Bump pipenv from 2025.0.3 to 2026.0.1

[dependabot]

Bumps pipenv from 2025.0.3 to 2026.0.1.

Release notes

Sourced from pipenv's releases.

Release v2026.0.1

What's Changed

• Fix pip.conf index-url not being honored after pip 25.3 update by @​matteius in pypa/pipenv#6479
• Fix: Respect PIPENV_VERBOSITY=-1 for .env loading message by @​matteius in pypa/pipenv#6480
• Fix: Suppress duplicate .env loading message in nested pipenv invocations by @​matteius in pypa/pipenv#6481
• Include unit tests in sdist for downstream distribution testing by @​matteius in pypa/pipenv#6482
• docs: Comprehensive documentation updates by @​matteius in pypa/pipenv#6483
• Fix prerelease versions being selected without --pre flag by @​matteius in pypa/pipenv#6484

Full Changelog: pypa/pipenv@v2026.0.0...v2026.0.1

Release v2026.0.0

What's Changed

• Requested quiet addition 6287 by @​matteius in pypa/pipenv#6393
• PEP 751 experimental pylock.toml support by @​matteius in pypa/pipenv#6391
• Fix --dev-only requirements filtering and scan command docs by @​matteius in pypa/pipenv#6451
• Fix --quiet flag to actually suppress output during install by @​matteius in pypa/pipenv#6452
• Validate Python version when using --system flag by @​matteius in pypa/pipenv#6453
• Enhance --system flag support for Docker workflows by @​matteius in pypa/pipenv#6454
• Fix pipenv update incorrectly marking all packages as modified by @​matteius in pypa/pipenv#6455
• Handle venv_resolve_deps exception by @​matteius in pypa/pipenv#6456
• PEP660 editable VCS dependencies not reinstalled correctly by @​matteius in pypa/pipenv#6362
• Support --dev flag for uninstall by @​matteius in pypa/pipenv#6392
• Fix Issue 6347: default constraints not applying to other categories by @​matteius in pypa/pipenv#6364
• Add pipenv audit command using pip-audit for vulnerability scanning by @​matteius in pypa/pipenv#6457
• Update vendored pipdeptree to 2.30.0 by @​matteius in pypa/pipenv#6458
• Fix pipenv graph not showing version info for dependencies by @​matteius in pypa/pipenv#6459
• Update Docker docs to clarify --system flag usage by @​matteius in pypa/pipenv#6461
• Fix PIPENV_ACTIVE not being unset on deactivate by @​matteius in pypa/pipenv#6462
• Fix markers not being respected for file and VCS dependencies by @​matteius in pypa/pipenv#6460
• Fix pipenv check --quiet not working properly by @​matteius in pypa/pipenv#6463
• Fix pipenv update --dev updating transitive deps independently by @​matteius in pypa/pipenv#6464
• Fix editable package name incorrectly parsed from test files by @​matteius in pypa/pipenv#6465
• Fix VCS dependencies not reinstalling when ref/commit changes by @​matteius in pypa/pipenv#6466
• Fix pipenv-resolver CLI not working by @​matteius in pypa/pipenv#6468
• Fix SSH git username being incorrectly redacted by @​matteius in pypa/pipenv#6469
• Fix malformed lockfile exiting successfully with code 0 by @​matteius in pypa/pipenv#6467
• Fix Windows CI failures and validate --index argument by @​matteius in pypa/pipenv#6470
• Improve resolver error display for end users by @​matteius in pypa/pipenv#6471
• Fix subprocess deadlock in resolver causing pipenv lock to hang by @​matteius in pypa/pipenv#6472
• Fix --lock-only flag for pipenv upgrade command by @​matteius in pypa/pipenv#6473
• Fix Windows shutil.rmtree error on Python 3.12+ by @​matteius in pypa/pipenv#6474
• Add PIPENV_PYENV_AUTO_INSTALL environment variable by @​matteius in pypa/pipenv#6475
• Fix typo in get_constraints_from_deps version formatting by @​matteius in pypa/pipenv#6476
• Fix benchmark CI hanging due to pipe buffer deadlock by @​matteius in pypa/pipenv#6477

Full Changelog: pypa/pipenv@v2025.1.3...v2026.0.0

... (truncated)

Changelog

Sourced from pipenv's changelog.

