v2.4.0

What's Changed

Overview of new features

This release showcases new features by @pep-sanwer and @jacksmith15, as well as infrastructural improvements by @mfisher87, @mariusvniekerk, and @pep-sanwer.

New feature: Credentials for private PyPI repositories

We introduce the pip-repositories key for environment.yml which works for pip dependencies similarly to how channels works for Conda dependencies:

channels:
  - conda-forge
pip-repositories:
  - http://$PIP_USER:[email protected]/api/pypi/simple
dependencies:
  - python=3.11
  - requests=2.26
  - pip:
    - private-package==1.0.0

Credentials are substituted via environment variables.

Thanks @jacksmith15!

New feature: Parsing Python version from Poetry-style pyproject.toml files

Conda-lock now parses:

[tool.poetry.dependencies]
python = "^3.7"

Thanks @pep-sanwer!

New feature: skip-non-conda-lock flag

We introduce a new pyproject.toml flag for those who wish to manage Python project dependencies with another tool:

[tool.conda-lock]
skip-non-conda-lock = true

This causes the pyproject.toml's project dependencies to be ignored by conda-lock so that only the dependencies declared under [tool.conda-lock.dependencies] are considered.

[project]
dependencies = [
  "now-ignored-by-conda-lock"
]

[tool.conda-lock.dependencies]
still-managed-by-conda-lock = ">=1.0"

Thanks @pep-sanwer!

New features

• Parse python version for poetry's pyproject.toml, always managed by conda by @pep-sanwer in #526
• Lock only conda-lock dependencies in pyproject.toml by @pep-sanwer in #527
• Configure private pip repositories in the environment file by @jacksmith15 in #529

Infrastructure

• Remove flake8 and isort by @mfisher87 in #493
• Add netlify configuration file by @mariusvniekerk in #523
• Fix failing test test_pr_436 by @mariusvniekerk in #525
• Remove requirements-dev.txt by @mfisher87 in #504
• Speed up a test which keeps timing out by @maresb in #533
• Swap test poetry pyproject.toml sqlite constraint by @pep-sanwer in #528

Refactor

• Replace suffix_union with less general function by @jacksmith15 in #532

Full Changelog: v2.3.0...v2.4.0

v2.3.0

What's Changed

This release changes the way that old dependencies from previous lockfiles are persisted. In most cases, the new behavior of locking with conda-lock is equivalent to rm conda-lock.yml && conda-lock. This should better align with most people's expectations and reduce surprise. However, as a side-effect, dependencies may now be updated more aggressively than before. See #196 for discussion.

Bugfix

• Persist packages from original lockfile only for platforms not requested for lock by @ArieKnoester, @itsarobin and @mfisher87 in #485

New Contributors

• @ArieKnoester and @itsarobin made their first contributions in #485

Full Changelog: v2.2.1...v2.3.0

v2.2.1

What's Changed

This release is a minor improvement to reduce unexpected behavior of the conda-lock install command. Instead of relying on the filename to distinguish between lockfile formats, now we classify formats based on the file's contents. This is not expected to break existing workflows. Lockfile filenames can now be arbitrary.

Bugfix

• Detect lockfile type based on contents rather than filename by @jacksmith15 in #499
• Improve wording of confusing warnings about selector filtering by @maresb in #498

Infrastructure

• Fix ruff pre-commit by @maresb in #495

Full Changelog: v2.2.0...v2.2.1

v2.2.0

What's Changed

Major change

• add osx-arm64 as a default platform by @mariusvniekerk in #465

Bugfix

• Remove deprecated allow_mutation flag by @maresb in #480

Infra

• Don't run scheduled relock on forks by @maresb in #478
• Remove inapplicable importlib-metadata dependency by @maresb in #477
• Add Ruff to pre-commit (before isort + flake8 to test it as a possible replacement) by @mfisher87 in #490
• Update pypa/gh-action-pypi-publish action to v1.8.10 by @renovate in #482

Full Changelog: v2.1.2...v2.1.3

v2.1.2

(Note: for about 20 hours there was a mismatch between the release title (v2.2.0) and the release tag (v2.1.2). The definitive version is v2.1.2.)

