From e81f48e33da24fe70237976a27148e90b08ffee3 Mon Sep 17 00:00:00 2001 From: Tzu-ping Chung Date: Mon, 20 May 2024 15:50:39 -0400 Subject: [PATCH 01/25] Implement --upload-before --- pyproject.toml | 2 +- src/pip/_internal/cli/cmdoptions.py | 29 +++++++++++++++++++++++ src/pip/_internal/cli/req_command.py | 4 ++-- src/pip/_internal/commands/download.py | 2 ++ src/pip/_internal/commands/index.py | 8 ++++--- src/pip/_internal/commands/install.py | 2 ++ src/pip/_internal/commands/list.py | 6 +++-- src/pip/_internal/commands/wheel.py | 7 +++++- src/pip/_internal/index/package_finder.py | 29 ++++++++++++++++------- src/pip/_internal/models/link.py | 23 +++++++++++++----- 10 files changed, 89 insertions(+), 23 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 813300c26de..79f12384bb1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -268,7 +268,7 @@ max-complexity = 33 # default is 10 [tool.ruff.lint.pylint] max-args = 15 # default is 5 max-branches = 28 # default is 12 -max-returns = 13 # default is 6 +max-returns = 14 # default is 6 max-statements = 134 # default is 50 [tool.ruff.per-file-target-version] diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index b22d85da4ec..8375fe41ed6 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -11,6 +11,7 @@ # mypy: strict-optional=False from __future__ import annotations +import datetime import importlib.util import logging import os @@ -834,6 +835,34 @@ def _handle_dependency_group( help="Ignore the Requires-Python information.", ) + +def _handle_upload_before( + option: Option, opt: str, value: str, parser: OptionParser +) -> None: + """ + Process a value provided for the --upload-before option. + + This is an optparse.Option callback for the --upload-before option. + """ + if value is None: + return None + upload_before = datetime.datetime.fromisoformat(value) + # Assume local timezone if no offset is given in the ISO string. + if upload_before.tzinfo is None: + upload_before = upload_before.astimezone() + parser.values.upload_before = upload_before + + +upload_before: Callable[..., Option] = partial( + Option, + "--upload-before", + dest="upload_before", + metavar="datetime", + action="callback", + callback=_handle_upload_before, + help="Skip uploads after given time. This should be an ISO 8601 string.", +) + no_build_isolation: Callable[..., Option] = partial( Option, "--no-build-isolation", diff --git a/src/pip/_internal/cli/req_command.py b/src/pip/_internal/cli/req_command.py index 640ac9fb908..83aa07c272b 100644 --- a/src/pip/_internal/cli/req_command.py +++ b/src/pip/_internal/cli/req_command.py @@ -5,8 +5,6 @@ PackageFinder machinery and all its vendored dependencies, etc. """ -from __future__ import annotations - import logging import os from functools import partial @@ -351,6 +349,7 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, + upload_before: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to this requirement command. @@ -371,4 +370,5 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, + upload_before=upload_before, ) diff --git a/src/pip/_internal/commands/download.py b/src/pip/_internal/commands/download.py index 595774892af..2139c8339f2 100644 --- a/src/pip/_internal/commands/download.py +++ b/src/pip/_internal/commands/download.py @@ -52,6 +52,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.no_use_pep517()) self.cmd_opts.add_option(cmdoptions.check_build_deps()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) + self.cmd_opts.add_option(cmdoptions.upload_before()) self.cmd_opts.add_option( "-d", @@ -95,6 +96,7 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, + upload_before=options.upload_before, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/index.py b/src/pip/_internal/commands/index.py index ecac99888db..2e94eab4184 100644 --- a/src/pip/_internal/commands/index.py +++ b/src/pip/_internal/commands/index.py @@ -1,6 +1,4 @@ -from __future__ import annotations - -import json +import datetime import logging from collections.abc import Iterable from optparse import Values @@ -40,6 +38,7 @@ def add_options(self) -> None: cmdoptions.add_target_python_options(self.cmd_opts) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) + self.cmd_opts.add_option(cmdoptions.upload_before()) self.cmd_opts.add_option(cmdoptions.pre()) self.cmd_opts.add_option(cmdoptions.json()) self.cmd_opts.add_option(cmdoptions.no_binary()) @@ -86,6 +85,7 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, + upload_before: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to the index command. @@ -103,6 +103,7 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, + upload_before=upload_before, ) def get_available_package_versions(self, options: Values, args: list[Any]) -> None: @@ -118,6 +119,7 @@ def get_available_package_versions(self, options: Values, args: list[Any]) -> No session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, + upload_before=options.upload_before, ) versions: Iterable[Version] = ( diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py index 8a9e914a613..c1c410bef57 100644 --- a/src/pip/_internal/commands/install.py +++ b/src/pip/_internal/commands/install.py @@ -208,6 +208,7 @@ def add_options(self) -> None: ), ) + self.cmd_opts.add_option(cmdoptions.upload_before()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) self.cmd_opts.add_option(cmdoptions.no_build_isolation()) self.cmd_opts.add_option(cmdoptions.use_pep517()) @@ -346,6 +347,7 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, + upload_before=options.upload_before, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/list.py b/src/pip/_internal/commands/list.py index ad27e45ce93..8f1da2b0c84 100644 --- a/src/pip/_internal/commands/list.py +++ b/src/pip/_internal/commands/list.py @@ -143,8 +143,10 @@ def handle_pip_version_check(self, options: Values) -> None: super().handle_pip_version_check(options) def _build_package_finder( - self, options: Values, session: PipSession - ) -> PackageFinder: + self, + options: Values, + session: "PipSession", + ) -> "PackageFinder": """ Create a package finder appropriate to this list command. """ diff --git a/src/pip/_internal/commands/wheel.py b/src/pip/_internal/commands/wheel.py index 928019bf3c2..2a53333fa3b 100644 --- a/src/pip/_internal/commands/wheel.py +++ b/src/pip/_internal/commands/wheel.py @@ -65,6 +65,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.requirements()) self.cmd_opts.add_option(cmdoptions.src()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) + self.cmd_opts.add_option(cmdoptions.upload_before()) self.cmd_opts.add_option(cmdoptions.no_deps()) self.cmd_opts.add_option(cmdoptions.progress_bar()) @@ -106,7 +107,11 @@ def run(self, options: Values, args: list[str]) -> int: session = self.get_default_session(options) - finder = self._build_package_finder(options, session) + finder = self._build_package_finder( + options=options, + session=session, + upload_before=options.upload_before, + ) options.wheel_dir = normalize_path(options.wheel_dir) ensure_dir(options.wheel_dir) diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index ae6f8962f6f..104bec8eee6 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -1,7 +1,5 @@ """Routines related to PyPI, indexes""" -from __future__ import annotations - import enum import functools import itertools @@ -111,6 +109,7 @@ class LinkType(enum.Enum): format_invalid = enum.auto() platform_mismatch = enum.auto() requires_python_mismatch = enum.auto() + upload_too_late = enum.auto() class LinkEvaluator: @@ -131,7 +130,8 @@ def __init__( formats: frozenset[str], target_python: TargetPython, allow_yanked: bool, - ignore_requires_python: bool | None = None, + ignore_requires_python: Optional[bool] = None, + upload_before: Optional[datetime.datetime] = None, ) -> None: """ :param project_name: The user supplied package name. @@ -149,6 +149,7 @@ def __init__( :param ignore_requires_python: Whether to ignore incompatible PEP 503 "data-requires-python" values in HTML links. Defaults to False. + :param upload_before: If set, only allow links prior to the given date. """ if ignore_requires_python is None: ignore_requires_python = False @@ -158,6 +159,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._formats = formats self._target_python = target_python + self._upload_before = upload_before self.project_name = project_name @@ -176,6 +178,11 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: reason = link.yanked_reason or "" return (LinkType.yanked, f"yanked for reason: {reason}") + if link.upload_time is not None and self._upload_before is not None: + if link.upload_time > self._upload_before: + reason = f"Upload time {link.upload_time} after {self._upload_before}" + return (LinkType.upload_too_late, reason) + if link.egg_fragment: egg_info = link.egg_fragment ext = link.ext @@ -590,9 +597,10 @@ def __init__( link_collector: LinkCollector, target_python: TargetPython, allow_yanked: bool, - format_control: FormatControl | None = None, - candidate_prefs: CandidatePreferences | None = None, - ignore_requires_python: bool | None = None, + format_control: Optional[FormatControl] = None, + candidate_prefs: Optional[CandidatePreferences] = None, + ignore_requires_python: Optional[bool] = None, + upload_before: Optional[datetime.datetime] = None, ) -> None: """ This constructor is primarily meant to be used by the create() class @@ -614,6 +622,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._link_collector = link_collector self._target_python = target_python + self._upload_before = upload_before self.format_control = format_control @@ -636,8 +645,9 @@ def create( cls, link_collector: LinkCollector, selection_prefs: SelectionPreferences, - target_python: TargetPython | None = None, - ) -> PackageFinder: + target_python: Optional[TargetPython] = None, + upload_before: Optional[datetime.datetime] = None, + ) -> "PackageFinder": """Create a PackageFinder. :param selection_prefs: The candidate selection preferences, as a @@ -645,6 +655,7 @@ def create( :param target_python: The target Python interpreter to use when checking compatibility. If None (the default), a TargetPython object will be constructed from the running Python. + :param upload_before: If set, only find links prior to the given date. """ if target_python is None: target_python = TargetPython() @@ -661,6 +672,7 @@ def create( allow_yanked=selection_prefs.allow_yanked, format_control=selection_prefs.format_control, ignore_requires_python=selection_prefs.ignore_requires_python, + upload_before=upload_before, ) @property @@ -739,6 +751,7 @@ def make_link_evaluator(self, project_name: str) -> LinkEvaluator: target_python=self._target_python, allow_yanked=self._allow_yanked, ignore_requires_python=self._ignore_requires_python, + upload_before=self._upload_before, ) def _sort_links(self, links: Iterable[Link]) -> list[Link]: diff --git a/src/pip/_internal/models/link.py b/src/pip/_internal/models/link.py index 2e2c0f836ac..6cf732dff1f 100644 --- a/src/pip/_internal/models/link.py +++ b/src/pip/_internal/models/link.py @@ -1,5 +1,4 @@ -from __future__ import annotations - +import datetime import functools import itertools import logging @@ -207,6 +206,7 @@ class Link: "requires_python", "yanked_reason", "metadata_file_data", + "upload_time", "cache_link_parsing", "egg_fragment", ] @@ -214,10 +214,11 @@ class Link: def __init__( self, url: str, - comes_from: str | IndexContent | None = None, - requires_python: str | None = None, - yanked_reason: str | None = None, - metadata_file_data: MetadataFile | None = None, + comes_from: Optional[Union[str, "IndexContent"]] = None, + requires_python: Optional[str] = None, + yanked_reason: Optional[str] = None, + metadata_file_data: Optional[MetadataFile] = None, + upload_time: Optional[datetime.datetime] = None, cache_link_parsing: bool = True, hashes: Mapping[str, str] | None = None, ) -> None: @@ -239,6 +240,8 @@ def __init__( no such metadata is provided. This argument, if not None, indicates that a separate metadata file exists, and also optionally supplies hashes for that file. + :param upload_time: upload time of the file, or None if the information + is not available from the server. :param cache_link_parsing: A flag that is used elsewhere to determine whether resources retrieved from this link should be cached. PyPI URLs should generally have this set to False, for example. @@ -272,6 +275,7 @@ def __init__( self.requires_python = requires_python if requires_python else None self.yanked_reason = yanked_reason self.metadata_file_data = metadata_file_data + self.upload_time = upload_time self.cache_link_parsing = cache_link_parsing self.egg_fragment = self._egg_fragment() @@ -300,6 +304,12 @@ def from_json( if metadata_info is None: metadata_info = file_data.get("dist-info-metadata") + upload_time: Optional[datetime.datetime] + if upload_time_data := file_data.get("upload-time"): + upload_time = datetime.datetime.fromisoformat(upload_time_data) + else: + upload_time = None + # The metadata info value may be a boolean, or a dict of hashes. if isinstance(metadata_info, dict): # The file exists, and hashes have been supplied @@ -325,6 +335,7 @@ def from_json( yanked_reason=yanked_reason, hashes=hashes, metadata_file_data=metadata_file_data, + upload_time=upload_time, ) @classmethod From 685c472966e6914b0d1cc7c9e4816e2921200e0b Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:08:00 -0400 Subject: [PATCH 02/25] Fix merge errors and rename to "exclude-newer-than" --- src/pip/_internal/cli/cmdoptions.py | 25 +++++++++++----------- src/pip/_internal/cli/req_command.py | 7 ++++-- src/pip/_internal/commands/download.py | 4 ++-- src/pip/_internal/commands/index.py | 11 ++++++---- src/pip/_internal/commands/install.py | 4 ++-- src/pip/_internal/commands/list.py | 4 ++-- src/pip/_internal/commands/wheel.py | 4 ++-- src/pip/_internal/index/package_finder.py | 26 ++++++++++++----------- src/pip/_internal/models/link.py | 2 ++ 9 files changed, 49 insertions(+), 38 deletions(-) diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index 8375fe41ed6..c1aeecb495e 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -836,31 +836,32 @@ def _handle_dependency_group( ) -def _handle_upload_before( +def _handle_exclude_newer_than( option: Option, opt: str, value: str, parser: OptionParser ) -> None: """ - Process a value provided for the --upload-before option. + Process a value provided for the --exclude-newer-than option. - This is an optparse.Option callback for the --upload-before option. + This is an optparse.Option callback for the --exclude-newer-than option. """ if value is None: return None - upload_before = datetime.datetime.fromisoformat(value) + exclude_newer_than = datetime.datetime.fromisoformat(value) # Assume local timezone if no offset is given in the ISO string. - if upload_before.tzinfo is None: - upload_before = upload_before.astimezone() - parser.values.upload_before = upload_before + if exclude_newer_than.tzinfo is None: + exclude_newer_than = exclude_newer_than.astimezone() + parser.values.exclude_newer_than = exclude_newer_than -upload_before: Callable[..., Option] = partial( +exclude_newer_than: Callable[..., Option] = partial( Option, - "--upload-before", - dest="upload_before", + "--exclude-newer-than", + dest="exclude_newer_than", metavar="datetime", action="callback", - callback=_handle_upload_before, - help="Skip uploads after given time. This should be an ISO 8601 string.", + callback=_handle_exclude_newer_than, + type="str", + help="Exclude packages newer than given time. This should be an ISO 8601 string.", ) no_build_isolation: Callable[..., Option] = partial( diff --git a/src/pip/_internal/cli/req_command.py b/src/pip/_internal/cli/req_command.py index 83aa07c272b..794524eab1f 100644 --- a/src/pip/_internal/cli/req_command.py +++ b/src/pip/_internal/cli/req_command.py @@ -5,6 +5,9 @@ PackageFinder machinery and all its vendored dependencies, etc. """ +from __future__ import annotations + +import datetime import logging import os from functools import partial @@ -349,7 +352,7 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, - upload_before: datetime.datetime | None = None, + exclude_newer_than: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to this requirement command. @@ -370,5 +373,5 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - upload_before=upload_before, + exclude_newer_than=exclude_newer_than, ) diff --git a/src/pip/_internal/commands/download.py b/src/pip/_internal/commands/download.py index 2139c8339f2..7ce091bd6c6 100644 --- a/src/pip/_internal/commands/download.py +++ b/src/pip/_internal/commands/download.py @@ -52,7 +52,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.no_use_pep517()) self.cmd_opts.add_option(cmdoptions.check_build_deps()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.upload_before()) + self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) self.cmd_opts.add_option( "-d", @@ -96,7 +96,7 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - upload_before=options.upload_before, + exclude_newer_than=options.exclude_newer_than, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/index.py b/src/pip/_internal/commands/index.py index 2e94eab4184..2d4571bc9f1 100644 --- a/src/pip/_internal/commands/index.py +++ b/src/pip/_internal/commands/index.py @@ -1,4 +1,7 @@ +from __future__ import annotations + import datetime +import json import logging from collections.abc import Iterable from optparse import Values @@ -38,7 +41,7 @@ def add_options(self) -> None: cmdoptions.add_target_python_options(self.cmd_opts) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.upload_before()) + self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) self.cmd_opts.add_option(cmdoptions.pre()) self.cmd_opts.add_option(cmdoptions.json()) self.cmd_opts.add_option(cmdoptions.no_binary()) @@ -85,7 +88,7 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, - upload_before: datetime.datetime | None = None, + exclude_newer_than: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to the index command. @@ -103,7 +106,7 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - upload_before=upload_before, + exclude_newer_than=exclude_newer_than, ) def get_available_package_versions(self, options: Values, args: list[Any]) -> None: @@ -119,7 +122,7 @@ def get_available_package_versions(self, options: Values, args: list[Any]) -> No session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - upload_before=options.upload_before, + exclude_newer_than=options.exclude_newer_than, ) versions: Iterable[Version] = ( diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py index c1c410bef57..0bcd90d28e0 100644 --- a/src/pip/_internal/commands/install.py +++ b/src/pip/_internal/commands/install.py @@ -208,7 +208,7 @@ def add_options(self) -> None: ), ) - self.cmd_opts.add_option(cmdoptions.upload_before()) + self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) self.cmd_opts.add_option(cmdoptions.no_build_isolation()) self.cmd_opts.add_option(cmdoptions.use_pep517()) @@ -347,7 +347,7 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - upload_before=options.upload_before, + exclude_newer_than=options.exclude_newer_than, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/list.py b/src/pip/_internal/commands/list.py index 8f1da2b0c84..8d1cf595bc4 100644 --- a/src/pip/_internal/commands/list.py +++ b/src/pip/_internal/commands/list.py @@ -145,8 +145,8 @@ def handle_pip_version_check(self, options: Values) -> None: def _build_package_finder( self, options: Values, - session: "PipSession", - ) -> "PackageFinder": + session: PipSession, + ) -> PackageFinder: """ Create a package finder appropriate to this list command. """ diff --git a/src/pip/_internal/commands/wheel.py b/src/pip/_internal/commands/wheel.py index 2a53333fa3b..b4424c327dc 100644 --- a/src/pip/_internal/commands/wheel.py +++ b/src/pip/_internal/commands/wheel.py @@ -65,7 +65,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.requirements()) self.cmd_opts.add_option(cmdoptions.src()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.upload_before()) + self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) self.cmd_opts.add_option(cmdoptions.no_deps()) self.cmd_opts.add_option(cmdoptions.progress_bar()) @@ -110,7 +110,7 @@ def run(self, options: Values, args: list[str]) -> int: finder = self._build_package_finder( options=options, session=session, - upload_before=options.upload_before, + exclude_newer_than=options.exclude_newer_than, ) options.wheel_dir = normalize_path(options.wheel_dir) diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index 104bec8eee6..7040127328d 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -1,5 +1,7 @@ """Routines related to PyPI, indexes""" +from __future__ import annotations +import datetime import enum import functools import itertools @@ -131,7 +133,7 @@ def __init__( target_python: TargetPython, allow_yanked: bool, ignore_requires_python: Optional[bool] = None, - upload_before: Optional[datetime.datetime] = None, + exclude_newer_than: Optional[datetime.datetime] = None, ) -> None: """ :param project_name: The user supplied package name. @@ -149,7 +151,7 @@ def __init__( :param ignore_requires_python: Whether to ignore incompatible PEP 503 "data-requires-python" values in HTML links. Defaults to False. - :param upload_before: If set, only allow links prior to the given date. + :param exclude_newer_than: If set, only allow links prior to the given date. """ if ignore_requires_python is None: ignore_requires_python = False @@ -159,7 +161,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._formats = formats self._target_python = target_python - self._upload_before = upload_before + self._exclude_newer_than = exclude_newer_than self.project_name = project_name @@ -178,9 +180,9 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: reason = link.yanked_reason or "" return (LinkType.yanked, f"yanked for reason: {reason}") - if link.upload_time is not None and self._upload_before is not None: - if link.upload_time > self._upload_before: - reason = f"Upload time {link.upload_time} after {self._upload_before}" + if link.upload_time is not None and self._exclude_newer_than is not None: + if link.upload_time > self._exclude_newer_than: + reason = f"Upload time {link.upload_time} after {self._exclude_newer_than}" return (LinkType.upload_too_late, reason) if link.egg_fragment: @@ -600,7 +602,7 @@ def __init__( format_control: Optional[FormatControl] = None, candidate_prefs: Optional[CandidatePreferences] = None, ignore_requires_python: Optional[bool] = None, - upload_before: Optional[datetime.datetime] = None, + exclude_newer_than: Optional[datetime.datetime] = None, ) -> None: """ This constructor is primarily meant to be used by the create() class @@ -622,7 +624,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._link_collector = link_collector self._target_python = target_python - self._upload_before = upload_before + self._exclude_newer_than = exclude_newer_than self.format_control = format_control @@ -646,7 +648,7 @@ def create( link_collector: LinkCollector, selection_prefs: SelectionPreferences, target_python: Optional[TargetPython] = None, - upload_before: Optional[datetime.datetime] = None, + exclude_newer_than: Optional[datetime.datetime] = None, ) -> "PackageFinder": """Create a PackageFinder. @@ -655,7 +657,7 @@ def create( :param target_python: The target Python interpreter to use when checking compatibility. If None (the default), a TargetPython object will be constructed from the running Python. - :param upload_before: If set, only find links prior to the given date. + :param exclude_newer_than: If set, only find links prior to the given date. """ if target_python is None: target_python = TargetPython() @@ -672,7 +674,7 @@ def create( allow_yanked=selection_prefs.allow_yanked, format_control=selection_prefs.format_control, ignore_requires_python=selection_prefs.ignore_requires_python, - upload_before=upload_before, + exclude_newer_than=exclude_newer_than, ) @property @@ -751,7 +753,7 @@ def make_link_evaluator(self, project_name: str) -> LinkEvaluator: target_python=self._target_python, allow_yanked=self._allow_yanked, ignore_requires_python=self._ignore_requires_python, - upload_before=self._upload_before, + exclude_newer_than=self._exclude_newer_than, ) def _sort_links(self, links: Iterable[Link]) -> list[Link]: diff --git a/src/pip/_internal/models/link.py b/src/pip/_internal/models/link.py index 6cf732dff1f..f6172e51008 100644 --- a/src/pip/_internal/models/link.py +++ b/src/pip/_internal/models/link.py @@ -1,3 +1,5 @@ +from __future__ import annotations + import datetime import functools import itertools From df750e331ea908fb0ec7aa9d6612148709006761 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:09:04 -0400 Subject: [PATCH 03/25] Make common parse_iso_time --- src/pip/_internal/models/link.py | 22 ++++++++++------------ src/pip/_internal/self_outdated_check.py | 12 ++---------- src/pip/_internal/utils/datetime.py | 14 ++++++++++++++ 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/src/pip/_internal/models/link.py b/src/pip/_internal/models/link.py index f6172e51008..07c06c0b102 100644 --- a/src/pip/_internal/models/link.py +++ b/src/pip/_internal/models/link.py @@ -8,14 +8,12 @@ import posixpath import re import urllib.parse +import urllib.request from collections.abc import Mapping from dataclasses import dataclass -from typing import ( - TYPE_CHECKING, - Any, - NamedTuple, -) +from typing import TYPE_CHECKING, Any, NamedTuple +from pip._internal.utils.datetime import parse_iso_datetime from pip._internal.utils.deprecation import deprecated from pip._internal.utils.filetypes import WHEEL_EXTENSION from pip._internal.utils.hashes import Hashes @@ -216,11 +214,11 @@ class Link: def __init__( self, url: str, - comes_from: Optional[Union[str, "IndexContent"]] = None, - requires_python: Optional[str] = None, - yanked_reason: Optional[str] = None, - metadata_file_data: Optional[MetadataFile] = None, - upload_time: Optional[datetime.datetime] = None, + comes_from: str | IndexContent | None = None, + requires_python: str | None = None, + yanked_reason: str | None = None, + metadata_file_data: MetadataFile | None = None, + upload_time: datetime.datetime | None = None, cache_link_parsing: bool = True, hashes: Mapping[str, str] | None = None, ) -> None: @@ -306,9 +304,9 @@ def from_json( if metadata_info is None: metadata_info = file_data.get("dist-info-metadata") - upload_time: Optional[datetime.datetime] + upload_time: datetime.datetime | None if upload_time_data := file_data.get("upload-time"): - upload_time = datetime.datetime.fromisoformat(upload_time_data) + upload_time = parse_iso_datetime(upload_time_data) else: upload_time = None diff --git a/src/pip/_internal/self_outdated_check.py b/src/pip/_internal/self_outdated_check.py index 5999ddb3737..79904d8905c 100644 --- a/src/pip/_internal/self_outdated_check.py +++ b/src/pip/_internal/self_outdated_check.py @@ -23,6 +23,7 @@ from pip._internal.models.selection_prefs import SelectionPreferences from pip._internal.network.session import PipSession from pip._internal.utils.compat import WINDOWS +from pip._internal.utils.datetime import parse_iso_datetime from pip._internal.utils.entrypoints import ( get_best_invocation_for_this_pip, get_best_invocation_for_this_python, @@ -50,15 +51,6 @@ def _get_statefile_name(key: str) -> str: return name -def _convert_date(isodate: str) -> datetime.datetime: - """Convert an ISO format string to a date. - - Handles the format 2020-01-22T14:24:01Z (trailing Z) - which is not supported by older versions of fromisoformat. - """ - return datetime.datetime.fromisoformat(isodate.replace("Z", "+00:00")) - - class SelfCheckState: def __init__(self, cache_dir: str) -> None: self._state: dict[str, Any] = {} @@ -93,7 +85,7 @@ def get(self, current_time: datetime.datetime) -> str | None: return None # Determine if we need to refresh the state - last_check = _convert_date(self._state["last_check"]) + last_check = parse_iso_datetime(self._state["last_check"]) time_since_last_check = current_time - last_check if time_since_last_check > _WEEK: return None diff --git a/src/pip/_internal/utils/datetime.py b/src/pip/_internal/utils/datetime.py index 776e49898f7..dfab713d9f0 100644 --- a/src/pip/_internal/utils/datetime.py +++ b/src/pip/_internal/utils/datetime.py @@ -1,6 +1,7 @@ """For when pip wants to check the date or time.""" import datetime +import sys def today_is_later_than(year: int, month: int, day: int) -> bool: @@ -8,3 +9,16 @@ def today_is_later_than(year: int, month: int, day: int) -> bool: given = datetime.date(year, month, day) return today > given + + +def parse_iso_datetime(isodate: str) -> datetime.datetime: + """Convert an ISO format string to a datetime. + + Handles the format 2020-01-22T14:24:01Z (trailing Z) + which is not supported by older versions of fromisoformat. + """ + # Python 3.11+ supports Z suffix natively in fromisoformat + if sys.version_info >= (3, 11): + return datetime.datetime.fromisoformat(isodate) + else: + return datetime.datetime.fromisoformat(isodate.replace("Z", "+00:00")) From 49deb0688eaacf1ec92616bf84ed61e78256d951 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:16:29 -0400 Subject: [PATCH 04/25] Add documentation on how to specify explicit timezone --- src/pip/_internal/cli/cmdoptions.