Bump wheel from 0.45.1 to 0.46.2

[dependabot]

Bumps wheel from 0.45.1 to 0.46.2.

Release notes

Sourced from wheel's releases.

0.46.2

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1

• Temporarily restored the wheel.macosx_libfile module (#659)

0.46.0

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

Changelog

Sourced from wheel's changelog.

Release Notes

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

• Refactored the convert command to not need setuptools to be installed

• Don't configure setuptools logging unless running bdist_wheel

• Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

  Projects are still advised to migrate away from the deprecated module and import

... (truncated)

Commits

• eba4036 Updated the version number for v0.46.2
• 557fb54 Created a new release
• 7a7d2de Fixed security issue around wheel unpack (#675)
• 41418fa Fixed test failures due to metadata normalization changes
• c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
• 0bac882 Update github actions environments (#673)
• be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
• 6244f08 Update pre-commit ruff legacy alias (#668)
• 15b7577 PEP 639 compliance (#670)
• fc8cb41 Revert "Removed redundant Python version from the publish workflow (#666)"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #659
Resolves #676
Resolves #675
Resolves #674
Resolves #673
Resolves #667
Resolves #668
Resolves #670
Resolves #666

[github-actions]

🤖 Claude Code Review

Code Review Results

Reviewing the pull request diff for wheel version bump from 0.45.1 to 0.46.2.

Review Checklist Analysis

Code Quality ✅

• ✅ Code follows style guide: This is a simple dependency version update in pyproject.toml - no code style concerns
• ✅ No commented-out code: None present
• ✅ Meaningful variable names: N/A - dependency update only
• ✅ DRY principle followed: N/A - dependency update only
• ✅ No defects identified: This is a straightforward dependency version bump. No logic errors, security vulnerabilities, or other defects introduced
• ✅ Project memory compliance: The change is appropriate for the shared codebase configuration

Testing ⚠️

• ⚠️ Unit tests: N/A - Dependency updates typically don't require new unit tests, but validation that existing tests still pass is important
• ⚠️ Integration tests: N/A - Same as above
• ⚠️ Edge cases covered: N/A
• ⚠️ Test coverage > 80%: Cannot determine from diff alone, but dependency updates shouldn't affect coverage

Note: The CI pipeline should verify that existing tests still pass with the updated wheel version.

Documentation ✅

• ✅ README updated: N/A - Dependency updates typically don't require README changes
• ✅ API docs updated: N/A - No API changes
• ✅ Inline comments: N/A - No code logic changes
• ✅ CHANGELOG.md updated: Not visible in this diff. For a dependency bump, this may be documented in the PR description or commit message rather than CHANGELOG
• ✅ Markdown formatting: N/A - No markdown files modified

Security ✅

• ✅ No hardcoded credentials: None present
• ✅ Input validation: N/A
• ✅ Proper error handling: N/A
• ✅ No sensitive data in logs: N/A
• ✅ No license files (.lic) or AQAAAD strings: None detected

Summary

Overall Assessment: ✅ APPROVED

This is a clean dependency version bump from wheel 0.45.1 to 0.46.2 in the development dependencies group. The change:

• Location: pyproject.toml:47
• Type: Patch/minor version update
• Risk Level: Low - wheel is a build tool, not a runtime dependency
• CI Impact: Should be validated by existing CI pipelines (pylint on Python 3.10-3.13)

Recommendations

1. ✅ Verify CI checks pass with the new wheel version
2. ✅ Confirm this aligns with any automated dependency update process (appears to be from Dependabot/similar)
3. No additional code changes, tests, or documentation required for this type of update

No blocking issues found. This PR is ready to merge pending successful CI checks.

Automated code review analyzing defects and coding standards