What's Changed

This release fixes the warnings related to Pydantic v2, and raises the minimum Pydantic version to v1.10.

New feature

• Implement auth stripping for private PyPi packages by @jacksmith15 in #470

Bugfix

• Include "fn" in fake_conda_environment for mamba>=1.4.6 compatibility by @riccardoporreca in #453

Infrastructure

• Consolidate vendored imports into a single module by @maresb in #463
• Restrict update-lockfile workflow push trigger to main by @maresb in #466
• Relock dependencies by @github-actions in #467

Dependency updates

• Update to pydantic 2.0 by @mariusvniekerk in #459
• Drop implicit filelock dependency by @maresb in #468
• Remove deprecated pkg_resources and standardize canonicalization by @maresb in #457

New Contributors

• @jacksmith15 made their first contribution in #470

Full Changelog: v2.1.1...v2.1.2

v2.1.1

What's Changed

This is a patch release, primarily fixing a few minor bugs.

Bugfix

• Create macOS platform tags using packaging by @jjhelmus in #439
• Protect against unordered extras in pip dependencies by @AlbertDeFusco in #450
• Fix virtual package versions being detected as floats by @maresb in #451

Docs

• Update helptext to describe new default unified lock file name by @mfisher87 in #440
• add scipy2023 virtual poster by @mariusvniekerk in #458

Infra

• disable micromamba tests on windows by @mariusvniekerk in #443
• Move other regression tests to test_regression by @mariusvniekerk in #444
• Capture failed tests as actual step/job failures by @riccardoporreca in #448
• Unpin Micromamba by @maresb in #454

New Contributors

• @mfisher87 made their first contribution in #440
• @jjhelmus made their first contribution in #439

Full Changelog: v2.1.0...v2.1.1

v2.1.0

What's Changed

This is a minor release with several quality of life improvements for a few of the more gnarly packaging cases

Note that when using CUDA packages, you will now be asked to explicitly specify a CUDA version:

• warn if cuda packages are installed implicitly by @minrk in #428

New features

• Add support for git dependencies by @mjlbach and @muyajil in #435
• accept build strings in virtual package specs by @minrk in #429
• Allow the use of channels like channel::package in TOML files. by @romain-intel in #425

Bugfixes, infrastructure, etc.

• List prefixes for consideration for env var substitution by @nicoddemus in #437
• Use setup-micromamba for test workflow by @maresb in #421
• Restore Micromamba tests by @maresb in #422
• Update ibis test by @maresb in #430
• Run test_install in its own directory by @maresb in #431
• Handle nodefaults correctly in all specs by @maresb in #423
• Use conda-lock with the conda-lock project (dogfood) by @maresb in #359

New Contributors

• @nicoddemus made their first contribution in #437
• @mjlbach made their first contribution in #394 and #435
• @muyajil made their first contribution in #435

Full Changelog: v2.0.0...v2.1.0

v2.0.0

Summary

This release is primarily a large batch of bugfixes and code cleanup.

This is the first release under the Conda organization after graduating from the conda incubator.

Breaking changes:

• Dropped support for Python 3.6 and 3.7.

New features:

• Add pyproject.toml option to prevent requests on pypi.org by @yjeand in #304
• Add pyproject.toml option for default PyPI dependencies by @pep-sanwer in #362

