Skip to content

Bump pipenv from 2024.4.1 to 2026.6.1 in /python/helpers in the pipenv group across 1 directory#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python/helpers/pipenv-7591b6645c
Open

Bump pipenv from 2024.4.1 to 2026.6.1 in /python/helpers in the pipenv group across 1 directory#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python/helpers/pipenv-7591b6645c

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jan 28, 2026
edited
Loading

Bumps the pipenv group with 1 update in the /python/helpers directory: pipenv.

Updates pipenv from 2024.4.1 to 2026.6.1

Release notes

Sourced from pipenv's releases.

Release v2026.6.1

🤖 AI-Generated Changelog

Fixed

  • Prevent mutation of cached parsed Pipfile data during dependency locking, resolving potential issues with corrupted lock state across operations

Changed

  • Updated development dependencies (pip group)

🔗 Full Changelog: pypa/pipenv@v2026.6.0...v2026.6.1

Release v2026.6.0

🤖 AI-Generated Changelog

Security

  • Strip credentials from pip argument vectors to prevent credential exposure in logs and process listings (GHSA-8xgg-v3jj-95m2)
  • Validate tar link targets in data_filter fallback to prevent path traversal during package installation (GHSA-p4qx-p8p6-4gjf)

Added

  • Add documentation for git+ssh package sources in Pipfile

Fixed

  • Fix PIPENV_PROJECT_DIR not being expanded correctly in Pipfile script definitions
  • Fix pipenv shell breaking terminal input echo after exit
  • Fix three regressions introduced in a prior release affecting resolver and marker environment handling
  • Restore target_marker_version helper alias for backwards compatibility
  • Fix _target_marker_environment returning incorrect value when allow_global=True

Changed

  • Vendor in Pip 26.1
  • Cache Pipfile parsing and parallelize hash and candidate lookups for improved performance

Dependencies

  • Bump pygments from 2.19.2 to 2.20.0
  • Bump pytest (development dependency)

🔗 Full Changelog: pypa/pipenv@v2026.5.2...v2026.6.0

Release v2026.5.2

🤖 AI-Generated Changelog

... (truncated)

Changelog

Sourced from pipenv's changelog.

2026.6.1 (2026-04-28)

pipenv 2026.6.1 (2026-04-28)

Bug Fixes

  • Fix pipenv install corrupting existing inline-table or outline-table Pipfile entries (six = {version = "*"}, [packages.requests]). The locker was popping version/ref keys directly off the cached parsed_pipfile document, so subsequent writes emitted six = {} and dropped the version specifier from sibling packages. [#6657](https://github.com/pypa/pipenv/issues/6657) <https://github.com/pypa/pipenv/issues/6657>_

2026.6.0 (2026-04-27)

pipenv 2026.6.0 (2026-04-27)

Bug Fixes

  • Fix pipenv shell breaking terminal input echo on Linux. The previous implementation toggled setecho(True/False) on the spawned child around its internal setup commands, which fought with the shell's own readline termios management — producing permanently-disabled echo (GH-6572) or double-echoed keystrokes (123411223344). fork_compat no longer touches pty termios; instead it drains the synchronisation sentinel from the pexpect buffer twice (once for the echoed command, once for its output) so nothing leaks into interact(). [#6633](https://github.com/pypa/pipenv/issues/6633) <https://github.com/pypa/pipenv/issues/6633>_
  • pipenv run <command> -h <arg> now passes -h through to the command instead of showing pipenv's help. All arguments following run_command are captured verbatim via argparse REMAINDER, so flags like -h that pipenv itself also defines no longer collide with the wrapped command. [#6641](https://github.com/pypa/pipenv/issues/6641) <https://github.com/pypa/pipenv/issues/6641>_
  • Fix ValueError: invalid literal for int() with base 10 when the Pipfile's [requires] section uses a PEP 440 specifier (e.g. python_version = ">=3.9"). Specifier values no longer produce a Python-version override; the running interpreter's actual version is used for marker evaluation instead. [#6645](https://github.com/pypa/pipenv/issues/6645) <https://github.com/pypa/pipenv/issues/6645>_
  • Install-time marker filtering now evaluates environment markers against the target virtualenv's Python version rather than against the Python version that pipenv itself is running under. This prevents spurious Ignoring …: markers … don't match your environment warnings (and the corresponding missing installs) when pipenv sync --python X.Y is driven by a different system Python. [#6647](https://github.com/pypa/pipenv/issues/6647) <https://github.com/pypa/pipenv/issues/6647>_
  • pipenv run now expands $PIPENV_PROJECT_DIR and other Pipenv-managed environment variables inside Pipfile script arguments before direct command execution, so project-relative script paths resolve correctly. [#6652](https://github.com/pypa/pipenv/issues/6652) <https://github.com/pypa/pipenv/issues/6652>_

... (truncated)

Commits
  • da2c9d9 Release v2026.6.1
  • e945cfe Bumped version to 2026.6.1.
  • 1e9ca66 chore(deps-dev): bump the pip group across 1 directory with 2 updates (#6658)
  • 87dffe0 fix: don't mutate cached parsed_pipfile when locking deps (#6657)
  • 75a07fc Release v2026.6.0
  • 2430757 Bumped version to 2026.6.0.
  • 6c0e631 Vendor in Pip 26.1 (#6656)
  • 4cf7d9f Fix Pipfile script expansion for PIPENV_PROJECT_DIR (#6655)
  • 838d0b3 perf: cache Pipfile parse, parallelize hash/candidate lookups, harden benchma...
  • 551d3ae docs: added git+ssh package source documentation for Pipfile (#6651)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 28, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jan 28, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Jan 28, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from ae30386 to e5cf010 Compare January 29, 2026 02:42
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from a44b4fd to 576bc30 Compare February 1, 2026 16:12
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 576bc30 to b4279cb Compare February 8, 2026 16:05
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from b4279cb to 86fff41 Compare February 22, 2026 16:06
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from 6248a7a to 38e3f1a Compare March 8, 2026 16:05
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 38e3f1a to fe92060 Compare March 15, 2026 16:05
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from fe92060 to 406f8e7 Compare March 29, 2026 16:05
@dependabot dependabot Bot changed the title Bump pipenv from 2024.4.1 to 2026.0.3 in /python/helpers in the pipenv group Bump pipenv from 2024.4.1 to 2026.5.2 in /python/helpers in the pipenv group across 1 directory Apr 26, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 406f8e7 to 1b8fd9d Compare April 26, 2026 16:06
@dependabot dependabot Bot changed the title Bump pipenv from 2024.4.1 to 2026.5.2 in /python/helpers in the pipenv group across 1 directory Bump pipenv from 2024.4.1 to 2026.6.1 in /python/helpers in the pipenv group across 1 directory May 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from dcb8ace to 47e1ca8 Compare May 3, 2026 16:06
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 47e1ca8 to a458541 Compare May 10, 2026 16:06
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from a458541 to b2dad05 Compare May 17, 2026 16:07
@dependabot
Bump pipenv in /python/helpers in the pipenv group across 1 directory
815b6df 
Bumps the pipenv group with 1 update in the /python/helpers directory: [pipenv](https://github.com/pypa/pipenv).


Updates `pipenv` from 2024.4.1 to 2026.6.1
- [Release notes](https://github.com/pypa/pipenv/releases)
- [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.md)
- [Commits](pypa/pipenv@v2024.4.1...v2026.6.1)

---
updated-dependencies:
- dependency-name: pipenv
  dependency-version: 2026.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pipenv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from b2dad05 to 815b6df Compare May 24, 2026 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file L: python python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants