Avatar for the vortex-data user
vortex-data
vortex
BlogDocsChangelog

Performance History

Latest Results

Update dependency pip to v26.1 [SECURITY] (#7805) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pip](https://redirect.github.com/pypa/pip) ([changelog](https://pip.pypa.io/en/stable/news/)) | `26.0` → `26.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pip/26.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pip/26.0/26.1?slim=true) | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/357) for more information. --- ### pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere [CVE-2026-6357](https://nvd.nist.gov/vuln/detail/CVE-2026-6357) / [GHSA-jp4c-xjxw-mgf9](https://redirect.github.com/advisories/GHSA-jp4c-xjxw-mgf9) <details> <summary>More information</summary> #### Details pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-6357](https://nvd.nist.gov/vuln/detail/CVE-2026-6357) - [https://github.com/pypa/pip/pull/13923](https://redirect.github.com/pypa/pip/pull/13923) - [https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes](https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes) - [http://www.openwall.com/lists/oss-security/2026/04/27/7](http://www.openwall.com/lists/oss-security/2026/04/27/7) - [https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad](https://redirect.github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad) - [https://github.com/advisories/GHSA-jp4c-xjxw-mgf9](https://redirect.github.com/advisories/GHSA-jp4c-xjxw-mgf9) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-jp4c-xjxw-mgf9) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>pypa/pip (pip)</summary> ### [`v26.1`](https://redirect.github.com/pypa/pip/compare/26.0.1...26.1) [Compare Source](https://redirect.github.com/pypa/pip/compare/26.0.1...26.1) ### [`v26.0.1`](https://redirect.github.com/pypa/pip/compare/26.0...26.0.1) [Compare Source](https://redirect.github.com/pypa/pip/compare/26.0...26.0.1) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vortex-data/vortex). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6WyJjaGFuZ2Vsb2cvY2hvcmUiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
develop
1 hour ago
more Signed-off-by: Robert Kruszewski <github@robertk.io>
rk/intersect-by-rank
1 hour ago
Fix table output for random access benchmark Signed-off-by: Robert Kruszewski <github@robertk.io>
rk/fixrandomaccessbench
1 hour ago
Update dependency pip to v26.1 [SECURITY]
renovate/pypi-pip-vulnerability
10 hours ago
Run vortex-mask benchmarks with codspeed (#7804) We didn't use to have benchmarks there, now we do Signed-off-by: Robert Kruszewski <github@robertk.io>
develop
10 hours ago
Run vortex-mask benchmarks with codspeed Signed-off-by: Robert Kruszewski <github@robertk.io>
rk/vortex-mask-benchmarks
10 hours ago
more Signed-off-by: Robert Kruszewski <github@robertk.io>
rk/intersect-by-rank
12 hours ago
fixes Signed-off-by: Robert Kruszewski <github@robertk.io>
ji/vtable-array-outer
12 hours ago

Latest Branches

CodSpeed Performance Gauge
×19
Improve intersect_by_rank performance#7744
18 hours ago
18f8d68
rk/intersect-by-rank
CodSpeed Performance Gauge
+17%
Fix table output for random access benchmark#7806
1 hour ago
72a0785
rk/fixrandomaccessbench
CodSpeed Performance Gauge
0%
Update dependency pip to v26.1 [SECURITY]#7805
10 hours ago
e23d2e4
renovate/pypi-pip-vulnerability
© 2026 CodSpeed Technology
Home Terms Privacy Docs