pip 25.3__py3-none-any.whl → 26.0__py3-none-any.whl

pip/_internal/network/session.py

@@ -50,8 +50,8 @@ from pip._internal.utils.urls import url_to_path
 if TYPE_CHECKING:
     from ssl import SSLContext
 
+    from pip._vendor.urllib3 import ProxyManager
     from pip._vendor.urllib3.poolmanager import PoolManager
-    from pip._vendor.urllib3.proxymanager import ProxyManager
 
 
 logger = logging.getLogger(__name__)
@@ -212,11 +212,12 @@ class LocalFSAdapter(BaseAdapter):
         self,
         request: PreparedRequest,
         stream: bool = False,
-        timeout: float | tuple[float, float] | None = None,
+        timeout: float | tuple[float, float] | tuple[float, None] | None = None,
         verify: bool | str = True,
-        cert: str | tuple[str, str] | None = None,
+        cert: bytes | str | tuple[bytes | str, bytes | str] | None = None,
         proxies: Mapping[str, str] | None = None,
     ) -> Response:
+        assert request.url is not None
         pathname = url_to_path(request.url)
 
         resp = Response()
@@ -237,13 +238,13 @@ class LocalFSAdapter(BaseAdapter):
             resp.headers = CaseInsensitiveDict(
                 {
                     "Content-Type": content_type,
-                    "Content-Length": stats.st_size,
+                    "Content-Length": str(stats.st_size),
                     "Last-Modified": modified,
                 }
             )
 
             resp.raw = open(pathname, "rb")
-            resp.close = resp.raw.close
+            resp.close = resp.raw.close  # type: ignore[method-assign]
 
         return resp
 
@@ -277,7 +278,7 @@ class _SSLContextAdapterMixin:
     ) -> PoolManager:
         if self._ssl_context is not None:
             pool_kwargs.setdefault("ssl_context", self._ssl_context)
-        return super().init_poolmanager(  # type: ignore[misc]
+        return super().init_poolmanager(  # type: ignore[misc, no-any-return]
             connections=connections,
             maxsize=maxsize,
             block=block,
@@ -289,7 +290,7 @@ class _SSLContextAdapterMixin:
         # context here too. https://github.com/pypa/pip/issues/13288
         if self._ssl_context is not None:
             proxy_kwargs.setdefault("ssl_context", self._ssl_context)
-        return super().proxy_manager_for(proxy, **proxy_kwargs)  # type: ignore[misc]
+        return super().proxy_manager_for(proxy, **proxy_kwargs)  # type: ignore[misc, no-any-return]
 
 
 class HTTPAdapter(_SSLContextAdapterMixin, _BaseHTTPAdapter):
@@ -329,6 +330,7 @@ class PipSession(requests.Session):
         self,
         *args: Any,
         retries: int = 0,
+        resume_retries: int = 0,
         cache: str | None = None,
         trusted_hosts: Sequence[str] = (),
         index_urls: list[str] | None = None,
@@ -350,7 +352,7 @@ class PipSession(requests.Session):
         self.headers["User-Agent"] = user_agent()
 
         # Attach our Authentication handler to the session
-        self.auth = MultiDomainBasicAuth(index_urls=index_urls)
+        self.auth: MultiDomainBasicAuth = MultiDomainBasicAuth(index_urls=index_urls)
 
         # Create our urllib3.Retry instance which will allow us to customize
         # how we handle retries.
@@ -370,6 +372,7 @@ class PipSession(requests.Session):
             # order to prevent hammering the service.
             backoff_factor=0.25,
         )  # type: ignore
+        self.resume_retries = resume_retries
 
         # Our Insecure HTTPAdapter disables HTTPS validation. It does not
         # support caching so we'll use it for all http:// URLs.
@@ -383,8 +386,9 @@ class PipSession(requests.Session):
         # we can't validate the response of an insecurely/untrusted fetched
         # origin, and we don't want someone to be able to poison the cache and
         # require manual eviction from the cache to fix it.
+        self._trusted_host_adapter: InsecureCacheControlAdapter | InsecureHTTPAdapter
         if cache:
-            secure_adapter = CacheControlAdapter(
+            secure_adapter: _BaseHTTPAdapter = CacheControlAdapter(
                 cache=SafeFileCache(cache),
                 max_retries=retries,
                 ssl_context=ssl_context,
@@ -518,7 +522,7 @@ class PipSession(requests.Session):
 
