Add support for --pip-version 25.3. (#2968)

Author: jsirois

.github/workflows/ci.yml

@@ -89,8 +89,8 @@ jobs:
           # Unit tests:
           # -----------
           - test-cmd: test-py27-pip20.3.4--patched
-          - test-cmd: test-py314-pip25.2
-          - test-cmd: test-py315-pip25.2
+          - test-cmd: test-py314-pip25.3
+          - test-cmd: test-py315-pip25.3
           - test-cmd: test-pypy311-pip24.3.1
 
           # Integration tests, split most into two shards:
@@ -104,14 +104,14 @@ jobs:
           - test-cmd: test-py38-pip22.3.1-integration
             pex-test-pos-args: --shard 2/2
 
-          - test-cmd: test-py314-pip25.2-integration
+          - test-cmd: test-py314-pip25.3-integration
             pex-test-pos-args: --shard 1/2
-          - test-cmd: test-py314-pip25.2-integration
+          - test-cmd: test-py314-pip25.3-integration
             pex-test-pos-args: --shard 2/2
 
-          - test-cmd: test-py315-pip25.2-integration
+          - test-cmd: test-py315-pip25.3-integration
             pex-test-pos-args: --shard 1/2
-          - test-cmd: test-py315-pip25.2-integration
+          - test-cmd: test-py315-pip25.3-integration
             pex-test-pos-args: --shard 2/2
 
           # PyPy is slow enough to require extra sharding.
@@ -162,12 +162,12 @@ jobs:
       matrix:
         include:
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2
+            test-cmd: test-py314-pip25.3
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2-integration
+            test-cmd: test-py314-pip25.3-integration
             pex-test-pos-args: --shard 1/2
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2-integration
+            test-cmd: test-py314-pip25.3-integration
             pex-test-pos-args: --shard 2/2
     steps:
       - name: Checkout Pex
@@ -253,19 +253,19 @@ jobs:
           - python-version: "3.11"
             test-cmd: typecheck package docs
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2
+            test-cmd: test-py314-pip25.3
             artifact-name: unit
             pex-test-pos-args: --junit-report ../dist/test-results/unit.xml
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2-integration
+            test-cmd: test-py314-pip25.3-integration
             artifact-name: integration-1
             pex-test-pos-args: --shard 1/3 --junit-report ../dist/test-results/integration-1.xml
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2-integration
+            test-cmd: test-py314-pip25.3-integration
             artifact-name: integration-2
             pex-test-pos-args: --shard 2/3 --junit-report ../dist/test-results/integration-2.xml
           - python-version: "3.14"
-            test-cmd: test-py314-pip25.2-integration
+            test-cmd: test-py314-pip25.3-integration
             artifact-name: integration-3
             pex-test-pos-args: --shard 3/3 --junit-report ../dist/test-results/integration-3.xml
     steps:

CHANGES.md

@@ -1,5 +1,11 @@
 # Release Notes
 
+## 2.66.0
+
+This release adds support for `--pip-version 25.3`.
+
+* Add support for `--pip-version 25.3`. (#2968)
+
 ## 2.65.0
 
 This release adds support for PEX scies using CPython free-threaded builds. Most such scies should

pex/hashing.py

@@ -290,12 +290,16 @@ def zip_hash(
                 dirs.add(dirname)
                 dirname = os.path.dirname(dirname)
 
-        accept_dirs = frozenset(d for d in dirs if dir_filter(d))
+        accept_dirs = frozenset(
+            d for d in dirs if dir_filter(os.path.relpath(d, relpath) if relpath else d)
+        )
         reject_dirs = tuple("{dir}/".format(dir=path) for path in (dirs - accept_dirs))
         accept_files = sorted(
             name
             for name in namelist
-            if not name.endswith("/") and not name.startswith(reject_dirs) and file_filter(name)
+            if not name.endswith("/")
+            and not name.startswith(reject_dirs)
+            and file_filter(os.path.relpath(name, relpath) if relpath else name)
         )
 
         hashed_names = (

pex/pip/tool.py

@@ -552,8 +552,7 @@ def _spawn_pip_isolated_job(
         )
         return Job(command=command, process=process, finalizer=finalizer, context="pip")
 
