Bump for release

NEWS.rst

@@ -9,6 +9,82 @@
 
 .. towncrier release notes start
 
+21.1 (2021-04-24)
+=================
+
+Process
+-------
+
+- Start installation scheme migration from ``distutils`` to ``sysconfig``. A
+  warning is implemented to detect differences between the two implementations to
+  encourage user reports, so we can avoid breakages before they happen.
+
+Features
+--------
+
+- Add the ability for the new resolver to process URL constraints. (`#8253 <https://github.com/pypa/pip/issues/8253>`_)
+- Add a feature ``--use-feature=in-tree-build`` to build local projects in-place
+  when installing. This is expected to become the default behavior in pip 21.3;
+  see `Installing from local packages <https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_
+  for more information. (`#9091 <https://github.com/pypa/pip/issues/9091>`_)
+- Bring back the "(from versions: ...)" message, that was shown on resolution failures. (`#9139 <https://github.com/pypa/pip/issues/9139>`_)
+- Add support for editable installs for project with only setup.cfg files. (`#9547 <https://github.com/pypa/pip/issues/9547>`_)
+- Improve performance when picking the best file from indexes during ``pip install``. (`#9748 <https://github.com/pypa/pip/issues/9748>`_)
+- Warn instead of erroring out when doing a PEP 517 build in presence of
+  ``--build-option``. Warn when doing a PEP 517 build in presence of
+  ``--global-option``. (`#9774 <https://github.com/pypa/pip/issues/9774>`_)
+
+Bug Fixes
+---------
+
+- Fixed ``--target`` to work with ``--editable`` installs. (`#4390 <https://github.com/pypa/pip/issues/4390>`_)
+- Add a warning, discouraging the usage of pip as root, outside a virtual environment. (`#6409 <https://github.com/pypa/pip/issues/6409>`_)
+- Ignore ``.dist-info`` directories if the stem is not a valid Python distribution
+  name, so they don't show up in e.g. ``pip freeze``. (`#7269 <https://github.com/pypa/pip/issues/7269>`_)
+- Only query the keyring for URLs that actually trigger error 401.
+  This prevents an unnecessary keyring unlock prompt on every pip install
+  invocation (even with default index URL which is not password protected). (`#8090 <https://github.com/pypa/pip/issues/8090>`_)
+- Prevent packages already-installed alongside with pip to be injected into an
+  isolated build environment during build-time dependency population. (`#8214 <https://github.com/pypa/pip/issues/8214>`_)
+- Fix ``pip freeze`` permission denied error in order to display an understandable error message and offer solutions. (`#8418 <https://github.com/pypa/pip/issues/8418>`_)
+- Correctly uninstall script files (from setuptools' ``scripts`` argument), when installed with ``--user``. (`#8733 <https://github.com/pypa/pip/issues/8733>`_)
+- New resolver: When a requirement is requested both via a direct URL
+  (``req @ URL``) and via version specifier with extras (``req[extra]``), the
+  resolver will now be able to use the URL to correctly resolve the requirement
+  with extras. (`#8785 <https://github.com/pypa/pip/issues/8785>`_)
+- New resolver: Show relevant entries from user-supplied constraint files in the
+  error message to improve debuggability. (`#9300 <https://github.com/pypa/pip/issues/9300>`_)
+- Avoid parsing version to make the version check more robust against lousily
+  debundled downstream distributions. (`#9348 <https://github.com/pypa/pip/issues/9348>`_)
+- ``--user`` is no longer suggested incorrectly when pip fails with a permission
+  error in a virtual environment. (`#9409 <https://github.com/pypa/pip/issues/9409>`_)
+- Fix incorrect reporting on ``Requires-Python`` conflicts. (`#9541 <https://github.com/pypa/pip/issues/9541>`_)
+- Make wheel compatibility tag preferences more important than the build tag (`#9565 <https://github.com/pypa/pip/issues/9565>`_)
+- Fix pip to work with warnings converted to errors. (`#9779 <https://github.com/pypa/pip/issues/9779>`_)
+- **SECURITY**: Stop splitting on unicode separators in git references,
+  which could be maliciously used to install a different revision on the
+  repository. (`#9827 <https://github.com/pypa/pip/issues/9827>`_)
+
+Vendored Libraries
+------------------
+
+- Update urllib3 to 1.26.4 to fix CVE-2021-28363
+- Remove contextlib2.
+- Upgrade idna to 3.1
+- Upgrade pep517 to 0.10.0
+- Upgrade vendored resolvelib to 0.7.0.
+- Upgrade tenacity to 7.0.0
+
+Improved Documentation
+----------------------
+
+- Update "setuptools extras" link to match upstream. (`#4822829F-6A45-4202-87BA-A80482DF6D4E <https://github.com/pypa/pip/issues/4822829F-6A45-4202-87BA-A80482DF6D4E>`_)
+- Improve SSL Certificate Verification docs and ``--cert`` help text. (`#6720 <https://github.com/pypa/pip/issues/6720>`_)
+- Add a section in the documentation to suggest solutions to the ``pip freeze`` permission denied issue. (`#8418 <https://github.com/pypa/pip/issues/8418>`_)
+- Add warning about ``--extra-index-url`` and dependency confusion (`#9647 <https://github.com/pypa/pip/issues/9647>`_)
+- Describe ``--upgrade-strategy`` and direct requirements explicitly; add a brief
+  example. (`#9692 <https://github.com/pypa/pip/issues/9692>`_)
+
 
