Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache requires-python checks & skip debug logging #13128

Merged
merged 1 commit into from
Jan 12, 2025
Merged

Cache requires-python checks & skip debug logging #13128

merged 1 commit into from
Jan 12, 2025

Conversation

ichard26
Copy link
Member

The requires-python check is pretty fast, but when performed for 10000 links, the checks consume a nontrival amount of time. For example, while installing (pre-cached + --dry-run) a pared down list of homeassistant dependencies (117 in total), link evaluation took 15% of the total runtime, with check_requires_python() accounting for half (7.5%) of that.

The cache can be kept pretty small as requires-python specifiers often repeat, and when they do change, it's often in chunks (or between entirely different packages). For example, setuptools has like 1500 links, but only ~30 different requires-python specifiers.

In addition, _log_skipped_link() is a hot method and unfortunately expensive as it hashes the link on every call. Fortunately, we can return early when debug logging is not enabled. In the same homeassistant run, this saves 0.7% of the runtime.

Command: python -m cProfile -o profile.pstats -m pip install -r temp/homeassistant/requirements.txt --dry-run

Before

image
image

After

image

The Link.from_json() classmethod is surprisingly expensive. I'll take a look at speeding that up next.

@ichard26 ichard26 added the type: performance Commands take too long to run label Dec 26, 2024
@ichard26
Copy link
Member Author

ichard26 commented Dec 26, 2024
edited
Loading

I noticed while writing a janky demo of installing build dependencies in-process that setuptools was still taking forever to download and install. It turns out setuptools' index page is so huge that requires-python evaluation is pretty slow, taking ~100 ms on my reasonably fast machine. (For reference, the HTTP request took ~500ms.)

Command: python -m cProfile -o profile.pstats -m pip install setuptools --ignore-installed

image

@ichard26 ichard26 changed the title perf: cache requires-python checks & skip debug logging Cache requires-python checks & skip debug logging Dec 26, 2024
@ichard26 ichard26 mentioned this pull request Dec 27, 2024
Merged
@ichard26 ichard26 added this to the 25.0 milestone Dec 31, 2024
notatallshaw
notatallshaw approved these changes Jan 11, 2025
View reviewed changes
Copy link
Member

@notatallshaw notatallshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ichard26
Copy link
Member Author

I'll give some time for Stéphane to take a look, but I'm planning to merge this by EoD tomorrow.

@ichard26
perf: cache requires-python checks & skip debug logging
695fad2 
The `requires-python` check is pretty fast, but when performed for
10000 links, the checks consume a nontrivial amount of time. For example,
while installing (pre-cached + --dry-run) a pared down list of
homeassistant dependencies (n=117), link evaluation took 15% of the total
runtime, with  check_requires_python() accounting for half (7.5%) of that.

The cache can be kept pretty small as requires-python specifiers often
repeat, and when they do change, it's often in chunks (or between
entirely different packages). For example, setuptools has like 1500
links, but only ~12 different `requires-python` specifiers.

In addition, _log_skipped_link() is a hot method and unfortunately
expensive as it hashes the link on every call. Fortunately, we can
return early when debug logging is not enabled. In the same
homeassistant run, this saves 0.7% of the runtime.
@ichard26
Copy link
Member Author

ichard26 commented Jan 12, 2025
edited
Loading

I threw an old list of homeassistants' full list of dependencies at this branch. The cache was very oversized even for this insanely large dependency set. I've knocked down the maxsize to 32 from 96, and less than 1% of all checks miss the cache.

CacheInfo(hits=86380, misses=829, maxsize=32, currsize=32)
CacheInfo(hits=85938, misses=1271, maxsize=16, currsize=16)
CacheInfo(hits=85540, misses=1669, maxsize=10, currsize=10)

@ichard26 ichard26 enabled auto-merge (squash) January 12, 2025 21:52
@ichard26 ichard26 merged commit a84a940 into pypa:main Jan 12, 2025
31 checks passed
@ichard26 ichard26 deleted the perf/links branch January 12, 2025 22:06
github-merge-queue bot pushed a commit to MeltanoLabs/target-csv that referenced this pull request Jan 27, 2025
@dependabot
ci: Bump pip from 24.3.1 to 25.0 in /.github/workflows in the ci group (
89dcc15 
#172)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot pushed a commit to aio-libs/aiohttp that referenced this pull request Jan 27, 2025
@dependabot
Bump pip from 24.3.1 to 25.0 (#10361)
b1fd346 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this pull request Jan 27, 2025
@dependabot
chore(deps): Update pip requirement from ~=24.3 to ~=25.0 in /package…
d4fc4b0 
…s/@jsii/python-runtime (#4752)

Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3...25.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this pull request Jan 27, 2025
@dependabot
chore(deps-dev): Bump pip from 24.3.1 to 25.0 in /packages/jsii-pacma…
3de0a76 
…k/test/generated-code (#4753)

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
github-merge-queue bot pushed a commit to meltano/meltano that referenced this pull request Jan 27, 2025
@dependabot
ci: bump pip from 24.3.1 to 25.0 in /.github/workflows (#9049)
3568876 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to meltano/tap-smoke-test that referenced this pull request Jan 27, 2025
@dependabot
ci: Bump pip from 24.3.1 to 25.0 in /.github/workflows in the ci group (
ddd8d49 
#225)

Bumps the ci group in /.github/workflows with 1 update:
[pip](https://github.com/pypa/pip).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@vasudev-gm vasudev-gm mentioned this pull request Jan 27, 2025
Merged
github-merge-queue bot pushed a commit to MeltanoLabs/tap-postgres that referenced this pull request Jan 27, 2025
@dependabot
build(deps): Bump the ci group in /.github/workflows with 2 updates (#…
10e622a 
…573)

Bumps the ci group in /.github/workflows with 2 updates:
[pip](https://github.com/pypa/pip) and
[tox](https://github.com/tox-dev/tox).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tox` from 4.23.2 to 4.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases">tox's
releases</a>.</em></p>
<blockquote>
<h2>4.24.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Adds ability to configure stderr output color by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p>
<h2>4.24.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>fix docs config typo by <a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li>Allow users to disable use of pre-commit-uv by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li>
<li>Pass nix-ld related variables by default in pass_env (fixes <a
href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by
<a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
in <a
href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li>Improve testenv docs consistency by <a
href="https://github.com/thatch"><code>@​thatch</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li>Display exception name when subprocesses raise them by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li>
<li>Fix the CI after setuptools 75.6 change by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li>
<li>Update pre-commit hooks with mypy fix by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li>
<li>Fix a typo in a code block in the User Guide by <a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li>Update pre-commit hooks by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li>
<li>💅 Make SVG image compatible with Firefox by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li>
<li>feat: adding a json schema command by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li><a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li><a href="https://github.com/thatch"><code>@​thatch</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li><a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li><a href="https://github.com/henryiii"><code>@​henryiii</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
changelog</a>.</em></p>
<blockquote>
<h2>v4.24.1 (2025-01-21)</h2>
<p>Misc - 4.24.1</p>
<pre><code>- :issue:`3426`
<h2>v4.24.0 (2025-01-21)</h2>
<p>Features - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Add a <code>schema</code> command to produce a JSON Schema for tox
and the current plugins.</p>
<ul>
<li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
</ul>
</li>
</ul>
<p>Bugfixes - 4.24.0</p>
<pre><code>- Log exception name when subprocess execution produces one.
<ul>
<li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
</ul>
<p>Improved Documentation - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to
<code>{:}</code>.</p>
<ul>
<li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li>
</ul>
</li>
<li>
<p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code>
variables by default in <code>pass_env</code> to make generic binaries
work under Nix/NixOS.</p>
<ul>
<li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a>
release 4.24.1</li>
<li><a
href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a>
Adds ability to configure stderr output color (<a
href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a>
release 4.24.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a>
feat: adding a json schema command (<a
href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a>
💅 Make SVG image compatible with Firefox (<a
href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a>
Bump astral-sh/setup-uv from 4 to 5 (<a
href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a>
Update pre-commit hooks (<a
href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a>
Fix a typo in a code block in the User Guide (<a
href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a>
Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a
href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to MeltanoLabs/tap-stackexchange that referenced this pull request Jan 27, 2025
@dependabot
ci: Bump the ci group in /.github/workflows with 2 updates (#504)
a6d85ce 
Bumps the ci group in /.github/workflows with 2 updates:
[pip](https://github.com/pypa/pip) and
[tox](https://github.com/tox-dev/tox).

