Bug Fixes:
- Added clearer error reporting when skipping pre-releases (#655). Thanks @WoLpH
Bug Fixes:
- Added missing package data from vendored pip, such as missing cacert.pem file. Thanks @vphilippon
Major changes:
- Vendored
pip9.0.3 to keep compatibility for users withpip10.0.0 (#644). Thanks @vphilippon
Features:
- Improved the speed of pip-compile --generate-hashes by caching the hashes from an existing output file (#641). Thanks @justicz
- Added a
pip-sync --useroption to restrict attention to user-local directory (#642). Thanks @jbergknoff-10e - Removed the hard dependency on setuptools (#645). Thanks @vphilippon
Bug fixes:
- The pip environment markers on top-level requirements in the source file (requirements.in) are now properly handled and will only be processed in the right environment (#647). Thanks @JoergRittinger
Features:
- Allow editable packages in requirements.in with
pip-compile --generate-hashes(#524). Thanks @jdufresne - Allow for CA bundles with
pip-compile --cert(#612). Thanks @khwilson - Improved
pip-compileduration with large locally available editable requirement by skipping a copy to the cache (#583). Thanks @costypetrisor - Slightly improved the
NoCandidateFounderror message on potential causes (#614). Thanks @vphilippon
Bug Fixes:
- Add
-markerlibto the list ofPACKAGES_TO_IGNOREofpip-sync(#613).
Bug Fixes:
- Fixed bug causing dependencies from invalid wheels for the current platform to be included (#571).
pip-syncwill respect environment markers in the requirements.txt (600). Thanks @hazmat345- Converted the ReadMe to have a nice description rendering on PyPI. Thanks @bittner
Bug Fixes:
- Fixed bug breaking
pip-syncon Python 3, raisingTypeError: '<' not supported between instances of 'InstallRequirement' and 'InstallRequirement'(#570).
Features:
--generate-hashesnow generates hashes for all wheels, not only wheels for the currently running platform (#520). Thanks @jdufresne- Added a
-q/--quietargument to the pip-sync command to reduce log output.
Bug Fixes:
- Fixed bug where unsafe packages would get pinned in generated requirements files
when
--allow-unsafewas not set. (#517). Thanks @dschaller - Fixed bug where editable PyPI dependencies would have a
download_dirand be exposed togit-checkout-index, (thus losing their VCS directory) andpython setup.py egg_infofails. (#385 and #538). Thanks @blueyed and @dfee - Fixed bug where some primary dependencies were annotated with "via" info comments. (#542). Thanks @quantus
- Fixed bug where pkg-resources would be removed by pip-sync in Ubuntu. (#555). Thanks @cemsbr
- Fixed bug where the resolver would sometime not stabilize on requirements specifying extras. (#566). Thanks @vphilippon
- Fixed an unicode encoding error when distribution package contains non-ASCII file names (#567). Thanks @suutari
- Fixed package hashing doing unnecessary unpacking (#557). Thanks @suutari-ai
Features:
- Added ability to read requirements from
setup.pyinstead of justrequirements.in(#418). Thanks to @tysonclugg and @majuscule. - Added a
--max-roundsargument to the pip-compile command to allow for solving large requirement sets (#472). Thanks @derek-miller. - Exclude unsafe packages' dependencies when
--allow-unsafeis not in use (#441). Thanks @jdufresne. - Exclude irrelevant pip constraints (#471). Thanks @derek-miller.
- Allow control over emitting trusted-host to the compiled requirements. (#448). Thanks @tonyseek.
- Allow running as a Python module (#461). Thanks @AndreLouisCaron.
- Preserve environment markers in generated requirements.txt. (#460). Thanks @barrywhart.
Bug Fixes:
- Fixed the --upgrade-package option to respect the given package list to update (#491).
- Fixed the default output file name when the source file has no extension (#488). Thanks @vphilippon
- Fixed crash on editable requirements introduced in 1.8.2.
- Fixed duplicated --trusted-host, --extra-index-url and --index-url in the generated requirements.
- Regression fix: editable reqs were loosing their dependencies after first round (#476) Thanks @mattlong
- Remove duplicate index urls in generated requirements.txt (#468) Thanks @majuscule
- Recalculate secondary dependencies between rounds (#378)
- Calculated dependencies could be left with wrong candidates when toplevel requirements happen to be also pinned in sub-dependencies (#450)
- Fix duplicate entries that could happen in generated requirements.txt (#427)
- Gracefully report invalid pip version (#457)
- Fix capitalization in the generated requirements.txt, packages will always be lowercased (#452)
- Adds support for upgrading individual packages with a new option
--upgrade-package. To upgrade a specific package to the latest or a specific version use--upgrade-package <pkg>. To upgrade all packages, you can still usepip-compile --upgrade. (#409) - Adds support for pinning dependencies even further by including the hashes found on PyPI at compilation time, which will be re-checked when dependencies are installed at installation time. This adds protection against packages that are tampered with. (#383)
- Improve support for extras, like
hypothesis[django] - Drop support for pip < 8
- Add
--allow-unsafeoption (#377)
- Add compatibility with pip >= 8.1.2 (#374) Thanks so much, @jmbowman!
- Add warning that pip >= 8.1.2 is not supported until 1.7.x is out
- Incorporate fix for atomic file saving behaviour on the Windows platform (see #351)
- PyPI won't let me upload 1.6.2
- Respect pip configuration from pip.{ini,conf}
- Fixes for atomic-saving of output files on Windows (see #351)
Minor changes:
- pip-sync now supports being invoked from within and outside an activated virtualenv (see #317)
- pip-compile: support -U as a shorthand for --upgrade
- pip-compile: support pip's --no-binary and --binary-only flags
Fixes:
- Change header format of output files to mention all input files
Major change:
- pip-compile will by default try to fulfill package specs by looking at
a previously compiled output file first, before checking PyPI. This means
pip-compile will only update the requirements.txt when it absolutely has to.
To get the old behaviour (picking the latest version of all packages from
PyPI), use the new
--upgradeoption.
Minor changes:
- Bugfix where pip-compile would lose "via" info when on pip 8 (see #313)
- Ensure cache dir exists (see #315)
- Add support for pip >= 8
- Drop support for pip < 7
- Fix bug where
pip-syncfails to uninstall packages if you're using the--no-index(or other) flags
- Add
--no-indexflag topip-compileto avoid emitting--index-urlinto the output (useful if you have configured a different index in your global ~/.pip/pip.conf, for example) - Fix: ignore stdlib backport packages, like
argparse, when listing which packages will be installed/uninstalled (#286) - Fix pip-sync failed uninstalling packages when using
--find-links(#298) - Explicitly error when pip-tools is used with pip 8.0+ (for now)
- Fix: unintended change in behaviour where packages installed by
pip-synccould accidentally get upgraded under certain conditions, even though the requirements.txt would dictate otherwise (see #290)
- Fix: add
--index-urland--extra-index-urloptions topip-sync - Fix: always install using
--upgradeflag when runningpip-sync
- Fix bug where umask was ignored when writing requirement files (#268)
- Fix bug where successive invocations of pip-sync with editables kept uninstalling/installing them (fixes #270)
- Add command line option -f / --find-links
- Add command line option --no-index
- Add command line alias -n (for --dry-run)
- Fix a unicode issue
- Support multiple requirement files to pip-compile
- Support requirements from stdin for pip-compile
- Support --output-file option on pip-compile, to redirect output to a file (or stdout)
- Add CHANGELOG :)
- Support pip-sync'ing editable requirements
- Support extras properly (i.e. package[foo] syntax)
(Anything before 1.2.0 was not recorded.)