Bump build from 1.4.4 to 1.5.0

[dependabot]

Bumps build from 1.4.4 to 1.5.0.

Release notes

Sourced from build's releases.

1.5.0

What's Changed

• ci: try to improve release docs by @​henryiii in pypa/build#1051
• feat: drop 3.9, require 3.10+ by @​henryiii in pypa/build#1036
• chore: tox toml by @​henryiii in pypa/build#1033
• fix: api should not ignore installed, only CLI by @​henryiii in pypa/build#1056

Full Changelog: pypa/build@1.4.4...1.5.0

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

---

Features

---

• Drop Python 3.9 support - by :user:henryiii (:issue:1036)

---

Bugfixes

---

• Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

---

Miscellaneous

---

• :issue:1033

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

... (truncated)

Commits

• 615d04c chore: prepare for 1.5.0
• 776f702 fix: api should not ignore installed, only CLI (#1056)
• 42da4c4 pre-commit: bump repositories (#1055)
• b445cd2 chore: tox toml (#1033)
• c44c143 feat: drop 3.9, require 3.10+ (#1036)
• a9bb456 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the actions group...
• cb33511 ci: try to improve release docs (#1051)
• See full diff in compare view

[github-actions]

🤖 Claude Code Review

Code Review

Code Quality

• ✅ Style guide: Single dependency version bump in pyproject.toml — no style concerns.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No bugs or logic errors. Bumping build from 1.4.4 to 1.5.0 is a minor version bump in a dev dependency — no breaking change risk for this project.

Testing

• ✅ Unit/integration tests: No application logic changed; no new tests required.

Documentation

• ✅ README: No update needed for a dev dependency bump.
• ✅ CHANGELOG.md: Not updated — acceptable for a routine dependency bump (check project convention if unsure).

Security

• ✅ No hardcoded credentials
• ✅ No license files (.lic) or AQAAAD-prefixed strings

---

Summary: This is a clean, minimal dependency bump (build 1.4.4 → 1.5.0) with no risk. The change is limited to the development dependency group, so it has no impact on runtime or test behavior. No issues found.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

This is a minimal dependency bump PR — upgrading build from 1.4.4 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide: Single-line change, no style concerns.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No logic changes; dependency version bump only. No bugs introduced.
• ✅ CLAUDE.md: N/A for this change.

Testing

• ✅ No new functions or endpoints — no tests required.
• ⚠️ No test run evidence in the diff. For a dependency bump, CI passing is sufficient, but the diff alone doesn't confirm it. Recommend verifying CI passed before merging.

Documentation

• ✅ README: No update needed for a dev-only dependency bump.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ⚠️ CHANGELOG.md: Not updated. Whether this is required depends on project policy — build is a development-only dependency (development group), so end users are unaffected. Acceptable to omit if the policy exempts dev tooling bumps.

Security

• ✅ No hardcoded credentials
• ✅ No sensitive data
• ✅ No license files
• ✅ build 1.5.0 is a legitimate upstream release on PyPI. No known CVEs at this version.

---

Summary: Clean, low-risk dependency bump. The only flag worth noting is whether CHANGELOG.md should be updated per project convention — functionally, this change is safe to merge.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review

Change: Bumps build dependency from 1.4.4 to 1.5.0 in pyproject.toml (development dependency group).

---

Code Quality

• ✅ Style guide: Single-line change in TOML config, no style concerns.
• ✅ No commented-out code
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects: No logic errors. This is a minor version bump (1.4.4 → 1.5.0) for the build package, which is a development-only dependency used for building wheel packages. Minor version bumps in this tool are generally backwards-compatible per semver. No runtime impact since it's in the development group.
• ✅ CLAUDE.md: No issues; the project instructions are appropriately general.

Testing

• ✅ Unit/integration tests: Not applicable for a dependency version bump.
• ✅ Coverage: No new code paths introduced.

Documentation

• ✅ README: No update needed for a dev dependency bump.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ✅ CHANGELOG.md: Not included in the diff — acceptable for an automated dependency bump (this appears to be a Dependabot-style bump based on the commit message Bump build from 1.4.4 to 1.5.0).
• ✅ Markdown formatting: N/A

Security

• ✅ No hardcoded credentials
• ✅ No license files (.lic) or AQAAAD strings
• ✅ No sensitive data
• ✅ The build package is a well-known PyPA tool; this is a routine patch/minor update with no known security concerns.

---

Summary: This is a straightforward automated dependency bump for a dev-only tool. No issues found. Safe to merge.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review

PR: Bump build from 1.4.4 to 1.5.0

---

Code Quality

✅ Style guide — Single-line dependency version bump, no style concerns.

✅ No commented-out code — N/A.

✅ Meaningful variable names — N/A.

✅ DRY principle — N/A.

✅ Defects — No logic errors. This is a straightforward development dependency version bump in pyproject.toml:37. The build package is a development-only dependency (under [dependency-groups] development), so this has no impact on runtime behavior.

✅ CLAUDE.md — No issues.

---

Testing

✅ Unit/integration tests — Not applicable for a dependency version bump.

✅ Test coverage — No new code introduced.

---

Documentation

✅ README — No update needed.

✅ API docs — No update needed.

✅ Inline comments — N/A.

✅ CHANGELOG.md — Not present in the diff, but this is a dev dependency bump (not a user-facing change), so omission is acceptable.

✅ Markdown formatting — No markdown files changed.

---

Security

✅ No hardcoded credentials — None present.

✅ Input validation — N/A.

✅ Error handling — N/A.

✅ No sensitive data in logs — N/A.

✅ No license files — No .lic files or AQAAAD-prefixed strings present.

---

Summary

This is a clean, minimal bump of the build development dependency from 1.4.4 to 1.5.0. No concerns. Approved.

Automated code review analyzing defects and coding standards