Bump pip from 24.0 to 24.3.1

[dependabot]

Bumps pip from 24.0 to 24.3.1.

Changelog

Sourced from pip's changelog.

24.3.1 (2024-10-27)

Bug Fixes

• Allow multiple nested inclusions of the same requirements file again. ([#13046](https://github.com/pypa/pip/issues/13046) <https://github.com/pypa/pip/issues/13046>_)

24.3 (2024-10-27)

Deprecations and Removals

• Deprecate wheel filenames that are not compliant with :pep:440. ([#12918](https://github.com/pypa/pip/issues/12918) <https://github.com/pypa/pip/issues/12918>_)

Features

• Detect recursively referencing requirements files and help users identify the source. ([#12653](https://github.com/pypa/pip/issues/12653) <https://github.com/pypa/pip/issues/12653>_)
• Support for :pep:730 iOS wheels. ([#12961](https://github.com/pypa/pip/issues/12961) <https://github.com/pypa/pip/issues/12961>_)

Bug Fixes

• Display a better error message when an already installed package has an invalid requirement. ([#12953](https://github.com/pypa/pip/issues/12953) <https://github.com/pypa/pip/issues/12953>_)
• Ignore PIP_TARGET and pip.conf global.target when preparing a build environment. ([#8438](https://github.com/pypa/pip/issues/8438) <https://github.com/pypa/pip/issues/8438>_)
• Restore support for macOS 10.12 and older (via truststore). ([#12901](https://github.com/pypa/pip/issues/12901) <https://github.com/pypa/pip/issues/12901>_)
• Allow installing pip in editable mode in a virtual environment on Windows. ([#12666](https://github.com/pypa/pip/issues/12666) <https://github.com/pypa/pip/issues/12666>_)

Vendored Libraries

• Upgrade certifi to 2024.8.30
• Upgrade distlib to 0.3.9
• Upgrade truststore to 0.10.0
• Upgrade urllib3 to 1.26.20

24.2 (2024-07-28)

Deprecations and Removals

• Deprecate pip install --editable falling back to setup.py develop when using a setuptools version that does not support :pep:660 (setuptools v63 and older). ([#11457](https://github.com/pypa/pip/issues/11457) <https://github.com/pypa/pip/issues/11457>_)

Features

... (truncated)

Commits

• 05293b6 Bump for release
• 6a5db8b Merge pull request #13047 from sbidoul/fix-13046
• 7be54ce Don't fail when the same req file is included more than once
• 4f6aeb1 Merge pull request #13044 from sbidoul/release/24.3
• e1b1d51 Bump for development
• cdba22f Bump for release
• 27f8374 Update AUTHORS.txt
• c79d019 Merge pull request #13033 from sbidoul/vendoring-24.3-sbi
• 3ca8921 Merge pull request #13041 from sethmlarson/truststore-0.10.0
• 0cc7375 Upgrade vendored truststore to 0.10.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[edmorley]

@dependabot recreate

[edmorley]

Note: As of pip 24.1+, packages with invalid metadata are now rejected:
https://pip.pypa.io/en/stable/news/#b1-2024-05-06
pypa/pip#12063

This follows on from the deprecation warning that pip has been showing since pip 23.2 (released July 2023):
pypa/pip#11945

If you see pip output mentioning ignoring dependencies due to invalid metadata you will need to upgrade to newer versions of those dependencies.

For example, when using Celery versions 5.2.0 and older it is expected that the build will now fail with:

-----> Installing dependencies using 'pip install -r requirements.txt'
       Collecting typing-extensions==4.12.2 (from -r requirements.txt (line 5))
         Downloading typing_extensions-4.12.2-py3-none-any.whl.metadata (3.0 kB)
       Collecting celery==5.2.0 (from -r requirements.txt (line 6))
         Downloading celery-5.2.0-py3-none-any.whl.metadata (20 kB)
       WARNING: Ignoring version 5.2.0 of celery since it has invalid metadata:
       Requested celery==5.2.0 from https://files.pythonhosted.org/packages/76/f3/1299844327e0da1a89dfeffc0ee72dee80ed029df60c1634be708e7115fb/celery-5.2.0-py3-none-any.whl (from -r requirements.txt (line 6)) has invalid metadata: Expected matching RIGHT_PARENTHESIS for LEFT_PARENTHESIS, after version specifier
           pytz (>dev)
                ~^
       Please use pip<24.1 if you need to use this version.
       ERROR: Ignored the following yanked versions: 5.0.6, 5.2.5
       ERROR: Could not find a version that satisfies the requirement celery==5.2.0 (from versions: 0.1.2, 0.1.4, 0.1.6, 0.1.7, 0.1.8, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.2.0, 0.3.0, 0.3.7, 0.3.20, 0.4.0, 0.4.1, 0.6.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.5, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.1.21, 3.1.22, 3.1.23, 3.1.24, 3.1.25, 3.1.26.post1, 3.1.26.post2, 4.0.0rc3, 4.0.0rc4, 4.0.0rc5, 4.0.0rc6, 4.0.0rc7, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0rc1, 4.2.0rc2, 4.2.0rc3, 4.2.0rc4, 4.2.0, 4.2.1, 4.2.2, 4.3.0rc1, 4.3.0rc2, 4.3.0rc3, 4.3.0, 4.3.1, 4.4.0rc1, 4.4.0rc2, 4.4.0rc3, 4.4.0rc4, 4.4.0rc5, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 5.0.0a1, 5.0.0a2, 5.0.0b1, 5.0.0rc1, 5.0.0rc2, 5.0.0rc3, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0b1, 5.1.0b2, 5.1.0rc1, 5.1.0, 5.1.1, 5.1.2, 5.2.0b1, 5.2.0b2, 5.2.0b3, 5.2.0rc1, 5.2.0rc2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.6, 5.2.7, 5.3.0a1, 5.3.0b1, 5.3.0b2, 5.3.0rc1, 5.3.0rc2, 5.3.0, 5.3.1, 5.3.4, 5.3.5, 5.3.6, 5.4.0rc1, 5.4.0rc2, 5.4.0, 5.5.0b1, 5.5.0b2, 5.5.0b3, 5.5.0b4, 5.5.0rc1, 5.5.0rc2, 5.5.0rc3)
       ERROR: No matching distribution found for celery==5.2.0

 !     Error: Unable to install dependencies using pip.
 !     
 !     See the log output above for more information.

Previously (both on Heroku and in your local development environments/CI), pip will have been displaying this deprecation warning:

DEPRECATION: celery 5.2.0 has a non-standard dependency specifier pytz>dev. pip 24.1 will enforce
this behaviour change. A possible replacement is to upgrade to a newer version of celery or contact
the author to suggest that they release a version with a conforming dependency specifiers.
Discussion can be found at https://github.com/pypa/pip/issues/12063

If you use celery, you must upgrade to v5.2.1 (released in 2021) or newer, to pick up this upstream fix:
celery/celery#7074

If you are upgrading from Celery 4.x to 5.x, you will need to follow the upgrading steps here:
https://docs.celeryq.dev/en/stable/history/whatsnew-5.0.html#upgrading-from-celery-4-x

And as always, we recommend keeping your dependencies up to date in general - eg by setting up Dependabot:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates

[edmorley]

https://devcenter.heroku.com/changelog-items/3073