From bcf97badfe694f73b3c472198aaa5e294c9b77f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 16:52:30 +0100
Subject: [PATCH] chore(deps): bump virtualenv from 20.25.0 to 20.26.6 in
 /engine (#5411)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.25.0 to
20.26.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>20.26.6</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.26.5 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2766">pypa/virtualenv#2766</a></li>
<li>Fix <a
href="https://redirect.github.com/pypa/virtualenv/issues/2768">#2768</a>:
Quote template strings in activation scripts by <a
href="https://github.com/y5c4l3"><code>@​y5c4l3</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2771">pypa/virtualenv#2771</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/y5c4l3"><code>@​y5c4l3</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2771">pypa/virtualenv#2771</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.26.5...20.26.6">https://github.com/pypa/virtualenv/compare/20.26.5...20.26.6</a></p>
<h2>20.26.5</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.26.4 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2761">pypa/virtualenv#2761</a></li>
<li>Use uv over pip by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2765">pypa/virtualenv#2765</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.26.4...20.26.5">https://github.com/pypa/virtualenv/compare/20.26.4...20.26.5</a></p>
<h2>20.26.4</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.26.3 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2742">pypa/virtualenv#2742</a></li>
<li>Fix whitespace around backticks in changelog by <a
href="https://github.com/edmorley"><code>@​edmorley</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2751">pypa/virtualenv#2751</a></li>
<li>Test latest Python 3.13 by <a
href="https://github.com/hugovk"><code>@​hugovk</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2752">pypa/virtualenv#2752</a></li>
<li>Fix typo in Nushell activation script by <a
href="https://github.com/edmorley"><code>@​edmorley</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2754">pypa/virtualenv#2754</a></li>
<li>GitHub Actions: Replace deprecated macos-12 with macos-13 by <a
href="https://github.com/hugovk"><code>@​hugovk</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2756">pypa/virtualenv#2756</a></li>
<li>Fix <a
href="https://redirect.github.com/pypa/virtualenv/issues/2728">#2728</a>:
Activating venv create unwanted console output by <a
href="https://github.com/ShootGan"><code>@​ShootGan</code></a> in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2748">pypa/virtualenv#2748</a></li>
<li>Upgrade bundled wheels by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2760">pypa/virtualenv#2760</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ShootGan"><code>@​ShootGan</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2748">pypa/virtualenv#2748</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.26.3...20.26.4">https://github.com/pypa/virtualenv/compare/20.26.3...20.26.4</a></p>
<h2>20.26.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.26.2 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2724">pypa/virtualenv#2724</a></li>
<li>Bump embeded wheels by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2741">pypa/virtualenv#2741</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.26.2...20.26.3">https://github.com/pypa/virtualenv/compare/20.26.2...20.26.3</a></p>
<h2>20.26.2</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h2>v20.26.6 (2024-09-27)</h2>
<p>Bugfixes - 20.26.6</p>
<pre><code>- Properly quote string placeholders in activation script
templates to mitigate
  potential command injection - by :user:`y5c4l3`. (:issue:`2768`)
<h2>v20.26.5 (2024-09-17)</h2>
<p>Bugfixes - 20.26.5
</code></pre></p>
<ul>
<li>Upgrade embedded wheels: setuptools to <code>75.1.0</code> from
<code>74.1.2</code> - by :user:<code>gaborbernat</code>.
(:issue:<code>2765</code>)</li>
</ul>
<h2>v20.26.4 (2024-09-07)</h2>
<p>Bugfixes - 20.26.4</p>
<pre><code>- no longer create `()` output in console during activation
of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:
<ul>
<li>wheel to <code>0.44.0</code> from <code>0.43.0</code></li>
<li>pip to <code>24.2</code> from <code>24.1</code></li>
<li>setuptools to <code>74.1.2</code> from <code>70.1.0</code>
(:issue:<code>2760</code>)</li>
</ul>
<h2>v20.26.3 (2024-06-21)</h2>
<p>Bugfixes - 20.26.3
</code></pre></p>
<ul>
<li>
<p>Upgrade embedded wheels:</p>
<ul>
<li>setuptools to <code>70.1.0</code> from <code>69.5.1</code></li>
<li>pip to <code>24.1</code> from <code>24.0</code>
(:issue:<code>2741</code>)</li>
</ul>
</li>
</ul>
<h2>v20.26.2 (2024-05-13)</h2>
<p>Bugfixes - 20.26.2</p>
<pre><code>- ``virtualenv.pyz`` no longer fails when zipapp path
contains a symlink - by :user:`HandSonic` and :user:`petamas`.