-    @staticmethod
-    def _iter_build_configuration_options(build_configuration):
+    def _iter_build_configuration_options(self, build_configuration):
         # type: (BuildConfiguration) -> Iterator[str]
 
         # N.B.: BuildConfiguration maintains invariants that ensure --only-binary, --no-binary,
@@ -576,7 +575,8 @@ def _iter_build_configuration_options(build_configuration):
         if build_configuration.prefer_older_binary:
             yield "--prefer-binary"
 
-        if build_configuration.use_pep517 is not None:
+        # N.B.: In 25.3 `--use-pep517` became the default and only option.
+        if build_configuration.use_pep517 is not None and self.version < PipVersion.v25_3:
             yield "--use-pep517" if build_configuration.use_pep517 else "--no-use-pep517"
 
         if not build_configuration.build_isolation:

pex/pip/vcs.py

@@ -24,11 +24,16 @@
     from pex.hashing import HintedDigest
 
 
+def _project_name_re(project_name):
+    # type: (ProjectName) -> str
+    return project_name.normalized.replace("-", "[-_.]+")
+
+
 def _built_source_dist_pattern(project_name):
     # type: (ProjectName) -> Pattern
     return re.compile(
-        r"(?P<project_name>{project_name})-(?P<version>.+)\.zip".format(
-            project_name=project_name.normalized.replace("-", "[-_.]+")
+        r"(?P<project_name>{project_name_re})-(?P<version>.+)\.zip".format(
+            project_name_re=_project_name_re(project_name)
         ),
         re.IGNORECASE,
     )
@@ -78,8 +83,11 @@ def fingerprint_downloaded_vcs_archive(
     return Fingerprint.from_digest(digest), archive_path
 
 
-def _vcs_dir_filter(vcs):
-    # type: (VCS.Value) -> Callable[[Text], bool]
+def _vcs_dir_filter(
+    vcs,  # type: VCS.Value
+    project_name,  # type: ProjectName
+):
+    # type: (...) -> Callable[[Text], bool]
 
     # Ignore VCS control directories for the purposes of fingerprinting the version controlled
     # source tree. VCS control directories can contain non-reproducible content (Git at least
@@ -92,10 +100,27 @@ def _vcs_dir_filter(vcs):
     # hashes the same.
     vcs_control_dir = ".{vcs}".format(vcs=vcs)
 
-    return lambda dir_path: (
-        not is_pyc_dir(dir_path) and os.path.basename(dir_path) != vcs_control_dir
+    # N.B.: If the VCS project uses setuptools as its build backend, depending on the version of
+    # Pip used, the VCS checkout can have a `<project name>.egg-info/` directory littering its root
+    # left over from Pip generating project metadata to determine version and dependencies. No other
+    # well known build-backend has this problem at this time (checked hatchling, poetry-core,
+    # pdm-backend and uv_build).
+    # C.F.: https://github.com/pypa/pip/pull/13602
+    egg_info_dir_re = re.compile(
+        r"^{project_name_re}\.egg-info$".format(project_name_re=_project_name_re(project_name)),
+        re.IGNORECASE,
     )
 
+    def vcs_dir_filter(dir_path):
+        # type: (Text) -> bool
+        if is_pyc_dir(dir_path):
+            return False
+
+        base_dir_name = dir_path.split(os.sep)[0]
+        return base_dir_name != vcs_control_dir and not egg_info_dir_re.match(base_dir_name)
+
+    return vcs_dir_filter
+
 
 def _vcs_file_filter(vcs):
     # type: (VCS.Value) -> Callable[[Text], bool]
@@ -132,12 +157,13 @@ def digest_vcs_archive(
         zip_path=archive_path,
         digest=digest,
         relpath=top_dir,
-        dir_filter=_vcs_dir_filter(vcs),
+        dir_filter=_vcs_dir_filter(vcs, project_name),
         file_filter=_vcs_file_filter(vcs),
     )
 
