Update pip requirement from <=19.2,>=9 to >=9,<19.3

[dependabot-preview]

Updates the requirements on pip to permit the latest version.

Changelog

Sourced from pip's changelog.

19.2.1 (2019-07-23)

Bug Fixes

• Fix a NoneType AttributeError when evaluating hashes and no hashes are provided. (#6772)

19.2 (2019-07-22)

Deprecations and Removals

• Drop support for EOL Python 3.4. (#6685)
• Improve deprecation messages to include the version in which the functionality will be removed. (#6549)

Features

• Credentials will now be loaded using keyring when installed. (#5948)
• Fully support using --trusted-host inside requirements files. (#3799)
• Update timestamps in pip's --log file to include milliseconds. (#6587)
• Respect whether a file has been marked as "yanked" from a simple repository (see PEP 592 for details). (#6633)
• When choosing candidates to install, prefer candidates with a hash matching one of the user-provided hashes. (#5874)
• Improve the error message when METADATA or PKG-INFO is None when accessing metadata. (#5082)
• Add a new command pip debug that can display e.g. the list of compatible tags for the current Python. (#6638)
• Display hint on installing with --pre when search results include pre-release versions. (#5169)
• Report to Warehouse that pip is running under CI if the PIP_IS_CI environment variable is set. (#5499)
• Allow --python-version to be passed as a dotted version string (e.g. 3.7 or 3.7.3). (#6585)
• Log the final filename and SHA256 of a .whl file when done building a wheel. (#5908)
• Include the wheel's tags in the log message explanation when a candidate wheel link is found incompatible. (#6121)
• Add a --path argument to pip freeze to support --target installations. (#6404)
• Add a --path argument to pip list to support --target installations. (#6551)

Bug Fixes

• Set sys.argv[0] to the underlying setup.py when invoking setup.py via the setuptools shim so setuptools doesn't think the path is -c. (#1890)
• Update pip download to respect the given --python-version when checking "Requires-Python". (#5369)
• Respect --global-option and --install-option when installing from a version control url (e.g. git). (#5518)
• Make the "ascii" progress bar really be "ascii" and not Unicode. (#5671)
• Fail elegantly when trying to set an incorrectly formatted key in config. (#5963)
• Prevent DistutilsOptionError when prefix is indicated in the global environment and --target is used. (#6008)
• Fix pip install to respect --ignore-requires-python when evaluating links. (#6371)
• Fix a debug log message when freezing an editable, non-version controlled requirement. (#6383)
• Extend to Subversion 1.8+ the behavior of calling Subversion in interactive mode when pip is run interactively. (#6386)
• Prevent pip install <url> from permitting directory traversal if e.g. a malicious server sends a Content-Disposition header with a filename containing ../ or ..\\. (#6413)
• Hide passwords in output when using --find-links. (#6489)
• Include more details in the log message if pip freeze can't generate a requirement string for a particular distribution. (#6513)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[codecov-io]

Codecov Report

Merging #1184 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1184   +/-   ##
=======================================
  Coverage   95.81%   95.81%           
=======================================
  Files          28       28           
  Lines        4973     4973           
  Branches      626      626           
=======================================
  Hits         4765     4765           
  Misses        135      135           
  Partials       73       73

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 32fabb3...c089112. Read the comment docs.