pip --upgrade installs yanked version (only) with new resolver

[bersbersbers]

Environment

• pip version: 20.3.1
• Python version: 3.8.6
• OS: Linux

Description
As of today:

python -m pip install pip --force installs 20.3.1, which I believe is correct.

python -m pip install pip --upgrade installs 20.3.2, which I don't understand why: 20.3.2 is yanked, and https://pypi.org/help/#yanked says:

A yanked release is a release that is always ignored by an installer, unless it is the only release that matches a version specifier (using either == or ===). See PEP 592 for more information.

But I did not use any version specifier, so why did it use that yanked version? Note that PEP 592 does not contain the word "upgrade".

Expected behavior
I think I would expect python -m pip install pip --upgrade to ignore yanked versions. Alternatively, the text at https://pypi.org/help/#yanked should be corrected.

How to Reproduce

python -m pip install pip --force  # 20.3.1
python -m pip install pip --upgrade  # 20.3.2

Output

Collecting pip
  Using cached pip-20.3.1-py2.py3-none-any.whl (1.5 MB)
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 20.3.1
    Uninstalling pip-20.3.1:
      Successfully uninstalled pip-20.3.1
Successfully installed pip-20.3.1

Requirement already satisfied: pip in ./.pyenv/versions/3.8.6/lib/python3.8/site-packages (20.3.1)
Collecting pip
  Using cached pip-20.3.2-py2.py3-none-any.whl (1.5 MB)
WARNING: The candidate selected for download or install is a yanked version: 'pip' candidate (version 20.3.2 at https://files.pythonhosted.org/packages/3d/0c/01014c0442830eb38d6baef0932fdcb389279ce74295350ecb9fe09e048a/pip-20.3.2-py2.py3-none-any.whl#sha256=8d779b6a85770bc5f624b5c8d4d922ea2e3cd9ce6ee92aa260f12a9f072477bc (from https://pypi.org/simple/pip/) (requires-python:>=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*))
Reason for being yanked: <none given>
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 20.3.1
    Uninstalling pip-20.3.1:
      Successfully uninstalled pip-20.3.1
Successfully installed pip-20.3.2

This is an issue of the new resolver - the old one does not have this issue:

pip install pip --force
pip install pip --upgrade --use-deprecated=legacy-resolver

remains at 20.3.1.

[QYQSDTC]

I have the same issue with problem 2 when update packages, not only pip, but any outdated packages, it will download all the versions of that package.

[bersbersbers]

Problem 2 is effectively #9284 and has nothing to do with yanked versions - my bad. Problem 1 remains.

[bersbersbers]

@QYQSDTC

I have the same issue with problem 2 when update packages, not only pip, but any outdated packages, it will download all the versions of that package.

Not only outdated - all packages ;) but see #9284. I removed this problem from this issue.

[uranusjr]

This is a known issue with 20.3.1. I don’t think 20.3.2 has this (#9226), and the above does not seem to demostrate the behaviour of 20.3.2 either. But 20.3.2 has other issues and can’t be used anyway, of course 🙂

[uranusjr]

I’ll close on the assumption #9226 fixes this. Feel free to reopen if 20.3.3 still has this issue.

[bersbersbers]

Correct! 20.3.2 should have been removed from my report when I removed my duplicate of #9284 - I can repro this only on 20.3.1.

[bersbersbers]

@uranusjr

Feel free to reopen if 20.3.3 still has this issue.

I will hardly know: once 20.3.3 is out, --upgrade will install that one and never try the yanked 20.3.2 since it's older ;)

[uranusjr]

Good point… Let me produce a fake pip version before 20.3.3 is out.

---

Edit:

pip install "pip @ https://github.com/uranusjr/pip/archive/20-3-1-post.zip"

This should be the same as 20.3.3, but with a version earlier than 20.3.2.

[bersbersbers]

Thank you!