Hi again, I'd like to suggest to bump the pip version used for testing in order to avoid using a vulnerable version of pip.

The known vulnerabilities are GHSA-5xp3-jfq3-5q8x and GHSA-gpvv-69j7-gwj8

Both vulnerabilities were fixed on the 21.1 version. It won't affect the tests because the 21.1 version of pip is also compatible to python versions >= 3.6.

I'll submit a PR with the bump together with this issue.