Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[24.1] pip install py_find_1st fails with 24.1, whereas 24.0 does not #12781

Closed
1 task done
xmatthias opened this issue Jun 21, 2024 · 14 comments · Fixed by #12799
Closed
1 task done

[24.1] pip install py_find_1st fails with 24.1, whereas 24.0 does not #12781

xmatthias opened this issue Jun 21, 2024 · 14 comments · Fixed by #12799
Labels
kind: crash For situations where pip crashes type: bug A confirmed bug or unintended behavior

Comments

@xmatthias
Copy link

xmatthias commented Jun 21, 2024

Description

When installing a package - py_find_1st - the install is failing with pip 24.1 - but works with 24.0.

The error happens with

  File "/usr/lib/python3.12/tarfile.py", line 2725, in _find_link_target
    raise KeyError("linkname %r not found" % linkname)
KeyError: "linkname 'py_find_1st-1.1.6/README' not found"

it's unclear to me why this would work in 24.0 - but fail in 24.1.
The package uses a link from readme.md to readme - but i don't think that's disallowed?

~ tar tzvpf py_find_1st-1.1.6.tar.gz 
drwxr-xr-x roebel/staff      0 2023-10-28 18:01 py_find_1st-1.1.6/
-rw-r--r-- roebel/staff   7156 2023-10-28 17:15 py_find_1st-1.1.6/LONG_DESCR
-rw-r--r-- roebel/staff   8020 2023-10-28 18:01 py_find_1st-1.1.6/PKG-INFO
-rw-r--r-- roebel/staff   6896 2023-10-28 17:15 py_find_1st-1.1.6/README
hrw-r--r-- roebel/staff      0 2023-10-28 17:15 py_find_1st-1.1.6/README.md link to py_find_1st-1.1.6/README
-rw-r--r-- roebel/staff    159 2021-02-02 13:17 py_find_1st-1.1.6/pyproject.toml
-rw-r--r-- roebel/staff     34 2023-10-28 17:54 py_find_1st-1.1.6/requirements.txt
-rw-r--r-- roebel/staff     40 2019-06-28 23:32 py_find_1st-1.1.6/setup.cfg
-rw-r--r-- roebel/staff   6570 2023-10-28 17:54 py_find_1st-1.1.6/setup.py
drwxr-xr-x roebel/staff      0 2023-10-28 18:01 py_find_1st-1.1.6/test/
-rwxr-xr-x roebel/staff   1856 2023-10-28 17:10 py_find_1st-1.1.6/test/test_find_1st.py
drwxr-xr-x roebel/staff      0 2023-10-28 18:01 py_find_1st-1.1.6/utils_find_1st/
-rw-r--r-- roebel/staff    305 2023-10-28 18:01 py_find_1st-1.1.6/utils_find_1st/__init__.py
-rw-r--r-- roebel/staff   5475 2019-08-04 17:17 py_find_1st-1.1.6/utils_find_1st/find_1st.cpp

The changelog doesn't indicate something that would break like this ... unless i've missed that point ?

Expected behavior

Works on 24.0 and 24.1

pip version

24.1

Python version

3.12

OS

ubuntu

How to Reproduce

apt install build-essential
pip install pip==24.1
pip install py_find_1st
# Notice it failing
pip install pip==24.0
pip install py_find_1st

