.auto()
+    upload_time_missing = enum.auto()
 
 
 class LinkEvaluator:
@@ -132,6 +138,7 @@ class LinkEvaluator:
         target_python: TargetPython,
         allow_yanked: bool,
         ignore_requires_python: bool | None = None,
+        uploaded_prior_to: datetime.datetime | None = None,
     ) -> None:
         """
         :param project_name: The user supplied package name.
@@ -149,6 +156,8 @@ class LinkEvaluator:
         :param ignore_requires_python: Whether to ignore incompatible
             PEP 503 "data-requires-python" values in HTML links. Defaults
             to False.
+        :param uploaded_prior_to: If set, only allow links uploaded prior to
+            the given datetime.
         """
         if ignore_requires_python is None:
             ignore_requires_python = False
@@ -158,6 +167,7 @@ class LinkEvaluator:
         self._ignore_requires_python = ignore_requires_python
         self._formats = formats
         self._target_python = target_python
+        self._uploaded_prior_to = uploaded_prior_to
 
         self.project_name = project_name
 
@@ -218,6 +228,27 @@ class LinkEvaluator:
 
                 version = wheel.version
 
+        # Check upload-time filter after verifying the link is a package file.
+        # Skip this check for local files, as --uploaded-prior-to only applies
+        # to packages from indexes.
+        if self._uploaded_prior_to is not None and not link.is_file:
+            if link.upload_time is None:
+                if link.comes_from:
+                    index_info = f"Index {link.comes_from}"
+                else:
+                    index_info = "Index"
+
+                return (
+                    LinkType.upload_time_missing,
+                    f"{index_info} does not provide upload-time metadata.",
+                )
+            elif link.upload_time >= self._uploaded_prior_to:
+                return (
+                    LinkType.upload_too_late,
+                    f"Upload time {link.upload_time} not "
+                    f"prior to {self._uploaded_prior_to}",
+                )
+
         # This should be up by the self.ok_binary check, but see issue 2700.
         if "source" not in self._formats and ext != WHEEL_EXTENSION:
             reason = f"No sources permitted for {self.project_name}"
@@ -350,7 +381,7 @@ class CandidatePreferences:
     """
 
     prefer_binary: bool = False
-    allow_all_prereleases: bool = False
+    release_control: ReleaseControl | None = None
 
 
 @dataclass(frozen=True)
@@ -391,7 +422,7 @@ class CandidateEvaluator:
         project_name: str,
         target_python: TargetPython | None = None,
         prefer_binary: bool = False,
-        allow_all_prereleases: bool = False,
+        release_control: ReleaseControl | None = None,
         specifier: specifiers.BaseSpecifier | None = None,
         hashes: Hashes | None = None,
     ) -> CandidateEvaluator:
@@ -417,7 +448,7 @@ class CandidateEvaluator:
             supported_tags=supported_tags,
             specifier=specifier,
             prefer_binary=prefer_binary,
-            allow_all_prereleases=allow_all_prereleases,
+            release_control=release_control,
             hashes=hashes,
         )
 
@@ -427,14 +458,14 @@ class CandidateEvaluator:
         supported_tags: list[Tag],
         specifier: specifiers.BaseSpecifier,
         prefer_binary: bool = False,
-        allow_all_prereleases: bool = False,
+        release_control: ReleaseControl | None = None,
         hashes: Hashes | None = None,
     ) -> None:
         """
         :param supported_tags: The PEP 425 tags supported by the target
             Python in order of preference (most preferred first).
         """
-        self._allow_all_prereleases = allow_all_prereleases
+        self._release_control = release_control
         self._hashes = hashes
         self._prefer_binary = prefer_binary
         self._project_name = project_name
@@ -455,17 +486,27 @@ class CandidateEvaluator:
         Return the applicable candidates from a list of candidates.
         """
         # Using None infers from the specifier instead.
-        allow_prereleases = self._allow_all_prereleases or None
+        if self._release_control is not None:
+            allow_prereleases = self._release_control.allows_prereleases(
+                canonicalize_name(self._project_name)
+            )
+        else:
+            allow_prereleases = None
         specifier = self._specifier
 
