Bump virtualenv from 20.38.0 to 20.39.0

[dependabot]

Bumps virtualenv from 20.38.0 to 20.39.0.

Release notes

Sourced from virtualenv's releases.

20.39.0

What's Changed

• Move from extras to dependency-groups by @​gaborbernat in pypa/virtualenv#3056
• 🐛 fix(sdist): include tox.toml in sdist by @​gaborbernat in pypa/virtualenv#3063
• 🐛 fix(seed): add --ignore-installed to pip invoke seeder by @​gaborbernat in pypa/virtualenv#3064
• 👷 ci(brew): add missing Homebrew Python versions and fix discovery by @​gaborbernat in pypa/virtualenv#3066
• 🧪 test(discovery): fix test_py_info_cache_clear outside venv by @​gaborbernat in pypa/virtualenv#3065
• Add architecture (ISA) awareness to Python discovery by @​rahuldevikar in pypa/virtualenv#3058
• 🐛 fix(discovery): resolve version-manager shims to real binaries by @​gaborbernat in pypa/virtualenv#3067
• Add auto-upgrade workflow for embedded dependencies by @​rahuldevikar in pypa/virtualenv#3057

Full Changelog: pypa/virtualenv@20.38.0...20.39.0

Changelog

Sourced from virtualenv's changelog.

Features - 20.39.0

• Automatically resolve version manager shims (pyenv, mise, asdf) to the real Python binary during discovery, preventing incorrect interpreter selection when shims are on PATH - by :user:gaborbernat. (:issue:3049)
• Add architecture (ISA) awareness to Python discovery — users can now specify a CPU architecture suffix in the --python spec string (e.g. cpython3.12-64-arm64) to distinguish between interpreters that share the same version and bitness but target different architectures. Uses sysconfig.get_platform() as the data source, with cross-platform normalization (amd64 ↔ x86_64, aarch64 ↔ arm64). Omitting the suffix preserves existing behavior - by :user:rahuldevikar. (:issue:3059)

---

v20.38.0 (2026-02-19)

---

Commits

• ad56e78 release 20.39.0
• ae90556 Add auto-upgrade workflow for embedded dependencies (#3057)
• 4582e41 🐛 fix(discovery): resolve version-manager shims to real binaries (#3067)
• e32d82d Add architecture (ISA) awareness to Python discovery (#3058)
• f8f7f48 🧪 test(discovery): fix test_py_info_cache_clear outside venv (#3065)
• c22b548 👷 ci(brew): add missing Homebrew Python versions and fix discovery (#3066)
• a852cbb 🐛 fix(seed): add --ignore-installed to pip invoke seeder (#3064)
• 6d22c9e 🐛 fix(sdist): include tox.toml in sdist (#3063)
• 01e8f51 Move from extras to dependency-groups (#3056)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #3057
Resolves #3067
Resolves #3058
Resolves #3065
Resolves #3066
Resolves #3064
Resolves #3063
Resolves #3056
Resolves pypa/virtualenv#3056
Resolves pypa/virtualenv#3063
Resolves pypa/virtualenv#3064
Resolves pypa/virtualenv#3066
Resolves pypa/virtualenv#3065
Resolves pypa/virtualenv#3058
Resolves pypa/virtualenv#3067
Resolves pypa/virtualenv#3057

[github-actions]

🤖 Claude Code Review

PR Code Review

Diff Summary: Bump virtualenv from 20.38.0 to 20.39.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide: Single-line change follows existing formatting conventions.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No logic errors introduced. This is a dependency version bump in the development group, so it only affects developer tooling — no production risk.
• ✅ CLAUDE.md: No issues; the project config is general-purpose.

Testing

• ✅ No new functions or endpoints — tests not required for a dependency bump.
• ⚠️ No evidence of CI test results in the diff. Recommend confirming the test suite passes with the updated virtualenv version before merging.

Documentation

• ✅ README: No update needed for a dev-dependency bump.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ❌ CHANGELOG.md: Not updated. Dependency bumps — even dev dependencies — are typically worth noting in the changelog for traceability.
• ✅ Markdown formatting: N/A

Security

• ✅ No hardcoded credentials
• ✅ No license files (.lic) or AQAAAD-prefixed strings
• ✅ virtualenv is a well-known, widely used package. Version 20.39.0 is a patch/minor bump with no known security advisories.
• ✅ This is a development group dependency — not included in production builds.

---

Summary

This is a straightforward, low-risk dependency bump. The only actionable item is:

1. CHANGELOG.md — consider adding an entry for the virtualenv version bump for audit/traceability purposes.

---

Automated code review analyzing defects and coding standards