- Properly quote string placeholders in activation script templates to mitigate
potential command injection - by :user:`y5c4l3`. (:issue:`2768`)
v20.26.5 (2024-09-17)
Bugfixes - 20.26.5
Upgrade embedded wheels: setuptools to 75.1.0 from 74.1.2 - by :user:gaborbernat. (:issue:2765)
v20.26.4 (2024-09-07)
Bugfixes - 20.26.4
- no longer create `()` output in console during activation of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:
wheel to 0.44.0 from 0.43.0
pip to 24.2 from 24.1
setuptools to 74.1.2 from 70.1.0 (:issue:2760)
v20.26.3 (2024-06-21)
Bugfixes - 20.26.3
Upgrade embedded wheels:
setuptools to 70.1.0 from 69.5.1
pip to 24.1 from 24.0 (:issue:2741)
v20.26.2 (2024-05-13)
Bugfixes - 20.26.2
- ``virtualenv.pyz`` no longer fails when zipapp path contains a symlink - by :user:`HandSonic` and :user:`petamas`. (:issue:`1949`)
- Fix bad return code from activate.sh if hashing is disabled - by :user:'fenkes-ibm'. (:issue:`2717`)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
4 days ago
Bumps virtualenv from 20.24.5 to 20.26.6.
Release notes
Sourced from virtualenv's releases.
... (truncated)
Changelog
Sourced from virtualenv's changelog.
... (truncated)
Commits
ec04726release 20.26.686dddedFix #2768: Quote template strings in activation scripts (#2771)6bb3f62[pre-commit.ci] pre-commit autoupdate (#2769)220d49cBump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 (#2767)cf340c8Merge pull request #2766 from pypa/release-20.26.5f3172b4release 20.26.522b9795Use uv over pip (#2765)35d8269[pre-commit.ci] pre-commit autoupdate (#2764)ee77feb[pre-commit.ci] pre-commit autoupdate (#2763)c516056Update README.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show