This is a tox plugin that preinstalls a specific version of pip in each tox environment.
pip install tox-pip-version
This works around the default behavior of tox/virtualenv that always installs
the latest version pip. It is an improvment over the VIRTUALENV_NO_DOWNLOAD=1
option that does not install the latest version, but could result in usage of
an outdated version of pip.
Recommendation: Do not pin the pip version long term. You get more stable repeatable builds, but at the cost of using an outdated (possibly vulnerable) package. This should be used as a temporary fix for breakages in upstream pip, or in conjunction with a regular process to update the version pin.
Note: This relies on an unstable tox plugin interface. You may experience breakage with new tox versions. If you do, please feel free to report the issue on Github.
Install the package and include pip_version in your tox.ini
[testenv]
pip_version = pip==19.0.1
Or, set the TOX_PIP_VERSION environment variable,
export TOX_PIP_VERSION=18.1
tox
The plugin will install that version of pip into the tox-created virtualenv, just after tox creates the virtualenv, but before dependencies are installed.
The pip_version within tox.ini, if present, is always used over the
environment variable.
If neither pip_version or TOX_PIP_VERSION is present, the plugin does
nothing.
Version sets/ranges are supported, enabling installation of a version of pip matching a set of specifiers. There are two basic formats: a plain version number, or the package name with optional PEP440-compatible version specifiers.
| tox.ini | effective pip command |
|---|---|
pip_version = 19.0 | pip install -U pip==19.0 |
pip_version = pip==19.0 | pip install -U pip==19.0 |
pip_version = pip>=19.0 | pip install -U pip>=19.0 |
pip_version = pip!=19,>18 | pip install -U pip!=19,>18 |
pip_version = pip | pip install -U pip |
Use make test to run the tests, which includes linting and functional tests.
Each of the tests/* directories is a "feature" that needs testing. Each
feature sub-directory contains a tox.ini file that sets pip version in a
particular way, and then uses a tox command to check the correct pip version
was installed.
FAQs
Select PIP version to use with tox
We found that tox-pip-version demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.