build(deps): bump wheel from 0.46.3 to 0.47.0 #1114 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | dependabot/pip/wheel-0.47.0 -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | dependabot[bot] |
| State | closed |
| Commit Title | build(deps): bump wheel from 0.46.3 to 0.47.0 |
| Commit Body | Bumps [wheel](https://github.com/pypa/wheel) from 0.46.3 to 0.47.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.47.0</h2> <ul> <li>Added the <code>wheel info</code> subcommand to display metadata about wheel files without unpacking them (<a href="https://redirect.github.com/pypa/wheel/issues/639">#639</a>)</li> <li>Fixed <code>WheelFile</code> raising <code>Missing RECORD file</code> when the wheel filename contains uppercase characters (e.g. <code>Django-3.2.5.whl</code>) but the <code>.dist-info</code> directory inside uses normalized lowercase naming (<a href="https://redirect.github.com/pypa/wheel/issues/411">#411</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>0.47.0 (2026-04-22)</strong></p> <ul> <li>Added the <code>wheel info</code> subcommand to display metadata about wheel files without unpacking them (<code>[#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639></code>_)</li> <li>Fixed <code>WheelFile</code> raising <code>Missing RECORD file</code> when the wheel filename contains uppercase characters (e.g. <code>Django-3.2.5.whl</code>) but the <code>.dist-info</code> directory inside uses normalized lowercase naming (<code>[#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411></code>_)</li> </ul> <p><strong>0.46.3 (2026-01-22)</strong></p> <ul> <li>Fixed <code>ImportError: cannot import name '_setuptools_logging' from 'wheel'</code> when installed alongside an old version of setuptools and running the <code>bdist_wheel</code> command (<code>[#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676></code>_)</li> </ul> <p><strong>0.46.2 (2026-01-22)</strong></p> <ul> <li>Restored the <code>bdist_wheel</code> command for compatibility with <code>setuptools</code> older than v70.1</li> <li>Importing <code>wheel.bdist_wheel</code> now emits a <code>FutureWarning</code> instead of a <code>DeprecationWarning</code></li> <li>Fixed <code>wheel unpack</code> potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)</li> </ul> <p><strong>0.46.1 (2025-04-08)</strong></p> <ul> <li>Temporarily restored the <code>wheel.macosx_libfile</code> module (<code>[#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659></code>_)</li> </ul> <p><strong>0.46.0 (2025-04-03)</strong></p> <ul> <li>Dropped support for Python 3.8</li> <li>Removed the <code>bdist_wheel</code> setuptools command implementation and entry point. The <code>wheel.bdist_wheel</code> module is now just an alias to <code>setuptools.command.bdist_wheel</code>, emitting a deprecation warning on import.</li> <li>Removed vendored <code>packaging</code> in favor of a run-time dependency on it</li> <li>Made the <code>wheel.metadata</code> module private (with a deprecation warning if it's imported</li> <li>Made the <code>wheel.cli</code> package private (no deprecation warning)</li> <li>Fixed an exception when calling the <code>convert</code> command with an empty description field</li> </ul> <p><strong>0.45.1 (2024-11-23)</strong></p> <ul> <li>Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/efd83a750f07a33462ea2eed365fd8dac9e51442"><code>efd83a7</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/bb69216d35588c2a0febc2d9a130727fe6e46ee3"><code>bb69216</code></a> Reordered the changelog entries</li> <li><a href="https://github.com/pypa/wheel/commit/d5a1763ce927618bfa7d82abe334d0d14a93cc37"><code>d5a1763</code></a> fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...</li> <li><a href="https://github.com/pypa/wheel/commit/5718957928ece25eb0d1c12023c71dea4fcb5cf9"><code>5718957</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/wheel/issues/685">#685</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/625806845ae5756be3cc0f9d44832c29079c0954"><code>6258068</code></a> chore: log_level is better than log_cli_level (<a href="https://redirect.github.com/pypa/wheel/issues/684">#684</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/2975debc789682b3a448b134611acc6962a93eb3"><code>2975deb</code></a> Require tox >= 4.22</li> <li><a href="https://github.com/pypa/wheel/commit/47674ba770e5ee72d679b7eb32b558e0c177640d"><code>47674ba</code></a> chore: add check-sdist to checks (<a href="https://redirect.github.com/pypa/wheel/issues/681">#681</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/56223f6f8dfa8d3d40923f24dcf159204698d7b6"><code>56223f6</code></a> <code>__package__</code> → <code>__spec__.parent</code> (<a href="https://redirect.github.com/pypa/wheel/issues/679">#679</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/0ce509e02dc3cd1b7b0bdf868482de062b3c21c3"><code>0ce509e</code></a> Added the wheel info subcommand (<a href="https://redirect.github.com/pypa/wheel/issues/669">#669</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/39039c0f3446c1ed5ec52621e98bc2bad8178a06"><code>39039c0</code></a> Improved the index page</li> <li>Additional commits viewable in <a href="https://github.com/pypa/wheel/compare/0.46.3...0.47.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.