Output

...
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 185, in _make_candidate_from_link
    base: Optional[BaseCandidate] = self._make_base_candidate_from_link(
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 231, in _make_base_candidate_from_link
    self._link_candidate_cache[link] = LinkCandidate(
                                       ^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 303, in __init__
    super().__init__(
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 158, in __init__
    self.dist = self._prepare()
                ^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 235, in _prepare
    dist = self._prepare_distribution()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 314, in _prepare_distribution
    return preparer.prepare_linked_requirement(self._ireq, parallel_builds=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/operations/prepare.py", line 527, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/operations/prepare.py", line 598, in _prepare_linked_requirement
    local_file = unpack_url(
                 ^^^^^^^^^^^
  File "/.venv/lib/python3.12/site-packages/pip/_internal/operations/prepare.py", line 180, in unpack_url
    unpack_file(file.path, location, file.content_type)
  File "/.venv/lib/python3.12/site-packages/pip/_internal/utils/unpacking.py", line 316, in unpack_file
    untar_file(filename, location)
  File "/.venv/lib/python3.12/site-packages/pip/_internal/utils/unpacking.py", line 235, in untar_file
    tar.extractall(location, filter=pip_filter)
  File "/usr/lib/python3.12/tarfile.py", line 2269, in extractall
    self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(),
  File "/usr/lib/python3.12/tarfile.py", line 2332, in _extract_one
    self._extract_member(tarinfo, os.path.join(path, tarinfo.name),
  File "/usr/lib/python3.12/tarfile.py", line 2423, in _extract_member
    self.makelink(tarinfo, targetpath)
  File "/usr/lib/python3.12/tarfile.py", line 2521, in makelink
    self._extract_member(self._find_link_target(tarinfo),
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/tarfile.py", line 2725, in _find_link_target
    raise KeyError("linkname %r not found" % linkname)
KeyError: "linkname 'py_find_1st-1.1.6/README' not found"

Code of Conduct

@xmatthias xmatthias added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jun 21, 2024
@xmatthias xmatthias changed the title pip 24.1 fails install, whereas 24.0 does not install fails with 24.1, whereas 24.0 does not Jun 21, 2024
@ichard26
Copy link
Member

We did update our tar unpacking logic to rely more on the stdlib implementation to benefit from tarfile data filters (#12214). I don't have access to a development environment so I won't be able to debug this until later today, but for now, you can downgrade pip to 24.0.

@notatallshaw
Copy link
Member

FYI I can reproduce with python -m pip install --dry-run py_find_1st

And the exception in question hasn't recently changed: https://github.com/python/cpython/blame/v3.12.4/Lib/tarfile.py#L2725

And Python can extract the tar file:

$ wget https://files.pythonhosted.org/packages/1d/24/4b4dc8fcf9ad5e6ac8ac6c6bd4be8100f07846c7a7ce6aa9c44ee1eaa429/py_find_1st-1.1.6.tar.gz
$ python -m tarfile -e py_find_1st-1.1.6.tar.gz

So it's probably related to the filtering feature.

@henryiii
Copy link
Contributor

henryiii commented Jun 22, 2024

FWIW, python -m tarfile --filter data -e py_find_1st-1.1.6.tar.gz seems fine too. Filtering added in #12214. Ahh, but it's wrapped with "pip specific" behavior. And I don't see a test to make sure good symlinks work, just tests for rejecting bad symlinks.

@notatallshaw
Copy link
Member

notatallshaw commented Jun 22, 2024

I did a little investigation but didn't have time to post my results. The issue seems to be related to this tar file has a hard link that points from README.md to README.

I wasn't able to find another example of a real Python package that had the same problem.

It was very likely caused by #12214 if @encukou you want to take a look.

@shahidhafiz
Copy link

I had the same issue until I ran it using powershell as admin. worked first time.

@gneil90
Copy link

gneil90 commented Jun 24, 2024

getting the same on osx

@apenney
Copy link

apenney commented Jun 25, 2024

We use pandocfilters==1.4.1 and that exhibits the problem if you need a real world example of this breaking in the wild!

@pfmoore
Copy link
Member

pfmoore commented Jun 25, 2024

The pandocfilters 1.4.1 sdist seems to be broken:

image

Note that the target of README.rst is pandocfilters-1.4.1/README, which does not exist as the error message says.

The same is true of py_find_1st, which suggests that this might be a build backend bug creating an invalid sdist.

image

I don't think there's a pip issue here (even though things are reported as working in 24.0, I'd argue that's a bug in 24.0 rather than a regression).

Edit: Although on further reflection, this may depend on how a relative target for a hard link in a tar file is meant to be interpreted - as relative to the root of the tarfile, or as relative to the link. I don't know the answer to that, or even if there is a standard answer.

@pfmoore
Copy link
Member

pfmoore commented Jun 25, 2024

Ah. @henryiii pointed out here that we have a filter with pip-specific behaviour. I suspect the issue is that our filter is checking for symlinks pointing out of the tarfile, but it's using the same logic for hard links, and not taking into account the fact that symlinks are relative to the link itself, whereas hardlinks are relative to the tarfile root (as I noted above).