-        # We turn the version object into a str here because otherwise
-        # when we're debundled but setuptools isn't, Python will see
-        # packaging.version.Version and
+        # When using the pkg_resources backend we turn the version object into
+        # a str here because otherwise when we're debundled but setuptools isn't,
+        # Python will see packaging.version.Version and
         # pkg_resources._vendor.packaging.version.Version as different
         # types. This way we'll use a str as a common data interchange
         # format. If we stop using the pkg_resources provided specifier
         # and start using our own, we can drop the cast to str().
-        candidates_and_versions = [(c, str(c.version)) for c in candidates]
+        if select_backend().NAME == "pkg_resources":
+            candidates_and_versions: list[
+                tuple[InstallationCandidate, str | Version]
+            ] = [(c, str(c.version)) for c in candidates]
+        else:
+            candidates_and_versions = [(c, c.version) for c in candidates]
         versions = set(
             specifier.filter(
                 (v for _, v in candidates_and_versions),
@@ -593,6 +634,7 @@ class PackageFinder:
         format_control: FormatControl | None = None,
         candidate_prefs: CandidatePreferences | None = None,
         ignore_requires_python: bool | None = None,
+        uploaded_prior_to: datetime.datetime | None = None,
     ) -> None:
         """
         This constructor is primarily meant to be used by the create() class
@@ -614,6 +656,7 @@ class PackageFinder:
         self._ignore_requires_python = ignore_requires_python
         self._link_collector = link_collector
         self._target_python = target_python
+        self._uploaded_prior_to = uploaded_prior_to
 
         self.format_control = format_control
 
@@ -637,6 +680,7 @@ class PackageFinder:
         link_collector: LinkCollector,
         selection_prefs: SelectionPreferences,
         target_python: TargetPython | None = None,
+        uploaded_prior_to: datetime.datetime | None = None,
     ) -> PackageFinder:
         """Create a PackageFinder.
 
@@ -645,13 +689,15 @@ class PackageFinder:
         :param target_python: The target Python interpreter to use when
             checking compatibility. If None (the default), a TargetPython
             object will be constructed from the running Python.
+        :param uploaded_prior_to: If set, only find links uploaded prior
+            to the given datetime.
         """
         if target_python is None:
             target_python = TargetPython()
 
         candidate_prefs = CandidatePreferences(
             prefer_binary=selection_prefs.prefer_binary,
-            allow_all_prereleases=selection_prefs.allow_all_prereleases,
+            release_control=selection_prefs.release_control,
         )
 
         return cls(
@@ -661,6 +707,7 @@ class PackageFinder:
             allow_yanked=selection_prefs.allow_yanked,
             format_control=selection_prefs.format_control,
             ignore_requires_python=selection_prefs.ignore_requires_python,
+            uploaded_prior_to=uploaded_prior_to,
         )
 
     @property
@@ -707,11 +754,11 @@ class PackageFinder:
         return cert
 
     @property
-    def allow_all_prereleases(self) -> bool:
-        return self._candidate_prefs.allow_all_prereleases
+    def release_control(self) -> ReleaseControl | None:
+        return self._candidate_prefs.release_control
 
-    def set_allow_all_prereleases(self) -> None:
-        self._candidate_prefs.allow_all_prereleases = True
+    def set_release_control(self, release_control: ReleaseControl) -> None:
+        self._candidate_prefs.release_control = release_control
 
     @property
     def prefer_binary(self) -> bool:
@@ -720,6 +767,10 @@ class PackageFinder:
     def set_prefer_binary(self) -> None:
         self._candidate_prefs.prefer_binary = True
 
+    @property
+    def uploaded_prior_to(self) -> datetime.datetime | None:
+        return self._uploaded_prior_to
+
     def requires_python_skipped_reasons(self) -> list[str]:
         reasons = {
             detail
@@ -739,6 +790,7 @@ class PackageFinder:
             target_python=self._target_python,
             allow_yanked=self._allow_yanked,
             ignore_requires_python=self._ignore_requires_python,
+            uploaded_prior_to=self._uploaded_prior_to,
         )
 
