Skip to content

Bump build from 1.2.2.post1 to 1.4.0#76

Merged
docktermj merged 1 commit intomainfrom
dependabot/pip/build-1.4.0
Feb 19, 2026
Merged

Bump build from 1.2.2.post1 to 1.4.0#76
docktermj merged 1 commit intomainfrom
dependabot/pip/build-1.4.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 19, 2026
edited by github-actions bot
Loading

Bumps build from 1.2.2.post1 to 1.4.0.

Release notes

Sourced from build's releases.

1.4.0

  • Add --quiet flag (PR #947)
  • Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
  • Support UV environment variable (PR #971)
  • Remove a workaround for 3.14b1 (PR #960)
  • In 3.14 final release, color defaults to True already (PR #962)
  • Pass sp-repo-review (PR #942)
  • In pytest configuration, log_level is better than log_cli_level (PR #950)
  • Split up typing and mypy (PR #944)
  • Use types-colorama (PR #945)
  • In docs, first argument for _has_dependency is a name (PR #970)
  • Fix test failure when flit-core is installed (PR #921)

1.3.0

  • Add --config-json (PR #916, fixes issue #900)
  • Drop Python 3.8 (PR #891)
  • Test on Python 3.14, colorful help on 3.14+ (PR #895)
  • Fix ModuleNotFoundError when pip is not installed (PR #898)
  • Disable use of pip install --python for debundled pip (PR #861)
  • Don't pass no-wheel to virtualenv if it would warn (PR #892)
  • Optimize our tests to run faster (PR #871, #872, #738)
  • Allow running our tests without virtualenv (PR #911)
  • Fix issues in our tests (PR #824, #918, #870, #915, #862, #863, #899, #896, #854)
  • Use SPDX identifiers for our license metadata (PR #914)
  • Use dependency-groups for our development (PR #880)
  • Mention conda and update uv mention in README/docs (PR #842, #816, #917)
Changelog

Sourced from build's changelog.

1.4.0 (2026-01-08)

  • Add --quiet flag (:pr:947)
  • Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)
  • Support UV environment variable (:pr:971)
  • Remove a workaround for 3.14b1 (:pr:960)
  • In 3.14 final release, color defaults to True already (:pr:962)
  • Pass sp-repo-review (:pr:942)
  • In pytest configuration, log_level is better than log_cli_level (:pr:950)
  • Split up typing and mypy (:pr:944)
  • Use types-colorama (:pr:945)
  • In docs, first argument for _has_dependency is a name (PR :pr:970)
  • Fix test failure when flit-core is installed (PR :pr:921)

1.3.0 (2025-08-01)

  • Add --config-json (PR :pr:916, fixes issue :issue:900)
  • Drop Python 3.8 (PR :pr:891)
  • Test on Python 3.14, colorful help on 3.14+ (PR :pr:895)
  • Fix ModuleNotFoundError when pip is not installed (PR :pr:898)
  • Disable use of pip install --python for debundled pip (PR :pr:861)
  • Don't pass no-wheel to virtualenv if it would warn (PR :pr:892)
  • Optimize our tests to run faster (PR :pr:871, :pr:872, :pr:738)
  • Allow running our tests without virtualenv (PR :pr:911)
  • Fix issues in our tests (PR :pr:824, :pr:918, :pr:870, :pr:915, :pr:862, :pr:863, :pr:899, :pr:896, :pr:854)
  • Use SPDX identifiers for our license metadata (PR :pr:914)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #947
Resolves #940
Resolves #943
Resolves #971
Resolves #960
Resolves #962
Resolves #942
Resolves #950
Resolves #944
Resolves #945
Resolves #970
Resolves #921
Resolves #916
Resolves #900
Resolves #891
Resolves #895
Resolves #898
Resolves #861
Resolves #892
Resolves #871
Resolves #872
Resolves #738
Resolves #911
Resolves #824
Resolves #918
Resolves #870
Resolves #915
Resolves #862
Resolves #863
Resolves #899
Resolves #896
Resolves #854
Resolves #914
Resolves #880
Resolves #842
Resolves #816
Resolves #917
Resolves #972
Resolves #968
Resolves #965
Resolves #961

@dependabot
Bump build from 1.2.2.post1 to 1.4.0
937dfa5 
Bumps [build](https://github.com/pypa/build) from 1.2.2.post1 to 1.4.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.2.2.post1...1.4.0)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 19, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 19, 2026 13:16
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 19, 2026
@github-actions
Copy link

github-actions bot commented Feb 19, 2026

🤖 Claude Code Review

PR Code Review

PR Summary: Bumps the build package from 1.2.2.post1 to 1.4.0 in development-requirements.txt.

Code Quality

  • Style guide — Not fetchable in this environment, but a single dependency version bump in a requirements file carries no style concerns.
  • No commented-out code — Not applicable.
  • Meaningful variable names — Not applicable.
  • DRY principle — Not applicable.
  • Defects / bugs / security — This is a development-only dependency (development-requirements.txt), not a runtime dependency. No logic changes; no security surface area introduced. The version jump from 1.2.2.post11.4.0 is a minor/patch bump for the PyPA build tool (used to build distributions), which is appropriate.

Testing

  • Unit/integration tests — No logic changed; no new tests required.
  • Edge cases — Not applicable.
  • Test coverage — Not applicable.

Documentation

  • README — No update needed.
  • API docs — Not applicable.
  • Inline comments — Not applicable.
  • CHANGELOG.md — The [Unreleased] section exists but does not mention this dependency bump. Dependency version updates in dev tooling are typically low-priority for changelogs, but the project's CHANGELOG template suggests entries should be tracked. Note: the existing CHANGELOG still contains placeholder dates (yyyy-mm-dd) and generic entries ("Thing 1", "Thing 2") — this is a pre-existing issue, not introduced by this PR.
  • Markdown formatting — Not applicable to this diff.

Security

  • No hardcoded credentials — None present.
  • Input validation — Not applicable.
  • Error handling — Not applicable.
  • No sensitive data in logs — Not applicable.
  • No license files (.lic / AQAAAD) — None present.

Summary

This is a routine dependency bump with no concerns. The only minor note is the missing CHANGELOG entry, which is low severity for a dev-only tooling upgrade. No blocking issues.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 7b3c68b into main Feb 19, 2026
16 checks passed
@docktermj docktermj deleted the dependabot/pip/build-1.4.0 branch February 19, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@docktermj