diff options
| author | Bobby <[email protected]> | 2026-04-28 12:42:42 +0530 |
|---|---|---|
| committer | GitHub <[email protected]> | 2026-04-28 12:42:42 +0530 |
| commit | acc93d836ec9c548512c11fe8b1a2561009f22cd (patch) | |
| tree | 4077067067c0ae9171c18240f2288dc67d26789f | |
| parent | d0cd1e3b4074bd57a877cd3968c7dcd6cc9f017f (diff) | |
| parent | 469187a696a3df98e28a8c40292041dace77fbf5 (diff) | |
| download | edify-acc93d836ec9c548512c11fe8b1a2561009f22cd.tar.xz edify-acc93d836ec9c548512c11fe8b1a2561009f22cd.zip | |
Update virtualenv requirement from >=16.6.0 to >=21.3.0 (#28)
Updates the requirements on
[virtualenv](https://github.com/pypa/virtualenv) to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>21.3.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(type): stop ty flagging default_source on Action by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3124">pypa/virtualenv#3124</a></li>
<li>feat: Reintroduce xonsh shell support by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
<li>🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers on Windows by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3128">pypa/virtualenv#3128</a></li>
<li>docs: Add usage instruction for Xonsh activation by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3130">pypa/virtualenv#3130</a></li>
<li>Upgrade embedded pip/setuptools/wheel by <a
href="https://github.com/github-actions"><code>@github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3132">pypa/virtualenv#3132</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/anki-code"><code>@anki-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0">https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h1>Features - 21.3.0</h1>
<ul>
<li>Re-introduce <code>xonsh</code> shell activator
(<code>activate.xsh</code>) previously removed in 20.7.0, and make the
plugin loader
prefer virtualenv's built-in entry points so a third-party package
cannot override them by registering a duplicate
name. (:issue:<code>3003</code>)</li>
</ul>
<h1>Bugfixes - 21.3.0</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.2.4 (2026-04-14)</p>
<hr />
<h1>Bugfixes - 21.2.4</h1>
<ul>
<li>Security hardening: validate each entry of a seed wheel archive
before extracting it so a tampered wheel cannot escape
the app-data image directory via an absolute path or <code>..</code>
traversal. (:issue:<code>3118</code>)</li>
<li>Security hardening: verify the SHA-256 of every bundled seed wheel
when it is loaded so a corrupted or tampered file
on disk fails loud instead of being handed to pip. The hash table is
generated alongside <code>BUNDLE_SUPPORT</code> by
<code>tasks/upgrade_wheels.py</code>. (:issue:<code>3119</code>)</li>
<li>Security hardening: validate the distribution name and version
specifier passed to <code>pip download</code> when acquiring a
seed wheel so extras, pip flags, or shell metacharacters cannot be
smuggled into the subprocess command line.
(:issue:<code>3120</code>)</li>
<li>Security hardening: replace the string-prefix containment check in
<code>virtualenv.util.zipapp</code> with
<code>Path.relative_to</code> so the zipapp extraction helpers refuse
any path that does not resolve under the archive root.
(:issue:<code>3121</code>)</li>
<li>Security hardening: do not silently fall back to an unverified HTTPS
context when the periodic update request to PyPI
fails TLS verification. The returned metadata drives which wheel version
virtualenv considers "up to date", so
accepting an unverified response lets a network-level attacker suppress
security updates. Set
<code>VIRTUALENV_PERIODIC_UPDATE_INSECURE=1</code> to restore the
previous behavior on hosts with broken trust stores.
(:issue:<code>3122</code>)</li>
</ul>
<hr />
<p>v21.2.3 (2026-04-14)</p>
<hr />
<p>No significant changes.</p>
<hr />
<p>v21.2.2 (2026-04-13)</p>
<hr />
<h1>Bugfixes - 21.2.2</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/e917cc244e659160607c890de2cbad3a7bc2a28c"><code>e917cc2</code></a>
release 21.3.0</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/21152f1b88c49cdefda2743cddc2cf36d50e2e57"><code>21152f1</code></a>
Upgrade embedded pip/setuptools/wheel (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3132">#3132</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/096bdcd72d7a6c92dcb9dee97fd429fe3e0231a5"><code>096bdcd</code></a>
chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3131">#3131</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/01610dc7a8ef08158c815f43dc22ceadb98b85c0"><code>01610dc</code></a>
docs: Add usage instruction for Xonsh activation (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3130">#3130</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/fb6ec7c461db2b0ccfabe7ec6255368e86cfaed3"><code>fb6ec7c</code></a>
🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers o...</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/60956799efa82adac0c3d5e70d9ca1fdd63125f8"><code>6095679</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3129">#3129</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/8d3179cf42332501240e9ee3ddca7e376a790752"><code>8d3179c</code></a>
chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
(<a
href="https://redirect.github.com/pypa/virtualenv/issues/3127">#3127</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a159c50a400d4e18aca3bfde5224f09e71d2eb17"><code>a159c50</code></a>
chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3126">#3126</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/9ba729bbbbec89c121c3ce4ef205fdd403e33e26"><code>9ba729b</code></a>
feat: Reintroduce xonsh shell support (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3125">#3125</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d42ea5cd19a116dbdbb9852becace188d5b3a225"><code>d42ea5c</code></a>
🐛 fix(type): stop ty flagging default_source on Action (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3124">#3124</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/virtualenv/compare/16.6.0...21.3.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
| -rw-r--r-- | ci/requirements.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ci/requirements.txt b/ci/requirements.txt index c8fd094..80d9c39 100644 --- a/ci/requirements.txt +++ b/ci/requirements.txt @@ -1,4 +1,4 @@ -virtualenv>=16.6.0 +virtualenv>=21.3.0 pip>=19.1.1 setuptools>=18.0.1 six>=1.17.0 |