     def _sort_links(self, links: Iterable[Link]) -> list[Link]:
@@ -773,6 +825,10 @@ class PackageFinder:
         InstallationCandidate and return it. Otherwise, return None.
         """
         result, detail = link_evaluator.evaluate_link(link)
+        if result == LinkType.upload_time_missing:
+            # Fail immediately if the index doesn't provide upload-time
+            # when --uploaded-prior-to is specified
+            raise InstallationError(detail)
         if result != LinkType.candidate:
             self._log_skipped_link(link, result, detail)
             return None
@@ -890,7 +946,7 @@ class PackageFinder:
             project_name=project_name,
             target_python=self._target_python,
             prefer_binary=candidate_prefs.prefer_binary,
-            allow_all_prereleases=candidate_prefs.allow_all_prereleases,
+            release_control=candidate_prefs.release_control,
             specifier=specifier,
             hashes=hashes,
         )
@@ -964,9 +1020,19 @@ class PackageFinder:
             )
 
         if installed_version is None and best_candidate is None:
+            # Check if only final releases are allowed for this package
+            version_type = "version"
+            if self.release_control is not None:
+                allows_pre = self.release_control.allows_prereleases(
+                    canonicalize_name(name)
+                )
+                if allows_pre is False:
+                    version_type = "final version"
+
             logger.critical(
-                "Could not find a version that satisfies the requirement %s "
+                "Could not find a %s that satisfies the requirement %s "
                 "(from versions: %s)",
+                version_type,
                 req,
                 _format_versions(best_candidate_result.all_candidates),
             )

pip/_internal/locations/__init__.py

@@ -6,7 +6,6 @@ import os
 import pathlib
 import sys
 import sysconfig
-from typing import Any
 
 from pip._internal.models.scheme import SCHEME_KEYS, Scheme
 from pip._internal.utils.compat import WINDOWS
@@ -134,7 +133,7 @@ def _looks_like_red_hat_scheme() -> bool:
     from distutils.command.install import install
     from distutils.dist import Distribution
 
-    cmd: Any = install(Distribution())
+    cmd = install(Distribution())
     cmd.finalize_options()
     return (
         cmd.exec_prefix == f"{os.path.normpath(sys.exec_prefix)}/local"

pip/_internal/locations/_sysconfig.py

@@ -4,6 +4,7 @@ import logging
 import os
 import sys
 import sysconfig
+from typing import Callable
 
 from pip._internal.exceptions import InvalidSchemeCombination, UserInstallationInvalid
 from pip._internal.models.scheme import SCHEME_KEYS, Scheme
@@ -24,7 +25,9 @@ logger = logging.getLogger(__name__)
 
 _AVAILABLE_SCHEMES = set(sysconfig.get_scheme_names())
 
-_PREFERRED_SCHEME_API = getattr(sysconfig, "get_preferred_scheme", None)
+_PREFERRED_SCHEME_API: Callable[[str], str] | None = getattr(
+    sysconfig, "get_preferred_scheme", None
+)
 
 
 def _should_use_osx_framework_prefix() -> bool:

pip/_internal/models/link.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+import datetime
 import functools
 import itertools
 import logging
@@ -7,15 +8,16 @@ import os
 import posixpath
 import re
 import urllib.parse
+import urllib.request
 from collections.abc import Mapping
 from dataclasses import dataclass
 from typing import (
-    TYPE_CHECKING,
     Any,
     NamedTuple,
 )
 
-from pip._internal.utils.deprecation import deprecated
+from pip._internal.exceptions import InvalidEggFragment
+from pip._internal.utils.datetime import parse_iso_datetime
 from pip._internal.utils.filetypes import WHEEL_EXTENSION
 from pip._internal.utils.hashes import Hashes
 from pip._internal.utils.misc import (
@@ -26,9 +28,6 @@ from pip._internal.utils.misc import (
 )
 from pip._internal.utils.urls import path_to_url, url_to_path
 
-if TYPE_CHECKING:
-    from pip._internal.index.collector import IndexContent
-
 logger = logging.getLogger(__name__)
 
