Merge branch 'master' into feature/update-pip-piptools

README.md

@@ -6,7 +6,9 @@ Pipenv: Python Development Workflow for Humans
 [![Azure Pipelines Build Status](https://dev.azure.com/pypa/pipenv/_apis/build/status/Pipenv%20CI?branchName=master)](https://dev.azure.com/pypa/pipenv/_build/latest?definitionId=16&branchName=master)
 [![image](https://img.shields.io/pypi/pyversions/pipenv.svg)](https://python.org/pypi/pipenv)
 
+
 ------------------------------------------------------------------------
+[[ ~ Dependency Scanning by PyUp.io ~ ]](https://pyup.io)
 
 **Pipenv** is a tool that aims to bring the best of all packaging worlds
 (bundler, composer, npm, cargo, yarn, etc.) to the Python world.

docs/advanced.rst

@@ -237,16 +237,15 @@ Example::
 
 .. note::
 
-   In order to enable this functionality while maintaining its permissive
+   Each month, `PyUp.io` updates the ``safety`` database of
-   copyright license, `pipenv` embeds an API client key for the backend
+   insecure Python packages and `makes it available to the
-   Safety API operated by pyup.io rather than including a full copy of the
+   community for free <https://pyup.io/safety/>`__. Pipenv
-   CC-BY-NC-SA licensed Safety-DB database. This embedded client key is
+   makes an API call to retrieve those results and use them
-   shared across all `pipenv check` users, and hence will be subject to
+   each time you run ``pipenv check`` to show you vulnerable
-   API access throttling based on overall usage rather than individual
+   dependencies.
-   client usage.
 
-   You can also use your own safety API key by setting the
+   For more up-to-date vulnerability data, you may also use your own safety
-   environment variable ``PIPENV_PYUP_API_KEY``.
+   API key by setting the environment variable ``PIPENV_PYUP_API_KEY``.
 
 
 ☤ Community Integrations

news/4210.trivial.rst

@@ -0,0 +1 @@
+Updated PyUp.io information to reflect current situation.