         return False
 
-    def request(self, method: str, url: str, *args: Any, **kwargs: Any) -> Response:
+    def request(self, method: str, url: str, *args: Any, **kwargs: Any) -> Response:  # type: ignore[override]
         # Allow setting a default timeout on a session
         kwargs.setdefault("timeout", self.timeout)
         # Allow setting a default proxies on a session

pip/_internal/operations/install/wheel.py

@@ -411,8 +411,7 @@ class PipScriptMaker(ScriptMaker):
         import sys
         from %(module)s import %(import_name)s
         if __name__ == '__main__':
-            if sys.argv[0].endswith('.exe'):
-                sys.argv[0] = sys.argv[0][:-4]
+            sys.argv[0] = sys.argv[0].removesuffix('.exe')
             sys.exit(%(func)s())
 """
     )

pip/_internal/operations/prepare.py

@@ -225,7 +225,7 @@ def _check_download_dir(
 class RequirementPreparer:
     """Prepares a Requirement"""
 
-    def __init__(  # noqa: PLR0913 (too many parameters)
+    def __init__(
         self,
         *,
         build_dir: str,
@@ -243,7 +243,6 @@ class RequirementPreparer:
         lazy_wheel: bool,
         verbosity: int,
         legacy_resolver: bool,
-        resume_retries: int,
     ) -> None:
         super().__init__()
 
@@ -251,7 +250,7 @@ class RequirementPreparer:
         self.build_dir = build_dir
         self.build_tracker = build_tracker
         self._session = session
-        self._download = Downloader(session, progress_bar, resume_retries)
+        self._download = Downloader(session, progress_bar)
         self.finder = finder
 
         # Where still-packed archives should be written to. If None, they are

pip/_internal/req/constructors.py

@@ -258,8 +258,10 @@ def install_req_from_editable(
     permit_editable_wheels: bool = False,
     config_settings: dict[str, str | list[str]] | None = None,
 ) -> InstallRequirement:
-    parts = parse_req_from_editable(editable_req)
+    if constraint:
+        raise InstallationError("Editable requirements are not allowed as constraints")
 
+    parts = parse_req_from_editable(editable_req)
     return InstallRequirement(
         parts.requirement,
         comes_from=comes_from,

pip/_internal/req/pep723.py

@@ -0,0 +1,41 @@
+import re
+from typing import Any
+
+from pip._internal.utils.compat import tomllib
+
+REGEX = r"(?m)^# /// (?P<type>[a-zA-Z0-9-]+)$\s(?P<content>(^#(| .*)$\s)+)^# ///$"
+
+
+class PEP723Exception(ValueError):
+    """Raised to indicate a problem when parsing PEP 723 metadata from a script"""
+
+    def __init__(self, msg: str) -> None:
+        self.msg = msg
+
+
+def pep723_metadata(scriptfile: str) -> dict[str, Any]:
+    with open(scriptfile) as f:
+        script = f.read()
+
+    name = "script"
+    matches = list(
+        filter(lambda m: m.group("type") == name, re.finditer(REGEX, script))
+    )
+
+    if len(matches) > 1:
+        raise PEP723Exception(f"Multiple {name!r} blocks found in {scriptfile!r}")
+    elif len(matches) == 1:
+        content = "".join(
+            line[2:] if line.startswith("# ") else line[1:]
+            for line in matches[0].group("content").splitlines(keepends=True)
+        )
+        try:
+            metadata = tomllib.loads(content)
+        except Exception as exc:
+            raise PEP723Exception(f"Failed to parse TOML in {scriptfile!r}") from exc
+    else:
+        raise PEP723Exception(
+            f"File does not contain {name!r} metadata: {scriptfile!r}"
+        )
+
+    return metadata

pip/_internal/req/req_file.py

@@ -25,6 +25,7 @@ from typing import (
 
 from pip._internal.cli import cmdoptions
 from pip._internal.exceptions import InstallationError, RequirementsFileParseError
+from pip._internal.models.release_control import ReleaseControl
 from pip._internal.models.search_scope import SearchScope
 
 if TYPE_CHECKING:
@@ -59,6 +60,8 @@ SUPPORTED_OPTIONS: list[Callable[..., optparse.Option]] = [
     cmdoptions.prefer_binary,
     cmdoptions.require_hashes,
     cmdoptions.pre,
+    cmdoptions.all_releases,
+    cmdoptions.only_final,
     cmdoptions.trusted_host,
     cmdoptions.use_new_feature,
 ]
@@ -273,8 +276,14 @@ def handle_option_line(
         )
         finder.search_scope = search_scope
 
