Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pip for openSUSE:Factory checked in at 2026-04-28 14:29:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pip (Old) and /work/SRC/openSUSE:Factory/.python-pip.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pip" Tue Apr 28 14:29:45 2026 rev:73 rq:1349554 version:26.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pip/python-pip.changes 2026-02-16 13:40:53.976569919 +0100 +++ /work/SRC/openSUSE:Factory/.python-pip.new.11940/python-pip.changes 2026-04-28 14:30:37.767113164 +0200 @@ -1,0 +2,56 @@ +Mon Apr 27 10:39:05 UTC 2026 - Daniel Garcia <[email protected]> + +- Update to 26.1 (bsc#1262429, CVE-2026-3219): + # Deprecations and Removals + - Drop support for Python 3.9. + + # Features + - Add experimental support to read requirements from standardized + pylock.toml files (``-r pylock.toml``). + - Allow ``--uploaded-prior-to`` to accept a duration in days (e.g., + ``P3D`` for 3 days ago). + + # Enhancements + - Speed up dependency resolution when there are complex conflicts. + - Reduce memory usage when resolving large dependency trees. + - Emit a deprecation warning when pip imports an unexpected module + after installation of a distribution has started. + - Allow URL constraints to apply to requirements with extras. + - Allow unpinned requirements to use hashes from constraints. + Constraints like ``{name}=={version} --hash=...`` feeds into hash + verification for a corresponding requirement. + - Improve conflict reports that involve direct URLs. + - Show all errors instead of first error for faulty + ``dependency_groups`` definitions. + + # Bug Fixes + - Fix recovery hint for missing RECORD file to use + ``--ignore-installed`` instead of ``--force-reinstall``. + - Fix misleading error message when a constraint file cannot be + opened. + - Show the filename rather than the full URL when downloading files + from non-PyPI indexes in non-verbose mode. + - Remove the adjacent ``__pycache__`` directory when a .py file is + removed. + - Force UTF-8 encoding for :pep:`723` metadata. + - Minor performance improvement when filtering candidates during + resolution. + - Fix a hang on Windows when stdout is closed during verbose output. + - Common path prefixes are determined by path segment, not character + by character. + - Fix installing ``.tar.gz`` source distributions that look like a + zip file. + + # Vendored Libraries + - Upgrade certifi to 2026.2.25 + - Upgrade packaging to 26.2 + - Upgrade requests to 2.33.1 + - Upgrade tomli to 2.3.1 + - Upgrade urllib3 to 2.6.3 + - Use ``packaging`` 26.1's new ``dependency_groups`` module, + removing ``dependency-groups`` vendor. + - Use ``packaging.direct_url`` to manipulate ``direct_url.json``. + Besides difference in validation error messages, there should be + no user-visible change. + +------------------------------------------------------------------- Old: ---- pip-26.0.1-gh.tar.gz New: ---- pip-26.1-gh.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pip.spec ++++++ --- /var/tmp/diff_new_pack.CowNmp/_old 2026-04-28 14:30:38.331135917 +0200 +++ /var/tmp/diff_new_pack.CowNmp/_new 2026-04-28 14:30:38.335136079 +0200 @@ -34,7 +34,7 @@ %{?pythons_for_pypi} %{?sle15_python_module_pythons} Name: python-pip%{psuffix} -Version: 26.0.1 +Version: 26.1 Release: 0 Summary: A Python package management system License: MIT ++++++ pip-26.0.1-gh.tar.gz -> pip-26.1-gh.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-pip/pip-26.0.1-gh.tar.gz /work/SRC/openSUSE:Factory/.python-pip.new.11940/pip-26.1-gh.tar.gz differ: char 14, line 1
