pipenv 2026.6.0

Release v2026.6.0

on Python PyPI

🤖 AI-Generated Changelog

Security

• Strip credentials from pip argument vectors to prevent credential exposure in logs and process listings (GHSA-8xgg-v3jj-95m2)
• Validate tar link targets in data_filter fallback to prevent path traversal during package installation (GHSA-p4qx-p8p6-4gjf)

Added

• Add documentation for git+ssh package sources in Pipfile

Fixed

• Fix PIPENV_PROJECT_DIR not being expanded correctly in Pipfile script definitions
• Fix pipenv shell breaking terminal input echo after exit
• Fix three regressions introduced in a prior release affecting resolver and marker environment handling
• Restore target_marker_version helper alias for backwards compatibility
• Fix _target_marker_environment returning incorrect value when allow_global=True

Changed

• Vendor in Pip 26.1
• Cache Pipfile parsing and parallelize hash and candidate lookups for improved performance

Dependencies

• Bump pygments from 2.19.2 to 2.20.0
• Bump pytest (development dependency)

🔗 Full Changelog: v2026.5.2...v2026.6.0