Merge branch 'master' into feature/sphinx-spellcheck

README.md

@@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans
 [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master)
 [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv)
 
+
 ------------------------------------------------------------------------
+[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io)
 
 **Pipenv** is a tool that aims to bring the best of all packaging worlds
 (bundler, composer, npm, cargo, yarn, etc.) to the Python world.

docs/advanced.rst

@@ -237,16 +237,15 @@ Example::
 
 .. note::
 
-   In order to enable this functionality while maintaining its permissive
-   copyright license, `pipenv` embeds an API client key for the back-end
-   Safety API operated by pyup.io rather than including a full copy of the
-   CC-BY-NC-SA licensed Safety-DB database. This embedded client key is
-   shared across all `pipenv check` users, and hence will be subject to
-   API access throttling based on overall usage rather than individual
-   client usage.
-
-   You can also use your own safety API key by setting the
-   environment variable ``PIPENV_PYUP_API_KEY``.
+   Each month, `PyUp.io` updates the ``safety`` database of
+   insecure Python packages and `makes it available to the
+   community for free <https://pyup.io/safety/>`__. Pipenv
+   makes an API call to retrieve those results and use them
+   each time you run ``pipenv check`` to show you vulnerable
+   dependencies.
+
+   For more up-to-date vulnerability data, you may also use your own safety
+   API key by setting the environment variable ``PIPENV_PYUP_API_KEY``.
 
 
 ☤ Community Integrations

news/4210.trivial.rst

@@ -0,0 +1 @@
+Updated PyUp.io information to reflect current situation.

pipenv/patched/notpip/_internal/pep425tags.py

@@ -3,6 +3,7 @@
 
 import distutils.util
 import logging
+import os
 import platform
 import re
 import sys

tasks/vendoring/patches/patched/_post-pip-update-pep425tags.patch

@@ -1,8 +1,16 @@
 diff --git a/pipenv/patched/notpip/_internal/pep425tags.py b/pipenv/patched/notpip/_internal/pep425tags.py
-index 042ba34b..58decc23 100644
+index 369275a8..16d041d9 100644
 --- a/pipenv/patched/notpip/_internal/pep425tags.py
 +++ b/pipenv/patched/notpip/_internal/pep425tags.py
-@@ -170,8 +170,9 @@ def is_linux_armhf():
+@@ -3,6 +3,7 @@ from __future__ import absolute_import
+
+ import distutils.util
+ import logging
++import os
+ import platform
+ import re
+ import sys
+@@ -170,8 +171,9 @@ def is_linux_armhf():
          return False
      # hard-float ABI can be detected from the ELF header of the running
      # process
@@ -13,7 +21,7 @@ index 042ba34b..58decc23 100644
              elf_header_raw = f.read(40)  # read 40 first bytes of ELF header
      except (IOError, OSError, TypeError):
          return False
-@@ -205,7 +206,7 @@ def is_manylinux1_compatible():
+@@ -205,7 +207,7 @@ def is_manylinux1_compatible():
          pass
 
      # Check glibc version. CentOS 5 uses glibc 2.5.
@@ -22,7 +30,7 @@ index 042ba34b..58decc23 100644
 
 
  def is_manylinux2010_compatible():
-@@ -223,7 +224,7 @@ def is_manylinux2010_compatible():
+@@ -223,7 +225,7 @@ def is_manylinux2010_compatible():
          pass
 
      # Check glibc version. CentOS 6 uses glibc 2.12.
@@ -31,7 +39,7 @@ index 042ba34b..58decc23 100644
 
 
  def is_manylinux2014_compatible():
-@@ -249,7 +250,7 @@ def is_manylinux2014_compatible():
+@@ -249,7 +251,7 @@ def is_manylinux2014_compatible():
          pass
 
      # Check glibc version. CentOS 7 uses glibc 2.17.