+        # Transform --pre into --all-releases :all:
         if opts.pre:
-            finder.set_allow_all_prereleases()
+            if not opts.release_control:
+                opts.release_control = ReleaseControl()
+            opts.release_control.all_releases.add(":all:")
+
+        if opts.release_control:
+            finder.set_release_control(opts.release_control)
 
         if opts.prefer_binary:
             finder.set_prefer_binary()

pip/_internal/resolution/resolvelib/factory.py

@@ -695,9 +695,20 @@ class Factory:
                 "version: %s",
                 "; ".join(skipped_by_requires_python) or "none",
             )
+
+        # Check if only final releases are allowed for this package
+        version_type = "version"
+        if self._finder.release_control is not None:
+            allows_pre = self._finder.release_control.allows_prereleases(
+                canonicalize_name(req.project_name)
+            )
+            if allows_pre is False:
+                version_type = "final version"
+
         logger.critical(
-            "Could not find a version that satisfies the requirement %s "
+            "Could not find a %s that satisfies the requirement %s "
             "(from versions: %s)",
+            version_type,
             req_disp,
             ", ".join(versions) or "none",
         )

pip/_internal/resolution/resolvelib/requirements.py

@@ -164,6 +164,12 @@ class RequiresPythonRequirement(Requirement):
         self._hash: int | None = None
         self._candidate = match
 
+        # Pre-compute candidate lookup to avoid repeated specifier checks
+        if specifier.contains(match.version, prereleases=True):
+            self._candidate_lookup: CandidateLookup = (match, None)
+        else:
+            self._candidate_lookup = (None, None)
+
     def __str__(self) -> str:
         return f"Python {self.specifier}"
 
@@ -197,9 +203,7 @@ class RequiresPythonRequirement(Requirement):
         return str(self)
 
     def get_candidate_lookup(self) -> CandidateLookup:
-        if self.specifier.contains(self._candidate.version, prereleases=True):
-            return self._candidate, None
-        return None, None
+        return self._candidate_lookup
 
     def is_satisfied_by(self, candidate: Candidate) -> bool:
         assert candidate.name == self._candidate.name, "Not Python candidate"

pip/_internal/self_outdated_check.py

@@ -9,7 +9,7 @@ import optparse
 import os.path
 import sys
 from dataclasses import dataclass
-from typing import Any, Callable
+from typing import Callable
 
 from pip._vendor.packaging.version import Version
 from pip._vendor.packaging.version import parse as parse_version
@@ -20,9 +20,11 @@ from pip._vendor.rich.text import Text
 from pip._internal.index.collector import LinkCollector
 from pip._internal.index.package_finder import PackageFinder
 from pip._internal.metadata import get_default_environment
+from pip._internal.models.release_control import ReleaseControl
 from pip._internal.models.selection_prefs import SelectionPreferences
 from pip._internal.network.session import PipSession
 from pip._internal.utils.compat import WINDOWS
+from pip._internal.utils.datetime import parse_iso_datetime
 from pip._internal.utils.entrypoints import (
     get_best_invocation_for_this_pip,
     get_best_invocation_for_this_python,
@@ -50,18 +52,9 @@ def _get_statefile_name(key: str) -> str:
     return name
 
 
-def _convert_date(isodate: str) -> datetime.datetime:
-    """Convert an ISO format string to a date.
-
-    Handles the format 2020-01-22T14:24:01Z (trailing Z)
-    which is not supported by older versions of fromisoformat.
-    """
-    return datetime.datetime.fromisoformat(isodate.replace("Z", "+00:00"))
-
-
 class SelfCheckState:
     def __init__(self, cache_dir: str) -> None:
-        self._state: dict[str, Any] = {}
+        self._state: dict[str, str] = {}
         self._statefile_path = None
 
