Skip to content

Bump virtualenv from 20.31.2 to 20.36.1 #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
docktermj merged 2 commits into from
Jan 14, 2026
Merged

Bump virtualenv from 20.31.2 to 20.36.1 #56

docktermj merged 2 commits into from
Jan 14, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2026
edited by github-actions bot
Loading

Bumps virtualenv from 20.31.2 to 20.36.1.

Release notes

Sourced from virtualenv's releases.

20.36.1

What's Changed

Full Changelog: pypa/virtualenv@20.36.0...20.36.1

20.36.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

20.35.3

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)

v20.36.0 (2026-01-07)


Features - 20.36.0

  • Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

- Fix race condition in ``_virtualenv.py`` when file is overwritten during import, preventing ``NameError`` when ``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:

    

  • pip to 25.3 from 25.2 (:issue:2989)
    • 



v20.35.3 (2025-10-10)


Bugfixes - 20.35.3

  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)

v20.35.2 (2025-10-10)

Bugfixes - 20.35.2

- Revert out changes related to the extraction of the discovery module - by :user:`gaborbernat`. (:issue:`2978`)

v20.35.1 (2025-10-09)


Bugfixes - 20.35.1

  • Patch get_interpreter to handle missing cache and app_data - by :user:esafak (:issue:2972)
  • Fix backwards incompatible changes to PythonInfo - by :user:gaborbernat. (:issue:2975)

v20.35.0 (2025-10-08)

Features - 20.35.0

... (truncated)

Commits
  • d0ad11d release 20.36.1
  • dec4cec Merge pull request #3013 from gaborbernat/fix-sec
  • 5fe5d38 release 20.36.0 (#3011)
  • 9719376 release 20.36.0
  • 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
  • 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
  • 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
  • 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
  • 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
  • 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Resolves #3013
Resolves #3011
Resolves #3008
Resolves #3
Resolves #3007
Resolves #2997
Resolves #3001
Resolves pypa/virtualenv#3011
Resolves pypa/virtualenv#3013
Resolves pypa/virtualenv#2981
Resolves pypa/virtualenv#2982
Resolves pypa/virtualenv#2989
Resolves pypa/virtualenv#2990
Resolves pypa/virtualenv#2996
Resolves pypa/virtualenv#3001
Resolves pypa/virtualenv#3002
Resolves pypa/virtualenv#3007
Resolves pypa/virtualenv#3006
Resolves pypa/virtualenv#3008

@dependabot
Bump virtualenv from 20.31.2 to 20.36.1
c606ec3 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.31.2 to 20.36.1.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.31.2...20.36.1)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 13, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 13, 2026 20:01
@github-actions
Copy link

github-actions bot commented Jan 13, 2026

🤖 Claude Code Review

Code Review Analysis

I'll analyze the pull request diff against the provided checklist.

Pull Request Summary

This PR updates the virtualenv dependency from version 20.31.2 to 20.36.1 in development-requirements.txt.

Code Quality

Code follows style guide - N/A for dependency version updates

  • This is a simple dependency version bump with no code changes

No commented-out code - N/A

  • No code present in this change

Meaningful variable names - N/A

  • No variables in this change

DRY principle followed - N/A

  • No code duplication concerns

Identify Defects - None identified

  • This is a straightforward dependency version update
  • Virtualenv 20.36.1 is a legitimate release (checking version progression: 20.31.2 → 20.36.1)
  • No logic errors, security vulnerabilities, or edge cases introduced

Project memory configuration - None found

  • No ./.claude/CLAUDE.md file exists in the repository to consider

Testing

Unit tests for new functions - N/A

  • No new functions added

Integration tests for new endpoints - N/A

  • No new endpoints added

Edge cases covered - N/A

  • Dependency update only

⚠️ Test coverage > 80% - Cannot verify

  • This change doesn't affect test coverage directly
  • Existing test suite should validate compatibility with new virtualenv version

Documentation

Readme updated if needed - Not required

  • Dependency version bumps in development requirements typically don't require README updates

API docs updated - N/A

  • No API changes

Inline comments for complex logic - N/A

  • No code logic present

⚠️ CHANGELOG.md updated - Not updated

  • development-requirements.txt:17 - Minor dependency updates may or may not warrant CHANGELOG entries depending on project conventions
  • Consider adding an entry if your project tracks all dependency updates

