fix(deps): vuln minor: pydantic, virtualenv [datadog_checks_dev]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• datadog_checks_dev (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
virtualenv	20.26.1	20.39.1	minor	Direct	3 HIGH, 2 MODERATE
pydantic	2.0.2	2.13.3	minor	Direct	2 MODERATE

---

Security Details

🚨 Critical & High Severity (3 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
virtualenv	GHSA-rqc4-2hc7-8c8v	HIGH	virtualenv allows command injection through activation scripts for a virtual environment	20.26.1	20.26.6
virtualenv	CVE-2024-53899	HIGH	-	20.26.1	-
virtualenv	PYSEC-2024-187	HIGH	-	20.26.1	20.26.6

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
pydantic	GHSA-mr82-8j83-vxmv	MODERATE	Pydantic regular expression denial of service	2.0.2	2.4.0
pydantic	CVE-2024-3772	MODERATE	-	2.0.2	-
virtualenv	GHSA-597g-3phw-6986	MODERATE	virtualenv Has TOCTOU Vulnerabilities in Directory Creation	20.26.1	20.36.1
virtualenv	CVE-2026-22702	MODERATE	virtualenv Has TOCTOU Vulnerabilities in Directory Creation	20.26.1	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[datadog-prod-us1-6]

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 1 Test failed

test_downloader from test_downloader.py     (Fix with Cursor)

503 Server Error: Service Unavailable for url: https://dd-integrations-core-wheels-build-stable.datadoghq.com/metadata.staged/wheels-signer-j.json

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 87.80% (+0.54%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: fe2279c | Docs | Datadog PR Page | Give us feedback!}

[dd-octo-sts]

Validation Report

All 20 validations passed.

Show details

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
license-headers	Validate Python files have proper license headers	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
models	Validate configuration data models match spec.yaml	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.71%. Comparing base (0ff244d) to head (fe2279c).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.