That sounds like a bit of a mess to sort out. @encukou as the author of that change, can you take a look?

@pradyunsg pradyunsg changed the title install fails with 24.1, whereas 24.0 does not [24.1] pip install fails with 24.1, whereas 24.0 does not Jun 25, 2024
@pradyunsg pradyunsg changed the title [24.1] pip install fails with 24.1, whereas 24.0 does not [24.1] pip install py_find_1st fails with 24.1, whereas 24.0 does not Jun 25, 2024
@encukou
Copy link
Contributor

encukou commented Jun 26, 2024

I'll look into it.

@mdhiggins
Copy link

Seeing this on an older package qtfaststart as well, though it seems to be impacted by the ---no-cache-dir parameter though this previously worked fine on 24.0

mdhiggins/sma-mod#17
mdhiggins/sickbeard_mp4_automator#1716

@Mohammad699
Copy link

I have the same issue while installing Freqtrade on Linux Mint

  Downloading py_find_1st-1.1.6.tar.gz (8.6 kB)
ERROR: Exception:
Traceback (most recent call last):
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/cli/base_command.py", line 179, in exc_logging_wrapper
    status = run_func(*args)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/cli/req_command.py", line 67, in wrapper
    return func(self, options, args)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/commands/install.py", line 377, in run
    requirement_set = resolver.resolve(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 95, in resolve
    result = self._result = resolver.resolve(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 546, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 397, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 173, in _add_to_criteria
    if not criterion.candidates:
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_vendor/resolvelib/structs.py", line 156, in __bool__
    return bool(self._sequence)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 174, in __bool__
    return any(self)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 162, in <genexpr>
    return (c for c in iterator if id(c) not in self._incompatible_ids)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 53, in _iter_built
    candidate = func()
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 185, in _make_candidate_from_link
    base: Optional[BaseCandidate] = self._make_base_candidate_from_link(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 231, in _make_base_candidate_from_link
    self._link_candidate_cache[link] = LinkCandidate(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 303, in __init__
    super().__init__(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 158, in __init__
    self.dist = self._prepare()
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 235, in _prepare
    dist = self._prepare_distribution()
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 314, in _prepare_distribution
    return preparer.prepare_linked_requirement(self._ireq, parallel_builds=True)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 527, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 598, in _prepare_linked_requirement
    local_file = unpack_url(
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 180, in unpack_url
    unpack_file(file.path, location, file.content_type)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/utils/unpacking.py", line 316, in unpack_file
    untar_file(filename, location)
  File "/home/mohammad/Downloads/freqtrade/.venv/lib/python3.10/site-packages/pip/_internal/utils/unpacking.py", line 235, in untar_file
    tar.extractall(location, filter=pip_filter)
  File "/usr/lib/python3.10/tarfile.py", line 2257, in extractall
    self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(),
  File "/usr/lib/python3.10/tarfile.py", line 2320, in _extract_one
    self._extract_member(tarinfo, os.path.join(path, tarinfo.name),
  File "/usr/lib/python3.10/tarfile.py", line 2411, in _extract_member
    self.makelink(tarinfo, targetpath)
  File "/usr/lib/python3.10/tarfile.py", line 2508, in makelink
    self._extract_member(self._find_link_target(tarinfo),
  File "/usr/lib/python3.10/tarfile.py", line 2712, in _find_link_target
    raise KeyError("linkname %r not found" % linkname)
KeyError: "linkname 'py_find_1st-1.1.6/README' not found"

@ichard26 ichard26 added kind: crash For situations where pip crashes and removed S: needs triage Issues/PRs that need to be triaged labels Jun 27, 2024
@sanikeit
Copy link

I've also encountered the same issue when trying to install the py-find-1st package. The error message I receive is:

KeyError: "linkname 'py_find_1st-1.1.6/README' not found"

The temporary workaround by downgrading pip to version 24.0, also resolved the issue for me.

