Bump pex from 2.1.105 to 2.1.127

[dependabot]

Bumps pex from 2.1.105 to 2.1.127.

Release notes

Sourced from pex's releases.

pex 2.1.127

---

2.1.127

This release fixes --lock resolve sub-setting for local project requirements.

• Fix lock subsetting for local projects. (#2085)

pex 2.1.126

---

2.1.126

This release fixes a long standing (> 4 years old!) concurrency bug when building the same sdist for the 1st time and racing another Pex process doing the same sdist build.

• Guard against racing sdist builds. (#2080)

pex 2.1.125

---

2.1.125

This release makes --platform and --complete-platform resolves and locks as permissive as possible. If such a resolve or lock only has an sdist available for a certain project, that sdist will now be used if it builds to a wheel compatible with the specified foreign platform(s).

• Attempt "cross-builds" of sdists for foreign platforms. (#2075)

pex 2.1.124

---

2.1.124

This release adds support for specifying --non-hermetic-venv-scripts when building a --venv PEX. This can be useful when integrating with frameworks that do setup via PYTHONPATH manipulation.

Support for Pip 23.0.1 and setuptools 67.4.0 is added via --pip-version 23.0.1.

Additionally, more work towards hardening Pex against rare concurrency issues in its atomic directory handling is included.

• Introduce --non-hermetic-venv-scripts. (#2068)
• Wrap inter-process locks in in-process locks. (#2070)

... (truncated)

Changelog

Sourced from pex's changelog.

2.1.127

This release fixes --lock resolve sub-setting for local project requirements.

• Fix lock subsetting for local projects. (#2085) PR [#2085](https://github.com/pantsbuild/pex/issues/2085) <https://github.com/pantsbuild/pex/pull/2085>_

2.1.126

This release fixes a long standing (> 4 years old!) concurrency bug when building the same sdist for the 1st time and racing another Pex process doing the same sdist build.

• Guard against racing sdist builds. (#2080) PR [#2080](https://github.com/pantsbuild/pex/issues/2080) <https://github.com/pantsbuild/pex/pull/2080>_

2.1.125

This release makes --platform and --complete-platform resolves and locks as permissive as possible. If such a resolve or lock only has an sdist available for a certain project, that sdist will now be used if it builds to a wheel compatible with the specified foreign platform(s).

• Attempt "cross-builds" of sdists for foreign platforms. (#2075) PR [#2075](https://github.com/pantsbuild/pex/issues/2075) <https://github.com/pantsbuild/pex/pull/2075>_

2.1.124

This release adds support for specifying --non-hermetic-venv-scripts when building a --venv PEX. This can be useful when integrating with frameworks that do setup via PYTHONPATH manipulation.

Support for Pip 23.0.1 and setuptools 67.4.0 is added via --pip-version 23.0.1.

Additionally, more work towards hardening Pex against rare concurrency issues in its atomic directory handling is included.

• Introduce --non-hermetic-venv-scripts. (#2068) PR [#2068](https://github.com/pantsbuild/pex/issues/2068) <https://github.com/pantsbuild/pex/pull/2068>_

• Wrap inter-process locks in in-process locks. (#2070) PR [#2070](https://github.com/pantsbuild/pex/issues/2070) <https://github.com/pantsbuild/pex/pull/2070>_

• Add support for Pip 23.0.1. (#2072)

... (truncated)

Commits

• 9b85bff Prepare the 2.1.127 release. (#2086)
• 32a0789 Fix lock subsetting for local projects. (#2085)
• f0c162d Prepare the 2.1.126 release. (#2081)
• 69cf3af Guard against racing sdist builds. (#2080)
• a66005f Prepare the 2.1.125 release. (#2076)
• 0dbac1e Attempt "cross-builds" of sdists for foreign platforms. (#2075)
• aa10bf1 Prepare the 2.1.124 release. (#2071)
• f52f2e4 Add support for Pip 23.0.1. (#2072)
• f0eea60 Wrap inter-process locks in in-process locks. (#2070)
• 9c972c2 Introduce --non-hermetic-venv-scripts. (#2068)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #267 (2322d72) into main (0c43ff5) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #267   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            6         6           
  Lines          472       472           
  Branches        90        90           
=========================================
  Hits           472       472           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.