What's Changed

• Refactor lockfile-related code by @srilman in #320
• Update and apply pre-commit, prepare for pre-commit.ci, add badge by @dbast in #327
• Enable codecov coverage reporting by @dbast in #333
• Set conda-lock team as codeowners by @dbast in #332
• Configure workflow concurrency for faster feedback and avoid double runs by @dbast in #331
• Update URLs after graduation by @jezdez in #324
• Drop support for Python 3.6 and 3.7 by @maresb in #330
• Add pyproject.toml option to prevent requests on pypi.org by @yjeand in #304
• Fix conda-lock command in docs for Docker by @maresb in #335
• Remove all references to pip_support flag by @srilman in #340
• Store config, cache, and data folders for vendored poetry under pypoetry-conda-lock by @srilman in #342
• Remove github_deploy_key_mariusvniekerk_conda_lock.enc by @ocefpaf in #344
• Fix some typos in docs by @knedlsepp in #345 and #346
• Invoke codecov only in CI by @maresb in #352
• Apply auth also for private pypi packages by @croth1 in #323
• Mention "micromamba install" in pip_deps warning by @maresb in #360
• Warn when pyproject.toml dependencies are dynamic by @maresb in #356
• Refactor source parsing related functions by @srilman in #347
• Add bottom pin for gitpython by @bollwyvl in #318
• Store lockfile-relative sources in lockfiles by @riccardoporreca in #328
• Move dependencies from requirements.txt to pyproject.toml by @maresb in #358
• Add os_name environment marker for platform-dependent pypi dependencies by @scottyhq in #295
• Parse platforms before determining dependencies by @srilman in #374
• Move test_channel.py to tests/ by @maresb in #365
• Fetch the repodata records more robustly by @maresb in #373
• Prevent PyYAML from sorting keys by @maresb in #367
• Fix allow_pypi_requests with multiple pyproject files by @yjeand in #375
• Simplify reconstruction of fetch actions by @maresb in #376
• Refactor lookup._LookupLoader by @maresb in #364
• Refactor LockSpecification as a dictionary from platforms to list of deps by @srilman in #383
• Handle Poetry optional dependency quirks by @srilman in #388
• Fix #253: package confusion between conda and pip by @romain-intel in #290
• Remove optional from dependency info in internal code by @srilman in #389
• Create a preliminary internal v2 lockfile schema but enforce v1 by @maresb in #412
• Use MatchSpec for LockedDependency creation (issue #414) by @AlbertDeFusco in #415
• Support nodefaults in environment.yml specs by @FHTMitchell in #418
• Default PyPI dependencies for pyproject.toml #334 by @pep-sanwer in #362
• Set fetch-depth=0 in checkout for publish workflow by @maresb in #419

New Contributors

• @dbast made their first contribution in #327
• @jezdez made their first contribution in #324
• @yjeand made their first contribution in #304
• @conda-bot made their first contribution in #325
• @knedlsepp made their first contribution in #346
• @croth1 made their first contribution in #323
• @pre-commit-ci made their first contribution in #349
• @riccardoporreca made their first contribution in #328
• @scottyhq made their first contribution in #295
• @AlbertDeFusco made their first contribution in #415
• @FHTMitchell made their first contribution in #418
• @pep-sanwer made their first contribution in #362

Full Changelog: v1.4.0...v2.0.0

v1.4.0

What's Changed

New features

• Expand poetry support to support poetry dependency groups #307

Improvements

• make gitpython dependency optional by @bollwyvl in #297
• Typing improvements by @maresb in #303
• Add filelock as a dependency by @mariusvniekerk in #313

Full Changelog: v1.3.0...v1.4.0

v1.3.0

What's Changed

New Features

• Add "platform_system" to the environment when solving in Pypi by @romain-intel in #289
• Support OS Preprocessing Selectors in environment.yaml Files by @srilman in #291
• Adding options to log addition additional metadata into the lockfile by @NatPRoach in #204
• Support conda/mamba install --copy by @mariusvniekerk in #267

Fixes

• Fix --auth-file flag by @simonbohnen in #271
• lowercase pip package names by @mariusvniekerk in #268
• Normalize pip version order by @mariusvniekerk in #277

Docs

• Do not use --kind=explicit by @sebastian-luna-valero in #288
• Stress that .lock extension is necessary by @klieret in #280
• Suggest how to solve PlatformValidationError by @maresb in #282
• Recommend installing with pipx or condax by @maresb in #276
• List the conda-forge platforms in README example by @maresb in #286

New Contributors

• @simonbohnen made their first contribution in #271
• @klieret made their first contribution in #280
• @NatPRoach made their first contribution in #204
• @sebastian-luna-valero made their first contribution in #288
• @romain-intel made their first contribution in #289
• @srilman made their first contribution in #291

Full Changelog: v1.2.1...v1.3.0