 
 def digest_vcs_repo(
+    project_name,  # type: ProjectName
     repo_path,  # type: str
     vcs,  # type: VCS.Value
     digest,  # type: HintedDigest
@@ -148,6 +174,6 @@ def digest_vcs_repo(
     hashing.dir_hash(
         directory=os.path.join(repo_path, subdirectory) if subdirectory else repo_path,
         digest=digest,
-        dir_filter=_vcs_dir_filter(vcs),
+        dir_filter=_vcs_dir_filter(vcs, project_name),
         file_filter=_vcs_file_filter(vcs),
     )

pex/pip/version.py

@@ -369,6 +369,13 @@ def latest_compatible(cls, target=None):
         requires_python=">=3.9,<3.16",
     )
 
+    v25_3 = PipVersionValue(
+        version="25.3",
+        setuptools_version="80.9.0",
+        wheel_version="0.45.1",
+        requires_python=">=3.9,<3.16",
+    )
+
     VENDORED = v20_3_4_patched
     LATEST = LatestPipVersion()
     LATEST_COMPATIBLE = LatestCompatiblePipVersion()

pex/resolve/locker.py

@@ -291,6 +291,16 @@ def _extract_resolve_data(artifact_url):
     def _maybe_record_wheel(self, url):
         # type: (str) -> ArtifactURL
         artifact_url = self.parse_url_and_maybe_record_fingerprint(url)
+
+        # N.B.: Lock resolves driven by `pip install --dry-run --report` will only consult PEP-658
+        # `.whl.metadata` side-car files in the happy path; so we must use these as a proxy for the
+        # `.whl` file they are paired with.
+        # See: https://peps.python.org/pep-0658/
+        if not self._lock_is_via_pip_download and artifact_url.url_info.path.endswith(".metadata"):
+            artifact_url = ArtifactURL.from_url_info(
+                artifact_url.url_info._replace(path=artifact_url.url_info.path[:-9])
+            )
+
         if artifact_url.is_wheel:
             pin, partial_artifact = self._extract_resolve_data(artifact_url)
 
@@ -445,6 +455,7 @@ def analyze(self, line):
                 if isinstance(artifact_url.scheme, VCSScheme):
                     digest = Sha256()
                     digest_vcs_repo(
+                        project_name=build_result.pin.project_name,
                         repo_path=build_result.path,
                         vcs=artifact_url.scheme.vcs,
                         digest=digest,

pex/version.py

@@ -1,4 +1,4 @@
 # Copyright 2015 Pex project contributors.
 # Licensed under the Apache License, Version 2.0 (see LICENSE).
 
-__version__ = "2.65.0"
+__version__ = "2.66.0"

