chore(deps): bump wheel from 0.46.3 to 0.47.0

[dependabot]

Bumps wheel from 0.46.3 to 0.47.0.

Release notes

Sourced from wheel's releases.

0.47.0

• Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
• Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)

Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

• Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
• Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

• Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

• Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits

• efd83a7 Created a new release
• bb69216 Reordered the changelog entries
• d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
• 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
• 6258068 chore: log_level is better than log_cli_level (#684)
• 2975deb Require tox >= 4.22
• 47674ba chore: add check-sdist to checks (#681)
• 56223f6 __package__ → __spec__.parent (#679)
• 0ce509e Added the wheel info subcommand (#669)
• 39039c0 Improved the index page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[aws-sam-cli-bot]

Code Review Results

Reviewed: 9f13e3d..443a151
Files: 4
Comments: 1

---

Comments on lines outside the diff:

[requirements/reproducible-linux.txt:81] [GENERAL] This PR is titled bump wheel from 0.46.3 to 0.47.0, but the diff contains substantial changes unrelated to wheel:

• binaryornot is downgraded from 0.6.0 to 0.4.4 (applied identically in reproducible-linux.txt, reproducible-mac.txt, and reproducible-win.txt).
• chardet==5.2.0 is newly pinned as a transitive dependency (# via binaryornot), introduced because binaryornot 0.4.4 depends on chardet while 0.6.0 does not.
• The matching PyInstaller hook hooks.collect_all("binaryornot", ...) is removed from installer/pyinstaller/hook-samcli.py (the hook was added specifically because binaryornot 0.6.0 moved its data tables into a binaryornot.data subpackage).

wheel has no transitive dependency on binaryornot, cookiecutter, or chardet, so these edits are not a natural consequence of bumping wheel. The binaryornot change is specifically a rollback of a prior upgrade (note the existing in-tree comment # binaryornot 0.6.0 moved its binary signature/extension/encoding tables... is also deleted).

Please either:

1. Split the binaryornot rollback (and the corresponding chardet addition + hook removal) into its own PR with a description explaining why the upgrade is being reverted, or
2. Update this PR's title/description to reflect the full scope of changes.

Bundling an unrelated transitive-dependency rollback into a Dependabot-style bump wheel PR hurts reviewability (reviewers expect only the advertised bump), makes the change harder to find later in git log, and couples a revert of the wheel bump to a revert of the binaryornot change.