| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Updates the requirements on [virtualenv](https://github.com/pypa/virtualenv) to permit the latest version.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/21.3.1...21.4.2)
---
updated-dependencies:
- dependency-name: virtualenv
dependency-version: 21.4.2
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [virtualenv](https://github.com/pypa/virtualenv) to permit the latest version.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/21.3.0...21.3.1)
---
updated-dependencies:
- dependency-name: virtualenv
dependency-version: 21.3.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
The repo was bootstrapped from `cookiecutter-pylibrary`. The
regeneration scaffolding has been sitting around since then — unused,
out of date, and in some cases pointing at infrastructure (AppVeyor)
that hasn't been part of CI for years. Knock it all down in one
sweep so there's nothing dead-by-design in the tree after this PR.
Removed
- `.cookiecutterrc` — cookiecutter regen metadata.
- `ci/bootstrap.py` — entry point for regenerating workflow files
from the templates.
- `ci/templates/` (whole directory):
- `.appveyor.yml` template (AppVeyor isn't wired up).
- `.github/workflows/github-actions.yml` Jinja template (the live
workflow has evolved past it via #32, #35, #37).
Coupled updates
- `tox.ini`: dropped the `[testenv:bootstrap]` env (calls deleted
`bootstrap.py`) and the `bootstrap` reference in the basepython
selector.
- `MANIFEST.in`: removed `include .cookiecutterrc`.
- `setup.cfg`: removed `ci/templates` from the flake8 `exclude` and
isort `skip` lists (dead exclusion paths).
- `.pre-commit-config.yaml`: removed `ci/templates` from the
top-level `exclude` regex.
- `tests.local.sh`: replaced the per-version `if/elif` chain (which
still listed Python 3.7 and missed 3.12-3.14) with a single
programmatic `tox -e py$VERSION` lookup against
`tox --listenvs-all`. Self-maintaining when the matrix changes.
- `CHANGELOG.rst`: added a Housekeeping bullet for this PR.
Live and untouched
- `ci/requirements.txt` is still installed by every CI workflow
(`pip install -r ci/requirements.txt`). Not regen-related.
Closes #46
|
|
Two unrelated-but-tiny housekeeping items:
- ci/templates/.github/workflows/github-actions.yml: the cookiecutter
template still wrapped the matrix loop in
`{% if prefix not in ['py37', 'pypy37'] %}`. Those tox envs were
removed from `envlist` in #32, so the loop never visits them and the
guard never fires. Dead Jinja, removed.
- docs/conf.py: copyright year was hardcoded to '2022', which Sphinx
was happily rendering as the docs footer in 2026. Bumped to a
'2022-2026' span.
Closes #42
|
|
3.7 reached end-of-life on 2023-06-27. Copilot dropped 3.7 from the CI
matrix in #30 but left the rest of the metadata pointing at it.
- setup.py: drop the 3.7 classifier and bump `python_requires` to >=3.8
- pyproject.toml: bump black `target-version` to py38
- tox.ini: drop `py37` and `pypy37` envs and basepython entries
- README.rst: bump quick-start Python range to 3.8-3.14
- ci/templates/.appveyor.yml: bump the `check` env from Python 3.6 to 3.8
to keep the floor consistent (template only, not currently rendered)
BREAKING CHANGE: Edify now requires Python 3.8 or newer.
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/16418662-2de9-4625-aad9-e9fc6cecb1c5
Co-authored-by: luciferreeves <[email protected]>
|
|
CI jobs
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/8d8a009c-758c-4ab2-b58c-3fc7b67455a9
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/d523264f-a40b-4cb6-883b-568d6c65cace
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/e7f51b79-93cc-48ac-bcc0-db3ca7b27a85
Co-authored-by: luciferreeves <[email protected]>
|
|
Agent-Logs-Url: https://github.com/luciferreeves/edify/sessions/84345a0f-6985-4c88-99ec-f3b073ec18e1
Co-authored-by: luciferreeves <[email protected]>
|
|
|
|
Updates the requirements on [pip](https://github.com/pypa/pip) to permit the latest version.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/19.1.1...26.0.1)
---
updated-dependencies:
- dependency-name: pip
dependency-version: 26.0.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v30.3.0...v82.0.1)
---
updated-dependencies:
- dependency-name: setuptools
dependency-version: 82.0.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on
[virtualenv](https://github.com/pypa/virtualenv) to permit the latest
version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>21.3.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🐛 fix(type): stop ty flagging default_source on Action by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3124">pypa/virtualenv#3124</a></li>
<li>feat: Reintroduce xonsh shell support by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
<li>🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers on Windows by <a
href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/3128">pypa/virtualenv#3128</a></li>
<li>docs: Add usage instruction for Xonsh activation by <a
href="https://github.com/anki-code"><code>@anki-code</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3130">pypa/virtualenv#3130</a></li>
<li>Upgrade embedded pip/setuptools/wheel by <a
