Bump build from 1.4.0 to 1.5.0

[dependabot]

Bumps build from 1.4.0 to 1.5.0.

Release notes

Sourced from build's releases.

1.5.0

What's Changed

• ci: try to improve release docs by @​henryiii in pypa/build#1051
• feat: drop 3.9, require 3.10+ by @​henryiii in pypa/build#1036
• chore: tox toml by @​henryiii in pypa/build#1033
• fix: api should not ignore installed, only CLI by @​henryiii in pypa/build#1056

Full Changelog: pypa/build@1.4.4...1.5.0

1.4.4

What's Changed

• 🐛 fix(release): generate consistent CHANGELOG heading levels by @​gaborbernat in pypa/build#1032
• docs: move source links by @​henryiii in pypa/build#1034
• revert: drop PEP 660 change by @​henryiii in pypa/build#1039
• fix: ignore installed when running pip by @​henryiii in pypa/build#1040
• fix: revert part of #973 by @​henryiii in pypa/build#1044
• chore: report coverage failure lines by @​henryiii in pypa/build#1046
• tests: fix issue with uv run by @​henryiii in pypa/build#1048
• docs: reorganize testing docs for copy/paste by @​abitrolly in pypa/build#1043
• tests: keep environment from leaking in Python 3.15 by @​henryiii in pypa/build#1049
• docs: fix issue with changelog generation by @​henryiii in pypa/build#1050

Full Changelog: pypa/build@1.4.3...1.4.4

1.4.3

What's Changed

• 🐛 fix(api): resolve thread-safety races in build API by @​gaborbernat in pypa/build#1015
• 🐛 fix(builder): validate backend-path entries exist on disk by @​gaborbernat in pypa/build#1016
• test: cover config settings build paths by @​terminalchai in pypa/build#992
• Add kind=(step, ) for root messages with * by @​abitrolly in pypa/build#973
• fix: correct changelog category ordering by @​gaborbernat in pypa/build#1017
• 🐛 fix(cli): show full dependency chain in missing deps error by @​gaborbernat in pypa/build#1019
• tests: fully annotate by @​henryiii in pypa/build#1020
• chore: lazy imports by @​henryiii in pypa/build#1021
• chore: adding more ruff codes by @​henryiii in pypa/build#1022
• tests: improve annotations by @​henryiii in pypa/build#1023
• 🧪 test(coverage): achieve 100% test coverage by @​gaborbernat in pypa/build#1018
• chore: add ruff PT by @​henryiii in pypa/build#1025
• chore: add ruff PYI by @​henryiii in pypa/build#1026
• chore: add ruff SIM/RET by @​henryiii in pypa/build#1028
• 🐛 fix(env): strip PYTHONPATH from isolated builds by @​gaborbernat in pypa/build#1024
• chore: use ruff ALL by @​henryiii in pypa/build#1029

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

---

Features

---

• Drop Python 3.9 support - by :user:henryiii (:issue:1036)

---

Bugfixes

---

• Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

---

Miscellaneous

---

• :issue:1033

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

... (truncated)

Commits

• 615d04c chore: prepare for 1.5.0
• 776f702 fix: api should not ignore installed, only CLI (#1056)
• 42da4c4 pre-commit: bump repositories (#1055)
• b445cd2 chore: tox toml (#1033)
• c44c143 feat: drop 3.9, require 3.10+ (#1036)
• a9bb456 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the actions group...
• cb33511 ci: try to improve release docs (#1051)
• 70666a2 chore: prepare for 1.4.4
• 653d865 docs: fix issue with changelog generation (#1050)
• 373b9ee tests: keep environment from leaking in Python 3.15 (#1049)
• Additional commits viewable in compare view

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build dependency from 1.4.0 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide — Version bump in pyproject.toml is a single-line change with no style concerns.
• ✅ No commented-out code — N/A
• ✅ Meaningful variable names — N/A
• ✅ DRY principle — N/A
• ✅ Defects — No logic, bugs, or security concerns in a dependency version bump.
• ✅ CLAUDE.md — No issues; the project config is appropriately general.

Testing

• ✅ Unit/integration tests — No new functions or endpoints introduced; no test changes required.
• ✅ Edge cases / coverage — N/A for a dependency bump.

