Skip to content

Bump build from 1.3.0 to 1.4.0#329

Merged
docktermj merged 1 commit into
mainfrom
dependabot/pip/build-1.4.0
Jan 29, 2026
Merged

Bump build from 1.3.0 to 1.4.0#329
docktermj merged 1 commit into
mainfrom
dependabot/pip/build-1.4.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jan 29, 2026
edited by github-actions Bot
Loading

Bumps build from 1.3.0 to 1.4.0.

Release notes

Sourced from build's releases.

1.4.0

  • Add --quiet flag (PR #947)
  • Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
  • Support UV environment variable (PR #971)
  • Remove a workaround for 3.14b1 (PR #960)
  • In 3.14 final release, color defaults to True already (PR #962)
  • Pass sp-repo-review (PR #942)
  • In pytest configuration, log_level is better than log_cli_level (PR #950)
  • Split up typing and mypy (PR #944)
  • Use types-colorama (PR #945)
  • In docs, first argument for _has_dependency is a name (PR #970)
  • Fix test failure when flit-core is installed (PR #921)
Changelog

Sourced from build's changelog.

1.4.0 (2026-01-08)

  • Add --quiet flag (:pr:947)
  • Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)
  • Support UV environment variable (:pr:971)
  • Remove a workaround for 3.14b1 (:pr:960)
  • In 3.14 final release, color defaults to True already (:pr:962)
  • Pass sp-repo-review (:pr:942)
  • In pytest configuration, log_level is better than log_cli_level (:pr:950)
  • Split up typing and mypy (:pr:944)
  • Use types-colorama (:pr:945)
  • In docs, first argument for _has_dependency is a name (PR :pr:970)
  • Fix test failure when flit-core is installed (PR :pr:921)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #947
Resolves #940
Resolves #943
Resolves #971
Resolves #960
Resolves #962
Resolves #942
Resolves #950
Resolves #944
Resolves #945
Resolves #970
Resolves #921
Resolves #972
Resolves #968
Resolves #965
Resolves #961

@dependabot
Bump build from 1.3.0 to 1.4.0
a455a7f 
Bumps [build](https://github.com/pypa/build) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.3.0...1.4.0)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python python programming languagae labels Jan 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner January 29, 2026 22:53
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 29, 2026

🤖 Claude Code Review

Code Review: Dependency Update (build 1.3.0 → 1.4.0)

Summary

This PR updates the build package from version 1.3.0 to 1.4.0 in development dependencies.

Review Checklist Results

Code Quality

  • Code follows style guide - Dependency version update, style guide not applicable
  • No commented-out code - Clean change
  • Meaningful variable names - N/A for dependency update
  • DRY principle followed - N/A for dependency update
  • Identify Defects - No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward version bump of a development-only dependency.
  • Project memory configuration - The change aligns with .claude/CLAUDE.md guidance. This is a development dependency used for building wheel packages (make package).

Testing

  • Unit tests for new functions - N/A for dependency update
  • Integration tests for new endpoints - N/A for dependency update
  • Edge cases covered - N/A for dependency update
  • ⚠️ Test coverage > 80% - Cannot verify from diff alone. Recommend running make coverage to ensure the build version change doesn't affect test coverage (unlikely, but good practice).

Documentation

  • README updated if needed - No README changes needed for internal dev dependency
  • API docs updated - Not applicable
  • Inline comments for complex logic - Not applicable
  • ⚠️ CHANGELOG.md updated - No CHANGELOG.md changes visible in this diff. For a minor version bump of a development dependency, this may be acceptable depending on project policy, but consider documenting it for transparency.
  • Markdown formatting - No markdown changes in this PR

Security

  • No hardcoded credentials - None present
  • Input validation implemented - N/A for dependency update
  • Proper error handling - N/A for dependency update
  • No sensitive data in logs - N/A for dependency update
  • No license files (.lic) or AQAAAD strings - None detected in diff

Recommendations

  1. ✅ APPROVE with minor suggestions

  2. Suggested Actions:

    • Run make lint and make test to verify the new build version doesn't introduce any issues
    • Consider adding a brief note to CHANGELOG.md: - Bump build from 1.3.0 to 1.4.0 (for completeness, though this is a dev-only dependency)

  3. Release Notes (build 1.4.0):

    • Review the build 1.4.0 release notes to understand what changed. Key updates typically include bug fixes and compatibility improvements for PEP 517 build backends.

Verdict

✅ APPROVED - This is a clean, low-risk dependency update of a development-only tool. No code changes, no security concerns, and follows standard dependency maintenance practices.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit d615b0e into main Jan 29, 2026
59 checks passed
@docktermj docktermj deleted the dependabot/pip/build-1.4.0 branch January 29, 2026 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python python programming languagae

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj @senzingdevops