Bump pip from 20.0.2 to 20.3.3

[dependabot-preview]

Bumps pip from 20.0.2 to 20.3.3.

Changelog

Sourced from pip's changelog.

20.3.3 (2020-12-15)

Bug Fixes

• Revert "Skip candidate not providing valid metadata", as that caused pip to be overeager about downloading from the package index. (#9264)

20.3.2 (2020-12-15)

Features

• New resolver: Resolve direct and pinned (== or ===) requirements first to improve resolver performance. (#9185)
• Add a mechanism to delay resolving certain packages, and use it for setuptools. (#9249)

Bug Fixes

• New resolver: The "Requirement already satisfied" log is not printed only once for each package during resolution. (#9117)
• Fix crash when logic for redacting authentication information from URLs in --help is given a list of strings, instead of a single string. (#9191)
• New resolver: Correctly implement PEP 592. Do not return yanked versions from an index, unless the version range can only be satisfied by yanked candidates. (#9203)
• New resolver: Make constraints also apply to package variants with extras, so the resolver correctly avoids backtracking on them. (#9232)
• New resolver: Discard a candidate if it fails to provide metadata from source, or if the provided metadata is inconsistent, instead of quitting outright. (#9246)

Vendored Libraries

• Update vendoring to 20.8

Improved Documentation

• Update documentation to reflect that pip still uses legacy resolver by default in Python 2 environments. (#9269)

20.3.1 (2020-12-03)

Deprecations and Removals

• The --build-dir option has been restored as a no-op, to soften the transition for tools that still used it. (#9193)

20.3 (2020-11-30)

Deprecations and Removals

Commits

• a387de1 Bump for release
• b4fb710 Merge pull request #9293 from pypa/revert-9264-new-resolver-dont-abort-on-inc...
• 95c3ae3 📰
• 7165ab8 Revert "Skip candidate not providing valid metadata"
• 03d5f56 Merge pull request #9291 from uranusjr/skip-search-tests
• 145be2e Skip pip search tests unless explicitly requested
• 2b0b426 Merge pull request #9281 from pradyunsg/release/20.3.2
• e647c61 Bump for development
• e1fded5 Bump for release
• 08816b3 Update AUTHORS.txt
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[coveralls]

Coverage remained the same at 42.065% when pulling 50f5e7e on dependabot/pip/pip-20.3.3 into 10a4d82 on master.

[dependabot-preview]

Superseded by #546.