Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump virtualenv from 20.26.2 to 20.26.6 #3053

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump virtualenv from 20.26.2 to 20.26.6 #3053

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2025
edited by flyte-bot
Loading

Bumps virtualenv from 20.26.2 to 20.26.6.

Release notes

Sourced from virtualenv's releases.

20.26.6

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.26.5...20.26.6

20.26.5

What's Changed

Full Changelog: pypa/virtualenv@20.26.4...20.26.5

20.26.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.26.3...20.26.4

20.26.3

What's Changed

Full Changelog: pypa/virtualenv@20.26.2...20.26.3

Changelog

Sourced from virtualenv's changelog.

v20.26.6 (2024-09-27)

Bugfixes - 20.26.6

- Properly quote string placeholders in activation script templates to mitigate
  potential command injection - by :user:`y5c4l3`. (:issue:`2768`)

v20.26.5 (2024-09-17)


Bugfixes - 20.26.5

  • Upgrade embedded wheels: setuptools to 75.1.0 from 74.1.2 - by :user:gaborbernat. (:issue:2765)

v20.26.4 (2024-09-07)

Bugfixes - 20.26.4

- no longer create `()` output in console during activation of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:

    

  • wheel to 0.44.0 from 0.43.0
    • 

  • pip to 24.2 from 24.1
    • 

  • setuptools to 74.1.2 from 70.1.0 (:issue:2760)
    • 



v20.26.3 (2024-06-21)


Bugfixes - 20.26.3

  • Upgrade embedded wheels:

    • setuptools to 70.1.0 from 69.5.1
    • pip to 24.1 from 24.0 (:issue:2741)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Bito

Updated virtualenv package from 20.26.2 to 20.26.6 in dev-requirements.txt. The update includes security improvements for command injection prevention, enhanced console output during activation, and upgrades to embedded wheels (setuptools, pip, wheel).

Unit tests added: False

Estimated effort to review (1-5, lower is better): 1

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 13, 2025
@flyte-bot
Copy link
Contributor

flyte-bot commented Jan 13, 2025
edited
Loading

Code Review Agent Run Status

  • Limitations and other issues: ❌ Failure - We encountered technical difficulties while attempting to generate code feedback. Please try again or contact [email protected].

@dependabot
Bump virtualenv from 20.26.2 to 20.26.6
2fa5878 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.26.2 to 20.26.6.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.26.2...20.26.6)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/virtualenv-20.26.6 branch from 300ed01 to 2fa5878 Compare February 6, 2025 12:17
@codecov Codecov
Copy link

codecov bot commented Feb 6, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.75%. Comparing base (9d34416) to head (2fa5878).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3053      +/-   ##
==========================================
+ Coverage   46.62%   46.75%   +0.13%     
==========================================
  Files         203      203              
  Lines       21523    21523              
  Branches     2778     2778              
==========================================
+ Hits        10036    10064      +28     
+ Misses      11000    10963      -37     
- Partials      487      496       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@flyte-bot
Copy link
Contributor

flyte-bot commented Feb 6, 2025
edited
Loading

Code Review Agent Run #7eb1ea

Actionable Suggestions - 0
Review Details
  • Files reviewed - 1 · Commit Range: 2fa5878..2fa5878
    • dev-requirements.txt
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful

AI Code Review powered by Bito Logo

@flyte-bot
Copy link
Contributor

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Other Improvements - Dependency Version Update

dev-requirements.txt - Updated virtualenv from 20.26.2 to 20.26.6 with security and bug fixes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wild-endeavor wild-endeavor Awaiting requested review from wild-endeavor wild-endeavor is a code owner

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@eapolinario eapolinario Awaiting requested review from eapolinario eapolinario is a code owner

@pingsutw pingsutw Awaiting requested review from pingsutw pingsutw is a code owner

@cosmicBboy cosmicBboy Awaiting requested review from cosmicBboy cosmicBboy is a code owner

@samhita-alla samhita-alla Awaiting requested review from samhita-alla samhita-alla is a code owner

@thomasjpfan thomasjpfan Awaiting requested review from thomasjpfan thomasjpfan is a code owner

@Future-Outlier Future-Outlier Awaiting requested review from Future-Outlier Future-Outlier is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@flyte-bot