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index c1aeecb495e..8570144745b 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -843,6 +843,9 @@ def _handle_exclude_newer_than( Process a value provided for the --exclude-newer-than option. This is an optparse.Option callback for the --exclude-newer-than option. + + Parses an ISO 8601 datetime string. If no timezone is specified in the string, + local timezone is used. """ if value is None: return None @@ -861,7 +864,12 @@ def _handle_exclude_newer_than( action="callback", callback=_handle_exclude_newer_than, type="str", - help="Exclude packages newer than given time. This should be an ISO 8601 string.", + help=( + "Exclude packages newer than given time. This should be an ISO 8601 string. " + "If no timezone is specified, local time is used. " + "For consistency across environments, specify the timezone explicitly " + "e.g., '2023-01-01T00:00:00Z' for UTC or '2023-01-01T00:00:00-05:00' for UTC-5." + ), ) no_build_isolation: Callable[..., Option] = partial( From f35d085e62cca939cd59e139256997f752e2b8d8 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:22:00 -0400 Subject: [PATCH 05/25] Add exclude-newer tests --- tests/functional/test_exclude_newer.py | 93 +++++++++++++++++ tests/unit/test_cmdoptions.py | 115 ++++++++++++++++++++- tests/unit/test_finder.py | 75 ++++++++++++++ tests/unit/test_index.py | 134 +++++++++++++++++++++++++ 4 files changed, 416 insertions(+), 1 deletion(-) create mode 100644 tests/functional/test_exclude_newer.py diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_exclude_newer.py new file mode 100644 index 00000000000..03dbe9707f0 --- /dev/null +++ b/tests/functional/test_exclude_newer.py @@ -0,0 +1,93 @@ +"""Tests for pip install --exclude-newer-than.""" + +from __future__ import annotations + +import pytest + +from tests.lib import PipTestEnvironment, TestData + + +class TestExcludeNewer: + """Test --exclude-newer-than functionality.""" + + def test_exclude_newer_than_invalid_date( + self, script: PipTestEnvironment, data: TestData + ) -> None: + """Test that --exclude-newer-than fails with invalid date format.""" + result = script.pip( + "install", + "--no-index", + "-f", + data.packages, + "--exclude-newer-than=invalid-date", + "simple", + expect_error=True, + ) + + # Should fail with date parsing error + assert "invalid" in result.stderr.lower() or "error" in result.stderr.lower() + + def test_exclude_newer_than_help_text(self, script: PipTestEnvironment) -> None: + """Test that --exclude-newer-than appears in help text.""" + result = script.pip("install", "--help") + assert "--exclude-newer-than" in result.stdout + assert "datetime" in result.stdout + + @pytest.mark.parametrize("command", ["install", "download", "wheel"]) + def test_exclude_newer_than_available_in_commands( + self, script: PipTestEnvironment, command: str + ) -> None: + """Test that --exclude-newer-than is available in relevant commands.""" + result = script.pip(command, "--help") + assert "--exclude-newer-than" in result.stdout + + @pytest.mark.network + def test_exclude_newer_than_with_real_pypi( + self, script: PipTestEnvironment + ) -> None: + """Test exclude-newer functionality against real PyPI with upload times.""" + # Use a small package with known old versions for testing + # requests 2.0.0 was released in 2013 + + # Test 1: With an old cutoff date, should find no matching versions + result = script.pip( + "install", + "--dry-run", + "--exclude-newer-than=2010-01-01T00:00:00", + "requests==2.0.0", + expect_error=True, + ) + # Should fail because requests 2.0.0 was uploaded after 2010 + assert "No matching distribution found" in result.stderr + + # Test 2: With a date that should find the package + result = script.pip( + "install", + "--dry-run", + "--exclude-newer-than=2030-01-01T00:00:00", + "requests==2.0.0", + expect_error=False, + ) + assert "Would install requests-2.0.0" in result.stdout + + @pytest.mark.network + def test_exclude_newer_than_date_formats(self, script: PipTestEnvironment) -> None: + """Test different date formats work with real PyPI.""" + # Test various date formats with a well known small package + formats = [ + "2030-01-01", + "2030-01-01T00:00:00", + "2030-01-01T00:00:00+00:00", + "2030-01-01T00:00:00-05:00", + ] + + for date_format in formats: + result = script.pip( + "install", + "--dry-run", + f"--exclude-newer-than={date_format}", + "requests==2.0.0", + expect_error=False, + ) + # All dates should allow the package + assert "Would install requests-2.0.0" in result.stdout diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index 9f7e01e3cf4..8d46979caf4 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -1,12 +1,18 @@ from __future__ import annotations +import datetime import os +from collections.abc import Callable +from optparse import Option, OptionParser, Values from pathlib import Path from venv import EnvBuilder import pytest -from pip._internal.cli.cmdoptions import _convert_python_version +from pip._internal.cli.cmdoptions import ( + _convert_python_version, + _handle_exclude_newer_than, +) from pip._internal.cli.main_parser import identify_python_interpreter @@ -51,3 +57,110 @@ def test_identify_python_interpreter_venv(tmpdir: Path) -> None: # Passing a non-existent file returns None assert identify_python_interpreter(str(tmpdir / "nonexistent")) is None + + +@pytest.mark.parametrize( + "value, expected_check", + [ + # Test with timezone info (should be preserved exactly) + ( + "2023-01-01T00:00:00+00:00", + lambda dt: dt + == datetime.datetime(2023, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + ), + ( + "2023-01-01T12:00:00-05:00", + lambda dt: ( + dt + == datetime.datetime( + *(2023, 1, 1, 12, 0, 0), + tzinfo=datetime.timezone(datetime.timedelta(hours=-5)), + ) + ), + ), + ], +) +def test_handle_exclude_newer_than_with_timezone( + value: str, expected_check: Callable[[datetime.datetime], bool] +) -> None: + """Test that timezone-aware ISO 8601 date strings are parsed correctly.""" + option = Option("--exclude-newer-than", dest="exclude_newer_than") + opt = "--exclude-newer-than" + parser = OptionParser() + parser.values = Values() + + _handle_exclude_newer_than(option, opt, value, parser) + + result = parser.values.exclude_newer_than + assert isinstance(result, datetime.datetime) + assert expected_check(result) + + +@pytest.mark.parametrize( + "value, expected_date_time", + [ + # Test basic ISO 8601 formats (timezone-naive, will get local timezone) + ("2023-01-01T00:00:00", (2023, 1, 1, 0, 0, 0)), + ("2023-12-31T23:59:59", (2023, 12, 31, 23, 59, 59)), + # Test date only (will be extended to midnight) + ("2023-01-01", (2023, 1, 1, 0, 0, 0)), + ], +) +def test_handle_exclude_newer_than_naive_dates( + value: str, expected_date_time: tuple[int, int, int, int, int, int] +) -> None: + """Test that timezone-naive ISO 8601 date strings get local timezone applied.""" + option = Option("--exclude-newer-than", dest="exclude_newer_than") + opt = "--exclude-newer-than" + parser = OptionParser() + parser.values = Values() + + _handle_exclude_newer_than(option, opt, value, parser) + + result = parser.values.exclude_newer_than + assert isinstance(result, datetime.datetime) + + # Check that the date/time components match + ( + expected_year, + expected_month, + expected_day, + expected_hour, + expected_minute, + expected_second, + ) = expected_date_time + assert result.year == expected_year + assert result.month == expected_month + assert result.day == expected_day + assert result.hour == expected_hour + assert result.minute == expected_minute + assert result.second == expected_second + + # Check that local timezone was applied (result should not be timezone-naive) + assert result.tzinfo is not None + + # Verify it's equivalent to creating the same datetime and applying local timezone + naive_dt = datetime.datetime(*expected_date_time) + expected_with_local_tz = naive_dt.astimezone() + assert result == expected_with_local_tz + + +@pytest.mark.parametrize( + "invalid_value", + [ + "not-a-date", + "2023-13-01", # Invalid month + "2023-01-32", # Invalid day + "2023-01-01T25:00:00", # Invalid hour + "", # Empty string + ], +) +def test_handle_exclude_newer_than_invalid_dates(invalid_value: str) -> None: + """Test that invalid date strings raise ValueError.""" + option = Option("--exclude-newer-than", dest="exclude_newer_than") + opt = "--exclude-newer-than" + parser = OptionParser() + parser.values = Values() + + with pytest.raises(ValueError): + _handle_exclude_newer_than(option, opt, invalid_value, parser) diff --git a/tests/unit/test_finder.py b/tests/unit/test_finder.py index b93a576f0af..e5b9aca4786 100644 --- a/tests/unit/test_finder.py +++ b/tests/unit/test_finder.py @@ -1,3 +1,4 @@ +import datetime import logging from collections.abc import Iterable from unittest.mock import Mock, patch @@ -11,14 +12,19 @@ import pip._internal.utils.compatibility_tags from pip._internal.exceptions import BestVersionAlreadyInstalled, DistributionNotFound +from pip._internal.index.collector import LinkCollector from pip._internal.index.package_finder import ( CandidateEvaluator, InstallationCandidate, Link, LinkEvaluator, LinkType, + PackageFinder, ) +from pip._internal.models.search_scope import SearchScope +from pip._internal.models.selection_prefs import SelectionPreferences from pip._internal.models.target_python import TargetPython +from pip._internal.network.session import PipSession from pip._internal.req.constructors import install_req_from_line from tests.lib import TestData, make_test_finder @@ -575,3 +581,72 @@ def test_find_all_candidates_find_links_and_index(data: TestData) -> None: versions = finder.find_all_candidates("simple") # first the find-links versions then the page versions assert [str(v.version) for v in versions] == ["3.0", "2.0", "1.0", "1.0"] + + +class TestPackageFinderExcludeNewerThan: + """Test PackageFinder integration with exclude_newer_than functionality.""" + + def test_package_finder_create_with_exclude_newer_than(self) -> None: + """Test that PackageFinder.create() accepts exclude_newer_than parameter.""" + session = PipSession() + search_scope = SearchScope([], [], no_index=False) + link_collector = LinkCollector(session, search_scope) + selection_prefs = SelectionPreferences( + allow_yanked=False, + allow_all_prereleases=False, + ) + exclude_newer_than = datetime.datetime( + 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc + ) + + finder = PackageFinder.create( + link_collector=link_collector, + selection_prefs=selection_prefs, + exclude_newer_than=exclude_newer_than, + ) + + assert finder._exclude_newer_than == exclude_newer_than + + def test_package_finder_make_link_evaluator_with_exclude_newer_than(self) -> None: + """Test that PackageFinder creates LinkEvaluator with exclude_newer_than.""" + + session = PipSession() + search_scope = SearchScope([], [], no_index=False) + link_collector = LinkCollector(session, search_scope) + selection_prefs = SelectionPreferences( + allow_yanked=False, + allow_all_prereleases=False, + ) + exclude_newer_than = datetime.datetime( + 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc + ) + + finder = PackageFinder.create( + link_collector=link_collector, + selection_prefs=selection_prefs, + exclude_newer_than=exclude_newer_than, + ) + + link_evaluator = finder.make_link_evaluator("test-package") + assert link_evaluator._exclude_newer_than == exclude_newer_than + + def test_package_finder_exclude_newer_than_none(self) -> None: + """Test that PackageFinder works correctly when exclude_newer_than is None.""" + session = PipSession() + search_scope = SearchScope([], [], no_index=False) + link_collector = LinkCollector(session, search_scope) + selection_prefs = SelectionPreferences( + allow_yanked=False, + allow_all_prereleases=False, + ) + + finder = PackageFinder.create( + link_collector=link_collector, + selection_prefs=selection_prefs, + exclude_newer_than=None, + ) + + assert finder._exclude_newer_than is None + + link_evaluator = finder.make_link_evaluator("test-package") + assert link_evaluator._exclude_newer_than is None diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index e571b441f9d..6691a600348 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -1,5 +1,6 @@ from __future__ import annotations +import datetime import logging import pytest @@ -365,6 +366,139 @@ def test_filter_unallowed_hashes__log_message_with_no_match( check_caplog(caplog, "DEBUG", expected_message) +class TestLinkEvaluatorExcludeNewerThan: + """Test the exclude_newer_than functionality in LinkEvaluator.""" + + def make_test_link_evaluator( + self, exclude_newer_than: datetime.datetime | None = None + ) -> LinkEvaluator: + """Create a LinkEvaluator for testing.""" + target_python = TargetPython() + return LinkEvaluator( + project_name="myproject", + canonical_name="myproject", + formats=frozenset(["source", "binary"]), + target_python=target_python, + allow_yanked=True, + exclude_newer_than=exclude_newer_than, + ) + + @pytest.mark.parametrize( + "upload_time, exclude_newer_than, expected_result", + [ + # Test case: upload time is before the cutoff (should be accepted) + ( + datetime.datetime(2023, 1, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), + datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + (LinkType.candidate, "1.0"), + ), + # Test case: upload time is after the cutoff (should be rejected) + ( + datetime.datetime(2023, 8, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), + datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + ( + LinkType.upload_too_late, + "Upload time 2023-08-01 12:00:00+00:00 after " + "2023-06-01 00:00:00+00:00", + ), + ), + # Test case: upload time equals the cutoff (should be accepted) + ( + datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + (LinkType.candidate, "1.0"), + ), + # Test case: no exclude_newer_than set (should be accepted) + ( + datetime.datetime(2023, 8, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), + None, + (LinkType.candidate, "1.0"), + ), + ], + ) + def test_evaluate_link_exclude_newer_than( + self, + upload_time: datetime.datetime, + exclude_newer_than: datetime.datetime | None, + expected_result: tuple[LinkType, str], + ) -> None: + """Test that links are properly filtered by upload time.""" + evaluator = self.make_test_link_evaluator(exclude_newer_than) + link = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=upload_time, + ) + + actual = evaluator.evaluate_link(link) + assert actual == expected_result + + def test_evaluate_link_no_upload_time(self) -> None: + """Test that links with no upload time are not filtered.""" + exclude_newer_than = datetime.datetime( + 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc + ) + evaluator = self.make_test_link_evaluator(exclude_newer_than) + + # Link with no upload_time should not be filtered + link = Link("https://example.com/myproject-1.0.tar.gz") + actual = evaluator.evaluate_link(link) + + # Should be accepted as candidate (assuming no other issues) + assert actual[0] == LinkType.candidate + assert actual[1] == "1.0" + + def test_evaluate_link_timezone_handling(self) -> None: + """Test that timezone-aware datetimes are handled correctly.""" + # Set cutoff time in UTC + exclude_newer_than = datetime.datetime( + 2023, 6, 1, 12, 0, 0, tzinfo=datetime.timezone.utc + ) + evaluator = self.make_test_link_evaluator(exclude_newer_than) + + # Test upload time in different timezone (earlier in UTC) + upload_time_est = datetime.datetime( + *(2023, 6, 1, 10, 0, 0), + tzinfo=datetime.timezone(datetime.timedelta(hours=-5)), # EST + ) + link = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=upload_time_est, + ) + + actual = evaluator.evaluate_link(link) + # 10:00 EST = 15:00 UTC, which is after 12:00 UTC cutoff + assert actual[0] == LinkType.upload_too_late + + @pytest.mark.parametrize( + "exclude_newer_than", + [ + datetime.datetime(2023, 6, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), + datetime.datetime( + *(2023, 6, 1, 12, 0, 0), + tzinfo=datetime.timezone(datetime.timedelta(hours=2)), + ), + ], + ) + def test_exclude_newer_than_different_timezone_formats( + self, exclude_newer_than: datetime.datetime + ) -> None: + """Test that different timezone formats for exclude_newer_than work.""" + evaluator = self.make_test_link_evaluator(exclude_newer_than) + + # Create a link with upload time clearly after the cutoff + upload_time = datetime.datetime( + 2023, 12, 31, 23, 59, 59, tzinfo=datetime.timezone.utc + ) + link = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=upload_time, + ) + + actual = evaluator.evaluate_link(link) + # Should be rejected regardless of timezone format + assert actual[0] == LinkType.upload_too_late + + class TestCandidateEvaluator: @pytest.mark.parametrize( "allow_all_prereleases, prefer_binary", From 5e7e259e438085bff41a252323d62a63fb6bc701 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:29:45 -0400 Subject: [PATCH 06/25] Pass exclude-newer-than to isolated build install --- src/pip/_internal/build_env.py | 2 ++ src/pip/_internal/index/package_finder.py | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/src/pip/_internal/build_env.py b/src/pip/_internal/build_env.py index f28d862f279..144609122d7 100644 --- a/src/pip/_internal/build_env.py +++ b/src/pip/_internal/build_env.py @@ -230,6 +230,8 @@ def install( # in the isolated build environment extra_environ = {"extra_environ": {"_PIP_IN_BUILD_IGNORE_CONSTRAINTS": "1"}} + if finder.exclude_newer_than: + args.extend(["--exclude-newer-than", finder.exclude_newer_than.isoformat()]) args.append("--") args.extend(requirements) diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index 7040127328d..bc6e74e7b9d 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -734,6 +734,10 @@ def prefer_binary(self) -> bool: def set_prefer_binary(self) -> None: self._candidate_prefs.prefer_binary = True + @property + def exclude_newer_than(self) -> datetime.datetime | None: + return self._exclude_newer_than + def requires_python_skipped_reasons(self) -> list[str]: reasons = { detail From 67102a61f90430ca121c46601ab3b33a4840943f Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:30:05 -0400 Subject: [PATCH 07/25] NEWS ENTRY --- news/13520.feature.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/13520.feature.rst diff --git a/news/13520.feature.rst b/news/13520.feature.rst new file mode 100644 index 00000000000..6752d128f9a --- /dev/null +++ b/news/13520.feature.rst @@ -0,0 +1 @@ +Add ``--exclude-newer-than`` option to exclude packages uploaded after a given date. From 719f2bd289567d41db36dcb78672e9357adc67e4 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 5 Aug 2025 22:34:10 -0400 Subject: [PATCH 08/25] Fix linting --- src/pip/_internal/index/package_finder.py | 23 +++++++++++++---------- tests/unit/test_cmdoptions.py | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index bc6e74e7b9d..ee0f04e0f85 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -1,4 +1,5 @@ """Routines related to PyPI, indexes""" + from __future__ import annotations import datetime @@ -132,8 +133,8 @@ def __init__( formats: frozenset[str], target_python: TargetPython, allow_yanked: bool, - ignore_requires_python: Optional[bool] = None, - exclude_newer_than: Optional[datetime.datetime] = None, + ignore_requires_python: bool | None = None, + exclude_newer_than: datetime.datetime | None = None, ) -> None: """ :param project_name: The user supplied package name. @@ -182,7 +183,9 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: if link.upload_time is not None and self._exclude_newer_than is not None: if link.upload_time > self._exclude_newer_than: - reason = f"Upload time {link.upload_time} after {self._exclude_newer_than}" + reason = ( + f"Upload time {link.upload_time} after {self._exclude_newer_than}" + ) return (LinkType.upload_too_late, reason) if link.egg_fragment: @@ -599,10 +602,10 @@ def __init__( link_collector: LinkCollector, target_python: TargetPython, allow_yanked: bool, - format_control: Optional[FormatControl] = None, - candidate_prefs: Optional[CandidatePreferences] = None, - ignore_requires_python: Optional[bool] = None, - exclude_newer_than: Optional[datetime.datetime] = None, + format_control: FormatControl | None = None, + candidate_prefs: CandidatePreferences | None = None, + ignore_requires_python: bool | None = None, + exclude_newer_than: datetime.datetime | None = None, ) -> None: """ This constructor is primarily meant to be used by the create() class @@ -647,9 +650,9 @@ def create( cls, link_collector: LinkCollector, selection_prefs: SelectionPreferences, - target_python: Optional[TargetPython] = None, - exclude_newer_than: Optional[datetime.datetime] = None, - ) -> "PackageFinder": + target_python: TargetPython | None = None, + exclude_newer_than: datetime.datetime | None = None, + ) -> PackageFinder: """Create a PackageFinder. :param selection_prefs: The candidate selection preferences, as a diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index 8d46979caf4..721ae1869eb 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -138,7 +138,7 @@ def test_handle_exclude_newer_than_naive_dates( # Check that local timezone was applied (result should not be timezone-naive) assert result.tzinfo is not None - + # Verify it's equivalent to creating the same datetime and applying local timezone naive_dt = datetime.datetime(*expected_date_time) expected_with_local_tz = naive_dt.astimezone() From a490cf66b99c2fe7640bdc5907776680a699fd33 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Fri, 8 Aug 2025 21:50:59 -0400 Subject: [PATCH 09/25] Add helpful error message on incorrect datetime format --- src/pip/_internal/cli/cmdoptions.py | 21 +++++++++++++++------ tests/unit/test_cmdoptions.py | 4 ++-- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index 8570144745b..96a35416bd0 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -11,7 +11,6 @@ # mypy: strict-optional=False from __future__ import annotations -import datetime import importlib.util import logging import os @@ -30,6 +29,7 @@ from pip._internal.models.format_control import FormatControl from pip._internal.models.index import PyPI from pip._internal.models.target_python import TargetPython +from pip._internal.utils.datetime import parse_iso_datetime from pip._internal.utils.hashes import STRONG_HASHES from pip._internal.utils.misc import strtobool @@ -849,11 +849,20 @@ def _handle_exclude_newer_than( """ if value is None: return None - exclude_newer_than = datetime.datetime.fromisoformat(value) - # Assume local timezone if no offset is given in the ISO string. - if exclude_newer_than.tzinfo is None: - exclude_newer_than = exclude_newer_than.astimezone() - parser.values.exclude_newer_than = exclude_newer_than + + try: + exclude_newer_than = parse_iso_datetime(value) + # Use local timezone if no offset is given in the ISO string. + if exclude_newer_than.tzinfo is None: + exclude_newer_than = exclude_newer_than.astimezone() + parser.values.exclude_newer_than = exclude_newer_than + except ValueError as exc: + msg = ( + f"invalid --exclude-newer-than value: {value!r}: {exc}. " + f"Expected an ISO 8601 datetime string, " + f"e.g '2023-01-01' or '2023-01-01T00:00:00Z'" + ) + raise_option_error(parser, option=option, msg=msg) exclude_newer_than: Callable[..., Option] = partial( diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index 721ae1869eb..b7a6cee8fcc 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -156,11 +156,11 @@ def test_handle_exclude_newer_than_naive_dates( ], ) def test_handle_exclude_newer_than_invalid_dates(invalid_value: str) -> None: - """Test that invalid date strings raise ValueError.""" + """Test that invalid date strings raise SystemExit via raise_option_error.""" option = Option("--exclude-newer-than", dest="exclude_newer_than") opt = "--exclude-newer-than" parser = OptionParser() parser.values = Values() - with pytest.raises(ValueError): + with pytest.raises(SystemExit): _handle_exclude_newer_than(option, opt, invalid_value, parser) From 2c8ecc780b4ba2ea48e83e34cc6d45f8c830d48e Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Thu, 14 Aug 2025 21:23:00 -0400 Subject: [PATCH 10/25] Update tests/functional/test_exclude_newer.py Co-authored-by: Richard Si --- tests/functional/test_exclude_newer.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_exclude_newer.py index 03dbe9707f0..8970f30a8fe 100644 --- a/tests/functional/test_exclude_newer.py +++ b/tests/functional/test_exclude_newer.py @@ -14,14 +14,8 @@ def test_exclude_newer_than_invalid_date( self, script: PipTestEnvironment, data: TestData ) -> None: """Test that --exclude-newer-than fails with invalid date format.""" - result = script.pip( - "install", - "--no-index", - "-f", - data.packages, - "--exclude-newer-than=invalid-date", - "simple", - expect_error=True, + result = script.pip_install_local( + "--exclude-newer-than=invalid-date", "simple", expect_error=True ) # Should fail with date parsing error From 264a0e4d435fb8ced798fbe7e656152d15ed7e9c Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Mon, 18 Aug 2025 20:59:03 -0400 Subject: [PATCH 11/25] Add `--no-deps` to request installs to not download unneeded packages --- tests/functional/test_exclude_newer.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_exclude_newer.py index 8970f30a8fe..37ce085a850 100644 --- a/tests/functional/test_exclude_newer.py +++ b/tests/functional/test_exclude_newer.py @@ -47,6 +47,7 @@ def test_exclude_newer_than_with_real_pypi( result = script.pip( "install", "--dry-run", + "--no-deps", "--exclude-newer-than=2010-01-01T00:00:00", "requests==2.0.0", expect_error=True, @@ -58,6 +59,7 @@ def test_exclude_newer_than_with_real_pypi( result = script.pip( "install", "--dry-run", + "--no-deps", "--exclude-newer-than=2030-01-01T00:00:00", "requests==2.0.0", expect_error=False, @@ -79,6 +81,7 @@ def test_exclude_newer_than_date_formats(self, script: PipTestEnvironment) -> No result = script.pip( "install", "--dry-run", + "--no-deps", f"--exclude-newer-than={date_format}", "requests==2.0.0", expect_error=False, From 6e982de1b23f075695882170cadc20f7af6fbc7c Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Mon, 18 Aug 2025 20:59:55 -0400 Subject: [PATCH 12/25] Remove excessive functional tests --- tests/functional/test_exclude_newer.py | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_exclude_newer.py index 37ce085a850..d993f774f22 100644 --- a/tests/functional/test_exclude_newer.py +++ b/tests/functional/test_exclude_newer.py @@ -21,20 +21,6 @@ def test_exclude_newer_than_invalid_date( # Should fail with date parsing error assert "invalid" in result.stderr.lower() or "error" in result.stderr.lower() - def test_exclude_newer_than_help_text(self, script: PipTestEnvironment) -> None: - """Test that --exclude-newer-than appears in help text.""" - result = script.pip("install", "--help") - assert "--exclude-newer-than" in result.stdout - assert "datetime" in result.stdout - - @pytest.mark.parametrize("command", ["install", "download", "wheel"]) - def test_exclude_newer_than_available_in_commands( - self, script: PipTestEnvironment, command: str - ) -> None: - """Test that --exclude-newer-than is available in relevant commands.""" - result = script.pip(command, "--help") - assert "--exclude-newer-than" in result.stdout - @pytest.mark.network def test_exclude_newer_than_with_real_pypi( self, script: PipTestEnvironment From a892fbe69e8b77f7ee93ff285d600f82ea436f75 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Mon, 18 Aug 2025 21:12:29 -0400 Subject: [PATCH 13/25] Clean up test_finder tests --- tests/lib/__init__.py | 3 +++ tests/unit/test_finder.py | 46 +++------------------------------------ 2 files changed, 6 insertions(+), 43 deletions(-) diff --git a/tests/lib/__init__.py b/tests/lib/__init__.py index 78fe3604480..02cb08ed43b 100644 --- a/tests/lib/__init__.py +++ b/tests/lib/__init__.py @@ -1,5 +1,6 @@ from __future__ import annotations +import datetime import json import os import pathlib @@ -107,6 +108,7 @@ def make_test_finder( allow_all_prereleases: bool = False, session: PipSession | None = None, target_python: TargetPython | None = None, + exclude_newer_than: datetime.datetime | None = None, ) -> PackageFinder: """ Create a PackageFinder for testing purposes. @@ -125,6 +127,7 @@ def make_test_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, + exclude_newer_than=exclude_newer_than, ) diff --git a/tests/unit/test_finder.py b/tests/unit/test_finder.py index e5b9aca4786..475558aec39 100644 --- a/tests/unit/test_finder.py +++ b/tests/unit/test_finder.py @@ -12,19 +12,14 @@ import pip._internal.utils.compatibility_tags from pip._internal.exceptions import BestVersionAlreadyInstalled, DistributionNotFound -from pip._internal.index.collector import LinkCollector from pip._internal.index.package_finder import ( CandidateEvaluator, InstallationCandidate, Link, LinkEvaluator, LinkType, - PackageFinder, ) -from pip._internal.models.search_scope import SearchScope -from pip._internal.models.selection_prefs import SelectionPreferences from pip._internal.models.target_python import TargetPython -from pip._internal.network.session import PipSession from pip._internal.req.constructors import install_req_from_line from tests.lib import TestData, make_test_finder @@ -588,63 +583,28 @@ class TestPackageFinderExcludeNewerThan: def test_package_finder_create_with_exclude_newer_than(self) -> None: """Test that PackageFinder.create() accepts exclude_newer_than parameter.""" - session = PipSession() - search_scope = SearchScope([], [], no_index=False) - link_collector = LinkCollector(session, search_scope) - selection_prefs = SelectionPreferences( - allow_yanked=False, - allow_all_prereleases=False, - ) exclude_newer_than = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) - finder = PackageFinder.create( - link_collector=link_collector, - selection_prefs=selection_prefs, - exclude_newer_than=exclude_newer_than, - ) + finder = make_test_finder(exclude_newer_than=exclude_newer_than) assert finder._exclude_newer_than == exclude_newer_than def test_package_finder_make_link_evaluator_with_exclude_newer_than(self) -> None: """Test that PackageFinder creates LinkEvaluator with exclude_newer_than.""" - - session = PipSession() - search_scope = SearchScope([], [], no_index=False) - link_collector = LinkCollector(session, search_scope) - selection_prefs = SelectionPreferences( - allow_yanked=False, - allow_all_prereleases=False, - ) exclude_newer_than = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) - finder = PackageFinder.create( - link_collector=link_collector, - selection_prefs=selection_prefs, - exclude_newer_than=exclude_newer_than, - ) + finder = make_test_finder(exclude_newer_than=exclude_newer_than) link_evaluator = finder.make_link_evaluator("test-package") assert link_evaluator._exclude_newer_than == exclude_newer_than def test_package_finder_exclude_newer_than_none(self) -> None: """Test that PackageFinder works correctly when exclude_newer_than is None.""" - session = PipSession() - search_scope = SearchScope([], [], no_index=False) - link_collector = LinkCollector(session, search_scope) - selection_prefs = SelectionPreferences( - allow_yanked=False, - allow_all_prereleases=False, - ) - - finder = PackageFinder.create( - link_collector=link_collector, - selection_prefs=selection_prefs, - exclude_newer_than=None, - ) + finder = make_test_finder(exclude_newer_than=None) assert finder._exclude_newer_than is None From ce9ab0ac917c9994053cdc4cb7f24c3391d8a5e5 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Mon, 18 Aug 2025 21:42:45 -0400 Subject: [PATCH 14/25] Update `test_handle_exclude_newer_than_naive_dates` comparison --- tests/unit/test_cmdoptions.py | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index b7a6cee8fcc..c33eea49bb3 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -121,20 +121,7 @@ def test_handle_exclude_newer_than_naive_dates( assert isinstance(result, datetime.datetime) # Check that the date/time components match - ( - expected_year, - expected_month, - expected_day, - expected_hour, - expected_minute, - expected_second, - ) = expected_date_time - assert result.year == expected_year - assert result.month == expected_month - assert result.day == expected_day - assert result.hour == expected_hour - assert result.minute == expected_minute - assert result.second == expected_second + assert result.timetuple()[:6] == expected_date_time # Check that local timezone was applied (result should not be timezone-naive) assert result.tzinfo is not None From 798a66fea950dc46c7d0249bd88a40cc05fe558d Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Mon, 18 Aug 2025 21:51:41 -0400 Subject: [PATCH 15/25] Improve parameter formatting of `test_handle_exclude_newer_than_with_timezone` --- tests/unit/test_cmdoptions.py | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index c33eea49bb3..f5ae2eb2f87 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -2,7 +2,6 @@ import datetime import os -from collections.abc import Callable from optparse import Option, OptionParser, Values from pathlib import Path from venv import EnvBuilder @@ -60,28 +59,23 @@ def test_identify_python_interpreter_venv(tmpdir: Path) -> None: @pytest.mark.parametrize( - "value, expected_check", + "value, expected_datetime", [ - # Test with timezone info (should be preserved exactly) ( "2023-01-01T00:00:00+00:00", - lambda dt: dt - == datetime.datetime(2023, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), + datetime.datetime(2023, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), ), ( "2023-01-01T12:00:00-05:00", - lambda dt: ( - dt - == datetime.datetime( - *(2023, 1, 1, 12, 0, 0), - tzinfo=datetime.timezone(datetime.timedelta(hours=-5)), - ) + datetime.datetime( + *(2023, 1, 1, 12, 0, 0), + tzinfo=datetime.timezone(datetime.timedelta(hours=-5)), ), ), ], ) def test_handle_exclude_newer_than_with_timezone( - value: str, expected_check: Callable[[datetime.datetime], bool] + value: str, expected_datetime: datetime.datetime ) -> None: """Test that timezone-aware ISO 8601 date strings are parsed correctly.""" option = Option("--exclude-newer-than", dest="exclude_newer_than") @@ -93,7 +87,7 @@ def test_handle_exclude_newer_than_with_timezone( result = parser.values.exclude_newer_than assert isinstance(result, datetime.datetime) - assert expected_check(result) + assert result == expected_datetime @pytest.mark.parametrize( From 57e4210c064d15e6f54a49932172ee87e4be4410 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 19 Aug 2025 00:43:27 -0400 Subject: [PATCH 16/25] Get exclude_newer_than from option --- src/pip/_internal/cli/req_command.py | 4 +--- src/pip/_internal/commands/download.py | 1 - src/pip/_internal/commands/index.py | 5 +---- src/pip/_internal/commands/install.py | 1 - src/pip/_internal/commands/wheel.py | 1 - 5 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/pip/_internal/cli/req_command.py b/src/pip/_internal/cli/req_command.py index 794524eab1f..c4be3bf2af2 100644 --- a/src/pip/_internal/cli/req_command.py +++ b/src/pip/_internal/cli/req_command.py @@ -7,7 +7,6 @@ from __future__ import annotations -import datetime import logging import os from functools import partial @@ -352,7 +351,6 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, - exclude_newer_than: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to this requirement command. @@ -373,5 +371,5 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - exclude_newer_than=exclude_newer_than, + exclude_newer_than=options.exclude_newer_than, ) diff --git a/src/pip/_internal/commands/download.py b/src/pip/_internal/commands/download.py index 7ce091bd6c6..2bef93cd604 100644 --- a/src/pip/_internal/commands/download.py +++ b/src/pip/_internal/commands/download.py @@ -96,7 +96,6 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - exclude_newer_than=options.exclude_newer_than, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/index.py b/src/pip/_internal/commands/index.py index 2d4571bc9f1..408005dcfde 100644 --- a/src/pip/_internal/commands/index.py +++ b/src/pip/_internal/commands/index.py @@ -1,6 +1,5 @@ from __future__ import annotations -import datetime import json import logging from collections.abc import Iterable @@ -88,7 +87,6 @@ def _build_package_finder( session: PipSession, target_python: TargetPython | None = None, ignore_requires_python: bool | None = None, - exclude_newer_than: datetime.datetime | None = None, ) -> PackageFinder: """ Create a package finder appropriate to the index command. @@ -106,7 +104,7 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - exclude_newer_than=exclude_newer_than, + exclude_newer_than=options.exclude_newer_than, ) def get_available_package_versions(self, options: Values, args: list[Any]) -> None: @@ -122,7 +120,6 @@ def get_available_package_versions(self, options: Values, args: list[Any]) -> No session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - exclude_newer_than=options.exclude_newer_than, ) versions: Iterable[Version] = ( diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py index 0bcd90d28e0..0d6b1191350 100644 --- a/src/pip/_internal/commands/install.py +++ b/src/pip/_internal/commands/install.py @@ -347,7 +347,6 @@ def run(self, options: Values, args: list[str]) -> int: session=session, target_python=target_python, ignore_requires_python=options.ignore_requires_python, - exclude_newer_than=options.exclude_newer_than, ) build_tracker = self.enter_context(get_build_tracker()) diff --git a/src/pip/_internal/commands/wheel.py b/src/pip/_internal/commands/wheel.py index b4424c327dc..e81ee6bd055 100644 --- a/src/pip/_internal/commands/wheel.py +++ b/src/pip/_internal/commands/wheel.py @@ -110,7 +110,6 @@ def run(self, options: Values, args: list[str]) -> int: finder = self._build_package_finder( options=options, session=session, - exclude_newer_than=options.exclude_newer_than, ) options.wheel_dir = normalize_path(options.wheel_dir) From dba723cd97cf57b5e248afe42fc560afabc32aef Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 19 Aug 2025 00:43:53 -0400 Subject: [PATCH 17/25] Add exclude-newer-than to the lock command --- src/pip/_internal/commands/lock.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pip/_internal/commands/lock.py b/src/pip/_internal/commands/lock.py index 71d22007f1f..648f4899306 100644 --- a/src/pip/_internal/commands/lock.py +++ b/src/pip/_internal/commands/lock.py @@ -68,6 +68,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.src()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) + self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) self.cmd_opts.add_option(cmdoptions.no_build_isolation()) self.cmd_opts.add_option(cmdoptions.use_pep517()) self.cmd_opts.add_option(cmdoptions.no_use_pep517()) From f3346fcacb52aa7cf79708f061ed07d6f3f5513c Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 19 Aug 2025 00:49:29 -0400 Subject: [PATCH 18/25] Remove change in list, links, and wheel --- src/pip/_internal/commands/list.py | 4 +--- src/pip/_internal/commands/wheel.py | 5 +---- src/pip/_internal/models/link.py | 6 +++++- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/pip/_internal/commands/list.py b/src/pip/_internal/commands/list.py index 8d1cf595bc4..ad27e45ce93 100644 --- a/src/pip/_internal/commands/list.py +++ b/src/pip/_internal/commands/list.py @@ -143,9 +143,7 @@ def handle_pip_version_check(self, options: Values) -> None: super().handle_pip_version_check(options) def _build_package_finder( - self, - options: Values, - session: PipSession, + self, options: Values, session: PipSession ) -> PackageFinder: """ Create a package finder appropriate to this list command. diff --git a/src/pip/_internal/commands/wheel.py b/src/pip/_internal/commands/wheel.py index e81ee6bd055..5284ca8b81b 100644 --- a/src/pip/_internal/commands/wheel.py +++ b/src/pip/_internal/commands/wheel.py @@ -107,10 +107,7 @@ def run(self, options: Values, args: list[str]) -> int: session = self.get_default_session(options) - finder = self._build_package_finder( - options=options, - session=session, - ) + finder = self._build_package_finder(options, session) options.wheel_dir = normalize_path(options.wheel_dir) ensure_dir(options.wheel_dir) diff --git a/src/pip/_internal/models/link.py b/src/pip/_internal/models/link.py index 07c06c0b102..140f2cc47db 100644 --- a/src/pip/_internal/models/link.py +++ b/src/pip/_internal/models/link.py @@ -11,7 +11,11 @@ import urllib.request from collections.abc import Mapping from dataclasses import dataclass -from typing import TYPE_CHECKING, Any, NamedTuple +from typing import ( + TYPE_CHECKING, + Any, + NamedTuple, +) from pip._internal.utils.datetime import parse_iso_datetime from pip._internal.utils.deprecation import deprecated From 8ea6f774fd28017d5e3a4fdec784f6cbecd049b0 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Tue, 19 Aug 2025 10:01:10 -0400 Subject: [PATCH 19/25] Update docs and news items to make clear index needs to provide `upload-time` field --- news/13520.feature.rst | 3 ++- src/pip/_internal/cli/cmdoptions.py | 11 +++++++---- tests/functional/test_exclude_newer.py | 10 ++++++++-- tests/unit/test_finder.py | 5 ++++- tests/unit/test_index.py | 5 ++++- 5 files changed, 25 insertions(+), 9 deletions(-) diff --git a/news/13520.feature.rst b/news/13520.feature.rst index 6752d128f9a..0f6e2be599b 100644 --- a/news/13520.feature.rst +++ b/news/13520.feature.rst @@ -1 +1,2 @@ -Add ``--exclude-newer-than`` option to exclude packages uploaded after a given date. +Add ``--exclude-newer-than`` option to exclude packages uploaded after a given date, +only effective with indexes that provide upload-time metadata. diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index 96a35416bd0..11673ce86f9 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -846,6 +846,10 @@ def _handle_exclude_newer_than( Parses an ISO 8601 datetime string. If no timezone is specified in the string, local timezone is used. + + Note: This option only works with indexes that provide upload-time metadata + as specified in the simple repository API: + https://packaging.python.org/en/latest/specifications/simple-repository-api/ """ if value is None: return None @@ -874,10 +878,9 @@ def _handle_exclude_newer_than( callback=_handle_exclude_newer_than, type="str", help=( - "Exclude packages newer than given time. This should be an ISO 8601 string. " - "If no timezone is specified, local time is used. " - "For consistency across environments, specify the timezone explicitly " - "e.g., '2023-01-01T00:00:00Z' for UTC or '2023-01-01T00:00:00-05:00' for UTC-5." + "Exclude packages newer than given time. Accepts ISO 8601 strings " + "(e.g., '2023-01-01T00:00:00Z'). Uses local timezone if none specified. " + "Only effective when installing from indexes that provide upload-time metadata." ), ) diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_exclude_newer.py index d993f774f22..c1d0ffecedc 100644 --- a/tests/functional/test_exclude_newer.py +++ b/tests/functional/test_exclude_newer.py @@ -1,4 +1,7 @@ -"""Tests for pip install --exclude-newer-than.""" +"""Tests for pip install --exclude-newer-than. + +Only effective with indexes that provide upload-time metadata. +""" from __future__ import annotations @@ -8,7 +11,10 @@ class TestExcludeNewer: - """Test --exclude-newer-than functionality.""" + """Test --exclude-newer-than functionality. + + Only effective with indexes that provide upload-time metadata. + """ def test_exclude_newer_than_invalid_date( self, script: PipTestEnvironment, data: TestData diff --git a/tests/unit/test_finder.py b/tests/unit/test_finder.py index 475558aec39..259da71b531 100644 --- a/tests/unit/test_finder.py +++ b/tests/unit/test_finder.py @@ -579,7 +579,10 @@ def test_find_all_candidates_find_links_and_index(data: TestData) -> None: class TestPackageFinderExcludeNewerThan: - """Test PackageFinder integration with exclude_newer_than functionality.""" + """Test PackageFinder integration with exclude_newer_than functionality. + + Only effective with indexes that provide upload-time metadata. + """ def test_package_finder_create_with_exclude_newer_than(self) -> None: """Test that PackageFinder.create() accepts exclude_newer_than parameter.""" diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index 6691a600348..8a8c5d95bbe 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -367,7 +367,10 @@ def test_filter_unallowed_hashes__log_message_with_no_match( class TestLinkEvaluatorExcludeNewerThan: - """Test the exclude_newer_than functionality in LinkEvaluator.""" + """Test the exclude_newer_than functionality in LinkEvaluator. + + Only effective with indexes that provide upload-time metadata. + """ def make_test_link_evaluator( self, exclude_newer_than: datetime.datetime | None = None From 2a9f0ea0b272b07c38423742a5e4c793a2055b8d Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Thu, 21 Aug 2025 09:48:08 -0400 Subject: [PATCH 20/25] Change name to uploaded prior to --- news/13520.feature.rst | 4 +- src/pip/_internal/build_env.py | 4 +- src/pip/_internal/cli/cmdoptions.py | 31 ++++--- src/pip/_internal/cli/req_command.py | 2 +- src/pip/_internal/commands/download.py | 2 +- src/pip/_internal/commands/index.py | 4 +- src/pip/_internal/commands/install.py | 2 +- src/pip/_internal/commands/lock.py | 2 +- src/pip/_internal/commands/wheel.py | 2 +- src/pip/_internal/index/package_finder.py | 31 +++---- ...ude_newer.py => test_uploaded_prior_to.py} | 29 +++---- tests/lib/__init__.py | 4 +- tests/unit/test_cmdoptions.py | 30 +++---- tests/unit/test_finder.py | 34 ++++---- tests/unit/test_index.py | 84 ++++++++++++++----- 15 files changed, 152 insertions(+), 113 