Skip to content

Bump build from 1.4.0 to 1.4.2#172

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/build-1.4.2
Apr 15, 2026
Merged

Bump build from 1.4.0 to 1.4.2#172
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/build-1.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 15, 2026

Bumps build from 1.4.0 to 1.4.2.

Release notes

Sourced from build's releases.

1.4.2

What's Changed

New Contributors

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

Full Changelog: pypa/build@1.4.0...1.4.1

Changelog

Sourced from build's changelog.

#################### 1.4.3 (2026-04-10) ####################

Features

  • Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

Bugfixes

  • Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build
    • by :user:gaborbernat (:issue:405)
  • Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)
  • check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)
  • Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)
  • Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)
  • Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)
  • Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

Miscellaneous

  • :issue:1020, :issue:1021

#################### 1.4.2 (2026-03-25) ####################

Bugfixes

  • Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
  • Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

... (truncated)

Commits
  • 7b7ae07 chore: prepare for 1.4.2
  • 17f3b57 fix: release changelog issue (#1006)
  • b945752 fix: _has_valid_outer_pip when pip is missing (#1003)
  • 74ae997 🔧 fix(towncrier): match docstrfmt RST formatting expectations (#1002)
  • 3786929 🐛 fix(release): detect pre-commit environment inconsistencies (#1001)
  • 737bdb7 fix(uv): always pass the python to use (#996)
  • bd88956 chore: prepare for 1.4.1
  • 062e7e2 🐛 fix(deps): add pre-commit to release dependency group (#1000)
  • 3d8e260 🐛 fix(ci): resolve pre-release auth failure and change detection (#999)
  • f2a2610 chore: fix fix job (#997)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump build from 1.4.0 to 1.4.2
565f067 
Bumps [build](https://github.com/pypa/build) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.0...1.4.2)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 15, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 15, 2026 16:25
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 15, 2026
senzingdevops
senzingdevops approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@senzingdevops senzingdevops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions bot enabled auto-merge (squash) April 15, 2026 16:25
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 15, 2026

🤖 Claude Code Review

PR Code Review

Change Summary: Dependency bump — build from 1.4.0 to 1.4.2 in pyproject.toml (development group).

Code Quality

  • Style guide: Single-line change in TOML config, no style concerns.
  • No commented-out code
  • Meaningful variable names: N/A
  • DRY principle: N/A
  • Defects: No logic changes; version pin is exact (==), which is consistent with surrounding dependencies.
  • CLAUDE.md: N/A for this change.

Testing

  • Unit/integration tests: Not required for a dev-dependency version bump.
  • Test coverage: Not applicable.

Documentation

  • CHANGELOG.md: Not updated. Dependency bumps, even minor ones, are typically recorded. The existing commit history shows other dependency bumps (e.g., pytest-cov, coverage) were merged as separate automated PRs — it's unclear if a changelog entry is expected here, but it should be verified against project conventions.
  • README/API docs: No updates needed.
  • Markdown formatting: N/A.

Security

  • No hardcoded credentials
  • No license files (.lic) or AQAAAD-prefixed strings
  • No sensitive data

Overall: The change is minimal and low-risk — build 1.4.2 is a patch bump in the development dependency group, so it has no impact on runtime or test behavior. The only question is whether a CHANGELOG entry is expected for this bump. If the project tracks all dependency updates in the changelog, add an entry; otherwise this is ready to merge.

Automated code review analyzing defects and coding standards

@github-actions github-actions bot merged commit 29b0503 into main Apr 15, 2026
32 checks passed
@github-actions github-actions bot deleted the dependabot/pip/build-1.4.2 branch April 15, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@senzingdevops senzingdevops senzingdevops approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@senzingdevops