Merge pull request #4712 from dstufft/upgrade

Upgrade our Vendored Dependencies

Author: dstufft

news/cachecontrol.vendor

@@ -1 +1 @@
-Upgraded CacheControl to 0.12.2.
+Upgraded CacheControl to 0.12.3.

news/certifi.vendor

@@ -0,0 +1 @@
+Vendored certifi at 2017.7.27.1.

news/chardet.vendor

@@ -0,0 +1 @@
+Vendored chardet at 3.0.4.

news/idna.vendor

@@ -0,0 +1 @@
+Vendored idna at idna==2.6.

news/pytoml.vendor

@@ -0,0 +1 @@
+Upgraded pytoml to 0.1.14.

news/requests.vendor

@@ -1 +1 @@
-Upgraded requests to 2.14.2.
+Upgraded requests to 2.18.4.

news/setuptools.vendor

@@ -1 +1 @@
-Upgraded pkg_resources (via setuptools) to 36.2.6.
+Upgraded pkg_resources (via setuptools) to 36.4.0.

news/urllib3.vendor

@@ -0,0 +1 @@
+Vendored urllib3 at 1.22.

src/pip/_internal/__init__.py

@@ -17,7 +17,7 @@
 # to add socks as yet another dependency for pip, nor do I want to allow-stder
 # in the DEP-8 tests, so just suppress the warning.  pdb tells me this has to
 # be done before the import of pip.vcs.
-from pip._vendor.requests.packages.urllib3.exceptions import DependencyWarning
+from pip._vendor.urllib3.exceptions import DependencyWarning
 warnings.filterwarnings("ignore", category=DependencyWarning)  # noqa
 
 # We want to inject the use of SecureTransport as early as possible so that any
@@ -32,9 +32,7 @@
     if (sys.platform == "darwin" and
             ssl.OPENSSL_VERSION_NUMBER < 0x1000100f):  # OpenSSL 1.0.1
         try:
-            from pip._vendor.requests.packages.urllib3.contrib import (
-                securetransport,
-            )
+            from pip._vendor.urllib3.contrib import securetransport
         except (ImportError, OSError):
             pass
         else:
@@ -51,9 +49,7 @@
 )
 from pip._internal.commands import get_summaries, get_similar_commands
 from pip._internal.commands import commands_dict
-from pip._vendor.requests.packages.urllib3.exceptions import (
-    InsecureRequestWarning,
-)
+from pip._vendor.urllib3.exceptions import InsecureRequestWarning
 
 logger = logging.getLogger(__name__)
 

src/pip/_internal/download.py

@@ -12,14 +12,13 @@
 import shutil
 import sys
 
-from pip._vendor import requests, six
+from pip._vendor import requests, six, urllib3
 from pip._vendor.cachecontrol import CacheControlAdapter
 from pip._vendor.cachecontrol.caches import FileCache
 from pip._vendor.lockfile import LockError
 from pip._vendor.requests.adapters import BaseAdapter, HTTPAdapter
 from pip._vendor.requests.auth import AuthBase, HTTPBasicAuth
 from pip._vendor.requests.models import CONTENT_CHUNK_SIZE, Response
-from pip._vendor.requests.packages import urllib3
 from pip._vendor.requests.structures import CaseInsensitiveDict
 from pip._vendor.requests.utils import get_netrc_auth
 # NOTE: XMLRPC Client is not annotated in typeshed as on 2017-07-17, which is

src/pip/_vendor/cachecontrol/__init__.py

@@ -4,7 +4,7 @@
 """
 __author__ = 'Eric Larson'
 __email__ = '[email protected]'
-__version__ = '0.12.2'
+__version__ = '0.12.3'
 
 from .wrapper import CacheControl
 from .adapter import CacheControlAdapter

src/pip/_vendor/cachecontrol/caches/file_cache.py

@@ -9,7 +9,7 @@
     FileNotFoundError
 except NameError:
     # py2.X
-    FileNotFoundError = IOError
+    FileNotFoundError = OSError
 
 
 def _secure_open_write(filename, fmode):

src/pip/_vendor/cachecontrol/compat.py

@@ -10,8 +10,17 @@
     import pickle
 
 
-from pip._vendor.requests.packages.urllib3.response import HTTPResponse
-from pip._vendor.requests.packages.urllib3.util import is_fp_closed
+# Handle the case where the requests module has been patched to not have
+# urllib3 bundled as part of its source.
+try:
+    from pip._vendor.requests.packages.urllib3.response import HTTPResponse
+except ImportError:
+    from pip._vendor.urllib3.response import HTTPResponse
+
+try:
+    from pip._vendor.requests.packages.urllib3.util import is_fp_closed
+except ImportError:
+    from pip._vendor.urllib3.util import is_fp_closed
 
 # Replicate some six behaviour
 try:

src/pip/_vendor/certifi.pyi

@@ -0,0 +1 @@
+from certifi import *

src/pip/_vendor/certifi/__init__.py

@@ -0,0 +1,3 @@
+from .core import where, old_where
+
+__version__ = "2017.07.27.1"

src/pip/_vendor/certifi/__main__.py

@@ -0,0 +1,2 @@
+from certifi import where
+print(where())

src/pip/_vendor/requests/cacert.pem renamed to src/pip/_vendor/certifi/cacert.pem

@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+certifi.py
+~~~~~~~~~~
+
+This module returns the installation location of cacert.pem.
+"""
+import os
+import warnings
+
+
+class DeprecatedBundleWarning(DeprecationWarning):
+    """
+    The weak security bundle is being deprecated. Please bother your service
+    provider to get them to stop using cross-signed roots.
+    """
+
+
+def where():
+    f = os.path.dirname(__file__)
+
+    return os.path.join(f, 'cacert.pem')
+
+
+def old_where():
+    warnings.warn(
+        "The weak security bundle is being deprecated.",
+        DeprecatedBundleWarning
+    )
+    f = os.path.dirname(__file__)
+    return os.path.join(f, 'weak.pem')
+
+if __name__ == '__main__':
+    print(where())