diff --git a/requirements/common.in b/requirements/common.in
index 5e658524d3..68a3c4b477 100644
--- a/requirements/common.in
+++ b/requirements/common.in
@@ -2,6 +2,9 @@
 # /tools/update-locked-requirements to update requirements/dev.txt
 # and requirements/prod.txt.
 # See requirements/README.md for more detail.
+
+-r pip.in
+
 # Django itself
 Django[argon2]==4.2.*
 
diff --git a/requirements/dev.in b/requirements/dev.in
index be4205d5dd..949d7c0da3 100644
--- a/requirements/dev.in
+++ b/requirements/dev.in
@@ -1,7 +1,6 @@
 # After editing this file, you MUST afterward run
 # /tools/update-locked-requirements to update requirements/dev.txt.
 # See requirements/README.md for more detail.
--r pip.in
 -r prod.in
 -r docs.in
 
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 23745ceb39..fb864bbaeb 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -3456,9 +3456,8 @@ zxcvbn==4.4.28 \
     # via -r requirements/common.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==20.3.4 \
-    --hash=sha256:217ae5161a0e08c0fb873858806e3478c9775caffce5168b50ec885e358c199d \
-    --hash=sha256:6773934e5f5fc3eaa8c5a44949b5b924fc122daa0a8aa9f80c835b4ca2a543fc
+https://github.com/andersk/pip/archive/6642149c44297200f44dfe215b1cb7954d47ed77.zip#egg=pip==20.3.4+git \
+    --hash=sha256:4dfbc892b80b32091921c7cead7c4aff06c726e520633ac89bc463137e0fd27d
     # via
     #   -r requirements/pip.in
     #   pip-tools
diff --git a/requirements/pip.in b/requirements/pip.in
index b251587696..d3622d3594 100644
--- a/requirements/pip.in
+++ b/requirements/pip.in
@@ -1,3 +1,3 @@
-pip<21.0  # Our hack for installing specific commits from Git requires --use-deprecated=legacy-resolver: https://github.com/pypa/pip/issues/5780
+https://github.com/andersk/pip/archive/6642149c44297200f44dfe215b1cb7954d47ed77.zip#egg=pip==20.3.4+git  # Our hack for installing specific commits from Git requires --use-deprecated=legacy-resolver: https://github.com/pypa/pip/issues/5780
 setuptools
 wheel
diff --git a/requirements/pip.txt b/requirements/pip.txt
index a52ed00e30..92a0785d29 100644
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -13,9 +13,8 @@ wheel==0.42.0 \
     # via -r requirements/pip.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==20.3.4 \
-    --hash=sha256:217ae5161a0e08c0fb873858806e3478c9775caffce5168b50ec885e358c199d \
-    --hash=sha256:6773934e5f5fc3eaa8c5a44949b5b924fc122daa0a8aa9f80c835b4ca2a543fc
+https://github.com/andersk/pip/archive/6642149c44297200f44dfe215b1cb7954d47ed77.zip#egg=pip==20.3.4+git \
+    --hash=sha256:4dfbc892b80b32091921c7cead7c4aff06c726e520633ac89bc463137e0fd27d
     # via -r requirements/pip.in
 setuptools==69.1.1 \
     --hash=sha256:02fa291a0471b3a18b2b2481ed902af520c69e8ae0919c13da936542754b4c56 \
diff --git a/requirements/prod.txt b/requirements/prod.txt
index 8d533045a3..7f63fa4f00 100644
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@@ -2283,6 +2283,10 @@ werkzeug==3.0.1 \
     --hash=sha256:507e811ecea72b18a404947aded4b3390e1db8f826b494d76550ef45bb3b1dcc \
     --hash=sha256:90a285dc0e42ad56b34e696398b8122ee4c681833fb35b8334a095d82c56da10
     # via openapi-core
+wheel==0.42.0 \
+    --hash=sha256:177f9c9b0d45c47873b619f5b650346d632cdc35fb5e4d25058e09c9e581433d \
+    --hash=sha256:c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8
+    # via -r requirements/pip.in
 xmlsec==1.3.13 \
     --hash=sha256:091f23765729df6f3b3a55c8a6a96f9c713fa86e76b86a19cdb756aaa6dc0646 \
     --hash=sha256:1725d70ee2bb2cd8dd66c7a7451be02bb59dc8280103db4f68e731f00135b1e0 \
@@ -2409,7 +2413,12 @@ zxcvbn==4.4.28 \
     # via -r requirements/common.in
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==20.3.4 \
-    --hash=sha256:217ae5161a0e08c0fb873858806e3478c9775caffce5168b50ec885e358c199d \
-    --hash=sha256:6773934e5f5fc3eaa8c5a44949b5b924fc122daa0a8aa9f80c835b4ca2a543fc
-    # via zulip-bots
+https://github.com/andersk/pip/archive/6642149c44297200f44dfe215b1cb7954d47ed77.zip#egg=pip==20.3.4+git \
+    --hash=sha256:4dfbc892b80b32091921c7cead7c4aff06c726e520633ac89bc463137e0fd27d
+    # via
+    #   -r requirements/pip.in
+    #   zulip-bots
+setuptools==69.1.1 \
+    --hash=sha256:02fa291a0471b3a18b2b2481ed902af520c69e8ae0919c13da936542754b4c56 \
+    --hash=sha256:5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8
+    # via -r requirements/pip.in
diff --git a/version.py b/version.py
index b34fa72d5e..f4761b9582 100644
--- a/version.py
+++ b/version.py
@@ -48,4 +48,4 @@ API_FEATURE_LEVEL = 242
 #   historical commits sharing the same major version, in which case a
 #   minor version bump suffices.
 
-PROVISION_VERSION = (264, 1)
+PROVISION_VERSION = (264, 2)