Skip to content

Bump build from 1.4.4 to 1.5.0#105

Merged
docktermj merged 1 commit into
mainfrom
dependabot/pip/build-1.5.0
May 27, 2026
Merged

Bump build from 1.4.4 to 1.5.0#105
docktermj merged 1 commit into
mainfrom
dependabot/pip/build-1.5.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps build from 1.4.4 to 1.5.0.

Release notes

Sourced from build's releases.

1.5.0

What's Changed

Full Changelog: pypa/build@1.4.4...1.5.0

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

Features

  • Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes

  • Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous

  • :issue:1033

#################### 1.4.4 (2026-04-22) ####################

Bugfixes

  • Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
  • Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
  • Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
  • Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous

  • :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

Features

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 21, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 21, 2026 17:38
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 21, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build package from 1.4.4 to 1.5.0 in the development dependency group of pyproject.toml.

Code Quality

  • Style guide: Single-line version bump, no style concerns.
  • No commented-out code: N/A.
  • Meaningful variable names: N/A.
  • DRY principle: N/A.
  • Defects: No logic errors; straightforward dependency version bump. build 1.5.0 is a development/build tool, not a runtime dependency, so blast radius is minimal.
  • CLAUDE.md: No issues — the project instructions reference build as a dev tool, consistent with this change.

Testing

  • Unit/integration tests: No new logic introduced; no tests required for a dev-dependency version bump.
  • Test coverage: N/A.

Documentation

  • README: No update needed.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md: Not included, but dependency bumps of this nature (automated/Dependabot-style) typically don't require changelog entries unless the project policy mandates it.
  • Markdown formatting: No markdown changes.

Security

  • No hardcoded credentials: N/A.
  • Input validation: N/A.
  • Error handling: N/A.
  • No sensitive data in logs: N/A.
  • No license files (.lic) or AQAAAD-prefixed content: None present.

Verdict: Approved. This is a clean, minimal dependency bump for a development-only tool (build). No concerns.

Automated code review analyzing defects and coding standards

@dependabot dependabot Bot force-pushed the dependabot/pip/build-1.5.0 branch from 328268b to 1ceb880 Compare May 26, 2026 22:41
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026

🤖 Claude Code Review

Code Review

PR Summary: Bumps the build development dependency from 1.4.4 to 1.5.0 in pyproject.toml.

Code Quality

  • Style guide: Single-line change in a TOML config file — nothing to evaluate stylistically.
  • No commented-out code: None present.
  • Meaningful variable names: N/A.
  • DRY principle: N/A.
  • Defects / logic errors: The bump is from 1.4.41.5.0 (minor version). build is a dev-only dependency used to build Python packages and is not part of the runtime. The change is isolated to the development dependency group and does not affect production behavior.
  • CLAUDE.md: No conflict. The project CLAUDE.md references python -m pip install --group all ., which would install development dependencies including this one; the version bump is compatible with that workflow.

Testing

  • N/A: A development tooling version bump does not require new unit or integration tests.

Documentation

  • CHANGELOG.md: Not updated in this diff. Dependency bumps are typically worth noting in a changelog. This is low severity, but worth a flag.

Security

  • No hardcoded credentials: None.
  • No license files (.lic / AQAAAD strings): None.
  • No other security concerns: build is a well-known PyPA tool; bumping to a published minor release is low risk.

Summary

This is a routine, low-risk dependency bump. The only minor gap is the missing CHANGELOG entry. Everything else looks clean.

Automated code review analyzing defects and coding standards

@dependabot
Bump build from 1.4.4 to 1.5.0
8c2ff23 
Bumps [build](https://github.com/pypa/build) from 1.4.4 to 1.5.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.4...1.5.0)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/build-1.5.0 branch from 1ceb880 to 8c2ff23 Compare May 27, 2026 13:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build dependency from 1.4.4 to 1.5.0 in pyproject.toml.

Code Quality

  • Style guide: Single-line version bump, no style concerns.
  • No commented-out code: N/A.
  • Meaningful variable names: N/A.
  • DRY principle: N/A.
  • Defects / bugs / security: No logic changes. build is a dev-only dependency (development group), so no runtime impact. 1.5.0 is a minor version bump — no breaking changes expected per semver.
  • CLAUDE.md: No issues; this change is consistent with the project's dependency management approach.

Testing

  • ✅ No new functions or endpoints introduced; no test changes required.

Documentation

  • CHANGELOG.md: Not updated. Dependency bumps are typically worth noting in a changelog entry (e.g., under a "Dependencies" or "Chores" section). Verify whether this project's convention requires it.
  • ✅ README/API docs: No changes needed for a dev-dependency bump.
  • ✅ Markdown formatting: N/A.

Security

  • ✅ No hardcoded credentials.
  • ✅ No sensitive data.
  • ✅ No .lic files or AQAAAD-prefixed content.
  • build is a development-only dependency — zero production attack surface change.

Overall: Minor change, low risk. The only actionable item is confirming whether a CHANGELOG entry is required per project convention.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 0bd65e8 into main May 27, 2026
12 checks passed
@docktermj docktermj deleted the dependabot/pip/build-1.5.0 branch May 27, 2026 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj @senzingdevops