From e1954a1f24ca15db591551e0f5df6b2074873c3f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 10:53:01 +0000
Subject: [PATCH 1/2] Bump build from 1.4.1 to 1.4.2 (#12276)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [build](https://github.com/pypa/build) from 1.4.1 to 1.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/releases">build's
releases</a>.</em></p>
<blockquote>
<h2>1.4.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>fix(uv): always pass the python to use by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/996">pypa/build#996</a></li>
<li>🐛 fix(release): detect pre-commit environment inconsistencies by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/build/pull/1001">pypa/build#1001</a></li>
<li>🔧 fix(towncrier): match docstrfmt RST formatting expectations by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/build/pull/1002">pypa/build#1002</a></li>
<li>Fix _has_valid_outer_pip when pip is missing by <a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
in <a
href="https://redirect.github.com/pypa/build/pull/1003">pypa/build#1003</a></li>
<li>fix: release changelog issue by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/build/pull/1006">pypa/build#1006</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/notatallshaw"><code>@​notatallshaw</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/build/pull/1003">pypa/build#1003</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/build/compare/1.4.1...1.4.2">https://github.com/pypa/build/compare/1.4.1...1.4.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/build/blob/main/CHANGELOG.rst">build's
changelog</a>.</em></p>
<blockquote>
<hr />
<p>1.4.2 (2026-03-25)</p>
<hr />
<h1>==========
Bugfixes</h1>
<ul>
<li>Ensure the <code>uv</code> installer uses the current version of
Python, avoiding an issue if <code>UV_PYTHON</code> is set, for example.
(:issue:<code>977</code>)</li>
<li>Fix <code>_has_valid_outer_pip</code> returning <code>True</code>
when pip is missing, causing build to try using a non-existent pip
instead of falling back to virtualenv. (:issue:<code>1003</code>)</li>
</ul>
<p>####################
1.4.1 (2026-03-24)
####################</p>
<hr />
<p>Features</p>
<hr />
<ul>
<li>Allow setting build constraints - by :user:<code>gaborbernat</code>
(:issue:<code>963</code>)</li>
<li>Automate releases with pre-release workflow and trusted publishing -
by :user:<code>gaborbernat</code> (:issue:<code>991</code>)</li>
</ul>
<hr />
<p>Documentation</p>
<hr />
<ul>
<li>Fix documentation grammar and typos (:issue:<code>979</code>)</li>
<li>Reorganize documentation using Diataxis framework - by
:user:<code>gaborbernat</code> (:issue:<code>988</code>)</li>
<li>Document release process and workflow security practices in
contributing guide (:issue:<code>991</code>)</li>
</ul>
<hr />
<p>Miscellaneous</p>
<hr />
<ul>
<li>:issue:<code>991</code></li>
</ul>
<hr />
<p>Bugfixes</p>
<hr />
<ul>
<li>Fix pip hack workaround - by :user:<code>gaborbernat</code>
(:issue:<code>980</code>)</li>
</ul>
<h1>Changelog</h1>
<p>####################
1.4.0 (2026-01-08)
####################</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/build/commit/7b7ae078aa1dabff33ea72d07ed15dd298acf80a"><code>7b7ae07</code></a>
chore: prepare for 1.4.2</li>
<li><a
href="https://github.com/pypa/build/commit/17f3b57c7cde11a9785b3164d7b92237846c56ce"><code>17f3b57</code></a>
fix: release changelog issue (<a
href="https://redirect.github.com/pypa/build/issues/1006">#1006</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/b9457525a02bb4de40c59a39a092306a03e3a24d"><code>b945752</code></a>
fix: _has_valid_outer_pip when pip is missing (<a
href="https://redirect.github.com/pypa/build/issues/1003">#1003</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/74ae997a9a227303f7d02bf4b226922c7ba4efd1"><code>74ae997</code></a>
🔧 fix(towncrier): match docstrfmt RST formatting expectations (<a
href="https://redirect.github.com/pypa/build/issues/1002">#1002</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/378692921af6501596572bfc068420391c744ca8"><code>3786929</code></a>
🐛 fix(release): detect pre-commit environment inconsistencies (<a
href="https://redirect.github.com/pypa/build/issues/1001">#1001</a>)</li>
<li><a
href="https://github.com/pypa/build/commit/737bdb784406ab966ba666446e79c9e19bdfe237"><code>737bdb7</code></a>
fix(uv): always pass the python to use (<a
href="https://redirect.github.com/pypa/build/issues/996">#996</a>)</li>
<li>See full diff in <a
href="https://github.com/pypa/build/compare/1.4.1...1.4.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=build&package-manager=pip&previous-version=1.4.1&new-version=1.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 516584d0afe..2b6b997ccf3 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -34,7 +34,7 @@ blockbuster==1.5.26
     #   -r requirements/test-common.in
 brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
-build==1.4.1
+build==1.4.2
     # via pip-tools
 certifi==2026.2.25
     # via requests
diff --git a/requirements/dev.txt b/requirements/dev.txt
index e89981860c6..5170e44b1a1 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -34,7 +34,7 @@ blockbuster==1.5.26