Updates `pip` from 24.3.1 to 25.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has
long done nothing
since Python 2 support was removed in pip 21.0.
(<code>[#13154](pypa/pip#13154)
&lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code>
<code>License-Expression</code> in <code>pip show</code> if metadata
version is at least 2.4.
(<code>[#13112](pypa/pip#13112)
&lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and
<code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code>
now emit
<code>license_expression</code> and <code>license_file</code> fields in
the <code>metadata</code> object,
if the corresponding fields are present in the installed
<code>METADATA</code> file.
(<code>[#13134](pypa/pip#13134)
&lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions
of pip's cache
directory (in addition to the current user retaining read/write access).
This
enables a single cache to be shared among multiple users.
(<code>[#11012](pypa/pip#11012)
&lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on
<code>pip cache purge</code> and <code>pip cache remove</code>
(<code>[#12176](pypa/pip#12176)
&lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential
installation candidates.
(<code>[#13128](pypa/pip#13128)
&lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and
other processing.
(<code>[#13132](pypa/pip#13132)
&lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file,
relying on
UTF-8 over the locale encoding by default, matching the documented
behaviour.
(<code>[#12771](pypa/pip#12771)
&lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on
<code>EXTERNALLY-MANAGED</code> environments.
(<code>[#11820](pypa/pip#11820)
&lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute
code during
installation. (<code>[#13079](pypa/pip#13079)
&lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release
specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now
implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include
<code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use
<code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases.
(<code>[#13163](pypa/pip#13163)
&lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line
options are now respected while
installing build dependencies. Consequently, the private
<code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used.
(<code>[#5502](pypa/pip#5502)
&lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while
installing build dependencies.
(<code>[#6018](pypa/pip#6018)
&lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from
pypa/dependabot/github_actions/github-actions-...</li>
<li><a
href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from
ichard26/changelog</li>
<li><a
href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a>
Copyedit news entries before 25.0</li>
<li><a
href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a>
Reorder requirements file decoding (<a
href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a>
Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a
href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from
sbidoul/trusted-publisher-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from
befeleme/pip-show-pep639</li>
<li><a
href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a>
Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `tox` from 4.23.2 to 4.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/releases">tox's
releases</a>.</em></p>
<blockquote>
<h2>4.24.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Adds ability to configure stderr output color by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3426">tox-dev/tox#3426</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.24.0...4.24.1">https://github.com/tox-dev/tox/compare/4.24.0...4.24.1</a></p>
<h2>4.24.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>fix docs config typo by <a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li>Allow users to disable use of pre-commit-uv by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3430">tox-dev/tox#3430</a></li>
<li>Pass nix-ld related variables by default in pass_env (fixes <a
href="https://redirect.github.com/tox-dev/tox/issues/3425">#3425</a>) by
<a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
in <a
href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li>Improve testenv docs consistency by <a
href="https://github.com/thatch"><code>@​thatch</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li>Display exception name when subprocesses raise them by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3450">tox-dev/tox#3450</a></li>
<li>Fix the CI after setuptools 75.6 change by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/tox/pull/3452">tox-dev/tox#3452</a></li>
<li>Update pre-commit hooks with mypy fix by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3454">tox-dev/tox#3454</a></li>
<li>Fix a typo in a code block in the User Guide by <a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li>Update pre-commit hooks by <a
href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3460">tox-dev/tox#3460</a></li>
<li>💅 Make SVG image compatible with Firefox by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3466">tox-dev/tox#3466</a></li>