Documentation

• ✅ README — No user-facing changes; no update needed.
• ✅ API docs — N/A
• ✅ Inline comments — N/A
• ✅ CHANGELOG.md — Dependency bumps of dev/build tooling typically do not require changelog entries; acceptable.
• ✅ Markdown formatting — No markdown files changed.

Security

• ✅ No hardcoded credentials — N/A
• ✅ Input validation — N/A
• ✅ Error handling — N/A
• ✅ No sensitive data in logs — N/A
• ✅ No license files (.lic / AQAAAD strings) — None present.

---

Verdict: APPROVED — Clean, minimal dependency bump with no issues. build 1.5.0 is a dev-only tool used for building Python packages and poses no runtime risk.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: Single dependency version bump — build from 1.4.0 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide — pyproject.toml change is a simple version string; no style concerns.
• ✅ No commented-out code — N/A.
• ✅ Meaningful variable names — N/A.
• ✅ DRY principle — N/A.
• ✅ Defects — No bugs, logic errors, or security issues introduced. This is a standard patch/minor version bump of a build tool (pypa/build).
• ✅ CLAUDE.md — No changes to project configuration; existing guidance remains valid.

Testing

• ✅ Unit/integration tests — No functional code changed; no new tests required.
• ✅ Test coverage — N/A for a dependency bump.

Documentation

• ✅ README — No update needed.
• ✅ API docs — N/A.
• ✅ Inline comments — N/A.
• ✅ CHANGELOG.md — Dependency bumps of this nature typically don't require a changelog entry; acceptable as-is.
• ✅ Markdown formatting — No markdown files changed.

Security

• ✅ No hardcoded credentials — None present.
• ✅ Input validation — N/A.
• ✅ Error handling — N/A.
• ✅ No sensitive data in logs — N/A.
• ✅ License files — No .lic files or AQAAAD-prefixed strings detected.

---

Verdict: APPROVE — Clean, low-risk dependency bump. No issues found.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Change: Bump build dependency from 1.4.0 to 1.5.0 in pyproject.toml

---

Code Quality

• ✅ Style guide: Single-line version bump, no style concerns.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No logic, security, or runtime concerns — this is a dev-only dependency (development group), not used in production builds or tests.
• ✅ CLAUDE.md: No issues; this change doesn't affect anything in the project instructions.

Testing

• ✅ No new functions or endpoints introduced; no tests required for a dependency version bump.

Documentation

• ✅ README: No update needed.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ✅ CHANGELOG.md: Not present in the diff — acceptable for a routine dependency bump via automated tooling (Dependabot/Renovate).
• ✅ Markdown formatting: N/A

Security

• ✅ No hardcoded credentials
• ✅ No license files (.lic) or AQAAAD-prefixed strings
• ✅ build is a dev-only tool for building Python packages; no runtime attack surface introduced.

---

Summary

Approved. This is a clean, minimal dependency bump for a development-only tool. No issues found across any checklist category.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build dependency from 1.4.0 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide — Single version bump, no style concerns.
• ✅ No commented-out code — N/A.
• ✅ Meaningful variable names — N/A.
• ✅ DRY principle — N/A.
• ✅ Defects — No logic errors or bugs introduced. This is a straightforward dependency version bump.
• ✅ CLAUDE.md — No concerns; project config is environment-neutral.

Testing

• ✅ Unit/integration tests — No new functions or endpoints; no tests required for a dependency bump.
• ✅ Test coverage — N/A.

Documentation

• ✅ README — No update needed.
• ✅ API docs — N/A.
• ✅ Inline comments — N/A.
• ✅ CHANGELOG.md — Not included, but acceptable for a dependency bump if project convention doesn't require it.
• ✅ Markdown formatting — N/A.

Security

• ✅ No hardcoded credentials — None present.
• ✅ Input validation — N/A.
• ✅ Error handling — N/A.
• ✅ Sensitive data in logs — N/A.
• ✅ License files — No .lic files or AQAAAD-prefixed strings detected.

---

Verdict: APPROVE — Clean, minimal change. The bump from build==1.4.0 to build==1.5.0 is low-risk and follows the existing pinned-version convention in pyproject.toml. No issues found.

Automated code review analyzing defects and coding standards