         # Try to load the existing state
@@ -93,7 +86,7 @@ class SelfCheckState:
             return None
 
         # Determine if we need to refresh the state
-        last_check = _convert_date(self._state["last_check"])
+        last_check = parse_iso_datetime(self._state["last_check"])
         time_since_last_check = current_time - last_check
         if time_since_last_check > _WEEK:
             return None
@@ -187,7 +180,7 @@ def _get_current_remote_pip_version(
     # yanked version.
     selection_prefs = SelectionPreferences(
         allow_yanked=False,
-        allow_all_prereleases=False,  # Explicitly set to False
+        release_control=ReleaseControl(only_final={"pip"}),
     )
 
     finder = PackageFinder.create(

pip/_internal/utils/datetime.py

@@ -1,6 +1,7 @@
 """For when pip wants to check the date or time."""
 
 import datetime
+import sys
 
 
 def today_is_later_than(year: int, month: int, day: int) -> bool:
@@ -8,3 +9,20 @@ def today_is_later_than(year: int, month: int, day: int) -> bool:
     given = datetime.date(year, month, day)
 
     return today > given
+
+
+def parse_iso_datetime(isodate: str) -> datetime.datetime:
+    """Convert an ISO format string to a datetime.
+
+    Handles the format 2020-01-22T14:24:01Z (trailing Z)
+    which is not supported by older versions of fromisoformat.
+    """
+    # Python 3.11+ supports Z suffix natively in fromisoformat
+    if sys.version_info >= (3, 11):
+        return datetime.datetime.fromisoformat(isodate)
+    else:
+        return datetime.datetime.fromisoformat(
+            isodate.replace("Z", "+00:00")
+            if isodate.endswith("Z") and ("T" in isodate or " " in isodate.strip())
+            else isodate
+        )

pip/_internal/utils/filesystem.py

@@ -7,8 +7,9 @@ import random
 import sys
 from collections.abc import Generator
 from contextlib import contextmanager
+from pathlib import Path
 from tempfile import NamedTemporaryFile
-from typing import Any, BinaryIO, cast
+from typing import Any, BinaryIO, Callable, cast
 
 from pip._internal.utils.compat import get_path_uid
 from pip._internal.utils.misc import format_size
@@ -162,3 +163,41 @@ def copy_directory_permissions(directory: str, target_file: BinaryIO) -> None:
         os.chmod(target_file.fileno(), mode)
     elif os.chmod in os.supports_follow_symlinks:
         os.chmod(target_file.name, mode, follow_symlinks=False)
+
+
+def _subdirs_without_generic(
+    path: str, predicate: Callable[[str, list[str]], bool]
+) -> Generator[Path]:
+    """Yields every subdirectory of +path+ that has no files matching the
+    predicate under it."""
+
+    directories = []
+    excluded = set()
+
+    for root_str, _, filenames in os.walk(Path(path).resolve()):
+        root = Path(root_str)
+        if predicate(root_str, filenames):
+            # This directory should be excluded, so exclude it and all of its
+            # parent directories.
+            # The last item in root.parents is ".", so we ignore it.
+            #
+            # Wrapping this in `list()` is only needed for Python 3.9.
+            excluded.update(list(root.parents)[:-1])
+            excluded.add(root)
+        directories.append(root)
+
+    for d in sorted(directories, reverse=True):
+        if d not in excluded:
+            yield d
+
+
+def subdirs_without_files(path: str) -> Generator[Path]:
+    """Yields every subdirectory of +path+ that has no files under it."""
+    return _subdirs_without_generic(path, lambda root, filenames: len(filenames) > 0)
+
+
+def subdirs_without_wheels(path: str) -> Generator[Path]:
+    """Yields every subdirectory of +path+ that has no .whl files under it."""
+    return _subdirs_without_generic(
+        path, lambda root, filenames: any(x.endswith(".whl") for x in filenames)
+    )

pip/_internal/utils/logging.py

@@ -9,7 +9,7 @@ import sys
 import threading
 from collections.abc import Generator
 from dataclasses import dataclass
-from io import TextIOWrapper
+from io import StringIO, TextIOWrapper
 from logging import Filter
 from typing import Any, ClassVar
 
