Scheduled weekly dependency update for week 08

[pyup-bot]

Update black from 25.12.0 to 26.1.0.

Changelog

26.1.0

Highlights

Introduces the 2026 stable style (4892), stabilizing the following changes:

- `always_one_newline_after_import`: Always force one blank line after import
statements, except when the line after the import is a comment or an import statement
(4489)
- `fix_fmt_skip_in_one_liners`: Fix ` fmt: skip` behavior on one-liner declarations,
such as `def foo(): return "mock"  fmt: skip`, where previously the declaration would
have been incorrectly collapsed (4800)
- `fix_module_docstring_detection`: Fix module docstrings being treated as normal
strings if preceded by comments (4764)
- `fix_type_expansion_split`: Fix type expansions split in generic functions (4777)
- `multiline_string_handling`: Make expressions involving multiline strings more compact
(1879)
- `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to
normalize file newlines both from and to (4710)
- `remove_parens_around_except_types`: Remove parentheses around multiple exception
types in `except` and `except*` without `as` (4720)
- `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand
side of assignments while preserving magic trailing commas and intentional multiline
formatting (4865)
- `standardize_type_comments`: Format type comments which have zero or more spaces
between `` and `type:` or between `type:` and value to ` type: (value)` (4645)

The following change was not in any previous stable release:

- Regenerated the `_width_table.py` and added tests for the Khmer language (4253)

This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's
`.gitignore` logic (4958). Now, files will be ignored if a pattern matches them, even
if the parent directory is directly unignored. For example, Black would previously
format `exclude/not_this/foo.py` with this `.gitignore`:


exclude/
!exclude/not_this/


Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and
all of it's children are included in formatting (and in Git), use this `.gitignore`:


*/exclude/*
!*/exclude/not_this/


This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore
matching subdirectories (like the previous behavior did), and not just matching root
directories.

Output

- Explicitly shutdown the multiprocessing manager when run in diff mode too (4952)

Integrations

- Upgraded PyPI upload workflow to use Trusted Publishing (4611)

Links

• PyPI: https://pypi.org/project/black
• Changelog: https://data.safetycli.com/changelogs/black/

Update certifi from 2025.11.12 to 2026.1.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/certifi
• Repo: https://github.com/certifi/python-certifi

Update chardet from 5.2.0 to 6.0.0.post1.