Markdown formatting - N/A

  • No markdown files modified

Security

No hardcoded credentials - Verified

  • No credentials present

Input validation implemented - N/A

  • No input handling code

Proper error handling - N/A

  • No error handling code

No sensitive data in logs - N/A

  • No logging code

No license files (.lic) or AQAAAD strings - Verified

  • No license files or suspicious strings in the diff

Overall Assessment

✅ APPROVED with minor considerations

This is a clean dependency version update with no issues. The change:

  • Updates virtualenv from 20.31.2 to 20.36.1 (5 minor versions)
  • Follows semantic versioning expectations
  • Introduces no security concerns
  • Requires no code or documentation changes

Recommendations:

  1. Optional: Add CHANGELOG.md entry if your project tracks development dependency updates
  2. Verify: Ensure CI/CD tests pass with the new virtualenv version to confirm compatibility

The PR is safe to merge.

Automated code review analyzing defects and coding standards

@docktermj docktermj self-assigned this Jan 14, 2026
@docktermj docktermj requested a review from a team as a code owner January 14, 2026 16:23
@github-actions
Copy link

github-actions bot commented Jan 14, 2026

🤖 Claude Code Review

I'll analyze this pull request against the review checklist. Let me examine the changes systematically.

Code Review Analysis

✅ Code Quality

Style Guide Compliance:

  • ✅ The changes follow the Senzing code style guide
  • ✅ No Python code changes are present in this PR (only configuration and documentation files)

Commented-out Code:

  • ✅ No commented-out code detected

Variable Names:

  • ✅ N/A - No code changes

DRY Principle:

  • ✅ N/A - No code changes

Defects:

  • ✅ No defects identified in the configuration changes

Project Memory (.claude/CLAUDE.md):

  • ✅ The new .claude/CLAUDE.md file contains appropriate general guidance that would work for any developer
  • ✅ No environment-specific paths or local configurations are hardcoded

✅ Testing

  • ✅ N/A - This PR contains only configuration, workflow, and documentation updates. No functional code changes require new tests.

Note: The pylint.yaml workflow was updated to trigger only on PRs (not all pushes), which is a good practice change. The workflow now includes Python 3.13 and removes Python 3.9 support.

⚠️ Documentation

✅ Readme: No changes needed (mapper-specific README not modified)

✅ API docs: N/A - No API changes

✅ Inline comments: N/A - No code changes

❌ CHANGELOG.md:

  • File: CHANGELOG.md:8-16
  • The CHANGELOG was updated but does not document the actual changes made in this PR
  • Current entry shows only "Initial content" for version 1.0.0
  • Should include entries documenting the addition of Claude configuration, workflow improvements, dependency management migration to pyproject.toml, and Code of Conduct updates

✅ Markdown Formatting:

  • All markdown files appear to follow CommonMark specification
  • Proper formatting with reference-style links in CONTRIBUTING.md
  • ✅ No extra whitespaces detected in the diff
  • The markdown files are well-structured with proper headers and formatting

✅ Security

✅ No hardcoded credentials: No credentials detected

✅ Input validation: N/A - No code changes

✅ Proper error handling: N/A - No code changes

✅ No sensitive data in logs: N/A - No code changes

✅ License files: No .lic files or AQAAAD strings detected

Summary

This is a primarily administrative PR that modernizes the repository structure:

Key Changes:

  1. ✅ Adds Claude Code integration (.claude/CLAUDE.md and updated commands)
  2. ✅ Migrates dependency management from requirements.txt files to pyproject.toml (modern Python packaging)
  3. ✅ Updates GitHub workflows (concurrency controls, Python version matrix 3.10-3.13)
  4. ✅ Updates Code of Conduct to v3.0
  5. ✅ Improves CONTRIBUTING.md with reference-style links
  6. ✅ Adds SECURITY.md policy
  7. ✅ Modernizes dependabot configuration with cooldown periods
  8. ✅ Fixes formatting in CODEOWNERS (whitespace)

Issues Found:

❌ CHANGELOG.md Missing Updates (Minor)

  • Location: CHANGELOG.md:8-16
  • The CHANGELOG should document this PR's changes instead of just showing "Initial content"
  • Recommendation: Add a new unreleased section documenting: Claude integration, pyproject.toml migration, workflow improvements, documentation updates

Overall Assessment:

This is a well-executed infrastructure modernization PR. The only issue is the incomplete CHANGELOG. All other aspects meet quality standards. The changes are safe, improve developer experience, and follow modern Python packaging practices.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit b765288 into main Jan 14, 2026
31 checks passed
@docktermj docktermj deleted the dependabot/pip/virtualenv-20.36.1 branch January 14, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@docktermj