Merge pull request #12628 from ichard26/codespell

Author: uranusjr

.pre-commit-config.yaml

@@ -54,6 +54,13 @@ repos:
     types: [file]
     exclude: NEWS.rst  # The errors flagged in NEWS.rst are old.
 
+- repo: https://github.com/codespell-project/codespell
+  rev: v2.2.6
+  hooks:
+    - id: codespell
+      exclude: AUTHORS.txt|tests/data
+      args: ["--ignore-words", tools/codespell-ignore.txt]
+
 - repo: local
   hooks:
   - id: news-fragment-filenames

NEWS.rst

@@ -304,7 +304,7 @@ Improved Documentation
 
 - Cross-reference the ``--python`` flag from the ``--prefix`` flag,
   and mention limitations of ``--prefix`` regarding script installation. (`#11775 <https://github.com/pypa/pip/issues/11775>`_)
-- Add SECURITY.md to make the policy offical. (`#11809 <https://github.com/pypa/pip/issues/11809>`_)
+- Add SECURITY.md to make the policy official. (`#11809 <https://github.com/pypa/pip/issues/11809>`_)
 - Add username to Git over SSH example. (`#11838 <https://github.com/pypa/pip/issues/11838>`_)
 - Quote extras in the pip install docs to guard shells with default glob
   qualifiers, like zsh. (`#11842 <https://github.com/pypa/pip/issues/11842>`_)

docs/html/ux-research-design/research-results/improving-pips-documentation.md

@@ -36,7 +36,7 @@ We also:
 1. Asked for volunteers to participate in a diary study, documenting their experience solving pip problems. Unfortunately this was not completed due to lack of interest from the community.
 2. Asked for user feedback on the pip documentation site:
    ![screenshot of user feedback mechanism on pip docs](https://i.imgur.com/WJVjl8N.png)
-   Unfortunatly, we did not gather any useful feedback via this effort
+   Unfortunately, we did not gather any useful feedback via this effort
 3. [Installed analytics on the pip docs](https://github.com/pypa/pip/pull/9146). We are waiting for this to be merged and start providing useful data.
 
 ## Results

docs/html/ux-research-design/research-results/personas.md

@@ -180,7 +180,7 @@ Making software was as defined earlier as "are you working on something reusable
 
 > "I have written software, sometimes for business and personal reasons. At one point I worked on a django website project, that was being used by 1000s of people. I don't think any of my live projects are based.
 
-> "Most of it is for sysadmin, automation. I lke to use python instead of shell scripting. I manage a server with wordpress sites. I wrote a script to update these sites, mailman list and sql DB management, and for different utilities." **- Participant 240313542**
+> "Most of it is for sysadmin, automation. I [like] to use python instead of shell scripting. I manage a server with wordpress sites. I wrote a script to update these sites, mailman list and sql DB management, and for different utilities." **- Participant 240313542**
 
 > "I use Python for creating things - like outputs for data scientist, software engineer. I make software to look at patterns, and analyse stuff. I think I'm a maker because someone else is using - they are colleagues. Usually its non-technical colleagues. I produce outputs - make data understandable. They use the results, or a package it behind a flask app. Or analyse graphs." **- Participant 240426799**
 

docs/html/ux-research-design/research-results/pip-upgrade-conflict.md

@@ -64,5 +64,5 @@ From the 407 responses that answered "why" a particular solution was best, the f
 Based on the results of this research, the pip UX team has made the following recommendations to the development team:
 
 - While the current behaviour exists, [warn the user when conflicts are introduced](https://github.com/pypa/pip/issues/7744#issuecomment-717573440)
-- [Change the current behaviour](https://github.com/pypa/pip/issues/9094), so that pip takes into account packages that are already installed when upgrading other packages. Show the user a warning when pip anticipates a depdenency conflict (as per option 4)
+- [Change the current behaviour](https://github.com/pypa/pip/issues/9094), so that pip takes into account packages that are already installed when upgrading other packages. Show the user a warning when pip anticipates a dependency conflict (as per option 4)
 - Explore [the possibility of adding additional flags to the upgrade command](https://github.com/pypa/pip/issues/9095), to give users more control

docs/html/ux-research-design/research-results/prioritizing-features.md

@@ -85,9 +85,9 @@ Results varied by the amount of Python experience the user had.
 