deletions(-) rename tests/functional/{test_exclude_newer.py => test_uploaded_prior_to.py} (70%) diff --git a/news/13520.feature.rst b/news/13520.feature.rst index 0f6e2be599b..54c272bba79 100644 --- a/news/13520.feature.rst +++ b/news/13520.feature.rst @@ -1,2 +1,2 @@ -Add ``--exclude-newer-than`` option to exclude packages uploaded after a given date, -only effective with indexes that provide upload-time metadata. +Add ``--uploaded-prior-to`` option to only consider packages uploaded prior to +a given datetime when the ``upload-time`` field is available from an index. diff --git a/src/pip/_internal/build_env.py b/src/pip/_internal/build_env.py index 144609122d7..307c5f9de2a 100644 --- a/src/pip/_internal/build_env.py +++ b/src/pip/_internal/build_env.py @@ -230,8 +230,8 @@ def install( # in the isolated build environment extra_environ = {"extra_environ": {"_PIP_IN_BUILD_IGNORE_CONSTRAINTS": "1"}} - if finder.exclude_newer_than: - args.extend(["--exclude-newer-than", finder.exclude_newer_than.isoformat()]) + if finder.uploaded_prior_to: + args.extend(["--uploaded-prior-to", finder.uploaded_prior_to.isoformat()]) args.append("--") args.extend(requirements) diff --git a/src/pip/_internal/cli/cmdoptions.py b/src/pip/_internal/cli/cmdoptions.py index 11673ce86f9..73e25e36032 100644 --- a/src/pip/_internal/cli/cmdoptions.py +++ b/src/pip/_internal/cli/cmdoptions.py @@ -836,13 +836,11 @@ def _handle_dependency_group( ) -def _handle_exclude_newer_than( +def _handle_uploaded_prior_to( option: Option, opt: str, value: str, parser: OptionParser ) -> None: """ - Process a value provided for the --exclude-newer-than option. - - This is an optparse.Option callback for the --exclude-newer-than option. + This is an optparse.Option callback for the --uploaded-prior-to option. Parses an ISO 8601 datetime string. If no timezone is specified in the string, local timezone is used. @@ -855,32 +853,33 @@ def _handle_exclude_newer_than( return None try: - exclude_newer_than = parse_iso_datetime(value) + uploaded_prior_to = parse_iso_datetime(value) # Use local timezone if no offset is given in the ISO string. - if exclude_newer_than.tzinfo is None: - exclude_newer_than = exclude_newer_than.astimezone() - parser.values.exclude_newer_than = exclude_newer_than + if uploaded_prior_to.tzinfo is None: + uploaded_prior_to = uploaded_prior_to.astimezone() + parser.values.uploaded_prior_to = uploaded_prior_to except ValueError as exc: msg = ( - f"invalid --exclude-newer-than value: {value!r}: {exc}. " + f"invalid --uploaded-prior-to value: {value!r}: {exc}. " f"Expected an ISO 8601 datetime string, " f"e.g '2023-01-01' or '2023-01-01T00:00:00Z'" ) raise_option_error(parser, option=option, msg=msg) -exclude_newer_than: Callable[..., Option] = partial( +uploaded_prior_to: Callable[..., Option] = partial( Option, - "--exclude-newer-than", - dest="exclude_newer_than", + "--uploaded-prior-to", + dest="uploaded_prior_to", metavar="datetime", action="callback", - callback=_handle_exclude_newer_than, + callback=_handle_uploaded_prior_to, type="str", help=( - "Exclude packages newer than given time. Accepts ISO 8601 strings " - "(e.g., '2023-01-01T00:00:00Z'). Uses local timezone if none specified. " - "Only effective when installing from indexes that provide upload-time metadata." + "Only consider packages uploaded prior to the given date time. " + "Accepts ISO 8601 strings (e.g., '2023-01-01T00:00:00Z'). " + "Uses local timezone if none specified. Only effective when " + "installing from indexes that provide upload-time metadata." ), ) diff --git a/src/pip/_internal/cli/req_command.py b/src/pip/_internal/cli/req_command.py index c4be3bf2af2..44aee20e819 100644 --- a/src/pip/_internal/cli/req_command.py +++ b/src/pip/_internal/cli/req_command.py @@ -371,5 +371,5 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - exclude_newer_than=options.exclude_newer_than, + uploaded_prior_to=options.uploaded_prior_to, ) diff --git a/src/pip/_internal/commands/download.py b/src/pip/_internal/commands/download.py index 2bef93cd604..6a4752ad710 100644 --- a/src/pip/_internal/commands/download.py +++ b/src/pip/_internal/commands/download.py @@ -52,7 +52,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.no_use_pep517()) self.cmd_opts.add_option(cmdoptions.check_build_deps()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) + self.cmd_opts.add_option(cmdoptions.uploaded_prior_to()) self.cmd_opts.add_option( "-d", diff --git a/src/pip/_internal/commands/index.py b/src/pip/_internal/commands/index.py index 408005dcfde..b53099452e0 100644 --- a/src/pip/_internal/commands/index.py +++ b/src/pip/_internal/commands/index.py @@ -40,7 +40,7 @@ def add_options(self) -> None: cmdoptions.add_target_python_options(self.cmd_opts) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) + self.cmd_opts.add_option(cmdoptions.uploaded_prior_to()) self.cmd_opts.add_option(cmdoptions.pre()) self.cmd_opts.add_option(cmdoptions.json()) self.cmd_opts.add_option(cmdoptions.no_binary()) @@ -104,7 +104,7 @@ def _build_package_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - exclude_newer_than=options.exclude_newer_than, + uploaded_prior_to=options.uploaded_prior_to, ) def get_available_package_versions(self, options: Values, args: list[Any]) -> None: diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py index 0d6b1191350..97103f8651c 100644 --- a/src/pip/_internal/commands/install.py +++ b/src/pip/_internal/commands/install.py @@ -208,7 +208,7 @@ def add_options(self) -> None: ), ) - self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) + self.cmd_opts.add_option(cmdoptions.uploaded_prior_to()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) self.cmd_opts.add_option(cmdoptions.no_build_isolation()) self.cmd_opts.add_option(cmdoptions.use_pep517()) diff --git a/src/pip/_internal/commands/lock.py b/src/pip/_internal/commands/lock.py index 648f4899306..ee0c464c809 100644 --- a/src/pip/_internal/commands/lock.py +++ b/src/pip/_internal/commands/lock.py @@ -68,7 +68,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.src()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) + self.cmd_opts.add_option(cmdoptions.uploaded_prior_to()) self.cmd_opts.add_option(cmdoptions.no_build_isolation()) self.cmd_opts.add_option(cmdoptions.use_pep517()) self.cmd_opts.add_option(cmdoptions.no_use_pep517()) diff --git a/src/pip/_internal/commands/wheel.py b/src/pip/_internal/commands/wheel.py index 5284ca8b81b..4cef8973061 100644 --- a/src/pip/_internal/commands/wheel.py +++ b/src/pip/_internal/commands/wheel.py @@ -65,7 +65,7 @@ def add_options(self) -> None: self.cmd_opts.add_option(cmdoptions.requirements()) self.cmd_opts.add_option(cmdoptions.src()) self.cmd_opts.add_option(cmdoptions.ignore_requires_python()) - self.cmd_opts.add_option(cmdoptions.exclude_newer_than()) + self.cmd_opts.add_option(cmdoptions.uploaded_prior_to()) self.cmd_opts.add_option(cmdoptions.no_deps()) self.cmd_opts.add_option(cmdoptions.progress_bar()) diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index ee0f04e0f85..6517a4b63d7 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -134,7 +134,7 @@ def __init__( target_python: TargetPython, allow_yanked: bool, ignore_requires_python: bool | None = None, - exclude_newer_than: datetime.datetime | None = None, + uploaded_prior_to: datetime.datetime | None = None, ) -> None: """ :param project_name: The user supplied package name. @@ -152,7 +152,8 @@ def __init__( :param ignore_requires_python: Whether to ignore incompatible PEP 503 "data-requires-python" values in HTML links. Defaults to False. - :param exclude_newer_than: If set, only allow links prior to the given date. + :param uploaded_prior_to: If set, only allow links uploaded prior to + the given datetime. """ if ignore_requires_python is None: ignore_requires_python = False @@ -162,7 +163,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._formats = formats self._target_python = target_python - self._exclude_newer_than = exclude_newer_than + self._uploaded_prior_to = uploaded_prior_to self.project_name = project_name @@ -181,10 +182,11 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: reason = link.yanked_reason or "" return (LinkType.yanked, f"yanked for reason: {reason}") - if link.upload_time is not None and self._exclude_newer_than is not None: - if link.upload_time > self._exclude_newer_than: + if link.upload_time is not None and self._uploaded_prior_to is not None: + if link.upload_time >= self._uploaded_prior_to: reason = ( - f"Upload time {link.upload_time} after {self._exclude_newer_than}" + f"Upload time {link.upload_time} not " + f"prior to {self._uploaded_prior_to}" ) return (LinkType.upload_too_late, reason) @@ -605,7 +607,7 @@ def __init__( format_control: FormatControl | None = None, candidate_prefs: CandidatePreferences | None = None, ignore_requires_python: bool | None = None, - exclude_newer_than: datetime.datetime | None = None, + uploaded_prior_to: datetime.datetime | None = None, ) -> None: """ This constructor is primarily meant to be used by the create() class @@ -627,7 +629,7 @@ def __init__( self._ignore_requires_python = ignore_requires_python self._link_collector = link_collector self._target_python = target_python - self._exclude_newer_than = exclude_newer_than + self._uploaded_prior_to = uploaded_prior_to self.format_control = format_control @@ -651,7 +653,7 @@ def create( link_collector: LinkCollector, selection_prefs: SelectionPreferences, target_python: TargetPython | None = None, - exclude_newer_than: datetime.datetime | None = None, + uploaded_prior_to: datetime.datetime | None = None, ) -> PackageFinder: """Create a PackageFinder. @@ -660,7 +662,8 @@ def create( :param target_python: The target Python interpreter to use when checking compatibility. If None (the default), a TargetPython object will be constructed from the running Python. - :param exclude_newer_than: If set, only find links prior to the given date. + :param uploaded_prior_to: If set, only find links uploaded prior + to the given datetime. """ if target_python is None: target_python = TargetPython() @@ -677,7 +680,7 @@ def create( allow_yanked=selection_prefs.allow_yanked, format_control=selection_prefs.format_control, ignore_requires_python=selection_prefs.ignore_requires_python, - exclude_newer_than=exclude_newer_than, + uploaded_prior_to=uploaded_prior_to, ) @property @@ -738,8 +741,8 @@ def set_prefer_binary(self) -> None: self._candidate_prefs.prefer_binary = True @property - def exclude_newer_than(self) -> datetime.datetime | None: - return self._exclude_newer_than + def uploaded_prior_to(self) -> datetime.datetime | None: + return self._uploaded_prior_to def requires_python_skipped_reasons(self) -> list[str]: reasons = { @@ -760,7 +763,7 @@ def make_link_evaluator(self, project_name: str) -> LinkEvaluator: target_python=self._target_python, allow_yanked=self._allow_yanked, ignore_requires_python=self._ignore_requires_python, - exclude_newer_than=self._exclude_newer_than, + uploaded_prior_to=self._uploaded_prior_to, ) def _sort_links(self, links: Iterable[Link]) -> list[Link]: diff --git a/tests/functional/test_exclude_newer.py b/tests/functional/test_uploaded_prior_to.py similarity index 70% rename from tests/functional/test_exclude_newer.py rename to tests/functional/test_uploaded_prior_to.py index c1d0ffecedc..33053fa1712 100644 --- a/tests/functional/test_exclude_newer.py +++ b/tests/functional/test_uploaded_prior_to.py @@ -1,7 +1,4 @@ -"""Tests for pip install --exclude-newer-than. - -Only effective with indexes that provide upload-time metadata. -""" +"""Tests for pip install --uploaded-prior-to.""" from __future__ import annotations @@ -10,28 +7,26 @@ from tests.lib import PipTestEnvironment, TestData -class TestExcludeNewer: - """Test --exclude-newer-than functionality. +class TestUploadedPriorTo: + """Test --uploaded-prior-to functionality. Only effective with indexes that provide upload-time metadata. """ - def test_exclude_newer_than_invalid_date( + def test_uploaded_prior_to_invalid_date( self, script: PipTestEnvironment, data: TestData ) -> None: - """Test that --exclude-newer-than fails with invalid date format.""" + """Test that --uploaded-prior-to fails with invalid date format.""" result = script.pip_install_local( - "--exclude-newer-than=invalid-date", "simple", expect_error=True + "--uploaded-prior-to=invalid-date", "simple", expect_error=True ) # Should fail with date parsing error assert "invalid" in result.stderr.lower() or "error" in result.stderr.lower() @pytest.mark.network - def test_exclude_newer_than_with_real_pypi( - self, script: PipTestEnvironment - ) -> None: - """Test exclude-newer functionality against real PyPI with upload times.""" + def test_uploaded_prior_to_with_real_pypi(self, script: PipTestEnvironment) -> None: + """Test uploaded-prior-to functionality against real PyPI with upload times.""" # Use a small package with known old versions for testing # requests 2.0.0 was released in 2013 @@ -40,7 +35,7 @@ def test_exclude_newer_than_with_real_pypi( "install", "--dry-run", "--no-deps", - "--exclude-newer-than=2010-01-01T00:00:00", + "--uploaded-prior-to=2010-01-01T00:00:00", "requests==2.0.0", expect_error=True, ) @@ -52,14 +47,14 @@ def test_exclude_newer_than_with_real_pypi( "install", "--dry-run", "--no-deps", - "--exclude-newer-than=2030-01-01T00:00:00", + "--uploaded-prior-to=2030-01-01T00:00:00", "requests==2.0.0", expect_error=False, ) assert "Would install requests-2.0.0" in result.stdout @pytest.mark.network - def test_exclude_newer_than_date_formats(self, script: PipTestEnvironment) -> None: + def test_uploaded_prior_to_date_formats(self, script: PipTestEnvironment) -> None: """Test different date formats work with real PyPI.""" # Test various date formats with a well known small package formats = [ @@ -74,7 +69,7 @@ def test_exclude_newer_than_date_formats(self, script: PipTestEnvironment) -> No "install", "--dry-run", "--no-deps", - f"--exclude-newer-than={date_format}", + f"--uploaded-prior-to={date_format}", "requests==2.0.0", expect_error=False, ) diff --git a/tests/lib/__init__.py b/tests/lib/__init__.py index 02cb08ed43b..f3102db24e1 100644 --- a/tests/lib/__init__.py +++ b/tests/lib/__init__.py @@ -108,7 +108,7 @@ def make_test_finder( allow_all_prereleases: bool = False, session: PipSession | None = None, target_python: TargetPython | None = None, - exclude_newer_than: datetime.datetime | None = None, + uploaded_prior_to: datetime.datetime | None = None, ) -> PackageFinder: """ Create a PackageFinder for testing purposes. @@ -127,7 +127,7 @@ def make_test_finder( link_collector=link_collector, selection_prefs=selection_prefs, target_python=target_python, - exclude_newer_than=exclude_newer_than, + uploaded_prior_to=uploaded_prior_to, ) diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index f5ae2eb2f87..9316a603a95 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -10,7 +10,7 @@ from pip._internal.cli.cmdoptions import ( _convert_python_version, - _handle_exclude_newer_than, + _handle_uploaded_prior_to, ) from pip._internal.cli.main_parser import identify_python_interpreter @@ -74,18 +74,18 @@ def test_identify_python_interpreter_venv(tmpdir: Path) -> None: ), ], ) -def test_handle_exclude_newer_than_with_timezone( +def test_handle_uploaded_prior_to_with_timezone( value: str, expected_datetime: datetime.datetime ) -> None: """Test that timezone-aware ISO 8601 date strings are parsed correctly.""" - option = Option("--exclude-newer-than", dest="exclude_newer_than") - opt = "--exclude-newer-than" + option = Option("--uploaded-prior-to", dest="uploaded_prior_to") + opt = "--uploaded-prior-to" parser = OptionParser() parser.values = Values() - _handle_exclude_newer_than(option, opt, value, parser) + _handle_uploaded_prior_to(option, opt, value, parser) - result = parser.values.exclude_newer_than + result = parser.values.uploaded_prior_to assert isinstance(result, datetime.datetime) assert result == expected_datetime @@ -100,18 +100,18 @@ def test_handle_exclude_newer_than_with_timezone( ("2023-01-01", (2023, 1, 1, 0, 0, 0)), ], ) -def test_handle_exclude_newer_than_naive_dates( +def test_handle_uploaded_prior_to_naive_dates( value: str, expected_date_time: tuple[int, int, int, int, int, int] ) -> None: """Test that timezone-naive ISO 8601 date strings get local timezone applied.""" - option = Option("--exclude-newer-than", dest="exclude_newer_than") - opt = "--exclude-newer-than" + option = Option("--uploaded-prior-to", dest="uploaded_prior_to") + opt = "--uploaded-prior-to" parser = OptionParser() parser.values = Values() - _handle_exclude_newer_than(option, opt, value, parser) + _handle_uploaded_prior_to(option, opt, value, parser) - result = parser.values.exclude_newer_than + result = parser.values.uploaded_prior_to assert isinstance(result, datetime.datetime) # Check that the date/time components match @@ -136,12 +136,12 @@ def test_handle_exclude_newer_than_naive_dates( "", # Empty string ], ) -def test_handle_exclude_newer_than_invalid_dates(invalid_value: str) -> None: +def test_handle_uploaded_prior_to_invalid_dates(invalid_value: str) -> None: """Test that invalid date strings raise SystemExit via raise_option_error.""" - option = Option("--exclude-newer-than", dest="exclude_newer_than") - opt = "--exclude-newer-than" + option = Option("--uploaded-prior-to", dest="uploaded_prior_to") + opt = "--uploaded-prior-to" parser = OptionParser() parser.values = Values() with pytest.raises(SystemExit): - _handle_exclude_newer_than(option, opt, invalid_value, parser) + _handle_uploaded_prior_to(option, opt, invalid_value, parser) diff --git a/tests/unit/test_finder.py b/tests/unit/test_finder.py index 259da71b531..74f366b9af4 100644 --- a/tests/unit/test_finder.py +++ b/tests/unit/test_finder.py @@ -578,38 +578,38 @@ def test_find_all_candidates_find_links_and_index(data: TestData) -> None: assert [str(v.version) for v in versions] == ["3.0", "2.0", "1.0", "1.0"] -class TestPackageFinderExcludeNewerThan: - """Test PackageFinder integration with exclude_newer_than functionality. +class TestPackageFinderUploadedPriorTo: + """Test PackageFinder integration with uploaded_prior_to functionality. Only effective with indexes that provide upload-time metadata. """ - def test_package_finder_create_with_exclude_newer_than(self) -> None: - """Test that PackageFinder.create() accepts exclude_newer_than parameter.""" - exclude_newer_than = datetime.datetime( + def test_package_finder_create_with_uploaded_prior_to(self) -> None: + """Test that PackageFinder.create() accepts uploaded_prior_to parameter.""" + uploaded_prior_to = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) - finder = make_test_finder(exclude_newer_than=exclude_newer_than) + finder = make_test_finder(uploaded_prior_to=uploaded_prior_to) - assert finder._exclude_newer_than == exclude_newer_than + assert finder._uploaded_prior_to == uploaded_prior_to - def test_package_finder_make_link_evaluator_with_exclude_newer_than(self) -> None: - """Test that PackageFinder creates LinkEvaluator with exclude_newer_than.""" - exclude_newer_than = datetime.datetime( + def test_package_finder_make_link_evaluator_with_uploaded_prior_to(self) -> None: + """Test that PackageFinder creates LinkEvaluator with uploaded_prior_to.""" + uploaded_prior_to = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) - finder = make_test_finder(exclude_newer_than=exclude_newer_than) + finder = make_test_finder(uploaded_prior_to=uploaded_prior_to) link_evaluator = finder.make_link_evaluator("test-package") - assert link_evaluator._exclude_newer_than == exclude_newer_than + assert link_evaluator._uploaded_prior_to == uploaded_prior_to - def test_package_finder_exclude_newer_than_none(self) -> None: - """Test that PackageFinder works correctly when exclude_newer_than is None.""" - finder = make_test_finder(exclude_newer_than=None) + def test_package_finder_uploaded_prior_to_none(self) -> None: + """Test that PackageFinder works correctly when uploaded_prior_to is None.""" + finder = make_test_finder(uploaded_prior_to=None) - assert finder._exclude_newer_than is None + assert finder._uploaded_prior_to is None link_evaluator = finder.make_link_evaluator("test-package") - assert link_evaluator._exclude_newer_than is None + assert link_evaluator._uploaded_prior_to is None diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index 8a8c5d95bbe..1b93d4a5c00 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -366,14 +366,14 @@ def test_filter_unallowed_hashes__log_message_with_no_match( check_caplog(caplog, "DEBUG", expected_message) -class TestLinkEvaluatorExcludeNewerThan: - """Test the exclude_newer_than functionality in LinkEvaluator. +class TestLinkEvaluatorUploadedPriorTo: + """Test the uploaded_prior_to functionality in LinkEvaluator. Only effective with indexes that provide upload-time metadata. """ def make_test_link_evaluator( - self, exclude_newer_than: datetime.datetime | None = None + self, uploaded_prior_to: datetime.datetime | None = None ) -> LinkEvaluator: """Create a LinkEvaluator for testing.""" target_python = TargetPython() @@ -383,11 +383,11 @@ def make_test_link_evaluator( formats=frozenset(["source", "binary"]), target_python=target_python, allow_yanked=True, - exclude_newer_than=exclude_newer_than, + uploaded_prior_to=uploaded_prior_to, ) @pytest.mark.parametrize( - "upload_time, exclude_newer_than, expected_result", + "upload_time, uploaded_prior_to, expected_result", [ # Test case: upload time is before the cutoff (should be accepted) ( @@ -401,17 +401,21 @@ def make_test_link_evaluator( datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), ( LinkType.upload_too_late, - "Upload time 2023-08-01 12:00:00+00:00 after " + "Upload time 2023-08-01 12:00:00+00:00 not prior to " "2023-06-01 00:00:00+00:00", ), ), - # Test case: upload time equals the cutoff (should be accepted) + # Test case: upload time equals the cutoff (should be rejected) ( datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), datetime.datetime(2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc), - (LinkType.candidate, "1.0"), + ( + LinkType.upload_too_late, + "Upload time 2023-06-01 00:00:00+00:00 not prior to " + "2023-06-01 00:00:00+00:00", + ), ), - # Test case: no exclude_newer_than set (should be accepted) + # Test case: no uploaded_prior_to set (should be accepted) ( datetime.datetime(2023, 8, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), None, @@ -419,14 +423,14 @@ def make_test_link_evaluator( ), ], ) - def test_evaluate_link_exclude_newer_than( + def test_evaluate_link_uploaded_prior_to( self, upload_time: datetime.datetime, - exclude_newer_than: datetime.datetime | None, + uploaded_prior_to: datetime.datetime | None, expected_result: tuple[LinkType, str], ) -> None: """Test that links are properly filtered by upload time.""" - evaluator = self.make_test_link_evaluator(exclude_newer_than) + evaluator = self.make_test_link_evaluator(uploaded_prior_to) link = Link( "https://example.com/myproject-1.0.tar.gz", upload_time=upload_time, @@ -437,10 +441,10 @@ def test_evaluate_link_exclude_newer_than( def test_evaluate_link_no_upload_time(self) -> None: """Test that links with no upload time are not filtered.""" - exclude_newer_than = datetime.datetime( + uploaded_prior_to = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) - evaluator = self.make_test_link_evaluator(exclude_newer_than) + evaluator = self.make_test_link_evaluator(uploaded_prior_to) # Link with no upload_time should not be filtered link = Link("https://example.com/myproject-1.0.tar.gz") @@ -453,10 +457,10 @@ def test_evaluate_link_no_upload_time(self) -> None: def test_evaluate_link_timezone_handling(self) -> None: """Test that timezone-aware datetimes are handled correctly.""" # Set cutoff time in UTC - exclude_newer_than = datetime.datetime( + uploaded_prior_to = datetime.datetime( 2023, 6, 1, 12, 0, 0, tzinfo=datetime.timezone.utc ) - evaluator = self.make_test_link_evaluator(exclude_newer_than) + evaluator = self.make_test_link_evaluator(uploaded_prior_to) # Test upload time in different timezone (earlier in UTC) upload_time_est = datetime.datetime( @@ -473,7 +477,7 @@ def test_evaluate_link_timezone_handling(self) -> None: assert actual[0] == LinkType.upload_too_late @pytest.mark.parametrize( - "exclude_newer_than", + "uploaded_prior_to", [ datetime.datetime(2023, 6, 1, 12, 0, 0, tzinfo=datetime.timezone.utc), datetime.datetime( @@ -482,11 +486,11 @@ def test_evaluate_link_timezone_handling(self) -> None: ), ], ) - def test_exclude_newer_than_different_timezone_formats( - self, exclude_newer_than: datetime.datetime + def test_uploaded_prior_to_different_timezone_formats( + self, uploaded_prior_to: datetime.datetime ) -> None: - """Test that different timezone formats for exclude_newer_than work.""" - evaluator = self.make_test_link_evaluator(exclude_newer_than) + """Test that different timezone formats for uploaded_prior_to work.""" + evaluator = self.make_test_link_evaluator(uploaded_prior_to) # Create a link with upload time clearly after the cutoff upload_time = datetime.datetime( @@ -501,6 +505,44 @@ def test_exclude_newer_than_different_timezone_formats( # Should be rejected regardless of timezone format assert actual[0] == LinkType.upload_too_late + def test_uploaded_prior_to_boundary_precision(self) -> None: + """ + Test that --uploaded-prior-to 2025-01-01 excludes packages + uploaded exactly at 2025-01-01T00:00:00. + """ + # --uploaded-prior-to 2025-01-01 should be strictly less than 2025-01-01 + cutoff_date = datetime.datetime( + 2025, 1, 1, 0, 0, 0, tzinfo=datetime.timezone.utc + ) + evaluator = self.make_test_link_evaluator(uploaded_prior_to=cutoff_date) + + # Package uploaded exactly at 2025-01-01T00:00:00 should be rejected + link_at_boundary = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=cutoff_date, + ) + result_at_boundary = evaluator.evaluate_link(link_at_boundary) + assert result_at_boundary[0] == LinkType.upload_too_late + assert "not prior to" in result_at_boundary[1] + + # Package uploaded 1 second before should be accepted + before_cutoff = cutoff_date - datetime.timedelta(seconds=1) + link_before = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=before_cutoff, + ) + result_before = evaluator.evaluate_link(link_before) + assert result_before[0] == LinkType.candidate + + # Package uploaded 1 second after should be rejected + after_cutoff = cutoff_date + datetime.timedelta(seconds=1) + link_after = Link( + "https://example.com/myproject-1.0.tar.gz", + upload_time=after_cutoff, + ) + result_after = evaluator.evaluate_link(link_after) + assert result_after[0] == LinkType.upload_too_late + class TestCandidateEvaluator: @pytest.mark.parametrize( From db022eb1ffc5bf20037521a067b7f22ff356aa17 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Thu, 21 Aug 2025 09:48:14 -0400 Subject: [PATCH 21/25] Add `--uploaded-prior-to` to the user guide --- docs/html/user_guide.rst | 55 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/docs/html/user_guide.rst b/docs/html/user_guide.rst index 30c514f7e59..19f57c3b9a1 100644 --- a/docs/html/user_guide.rst +++ b/docs/html/user_guide.rst @@ -298,6 +298,61 @@ Example build constraints file (``build-constraints.txt``): cython==0.29.24 +.. _`Filtering by Upload Time`: + +Filtering by Upload Time +========================= + +The ``--uploaded-prior-to`` option allows you to filter packages by their upload time +to an index, only considering packages that were uploaded before a specified datetime. +This can be useful for creating reproducible builds by ensuring you only install +packages that were available at a known point in time. + +.. tab:: Unix/macOS + + .. code-block:: shell + + python -m pip install --uploaded-prior-to=2025-03-16T00:00:00Z SomePackage + +.. tab:: Windows + + .. code-block:: shell + + py -m pip install --uploaded-prior-to=2025-03-16T00:00:00Z SomePackage + +The option accepts ISO 8601 datetime strings in several formats: + +* ``2025-03-16`` - Date in local timezone +* ``2025-03-16 12:30:00`` - Datetime in local timezone +* ``2025-03-16T12:30:00Z`` - Datetime in UTC +* ``2025-03-16T12:30:00+05:00`` - Datetime in UTC offset + +For consistency across machines, use either UTC format (with 'Z' suffix) or UTC offset +format (with timezone offset like '+05:00'). Local timezone formats may produce different +results on different machines. + +.. note:: + + This option only works with package indexes that provide upload-time metadata + (such as PyPI). When upload-time information is not available, packages are not + filtered and installation continues normally. + +You can combine this option with other filtering mechanisms like constraints files: + +.. tab:: Unix/macOS + + .. code-block:: shell + + python -m pip install -c constraints.txt --uploaded-prior-to=2025-03-16 SomePackage + +.. tab:: Windows + + .. code-block:: shell + + py -m pip install -c constraints.txt --uploaded-prior-to=2025-03-16 SomePackage +>>>>>>> e592e95e9 (Add `--uploaded-prior-to` to the user guide) + + .. _`Dependency Groups`: From 7c7670ef533830142400550a99f02e12d79e8b38 Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Sat, 4 Oct 2025 14:32:43 -0400 Subject: [PATCH 22/25] Fix type hint error in `make_test_link_evaluator` --- tests/unit/test_index.