Announcement: pip 22.2 release!

sbidoul · July 21, 2022, 10:35am

On behalf of the PyPA, I am pleased to announce that the pip team has just released pip 22.2!

Highlights

Query indexes using the PEP 691 JSON API. This works by sending a new Accept header, with supporting indexes responding with the new JSON format, while indexes which do not support it can continue to respond with PEP 503-compliant html.
Significantly speed up isolated build environment creation.

New experimental features

New features have been added, about which we are seeking user feedback before declaring them stable:

A new pip install --report option to obtain a detailed JSON report of what pip installed. Together with the new --dry-run option and --ignore-installed pip can now resolve requirements without installing them. This closes the oldest pip feature request!
A new pip inspect command to obtain a detailed JSON report about a Python environment, including the metadata of installed distributions.
Use the operating system’s trust store to verify SSL certificates, using the truststore library. Enable with--use-feature=truststore.

This release contains many other usability improvements, enhancements, and bugfixes. You can find the full list in our changelog.

Thanks

As with all pip releases, a significant amount of the work was contributed by pip’s user community. Huge thanks to all who have contributed, whether through code, documentation, issue reports and/or discussion. Your help keeps pip improving, and is hugely appreciated.

fungi · July 21, 2022, 8:14pm

We use Apache’s mod_proxy to cache PyPI requests from our CI system so as to be conscientious consumers of the commons, and some jobs started using pip 22.2 today. This resulted in rather hard-to-identify index retrieval errors because mod_substitute, which we use to make sure the returned indices point back to the proxy for file links, has a default limit of 1M bytes per line of content. Some indices for frequently-released projects with lots of packages like grpcio, pymongo and moto exceed that size when encoded as JSON, and because the new API returns the entire response on a single line mod_substitute refuses to process it.

Once we could find the cause, the solution was fairly straightforward (set SubstituteMaxLineLength to a larger value overriding the default), I just wanted to point this out in case anyone else experiences similar issues and is struggling to identify the root cause.

Also, >1M character lines seem like rather a lot. Should the API be chunking these up at all in order to be more convenient for proxies?

fungi · July 21, 2022, 8:32pm

I’ve also filed Line breaks to chunk up long PEP 691 resonses · Issue #11919 · pypi/warehouse · GitHub for
the feature request, should anyone wish to follow up there.

sbaack · July 22, 2022, 3:39pm

Nice! I’ve played with this and made a very simple tool to create pinned requirements using these new flags: GitHub - sbaack/iso-freeze: Pin requirements using new `pip install --report`

sethmlarson · July 22, 2022, 8:56pm

Excited to see --use-feature=truststore ship with pip 22.2! Looking forward to seeing how truststore fares in the wild west of “other people’s computers”

sbidoul · July 27, 2022, 5:47pm

I just released 22.2.1 with a couple of bug fixes.

https://pip.pypa.io/en/stable/news/#v22-2-1

sbidoul · August 3, 2022, 7:07pm

And 22.2.2 is out with 3 more bug fixes.

https://pip.pypa.io/en/stable/news/#v22-2-2