Skip to content

Bump build from 1.4.0 to 1.4.2#89

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/build-1.4.2
Apr 15, 2026
Merged

Bump build from 1.4.0 to 1.4.2#89
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/build-1.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Bumps build from 1.4.0 to 1.4.2.

Release notes

Sourced from build's releases.

1.4.2

What's Changed

New Contributors

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

Full Changelog: pypa/build@1.4.0...1.4.1

Changelog

Sourced from build's changelog.

#################### 1.4.3 (2026-04-10) ####################

Features

  • Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

Bugfixes

  • Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build
    • by :user:gaborbernat (:issue:405)
  • Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)
  • check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)
  • Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)
  • Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)
  • Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)
  • Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

Miscellaneous

  • :issue:1020, :issue:1021

#################### 1.4.2 (2026-03-25) ####################

Bugfixes

  • Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
  • Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

... (truncated)

Commits
  • 7b7ae07 chore: prepare for 1.4.2
  • 17f3b57 fix: release changelog issue (#1006)
  • b945752 fix: _has_valid_outer_pip when pip is missing (#1003)
  • 74ae997 🔧 fix(towncrier): match docstrfmt RST formatting expectations (#1002)
  • 3786929 🐛 fix(release): detect pre-commit environment inconsistencies (#1001)
  • 737bdb7 fix(uv): always pass the python to use (#996)
  • bd88956 chore: prepare for 1.4.1
  • 062e7e2 🐛 fix(deps): add pre-commit to release dependency group (#1000)
  • 3d8e260 🐛 fix(ci): resolve pre-release auth failure and change detection (#999)
  • f2a2610 chore: fix fix job (#997)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump build from 1.4.0 to 1.4.2
e803746 
Bumps [build](https://github.com/pypa/build) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.0...1.4.2)

---
updated-dependencies:
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 15, 2026 16:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 15, 2026
senzingdevops
senzingdevops approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@senzingdevops senzingdevops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions Bot enabled auto-merge (squash) April 15, 2026 16:23
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

🤖 Claude Code Review

PR Code Review

This is a minimal dependency version bump diff. Here's my analysis:

Code Quality

  • Style guide: Single line change, no style concerns.
  • No commented-out code: N/A
  • Meaningful variable names: N/A
  • DRY principle: N/A
  • Defects: No logic errors. Bumping build from 1.4.01.4.2 is a patch-level version increment in the development dependency group — low risk.
  • CLAUDE.md: No concerns; the project config is appropriately general.

Testing

  • Unit/integration tests: No application logic changed; no new tests required.
  • Coverage: N/A

Documentation

  • README: No user-facing changes; no update needed.
  • API docs: N/A
  • Inline comments: N/A
  • CHANGELOG.md: Not updated, but this is a dev-only transitive dependency bump — acceptable to omit.
  • Markdown formatting: N/A

Security

  • No hardcoded credentials: N/A
  • Input validation: N/A
  • Error handling: N/A
  • No sensitive data in logs: N/A
  • No license files (.lic / AQAAAD): None present.

Summary

This is a straightforward automated dependency bump (build 1.4.0 → 1.4.2) scoped to the development group only — it has no effect on runtime behavior or test dependencies. No issues found. Approved.

Automated code review analyzing defects and coding standards

@github-actions github-actions Bot merged commit d2aebd8 into main Apr 15, 2026
12 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/build-1.4.2 branch April 15, 2026 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@senzingdevops senzingdevops senzingdevops approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@senzingdevops