Skip to content

Bump build from 1.4.4 to 1.5.0#67

Merged
docktermj merged 2 commits into
mainfrom
dependabot/pip/build-1.5.0
May 27, 2026
Merged

Bump build from 1.4.4 to 1.5.0#67
docktermj merged 2 commits into
mainfrom
dependabot/pip/build-1.5.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps build from 1.4.4 to 1.5.0.

Release notes

Sourced from build's releases.

1.5.0

What's Changed

Full Changelog: pypa/build@1.4.4...1.5.0

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

Features

  • Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes

  • Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous

  • :issue:1033

#################### 1.4.4 (2026-04-22) ####################

Bugfixes

  • Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
  • Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
  • Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
  • Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous

  • :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

Features

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 22, 2026 00:53
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 22, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

🤖 Claude Code Review

Code Review

PR Summary: Bumps build dependency from 1.4.4 to 1.5.0 in pyproject.toml.

Code Quality

  • Style guide: Single-line change in pyproject.toml, no style concerns.
  • No commented-out code: N/A.
  • Meaningful variable names: N/A.
  • DRY principle: N/A.
  • Defects: No logic change; this is a dependency version pin update. No bugs, race conditions, or security issues introduced.
  • CLAUDE.md: No project-memory concerns relevant to this change.

Testing

  • Unit/integration tests: No code logic changed; no new tests required.
  • Test coverage: N/A — dependency bump only.

Documentation

  • README: No update needed.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md: Dependency bumps of this nature (dev tooling, not runtime dependencies) typically don't require changelog entries. No concern.
  • Markdown formatting: N/A.

Security

  • No hardcoded credentials: N/A.
  • Input validation: N/A.
  • Error handling: N/A.
  • No sensitive data in logs: N/A.
  • No license files (.lic) or AQAAAD-prefixed strings: None present.

Verdict: Approved. This is a straightforward dev-dependency version bump (build is only in the development dependency group, not runtime). No concerns.

Automated code review analyzing defects and coding standards

@dependabot
Bump build from 1.4.4 to 1.5.0
842fabd 
Bumps [build](https://github.com/pypa/build) from 1.4.4 to 1.5.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.4...1.5.0)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/build-1.5.0 branch from ff0f657 to 842fabd Compare May 26, 2026 06:05
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026

🤖 Claude Code Review

Code Review: Bump build from 1.4.4 to 1.5.0

PR Summary: Single dependency version bump in pyproject.tomlbuild package updated from 1.4.4 to 1.5.0 in the development dependency group.

Code Quality

  • Style guide — Single-line change, no style concerns.
  • No commented-out code — N/A.
  • Meaningful variable names — N/A.
  • DRY principle — N/A.
  • Defects / bugs / security — This is a patch/minor version bump to a dev-only build tool. No logic changes introduced. build 1.5.0 is a legitimate PyPA release with no known CVEs.

Testing

  • Unit/integration tests — No new code; no tests required. CI matrix (Python 3.10–3.13) will exercise the updated build tooling.
  • Edge cases / coverage — N/A for a dependency bump.

Documentation

  • README — No update needed; build is a dev dependency not referenced in user-facing docs.
  • CHANGELOG.md — Dependency bumps of this nature are typically tracked automatically (e.g., by Dependabot); no manual changelog entry is required unless project convention demands it.
  • Inline comments — N/A.

Security

  • No hardcoded credentials — N/A.
  • No license files (.lic / AQAAAD) — None present.
  • build is a dev-only dependency — Not shipped in the runtime package, so the attack surface for end users is unchanged.

Summary

This is a clean, low-risk dependency bump. No issues found. ✅ Approved.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

🤖 Claude Code Review

Code Review: build dependency bump 1.4.41.5.0

This is a single-line dependency version bump in pyproject.toml, generated by Dependabot.

Code Quality

  • Style guide: Config file change only; no style concerns.
  • No commented-out code: N/A.
  • Meaningful variable names: N/A.
  • DRY principle: N/A.
  • Defects: The build package is a development-only dependency (under [dependency-groups] development), used for packaging. Version 1.5.0 is a minor bump and unlikely to introduce breaking changes. No logic or runtime impact.
  • CLAUDE.md: Not relevant to this change.

Testing

  • Unit/integration tests: No new functions introduced; no tests required for a dev dependency bump.
  • CI coverage: The project tests against Python 3.10–3.13 via CI, which will validate compatibility of this bump.

Documentation

  • CHANGELOG.md: The existing CHANGELOG.md contains placeholder content (Thing 1Thing 6, yyyy-mm-dd dates) and has not been updated for this change. While a dev dependency bump may not require a changelog entry by convention, the placeholder content is a concern that should be addressed independently.
  • README: No update needed.
  • Inline comments: N/A.

Security

  • No hardcoded credentials.
  • No sensitive data in logs.
  • No .lic files containing AQAAAD strings detected.
  • Input validation: N/A for a config change.

Summary

This is a clean, minimal Dependabot-generated dependency bump with no functional impact. The one notable finding is that CHANGELOG.md contains unfinished placeholder content (Thing 1Thing 6, yyyy-mm-dd) that should be addressed — this is pre-existing and out of scope for this PR, but worth flagging.

Verdict: Approve. No issues with the change itself.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 30d99e0 into main May 27, 2026
11 checks passed
@docktermj docktermj deleted the dependabot/pip/build-1.5.0 branch May 27, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj @senzingdevops