From 2c387ed2e07220cc6104086744d9b9f4a395c18d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 May 2026 10:48:27 +0000
Subject: [PATCH 1/2] Bump virtualenv from 21.3.2 to 21.3.3 (#12536)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 21.3.2 to
21.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>21.3.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Accept GraalPy implementation name. by <a
href="https://github.com/timfel"><code>@​timfel</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/3144">pypa/virtualenv#3144</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/21.3.2...21.3.3">https://github.com/pypa/virtualenv/compare/21.3.2...21.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h1>Bugfixes - 21.3.3</h1>
<ul>
<li>recognize GraalPy interpreters using the normalized
<code>GraalPy</code> name - by :user:<code>timfel</code>.
(:issue:<code>3144</code>)</li>
</ul>
<hr />
<p>v21.3.2 (2026-05-12)</p>
<hr />
<p>No significant changes.</p>
<hr />
<p>v21.3.1 (2026-05-05)</p>
<hr />
<h1>Bugfixes - 21.3.1</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1.1</code> from <code>26.1</code>
(:issue:<code>3138</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.3.0 (2026-04-27)</p>
<hr />
<h1>Features - 21.3.0</h1>
<ul>
<li>Re-introduce <code>xonsh</code> shell activator
(<code>activate.xsh</code>) previously removed in 20.7.0, and make the
plugin loader
prefer virtualenv's built-in entry points so a third-party package
cannot override them by registering a duplicate
name. (:issue:<code>3003</code>)</li>
</ul>
<h1>Bugfixes - 21.3.0</h1>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li>
</ul>
</li>
</ul>
<hr />
<p>v21.2.4 (2026-04-14)</p>
<hr />
<h1>Bugfixes - 21.2.4</h1>
<ul>
<li>Security hardening: validate each entry of a seed wheel archive
before extracting it so a tampered wheel cannot escape
the app-data image directory via an absolute path or <code>..</code>
traversal. (:issue:<code>3118</code>)</li>
<li>Security hardening: verify the SHA-256 of every bundled seed wheel
when it is loaded so a corrupted or tampered file</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/e6dba2a503560c1561258770ade4d15529c4db3d"><code>e6dba2a</code></a>
release 21.3.3</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/e7517c0e56c159946374c2fed8fb874fd3bde94f"><code>e7517c0</code></a>
Accept GraalPy implementation name. (<a
href="https://redirect.github.com/pypa/virtualenv/issues/3144">#3144</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/virtualenv/compare/21.3.2...21.3.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=21.3.2&new-version=21.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index eeb1f668c0a..0854b9cacb7 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -305,7 +305,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     #   -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.3.2
+virtualenv==21.3.3
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 55dc2cadea1..f6de5aba479 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -295,7 +295,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
     #   -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.3.2
+virtualenv==21.3.3
     # via pre-commit
 wait-for-it==2.3.0
     # via -r requirements/test-common.in
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 398c4d3d86f..74957a2b659 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -165,7 +165,7 @@ uvloop==0.21.0 ; platform_system != "Windows"
     # via -r requirements/lint.in
 valkey==6.1.1
     # via -r requirements/lint.in
-virtualenv==21.3.2
+virtualenv==21.3.3
     # via pre-commit
 yarl==1.23.0
     # via aiohttp

From 125dfae3149fdaff7978a01e371c22c877d93901 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 May 2026 10:57:53 +0000
Subject: [PATCH 2/2] Bump requests from 2.34.0 to 2.34.1 (#12537)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [requests](https://github.com/psf/requests) from 2.34.0 to 2.34.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.34.1</h2>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/k223kim"><code>@​k223kim</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7433">psf/requests#7433</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13">https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.34.1 (2026-05-13)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Widened <code>json</code> input type from <code>dict</code> and
<code>list</code> to <code>Mapping</code>
and <code>Sequence</code>. (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li>Changed <code>headers</code> input type to MutableMapping and
removed <code>None</code> from
<code>Request.headers</code> typing to improve handling for users. (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><code>Response.reason</code> moved from <code>str | None</code> to
<code>str</code> to improve handling
for users. (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li>Fixed a bug where some bodies with custom <code>__getattr__</code>
implementations
weren't being properly detected as Iterables. (<a
href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224"><code>b7b549b</code></a>
v2.34.1</li>
<li><a
href="https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe"><code>e511bc7</code></a>
Fix mutability issues with headers input types (<a
href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61"><code>5691f59</code></a>
Update JsonType containers to read-based collections (<a
href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035"><code>2144213</code></a>
Constrain Response.reason to str (<a
href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232"><code>6404f34</code></a>
Fix <code>prepare_body</code> stream detection for
<code>__getattr__</code>-based file wrappers (<a
href="https://redirect.github.com/psf/requests/issues/7">#7</a>...</li>
<li>See full diff in <a
href="https://github.com/psf/requests/compare/v2.34.0...v2.34.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.34.0&new-version=2.34.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0854b9cacb7..beabe4d7955 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -228,7 +228,7 @@ python-on-whales==0.81.0
     #   -r requirements/test-common.in
 pyyaml==6.0.3
     # via pre-commit
-requests==2.34.0
+requests==2.34.1
     # via
     #   sphinx
     #   sphinxcontrib-spelling
diff --git a/requirements/dev.txt b/requirements/dev.txt
index f6de5aba479..d34821023c2 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -223,7 +223,7 @@ python-on-whales==0.81.0
     #   -r requirements/test-common.in
 pyyaml==6.0.3
     # via pre-commit
-requests==2.34.0
+requests==2.34.1
     # via sphinx
 rich==15.0.0
     # via pytest-codspeed
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 20aa6b758be..415d2024cf8 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -34,7 +34,7 @@ pyenchant==3.3.0
     # via sphinxcontrib-spelling
 pygments==2.20.0
     # via sphinx
-requests==2.34.0
+requests==2.34.1
     # via
     #   sphinx
     #   sphinxcontrib-spelling
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 22d2bc43694..497f27ab4e9 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -32,7 +32,7 @@ packaging==26.2
     # via sphinx
 pygments==2.20.0
     # via sphinx
-requests==2.34.0
+requests==2.34.1
     # via sphinx
 snowballstemmer==3.0.1
     # via sphinx