(:issue:`1949`)
- Fix bad return code from activate.sh if hashing is disabled - by
:user:'fenkes-ibm'. (:issue:`2717`)
<h2>v20.26.1 (2024-04-29)</h2>
<p>Bugfixes - 20.26.1
</code></pre></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/ec04726d065372ffad9920998aef1ce41252a61d"><code>ec04726</code></a>
release 20.26.6</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/86dddeda7c991f8529e1995bbff280fb7b761972"><code>86ddded</code></a>
Fix <a
href="https://redirect.github.com/pypa/virtualenv/issues/2768">#2768</a>:
Quote template strings in activation scripts (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2771">#2771</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/6bb3f6226c18d69bb6cfa3475b6d46dd463bb530"><code>6bb3f62</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2769">#2769</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/220d49c2e3ade2ed24f5712ab5a23895cde2e04c"><code>220d49c</code></a>
Bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2767">#2767</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/cf340c83c2828a92def78c77b3e037a2baa4d557"><code>cf340c8</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2766">#2766</a>
from pypa/release-20.26.5</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/f3172b4da576b88275a14d2e7bbeb98b8f958a05"><code>f3172b4</code></a>
release 20.26.5</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/22b9795eb6bed0c17d0415c5513eca099a0a11ad"><code>22b9795</code></a>
Use uv over pip (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2765">#2765</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/35d8269aba12a1e3c60183a2082b2c4d0cc1192f"><code>35d8269</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2764">#2764</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/ee77feb77ccb3c5deefa318630c59315bcfda521"><code>ee77feb</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/virtualenv/issues/2763">#2763</a>)</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/c5160566293ed098ca30e0856dbf44588dd5c3a3"><code>c516056</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/virtualenv/compare/20.25.0...20.26.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.25.0&new-version=20.26.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/grafana/oncall/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: twu <199651+twu@users.noreply.github.com>
Co-authored-by: Thomas Wurmitzer <thomas.wurmitzer@grafana.com>
---
 engine/requirements-dev.txt | 10 ++++------
 engine/requirements.in      |  2 +-
 engine/requirements.txt     |  6 +++++-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/engine/requirements-dev.txt b/engine/requirements-dev.txt
index 8b9099a4..6057770c 100644
--- a/engine/requirements-dev.txt
+++ b/engine/requirements-dev.txt
@@ -25,14 +25,14 @@ django==4.2.19
     #   django-stubs-ext
 django-filter-stubs==0.1.3
     # via -r requirements-dev.in
-django-stubs==4.2.2
+django-stubs[compatible-mypy]==4.2.2
     # via
     #   -r requirements-dev.in
     #   django-filter-stubs
     #   djangorestframework-stubs
 django-stubs-ext==4.2.7
     # via django-stubs
-djangorestframework-stubs==3.14.2
+djangorestframework-stubs[compatible-mypy]==3.14.2
     # via
     #   -r requirements-dev.in
     #   django-filter-stubs
@@ -99,7 +99,7 @@ pytest-factoryboy==2.7.0
     # via -r requirements-dev.in
 pytest-socket==0.7.0
     # via -r requirements-dev.in
-pytest-xdist==3.6.1
+pytest-xdist[psutil]==3.6.1
     # via -r requirements-dev.in
 python-dateutil==2.8.2
     # via
@@ -113,8 +113,6 @@ requests==2.32.3
     # via
     #   -c requirements.txt
     #   djangorestframework-stubs
-setuptools==75.3.0
-    # via nodeenv
 six==1.16.0
     # via
     #   -c requirements.txt
@@ -161,5 +159,5 @@ urllib3==1.26.19
     # via
     #   -c requirements.txt
     #   requests
-virtualenv==20.25.0
+virtualenv==20.26.6
     # via pre-commit
diff --git a/engine/requirements.in b/engine/requirements.in
index 649bffa7..0714f90c 100644
--- a/engine/requirements.in
+++ b/engine/requirements.in
@@ -58,7 +58,7 @@ slack_sdk==3.21.3
 social-auth-app-django==5.4.1
 twilio~=6.37.0
 urllib3==1.26.19
-uwsgi==2.0.26
+uwsgi==2.0.28
 whitenoise==5.3.0
 google-api-python-client==2.122.0
 google-auth-httplib2==0.2.0
diff --git a/engine/requirements.txt b/engine/requirements.txt
index 07f80b51..cc7d3641 100644
--- a/engine/requirements.txt
+++ b/engine/requirements.txt
@@ -414,6 +414,10 @@ rsa==4.9
     # via google-auth
 s3transfer==0.10.0
     # via boto3
+setuptools==76.0.0
+    # via
+    #   apscheduler
+    #   opentelemetry-instrumentation
 six==1.16.0
     # via
     #   apscheduler
@@ -459,7 +463,7 @@ urllib3==1.26.19
     #   botocore
     #   django-anymail
     #   requests
-uwsgi==2.0.26
+uwsgi==2.0.28
     # via -r requirements.in
 vine==5.1.0
     # via