2026.0.1 (2025-12-10)

pipenv 2026.0.1 (2025-12-10)

Bug Fixes

• Fix reading of index-url from pip configuration files (/etc/pip.conf, ~/.pip/pip.conf, etc.) which was broken after vendoring pip 25.3 due to a change in pip's Configuration.items() return format. [#6478](https://github.com/pypa/pipenv/issues/6478) <https://github.com/pypa/pipenv/issues/6478>_ 2026.0.0 (2025-12-10) ===================== pipenv 2026.0.0 (2025-12-10) ============================

Features & Improvements

• Add --system flag to pipenv run command. This allows running scripts defined in Pipfile's [scripts] section without creating a virtualenv, which is useful in Docker environments where packages are installed with pipenv install --system. [#2692](https://github.com/pypa/pipenv/issues/2692) <https://github.com/pypa/pipenv/issues/2692>_

• Allow pipenv install --system <package> to install specific packages to the system Python. Previously this was blocked with an error message. This enables Docker workflows where users want to interactively add packages to a project that uses system-level installation. [#4086](https://github.com/pypa/pipenv/issues/4086) <https://github.com/pypa/pipenv/issues/4086>_

• Added support for PEP 751 pylock.toml files:

  • Reading: When both a Pipfile.lock and a pylock.toml file exist, Pipenv will prioritize the pylock.toml file.
  • Writing: Add use_pylock = true to the [pipenv] section of your Pipfile to generate pylock.toml files alongside Pipfile.lock.
  • Customization: Use pylock_name = "name" in the [pipenv] section to generate named pylock files (e.g., pylock.name.toml). [#6391](https://github.com/pypa/pipenv/issues/6391) <https://github.com/pypa/pipenv/issues/6391>_

• Add support for --dev flag in pipenv uninstall command to remove packages from dev-packages section directly. [#6392](https://github.com/pypa/pipenv/issues/6392) <https://github.com/pypa/pipenv/issues/6392>_

• Add PIPENV_PYENV_AUTO_INSTALL environment variable to automatically install missing Python versions via pyenv or asdf without prompting the user. [#6408](https://github.com/pypa/pipenv/issues/6408) <https://github.com/pypa/pipenv/issues/6408>_

Bug Fixes

• Fix --system and --python flags to work together correctly. Previously, using both flags would still create a virtualenv. Now when --system is used with --python, pipenv validates that the specified Python version exists on the system and raises a clear error if not found. [#4973](https://github.com/pypa/pipenv/issues/4973) <https://github.com/pypa/pipenv/issues/4973>_
• Make --quiet flag actually suppress output during pipenv install and pipenv sync. Previously, messages like "Installing dependencies from Pipfile.lock" and "All dependencies are now up-to-date!" were shown even with --quiet. [#5037](https://github.com/pypa/pipenv/issues/5037) <https://github.com/pypa/pipenv/issues/5037>_
• Fix SSH git username being incorrectly redacted to **** when importing from requirements.txt, which caused lockfile generation to fail. [#5599](https://github.com/pypa/pipenv/issues/5599) <https://github.com/pypa/pipenv/issues/5599>_
• Fix malformed Pipfile.lock causing command to exit successfully with code 0. Now raises LockfileCorruptException which properly propagates as an error. [#5622](https://github.com/pypa/pipenv/issues/5622) <https://github.com/pypa/pipenv/issues/5622>_
• Fix VCS dependencies (git, etc.) not being reinstalled when the ref/commit changes in the lockfile. Previously, pipenv update would update the lockfile with the new commit hash but the installed

... (truncated)

Commits

• c251df2 Release v2026.0.1
• 3061b8f Bumped version to 2026.0.1.
• 5c6963f Fix prerelease versions being selected without --pre flag (#6484)
• 1093b07 Revert "Fix prerelease versions being selected without --pre flag"
• e7a52e5 Fix prerelease versions being selected without --pre flag
• bfaff80 Fix --ignore-pipfile flag not being passed to do_init()
• c4fe87a Add documentation for package names with dots
• 1d7d546 Fix flaky test_download_file by mocking network requests
• 9e47191 docs: Comprehensive documentation updates (#6483)
• d46217b Include unit tests in sdist for downstream distribution testing (#6482)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #275.