Bump up version of pip to 21.1.1

[juanitosvq]

Hi there,

Would it be possible to bump up the version of pip running in virtualenv? All the versions less than v21.1 are affected by a security vulnerability:
pypa/pip#9827

The safety report:

+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| pip                        | 21.0.1    | <21.1                    | 40291    |
+==============================================================================+
| Pip 21.1 stops splitting on unicode separators in git references, which      |
| could be maliciously used to install a different revision on the repository. |
| See: <https://github.com./pypa/pip/issues/9827>. Additionally, pip 21.1       |
| updates urllib3 to 1.26.4 to fix CVE-2021-28363.               

Thanks in advance!

[MglMX]

You can run virtualenv --upgrade-embed-wheels to upgrade the pip version used by virtualenv but indeed it would be better to have a non vulnerable version by default.

[juanitosvq]

Fixed by #2104 and released in https://github.com./pypa/virtualenv/releases/tag/20.4.5.
Thanks @gaborbernat !