jazzband/pip-tools v7.5.3

on GitHub

This release has not published to PyPI yet. The pip-tools maintainers are aware and are working on resolving a release issue.

Bug fixes

• The option --unsafe-package is now normalized -- by @shifqu.

  PRs and issues: #2150

• Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by @sirosen.

  This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

  PRs and issues: #2220, #2294, #2305

• Fixed removal of temporary files used when reading requirements from stdin -- by @sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @webknjaz.

  PRs and issues: #2255

• pip-tools is now compatible with pip 26.0 -- by @sirosen.

  PRs and issues: #2319, #2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by @sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @webknjaz.

  PRs and issues: #2287, #2322

• Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by @maliktafheem.

  PRs and issues: #2307

Packaging updates and notes for downstreams

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @webknjaz.

  PRs and issues: #2255

Contributor-facing changes

• Consistency of the Markdown files is now being enforced by linting with {pypi}pymarkdownlnt -- by @webknjaz.

  PRs and issues: #2256

• The linting is now set up to perform structured GitHub Actions workflows and actions checks against json schemas -- by @webknjaz.

  PRs and issues: #2273

• The CI/CD is now set up so that the distribution build job is a part of the test pipeline. That pipeline is included in the release workflow which sources the artifact in produces. The tests must now pass for the release to be published to PyPI.

  -- by @webknjaz

  PRs and issues: #2274

• Fix actionlint hook usage to always include shellcheck integration -- by @sirosen.

  PRs and issues: #2281

• Utilities for interacting with pip have started to move into the piptools._internal._pip_api subpackage -- by @sirosen.

  PRs and issues: #2285

• The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @webknjaz.

  PRs and issues: #2287, #2322

• The linting is now set up to demand that typing is always imported as a module under the name of _t -- by @webknjaz.

  This is enforced by @sirosen's {pypi}flake8-typing-as-t plugin for {pypi}flake8.

  PRs and issues: #2289

• The {file}tox.ini and {file}.github/ parts of the repository now have project leads assigned as GitHub code owners -- by @webknjaz.

  PRs and issues: #2291

• Remove a redundant 'v' prefix from the CI release workflow job name -- by @anandvenugopal-tech.

  PRs and issues: #2300

• The check-jsonschema ReadTheDocs hook has been enabled, and the config has been tweaked to pass -- by @sirosen.