From a476a2e3abaa9c283409bf2620a814ab14e8f7a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 19:08:16 +0100
Subject: [PATCH] Bump pip from 23.3.1 to 23.3.2 (PR #6872)
Bumps [pip](https://github.com/pypa/pip) from 23.3.1 to 23.3.2.
Changelog
Sourced from pip's changelog.
23.3.2 (2023-12-17)
Bug Fixes
- Fix a bug in extras handling for link requirements (
[#12372](https://github.com/pypa/pip/issues/12372) <https://github.com/pypa/pip/issues/12372>_)
- Fix mercurial revision "parse error": use
--rev={ref} instead of -r={ref} ([#12373](https://github.com/pypa/pip/issues/12373) <https://github.com/pypa/pip/issues/12373>_)
Commits
f9fea40 Bump for release3891d41 Fix news file namefb1be0f Fix a few typing issuesb23341d Update AUTHORS.txt4513b9c added second test case69b5810 Fixed bug in extras handling for link requirements7189400 Update news/370392cf-52cd-402c-b402-06d2ff398f89.bugfix.rst3f9c9f9 fix mercurial revision parse error: use two hypen argument --rev= instead of -r=- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
---
changelogs/unreleased/6872-dependabot.yml | 6 ++++++
requirements.txt | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 changelogs/unreleased/6872-dependabot.yml
diff --git a/changelogs/unreleased/6872-dependabot.yml b/changelogs/unreleased/6872-dependabot.yml
new file mode 100644
index 0000000000..e1cb02ac0d
--- /dev/null
+++ b/changelogs/unreleased/6872-dependabot.yml
@@ -0,0 +1,6 @@
+change-type: patch
+description: Bump pip from 23.3.1 to 23.3.2
+destination-branches:
+- master
+- iso7
+sections: {}
diff --git a/requirements.txt b/requirements.txt
index 3cda24b7b3..ec7c26f154 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ jinja2==3.1.2
more-itertools==10.1.0
netifaces==0.11.0
packaging==23.2
-pip==23.3.1
+pip==23.3.2
ply==3.11
pydantic==2.5.2
pyformance==0.4