Bump wheel from 0.45.1 to 0.46.2

[dependabot]

Bumps wheel from 0.45.1 to 0.46.2.

Release notes

Sourced from wheel's releases.

0.46.2

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1

• Temporarily restored the wheel.macosx_libfile module (#659)

0.46.0

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

Changelog

Sourced from wheel's changelog.

Release Notes

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

• Refactored the convert command to not need setuptools to be installed

• Don't configure setuptools logging unless running bdist_wheel

• Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

  Projects are still advised to migrate away from the deprecated module and import

... (truncated)

Commits

• eba4036 Updated the version number for v0.46.2
• 557fb54 Created a new release
• 7a7d2de Fixed security issue around wheel unpack (#675)
• 41418fa Fixed test failures due to metadata normalization changes
• c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
• 0bac882 Update github actions environments (#673)
• be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
• 6244f08 Update pre-commit ruff legacy alias (#668)
• 15b7577 PEP 639 compliance (#670)
• fc8cb41 Revert "Removed redundant Python version from the publish workflow (#666)"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #659
Resolves #676
Resolves #675
Resolves #674
Resolves #673
Resolves #667
Resolves #668
Resolves #670
Resolves #666

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Analyzing the pull request diff against the checklist criteria:

✅ Code Quality

✅ Code follows style guide

• This is a dependency version bump in pyproject.toml, which is configuration, not code
• Format follows standard TOML syntax

✅ No commented-out code

• No commented code present

✅ Meaningful variable names

• N/A - this is a dependency declaration

✅ DRY principle followed

• N/A - single line change

✅ Identify Defects

• No defects identified
• This is a minor version bump of the wheel package from 0.45.1 to 0.46.2
• The change appears to be part of automated dependency maintenance (likely from Dependabot based on git history)

✅ Project memory configuration considered

• Reviewed ./.claude/CLAUDE.md - no conflicts with this change
• The dependency update is in the [project.optional-dependencies.development] group, which aligns with the documented install command

⚠️ Testing

❌ Unit tests for new functions

• N/A - no new functions added

❌ Integration tests for new endpoints

• N/A - no new endpoints

❌ Edge cases covered

• N/A - dependency update only

⚠️ Test coverage > 80%

• Cannot verify from this diff alone
• Recommendation: Ensure CI pipeline tests pass with the new wheel version before merging

⚠️ Documentation

⚠️ Readme updated if needed

• Likely not needed for a development dependency version bump
• The README doesn't specify exact versions of development dependencies

✅ API docs updated

• N/A - no API changes

✅ Inline comments for complex logic

• N/A - no code logic changes

⚠️ CHANGELOG.md updated

• Not updated in this PR
• Recommendation: For transparency, consider adding an entry like "Updated wheel from 0.45.1 to 0.46.2" if you track development dependency changes

✅ Markdown files formatted properly

• N/A - no markdown changes

✅ Security

✅ No hardcoded credentials

• None present

✅ Input validation implemented

• N/A

✅ Proper error handling

• N/A

✅ No sensitive data in logs

• N/A

✅ No license files (.lic) or AQAAAD strings

• None detected

---

Summary

Overall Assessment: ✅ APPROVE with minor recommendations

This is a straightforward dependency version bump for the wheel package in the development dependencies group (pyproject.toml:47). The change is low-risk as:

1. It only affects the development environment, not production
2. The version bump (0.45.1 → 0.46.2) is a minor/patch update
3. No code changes are introduced

Recommendations:

• Verify CI tests pass with the new version
• Consider documenting in CHANGELOG.md if you track dev dependency updates
• Ensure the change was intentional (appears to be automated via Dependabot)

No blocking issues identified.

Automated code review analyzing defects and coding standards