Changelog

6.0.0

Features

- **Unified single-byte charset detection**: Instead of only having trained language models for a handful of languages (Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, Turkish) and relying on special-case `Latin1Prober` and `MacRomanProber` heuristics for Western encodings, chardet now treats all single-byte charsets the same way: every encoding gets proper language-specific bigram models trained on CulturaX corpus data. This means chardet can now accurately detect both the encoding *and* the language for all supported single-byte encodings.
- **38 new languages**: Arabic, Belarusian, Breton, Croatian, Czech, Danish, Dutch, English, Esperanto, Estonian, Farsi, Finnish, French, German, Icelandic, Indonesian, Irish, Italian, Kazakh, Latvian, Lithuanian, Macedonian, Malay, Maltese, Norwegian, Polish, Portuguese, Romanian, Scottish Gaelic, Serbian, Slovak, Slovene, Spanish, Swedish, Tajik, Ukrainian, Vietnamese, and Welsh. Existing models for Bulgarian, Greek, Hebrew, Hungarian, Russian, Thai, and Turkish were also retrained with the new pipeline.
- **`EncodingEra` filtering**: New `encoding_era` parameter to `detect` allows filtering by an `EncodingEra` flag enum (`MODERN_WEB`, `LEGACY_ISO`, `LEGACY_MAC`, `LEGACY_REGIONAL`, `DOS`, `MAINFRAME`, `ALL`) allows callers to restrict detection to encodings from a specific era. `detect()` and `detect_all()` default to `MODERN_WEB`. The new `MODERN_WEB` default should drastically improve accuracy for users who are not working with legacy data. The tiers are:
- `MODERN_WEB`: UTF-8/16/32, Windows-125x, CP874, CJK multi-byte (widely used on the web)
- `LEGACY_ISO`: ISO-8859-x, KOI8-R/U (legacy but well-known standards)
- `LEGACY_MAC`: Mac-specific encodings (MacRoman, MacCyrillic, etc.)
- `LEGACY_REGIONAL`: Uncommon regional/national encodings (KOI8-T, KZ1048, CP1006, etc.)
- `DOS`: DOS/OEM code pages (CP437, CP850, CP866, etc.)
- `MAINFRAME`: EBCDIC variants (CP037, CP500, etc.)
- **`--encoding-era` CLI flag**: The `chardetect` CLI now accepts `-e`/`--encoding-era` to control which encoding eras are considered during detection.
- **`max_bytes` and `chunk_size` parameters**: `detect()`, `detect_all()`, and `UniversalDetector` now accept `max_bytes` (default 200KB) and `chunk_size` (default 64KB) parameters for controlling how much data is examined. (314, bysiber)
- **Encoding era preference tie-breaking**: When multiple encodings have very close confidence scores, the detector now prefers more modern/Unicode encodings over legacy ones.
- **Charset metadata registry**: New `chardet.metadata.charsets` module provides structured metadata about all supported encodings, including their era classification and language filter.
- **`should_rename_legacy` now defaults intelligently**: When set to `None` (the new default), legacy renaming is automatically enabled when `encoding_era` is `MODERN_WEB`.
- **Direct GB18030 support**: Replaced the redundant GB2312 prober with a proper GB18030 prober.
- **EBCDIC detection**: Added CP037 and CP500 EBCDIC model registrations for mainframe encoding detection.
- **Binary file detection**: Added basic binary file detection to abort analysis earlier on non-text files.
- **Python 3.12, 3.13, and 3.14 support** (283, hugovk; 311)
- **GitHub Codespace support** (312, oxygen-dioxide)

Fixes

- **Fix CP949 state machine**: Corrected the state machine for Korean CP949 encoding detection. (268, nenw)
- **Fix SJIS distribution analysis**: Fixed `SJISDistributionAnalysis` discarding valid second-byte range >= 0x80. (315, bysiber)
- **Fix UTF-16/32 detection for non-ASCII-heavy text**: Improved detection of UTF-16/32 encoded CJK and other non-ASCII text by adding a `MIN_RATIO` threshold alongside the existing `EXPECTED_RATIO`.
- **Fix `get_charset` crash**: Resolved a crash when looking up unknown charset names.
- **Fix GB18030 `char_len_table`**: Corrected the character length table for GB18030 multi-byte sequences.
- **Fix UTF-8 state machine**: Updated to be more spec-compliant.
- **Fix `detect_all()` returning inactive probers**: Results from probers that determined "definitely not this encoding" are now excluded.
- **Fix early cutoff bug**: Resolved an issue where detection could terminate prematurely.
- **Default UTF-8 fallback**: If UTF-8 has not been ruled out and nothing else is above the minimum threshold, UTF-8 is now returned as the default.

Breaking changes

- **Dropped Python 3.7, 3.8, and 3.9 support**: Now requires Python 3.10+. (283, hugovk)
- **Removed `Latin1Prober` and `MacRomanProber`**: These special-case probers have been replaced by the unified model-based approach described above. Latin-1, MacRoman, and all other single-byte encodings are now detected by `SingleByteCharSetProber` with trained language models, giving better accuracy and language identification.
- **Removed EUC-TW support**: EUC-TW encoding detection has been removed as it is extremely rare in practice.
- **`LanguageFilter.NONE` removed**: Use specific language filters or `LanguageFilter.ALL` instead.
- **Enum types changed**: `InputState`, `ProbingState`, `MachineState`, `SequenceLikelihood`, and `CharacterCategory` are now `IntEnum` (previously plain classes or `Enum`). `LanguageFilter` values changed from hardcoded hex to `auto()`.
- **`detect()` default behavior change**: `detect()` now defaults to `encoding_era=EncodingEra.MODERN_WEB` and `should_rename_legacy=None` (auto-enabled for `MODERN_WEB`), whereas previously it defaulted to considering all encodings with no legacy renaming.