@encukou
Copy link
Contributor

encukou commented Jun 27, 2024

This should be fixed by #12799.

encukou added a commit to encukou/pip that referenced this issue Jul 2, 2024
pradyunsg added a commit that referenced this issue Jul 2, 2024
untar_file: remove common leading directory before unpacking
pradyunsg added a commit to pradyunsg/pip that referenced this issue Jul 7, 2024
untar_file: remove common leading directory before unpacking
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 8, 2024
…mak/test/generated-code (#4566)

Bumps [pip](https://github.com/pypa/pip) from 24.1.1 to 24.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.1.2 (2024-07-07)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix finding hardlink targets in tar files with an ignored top-level directory. (<code>[#12781](pypa/pip#12781) &lt;https://github.com/pypa/pip/issues/12781&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/pypa/pip/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.1&new-version=24.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
edgarrmondragon pushed a commit to MeltanoLabs/tap-gohighlevel that referenced this issue Jul 8, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.1 to 24.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.1.2 (2024-07-07)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix finding hardlink targets in tar files with an ignored top-level
directory. (<code>[#12781](pypa/pip#12781)
&lt;https://github.com/pypa/pip/issues/12781&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/pypa/pip/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.1&new-version=24.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 8, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.1 to 24.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.1.2 (2024-07-07)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix finding hardlink targets in tar files with an ignored top-level directory. (<code>[#12781](pypa/pip#12781) &lt;https://github.com/pypa/pip/issues/12781&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/pypa/pip/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.1&new-version=24.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue Jul 8, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1.1 to 24.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>24.1.2 (2024-07-07)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix finding hardlink targets in tar files with an ignored top-level directory. (<code>[#12781](pypa/pip#12781) &lt;https://github.com/pypa/pip/issues/12781&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/pypa/pip/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.1&new-version=24.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Jul 15, 2024
Bumps [pip](https://github.com/pypa/pip) from 24.1 to 24.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.1.2 (2024-07-07)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix finding hardlink targets in tar files with an ignored top-level
directory. (<code>[#12781](pypa/pip#12781)
&lt;https://github.com/pypa/pip/issues/12781&gt;</code>_)</li>
</ul>
<h1>24.1.1 (2024-06-26)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Actually use system trust stores when the truststore feature is
enabled.</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade requests to 2.32.3</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/76e82a43f8fb04695e834810df64f2d9a2ff6020"><code>76e82a4</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/a56129c58be6608e000d1510341a8e9372b9b4ff"><code>a56129c</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12787">#12787</a> from
mgorny/no-isol-tests</li>
<li><a
href="https://github.com/pypa/pip/commit/41772d8e7c5a6b80a3da3355928d63ffa6ff27cf"><code>41772d8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12799">#12799</a> from
encukou/gh-12781-tar-hardlink</li>
<li><a
href="https://github.com/pypa/pip/commit/a432c7f4170b9ef798a15f035f5dfdb4cc939f35"><code>a432c7f</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/a1ae982bff01c3e625c56081b0a54e0688264cf4"><code>a1ae982</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/300ed75aa50e438c5bf84692964bd9ade81c4916"><code>300ed75</code></a>
Upgrade requests to 2.32.3 (<a
href="https://redirect.github.com/pypa/pip/issues/12784">#12784</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/5c389ec91fa178ec3897f5b9522441f4d3922662"><code>5c389ec</code></a>
Split up Windows tests relying on urlunparse behaviour (<a
href="https://redirect.github.com/pypa/pip/issues/12788">#12788</a>)</li>
<li><a
href="https://github.com/pypa/pip/commit/00c75c45b36c4b03ff052eb98a1d945910bce29f"><code>00c75c4</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12773">#12773</a> from
matthewhughes934/fix-tests-unable-to-cleanup</li>
<li><a
href="https://github.com/pypa/pip/commit/67e2a5698706751161d8af3dad1dbb8e62bc8cbb"><code>67e2a56</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12783">#12783</a> from
pfmoore/rel_doc2</li>
<li><a
href="https://github.com/pypa/pip/commit/a58c20a39dca0fe587545c899c852dcf3d218bfa"><code>a58c20a</code></a>
Minor release is the quarter number</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/24.1...24.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1&new-version=24.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
netbsd-srcmastr referenced this issue in NetBSD/pkgsrc Jul 19, 2024
24.1.2 (2024-07-07)
===================

Bug Fixes
---------

- Fix finding hardlink targets in tar files with an ignored top-level directory. (`#12781 <https://github.com/pypa/pip/issues/12781>`_)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind: crash For situations where pip crashes type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.