     #   -r requirements/test-common.in
 brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
-build==1.4.1
+build==1.4.2
     # via pip-tools
 certifi==2026.2.25
     # via requests

From fd9f7573aa89041a542820052433efc6c63c65c3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 11:03:16 +0000
Subject: [PATCH 2/2] Bump tomli from 2.4.0 to 2.4.1 (#12277)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [tomli](https://github.com/hukkin/tomli) from 2.4.0 to 2.4.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hukkin/tomli/blob/master/CHANGELOG.md">tomli's
changelog</a>.</em></p>
<blockquote>
<h2>2.4.1</h2>
<ul>
<li>Fixed
<ul>
<li>Limit number of parts of a TOML key to address quadratic time
complexity</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hukkin/tomli/commit/c5f44690c68c5ed29534faa8f9df18882113728c"><code>c5f4469</code></a>
Bump version: 2.4.0 → 2.4.1</li>
<li><a
href="https://github.com/hukkin/tomli/commit/2bcd2627d5fcc262f734eaa730b62c0915d1e0d3"><code>2bcd262</code></a>
Add change log for 2.4.1 and 2.3.1</li>
<li><a
href="https://github.com/hukkin/tomli/commit/e1fdb94bc998377f1c2545c7cd4f70ff2a3fb4e4"><code>e1fdb94</code></a>
Limit number of parts of a key (<a
href="https://redirect.github.com/hukkin/tomli/issues/286">#286</a>)</li>
<li><a
href="https://github.com/hukkin/tomli/commit/c20c49113890c226ffb27a67befe20d14fcf0c73"><code>c20c491</code></a>
pre-commit autoupdate</li>
<li><a
href="https://github.com/hukkin/tomli/commit/920e20b1cf495b63f6d4a6aa3cd5e4ff25f5f5a7"><code>920e20b</code></a>
Update performance benchmark and results</li>
<li><a
href="https://github.com/hukkin/tomli/commit/064e492919b2338def788753b8c981c9131334c0"><code>064e492</code></a>
Merge pull request <a
href="https://redirect.github.com/hukkin/tomli/issues/280">#280</a> from
hukkin/version-2.4.0</li>
<li>See full diff in <a
href="https://github.com/hukkin/tomli/compare/2.4.0...2.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tomli&package-manager=pip&previous-version=2.4.0&new-version=2.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 requirements/lint.txt         | 2 +-
 requirements/test-common.txt  | 2 +-
 requirements/test-ft.txt      | 2 +-
 requirements/test.txt         | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 2b6b997ccf3..6a31ff4bf66 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -240,7 +240,7 @@ sphinxcontrib-spelling==8.0.2 ; platform_system != "Windows"
     # via -r requirements/doc-spelling.in
 sphinxcontrib-towncrier==0.5.0a0
     # via -r requirements/doc.in
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   build
     #   coverage
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5170e44b1a1..a7a0652a349 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -230,7 +230,7 @@ sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-towncrier==0.5.0a0
     # via -r requirements/doc.in
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   build
     #   coverage
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index ba87074591f..7c48ebc9f43 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -61,7 +61,7 @@ sphinxcontrib-spelling==8.0.2 ; platform_system != "Windows"
     # via -r requirements/doc-spelling.in
 sphinxcontrib-towncrier==0.5.0a0
     # via -r requirements/doc.in
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   sphinx
     #   towncrier
diff --git a/requirements/doc.txt b/requirements/doc.txt
index a37f1f7d449..d406c58c2fd 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -54,7 +54,7 @@ sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-towncrier==0.5.0a0
     # via -r requirements/doc.in
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   sphinx
     #   towncrier
diff --git a/requirements/lint.txt b/requirements/lint.txt
index adc5d5eefee..280ee45fe23 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -106,7 +106,7 @@ six==1.17.0
     # via python-dateutil
 slotscheck==0.19.1
     # via -r requirements/lint.in
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   mypy
     #   pytest
diff --git a/requirements/test-common.txt b/requirements/test-common.txt
index d589d1708e4..8d461e5cb7c 100644
--- a/requirements/test-common.txt
+++ b/requirements/test-common.txt
@@ -91,7 +91,7 @@ setuptools-git==1.2
     # via -r requirements/test-common.in
 six==1.17.0
     # via python-dateutil
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   coverage
     #   mypy
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
index fdfdba53fa1..35a5212b61e 100644
--- a/requirements/test-ft.txt
+++ b/requirements/test-ft.txt
@@ -124,7 +124,7 @@ setuptools-git==1.2
     # via -r requirements/test-common.in
 six==1.17.0
     # via python-dateutil
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   coverage
     #   mypy
diff --git a/requirements/test.txt b/requirements/test.txt
index 5d7206bc090..43fe42c2c67 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -124,7 +124,7 @@ setuptools-git==1.2
     # via -r requirements/test-common.in
 six==1.17.0
     # via python-dateutil
-tomli==2.4.0
+tomli==2.4.1
     # via
     #   coverage
     #   mypy