Skip to content

Bump build from 1.3.0 to 1.4.0#21

Merged
docktermj merged 1 commit intomainfrom
dependabot/pip/build-1.4.0
Jan 30, 2026
Merged

Bump build from 1.3.0 to 1.4.0#21
docktermj merged 1 commit intomainfrom
dependabot/pip/build-1.4.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 30, 2026
edited by github-actions bot
Loading

Bumps build from 1.3.0 to 1.4.0.

Release notes

Sourced from build's releases.

1.4.0

  • Add --quiet flag (PR #947)
  • Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
  • Support UV environment variable (PR #971)
  • Remove a workaround for 3.14b1 (PR #960)
  • In 3.14 final release, color defaults to True already (PR #962)
  • Pass sp-repo-review (PR #942)
  • In pytest configuration, log_level is better than log_cli_level (PR #950)
  • Split up typing and mypy (PR #944)
  • Use types-colorama (PR #945)
  • In docs, first argument for _has_dependency is a name (PR #970)
  • Fix test failure when flit-core is installed (PR #921)
Changelog

Sourced from build's changelog.

1.4.0 (2026-01-08)

  • Add --quiet flag (:pr:947)
  • Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)
  • Support UV environment variable (:pr:971)
  • Remove a workaround for 3.14b1 (:pr:960)
  • In 3.14 final release, color defaults to True already (:pr:962)
  • Pass sp-repo-review (:pr:942)
  • In pytest configuration, log_level is better than log_cli_level (:pr:950)
  • Split up typing and mypy (:pr:944)
  • Use types-colorama (:pr:945)
  • In docs, first argument for _has_dependency is a name (PR :pr:970)
  • Fix test failure when flit-core is installed (PR :pr:921)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #947
Resolves #940
Resolves #943
Resolves #971
Resolves #960
Resolves #962
Resolves #942
Resolves #950
Resolves #944
Resolves #945
Resolves #970
Resolves #921
Resolves #972
Resolves #968
Resolves #965
Resolves #961

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 30, 2026
@dependabot
Bump build from 1.3.0 to 1.4.0
6f5607e 
Bumps [build](https://github.com/pypa/build) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.3.0...1.4.0)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner January 30, 2026 00:53
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jan 30, 2026
@github-actions
Copy link

github-actions bot commented Jan 30, 2026

🤖 Claude Code Review

Code Review Analysis

Analyzing the pull request diff against the provided checklist...

Review Results

Code Quality ✅

  • Code follows style guide: This is a dependency version bump in pyproject.toml. No code style issues apply.
  • No commented-out code: N/A - dependency configuration only
  • Meaningful variable names: N/A - dependency configuration only
  • DRY principle followed: N/A - dependency configuration only
  • Identify Defects: No defects identified. This is a minor version bump of the build package from 1.3.0 to 1.4.0 in the development dependencies group. The change is isolated and safe.
  • Project memory compliance: The change aligns with project structure - it's a standard dependency update in the development group, not environment-specific.

File: pyproject.toml:36

Testing ⚠️

  • ⚠️ Unit tests for new functions: N/A - No functional code changes
  • ⚠️ Integration tests for new endpoints: N/A - No new endpoints
  • ⚠️ Edge cases covered: N/A - Dependency update only
  • ⚠️ Test coverage > 80%: Cannot verify from diff alone, but this change doesn't affect coverage

Note: This is a build tool dependency update. Verification should occur through CI pipeline testing across Python 3.10-3.13 as mentioned in the project docs.

Documentation ✅

  • Readme updated if needed: Not required - dependency bumps typically don't require README changes
  • API docs updated: N/A - No API changes
  • Inline comments for complex logic: N/A - No code logic changes
  • CHANGELOG.md updated: Cannot verify from diff, but minor dev dependency bumps often don't require CHANGELOG entries unless it's a breaking change or affects end users
  • Markdown formatting: N/A - No markdown changes in this PR

Security ✅

  • No hardcoded credentials: None present
  • Input validation implemented: N/A - No code changes
  • Proper error handling: N/A - No code changes
  • No sensitive data in logs: N/A - No code changes
  • No license files (.lic) or AQAAAD strings: None detected

Summary

Overall Assessment: ✅ APPROVED

This is a straightforward dependency version bump for the build package (a development-only dependency) from version 1.3.0 to 1.4.0. The change:

  • Is limited to the development dependency group (doesn't affect production dependencies)
  • Follows semantic versioning (minor version bump suggests backward-compatible features)
  • Poses minimal risk to the codebase

Recommendations:

  1. Ensure CI pipeline passes with the new build version across all supported Python versions (3.10-3.13)
  2. No additional changes needed unless CI reveals compatibility issues

Risk Level: Low

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 7edf8d4 into main Jan 30, 2026
13 checks passed
@docktermj docktermj deleted the dependabot/pip/build-1.4.0 branch January 30, 2026 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj @senzingdevops