v2.18.1

Bug Fixes

• Skip checking project.name if it is absent when running pdm outdated. (#3095)
• Don't remove the cross_platform strategy from old lock files. (#3105)
• Fix a bug that the VCS revision is lost if the candidate metadata is cached during resolution. (#3107)
• Fix a bug that PDM can't delete source password when saved in keyring. (#3108)

v2.18.0

Features & Improvements

• Respect certificates in env vars REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE when verifying SSL certificates. (#3076)
• Allow pypi.verify_ssl to be configured via PDM_PYPI_VERIFY_SSL environmental variable. (#3081)
• Clean logs older than 7 days. (#3091)
• Polish the UI looking of locking packages to display the progress. (#3100)

Bug Fixes

• Fixed pdm venv activate to remove quotes such that iex (pdm venv activate) works correctly (#2895)
• Don't crash if the version can't be resolved from the self project. (#3077)
• Don't fail install-pdm.py if there is an invalid pyproject.toml file under the current directory. (#3085)
• Make it able to expand env vars in the the dotenv file. Expose PDM_PROJECT_ROOT to the dotenv file for expansion. (#3087)
• Fix a bug that Python markers from the existing locked packages are considered when locking with --append option. (#3089)
• Backfill urls from configured indexed when exporting to requirements.txt. (#3094)
• Consider the auto-selected Python range when installing from requirements.txt. (#3095)
• Fix a bug that env vars do not override project config correctly. (#3099)

v2.17.3

Bug Fixes

• Fix a crash issue when requires-python is absent in the project metadata. (#3062)
• Now correctly sets related config for PDM_IGNORE_SAVED_PYTHON when it is set to "false", "no", "0". (#3064)
• Fix a bug that PDM plugins installed from project-root cannot be loaded, if they have dependencies. (#3067)

v2.17.2

Features & Improvements

• Improve the installation progress output to show the time elapsed. (#3051)
• The effect of pypi.ignore_stored_index changes a bit. Now even if it is true, index configurations in the config will still be loaded if the index is listed in the pyproject.toml. (#3052)

Bug Fixes

• Ignore invalid requires-python values from index. (#3038)
• Fix the group selection logic, to make --without GROUP work as expected. (#3045)
• Suppress outputs for pdm python install --quiet. (#3049)

v2.17.1

Bug Fixes

• Raise dep-logic lower bound to 0.4.2 to fix issues with pdm lock after upgrading from older pdm versions (#3033)
• Correct the current platform and architecture for win32 and macos systems. (#3035)

Miscellany

• Fix zsh completions (#3031)

v2.17.0

Breaking Changes

• LockedRepository.all_candidates now returns a dict[str, list[Candidate]] instead of dict[str, Candidate]. (#2995)
• post_lock hook now receives a resolution result of type dict[str, list[Candidate]], instead of dict[str, Candidate]. (#2995)

Features & Improvements

• Support reading requirement constraints from pip-style requirement files for "overriding" via --override option. (#2896)

• Add a --non-interactive option for automation scenarios, also interactive prompts will not show up when not running in an interactive terminal. (#2934)

• Add --license and --project-version as CLI options to control and streamline them during pdm init - especially in automated scenarios with --non-interactive (#2978)

• Run pdm sync in "post-rewrite" stage of pre-commit (#2994)

• Project.get_dependencies() now returns a list of Requirement instead of a mapping.
  The first argument of Project.add_dependencies() now accepts a list of Requirement instead of a mapping.
  The old usage will be kept working for a short period of time and will be removed in the future. (#2995)

• Support locking for specific target, which is a combination of (python, platform, implementation) triple. Bump lock file version to 4.5.0.

  Example usage: pdm lock --platform=linux --python="==3.8.*" --implementation=cpython. See the docs for more details. (#2995)

• Rename --reuse-env to --recreate for run command, and reverse the behavior. (#2999)

• PDM is now published with optional pinned dependencies using the pdm plugin pdm-build-locked.

