From 2297eb4c04afe6e04b1df0121f7885907ad0b01d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 10:00:56 +0200
Subject: [PATCH] chore(deps): Bump pip from 24.1.2 to 24.2 (#1950)

Bumps [pip](https://github.com/pypa/pip) from 24.1.2 to 24.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>24.2 (2024-07-28)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>pip install --editable</code> falling back to
<code>setup.py develop</code>
when using a setuptools version that does not support
:pep:<code>660</code>
(setuptools v63 and older).
(<code>[#11457](https://github.com/pypa/pip/issues/11457)
&lt;https://github.com/pypa/pip/issues/11457&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Check unsupported packages for the current platform.
(<code>[#11054](https://github.com/pypa/pip/issues/11054)
&lt;https://github.com/pypa/pip/issues/11054&gt;</code>_)</p>
</li>
<li>
<p>Use system certificates <em>and</em> certifi certificates to verify
HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.</p>
<p>To revert to previous behaviour, pass the flag
<code>--use-deprecated=legacy-certs</code>.
(<code>[#11647](https://github.com/pypa/pip/issues/11647)
&lt;https://github.com/pypa/pip/issues/11647&gt;</code>_)</p>
</li>
<li>
<p>Improve discovery performance of installed packages when the
<code>importlib.metadata</code>
backend is used to load distribution metadata (used by default under
Python 3.11+). (<code>[#12656](https://github.com/pypa/pip/issues/12656)
&lt;https://github.com/pypa/pip/issues/12656&gt;</code>_)</p>
</li>
<li>
<p>Improve performance when the same requirement string appears many
times during
resolution, by consistently caching the parsed requirement string.
(<code>[#12663](https://github.com/pypa/pip/issues/12663)
&lt;https://github.com/pypa/pip/issues/12663&gt;</code>_)</p>
</li>
<li>
<p>Minor performance improvement of finding applicable package
candidates by not
repeatedly calculating their versions
(<code>[#12664](https://github.com/pypa/pip/issues/12664)
&lt;https://github.com/pypa/pip/issues/12664&gt;</code>_)</p>
</li>
<li>
<p>Disable pip's self version check when invoking a pip subprocess to
install
PEP 517 build requirements.
(<code>[#12683](https://github.com/pypa/pip/issues/12683)
&lt;https://github.com/pypa/pip/issues/12683&gt;</code>_)</p>
</li>
<li>
<p>Improve dependency resolution performance by caching platform
compatibility
tags during wheel cache lookup.
(<code>[#12712](https://github.com/pypa/pip/issues/12712)
&lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p>
</li>
<li>
<p><code>wheel</code> is no longer explicitly listed as a build
dependency of <code>pip</code>.
<code>setuptools</code> injects this dependency in the
<code>get_requires_for_build_wheel()</code>
hook and no longer needs it on newer versions.
(<code>[#12728](https://github.com/pypa/pip/issues/12728)
&lt;https://github.com/pypa/pip/issues/12728&gt;</code>_)</p>
</li>
<li>
<p>Ignore <code>--require-virtualenv</code> for <code>pip check</code>
and <code>pip freeze</code>
(<code>[#12842](https://github.com/pypa/pip/issues/12842)
&lt;https://github.com/pypa/pip/issues/12842&gt;</code>_)</p>
</li>
<li>
<p>Improve package download and install performance.</p>
<p>Increase chunk sizes when downloading (256 kB, up from 10 kB) and
reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar.
(<code>[#12810](https://github.com/pypa/pip/issues/12810)
&lt;https://github.com/pypa/pip/issues/12810&gt;</code>_)</p>
</li>
<li>
<p>Improve pip install performance.</p>
<p>Files are now extracted in 1MB blocks, or in one block matching the
file size for
smaller files. A decompressor is no longer instantiated when extracting
0 bytes files,
it is not necessary because there is no data to decompress.
