Bump pipenv from 2026.0.3 to 2026.4.0

[dependabot]

Bumps pipenv from 2026.0.3 to 2026.4.0.

Release notes

Sourced from pipenv's releases.

Release v2026.4.0

🤖 AI-Generated Changelog

Added

• --extras CLI option: Specify optional dependency categories directly from the command line
• --exclude-index flag for requirements command: Exclude index URLs from generated requirements output
• PIPENV_PYENV_ONLY environment variable: Restrict Python discovery exclusively to pyenv, ignoring other Python installations
• PIPENV_KEYRING_PROVIDER environment variable: Enable Windows Credential Manager and other keyring backends for private index authentication
• PEP 440 version specifiers in python_version: Pipfile now accepts full PEP 440 specifiers (e.g., >=3.10) for Python version constraints
• [build-system] requires support in Pipfile: Define build system requirements directly in Pipfile
• pipenv sync from pylock.toml: Sync environments using pylock.toml without requiring Pipfile.lock
• Patch files for pip customizations: Vendored pip customizations are now tracked as patch files for transparency

Changed

• pipenv sync and install --ignore-pipfile now work without a Pipfile present
• --system flag support improved across multiple commands
• --all flag for update and upgrade commands fixed to correctly target all packages
• PyPI proper_case lookup timeout increased from 0.3s to 3s to reduce failures on slow networks
• PIPENV_VERSION environment variable is now ignored when running --version flag
• Fish shell completion now supports file path completion for pipenv run arguments

Fixed

• Shell detection on Windows: pipenv shell now correctly launches bash or PowerShell instead of defaulting to cmd
• Shell suspension: pipenv shell now properly suspends with Ctrl+Z (job control restored)
• Shell startup with interactive prompts: pipenv shell activates correctly even when shell startup scripts produce interactive output
• PTY echo restore race condition: Fixed synchronization issue in Docker and similar environments
• Cross-category dependency resolution: Resolved conflicting version pins when resolving dependencies across multiple categories
• Package name normalization in Pipfile hash: Package names are normalized before computing the Pipfile hash, preventing spurious lockfile invalidation
• URL-encoded credentials in Pipfile source URLs: Expanded credentials are now URL-encoded to avoid parsing errors
• sys_platform shorthand markers: Short-form platform markers are now correctly included in pip requirement lines
• Python version marker evaluation: Fixed resolution failures caused by incorrect python_full_version in marker evaluation, including major-only python_version values
• Windows py-launcher full-version matching: Correctly matches python_full_version specifiers when using the Windows py launcher
• Pipfile whitespace and category corruption: Upgrades no longer corrupt unrelated Pipfile sections or strip formatting
• Symlink preservation: Normalizing the Pipfile path no longer resolves symlinks unexpectedly
• Transitive PEP 508 file:// URL dependencies: File-scheme dependencies are now correctly recorded during locking
• Pipfile python_version mismatch with venv: Records the correct Python version when the venv Python and PATH Python disagree
• Editable local-path handling: Hardened handling of editable installs for local paths
• distutils missing fallback: Falls back to sysconfig when distutils is unavailable (Python 3.12+)
• Wheel metadata case preservation: Header install paths now use the wheel metadata package name to preserve original casing
• pip.conf extra-index hash collection: Hashes from pip.conf extra-index URLs are now collected during locking
• pip.conf index suppression at install time: Prevents hash mismatch errors caused by pip.conf injecting extra indexes during install
• Partial updates preserve transitive dependencies: Pinned packages' transitive dependencies are no longer removed during partial updates
• Private index resolution for dev packages: index_lookup is now populated from all Pipfile sections when locking non-default categories
• --where exit code: Fixed incorrect exit code for the --where flag
• _create_builtin_venv_cmd: No longer incorrectly prepends a drive letter to Unix paths when run on Windows
• venv fallback for alternative interpreters: Falls back to built-in venv when virtualenv fails for non-standard interpreters
• ResolutionTooDeepError: Fixed excessive recursion caused by incorrect marker evaluation during resolution

... (truncated)

Changelog

Sourced from pipenv's changelog.

