Bump virtualenv from 20.39.0 to 21.0.0

[dependabot]

Bumps virtualenv from 20.39.0 to 21.0.0.

Release notes

Sourced from virtualenv's releases.

21.0.0

What's Changed

• ♻️ refactor(discovery): extract py_discovery as self-contained package by @​gaborbernat in pypa/virtualenv#3070
• 📝 docs(changelog): add removal entry for python-discovery extraction by @​gaborbernat in pypa/virtualenv#3074

Full Changelog: pypa/virtualenv@20.39.1...21.0.0

20.39.1

What's Changed

• Align dependency versions across projects by @​gaborbernat in pypa/virtualenv#3069
• ✨ feat(create): add RustPython support by @​gaborbernat in pypa/virtualenv#3071
• 🐛 fix(create): add pythonw3.exe to Windows venvs by @​gaborbernat in pypa/virtualenv#3073

Full Changelog: pypa/virtualenv@20.39.0...20.39.1

Changelog

Sourced from virtualenv's changelog.

Deprecations and Removals - 21.0.0

• The Python discovery logic has been extracted into a standalone python-discovery package on PyPI (documentation <https://python-discovery.readthedocs.io/>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. from virtualenv.discovery.py_info import PythonInfo), switch to from python_discovery import PythonInfo. Backward-compatibility re-export shims are provided at virtualenv.discovery.py_info, virtualenv.discovery.py_spec, and virtualenv.discovery.cached_py_info, however these are considered unsupported and may be removed in a future release - by :user:gaborbernat. (:issue:3070)

---

v20.39.1 (2026-02-25)

---

Features - 20.39.1

• Add support for creating virtual environments with RustPython - by :user:elmjag. (:issue:3010)

---

v20.39.0 (2026-02-23)

---

Commits

• 7687420 release 21.0.0
• 8ec3142 📝 docs(changelog): add removal entry for python-discovery extraction (#3074)
• f89d46c ♻️ refactor(discovery): extract py_discovery as self-contained package (#3070)
• 0272c72 release 20.39.1
• b1ca37f 🐛 fix(create): add pythonw3.exe to Windows venvs (#3073)
• 1d4a338 ✨ feat(create): add RustPython support (#3071)
• a10c5d4 Align dependency versions across projects (#3069)
• 22a8860 [pre-commit.ci] pre-commit autoupdate (#3068)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #3074
Resolves #3070
Resolves #3073
Resolves #3071
Resolves #3069
Resolves #3068
Resolves pypa/virtualenv#3070
Resolves pypa/virtualenv#3074
Resolves pypa/virtualenv#3069
Resolves pypa/virtualenv#3071
Resolves pypa/virtualenv#3073

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps virtualenv from 20.39.0 to 21.0.0 in the development dependencies.

---

Code Quality

• ✅ Style guide: Single-line change in pyproject.toml, follows project conventions.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No logic errors. Note: virtualenv 21.0.0 is a major version bump — verify it does not introduce breaking changes to the dev workflow (e.g., virtualenv CLI interface or behavior changes). The version constraint syntax and placement are correct.
• ✅ CLAUDE.md: No issues.

Testing

• ❌ Unit/integration tests: No tests added or modified, but this is a dependency bump with no functional code changes — acceptable.
• ⚠️ Test coverage: Cannot assess from this diff alone.

Documentation

• ✅ README: No changes needed for a dev dependency bump.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ❌ CHANGELOG.md: Not updated. Dependency bumps are typically noted in a changelog. Consider adding an entry under an "Unreleased" or version section.
• ✅ Markdown formatting: N/A

Security

• ✅ No hardcoded credentials
• ✅ No sensitive data
• ✅ No license files (.lic) or AQAAAD-prefixed strings
• ⚠️ Dependency security: virtualenv 21.0.0 is a major version bump. Confirm this version has no known CVEs and that the jump from 20.x to 21.x does not introduce unexpected behavior in CI/CD pipelines or local dev environments. Running pip-audit or checking the virtualenv changelog is recommended before merging.

---

Overall: Low-risk dependency update. The only actionable item is updating CHANGELOG.md and verifying the major version bump is intentional and tested in CI.

Automated code review analyzing defects and coding standards