Misc changes

- **Switched from Poetry/setuptools to uv + hatchling**: Build system modernized with `hatch-vcs` for version management.
- **License text updated**: Updated LGPLv2.1 license text and FSF notices to use URL instead of mailing address. (304, 307, musicinmybrain)
- **CulturaX-based model training**: The `create_language_model.py` training script was rewritten to use the CulturaX multilingual corpus instead of Wikipedia, producing higher quality bigram frequency models.
- **`Language` class converted to frozen dataclass**: The language metadata class now uses `dataclass(frozen=True)` with `num_training_docs` and `num_training_chars` fields replacing `wiki_start_pages`.
- **Test infrastructure**: Added `pytest-timeout` and `pytest-xdist` for faster parallel test execution. Reorganized test data directories.

Contributors

Thank you to everyone who contributed to this release!

- dan-blanchard (Dan Blanchard)
- bysiber (Kadir Can Ozden)
- musicinmybrain (Ben Beasley)
- hugovk (Hugo van Kemenade)
- oxygen-dioxide
- nenw

And a special thanks to helour, whose earlier Latin-1 prober work from an abandoned PR helped inform the approach taken in this release.

Links

• PyPI: https://pypi.org/project/chardet
• Changelog: https://data.safetycli.com/changelogs/chardet/

Update coverage from 7.13.0 to 7.13.4.

Changelog

7.13.4

---------------------------

- Fix: the third-party code fix in 7.13.3 required examining the parent
directories where coverage was run. In the unusual situation that one of the
parent directories is unreadable, a PermissionError would occur, as
described in `issue 2129`_. This is now fixed.

- Fix: in test suites that change sys.path, coverage.py could fail with
"RuntimeError: Set changed size during iteration" as described and fixed in
`pull 2130`_. Thanks, Noah Fatsi.

- We now publish ppc64le wheels, thanks to `Pankhudi Jain <pull 2121_>`_.

.. _pull 2121: https://github.com/coveragepy/coveragepy/pull/2121
.. _issue 2129: https://github.com/coveragepy/coveragepy/issues/2129
.. _pull 2130: https://github.com/coveragepy/coveragepy/pull/2130


.. _changes_7-13-3:

7.13.3

---------------------------

- Fix: in some situations, third-party code was measured when it shouldn't have
been, slowing down test execution. This happened with layered virtual
environments such as uv sometimes makes. The problem is fixed, closing `issue
2082`_. Now any directory on sys.path that is inside a virtualenv is
considered third-party code.

.. _issue 2082: https://github.com/coveragepy/coveragepy/issues/2082


.. _changes_7-13-2:

7.13.2

---------------------------

- Fix: when Python is installed via symlinks, for example with Homebrew, the
standard library files could be incorrectly included in coverage reports.
This is now fixed, closing `issue 2115`_.

- Fix: if a data file is created with no read permissions, the combine step
would fail completely. Now a warning is issued and the file is skipped.
Closes `issue 2117`_.

.. _issue 2115: https://github.com/coveragepy/coveragepy/issues/2115
.. _issue 2117: https://github.com/coveragepy/coveragepy/issues/2117


.. _changes_7-13-1:

7.13.1

---------------------------

- Added: the JSON report now includes a ``"start_line"`` key for function and
class regions, indicating the first line of the region in the source. Closes
`issue 2110`_.

- Added: The ``debug data`` command now takes file names as arguments on the
command line, so you can inspect specific data files without needing to set
the ``COVERAGE_FILE`` environment variable.

- Fix: the JSON report used to report module docstrings as executed lines,
which no other report did, as described in `issue 2105`_. This is now fixed,
thanks to Jianrong Zhao.

- Fix: coverage.py uses a more disciplined approach to detecting where
third-party code is installed, and avoids measuring it. This shouldn't change
any behavior. If you find that it does, please get in touch.

- Performance: data files that will be combined now record their hash as part
of the file name. This lets us skip duplicate data more quickly, speeding the
combining step.

