pip installs a version it knows is bad when asked to self upgrade.

[cjw296]

Environment

• pip version: 20.3.1
• Python version: 3.7
• OS: linux

This is on RTD.

Description

python -m pip install --upgrade --no-cache-dir pip warns about a bad release but then goes on to use it anyway:

Collecting pip
  Downloading pip-20.3.2-py2.py3-none-any.whl (1.5 MB)
WARNING: The candidate selected for download or install is a yanked version: 'pip' candidate (version 20.3.2 at https://files.pythonhosted.org/packages/3d/0c/01014c0442830eb38d6baef0932fdcb389279ce74295350ecb9fe09e048a/pip-20.3.2-py2.py3-none-any.whl#sha256=8d779b6a85770bc5f624b5c8d4d922ea2e3cd9ce6ee92aa260f12a9f072477bc (from https://pypi.org/simple/pip/) (requires-python:>=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*))
Reason for being yanked: <none given>
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 20.3.1
    Uninstalling pip-20.3.1:
      Successfully uninstalled pip-20.3.1
Successfully installed pip-20.3.2

Expected behavior

Collecting pip
  Downloading pip-20.3.2-py2.py3-none-any.whl (1.5 MB)
WARNING: The candidate would be selected for download or install is a yanked version: 'pip' candidate (version 20.3.2 at https://files.pythonhosted.org/packages/3d/0c/01014c0442830eb38d6baef0932fdcb389279ce74295350ecb9fe09e048a/pip-20.3.2-py2.py3-none-any.whl#sha256=8d779b6a85770bc5f624b5c8d4d922ea2e3cd9ce6ee92aa260f12a9f072477bc (from https://pypi.org/simple/pip/) (requires-python:>=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*))
Reason for being yanked: https://github.com/pypa/pip/issues/9284
So, sticking with pip 20.3.1.

How to Reproduce

python -m pip install --upgrade --no-cache-dir pip

Output

https://readthedocs.org/projects/testfixtures/builds/12564349/

(5th build step)

[uranusjr]

The fix to this is unfortunately a part of 20.3.2, #9226. Closing since we use the issue tracker reflects the state of master.

I’m already working on a fix that broke 20.3.2, and hopefully we could produce a 20.3.3 that contains both this and that made us yank 20.3.2.

[cjw296]

@uranusjr - please can you re-release 20.3.1 as 20.3.3 as a shorter term fix? This bug is going to be clogging up a huge amount of CI infrastructure, a lot of it provided by folk like RTD, CircleCI, Travis, etc as gestures of goodwill to the open source community...

[uranusjr]

@cjw296 Unfortunately I do not have permissions to issue releases on PyPI (the people who do are listed on the PyPI page). I have already posted a fix to the issue, and it may be easier for us to realse a “real” 20.3.3 with the fix instead.

[uranusjr]

People affected by this: Could you try

pip install --force-reinstall "pip @ https://github.com/uranusjr/pip/archive/new-resolver-do-not-eagerly-consume-in-upgrade-mode.zip"

and see if it behaves correctly?

[cjw296]

Yeah, I already pinged @pradyunsg on Twitter, not sure if the other maintainers are still active. Assuming his Twitter bio is correct, he's on London time so should hopefully be coming online soon...