Bump pip from 21.1.2 to 21.1.3 #3069

dependabot · 2021-06-28T16:02:38Z

Bumps pip from 21.1.2 to 21.1.3.

Changelog

21.1.3 (2021-06-26)

Bug Fixes

Remove unused optional tornado import in vendored tenacity to prevent old versions of Tornado from breaking pip. ([#10020](https://github.com/pypa/pip/issues/10020) <https://github.com/pypa/pip/issues/10020>_)

Require setup.cfg-only projects to be built via PEP 517, by requiring an explicit dependency on setuptools declared in pyproject.toml. ([#10031](https://github.com/pypa/pip/issues/10031) <https://github.com/pypa/pip/issues/10031>_)

Commits

e69a8f3 Bump for release
c141edc remove support for setup.cfg only projects
363e90b Avoid importing a non-vendored version of Tornado
4cab55f Rephrase the warning printed when run as root on Unix
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pip](https://github.com/pypa/pip) from 21.1.2 to 21.1.3. - [Release notes](https://github.com/pypa/pip/releases) - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@21.1.2...21.1.3) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

inmantaci · 2021-06-28T17:03:56Z

Processing this pull request

inmantaci · 2021-06-28T17:04:06Z

Merged into branches master in daa8a61

Bumps [pip](https://github.com/pypa/pip) from 21.1.2 to 21.1.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>21.1.3 (2021-06-26)</h1> <h2>Bug Fixes</h2> <ul> <li>Remove unused optional <code>tornado</code> import in vendored <code>tenacity</code> to prevent old versions of Tornado from breaking pip. (<code>[#10020](pypa/pip#10020) <https://github.com/pypa/pip/issues/10020></code>_)</li> <li>Require <code>setup.cfg</code>-only projects to be built via PEP 517, by requiring an explicit dependency on setuptools declared in pyproject.toml. (<code>[#10031](pypa/pip#10031) <https://github.com/pypa/pip/issues/10031></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/e69a8f3987f44178dec8b9137158b4a6ed778ca3"><code>e69a8f3</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/c141edc5c90d0e3c2f40635516f151e2d02b5d95"><code>c141edc</code></a> remove support for setup.cfg only projects</li> <li><a href="https://github.com/pypa/pip/commit/363e90b62c3bfff14a4684545d54300007bb4d78"><code>363e90b</code></a> Avoid importing a non-vendored version of Tornado</li> <li><a href="https://github.com/pypa/pip/commit/4cab55f48ef2d05da40dd603910a68f81523ddd4"><code>4cab55f</code></a> Rephrase the warning printed when run as root on Unix</li> <li>See full diff in <a href="https://github.com/pypa/pip/compare/21.1.2...21.1.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.1.2&new-version=21.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

dependabot · 2021-06-28T17:04:08Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 28, 2021

inmantaci approved these changes Jun 28, 2021

View reviewed changes

Added change entry

9629b1e

inmantaci added the merge-tool-ready This ticket is ready to be merged in label Jun 28, 2021

inmantaci closed this Jun 28, 2021

dependabot bot deleted the dependabot/pip/pip-21.1.3 branch June 28, 2021 17:04

inmantaci removed the merge-tool-ready This ticket is ready to be merged in label Jun 28, 2021

inmantaci self-assigned this Jun 28, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pip from 21.1.2 to 21.1.3 #3069

Bump pip from 21.1.2 to 21.1.3 #3069

dependabot bot commented on behalf of github Jun 28, 2021

inmantaci commented Jun 28, 2021

inmantaci commented Jun 28, 2021

dependabot bot commented on behalf of github Jun 28, 2021

Bump pip from 21.1.2 to 21.1.3 #3069

Bump pip from 21.1.2 to 21.1.3 #3069

Conversation

dependabot bot commented on behalf of github Jun 28, 2021

21.1.3 (2021-06-26)

Bug Fixes

inmantaci commented Jun 28, 2021

inmantaci commented Jun 28, 2021

dependabot bot commented on behalf of github Jun 28, 2021