- Docs: added a section explaining more about what is considered a missing
branch and how it is reported: :ref:`branch_explain`, as requested in `issue
1597`_. Thanks to `Ayisha Mohammed <pull 2092_>`_.

- Tests: the test suite misunderstood what core was being tested if
``COVERAGE_CORE`` wasn't set on 3.14+. This is now fixed, closing `issue
2109`_.

.. _issue 1597: https://github.com/coveragepy/coveragepy/issues/1597
.. _pull 2092: https://github.com/coveragepy/coveragepy/pull/2092
.. _issue 2105: https://github.com/coveragepy/coveragepy/issues/2105
.. _issue 2109: https://github.com/coveragepy/coveragepy/issues/2109
.. _issue 2110: https://github.com/coveragepy/coveragepy/issues/2110


.. _changes_7-13-0:

Links

• PyPI: https://pypi.org/project/coverage
• Changelog: https://data.safetycli.com/changelogs/coverage/
• Repo: https://github.com/coveragepy/coveragepy

Update docutils from 0.22.3 to 0.22.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/docutils

Update filelock from 3.20.0 to 3.24.3.

Changelog

3.24.3

<!-- Release notes generated using configuration in .github/release.yml at 3.24.3 -->

What's Changed
* 🐛 fix(ci): add trailing blank line after changelog entries by gaborbernat in https://github.com/tox-dev/filelock/pull/492
* 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by gaborbernat in https://github.com/tox-dev/filelock/pull/495


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.24.2...3.24.3

3.24.2

<!-- Release notes generated using configuration in .github/release.yml at 3.24.2 -->

What's Changed
* 📝 docs: restructure using Diataxis framework by gaborbernat in https://github.com/tox-dev/filelock/pull/489
* 🐛 fix(test): resolve flaky write non-starvation test by gaborbernat in https://github.com/tox-dev/filelock/pull/490
* 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race by gaborbernat in https://github.com/tox-dev/filelock/pull/491


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.24.1...3.24.2

3.24.1

<!-- Release notes generated using configuration in .github/release.yml at 3.24.1 -->

What's Changed
* 🐛 fix(soft): resolve Windows deadlock and test race condition by gaborbernat in https://github.com/tox-dev/filelock/pull/488


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.24.0...3.24.1

3.24.0

<!-- Release notes generated using configuration in .github/release.yml at 3.24.0 -->

What's Changed
* 🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS by gaborbernat in https://github.com/tox-dev/filelock/pull/480
* ✨ feat(lock): add poll_interval to constructor by gaborbernat in https://github.com/tox-dev/filelock/pull/482
* 🐛 fix(win): eliminate lock file race in threaded usage by gaborbernat in https://github.com/tox-dev/filelock/pull/484
* ✨ feat(mode): respect POSIX default ACL inheritance by gaborbernat in https://github.com/tox-dev/filelock/pull/483
* 🐛 fix(api): detect same-thread self-deadlock by gaborbernat in https://github.com/tox-dev/filelock/pull/481
* ✨ feat(lock): add cancel_check to acquire by gaborbernat in https://github.com/tox-dev/filelock/pull/487
* ✨ feat(lock): add lifetime parameter for lock expiration by gaborbernat in https://github.com/tox-dev/filelock/pull/486


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.23.0...3.24.0

3.23.0

<!-- Release notes generated using configuration in .github/release.yml at 3.23.0 -->

What's Changed
* 📝 docs: add fasteners to similar libraries by gaborbernat in https://github.com/tox-dev/filelock/pull/478
* 📝 docs: move from Unlicense to MIT by gaborbernat in https://github.com/tox-dev/filelock/pull/479


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.22.0...3.23.0

3.22.0

<!-- Release notes generated using configuration in .github/release.yml at 3.22.0 -->

What's Changed
* ✨ feat(soft): detect and break stale locks by gaborbernat in https://github.com/tox-dev/filelock/pull/476
* 🐛 fix(soft): skip stale lock detection on Windows by gaborbernat in https://github.com/tox-dev/filelock/pull/477


