Bump pip from 19.1.1 to 19.2.1

[dependabot-preview]

Bumps pip from 19.1.1 to 19.2.1.

Changelog

Sourced from pip's changelog.

19.2.1 (2019-07-23)

Bug Fixes

• Fix a NoneType AttributeError when evaluating hashes and no hashes are provided. (#6772)

19.2 (2019-07-22)

Deprecations and Removals

• Drop support for EOL Python 3.4. (#6685)
• Improve deprecation messages to include the version in which the functionality will be removed. (#6549)

Features

• Credentials will now be loaded using keyring when installed. (#5948)
• Fully support using --trusted-host inside requirements files. (#3799)
• Update timestamps in pip's --log file to include milliseconds. (#6587)
• Respect whether a file has been marked as "yanked" from a simple repository (see PEP 592 for details). (#6633)
• When choosing candidates to install, prefer candidates with a hash matching one of the user-provided hashes. (#5874)
• Improve the error message when METADATA or PKG-INFO is None when accessing metadata. (#5082)
• Add a new command pip debug that can display e.g. the list of compatible tags for the current Python. (#6638)
• Display hint on installing with --pre when search results include pre-release versions. (#5169)
• Report to Warehouse that pip is running under CI if the PIP_IS_CI environment variable is set. (#5499)
• Allow --python-version to be passed as a dotted version string (e.g. 3.7 or 3.7.3). (#6585)
• Log the final filename and SHA256 of a .whl file when done building a wheel. (#5908)
• Include the wheel's tags in the log message explanation when a candidate wheel link is found incompatible. (#6121)
• Add a --path argument to pip freeze to support --target installations. (#6404)
• Add a --path argument to pip list to support --target installations. (#6551)

Bug Fixes

• Set sys.argv[0] to the underlying setup.py when invoking setup.py via the setuptools shim so setuptools doesn't think the path is -c. (#1890)
• Update pip download to respect the given --python-version when checking "Requires-Python". (#5369)
• Respect --global-option and --install-option when installing from a version control url (e.g. git). (#5518)
• Make the "ascii" progress bar really be "ascii" and not Unicode. (#5671)
• Fail elegantly when trying to set an incorrectly formatted key in config. (#5963)
• Prevent DistutilsOptionError when prefix is indicated in the global environment and --target is used. (#6008)
• Fix pip install to respect --ignore-requires-python when evaluating links. (#6371)
• Fix a debug log message when freezing an editable, non-version controlled requirement. (#6383)
• Extend to Subversion 1.8+ the behavior of calling Subversion in interactive mode when pip is run interactively. (#6386)
• Prevent pip install <url> from permitting directory traversal if e.g. a malicious server sends a Content-Disposition header with a filename containing ../ or ..\\. (#6413)
• Hide passwords in output when using --find-links. (#6489)
• Include more details in the log message if pip freeze can't generate a requirement string for a particular distribution. (#6513)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[fredj]

@dependabot rebase