chore(deps-dev): Bump virtualenv from 20.23.0 to 20.36.1#6350
Open
dependabot[bot] wants to merge 1 commit intomasterfrom
Open
chore(deps-dev): Bump virtualenv from 20.23.0 to 20.36.1#6350dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
dependabot
Bot
added
dependencies
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "feast[test, aws, azure, cassandra, clickhouse, couchbase, delta, docling, duckdb, elasticsearch, faiss, gcp, ge, go, grpcio, hazelcast, hbase, ibis, image, k8s, mcp, milvus, mongodb, mssql, mysql, openlineage, opentelemetry, oracle, spark, trino, postgres, pytorch, qdrant, rag, ray, redis, singlestore, snowflake, sqlite_vec]", | ||
| "build", | ||
| "virtualenv==20.23.0", | ||
| "virtualenv==20.36.1", |
Contributor
There was a problem hiding this comment.
🟡 Lock files not regenerated: CI will still install virtualenv==20.23.0
The pyproject.toml was updated to virtualenv==20.36.1, but all CI lock files still pin virtualenv==20.23.0. Since CI uses uv pip sync with these lock files (via make install-python-dependencies-ci at Makefile:106-116), the version bump has no effect in CI or local dev environments. The stale lock files are: sdk/python/requirements/py3.10-ci-requirements.txt:6191, sdk/python/requirements/py3.11-ci-requirements.txt:6434, sdk/python/requirements/py3.12-ci-requirements.txt:6421, and pixi.lock:2350. Running make lock-python-dependencies-all is needed to regenerate them.
Prompt for agents
The pyproject.toml now specifies virtualenv==20.36.1 but the CI lock files (sdk/python/requirements/py3.{10,11,12}-ci-requirements.txt and pixi.lock) still pin virtualenv==20.23.0. Since CI environments install from the lock files via uv pip sync (see Makefile lines 106-116), the version bump will not take effect until the lock files are regenerated. Run `make lock-python-dependencies-all` (Makefile:133) to regenerate all requirement lock files, and also update pixi.lock to reflect the new version.
Was this helpful? React with 👍 or 👎 to provide feedback.
dependabot
Bot
force-pushed
the
dependabot/pip/virtualenv-20.36.1
branch
from
0e1abda to
645773c
Compare
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.23.0 to 20.36.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.23.0...20.36.1) --- updated-dependencies: - dependency-name: virtualenv dependency-version: 20.36.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/pip/virtualenv-20.36.1
branch
from
645773c to
8a7b786
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps virtualenv from 20.23.0 to 20.36.1.
Release notes
Sourced from virtualenv's releases.
... (truncated)
Changelog
Sourced from virtualenv's changelog.
... (truncated)
Commits
d0ad11drelease 20.36.1dec4cecMerge pull request #3013 from gaborbernat/fix-sec5fe5d38release 20.36.0 (#3011)9719376release 20.36.00276db6Add support for PEP 440 version specifiers in the--pythonflag. (#3008)4f900c2Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...13afcc6fix: resolve EncodingWarning in tox upgrade environment (#3007)31b5d31[pre-commit.ci] pre-commit autoupdate (#2997)7c28422fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...365628ctest_too_many_open_files: assert onerrno.EMFILEinstead ofstrerror(#3001)