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index 1b93d4a5c00..779864365c7 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -379,7 +379,7 @@ def make_test_link_evaluator( target_python = TargetPython() return LinkEvaluator( project_name="myproject", - canonical_name="myproject", + canonical_name=canonicalize_name("myproject"), formats=frozenset(["source", "binary"]), target_python=target_python, allow_yanked=True, From 15f06e30604bb8806214050adb082fb6f320ea9a Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Sat, 18 Oct 2025 12:04:58 -0400 Subject: [PATCH 23/25] Do not allow indexes which don't provide `upload-time` if `--uploaded-prior-to` is used --- docs/html/user_guide.rst | 13 ++- pyproject.toml | 2 +- src/pip/_internal/index/package_finder.py | 40 +++++++-- tests/functional/test_uploaded_prior_to.py | 99 ++++++++++++++++++---- tests/unit/test_index.py | 17 +++- 5 files changed, 137 insertions(+), 34 deletions(-) diff --git a/docs/html/user_guide.rst b/docs/html/user_guide.rst index 19f57c3b9a1..c6f17073959 100644 --- a/docs/html/user_guide.rst +++ b/docs/html/user_guide.rst @@ -333,9 +333,15 @@ results on different machines. .. note:: - This option only works with package indexes that provide upload-time metadata - (such as PyPI). When upload-time information is not available, packages are not - filtered and installation continues normally. + This option only applies to packages from indexes, not local files. Local + package files are allowed regardless of the ``--uploaded-prior-to`` setting. + e.g., ``pip install /path/to/package.whl`` or packages from + ``--find-links`` directories. + + This option requires package indexes that provide upload-time metadata + (such as PyPI). If the index does not provide upload-time metadata for a + package file, pip will fail immediately with an error message indicating + that upload-time metadata is required when using ``--uploaded-prior-to``. You can combine this option with other filtering mechanisms like constraints files: @@ -350,7 +356,6 @@ You can combine this option with other filtering mechanisms like constraints fil .. code-block:: shell py -m pip install -c constraints.txt --uploaded-prior-to=2025-03-16 SomePackage ->>>>>>> e592e95e9 (Add `--uploaded-prior-to` to the user guide) .. _`Dependency Groups`: diff --git a/pyproject.toml b/pyproject.toml index 79f12384bb1..b7089703802 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -268,7 +268,7 @@ max-complexity = 33 # default is 10 [tool.ruff.lint.pylint] max-args = 15 # default is 5 max-branches = 28 # default is 12 -max-returns = 14 # default is 6 +max-returns = 15 # default is 6 max-statements = 134 # default is 50 [tool.ruff.per-file-target-version] diff --git a/src/pip/_internal/index/package_finder.py b/src/pip/_internal/index/package_finder.py index 6517a4b63d7..33d80822ba2 100644 --- a/src/pip/_internal/index/package_finder.py +++ b/src/pip/_internal/index/package_finder.py @@ -25,10 +25,11 @@ from pip._internal.exceptions import ( BestVersionAlreadyInstalled, DistributionNotFound, + InstallationError, InvalidWheelFilename, UnsupportedWheel, ) -from pip._internal.index.collector import LinkCollector, parse_links +from pip._internal.index.collector import IndexContent, LinkCollector, parse_links from pip._internal.models.candidate import InstallationCandidate from pip._internal.models.format_control import FormatControl from pip._internal.models.link import Link @@ -113,6 +114,7 @@ class LinkType(enum.Enum): platform_mismatch = enum.auto() requires_python_mismatch = enum.auto() upload_too_late = enum.auto() + upload_time_missing = enum.auto() class LinkEvaluator: @@ -182,14 +184,6 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: reason = link.yanked_reason or "" return (LinkType.yanked, f"yanked for reason: {reason}") - if link.upload_time is not None and self._uploaded_prior_to is not None: - if link.upload_time >= self._uploaded_prior_to: - reason = ( - f"Upload time {link.upload_time} not " - f"prior to {self._uploaded_prior_to}" - ) - return (LinkType.upload_too_late, reason) - if link.egg_fragment: egg_info = link.egg_fragment ext = link.ext @@ -232,6 +226,30 @@ def evaluate_link(self, link: Link) -> tuple[LinkType, str]: version = wheel.version + # Check upload-time filter after verifying the link is a package file. + # Skip this check for local files, as --uploaded-prior-to only applies + # to packages from indexes. + if self._uploaded_prior_to is not None and not link.is_file: + if link.upload_time is None: + if isinstance(link.comes_from, IndexContent): + index_info = f"Index {link.comes_from.url}" + elif link.comes_from: + index_info = f"Index {link.comes_from}" + else: + index_info = "Index" + + return ( + LinkType.upload_time_missing, + f"{index_info} does not provide upload-time metadata. " + "Cannot use --uploaded-prior-to with this index.", + ) + elif link.upload_time >= self._uploaded_prior_to: + return ( + LinkType.upload_too_late, + f"Upload time {link.upload_time} not " + f"prior to {self._uploaded_prior_to}", + ) + # This should be up by the self.ok_binary check, but see issue 2700. if "source" not in self._formats and ext != WHEEL_EXTENSION: reason = f"No sources permitted for {self.project_name}" @@ -798,6 +816,10 @@ def get_install_candidate( InstallationCandidate and return it. Otherwise, return None. """ result, detail = link_evaluator.evaluate_link(link) + if result == LinkType.upload_time_missing: + # Fail immediately if the index doesn't provide upload-time + # when --uploaded-prior-to is specified + raise InstallationError(detail) if result != LinkType.candidate: self._log_skipped_link(link, result, detail) return None diff --git a/tests/functional/test_uploaded_prior_to.py b/tests/functional/test_uploaded_prior_to.py index 33053fa1712..2320976f2d2 100644 --- a/tests/functional/test_uploaded_prior_to.py +++ b/tests/functional/test_uploaded_prior_to.py @@ -5,32 +5,68 @@ import pytest from tests.lib import PipTestEnvironment, TestData +from tests.lib.server import ( + file_response, + make_mock_server, + package_page, + server_running, +) class TestUploadedPriorTo: - """Test --uploaded-prior-to functionality. - - Only effective with indexes that provide upload-time metadata. - """ + """Test --uploaded-prior-to functionality.""" def test_uploaded_prior_to_invalid_date( self, script: PipTestEnvironment, data: TestData ) -> None: - """Test that --uploaded-prior-to fails with invalid date format.""" + """Test that invalid date format is rejected.""" result = script.pip_install_local( "--uploaded-prior-to=invalid-date", "simple", expect_error=True ) - - # Should fail with date parsing error assert "invalid" in result.stderr.lower() or "error" in result.stderr.lower() + def test_uploaded_prior_to_file_index_no_upload_time( + self, script: PipTestEnvironment, data: TestData + ) -> None: + """Test that file:// indexes are exempt from upload-time filtering.""" + result = script.pip( + "install", + "--index-url", + data.index_url("simple"), + "--uploaded-prior-to=3030-01-01T00:00:00", + "simple", + expect_error=False, + ) + assert "Successfully installed simple" in result.stdout + + def test_uploaded_prior_to_http_index_no_upload_time( + self, script: PipTestEnvironment, data: TestData + ) -> None: + """Test that HTTP index without upload-time causes immediate error.""" + server = make_mock_server() + simple_package = data.packages / "simple-1.0.tar.gz" + server.mock.side_effect = [ + package_page({"simple-1.0.tar.gz": "/files/simple-1.0.tar.gz"}), + file_response(simple_package), + ] + + with server_running(server): + result = script.pip( + "install", + "--index-url", + f"http://{server.host}:{server.port}", + "--uploaded-prior-to=3030-01-01T00:00:00", + "simple", + expect_error=True, + ) + + assert "does not provide upload-time metadata" in result.stderr + assert "--uploaded-prior-to" in result.stderr or "Cannot use" in result.stderr + @pytest.mark.network def test_uploaded_prior_to_with_real_pypi(self, script: PipTestEnvironment) -> None: - """Test uploaded-prior-to functionality against real PyPI with upload times.""" - # Use a small package with known old versions for testing - # requests 2.0.0 was released in 2013 - - # Test 1: With an old cutoff date, should find no matching versions + """Test filtering against real PyPI with upload-time metadata.""" + # Test with old cutoff date - should find no matching versions result = script.pip( "install", "--dry-run", @@ -39,10 +75,9 @@ def test_uploaded_prior_to_with_real_pypi(self, script: PipTestEnvironment) -> N "requests==2.0.0", expect_error=True, ) - # Should fail because requests 2.0.0 was uploaded after 2010 - assert "No matching distribution found" in result.stderr + assert "Could not find a version that satisfies" in result.stderr - # Test 2: With a date that should find the package + # Test with future cutoff date - should find the package result = script.pip( "install", "--dry-run", @@ -55,8 +90,7 @@ def test_uploaded_prior_to_with_real_pypi(self, script: PipTestEnvironment) -> N @pytest.mark.network def test_uploaded_prior_to_date_formats(self, script: PipTestEnvironment) -> None: - """Test different date formats work with real PyPI.""" - # Test various date formats with a well known small package + """Test various date format strings are accepted.""" formats = [ "2030-01-01", "2030-01-01T00:00:00", @@ -73,5 +107,34 @@ def test_uploaded_prior_to_date_formats(self, script: PipTestEnvironment) -> Non "requests==2.0.0", expect_error=False, ) - # All dates should allow the package assert "Would install requests-2.0.0" in result.stdout + + def test_uploaded_prior_to_allows_local_files( + self, script: PipTestEnvironment, data: TestData + ) -> None: + """Test that local file installs bypass upload-time filtering.""" + simple_wheel = data.packages / "simplewheel-1.0-py2.py3-none-any.whl" + + result = script.pip( + "install", + "--no-index", + "--uploaded-prior-to=2000-01-01T00:00:00", + str(simple_wheel), + expect_error=False, + ) + assert "Successfully installed simplewheel-1.0" in result.stdout + + def test_uploaded_prior_to_allows_find_links( + self, script: PipTestEnvironment, data: TestData + ) -> None: + """Test that --find-links bypasses upload-time filtering.""" + result = script.pip( + "install", + "--no-index", + "--find-links", + data.find_links, + "--uploaded-prior-to=2000-01-01T00:00:00", + "simple==1.0", + expect_error=False, + ) + assert "Successfully installed simple-1.0" in result.stdout diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index 779864365c7..da03b45259b 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -440,13 +440,26 @@ def test_evaluate_link_uploaded_prior_to( assert actual == expected_result def test_evaluate_link_no_upload_time(self) -> None: - """Test that links with no upload time are not filtered.""" + """Test that links with no upload time cause an error when filter is set.""" uploaded_prior_to = datetime.datetime( 2023, 6, 1, 0, 0, 0, tzinfo=datetime.timezone.utc ) evaluator = self.make_test_link_evaluator(uploaded_prior_to) - # Link with no upload_time should not be filtered + # Link with no upload_time should be rejected when uploaded_prior_to is set + link = Link("https://example.com/myproject-1.0.tar.gz") + actual = evaluator.evaluate_link(link) + + # Should be rejected because index doesn't provide upload-time + assert actual[0] == LinkType.upload_time_missing + assert "Index does not provide upload-time metadata" in actual[1] + + def test_evaluate_link_no_upload_time_no_filter(self) -> None: + """Test that links with no upload time are accepted when no filter is set.""" + # No uploaded_prior_to filter set + evaluator = self.make_test_link_evaluator(uploaded_prior_to=None) + + # Link with no upload_time should be accepted when no filter is set link = Link("https://example.com/myproject-1.0.tar.gz") actual = evaluator.evaluate_link(link) From 041c8b68f7a0ef1c27be82303f03b04ae3b776fd Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Sat, 18 Oct 2025 13:36:31 -0400 Subject: [PATCH 24/25] Rename and reword news entry --- news/{13520.feature.rst => 13625.feature.rst} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename news/{13520.feature.rst => 13625.feature.rst} (88%) diff --git a/news/13520.feature.rst b/news/13625.feature.rst similarity index 88% rename from news/13520.feature.rst rename to news/13625.feature.rst index 54c272bba79..5768cff8788 100644 --- a/news/13520.feature.rst +++ b/news/13625.feature.rst @@ -1,2 +1,2 @@ Add ``--uploaded-prior-to`` option to only consider packages uploaded prior to -a given datetime when the ``upload-time`` field is available from an index. +a given datetime when the ``upload-time`` field is available from a remote index. From 716ee0d56667b541d3af3f6f7d6e464b2fa12c3b Mon Sep 17 00:00:00 2001 From: Damian Shaw Date: Sat, 18 Oct 2025 13:51:44 -0400 Subject: [PATCH 25/25] Use year 2100 in tests instead of 3030 to avoid Windows datetime limits --- tests/functional/test_uploaded_prior_to.py | 4 +-- tests/unit/test_cmdoptions.py | 32 +++++++++++++++++++++- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/tests/functional/test_uploaded_prior_to.py b/tests/functional/test_uploaded_prior_to.py index 2320976f2d2..8f25719f8fe 100644 --- a/tests/functional/test_uploaded_prior_to.py +++ b/tests/functional/test_uploaded_prior_to.py @@ -33,7 +33,7 @@ def test_uploaded_prior_to_file_index_no_upload_time( "install", "--index-url", data.index_url("simple"), - "--uploaded-prior-to=3030-01-01T00:00:00", + "--uploaded-prior-to=2100-01-01T00:00:00", "simple", expect_error=False, ) @@ -55,7 +55,7 @@ def test_uploaded_prior_to_http_index_no_upload_time( "install", "--index-url", f"http://{server.host}:{server.port}", - "--uploaded-prior-to=3030-01-01T00:00:00", + "--uploaded-prior-to=2100-01-01T00:00:00", "simple", expect_error=True, ) diff --git a/tests/unit/test_cmdoptions.py b/tests/unit/test_cmdoptions.py index 9316a603a95..228485b48d7 100644 --- a/tests/unit/test_cmdoptions.py +++ b/tests/unit/test_cmdoptions.py @@ -120,7 +120,7 @@ def test_handle_uploaded_prior_to_naive_dates( # Check that local timezone was applied (result should not be timezone-naive) assert result.tzinfo is not None - # Verify it's equivalent to creating the same datetime and applying local timezone + # Verify it's equivalent to what .astimezone() produces on a naive datetime naive_dt = datetime.datetime(*expected_date_time) expected_with_local_tz = naive_dt.astimezone() assert result == expected_with_local_tz @@ -145,3 +145,33 @@ def test_handle_uploaded_prior_to_invalid_dates(invalid_value: str) -> None: with pytest.raises(SystemExit): _handle_uploaded_prior_to(option, opt, invalid_value, parser) + + +def test_handle_uploaded_prior_to_naive() -> None: + """ + Test that a naive datetime is interpreted as local time. + """ + option = Option("--uploaded-prior-to", dest="uploaded_prior_to") + opt = "--uploaded-prior-to" + parser = OptionParser() + parser.values = Values() + + # Parse a naive datetime + naive_input = "2023-06-15T14:30:00" + _handle_uploaded_prior_to(option, opt, naive_input, parser) + result = parser.values.uploaded_prior_to + + assert result.hour == 14, ( + f"Expected hour=14 (from input), got hour={result.hour}. " + "This suggests the naive datetime was incorrectly interpreted as UTC " + "and converted to local timezone." + ) + assert result.minute == 30 + assert result.year == 2023 + assert result.month == 6 + assert result.day == 15 + + # Verify by creating the same datetime with explicit local timezone + local_tz = datetime.datetime.now().astimezone().tzinfo + expected = datetime.datetime(2023, 6, 15, 14, 30, 0, tzinfo=local_tz) + assert result == expected