From d126590b938827bd82c4801255dd9629ba1a7c83 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Oct 2022 20:27:31 +0200
Subject: [PATCH] Bump pip from 22.2.2 to 22.3 (PR #5000)

Bumps [pip](https://github.com/pypa/pip) from 22.2.2 to 22.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the deprecated <code>install</code>
command of <code>setuptools</code>. (<code>[#11358](https://github.com/pypa/pip/issues/11358) &lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is enabled for
source distributions without 'pyproject.toml'. (<code>[#11452](https://github.com/pypa/pip/issues/11452) &lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache. (<code>[#11454](https://github.com/pypa/pip/issues/11454) &lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This was supposed to be removed in 21.0, but missed during that release cycle. (<code>[#11493](https://github.com/pypa/pip/issues/11493) &lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel' package is absent for
source distributions without 'pyproject.toml'. (<code>[#8559](https://github.com/pypa/pip/issues/8559) &lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in combination with <code>--format=freeze</code>. (<code>[#9789](https://github.com/pypa/pip/issues/9789) &lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip config edit</code>. (<code>[#10716](https://github.com/pypa/pip/issues/10716) &lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from :pep:<code>658</code> to resolve distribution metadata without downloading the dist yet. (<code>[#11111](https://github.com/pypa/pip/issues/11111) &lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp. (<code>[#11250](https://github.com/pypa/pip/issues/11250) &lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python environments other
than the one pip is installed in. (<code>[#11320](https://github.com/pypa/pip/issues/11320) &lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip. (<code>[#11459](https://github.com/pypa/pip/issues/11459) &lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a Bazaar tree. (<code>[#5444](https://github.com/pypa/pip/issues/5444) &lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or <code>--extra-index-url</code> is specified
inside a requirements file. (<code>[#11276](https://github.com/pypa/pip/issues/11276) &lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when checking for a new version of pip. (<code>[#11309](https://github.com/pypa/pip/issues/11309) &lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata instead of crashing, when
using the <code>importlib.metadata</code> backend. (<code>[#11352](https://github.com/pypa/pip/issues/11352) &lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements options that can't be sucessfully parsed by shlex. (<code>[#11491](https://github.com/pypa/pip/issues/11491) &lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons. (<code>[#6264](https://github.com/pypa/pip/issues/6264) &lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2022.9.24</li>
<li>Upgrade distlib to 0.3.6</li>
<li>Upgrade idna to 3.4</li>
<li>Upgrade pep517 to 0.13.0</li>
<li>Upgrade pygments to 2.13.0</li>
<li>Upgrade tenacity to 8.1.0</li>
<li>Upgrade typing_extensions to 4.4.0</li>
<li>Upgrade urllib3 to 1.26.12</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a> from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a> from pradyunsg/certifi-update</li>
<li><a href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a> Unnormalise the certifi version</li>
<li><a href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a> from pradyunsg/check-manifest</li>
<li><a href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a> Move check-manifest to a CI check</li>
<li><a href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a> Upgrade certifi to 2022.9.24</li>
<li><a href="https://github.com/pypa/pip/commit/2a0552ac61ee26df04e08e21943a1e36aa880db1"><code>2a0552a</code></a> Replace complex certifi patch with a more targetted requests patch</li>
<li><a href="https://github.com/pypa/pip/commit/eb906997da97bbbd1f74127297d7ce9a54a6a2a0"><code>eb90699</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11502">#11502</a> from pradyunsg/vendoring-updates</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.2.2...22.3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.2.2&new-version=22.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
---
 changelogs/unreleased/5000-dependabot.yml | 5 +++++
 requirements.txt                          | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/5000-dependabot.yml

diff --git a/changelogs/unreleased/5000-dependabot.yml b/changelogs/unreleased/5000-dependabot.yml
new file mode 100644
index 0000000000..331e486f1c
--- /dev/null
+++ b/changelogs/unreleased/5000-dependabot.yml
@@ -0,0 +1,5 @@
+change-type: patch
+description: Bump pip from 22.2.2 to 22.3
+destination-branches:
+- iso5
+sections: {}
diff --git a/requirements.txt b/requirements.txt
index f1a0994336..dec8eccbb5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ jinja2==3.1.2
 more-itertools==8.14.0
 netifaces==0.11.0
 packaging==21.3
-pip==22.2.2
+pip==22.3
 ply==3.11
 pydantic==1.10.2
 pyformance==0.4