Skip to content

Bump virtualenv from 20.32.0 to 20.36.1#225

Merged
ggalloni merged 2 commits intomasterfrom
dependabot/uv/virtualenv-20.36.1
Feb 10, 2026
Merged

Bump virtualenv from 20.32.0 to 20.36.1#225
ggalloni merged 2 commits intomasterfrom
dependabot/uv/virtualenv-20.36.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 25, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps virtualenv from 20.32.0 to 20.36.1.

Release notes

Sourced from virtualenv's releases.

20.36.1

What's Changed

Full Changelog: pypa/virtualenv@20.36.0...20.36.1

20.36.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

20.35.3

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)

v20.36.0 (2026-01-07)


Features - 20.36.0

  • Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

- Fix race condition in ``_virtualenv.py`` when file is overwritten during import, preventing ``NameError`` when ``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:

    

  • pip to 25.3 from 25.2 (:issue:2989)
    • 



v20.35.3 (2025-10-10)


Bugfixes - 20.35.3

  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)

v20.35.2 (2025-10-10)

Bugfixes - 20.35.2

- Revert out changes related to the extraction of the discovery module - by :user:`gaborbernat`. (:issue:`2978`)

v20.35.1 (2025-10-09)


Bugfixes - 20.35.1

  • Patch get_interpreter to handle missing cache and app_data - by :user:esafak (:issue:2972)
  • Fix backwards incompatible changes to PythonInfo - by :user:gaborbernat. (:issue:2975)

v20.35.0 (2025-10-08)

Features - 20.35.0

... (truncated)

Commits
  • d0ad11d release 20.36.1
  • dec4cec Merge pull request #3013 from gaborbernat/fix-sec
  • 5fe5d38 release 20.36.0 (#3011)
  • 9719376 release 20.36.0
  • 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
  • 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
  • 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
  • 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
  • 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
  • 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 25, 2026
@codecov-commenter
Copy link

codecov-commenter commented Jan 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.21%. Comparing base (61faa03) to head (f487bb9).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #225      +/-   ##
==========================================
+ Coverage   83.79%   85.21%   +1.42%     
==========================================
  Files          35       33       -2     
  Lines        1641     1698      +57     
  Branches      146      164      +18     
==========================================
+ Hits         1375     1447      +72     
+ Misses        206      190      -16     
- Partials       60       61       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ggalloni
Copy link
Collaborator

ggalloni commented Feb 3, 2026

@dependabot rebase

@dependabot
Bump virtualenv from 20.32.0 to 20.36.1
f487bb9 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.32.0 to 20.36.1.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.32.0...20.36.1)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/virtualenv-20.36.1 branch from ff04f9a to f487bb9 Compare February 3, 2026 09:44
@ggalloni
Copy link
Collaborator

ggalloni commented Feb 3, 2026

@dependabot merge

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 3, 2026

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 10, 2026

Dependabot can't resolve your Python dependency files. Because of this, Dependabot cannot update this pull request.

@ggalloni ggalloni merged commit fff27dd into master Feb 10, 2026
10 checks passed
@ggalloni ggalloni deleted the dependabot/uv/virtualenv-20.36.1 branch February 10, 2026 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @ggalloni