Skip to content

Bump pipenv from 2026.0.3 to 2026.1.0#158

Merged
Tsingis merged 1 commit intomainfrom
dependabot/pip/pipenv-2026.1.0
Mar 13, 2026
Merged

Bump pipenv from 2026.0.3 to 2026.1.0#158
Tsingis merged 1 commit intomainfrom
dependabot/pip/pipenv-2026.1.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Bumps pipenv from 2026.0.3 to 2026.1.0.

Release notes

Sourced from pipenv's releases.

Release v2026.1.0

🤖 AI-Generated Changelog

Fixed

  • Fixed regression in handling of packaging version strings with prereleases
  • Fixed regression with editable dependencies and extras in lock file resolution
  • Fixed path output displaying an additional leading forward slash
  • Fixed MD5 usage to support FIPS-enabled Python environments
  • Restored max retry behavior for install operations
  • Improved install failure messaging with dependency context

Changed

  • Vendored pip 26.0.1 with updated compatibility patches
  • Updated SearchScope dataclass to use slots=True parameter, resolving __slots__ conflict with default values
  • Bumped virtualenv from 20.35.4 to 20.36.1
  • Bumped urllib3 from 2.6.0 to 2.6.3
  • Clarified path dependency default install behavior in documentation
  • Updated locked dependencies

Security

  • Fixed MD5 checksum handling to use FIPS-compliant alternatives in restricted Python environments

🔗 Full Changelog: pypa/pipenv@v2026.0.3...v2026.1.0

Changelog

Sourced from pipenv's changelog.

2026.1.0 (2026-03-13)

pipenv 2026.1.0 (2026-03-13)

No significant changes.

Commits
  • f07de74 Release v2026.1.0
  • 8fc7ce4 Bumped version to 2026.1.0.
  • 0f1c02a Fix regression with change to packaging version and prereleases.
  • ec117a3 Fix regression discovered by tests regarding editable dependencies and extras.
  • 5c1bbcf Merge pull request #6530 from pypa/2026-vendoring
  • 9bb35fd complete revendoring
  • 4fc64ce Bump vendoring
  • e9f71e2 Merge pull request #6520 from shobhit747/main
  • 588cc9e Merge pull request #6519 from pypa/vendor-pip-26.0.1
  • 6043547 Merge branch 'main' into vendor-pip-26.0.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump pipenv from 2026.0.3 to 2026.1.0
4423e1f 
Bumps [pipenv](https://github.com/pypa/pipenv) from 2026.0.3 to 2026.1.0.
- [Release notes](https://github.com/pypa/pipenv/releases)
- [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.md)
- [Commits](pypa/pipenv@v2026.0.3...v2026.1.0)

---
updated-dependencies:
- dependency-name: pipenv
  dependency-version: 2026.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 13, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 13, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Tsingis Tsingis merged commit 16746e8 into main Mar 13, 2026
5 checks passed
@dependabot dependabot bot deleted the dependabot/pip/pipenv-2026.1.0 branch March 13, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Tsingis