Skip to content

Bump pipenv from 2024.4.1 to 2026.6.2 in /python/helpers in the pipenv group across 1 directory#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python/helpers/pipenv-7591b6645c
Open

Bump pipenv from 2024.4.1 to 2026.6.2 in /python/helpers in the pipenv group across 1 directory#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python/helpers/pipenv-7591b6645c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 28, 2026

Copy link
Copy Markdown

Bumps the pipenv group with 1 update in the /python/helpers directory: pipenv.

Updates pipenv from 2024.4.1 to 2026.6.2

Release notes

Sourced from pipenv's releases.

Release v2026.6.2

🤖 AI-Generated Changelog

Added

  • Support cool-down-period configuration in the [pipenv] section of the Pipfile

Fixed

  • Credentials defined in Pipfile now take precedence over .netrc; environment variables in pylock source URLs are now expanded correctly
  • Re-lock all Pipfile entries when running pipenv update with no packages specified

Changed

  • Bump plette vendor dependency to 2.2.1
  • Bump idna dependency in the pip group

🔗 Full Changelog: pypa/pipenv@v2026.6.1...v2026.6.2

Release v2026.6.1

🤖 AI-Generated Changelog

Fixed

  • Prevent mutation of cached parsed Pipfile data during dependency locking, resolving potential issues with corrupted lock state across operations

Changed

  • Updated development dependencies (pip group)

🔗 Full Changelog: pypa/pipenv@v2026.6.0...v2026.6.1

Release v2026.6.0

🤖 AI-Generated Changelog

Security

  • Strip credentials from pip argument vectors to prevent credential exposure in logs and process listings (GHSA-8xgg-v3jj-95m2)
  • Validate tar link targets in data_filter fallback to prevent path traversal during package installation (GHSA-p4qx-p8p6-4gjf)

Added

  • Add documentation for git+ssh package sources in Pipfile

Fixed

  • Fix PIPENV_PROJECT_DIR not being expanded correctly in Pipfile script definitions
  • Fix pipenv shell breaking terminal input echo after exit
  • Fix three regressions introduced in a prior release affecting resolver and marker environment handling
  • Restore target_marker_version helper alias for backwards compatibility
  • Fix _target_marker_environment returning incorrect value when allow_global=True

... (truncated)

Changelog

Sourced from pipenv's changelog.

2026.6.2 (2026-06-02)

pipenv 2026.6.2 (2026-06-02)

Features & Improvements

  • Added support for cool-down-period in the [pipenv] section of the Pipfile. Setting cool-down-period = "30d" instructs the resolver to only consider package versions uploaded at least the specified number of days ago, via pip's --uploaded-prior-to flag.

Bug Fixes

  • Restored authentication to private indexes when [[source]] URLs use environment-variable placeholders. The GHSA-8xgg-v3jj-95m2 fix moved credentials off pip's argv onto a merged netrc, but write_credentials_netrc wrote our Pipfile-derived machine blocks BEFORE the appended user netrc — and netrc.authenticators() returns the LAST matching entry, so a stale system entry for the same host silently overrode the freshly-expanded creds. Our blocks now come AFTER the user's existing content. Additionally, the pylock.toml reader now runs expand_url_credentials over its sources so users with [pipenv] use_pylock = true see the same env-var expansion that Pipfile.lock reads have always had. [#6670](https://github.com/pypa/pipenv/issues/6670) <https://github.com/pypa/pipenv/issues/6670>_
  • Restored documented pipenv update (no args) semantics of lock + sync. Since 2026.0.0, pipenv update only re-resolved Pipfile entries whose locked version no longer satisfied the Pipfile specifier, so relaxing a pin (e.g. urllib3 = "<2.7.0"urllib3 = "*") would not pick up newer allowed releases — the lockfile silently stayed at the existing pin. pipenv update now routes through do_lock when no packages are given, re-resolving every Pipfile entry. The targeted pipenv update <pkg> path is unchanged. [#6672](https://github.com/pypa/pipenv/issues/6672) <https://github.com/pypa/pipenv/issues/6672>_

Vendored Libraries

  • Bump vendored plette to 2.2.1.

2026.6.1 (2026-04-28)

pipenv 2026.6.1 (2026-04-28)

Bug Fixes

... (truncated)

Commits
  • 31296c5 Merge pull request #6679 from pypa/ci/update-github-actions
  • 19c1717 ci: update GitHub Actions to latest versions
  • fdd6c7c Changelog
  • ab4a77b Bumped version to 2026.6.2.
  • c1739c9 Merge pull request #6671 from pypa/fix/6670-env-var-source-url-auth
  • b7605d0 Merge pull request #6674 from pypa/dependabot/pip/pip-d665ee01e3
  • de873e1 Merge pull request #6675 from pypa/fix/6672-update-relock-when-no-packages
  • 04b8693 fix(update): re-lock all Pipfile entries when no packages are given (#6672)
  • cdaea3f chore(deps): bump idna in the pip group across 0 directory
  • eff007f chore(deps): bump idna in /examples in the pip group across 1 directory (#6673)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 28, 2026
@coderabbitai

coderabbitai Bot commented Jan 28, 2026

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from ae30386 to e5cf010 Compare January 29, 2026 02:42
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from a44b4fd to 576bc30 Compare February 1, 2026 16:12
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 576bc30 to b4279cb Compare February 8, 2026 16:05
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from b4279cb to 86fff41 Compare February 22, 2026 16:06
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from 6248a7a to 38e3f1a Compare March 8, 2026 16:05
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 38e3f1a to fe92060 Compare March 15, 2026 16:05
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from fe92060 to 406f8e7 Compare March 29, 2026 16:05
@dependabot dependabot Bot changed the title Bump pipenv from 2024.4.1 to 2026.0.3 in /python/helpers in the pipenv group Bump pipenv from 2024.4.1 to 2026.5.2 in /python/helpers in the pipenv group across 1 directory Apr 26, 2026
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 406f8e7 to 1b8fd9d Compare April 26, 2026 16:06
@dependabot dependabot Bot changed the title Bump pipenv from 2024.4.1 to 2026.5.2 in /python/helpers in the pipenv group across 1 directory Bump pipenv from 2024.4.1 to 2026.6.1 in /python/helpers in the pipenv group across 1 directory May 2, 2026
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from dcb8ace to 47e1ca8 Compare May 3, 2026 16:06
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 47e1ca8 to a458541 Compare May 10, 2026 16:06
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from b2dad05 to 815b6df Compare May 24, 2026 16:06
@dependabot dependabot Bot changed the title Bump pipenv from 2024.4.1 to 2026.6.1 in /python/helpers in the pipenv group across 1 directory Bump pipenv from 2024.4.1 to 2026.6.2 in /python/helpers in the pipenv group across 1 directory Jun 28, 2026
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch 2 times, most recently from 7c8da5a to 1bbe5ba Compare July 5, 2026 16:04
Bumps the pipenv group with 1 update in the /python/helpers directory: [pipenv](https://github.com/pypa/pipenv).


Updates `pipenv` from 2024.4.1 to 2026.6.2
- [Release notes](https://github.com/pypa/pipenv/releases)
- [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.md)
- [Commits](pypa/pipenv@v2024.4.1...v2026.6.2)

---
updated-dependencies:
- dependency-name: pipenv
  dependency-version: 2026.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pipenv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/pip/python/helpers/pipenv-7591b6645c branch from 1bbe5ba to cc4f31c Compare July 12, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file L: python python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants