pip 26.1 introduces lockfile generation via 'pip lock' for reproducible dependency management and dependency cooldowns with '--uploaded-prior-to' to avoid recently uploaded packages. The update drops Python 3.9 support and enhances security by allowing users to install older, potentially more stable package versions. These features address supply chain risks and improve development workflow reliability.
Background
pip is Python's default package installer, critical for managing dependencies in Python projects. Recent versions have focused on improving security and reproducibility amid growing supply chain concerns.
- Source
- Simon Willison
- Published
- Apr 28, 2026 at 01:23 PM
- Score
- 6.0 / 10