Bump build from 1.4.4 to 1.5.0

[dependabot]

Bumps build from 1.4.4 to 1.5.0.

Release notes

Sourced from build's releases.

1.5.0

What's Changed

• ci: try to improve release docs by @​henryiii in pypa/build#1051
• feat: drop 3.9, require 3.10+ by @​henryiii in pypa/build#1036
• chore: tox toml by @​henryiii in pypa/build#1033
• fix: api should not ignore installed, only CLI by @​henryiii in pypa/build#1056

Full Changelog: pypa/build@1.4.4...1.5.0

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

---

Features

---

• Drop Python 3.9 support - by :user:henryiii (:issue:1036)

---

Bugfixes

---

• Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

---

Miscellaneous

---

• :issue:1033

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

... (truncated)

Commits

• 615d04c chore: prepare for 1.5.0
• 776f702 fix: api should not ignore installed, only CLI (#1056)
• 42da4c4 pre-commit: bump repositories (#1055)
• b445cd2 chore: tox toml (#1033)
• c44c143 feat: drop 3.9, require 3.10+ (#1036)
• a9bb456 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the actions group...
• cb33511 ci: try to improve release docs (#1051)
• See full diff in compare view

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build development dependency from 1.4.4 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide: Single-line change in a TOML config file; no style concerns.
• ✅ No commented-out code: N/A
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects/bugs: No logic changes; dependency version bump only. build 1.5.0 is a legitimate PyPA release. No security advisories known for this package at this version.
• ✅ CLAUDE.md: No concerns with the project config.

Testing

• ✅ No new code paths introduced; dependency bumps of build tooling don't require unit tests.

Documentation

• ❌ CHANGELOG.md not updated — Dependency version bumps, even for dev tools, are typically recorded in the changelog. If this project tracks dependency updates in CHANGELOG.md, this entry is missing.

Security

• ✅ No hardcoded credentials.
• ✅ No license files (.lic) or AQAAAD-prefixed strings checked in.
• ✅ build is a pure build-time dev dependency; it is not shipped with the package and carries no runtime security surface.

---

Overall: The change is minimal and correct. The only actionable finding is the missing CHANGELOG.md entry if your project convention tracks dependency bumps there. No blocking issues.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the build development dependency from 1.4.4 to 1.5.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide: Single version bump in pyproject.toml — no style concerns.
• ✅ No commented-out code: None present.
• ✅ Meaningful variable names: N/A for a dependency version bump.
• ✅ DRY principle: N/A.
• ✅ Defects: No logic errors or bugs applicable. Version 1.5.0 is a minor bump from 1.4.4; no breaking changes expected for a build tooling dependency.
• ✅ CLAUDE.md: No issues. The project config is general and environment-agnostic.

Testing

• ✅ Unit/integration tests: No new code to test; dependency bump only.
• ✅ Coverage: N/A.

Documentation

• ❌ CHANGELOG.md: No CHANGELOG.md update is included. Dependency version bumps should typically be noted in the changelog. Verify whether this project's changelog convention requires entries for dependency updates.
• ✅ README/API docs: No changes needed for a dev-dependency bump.
• ✅ Markdown formatting: N/A.

Security

• ✅ No hardcoded credentials: None.
• ✅ No license files (.lic) checked in: None present.
• ✅ Input validation / error handling: N/A.
• ✅ No sensitive data: N/A.

---

Verdict: The change itself is correct and low-risk. The only item to verify is whether a CHANGELOG.md entry is expected for dependency bumps per this project's conventions.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review

Change: pyproject.toml — bump build from 1.4.4 to 1.5.0

---

Code Quality

• ✅ Style guide — pyproject.toml change, no style concerns
• ✅ No commented-out code — N/A
• ✅ Meaningful variable names — N/A
• ✅ DRY principle — N/A
• ✅ Defects — Version bump only; no logic, no edge cases introduced

Testing

• ✅ Unit/integration tests — No new code, no tests required
• ✅ Coverage — N/A

Documentation

• ❌ CHANGELOG.md — No CHANGELOG entry for this dependency bump. Dependency updates are typically worth noting.
• ✅ README / API docs — N/A
• ✅ Markdown formatting — N/A

Security

• ✅ No hardcoded credentials — N/A
• ✅ No license files — N/A
• ✅ No sensitive data — N/A

---

Summary: This is a routine dependency bump in the development group only — it does not affect the published package or its runtime dependencies. The single finding is a missing CHANGELOG entry; all other checklist items pass.

Automated code review analyzing defects and coding standards