Bump pip from 25.3 to 26.0 in /requirements in the pip group across 1 directory

[dependabot]

Bumps the pip group with 1 update in the /requirements directory: pip.

Updates pip from 25.3 to 26.0

Changelog

Sourced from pip's changelog.

26.0 (2026-01-30)

Deprecations and Removals

• Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

• Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

• Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

• Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

• Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

• Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

  Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

• pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

• Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)
• Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)
• Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)
• Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)
• Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)
• Skip redundant work converting version objects to strings when using the importlib.metadata backend. ([#13660](https://github.com/pypa/pip/issues/13660) <https://github.com/pypa/pip/issues/13660>_)
• Fix pip index versions to honor only-binary/no-binary options. ([#13682](https://github.com/pypa/pip/issues/13682) <https://github.com/pypa/pip/issues/13682>_)
• Fix fallthrough logic for options, allowing overriding global options with defaults from user config. ([#13703](https://github.com/pypa/pip/issues/13703) <https://github.com/pypa/pip/issues/13703>_)
• Use a path-segment prefix comparison, not char-by-char. ([#13777](https://github.com/pypa/pip/issues/13777) <https://github.com/pypa/pip/issues/13777>_)

Vendored Libraries

... (truncated)

Commits

• 2f4d4a8 Merge pull request #13779 from notatallshaw/fix-26.0-news
• 04307a4 fix 26.0 news
• 6ec7b0a Merge pull request #13775 from notatallshaw/release/26.0
• 4104356 Bump for release
• 58be883 Update AUTHORS.txt
• 66f2dec Merge pull request #13778 from ichard26/docs/groups
• 0214103 doc: Re-expose package selection group options
• fdbe762 Install pip within docs Nox sessions
• 8e227a9 Merge pull request #13777 from sethmlarson/commonpath
• f5315ad Merge pull request #13776 from ichard26/docs/versionadded
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.76%. Comparing base (0cba798) to head (93dd08f).
⚠️ Report is 2 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12018   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         127      127           
  Lines       44655    44655           
  Branches     2367     2367           
=======================================
  Hits        44102    44102           
  Misses        393      393           
  Partials      160      160           

Flag	Coverage Δ
CI-GHA	98.62% <ø> (ø)
OS-Linux	98.35% <ø> (-0.01%)	⬇️
OS-Windows	96.71% <ø> (ø)
OS-macOS	97.58% <ø> (-0.01%)	⬇️
Py-3.10.11	97.13% <ø> (-0.01%)	⬇️
Py-3.10.19	97.62% <ø> (-0.01%)	⬇️
Py-3.11.14	97.82% <ø> (ø)
Py-3.11.9	97.35% <ø> (+<0.01%)	⬆️
Py-3.12.10	97.43% <ø> (-0.01%)	⬇️
Py-3.12.12	97.92% <ø> (ø)
Py-3.13.11	98.17% <ø> (ø)
Py-3.14.2	98.15% <ø> (ø)
Py-3.14.2t	97.23% <ø> (-0.01%)	⬇️
Py-pypy3.11.13-7.3.20	97.38% <ø> (-0.03%)	⬇️
VM-macos	97.58% <ø> (-0.01%)	⬇️
VM-ubuntu	98.35% <ø> (-0.01%)	⬇️
VM-windows	96.71% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

CodSpeed Performance Report

Merging this PR will not alter performance

_{Comparing dependabot/pip/requirements/pip-9aca4bcaf5 (93dd08f) with master (0cba798)¹}

Summary

✅ 59 untouched benchmarks

Footnotes

1. No successful run was found on master (e11872a) during the generation of this report, so 0cba798 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