href="https://github.com/github-actions"><code>@github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3132">pypa/virtualenv#3132</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/anki-code"><code>@anki-code</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3125">pypa/virtualenv#3125</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0">https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h1>Features - 21.3.0</h1>
<ul>
<li>Re-introduce <code>xonsh</code> shell activator
(<code>activate.xsh</code>) previously removed in 20.7.0, and make the
plugin loader
prefer virtualenv's built-in entry points so a third-party package
cannot override them by registering a duplicate
name. (:issue:<code>3003</code>)</li>
</ul>
<h1>Bugfixes - 21.3.0</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.2.4 (2026-04-14)</p>
<hr />
<h1>Bugfixes - 21.2.4</h1>
<ul>
<li>Security hardening: validate each entry of a seed wheel archive
before extracting it so a tampered wheel cannot escape
the app-data image directory via an absolute path or <code>..</code>
traversal. (:issue:<code>3118</code>)</li>
<li>Security hardening: verify the SHA-256 of every bundled seed wheel
when it is loaded so a corrupted or tampered file
on disk fails loud instead of being handed to pip. The hash table is
generated alongside <code>BUNDLE_SUPPORT</code> by
<code>tasks/upgrade_wheels.py</code>. (:issue:<code>3119</code>)</li>
<li>Security hardening: validate the distribution name and version
specifier passed to <code>pip download</code> when acquiring a
seed wheel so extras, pip flags, or shell metacharacters cannot be
smuggled into the subprocess command line.
(:issue:<code>3120</code>)</li>
<li>Security hardening: replace the string-prefix containment check in
<code>virtualenv.util.zipapp</code> with
<code>Path.relative_to</code> so the zipapp extraction helpers refuse
any path that does not resolve under the archive root.
(:issue:<code>3121</code>)</li>
<li>Security hardening: do not silently fall back to an unverified HTTPS
context when the periodic update request to PyPI
fails TLS verification. The returned metadata drives which wheel version
virtualenv considers "up to date", so
accepting an unverified response lets a network-level attacker suppress
security updates. Set
<code>VIRTUALENV_PERIODIC_UPDATE_INSECURE=1</code> to restore the
previous behavior on hosts with broken trust stores.
(:issue:<code>3122</code>)</li>
</ul>
<hr />
<p>v21.2.3 (2026-04-14)</p>
<hr />
<p>No significant changes.</p>
<hr />
<p>v21.2.2 (2026-04-13)</p>
<hr />
<h1>Bugfixes - 21.2.2</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/e917cc244e659160607c890de2cbad3a7bc2a28c"><code>e917cc2</code></a>
release 21.3.0</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/21152f1b88c49cdefda2743cddc2cf36d50e2e57"><code>21152f1</code></a>
Upgrade embedded pip/setuptools/wheel (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3132">#3132</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/096bdcd72d7a6c92dcb9dee97fd429fe3e0231a5"><code>096bdcd</code></a>
chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3131">#3131</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/01610dc7a8ef08158c815f43dc22ceadb98b85c0"><code>01610dc</code></a>
docs: Add usage instruction for Xonsh activation (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3130">#3130</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/fb6ec7c461db2b0ccfabe7ec6255368e86cfaed3"><code>fb6ec7c</code></a>
🐛 fix(test): prevent PowerShell activation test from crashing xdist
workers o...</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/60956799efa82adac0c3d5e70d9ca1fdd63125f8"><code>6095679</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3129">#3129</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/8d3179cf42332501240e9ee3ddca7e376a790752"><code>8d3179c</code></a>
chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
(<a
href="https://redirect.github.com/pypa/virtualenv/issues/3127">#3127</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/a159c50a400d4e18aca3bfde5224f09e71d2eb17"><code>a159c50</code></a>
chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3126">#3126</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/9ba729bbbbec89c121c3ce4ef205fdd403e33e26"><code>9ba729b</code></a>
feat: Reintroduce xonsh shell support (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3125">#3125</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d42ea5cd19a116dbdbb9852becace188d5b3a225"><code>d42ea5c</code></a>
🐛 fix(type): stop ty flagging default_source on Action (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3124">#3124</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/virtualenv/compare/16.6.0...21.3.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
|
|
Updates the requirements on [six](https://github.com/benjaminp/six) to permit the latest version.
- [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES)
- [Commits](https://github.com/benjaminp/six/compare/1.14.0...1.17.0)
---
updated-dependencies:
- dependency-name: six
dependency-version: 1.17.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
Updates the requirements on [virtualenv](https://github.com/pypa/virtualenv) to permit the latest version.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](https://github.com/pypa/virtualenv/compare/16.6.0...21.3.0)
---
updated-dependencies:
- dependency-name: virtualenv
dependency-version: 21.3.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <[email protected]>
|
|
|
