Skip to content

Bump virtualenv from 20.36.1 to 21.1.0#139

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/pip/virtualenv-21.1.0
Open

Bump virtualenv from 20.36.1 to 21.1.0#139
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/pip/virtualenv-21.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026

Bumps virtualenv from 20.36.1 to 21.1.0.

Release notes

Sourced from virtualenv's releases.

21.1.0

What's Changed

Full Changelog: pypa/virtualenv@21.0.0...21.1.0

21.0.0

What's Changed

Full Changelog: pypa/virtualenv@20.39.1...21.0.0

20.39.1

What's Changed

Full Changelog: pypa/virtualenv@20.39.0...20.39.1

20.39.0

What's Changed

Full Changelog: pypa/virtualenv@20.38.0...20.39.0

20.38.0

What's Changed

... (truncated)

Changelog

Sourced from virtualenv's changelog.

Features - 21.1.0

  • Add comprehensive type annotations across the entire codebase and ship a PEP 561 py.typed marker so downstream consumers and type checkers recognize virtualenv as an inline-typed package - by :user:rahuldevikar. (:issue:3075)

v21.0.0 (2026-02-25)

Deprecations and Removals - 21.0.0

  • The Python discovery logic has been extracted into a standalone python-discovery package on PyPI (documentation <https://python-discovery.readthedocs.io/>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. from virtualenv.discovery.py_info import PythonInfo), switch to from python_discovery import PythonInfo. Backward-compatibility re-export shims are provided at virtualenv.discovery.py_info, virtualenv.discovery.py_spec, and virtualenv.discovery.cached_py_info, however these are considered unsupported and may be removed in a future release - by :user:gaborbernat. (:issue:3070)

v20.39.1 (2026-02-25)

Features - 20.39.1

  • Add support for creating virtual environments with RustPython - by :user:elmjag. (:issue:3010)

v20.39.0 (2026-02-23)

Features - 20.39.0

  • Automatically resolve version manager shims (pyenv, mise, asdf) to the real Python binary during discovery, preventing incorrect interpreter selection when shims are on PATH - by :user:gaborbernat. (:issue:3049)
  • Add architecture (ISA) awareness to Python discovery — users can now specify a CPU architecture suffix in the --python spec string (e.g. cpython3.12-64-arm64) to distinguish between interpreters that share the same version and bitness but target different architectures. Uses sysconfig.get_platform() as the data source, with cross-platform normalization (amd64x86_64, aarch64arm64). Omitting the suffix preserves existing behavior - by :user:rahuldevikar. (:issue:3059)

v20.38.0 (2026-02-19)

Features - 20.38.0

... (truncated)

Commits
  • 404a3e5 release 21.1.0
  • 981d87c add comprehensive type annotations across the entire codebase (#3076)
  • 17d98ba Add security policy
  • 7687420 release 21.0.0
  • 8ec3142 📝 docs(changelog): add removal entry for python-discovery extraction (#3074)
  • f89d46c ♻️ refactor(discovery): extract py_discovery as self-contained package (#3070)
  • 0272c72 release 20.39.1
  • b1ca37f 🐛 fix(create): add pythonw3.exe to Windows venvs (#3073)
  • 1d4a338 ✨ feat(create): add RustPython support (#3071)
  • a10c5d4 Align dependency versions across projects (#3069)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump virtualenv from 20.36.1 to 21.1.0
86b8108 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.36.1 to 21.1.0.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.36.1...21.1.0)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 21.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 26, 2026 18:28
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 26, 2026
@dependabot dependabot bot mentioned this pull request Mar 26, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 26, 2026

🤖 Claude Code Review

PR Code Review

Summary: This is a simple dependency bump of virtualenv from 20.36.1 to 21.1.0 in pyproject.toml.

Code Quality

  • Style guide: Single-line change, consistent with existing formatting.
  • No commented-out code
  • Meaningful variable names: N/A
  • DRY principle: N/A
  • Defects: No logic issues. This is a version bump of a development dependency (virtualenv is in the development extras group), so it has no impact on production runtime.

Testing

  • Unit/integration tests: N/A for a dev dependency version bump.
  • ⚠️ Test coverage: No tests added, but none are needed for a dependency bump. Existing CI should validate compatibility.

Documentation

  • README: No update needed.
  • API docs: N/A
  • Inline comments: N/A
  • CHANGELOG.md: No changelog entry. Dependency bumps are typically noted — verify if this project's convention requires it (many projects omit dev-only dependency bumps from changelogs).

Security

  • No hardcoded credentials
  • No license files (.lic) checked in
  • No sensitive data
  • Dependency is a dev-only tool (development group), so it does not affect the distributed package or runtime security surface.

Overall: Clean, minimal change. The only minor question is whether a CHANGELOG entry is expected per project convention. Otherwise, approved.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 2, 2026

🤖 Claude Code Review

PR Code Review

This is a minimal dependency version bump. Here's my analysis:

Code Quality

  • ✅ No commented-out code
  • ✅ Meaningful variable names (N/A)
  • ✅ DRY principle (N/A)
  • ✅ No defects — straightforward version bump of virtualenv from 20.36.1 to 21.1.0 in pyproject.toml:45

Testing

  • ✅ No new functions requiring unit tests
  • ✅ No new endpoints requiring integration tests
  • ⚠️ No explicit test coverage change — dependency bumps should ideally be validated by CI passing, which is expected here

Documentation

  • ✅ README update not required for a dev dependency bump
  • ✅ No API changes
  • CHANGELOG.md not updated — even dependency bumps are typically worth noting

Security

  • ✅ No hardcoded credentials
  • ✅ No sensitive data
  • ✅ No license files checked in
  • virtualenv 21.1.0 addresses CVE-2025-47273 — this bump appears security-motivated, which is a good reason to include a CHANGELOG entry

Summary

Approved with minor note. The change is correct and the version bump is appropriate (likely driven by a security advisory). The only suggestion is to add a CHANGELOG.md entry documenting the dependency update.

Automated code review analyzing defects and coding standards

@docktermj docktermj enabled auto-merge (squash) April 2, 2026 12:43
@docktermj docktermj self-requested a review April 2, 2026 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj Awaiting requested review from docktermj

Assignees

@barrycaceres barrycaceres

@antaenc antaenc

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@docktermj @barrycaceres @antaenc @senzingdevops