tests/integration/cli/commands/test_lock.py

@@ -914,24 +914,38 @@ def test_update_targeted_impossible(
             "pip: ERROR: No matching distribution found for urllib3<1.27,>=1.21.1",
         ]
     else:
-        expected_lines = [
-            "pip: ERROR: Cannot install requests==2.26.0 because these package versions have "
-            "conflicting dependencies.",
-            "pip: ERROR: ResolutionImpossible: for help visit "
-            "https://pip.pypa.io/en/latest/topics/dependency-resolution/"
-            "#dealing-with-dependency-conflicts",
-            "pip:  ",
-            "pip:  The conflict is caused by:",
-            "pip:      requests 2.26.0 depends on urllib3<1.27 and >=1.21.1",
-            "pip:      The user requested (constraint) urllib3<1.16",
-            "pip:  ",
-            "pip:  To fix this you could try to:",
-            "pip:  1. loosen the range of package versions you've specified",
-            "pip:  2. remove package versions to allow {pip_to} attempt to solve the dependency "
-            "conflict".format(
-                pip_to="pip" if pip_version.version < PipVersion.v24_1.version else "pip to"
-            ),
-        ]
+        expected_lines = (
+            [
+                "pip: ERROR: Cannot install requests==2.26.0 because these package versions have "
+                "conflicting dependencies.",
+                "pip: ERROR: ResolutionImpossible: for help visit "
+                "https://pip.pypa.io/en/latest/topics/dependency-resolution/"
+                "#dealing-with-dependency-conflicts",
+                "pip:  ",
+                "pip:  The conflict is caused by:",
+                "pip:      requests 2.26.0 depends on urllib3<1.27 and >=1.21.1",
+                "pip:      The user requested (constraint) urllib3<1.16",
+                "pip:  ",
+            ]
+            + (
+                [
+                    "pip:  Additionally, some packages in these conflicts have no matching "
+                    "distributions available for your environment:",
+                    "pip:      urllib3",
+                    "pip:  ",
+                ]
+                if pip_version >= PipVersion.v25_3
+                else []
+            )
+            + [
+                "pip:  To fix this you could try to:",
+                "pip:  1. loosen the range of package versions you've specified",
+                "pip:  2. remove package versions to allow {pip_to} attempt to solve the "
+                "dependency conflict".format(
+                    pip_to="pip" if pip_version.version < PipVersion.v24_1.version else "pip to"
+                ),
+            ]
+        )
     assert expected_lines == error_lines[12:], "\n".join(
         difflib.unified_diff(expected_lines, error_lines[12:])
     )
@@ -1013,25 +1027,39 @@ def test_update_add_impossible(
             "pip: ERROR: No matching distribution found for certifi<2017.4.17",
         ]
     else:
-        expected_lines = [
-            "pip: ERROR: Cannot install conflicting-certifi-requirement==1.2.3 and "
-            "requests==2.26.0 because these package versions have conflicting dependencies.",
-            "pip: ERROR: ResolutionImpossible: for help visit "
-            "https://pip.pypa.io/en/latest/topics/dependency-resolution/"
-            "#dealing-with-dependency-conflicts",
-            "pip:  ",
-            "pip:  The conflict is caused by:",
-            "pip:      requests 2.26.0 depends on certifi>=2017.4.17",
-            "pip:      conflicting-certifi-requirement 1.2.3 depends on certifi<2017.4.17",
-            "pip:      The user requested (constraint) certifi==2021.5.30",
-            "pip:  ",
-            "pip:  To fix this you could try to:",
-            "pip:  1. loosen the range of package versions you've specified",
-            "pip:  2. remove package versions to allow {pip_to} attempt to solve the dependency "
-            "conflict".format(
-                pip_to="pip" if pip_version.version < PipVersion.v24_1.version else "pip to"
-            ),
-        ]
+        expected_lines = (
+            [
+                "pip: ERROR: Cannot install conflicting-certifi-requirement==1.2.3 and "
+                "requests==2.26.0 because these package versions have conflicting dependencies.",
+                "pip: ERROR: ResolutionImpossible: for help visit "
+                "https://pip.pypa.io/en/latest/topics/dependency-resolution/"
+                "#dealing-with-dependency-conflicts",
+                "pip:  ",
+                "pip:  The conflict is caused by:",
+                "pip:      requests 2.26.0 depends on certifi>=2017.4.17",
+                "pip:      conflicting-certifi-requirement 1.2.3 depends on certifi<2017.4.17",
+                "pip:      The user requested (constraint) certifi==2021.5.30",
+                "pip:  ",
+            ]
+            + (
+                [
+                    "pip:  Additionally, some packages in these conflicts have no matching "
+                    "distributions available for your environment:",
+                    "pip:      certifi",
+                    "pip:  ",
+                ]
+                if pip_version >= PipVersion.v25_3
+                else []
+            )
+            + [
+                "pip:  To fix this you could try to:",
+                "pip:  1. loosen the range of package versions you've specified",
+                "pip:  2. remove package versions to allow {pip_to} attempt to solve the "
+                "dependency conflict".format(
+                    pip_to="pip" if pip_version.version < PipVersion.v24_1.version else "pip to"
+                ),
+            ]
+        )
     assert expected_lines == error_lines[13:], "\n".join(
         difflib.unified_diff(expected_lines, error_lines[12:])
     )