2026.4.0 (2026-03-28)

pipenv 2026.4.0 (2026-03-28)

No significant changes.

2026.3.0 (2026-03-28)

pipenv 2026.3.0 (2026-03-28)

Features & Improvements

• Support --system --python=/path/to/python to install packages to a specific Python interpreter's site-packages. Previously --system always used the default python3 from PATH, ignoring the --python flag. [#3593](https://github.com/pypa/pipenv/issues/3593) <https://github.com/pypa/pipenv/issues/3593>_
• Add --exclude-index flag to pipenv requirements command to allow users to exclude index URLs (-i and --extra-index-url) from the generated output. This is useful when the index is configured separately in the target environment. [#4398](https://github.com/pypa/pipenv/issues/4398) <https://github.com/pypa/pipenv/issues/4398>_
• Add --system flag to pipenv update command, allowing system-level package updates without creating a virtualenv. This is useful in Docker environments and other contexts where packages are installed directly to the system Python. [#5584](https://github.com/pypa/pipenv/issues/5584) <https://github.com/pypa/pipenv/issues/5584>_

Bug Fixes

• pipenv shell now waits for the shell to finish its startup before sending the virtualenv activate script. Previously, interactive prompts during shell startup (e.g. oh-my-zsh's update dialogue) could consume the activate command, leaving the virtualenv unactivated. [#3615](https://github.com/pypa/pipenv/issues/3615) <https://github.com/pypa/pipenv/issues/3615>_

• pipenv --where now exits with a non-zero exit code (1) when no Pipfile is found, making it suitable for use in scripts and CI pipelines. [#4085](https://github.com/pypa/pipenv/issues/4085) <https://github.com/pypa/pipenv/issues/4085>_

• Pass through PIP_IGNORE_INSTALLED and PIP_USER environment variables to pip subprocess when using --system. This fixes pipenv install --deploy --system not respecting these environment variables for Docker multi-stage builds.

  Add PIPENV_BREAK_SYSTEM_PACKAGES environment variable to pass --break-system-packages to pip when using --system on PEP 668 externally-managed environments (e.g. Ubuntu 23.04+, Debian 12+). [#4453](https://github.com/pypa/pipenv/issues/4453) <https://github.com/pypa/pipenv/issues/4453>_

• Fix --system flag causing confusing errors when a stale virtualenv exists from a previously deleted project, or when a virtualenv already exists. When --system is used, pipenv now correctly skips virtualenv creation instead of aborting with "You are attempting to re-create a virtualenv that Pipenv did not create". [#5052](https://github.com/pypa/pipenv/issues/5052) <https://github.com/pypa/pipenv/issues/5052>_

• Shorthand marker keys in Pipfile entries (e.g. sys_platform = "== 'linux'", platform_machine = "== 'arm64'") now behave identically to the equivalent markers syntax. Previously, using the shorthand form caused pip to resolve and download sub-dependencies on all platforms, even though the top-level package was correctly marked as platform-specific in the lock file. The shorthand keys are now translated to PEP 508 markers before building the pip requirement line, so the resolver skips resolution on non-matching platforms. [#5884](https://github.com/pypa/pipenv/issues/5884) <https://github.com/pypa/pipenv/issues/5884>_

• Fix Windows py-launcher Python discovery for full version strings such as python_full_version = "3.11.9" in Pipfile and pipenv --python 3.11.9 on the CLI.

... (truncated)

Commits

• 4cf4758 Release v2026.4.0
• ddb194c Bumped version to 2026.4.0.
• 5352f2c Check pt
• 5ef2f2d Bumped version to 2026.3.0.
• 7062723 Fix shell detection tests on Windows: patch Path in all os.name-mocked tests
• 83f9781 Fix shell detection tests: patch Path to PurePosixPath when mocking os.name a...
• 590c18c Fix shell detection tests: use POSIX paths to avoid WindowsPath on Linux
• 91d9c55 Add --extras CLI option for optional dependency categories (#6615)
• a13199a Fix pipenv shell launching wrong shell on Windows (cmd instead of bash/powers...
• f25caaa Support pipenv sync from pylock.toml without Pipfile.lock (#6614)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)