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.21.2...3.22.0

3.21.2

<!-- Release notes generated using configuration in .github/release.yml at 3.21.2 -->

What's Changed
* 🐛 fix: catch ImportError for missing sqlite3 C library by gaborbernat in https://github.com/tox-dev/filelock/pull/475


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.21.1...3.21.2

3.21.1

<!-- Release notes generated using configuration in .github/release.yml at 3.21.1 -->

What's Changed
* 🐛 fix: gracefully handle missing `sqlite3` when importing `ReadWriteLock` by bayandin in https://github.com/tox-dev/filelock/pull/473

New Contributors
* bayandin made their first contribution in https://github.com/tox-dev/filelock/pull/473

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.21.0...3.21.1

3.21.0

<!-- Release notes generated using configuration in .github/release.yml at 3.21.0 -->

What's Changed
* 🔧 chore: modernize tooling and bump deps by gaborbernat in https://github.com/tox-dev/filelock/pull/470
* ✨ feat(lock): add SQLite-based ReadWriteLock by leventov in https://github.com/tox-dev/filelock/pull/399
* Enable removal of UNIX lock files by sbc100 in https://github.com/tox-dev/filelock/pull/408
* 👷 ci(release): persist changelog on release by gaborbernat in https://github.com/tox-dev/filelock/pull/471
* 👷 ci(release): commit changelog and use release config by gaborbernat in https://github.com/tox-dev/filelock/pull/472

New Contributors
* leventov made their first contribution in https://github.com/tox-dev/filelock/pull/399
* sbc100 made their first contribution in https://github.com/tox-dev/filelock/pull/408

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.20.3...3.21.0

3.20.3

<!-- Release notes generated using configuration in .github/release.yml at main -->

What's Changed
* Fix TOCTOU symlink vulnerability in SoftFileLock by gaborbernat in https://github.com/tox-dev/filelock/pull/465


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3

3.20.2

<!-- Release notes generated using configuration in .github/release.yml at main -->

What's Changed
* Support Unix systems without O_NOFOLLOW by mwilliamson in https://github.com/tox-dev/filelock/pull/463
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci[bot] in https://github.com/tox-dev/filelock/pull/464

New Contributors
* mwilliamson made their first contribution in https://github.com/tox-dev/filelock/pull/463

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2

3.20.1

<!-- Release notes generated using configuration in .github/release.yml at main -->

What's Changed
* CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by gaborbernat in https://github.com/tox-dev/filelock/pull/461


**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1

Links

• PyPI: https://pypi.org/project/filelock
• Changelog: https://data.safetycli.com/changelogs/filelock/

Update tox from 4.32.0 to 4.44.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/tox
• Changelog: https://data.safetycli.com/changelogs/tox/

Update tqdm from 4.67.1 to 4.67.3.

Changelog

4.67.3

- fix py3.7 dependencies (1706 <- 1705)

4.67.2

- support `pandas>=3` (1703 <- 1701, 1650, 1700)
- fix `format_interval` for negative numbers (1703)
- misc linting
- framework updates (1704)
+ bump CI workflow & `pre-commit` dependencies
+ add `pyupgrade`
+ add py3.13 support
+ fix py3.7 tests
+ update `setuptools-scm` usage
+ support auto-dedented docstrings when building docs in py3.13
- tests: relax flaky benchmarks

Links

• PyPI: https://pypi.org/project/tqdm
• Changelog: https://data.safetycli.com/changelogs/tqdm/

Update urllib3 from 2.6.2 to 2.6.3.

Changelog

2.6.3

==================

- Fixed a high-severity security issue where decompression-bomb safeguards of
the streaming API were bypassed when HTTP redirects were followed.
(`GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>`__)
- Started treating ``Retry-After`` times greater than 6 hours as 6 hours by
default. (`3743 <https://github.com/urllib3/urllib3/issues/3743>`__)
- Fixed ``urllib3.connection.VerifiedHTTPSConnection`` on Emscripten.
(`3752 <https://github.com/urllib3/urllib3/issues/3752>`__)

Links

• PyPI: https://pypi.org/project/urllib3
• Changelog: https://data.safetycli.com/changelogs/urllib3/

Update virtualenv from 20.35.4 to 20.38.0.

