Bump virtualenv from 20.35.4 to 20.36.0

[dependabot]

Bumps virtualenv from 20.35.4 to 20.36.0.

Release notes

Sourced from virtualenv's releases.

20.36.0

What's Changed

• release 20.35.3 by @​gaborbernat in pypa/virtualenv#2981
• fix: Prevent NameError when accessing _DISTUTILS_PATCH during file ov… by @​gracetyy in pypa/virtualenv#2982
• Upgrade pip and fix 3.15 picking old wheel by @​gaborbernat in pypa/virtualenv#2989
• release 20.35.4 by @​gaborbernat in pypa/virtualenv#2990
• fix: wrong path on migrated venv by @​sk1234567891 in pypa/virtualenv#2996
• test_too_many_open_files: assert on errno.EMFILE instead of strerror by @​pltrz in pypa/virtualenv#3001
• fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 by @​pythonhubdev in pypa/virtualenv#3002
• fix: resolve EncodingWarning in tox upgrade environment by @​gaborbernat in pypa/virtualenv#3007
• Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 by @​rahuldevikar in pypa/virtualenv#3006
• Add support for PEP 440 version specifiers in the --python flag. by @​rahuldevikar in pypa/virtualenv#3008

New Contributors

• @​gracetyy made their first contribution in pypa/virtualenv#2982
• @​sk1234567891 made their first contribution in pypa/virtualenv#2996
• @​pltrz made their first contribution in pypa/virtualenv#3001
• @​pythonhubdev made their first contribution in pypa/virtualenv#3002
• @​rahuldevikar made their first contribution in pypa/virtualenv#3006

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

Changelog

Sourced from virtualenv's changelog.

v20.36.0 (2026-01-07)

Features - 20.36.0

- Add support for PEP 440 version specifiers in the ``--python`` flag. Users can now specify Python versions using operators like ``>=``, ``<=``, ``~=``, etc. For example: ``virtualenv --python=">=3.12" myenv`` `. (:issue:`2994`)

Commits

• 9719376 release 20.36.0
• 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
• 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
• 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
• 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
• 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
• 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
• 5d09a90 fix: wrong path on migrated venv (#2996)
• 23032cb [pre-commit.ci] pre-commit autoupdate (#2995)
• 70afcd7 [pre-commit.ci] pre-commit autoupdate (#2993)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #3008
Resolves #3
Resolves #3007
Resolves #2997
Resolves #3001
Resolves #2996
Resolves #2995
Resolves #2993
Resolves pypa/virtualenv#2981
Resolves pypa/virtualenv#2982
Resolves pypa/virtualenv#2989
Resolves pypa/virtualenv#2990
Resolves pypa/virtualenv#2996
Resolves pypa/virtualenv#3001
Resolves pypa/virtualenv#3002
Resolves pypa/virtualenv#3007
Resolves pypa/virtualenv#3006
Resolves pypa/virtualenv#3008

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

The change follows the style guide. It's a simple dependency version update in the pyproject.toml file with proper formatting.

✅ No commented-out code

No commented-out code present in this diff.

✅ Meaningful variable names

N/A - This is a dependency version update, no variables are defined.

✅ DRY principle followed

N/A - Single line change updating a dependency version.

✅ Identify Defects

No defects identified. This is a patch version bump of virtualenv from 20.35.4 to 20.36.0. Patch updates typically contain bug fixes and are backwards compatible. No logic errors, edge cases, or security vulnerabilities introduced.

✅ Project memory configuration

No .claude/CLAUDE.md file detected in the repository that would affect this review.

Testing

⚠️ Unit tests for new functions

N/A - This is a dependency update, not new functionality. However, it would be good practice to verify that existing tests still pass with the updated virtualenv version.

⚠️ Integration tests for new endpoints

N/A - No new endpoints added.

⚠️ Edge cases covered

N/A - Dependency update only.

⚠️ Test coverage > 80%

Cannot determine from this diff. This dependency update should not affect test coverage metrics.

Documentation

✅ Readme updated if needed

N/A - A patch version bump of a development dependency does not require README updates.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No complex logic added.

❌ CHANGELOG.md updated

File: CHANGELOG.md (location not specified in diff)

The CHANGELOG.md was not updated to reflect this dependency update. While minor dependency updates are sometimes not documented, it's best practice to maintain a complete changelog. Consider adding an entry like:

### Changed
- Updated virtualenv from 20.35.4 to 20.36.0 in development dependencies

✅ Markdown files formatting

N/A - No markdown files modified in this diff.

Security

✅ No hardcoded credentials

No credentials present.

✅ Input validation implemented

N/A - Dependency update only.

✅ Proper error handling

N/A - Dependency update only.

✅ No sensitive data in logs

N/A - No logging code changes.

✅ No license files or AQAAAD strings

No .lic files or AQAAAD strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVED with minor suggestion

This is a clean dependency update bumping virtualenv from version 20.35.4 to 20.36.0 in the development dependencies. The change is:

• Low risk (patch version update)
• Properly formatted
• No security concerns
• No code quality issues

Minor Suggestion:

• Consider updating CHANGELOG.md to document this dependency update for completeness

Recommendation: This PR is safe to merge. The only minor improvement would be documenting the change in the CHANGELOG.

Automated code review analyzing defects and coding standards