Skip to content

Bump the production-dependencies group with 4 updates#1991

Merged
nishtha-kalra merged 1 commit into
mainfrom
dependabot/pip/production-dependencies-3d019491ba
Jun 9, 2026
Merged

Bump the production-dependencies group with 4 updates#1991
nishtha-kalra merged 1 commit into
mainfrom
dependabot/pip/production-dependencies-3d019491ba

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 4 updates: idna, python-discovery, virtualenv and pip.

Updates idna from 3.16 to 3.17

Changelog

Sourced from idna's changelog.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.
Commits
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • 354eee9 Apply ruff format to uts46data.py
  • 8c34ffc Refactor uts46data into parallel arrays
  • 1189629 Range-encode joining_types for compact representation
  • f90b87a Generic length limit for functions
  • d6ffd28 Merge pull request #247 from kjd/release-3.16
  • See full diff in compare view

Updates python-discovery from 1.3.1 to 1.4.0

Release notes

Sourced from python-discovery's releases.

v1.4.0

What's Changed

Full Changelog: tox-dev/python-discovery@1.3.2...1.4.0

v1.3.2

What's Changed

Full Changelog: tox-dev/python-discovery@1.3.1...1.3.2

Changelog

Sourced from python-discovery's changelog.

Features - 1.4.0

  • Add debug_build attribute to :class:PythonInfo exposing whether the interpreter is a debug build (Py_DEBUG) - by :user:gaborbernat. (:issue:80)

v1.3.2 (2026-05-27)

No significant changes.

v1.3.1 (2026-05-12)

Commits

Updates virtualenv from 21.3.3 to 21.4.2

Release notes

Sourced from virtualenv's releases.

21.4.2

What's Changed

Full Changelog: pypa/virtualenv@21.4.1...21.4.2

21.4.1

What's Changed

Full Changelog: pypa/virtualenv@21.4.0...21.4.1

21.4.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@21.3.3...21.4.0

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 21.4.2

  • Stop deactivate in the bash/zsh activation script from aborting under set -e when hash -r fails (for example with shell hashing disabled) by appending || true, matching CPython venv (gh-149701) and the existing non-deactivate call - by :user:gaborbernat. (:issue:3152)

v21.4.1 (2026-05-28)

Bugfixes - 21.4.1

  • Fix Windows debug build venvlauncher_d.exe substitution never triggering because executables() compared the source executable name instead of the target name, and fix AttributeError on debug_build attribute for interpreter info objects missing the field - by :user:gaborbernat. (:issue:3151)

v21.4.0 (2026-05-28)

Features - 21.4.0

  • Remove dead code targeting Python versions below the supported target range (PyPy 3.6, deprecated importlib APIs) and simplify the runtime import hook in _virtualenv.py - by :user:gaborbernat. (:issue:3149)
  • Support Windows debug builds (python_d.exe, venvlauncher_d.exe) matching CPython venv behavior, remove dead __SCRIPT_DIR__ replacement and has_shim version guard, drop unreachable Python 3.7 branch from pyvenv_launch_patch_active, and fix wheel deprecation message to say >= 3.9 - by :user:gaborbernat. (:issue:3150)

v21.3.3 (2026-05-13)

Commits
  • 3cf1a29 release 21.4.2
  • b724203 🐛 fix(activation): silence deactivate hash -r under set -e (#3152)
  • e88f194 release 21.4.1
  • 6a2d79c 🐛 fix(create): debug build venvlauncher lookup on Windows 3.13+ (#3151)
  • 30bcf62 release 21.4.0
  • 6143498 ✨ feat(create): support Windows debug builds and remove dead code (#3150)
  • ceaf88f ♻️ refactor(create): remove dead code and document droppable paths (#3149)
  • d423ddc [pre-commit.ci] pre-commit autoupdate (#3148)
  • f4a7936 Fix Mermaid flowchart rendering (#3147)
  • 7189e8e [pre-commit.ci] pre-commit autoupdate (#3145)
  • See full diff in compare view

Updates pip from 26.1.1 to 26.1.2

Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

  • Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
  • Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
  • Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)
Commits
  • 31d7d16 Bump for release
  • 79f348c Update AUTHORS.txt
  • 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
  • 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
  • 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
  • fa7854f Use is_within_directory for entry point check
  • d01b46c NEWS ENTRY
  • 7ff8bdd Fix is_within_directory for doubled-slash roots
  • 7ea3466 NEWS ENTRY
  • 85673ea Fix Accept-Encoding to gzip, deflate
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the production-dependencies group with 4 updates
c08fae4 
Bumps the production-dependencies group with 4 updates: [idna](https://github.com/kjd/idna), [python-discovery](https://github.com/tox-dev/python-discovery), [virtualenv](https://github.com/pypa/virtualenv) and [pip](https://github.com/pypa/pip).


Updates `idna` from 3.16 to 3.17
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.17)

Updates `python-discovery` from 1.3.1 to 1.4.0
- [Release notes](https://github.com/tox-dev/python-discovery/releases)
- [Changelog](https://github.com/tox-dev/python-discovery/blob/main/docs/changelog.rst)
- [Commits](tox-dev/python-discovery@1.3.1...1.4.0)

Updates `virtualenv` from 21.3.3 to 21.4.2
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.3.3...21.4.2)

Updates `pip` from 26.1.1 to 26.1.2
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.1.1...26.1.2)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.17'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: python-discovery
  dependency-version: 1.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: virtualenv
  dependency-version: 21.4.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pip
  dependency-version: 26.1.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 8, 2026
@nishtha-kalra nishtha-kalra merged commit ce6398e into main Jun 9, 2026
1 check passed
@nishtha-kalra nishtha-kalra deleted the dependabot/pip/production-dependencies-3d019491ba branch June 9, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nishtha-kalra nishtha-kalra nishtha-kalra approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nishtha-kalra