 21.0.1 (2021-01-30)
 ===================

news/4390.bugfix.rst

-Fixed ``--target`` to work with ``--editable`` installs.

news/4822829F-6A45-4202-87BA-A80482DF6D4E.doc.rst

-Update "setuptools extras" link to match upstream.

news/6409.bugfix.rst

-Add a warning, discouraging the usage of pip as root, outside a virtual environment.

news/6720.doc.rst

-Improve SSL Certificate Verification docs and ``--cert`` help text.

news/7269.bugfix.rst

-Ignore ``.dist-info`` directories if the stem is not a valid Python distribution
-name, so they don't show up in e.g. ``pip freeze``.

news/8090.bugfix.rst

-Only query the keyring for URLs that actually trigger error 401.
-This prevents an unnecessary keyring unlock prompt on every pip install
-invocation (even with default index URL which is not password protected).

news/8214.bugfix.rst

-Prevent packages already-installed alongside with pip to be injected into an
-isolated build environment during build-time dependency population.

news/8253.feature.rst

-Add the ability for the new resolver to process URL constraints.

news/8418.bugfix.rst

-Fix ``pip freeze`` permission denied error in order to display an understandable error message and offer solutions.

news/8418.doc.rst

-Add a section in the documentation to suggest solutions to the ``pip freeze`` permission denied issue.

news/8733.bugfix.rst

-Correctly uninstall script files (from setuptools' ``scripts`` argument), when installed with ``--user``.

news/8785.bugfix.rst

-New resolver: When a requirement is requested both via a direct URL
-(``req @ URL``) and via version specifier with extras (``req[extra]``), the
-resolver will now be able to use the URL to correctly resolve the requirement
-with extras.

news/8896.trivial.rst

-Separate the batched *download* of lazily-fetched wheel files from the preparation of regularly-downloaded requirements in ``RequirementPreparer.prepare_linked_requirements_more()``.

news/9091.feature.rst

-Add a feature ``--use-feature=in-tree-build`` to build local projects in-place
-when installing. This is expected to become the default behavior in pip 21.3;
-see `Installing from local packages <https://pip.pypa.io/en/stable/user_guide/#installing-from-local-packages>`_
-for more information.

news/9139.feature.rst

-Bring back the "(from versions: ...)" message, that was shown on resolution failures.

news/9300.bugfix.rst

-New resolver: Show relevant entries from user-supplied constraint files in the
-error message to improve debuggability.

news/9348.bugfix.rst

-Avoid parsing version to make the version check more robust against lousily
-debundled downstream distributions.

news/9409.bugfix.rst

-``--user`` is no longer suggested incorrectly when pip fails with a permission
-error in a virtual environment.

news/9541.bugfix.rst

-Fix incorrect reporting on ``Requires-Python`` conflicts.

news/9547.feature.rst

-Add support for editable installs for project with only setup.cfg files.

news/9565.bugfix.rst

-Make wheel compatibility tag preferences more important than the build tag

news/9617.process.rst

-Start installation scheme migration from ``distutils`` to ``sysconfig``. A
-warning is implemented to detect differences between the two implementations to
-encourage user reports, so we can avoid breakages before they happen.

news/9647.doc.rst

-Add warning about ``--extra-index-url`` and dependency confusion

news/9692.doc.rst

-Describe ``--upgrade-strategy`` and direct requirements explicitly; add a brief
-example.

news/9748.feature.rst

-Improve performance when picking the best file from indexes during ``pip install``.

news/9774.feature.rst

-Warn instead of erroring out when doing a PEP 517 build in presence of
-``--build-option``. Warn when doing a PEP 517 build in presence of
-``--global-option``.

news/9779.bugfix.rst

-Fix pip to work with warnings converted to errors.

news/9827.bugfix.rst

-**SECURITY**: Stop splitting on unicode separators in git references,
-which could be maliciously used to install a different revision on the
-repository.

news/CVE-2021-28363.vendor.rst

-Update urllib3 to 1.26.4 to fix CVE-2021-28363

news/contextlib2.vendor.rst

-Remove contextlib2.

news/idna.vendor.rst

-Upgrade idna to 3.1

news/pep517.vendor.rst

-Upgrade pep517 to 0.10.0

news/resolvelib.vendor.rst

-Upgrade vendored resolvelib to 0.7.0.

news/tenacity.vendor.rst

-Upgrade tenacity to 7.0.0

src/pip/__init__.py

 from typing import List, Optional
 
-__version__ = "21.1.dev0"
+__version__ = "21.1"
 
 
 def main(args=None):