Skip to content

Bump virtualenv from 20.29.3 to 20.36.1 #165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
per1234 merged 1 commit into from
Jan 14, 2026
Merged

Bump virtualenv from 20.29.3 to 20.36.1 #165

per1234 merged 1 commit into from
Jan 14, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2026
edited
Loading

Bumps virtualenv from 20.29.3 to 20.36.1.

Release notes

Sourced from virtualenv's releases.

20.36.1

What's Changed

Full Changelog: pypa/virtualenv@20.36.0...20.36.1

20.36.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

20.35.3

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)

v20.36.0 (2026-01-07)


Features - 20.36.0

  • Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

- Fix race condition in ``_virtualenv.py`` when file is overwritten during import, preventing ``NameError`` when ``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:

    

  • pip to 25.3 from 25.2 (:issue:2989)
    • 



v20.35.3 (2025-10-10)


Bugfixes - 20.35.3

  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)

v20.35.2 (2025-10-10)

Bugfixes - 20.35.2

- Revert out changes related to the extraction of the discovery module - by :user:`gaborbernat`. (:issue:`2978`)

v20.35.1 (2025-10-09)


Bugfixes - 20.35.1

  • Patch get_interpreter to handle missing cache and app_data - by :user:esafak (:issue:2972)
  • Fix backwards incompatible changes to PythonInfo - by :user:gaborbernat. (:issue:2975)

v20.35.0 (2025-10-08)

Features - 20.35.0

... (truncated)

Commits
  • d0ad11d release 20.36.1
  • dec4cec Merge pull request #3013 from gaborbernat/fix-sec
  • 5fe5d38 release 20.36.0 (#3011)
  • 9719376 release 20.36.0
  • 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
  • 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
  • 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
  • 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
  • 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
  • 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
@per1234
Copy link
Collaborator

per1234 commented Jan 14, 2026

@dependabot rebase.
@dependabot dependabot bot force-pushed the dependabot/pip/virtualenv-20.36.1 branch from 58feef4 to 4d3c1e7 Compare January 14, 2026 05:50
@dependabot @per1234
Bump virtualenv from 20.29.3 to 20.36.1
6a32535 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.29.3 to 20.36.1.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.29.3...20.36.1)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@per1234 per1234 force-pushed the dependabot/pip/virtualenv-20.36.1 branch from 4d3c1e7 to 6a32535 Compare January 14, 2026 05:58
@per1234 per1234 self-assigned this Jan 14, 2026
@per1234 per1234 added type: imperfection Perceived defect in any part of project topic: security Related to the protection of user data topic: infrastructure Related to project infrastructure labels Jan 14, 2026
@per1234 per1234 merged commit 84667e2 into main Jan 14, 2026
21 of 23 checks passed
@per1234 per1234 deleted the dependabot/pip/virtualenv-20.36.1 branch January 14, 2026 06:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

topic: infrastructure Related to project infrastructure topic: security Related to the protection of user data type: imperfection Perceived defect in any part of project

1 participant

@per1234