Indeed, Emily is correct: this is expected behaviour for system Python versions that don't patch their ensurepip modules, as the default pip (et al) used in virtual environments created with the venv module generally only gets upgraded when upgrading to a new maintenance release of CPython.

Some redistributors do patch the ensurepip module to seed virtual environments based on the installed system level packages, so if your redistributor is one that already does so (e.g. Fedora), then you may have a downstream bug to file, and if they don't, then you may have a downstream feature request to ask them to switch to that model rather than using the files bundled by upstream.

In the meantime, the two main approaches folks adopt to make sure that they always have the latest versions of these components installed by default are:

- using the latest version of the third party `virtualenv` module for venv management (as that gets updated independently of the CPython maintenance release cycle)
- running "python -m pip install --upgrade pip setuptools wheel" immediately after creating each virtual environment