Pip 26.1 introduces lockfile support via `pip lock` command for reproducible dependency snapshots, and dependency cooldowns using `--uploaded-prior-to` (ISO duration format like P4D) to enforce minimum package age. Python 3.9 support is dropped.
Products
What's new in pip 26.1 - lockfiles and dependency cooldowns!
Pip 26.1 introduces reproducible lockfiles and security-focused dependency cooldowns (`--uploaded-prior-to`) to enforce minimum package age in Python builds.
Tuesday, April 28, 2026 12:00 PM UTC2 MIN READSOURCE: Simon WillisonBY sys://pipeline
Tags
products