  To install pdm with its dependencies pinned to the versions it was tested with, run:

      pipx install pdm[locked]

  To install optional dependency group copier:

      pipx install pdm[locked,copier-locked]

  This feature is entirely optional. Installing pdm without the extra will work the same way as before this change. (#3001)

• Added --clean-unselected alias for --only-keep (#3007)

• Group options for update strategy and save strategy. (#3016)

Bug Fixes

• When locking dependencies that references the self project, the referenced groups should also be recorded in the lockfile. (#2976)
• Retry failed installation jobs if they are run sequentially, such as for editable dependencies. (#3005)
• Fix the local path issue when -p is passed to change the project root. (#3009)
• Fix a bug that PDM can't install editable self package with non-isolated build in one go. (#3018)
• Add context when parsing version failed. (#3020)
• Fix a mistake in build env setup that will cause the PATH env var length to grow. (#3022)

Removals and Deprecations

• Remove the deprecation warning of BaseCommand.__init__() method. Now it doesn't take any arguments. (#2995)
• Provider.get_reuse_candidate() method is deprecated in favor of Provider.iter_reuse_candidates(), to return an iterable of reuse candidates. (#2995)
• --no-markers option in pdm export command becomes a no-op and is marked as deprecated, because it doesn't make sense anymore. (#2995)
• ignore_compatibility parameter of Project.get_provider()/Project.get_repository()/Environment.get_finder() is deprecated. Pass in a EnvSpec via env_spec parameter instead.
  requires_python parameter of pdm.resolver.core.resolve() function is deprecated and has no effect.
  cross_platform parameter of pdm.cli.actions.resolve_candidates_from_lockfile() function is deprecated and has no effect. (#2995)

v2.16.1

Bug Fixes

• Fix new interface from pbs_installer regarding build_dir and best match auto-install strategy for pdm use
  (same as for pdm python install --list) (#2943)
• Fix crash when pdm is used with importlib-metadata version 8.0. (#2974)

v2.16.0

Features & Improvements

• Add --no-extras to pdm export to strip extras from the requirements. Now the default behavior is to keep extras. (#2519)
• Support PEP 723: running scripts with inline metadata in standalone environment with dependencies. (#2924)
• pdm use and pdm python install now take requires-python into account (incl. from pyproject.toml) if python version
  not specified and pdm use provides auto installation by that. (#2943)
• --no-isolation no longer installs build-requires nor dynamic build dependencies, to be consistent with pip. (#2944)
• Add notifiers in CLI output when global project is being used. (#2952)
• Use tool.pdm.resolution table when calculating the content hash of project file, previously only overrides table was used.
  This will change the hash already stored in the lockfile, so bump the lockfile version to 4.4.2. (#2956)

Bug Fixes

• Add max retries on read timeout or bad connection. (#2914)
• Don't update local files if they don't change. (#2966)
• Don't list python versions that don't have any installation link for the current platform. (#2970)

Documentation

• Clarify the purposes of pdm outdated and --unconstrained option. (#2965)
• Some clarifications on the interpreter selection and central package cache. (#2967)

v2.15.4

Bug Fixes

• Build wheel from sdist if available, to make sure sdist is built properly. This behavior is consistent with pypa/build. (#2843)
• Fix the issue of self-referencing extra dependencies failing to be resolved for local packages. (#2898)
• Fix an issue of max recursion depth error when parsing a poetry project with circular dependencies on local packages. (#2900)
• Fix a bug that VCS dependencies and --self don't work in the exported requirements.txt with hashes. (#2908)
• Fix a cache miss when there exist built wheels for a given link. (#2912)
• Don't try to store caches when --no-cache is given. (#2913)

v2.15.3

Bug Fixes

• Fixed pdm venv activate, to also work for windows. And added documentation on how to authenticate to Azure Artifacts (#2851)
• Don't show unsupported formats in pdm export. (#2877)
• Proxy (HTTP_PROXY env vars) settings are ignored for custom indexes. (#2880)
• Fix the quoting of venv activate command for powershell. (#2881)
• Raise an error if the package given by pdm update does not exist in the select dependency group but in other groups. (#2885)