Bump virtualenv from 20.17.1 to 21.5.0

[dependabot]

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps virtualenv from 20.17.1 to 21.5.0.

Release notes

Sourced from virtualenv's releases.

21.5.0

What's Changed

• Set git identity in upgrade changelog rename step by @​gaborbernat in pypa/virtualenv#3169
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in pypa/virtualenv#3168
• ✨ feat: drop Python 3.8 support by @​gaborbernat in pypa/virtualenv#3170

Full Changelog: pypa/virtualenv@21.4.3...21.5.0

21.4.3

What's Changed

• ci: silence avoidable check workflow notices by @​gaborbernat in pypa/virtualenv#3154
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in pypa/virtualenv#3155
• Fish activator passes VIRTUAL_ENV through cygpath by @​LuNoX in pypa/virtualenv#3161
• Stop exporting PS1 in bash activator by @​karlhillx in pypa/virtualenv#3162
• Add wheel-0.47.0 to seed packages as mitigation of CVE-2026-24049 by @​apophizzz in pypa/virtualenv#3167
• 🐛 fix(discovery): resolve base interpreter executable-only symlinks by @​gaborbernat in pypa/virtualenv#3166

New Contributors

• @​LuNoX made their first contribution in pypa/virtualenv#3161
• @​karlhillx made their first contribution in pypa/virtualenv#3162
• @​apophizzz made their first contribution in pypa/virtualenv#3167

Full Changelog: pypa/virtualenv@21.4.2...21.4.3

21.4.2

What's Changed

• 🐛 fix(activation): silence deactivate hash -r under set -e by @​gaborbernat in pypa/virtualenv#3152

Full Changelog: pypa/virtualenv@21.4.1...21.4.2

21.4.1

What's Changed

• 🐛 fix(create): debug build venvlauncher lookup on Windows 3.13+ by @​gaborbernat in pypa/virtualenv#3151

Full Changelog: pypa/virtualenv@21.4.0...21.4.1

21.4.0

... (truncated)

Changelog

Sourced from virtualenv's changelog.

Features - 21.5.0

• Drop support for Python 3.8; virtualenv now requires Python 3.9 or later to run and to create environments. Remove the embedded wheel seed package, which virtualenv bundled only for Python 3.8. The --wheel and --no-wheel options stay as no-ops, but now warn that virtualenv will remove them in a release after 2026-12 - by :user:gaborbernat. (:issue:3170)

Bugfixes - 21.5.0

• Upgrade embedded wheels:

  Removed wheel of 0.47.0 (:issue:u)

---

v21.4.3 (2026-06-11)

---

Bugfixes - 21.4.3

• Upgrade embedded wheels:

  • pip to 26.1.2 from 26.1.1 (:issue:u)

• Resolve executable-only symlinks when recording home and base-executable in pyvenv.cfg, mirroring CPython's getpath.realpathpython/cpython#115237 binary locate the base stdlib (for example python-build-standalone); a fully symlinked interpreter tree is kept as-is

  • by :user:gaborbernat. (:issue:3157)

• Stop exporting PS1 from the bash activator so child processes do not inherit shell prompt state. (:issue:3158)

• Handle CYGWIN/MSYS/MINGW path conversions in fish activation script - by user::LuNoX. (:issue:3160)

---

v21.4.2 (2026-05-31)

---

Bugfixes - 21.4.2

• Stop deactivate in the bash/zsh activation script from aborting under set -e when hash -r fails (for example with shell hashing disabled) by appending || true, matching CPython venv (gh-149701) and the existing non-deactivate call - by :user:gaborbernat. (:issue:3152)

---

v21.4.1 (2026-05-28)

---

Bugfixes - 21.4.1

... (truncated)

Commits

• 90735e0 release 21.5.0
• 79ce906 ✨ feat: drop Python 3.8 support (#3170)
• f1f4d68 Upgrade embedded pip/setuptools/wheel (#3168)
• 78df6f0 Set git identity in upgrade changelog rename step (#3169)
• 134b080 release 21.4.3
• 2a36128 🐛 fix(discovery): resolve base interpreter executable-only symlinks (#3166)
• 5389c25 Add wheel-0.47.0 to seed packages as mitigation of CVE-2026-24049 (#3167)
• 0134fee chore(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#3165)
• af1ed9f chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#3164)
• 1b00ec8 [pre-commit.ci] pre-commit autoupdate (#3163)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)