 
@@ -207,6 +206,7 @@ class Link:
         "requires_python",
         "yanked_reason",
         "metadata_file_data",
+        "upload_time",
         "cache_link_parsing",
         "egg_fragment",
     ]
@@ -214,17 +214,17 @@ class Link:
     def __init__(
         self,
         url: str,
-        comes_from: str | IndexContent | None = None,
+        comes_from: str | None = None,
         requires_python: str | None = None,
         yanked_reason: str | None = None,
         metadata_file_data: MetadataFile | None = None,
+        upload_time: datetime.datetime | None = None,
         cache_link_parsing: bool = True,
         hashes: Mapping[str, str] | None = None,
     ) -> None:
         """
         :param url: url of the resource pointed to (href of the link)
-        :param comes_from: instance of IndexContent where the link was found,
-            or string.
+        :param comes_from: URL or string indicating where the link was found.
         :param requires_python: String containing the `Requires-Python`
             metadata field, specified in PEP 345. This may be specified by
             a data-requires-python attribute in the HTML link tag, as
@@ -239,6 +239,8 @@ class Link:
             no such metadata is provided. This argument, if not None, indicates
             that a separate metadata file exists, and also optionally supplies
             hashes for that file.
+        :param upload_time: upload time of the file, or None if the information
+            is not available from the server.
         :param cache_link_parsing: A flag that is used elsewhere to determine
             whether resources retrieved from this link should be cached. PyPI
             URLs should generally have this set to False, for example.
@@ -272,6 +274,7 @@ class Link:
         self.requires_python = requires_python if requires_python else None
         self.yanked_reason = yanked_reason
         self.metadata_file_data = metadata_file_data
+        self.upload_time = upload_time
 
         self.cache_link_parsing = cache_link_parsing
         self.egg_fragment = self._egg_fragment()
@@ -300,6 +303,11 @@ class Link:
         if metadata_info is None:
             metadata_info = file_data.get("dist-info-metadata")
 
+        if upload_time_data := file_data.get("upload-time"):
+            upload_time = parse_iso_datetime(upload_time_data)
+        else:
+            upload_time = None
+
         # The metadata info value may be a boolean, or a dict of hashes.
         if isinstance(metadata_info, dict):
             # The file exists, and hashes have been supplied
@@ -325,6 +333,7 @@ class Link:
             yanked_reason=yanked_reason,
             hashes=hashes,
             metadata_file_data=metadata_file_data,
+            upload_time=upload_time,
         )
 
     @classmethod
@@ -474,12 +483,7 @@ class Link:
         # an optional extras specifier. Anything else is invalid.
         project_name = match.group(1)
         if not self._project_name_re.match(project_name):
-            deprecated(
-                reason=f"{self} contains an egg fragment with a non-PEP 508 name.",
-                replacement="to use the req @ url syntax, and remove the egg fragment",
-                gone_in="26.0",
-                issue=13157,
-            )
+            raise InvalidEggFragment(self, project_name)
 
         return project_name
 

pip/_internal/models/release_control.py

@@ -0,0 +1,92 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+
+from pip._vendor.packaging.utils import NormalizedName, canonicalize_name
+
+from pip._internal.exceptions import CommandError
+
+
+# TODO: add slots=True when Python 3.9 is dropped
+@dataclass
+class ReleaseControl:
+    """Helper for managing which release types can be installed."""
+
+    all_releases: set[str] = field(default_factory=set)
+    only_final: set[str] = field(default_factory=set)
+    _order: list[tuple[str, str]] = field(
+        init=False, default_factory=list, compare=False, repr=False
+    )
+
+    def handle_mutual_excludes(
+        self, value: str, target: set[str], other: set[str], attr_name: str
+    ) -> None:
+        """Parse and apply release control option value.
+
+        Processes comma-separated package names or special values `:all:` and `:none:`.
+
+        When adding packages to target, they're removed from other to maintain mutual
+        exclusivity between all_releases and only_final. All operations are tracked in
+        order so that the original command-line argument sequence can be reconstructed
+        when passing options to build subprocesses.
+        """
+        if value.startswith("-"):
+            raise CommandError(
+                "--all-releases / --only-final option requires 1 argument."
+            )
+        new = value.split(",")
+        while ":all:" in new:
+            other.clear()
+            target.clear()
+            target.add(":all:")
+            # Track :all: in order
+            self._order.append((attr_name, ":all:"))
+            del new[: new.index(":all:") + 1]
+            # Without a none, we want to discard everything as :all: covers it
+            if ":none:" not in new:
+                return
+        for name in new:
+            if name == ":none:":
+                target.clear()
+                # Track :none: in order
+                self._order.append((attr_name, ":none:"))
+                continue
+            name = canonicalize_name(name)
+            other.discard(name)
+            target.add(name)
+            # Track package-specific setting in order
+            self._order.append((attr_name, name))
+
+    def get_ordered_args(self) -> list[tuple[str, str]]:
+        """
+        Get ordered list of (flag_name, value) tuples for reconstructing CLI args.
+
+        Returns:
+            List of tuples where each tuple is (attribute_name, value).
+            The attribute_name is either 'all_releases' or 'only_final'.
+
+        Example:
+            [("all_releases", ":all:"), ("only_final", "simple")]
+            would be reconstructed as:
+            ["--all-releases", ":all:", "--only-final", "simple"]
+        """
+        return self._order[:]
+
+    def allows_prereleases(self, canonical_name: NormalizedName) -> bool | None:
+        """
+        Determine if pre-releases are allowed for a package.
+
+        Returns:
+            True: Pre-releases are allowed (package in all_releases)
+            False: Only final releases allowed (package in only_final)
+            None: No specific setting, use default behavior
+        """
+        if canonical_name in self.all_releases:
+            return True
+        elif canonical_name in self.only_final:
+            return False
+        elif ":all:" in self.all_releases:
+            return True
+        elif ":all:" in self.only_final:
+            return False
+        return None