(<code>[#12803](https://github.com/pypa/pip/issues/12803)
&lt;https://github.com/pypa/pip/issues/12803&gt;</code>_)</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Set <code>no_color</code> to global <code>rich.Console</code>
instance. (<code>[#11045](https://github.com/pypa/pip/issues/11045)
&lt;https://github.com/pypa/pip/issues/11045&gt;</code>_)</li>
<li>Fix resolution to respect <code>--python-version</code> when
checking <code>Requires-Python</code>.
(<code>[#12216](https://github.com/pypa/pip/issues/12216)
&lt;https://github.com/pypa/pip/issues/12216&gt;</code>_)</li>
<li>Perform hash comparisons in a case-insensitive manner.
(<code>[#12680](https://github.com/pypa/pip/issues/12680)
&lt;https://github.com/pypa/pip/issues/12680&gt;</code>_)</li>
<li>Avoid <code>dlopen</code> failure for glibc detection in musl builds
(<code>[#12716](https://github.com/pypa/pip/issues/12716)
&lt;https://github.com/pypa/pip/issues/12716&gt;</code>_)</li>
<li>Avoid keyring logging crashes when pip is run in verbose mode.
(<code>[#12751](https://github.com/pypa/pip/issues/12751)
&lt;https://github.com/pypa/pip/issues/12751&gt;</code>_)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="/pypa/pip/commit/97146c7f4cd85551f3dc261830a57f304e43c181"><code>97146c7</code></a>
Bump for release</li>
<li><a
href="/pypa/pip/commit/ef81b2eafd390fb56f62930dcd74f6e4580093e0"><code>ef81b2e</code></a>
Update AUTHORS.txt</li>
<li><a
href="/pypa/pip/commit/350a0570a88b6c0d13c68f81ac08dc64f954cadf"><code>350a057</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/pypa/pip/issues/12876">#12876</a>)</li>
<li><a
href="/pypa/pip/commit/184390f4f2cde0316801eb701f49dda4f7a9a6ac"><code>184390f</code></a>
Update dependabot.yml to bump group updates (<a
href="https://redirect.github.com/pypa/pip/issues/12572">#12572</a>)</li>
<li><a
href="/pypa/pip/commit/48917f1c0375496058d677f652a90de6bee4dc8c"><code>48917f1</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12875">#12875</a> from
hellozee/fix-unit-test</li>
<li><a
href="/pypa/pip/commit/dd85c28464dbfc9b3a53c885a41c209e4700ad2d"><code>dd85c28</code></a>
Fix invalid origin test to check all the logged messages</li>
<li><a
href="/pypa/pip/commit/203780b5d167c4d01c55df7adc91d5ad1a0563aa"><code>203780b</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/12865">#12865</a> from
pradyunsg/better-exception-handling-around-sel...</li>
<li><a
href="/pypa/pip/commit/e50314134886d5eb5b650b3ce95abaafcb6dce10"><code>e503141</code></a>
Properly mock <code>_self_version_check_logic</code></li>
<li><a
href="/pypa/pip/commit/3518d3293445ad43eedba116b6182185c03abda3"><code>3518d32</code></a>
Rework how <code>--debug</code> is handled in <code>main</code></li>
<li><a
href="/pypa/pip/commit/be21d82e4362c00aab451ef1cf212d9a62f8e58e"><code>be21d82</code></a>
Move exception suppression to cover more of self-version-check
logic</li>
<li>Additional commits viewable in <a
href="/pypa/pip/compare/24.1.2...24.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=24.1.2&new-version=24.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 3dde2de0..866e6169 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,7 +26,7 @@ msgpack==1.0.8 ; python_version == "3.8"
 nox==2024.4.15 ; python_version == "3.8"
 packaging==24.1 ; python_version == "3.8"
 pexpect==4.9.0 ; python_version == "3.8"
-pip==24.1.2 ; python_version == "3.8"
+pip==24.2 ; python_version == "3.8"
 pipx==1.6.0 ; python_version == "3.8"
 pkginfo==1.11.1 ; python_version == "3.8"
 platformdirs==4.2.2 ; python_version == "3.8"