<li>feat: adding a json schema command by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/wooshaun53"><code>@​wooshaun53</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3424">tox-dev/tox#3424</a></li>
<li><a
href="https://github.com/albertodonato"><code>@​albertodonato</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3434">tox-dev/tox#3434</a></li>
<li><a href="https://github.com/thatch"><code>@​thatch</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3440">tox-dev/tox#3440</a></li>
<li><a
href="https://github.com/bryant1410"><code>@​bryant1410</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3462">tox-dev/tox#3462</a></li>
<li><a href="https://github.com/henryiii"><code>@​henryiii</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/tox/pull/3446">tox-dev/tox#3446</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.0">https://github.com/tox-dev/tox/compare/4.23.2...4.24.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/tox/blob/main/docs/changelog.rst">tox's
changelog</a>.</em></p>
<blockquote>
<h2>v4.24.1 (2025-01-21)</h2>
<p>Misc - 4.24.1</p>
<pre><code>- :issue:`3426`
<h2>v4.24.0 (2025-01-21)</h2>
<p>Features - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Add a <code>schema</code> command to produce a JSON Schema for tox
and the current plugins.</p>
<ul>
<li>by :user:<code>henryiii</code> (:issue:<code>3446</code>)</li>
</ul>
</li>
</ul>
<p>Bugfixes - 4.24.0</p>
<pre><code>- Log exception name when subprocess execution produces one.
<ul>
<li>by :user:<code>ssbarnea</code> (:issue:<code>3450</code>)</li>
</ul>
<p>Improved Documentation - 4.24.0
</code></pre></p>
<ul>
<li>
<p>Fix typo in <code>docs/config.rst</code> from <code>{}</code> to
<code>{:}</code>.</p>
<ul>
<li>by :user:<code>wooshaun53</code> (:issue:<code>3424</code>)</li>
</ul>
</li>
<li>
<p>Pass <code>NIX_LD</code> and <code>NIX_LD_LIBRARY_PATH</code>
variables by default in <code>pass_env</code> to make generic binaries
work under Nix/NixOS.</p>
<ul>
<li>by :user:<code>albertodonato</code> (:issue:<code>3425</code>)</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/tox/commit/d4276dc0b6096811547848cc9ab245920db639cb"><code>d4276dc</code></a>
release 4.24.1</li>
<li><a
href="https://github.com/tox-dev/tox/commit/ee660b96bdcf527f4706c9e406d25e1dcb54048b"><code>ee660b9</code></a>
Adds ability to configure stderr output color (<a
href="https://redirect.github.com/tox-dev/tox/issues/3426">#3426</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/eca61ed6ce1f24836b51a42496304ba42ae4a6cd"><code>eca61ed</code></a>
release 4.24.0</li>
<li><a
href="https://github.com/tox-dev/tox/commit/bbd966361b28119d9b0097e0d48299b888596828"><code>bbd9663</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/tox/issues/3464">#3464</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/825c68bf266ef466523f494a96b45fc0e943de35"><code>825c68b</code></a>
feat: adding a json schema command (<a
href="https://redirect.github.com/tox-dev/tox/issues/3446">#3446</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fccbe2a6cf4e23edeb8eb78030fdfc2fcfdd0e1d"><code>fccbe2a</code></a>
💅 Make SVG image compatible with Firefox (<a
href="https://redirect.github.com/tox-dev/tox/issues/3466">#3466</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/e3e77a6f711f0c333aea10eb2bc8794c6215c637"><code>e3e77a6</code></a>
Bump astral-sh/setup-uv from 4 to 5 (<a
href="https://redirect.github.com/tox-dev/tox/issues/3463">#3463</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c0b490d6668b0aa9c531087b23b24691bfe49f9c"><code>c0b490d</code></a>
Update pre-commit hooks (<a
href="https://redirect.github.com/tox-dev/tox/issues/3460">#3460</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/fbac0786536f682ccb5facfafa1eed6e8b5ac18e"><code>fbac078</code></a>
Fix a typo in a code block in the User Guide (<a
href="https://redirect.github.com/tox-dev/tox/issues/3462">#3462</a>)</li>
<li><a
href="https://github.com/tox-dev/tox/commit/c7f2cafff187cf4895964ad066fb3548fe42ad1a"><code>c7f2caf</code></a>
Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (<a
href="https://redirect.github.com/tox-dev/tox/issues/3459">#3459</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/tox/compare/4.23.2...4.24.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Jan 27, 2025
@dependabot @inmantaci
Bump pip from 24.3.1 to 25.0 (PR #8682)
9377313 
Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>25.0 (2025-01-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate the <code>no-python-version-warning</code> flag as it has long done nothing
since Python 2 support was removed in pip 21.0. (<code>[#13154](pypa/pip#13154) &lt;https://github.com/pypa/pip/issues/13154&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Prefer to display :pep:<code>639</code> <code>License-Expression</code> in <code>pip show</code> if metadata version is at least 2.4. (<code>[#13112](pypa/pip#13112) &lt;https://github.com/pypa/pip/issues/13112&gt;</code>_)</li>
<li>Support :pep:<code>639</code> <code>License-Expression</code> and <code>License-File</code> metadata fields in JSON
output. <code>pip inspect</code> and <code>pip install --report</code> now emit
<code>license_expression</code> and <code>license_file</code> fields in the <code>metadata</code> object,