@@ -29,7 +29,7 @@ from pip._vendor.rich.style import Style
 from pip._internal.utils._log import VERBOSE, getLogger
 from pip._internal.utils.compat import WINDOWS
 from pip._internal.utils.deprecation import DEPRECATION_MSG_PREFIX
-from pip._internal.utils.misc import ensure_dir
+from pip._internal.utils.misc import StreamWrapper, ensure_dir
 
 _log_state = threading.local()
 _stdout_console = None
@@ -56,6 +56,38 @@ def _is_broken_pipe_error(exc_class: type[BaseException], exc: BaseException) ->
     return isinstance(exc, OSError) and exc.errno in (errno.EINVAL, errno.EPIPE)
 
 
+@contextlib.contextmanager
+def capture_logging() -> Generator[StringIO, None, None]:
+    """Capture all pip logs in a buffer temporarily."""
+    # Patching sys.std(out|err) directly is not viable as the caller
+    # may want to emit non-logging output (e.g. a rich spinner). To
+    # avoid capturing that, temporarily patch the root logging handlers
+    # to use new rich consoles that write to a StringIO.
+    handlers = {}
+    for handler in logging.getLogger().handlers:
+        if isinstance(handler, RichPipStreamHandler):
+            # Also store the handler's original console so it can be
+            # restored on context exit.
+            handlers[handler] = handler.console
+
+    fake_stream = StreamWrapper.from_stream(sys.stdout)
+    if not handlers:
+        yield fake_stream
+        return
+
+    # HACK: grab no_color attribute from a random handler console since
+    # it's a global option anyway.
+    no_color = next(iter(handlers.values())).no_color
+    fake_console = PipConsole(file=fake_stream, no_color=no_color, soft_wrap=True)
+    try:
+        for handler in handlers:
+            handler.console = fake_console
+        yield fake_stream
+    finally:
+        for handler, original_console in handlers.items():
+            handler.console = original_console
+
+
 @contextlib.contextmanager
 def indent_log(num: int = 2) -> Generator[None, None, None]:
     """

pip/_internal/utils/misc.py

@@ -182,10 +182,12 @@ def rmtree_errorhandler(
 def display_path(path: str) -> str:
     """Gives the display value for a given path, making it relative to cwd
     if possible."""
-    path = os.path.normcase(os.path.abspath(path))
-    if path.startswith(os.getcwd() + os.path.sep):
-        path = "." + path[len(os.getcwd()) :]
-    return path
+    try:
+        relative = Path(path).relative_to(Path.cwd())
+    except ValueError:
+        # If the path isn't relative to the CWD, leave it alone
+        return path
+    return os.path.join(".", relative)
 
 
 def backup_dir(dir: str, ext: str = ".bak") -> str:
@@ -541,14 +543,18 @@ class HiddenText:
     def __str__(self) -> str:
         return self.redacted
 
-    # This is useful for testing.
-    def __eq__(self, other: Any) -> bool:
-        if type(self) is not type(other):
-            return False
-
-        # The string being used for redaction doesn't also have to match,
-        # just the raw, original string.
-        return self.secret == other.secret
+    def __eq__(self, other: object) -> bool:
+        # Equality is particularly useful for testing.
+        if type(self) is type(other):
+            # The string being used for redaction doesn't also have to match,
+            # just the raw, original string.
+            return self.secret == cast(HiddenText, other).secret
+        return NotImplemented
+
+    # Disable hashing, since we have a custom __eq__ and don't need hash-ability
+    # (yet). The only required property of hashing is that objects which compare
+    # equal have the same hash value.
+    __hash__ = None  # type: ignore[assignment]
 
 
 def hide_value(value: str) -> HiddenText:

pip/_internal/utils/pylock.py

@@ -0,0 +1,116 @@
+from collections.abc import Iterable
+from pathlib import Path
+
+from pip._vendor.packaging.pylock import (
+    Package,
+    PackageArchive,
+    PackageDirectory,
+    PackageSdist,
+    PackageVcs,
+    PackageWheel,
+    Pylock,
+)
+from pip._vendor.packaging.version import Version
+
+from pip._internal.models.direct_url import ArchiveInfo, DirInfo, VcsInfo
+from pip._internal.models.link import Link
+from pip._internal.req.req_install import InstallRequirement
+from pip._internal.utils.urls import url_to_path
+
+
+def _pylock_package_from_install_requirement(
+    ireq: InstallRequirement, base_dir: Path
+) -> Package:
+    base_dir = base_dir.resolve()
+    dist = ireq.get_dist()
+    download_info = ireq.download_info
+    assert download_info
+    package_version = None
+    package_vcs = None
+    package_directory = None
+    package_archive = None
+    package_sdist = None
+    package_wheels = None
+    if ireq.is_direct:
+        if isinstance(download_info.info, VcsInfo):
+            package_vcs = PackageVcs(
+                type=download_info.info.vcs,
+                url=download_info.url,
+                path=None,
+                requested_revision=download_info.info.requested_revision,
+                commit_id=download_info.info.commit_id,
+                subdirectory=download_info.subdirectory,
+            )
+        elif isinstance(download_info.info, DirInfo):
+            package_directory = PackageDirectory(
+                path=(
+                    Path(url_to_path(download_info.url))
+                    .resolve()
+                    .relative_to(base_dir)
+                    .as_posix()
+                ),
+                editable=(
+                    download_info.info.editable if download_info.info.editable else None
+                ),
+                subdirectory=download_info.subdirectory,
+            )
+        elif isinstance(download_info.info, ArchiveInfo):
+            if not download_info.info.hashes:
+                raise NotImplementedError()
+            package_archive = PackageArchive(
+                url=download_info.url,
+                path=None,
+                hashes=download_info.info.hashes,
+                subdirectory=download_info.subdirectory,
+            )
+        else:
+            # should never happen
+            raise NotImplementedError()
+    else:
+        package_version = dist.version
+        if isinstance(download_info.info, ArchiveInfo):
+            if not download_info.info.hashes:
+                raise NotImplementedError()
+            link = Link(download_info.url)
+            if link.is_wheel:
+                package_wheels = [
+                    PackageWheel(
+                        name=link.filename,
+                        url=download_info.url,
+                        hashes=download_info.info.hashes,
+                    )
+                ]
+            else:
+                package_sdist = PackageSdist(
+                    name=link.filename,
+                    url=download_info.url,
+                    hashes=download_info.info.hashes,
+                )
+        else:
+            # should never happen
+            raise NotImplementedError()
+    return Package(
+        name=dist.canonical_name,
+        version=package_version,
+        vcs=package_vcs,
+        directory=package_directory,
+        archive=package_archive,
+        sdist=package_sdist,
+        wheels=package_wheels,
+    )
+
+
+def pylock_from_install_requirements(
+    install_requirements: Iterable[InstallRequirement], base_dir: Path
+) -> Pylock:
+    return Pylock(
+        lock_version=Version("1.0"),
+        created_by="pip",
+        packages=sorted(
+            (
+                _pylock_package_from_install_requirement(ireq, base_dir)
+                for ireq in install_requirements
+            ),
+            key=lambda p: p.name,
+        ),
+    )

pip/_internal/utils/unpacking.py

@@ -83,7 +83,7 @@ def is_within_directory(directory: str, target: str) -> bool:
     abs_directory = os.path.abspath(directory)
     abs_target = os.path.abspath(target)
 
-    prefix = os.path.commonprefix([abs_directory, abs_target])
+    prefix = os.path.commonpath([abs_directory, abs_target])
     return prefix == abs_directory
 
 

pip/_internal/vcs/versioncontrol.py

@@ -62,8 +62,9 @@ def make_vcs_requirement_url(
       repo_url: the remote VCS url, with any needed VCS prefix (e.g. "git+").
       project_name: the (unescaped) project name.
     """
+    quoted_rev = urllib.parse.quote(rev, "/")
     egg_project_name = project_name.replace("-", "_")
-    req = f"{repo_url}@{rev}#egg={egg_project_name}"
+    req = f"{repo_url}@{quoted_rev}#egg={egg_project_name}"
     if subdir:
         req += f"&subdirectory={subdir}"
 
@@ -397,6 +398,7 @@ class VersionControl:
                     "which is not supported. Include a revision after @ "
                     "or remove @ from the URL."
                 )
+            rev = urllib.parse.unquote(rev)
         url = urllib.parse.urlunsplit((scheme, netloc, path, query, ""))
         return url, rev, user_pass