pip/_internal/models/selection_prefs.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 from pip._internal.models.format_control import FormatControl
+from pip._internal.models.release_control import ReleaseControl
 
 
 # TODO: This needs Python 3.10's improved slots support for dataclasses
@@ -13,7 +14,7 @@ class SelectionPreferences:
 
     __slots__ = [
         "allow_yanked",
-        "allow_all_prereleases",
+        "release_control",
         "format_control",
         "prefer_binary",
         "ignore_requires_python",
@@ -26,7 +27,7 @@ class SelectionPreferences:
     def __init__(
         self,
         allow_yanked: bool,
-        allow_all_prereleases: bool = False,
+        release_control: ReleaseControl | None = None,
         format_control: FormatControl | None = None,
         prefer_binary: bool = False,
         ignore_requires_python: bool | None = None,
@@ -35,6 +36,8 @@ class SelectionPreferences:
 
         :param allow_yanked: Whether files marked as yanked (in the sense
             of PEP 592) are permitted to be candidates for install.
+        :param release_control: A ReleaseControl object or None. Used to control
+            whether pre-releases are allowed for specific packages.
         :param format_control: A FormatControl object or None. Used to control
             the selection of source packages / binary packages when consulting
             the index and links.
@@ -47,7 +50,7 @@ class SelectionPreferences:
             ignore_requires_python = False
 
         self.allow_yanked = allow_yanked
-        self.allow_all_prereleases = allow_all_prereleases
+        self.release_control = release_control
         self.format_control = format_control
         self.prefer_binary = prefer_binary
         self.ignore_requires_python = ignore_requires_python

pip/_internal/network/auth.py

@@ -20,7 +20,6 @@ from pathlib import Path
 from typing import Any, NamedTuple
 
 from pip._vendor.requests.auth import AuthBase, HTTPBasicAuth
-from pip._vendor.requests.models import Request, Response
 from pip._vendor.requests.utils import get_netrc_auth
 
 from pip._internal.utils.logging import getLogger
@@ -33,6 +32,10 @@ from pip._internal.utils.misc import (
 )
 from pip._internal.vcs.versioncontrol import AuthInfo
 
+if typing.TYPE_CHECKING:
+    from pip._vendor.requests import PreparedRequest
+    from pip._vendor.requests.models import Response
+
 logger = getLogger(__name__)
 
 KEYRING_DISABLED = False
@@ -437,8 +440,9 @@ class MultiDomainBasicAuth(AuthBase):
 
         return url, username, password
 
-    def __call__(self, req: Request) -> Request:
+    def __call__(self, req: PreparedRequest) -> PreparedRequest:
         # Get credentials for this request
+        assert req.url is not None
         url, username, password = self._get_url_and_credentials(req.url)
 
         # Set the url of the request to the url without any credentials

pip/_internal/network/download.py

@@ -167,14 +167,13 @@ class Downloader:
         self,
         session: PipSession,
         progress_bar: BarType,
-        resume_retries: int,
     ) -> None:
-        assert (
-            resume_retries >= 0
-        ), "Number of max resume retries must be bigger or equal to zero"
         self._session = session
         self._progress_bar = progress_bar
-        self._resume_retries = resume_retries
+        self._resume_retries = session.resume_retries
+        assert (
+            self._resume_retries >= 0
+        ), "Number of max resume retries must be bigger or equal to zero"
 
     def batch(
         self, links: Iterable[Link], location: str