Bump wheel from 0.45.1 to 0.46.3

[dependabot]

Bumps wheel from 0.45.1 to 0.46.3.

Release notes

Sourced from wheel's releases.

0.46.3

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command (#676)

0.46.2

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1

• Temporarily restored the wheel.macosx_libfile module (#659)

0.46.0

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

Changelog

Sourced from wheel's changelog.

Release Notes

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

• Refactored the convert command to not need setuptools to be installed

• Don't configure setuptools logging unless running bdist_wheel

• Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

  Projects are still advised to migrate away from the deprecated module and import

... (truncated)

Commits

• 8b6fa74 Created a new release
• 7445fb5 Fixed an import of a removed module
• eba4036 Updated the version number for v0.46.2
• 557fb54 Created a new release
• 7a7d2de Fixed security issue around wheel unpack (#675)
• 41418fa Fixed test failures due to metadata normalization changes
• c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
• 0bac882 Update github actions environments (#673)
• be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
• 6244f08 Update pre-commit ruff legacy alias (#668)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #676
Resolves #659
Resolves #675
Resolves #674
Resolves #673
Resolves #667
Resolves #668

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This is a straightforward dependency version bump for the wheel package from 0.45.1 to 0.46.3 in development dependencies.

Detailed Checklist Review

Code Quality ✅

• ✅ Code follows style guide: This is a simple dependency version update in pyproject.toml, which follows standard TOML formatting.
• ✅ No commented-out code: None present.
• ✅ Meaningful variable names: N/A - dependency declaration.
• ✅ DRY principle followed: N/A - single dependency version update.
• ✅ Identify Defects: No defects. This is a maintenance update to the wheel package, likely addressing bug fixes or security issues in the newer version. The change is isolated to development dependencies and won't affect runtime behavior.
• ✅ Project memory consideration: Reviewed ./.claude/CLAUDE.md - it correctly documents project structure and commands without environment-specific details. This dependency change aligns with the documented development workflow (make dependencies-for-development).

Testing ⚠️

• ⚠️ Unit tests for new functions: N/A - This is a dependency update, not new functionality.
• ⚠️ Integration tests: N/A - Dependency update only.
• ⚠️ Edge cases covered: N/A
• ⚠️ Test coverage > 80%: Cannot verify from this diff alone, but dependency bumps typically don't affect coverage. Recommendation: Verify existing tests still pass with make test.

Recommendation: Run the full test suite (make test) and linting (make lint) to ensure the wheel version bump doesn't introduce any issues with the build/package process.

Documentation ✅

• ✅ README updated if needed: Not required - internal dependency change.
• ✅ API docs updated: Not required - no API changes.
• ✅ Inline comments: Not applicable - TOML dependency declaration.
• ⚠️ CHANGELOG.md updated: No CHANGELOG.md changes in this diff. For a minor dependency bump in development dependencies, this may be acceptable but should be confirmed based on project practices.
• ✅ Markdown formatting: No markdown files modified.

Security ✅

• ✅ No hardcoded credentials: None present.
• ✅ Input validation: N/A
• ✅ Proper error handling: N/A
• ✅ No sensitive data in logs: N/A
• ✅ No license files (.lic) or AQAAAD strings: None detected.

Overall Assessment: ✅ APPROVED

This is a clean, low-risk dependency maintenance update. The wheel package is a development dependency used for building Python packages, and bumping from 0.45.1 to 0.46.3 is likely addressing bug fixes or security patches.

Recommendations:

1. Before merging: Run make lint and make test to verify the new wheel version doesn't cause any build or test issues.
2. Optional: Consider adding a brief note to CHANGELOG.md under a "Dependencies" section if your project tracks development dependency updates.

No blocking issues identified. ✅

Automated code review analyzing defects and coding standards