Skip to content

Bump wheel from 0.45.1 to 0.46.2#40

Merged
docktermj merged 1 commit intomainfrom
dependabot/pip/wheel-0.46.2
Feb 12, 2026
Merged

Bump wheel from 0.45.1 to 0.46.2#40
docktermj merged 1 commit intomainfrom
dependabot/pip/wheel-0.46.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2026
edited by github-actions bot
Loading

Bumps wheel from 0.45.1 to 0.46.2.

Release notes

Sourced from wheel's releases.

0.46.2

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1

  • Temporarily restored the wheel.macosx_libfile module (#659)

0.46.0

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field
Changelog

Sourced from wheel's changelog.

Release Notes

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

  • Refactored the convert command to not need setuptools to be installed

  • Don't configure setuptools logging unless running bdist_wheel

  • Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

    Projects are still advised to migrate away from the deprecated module and import

... (truncated)

Commits
  • eba4036 Updated the version number for v0.46.2
  • 557fb54 Created a new release
  • 7a7d2de Fixed security issue around wheel unpack (#675)
  • 41418fa Fixed test failures due to metadata normalization changes
  • c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
  • 0bac882 Update github actions environments (#673)
  • be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
  • 6244f08 Update pre-commit ruff legacy alias (#668)
  • 15b7577 PEP 639 compliance (#670)
  • fc8cb41 Revert "Removed redundant Python version from the publish workflow (#666)"
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #659
Resolves #676
Resolves #675
Resolves #674
Resolves #673
Resolves #667
Resolves #668
Resolves #670
Resolves #666

@dependabot
Bump wheel from 0.45.1 to 0.46.2
94dc671 
Bumps [wheel](https://github.com/pypa/wheel) from 0.45.1 to 0.46.2.
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.45.1...0.46.2)

---
updated-dependencies:
- dependency-name: wheel
  dependency-version: 0.46.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 12, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 12, 2026 00:43
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 12, 2026
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

🤖 Claude Code Review

I'll review this pull request diff against the provided checklist.

Code Review Analysis

Code Quality ✅

  • [✅] Code follows style guide: This is a simple dependency version bump in pyproject.toml - no code style issues apply
  • [✅] No commented-out code: N/A - configuration file only
  • [✅] Meaningful variable names: N/A - dependency declaration
  • [✅] DRY principle followed: N/A - single line change
  • [✅] Identify Defects: No defects identified. The change updates the wheel package from version 0.45.1 to 0.46.2 in the development dependencies group. This is a standard dependency update.
  • [✅] Project memory configuration: The change aligns with project standards - it's a dependency update that doesn't affect local development environment specifics

Testing ⚠️

  • [⚠️] Unit tests for new functions: N/A - dependency update only, but should verify the application still builds and runs
  • [⚠️] Integration tests for new endpoints: N/A - no new endpoints
  • [⚠️] Edge cases covered: N/A - dependency update
  • [⚠️] Test coverage > 80%: N/A - no code changes affecting coverage

Note: While tests aren't directly applicable, the CI/CD pipeline should verify that the new wheel version doesn't break the build or installation process.

Documentation ✅

  • [✅] Readme updated if needed: Not needed - internal dependency update
  • [✅] API docs updated: N/A - no API changes
  • [✅] Inline comments for complex logic: N/A - no code logic changes
  • [✅] CHANGELOG.md updated: This might warrant a CHANGELOG entry if the project tracks all dependency updates, but it's typically optional for development-only dependencies. The git commit message "Bump wheel from 0.45.1 to 0.46.2" provides adequate tracking.
  • [✅] Markdown formatting: N/A - no markdown changes

Security ✅

  • [✅] No hardcoded credentials: None present
  • [✅] Input validation implemented: N/A - dependency update
  • [✅] Proper error handling: N/A - dependency update
  • [✅] No sensitive data in logs: N/A - dependency update
  • [✅] No license files (.lic) or AQAAAD strings: None present

Summary

Overall Assessment: ✅ APPROVED

This is a clean dependency update for the wheel package in the development dependencies. The change:

  • Updates wheel from 0.45.1 to 0.46.2 (pyproject.toml:47)
  • Only affects development dependencies, not production dependencies
  • Aligns with the automated dependency update commit message pattern seen in recent commits
  • Introduces no security, style, or functional concerns

Recommendations:

  1. Ensure CI/CD pipeline passes to verify compatibility
  2. Consider if this warrants a CHANGELOG.md entry based on your project's dependency tracking policy

No blocking issues identified. The PR is ready to merge once automated tests pass.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit b2f1ef0 into main Feb 12, 2026
14 checks passed
@docktermj docktermj deleted the dependabot/pip/wheel-0.46.2 branch February 12, 2026 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@docktermj