 ![Screenshot of Warn about broken dependencies](https://i.imgur.com/uNv2tnG.png)
 
-#### Upgrade packages to the lastest version
+#### Upgrade packages to the latest version
 
-![Screenshot of Upgrade packages to the lastest version](https://i.imgur.com/pQgCLBO.png)
+![Screenshot of Upgrade packages to the latest version](https://i.imgur.com/pQgCLBO.png)
 
 #### Install packages from an alternative package index, or indexes
 

docs/html/ux-research-design/research-results/users-and-security.md

@@ -62,7 +62,7 @@ Participants who spent a lot of their time writing Python code - either for comm
 
 They thought about where the software would be used, who would use it, and possible attack surfaces.
 
-> "On the basic point, I have to think about attack surfaces. If I am writing the thing (software), I have to give a crap. I have to answer the emails! In the code I push to[ pypi.org](http://pypi.org/) I think about it doubley. What could people do with this code? Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. Whether I do a good job, that's different! I am aware of it when publishing it or making it publically available. I rely on community resources - Python security related, I follow security people blogs, Twitter. I use Hypothesis for fuzz-testing. I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples. There's a certain amount of knowledge in the Python community, I am actively involved in it. If something happens, I will hear about it. I use Twitter, if something happens, in the morning it can take me awhile to figure out what's happened. I have a lot of trust in the ecosystem to be self healing. As long as you don't stray too far-off the reservation (into using odd or uncommon or new packages), it's a better sense of security." **- Participant (data scientist turned Python developer)**
+> "On the basic point, I have to think about attack surfaces. If I am writing the thing (software), I have to give a crap. I have to answer the emails! In the code I push to[ pypi.org](http://pypi.org/) I think about it doubley. What could people do with this code? Whether I do a good job, that's different! I am aware of it when publishing it or making it [publicly] available. Whether I do a good job, that's different! I am aware of it when publishing it or making it [publicly] available. I rely on community resources - Python security related, I follow security people blogs, Twitter. I use Hypothesis for fuzz-testing. I also rely on having security policies in place and a reporting mechanism. I steer clear of crypto, I rely on other peoples. There's a certain amount of knowledge in the Python community, I am actively involved in it. If something happens, I will hear about it. I use Twitter, if something happens, in the morning it can take me awhile to figure out what's happened. I have a lot of trust in the ecosystem to be self healing. As long as you don't stray too far-off the reservation (into using odd or uncommon or new packages), it's a better sense of security." **- Participant (data scientist turned Python developer)**
 
 > Yes, because I'm liable for that. If the problem is my code, and I deliver something and they get attacked. I'm screwed. **- Participant (professional Python developer and trainer)**
 

news/287f037c-108f-48dd-80a0-489921a6b2f3.trivial.rst

@@ -0,0 +1 @@
+Add codespell pre-commit hook to catch common misspellings.

src/pip/_internal/cache.py

@@ -44,7 +44,7 @@ def _get_cache_path_parts(self, link: Link) -> List[str]:
         """Get parts of part that must be os.path.joined with cache_dir"""
 
         # We want to generate an url to use as our cache key, we don't want to
-        # just re-use the URL because it might have other items in the fragment
+        # just reuse the URL because it might have other items in the fragment
         # and we don't care about those.
         key_parts = {"url": link.url_without_fragment}
         if link.hash_name is not None and link.hash is not None:

src/pip/_internal/resolution/resolvelib/candidates.py

@@ -519,7 +519,7 @@ def _warn_invalid_extras(
     def _calculate_valid_requested_extras(self) -> FrozenSet[str]:
         """Get a list of valid extras requested by this candidate.
 
-        The user (or upstream dependant) may have specified extras that the
+        The user (or upstream dependent) may have specified extras that the
         candidate doesn't support. Any unsupported extras are dropped, and each
         cause a warning to be logged here.
         """