if the corresponding fields are present in the installed <code>METADATA</code> file. (<code>[#13134](pypa/pip#13134) &lt;https://github.com/pypa/pip/issues/13134&gt;</code>_)</li>
<li>Files in the network cache will inherit the read/write permissions of pip's cache
directory (in addition to the current user retaining read/write access). This
enables a single cache to be shared among multiple users. (<code>[#11012](pypa/pip#11012) &lt;https://github.com/pypa/pip/issues/11012&gt;</code>_)</li>
<li>Return the size, along with the number, of files cleared on <code>pip cache purge</code> and <code>pip cache remove</code> (<code>[#12176](pypa/pip#12176) &lt;https://github.com/pypa/pip/issues/12176&gt;</code>_)</li>
<li>Cache <code>python-requires</code> checks while filtering potential installation candidates. (<code>[#13128](pypa/pip#13128) &lt;https://github.com/pypa/pip/issues/13128&gt;</code>_)</li>
<li>Optimize package collection by avoiding unnecessary URL parsing and other processing. (<code>[#13132](pypa/pip#13132) &lt;https://github.com/pypa/pip/issues/13132&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Reorder the encoding detection when decoding a requirements file, relying on
UTF-8 over the locale encoding by default, matching the documented behaviour.
(<code>[#12771](pypa/pip#12771) &lt;https://github.com/pypa/pip/issues/12771&gt;</code>_)</li>
<li>The pip version self check is disabled on <code>EXTERNALLY-MANAGED</code> environments. (<code>[#11820](pypa/pip#11820) &lt;https://github.com/pypa/pip/issues/11820&gt;</code>_)</li>
<li>Fix a security bug allowing a specially crafted wheel to execute code during
installation. (<code>[#13079](pypa/pip#13079) &lt;https://github.com/pypa/pip/issues/13079&gt;</code>_)</li>
<li>The inclusion of <code>packaging</code> 24.2 changes how pre-release specifiers with <code>&lt;</code> and <code>&gt;</code>
behave. Including a pre-release version with these specifiers now implies
accepting pre-releases (e.g., <code>&lt;2.0dev</code> can include <code>1.0rc1</code>). To avoid
implying pre-releases, avoid specifying them (e.g., use <code>&lt;2.0</code>).
The exception is <code>!=</code>, which never implies pre-releases. (<code>[#13163](pypa/pip#13163) &lt;https://github.com/pypa/pip/issues/13163&gt;</code>_)</li>
<li>The <code>--cert</code> and <code>--client-cert</code> command-line options are now respected while
installing build dependencies. Consequently, the private <code>_PIP_STANDALONE_CERT</code>
environment variable is no longer used. (<code>[#5502](pypa/pip#5502) &lt;https://github.com/pypa/pip/issues/5502&gt;</code>_)</li>
<li>The <code>--proxy</code> command-line option is now respected while installing build dependencies. (<code>[#6018](pypa/pip#6018) &lt;https://github.com/pypa/pip/issues/6018&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade CacheControl to 0.14.1</li>
<li>Upgrade idna to 3.10</li>
<li>Upgrade msgpack to 1.1.0</li>
<li>Upgrade packaging to 24.2</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/f47b5874299848c688336ae7c8d69534013fe2c6"><code>f47b587</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/74a7f3335338712af44be95241daf62e756f27ec"><code>74a7f33</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/a008888a5b123e8d5e4667bdd21e4b42f3fc034c"><code>a008888</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13171">#13171</a> from pypa/dependabot/github_actions/github-actions-...</li>
<li><a href="https://github.com/pypa/pip/commit/d265fb7427c3ba4dbd10e4874a0bebea2e59350e"><code>d265fb7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13174">#13174</a> from ichard26/changelog</li>
<li><a href="https://github.com/pypa/pip/commit/d35384ef91cb372a5223a01f980e5deb84c8fde5"><code>d35384e</code></a> Copyedit news entries before 25.0</li>
<li><a href="https://github.com/pypa/pip/commit/adc4f9951b51b6a06e405b8960dd0c5f030f0fb5"><code>adc4f99</code></a> Reorder requirements file decoding (<a href="https://redirect.github.com/pypa/pip/issues/12795">#12795</a>)</li>
<li><a href="https://github.com/pypa/pip/commit/40c42149a51a63e8416c047d5ddc0da1694387ea"><code>40c4214</code></a> Bump pypa/gh-action-pypi-publish in the github-actions group</li>
<li><a href="https://github.com/pypa/pip/commit/6b0fb904803fbb3ce7da63966b2759407b6cd9dc"><code>6b0fb90</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13048">#13048</a> from sbidoul/trusted-publisher-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/c7fb1e13ec79b1b48481ac245144c2b368e64f7d"><code>c7fb1e1</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13145">#13145</a> from befeleme/pip-show-pep639</li>
<li><a href="https://github.com/pypa/pip/commit/41c807c5938d269703c6ff2644fb3b7dc88eda4e"><code>41c807c</code></a> Show License-Expression if present in package metadata</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/24.3.1...25.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.3.1&new-version=25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 28, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@notatallshaw notatallshaw notatallshaw approved these changes

@sbidoul sbidoul Awaiting requested review from sbidoul

Assignees
No one assigned
Labels
bot:chronographer:provided type: performance Commands take too long to run
Projects
None yet
Milestone
25.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ichard26 @notatallshaw