Changelog

20.38.0

<!-- Release notes generated using configuration in .github/release.yml at 20.38.0 -->

What's Changed
* Fix Windows activation scripts to handle Python paths with spaces by rahuldevikar in https://github.com/pypa/virtualenv/pull/3015
* Exclude pywintypes*.dll and pythoncom*.dll from being copied to Scripts directory by rahuldevikar in https://github.com/pypa/virtualenv/pull/3012
* update `Automated testing` documentation section by elmjag in https://github.com/pypa/virtualenv/pull/3016
* Preserver Symlinks in pyvenv.cfg paths by rahuldevikar in https://github.com/pypa/virtualenv/pull/3022
* Add ``PKG_CONFIG_PATH`` environment variable support to all activation scripts by rahuldevikar in https://github.com/pypa/virtualenv/pull/3023
* Add ty type checker to CI via tox by rahuldevikar in https://github.com/pypa/virtualenv/pull/3025
* Upgrade embedded dependencies by rahuldevikar in https://github.com/pypa/virtualenv/pull/3026
* Fix ty Type Narrowing by rahuldevikar in https://github.com/pypa/virtualenv/pull/3030
* Replace ty: ignore with proper type declarations for inheritance patterns by rahuldevikar in https://github.com/pypa/virtualenv/pull/3034
* Use user_cache_dir for app data with auto-migration from old location by rahuldevikar in https://github.com/pypa/virtualenv/pull/3033
* Fix unhelpful KeyError when using invalid VIRTUALENV_DISCOVERY value by veeceey in https://github.com/pypa/virtualenv/pull/3031
* ⚡ perf(test): parallelize test suite with pytest-xdist by gaborbernat in https://github.com/pypa/virtualenv/pull/3035
* ✨ feat(create): sync with upstream CPython/PyPy venv by gaborbernat in https://github.com/pypa/virtualenv/pull/3036
* Python3.9 dependency range correction by reactive-firewall in https://github.com/pypa/virtualenv/pull/3038
* Version bump filelock to latest by reactive-firewall in https://github.com/pypa/virtualenv/pull/3039
* Improve error message when discovery plugin is not available by veeceey in https://github.com/pypa/virtualenv/pull/3032
* 👷 ci(release): add workflow_dispatch release with zipapp and get-virtualenv by gaborbernat in https://github.com/pypa/virtualenv/pull/3040
* 📝 docs: restructure to follow Diataxis framework by gaborbernat in https://github.com/pypa/virtualenv/pull/3041
* 👷 ci(release): split into release and tag-triggered publish by gaborbernat in https://github.com/pypa/virtualenv/pull/3042
* Fix bash activate PKG_CONFIG_PATH unbound variable under bash -u by Fridayai700 in https://github.com/pypa/virtualenv/pull/3047
* 🐛 fix(discovery): harden subprocess interrogation and test reliability by gaborbernat in https://github.com/pypa/virtualenv/pull/3054
* 🔧 chore(tox): migrate tox.ini to tox.toml by gaborbernat in https://github.com/pypa/virtualenv/pull/3050

New Contributors
* elmjag made their first contribution in https://github.com/pypa/virtualenv/pull/3016
* veeceey made their first contribution in https://github.com/pypa/virtualenv/pull/3031
* reactive-firewall made their first contribution in https://github.com/pypa/virtualenv/pull/3038
* Fridayai700 made their first contribution in https://github.com/pypa/virtualenv/pull/3047

**Full Changelog**: https://github.com/pypa/virtualenv/compare/20.37.0...20.38.0

20.36.0

<!-- Release notes generated using configuration in .github/release.yml at 20.36.0 -->

What's Changed

Links

• PyPI: https://pypi.org/project/virtualenv
• Changelog: https://data.safetycli.com/changelogs/virtualenv/