Bump wheel to address CVE-2026-24049 (#16253)

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

Makefile

@@ -79,7 +79,7 @@ RECEPTOR_IMAGE ?= quay.io/ansible/receptor:devel
 SRC_ONLY_PKGS ?= cffi,pycparser,psycopg,twilio
 # These should be upgraded in the AWX and Ansible venv before attempting
 # to install the actual requirements
-VENV_BOOTSTRAP ?= pip==25.3 setuptools==80.9.0 setuptools_scm[toml]==9.2.2 wheel==0.45.1 cython==3.1.3
+VENV_BOOTSTRAP ?= pip==25.3 setuptools==80.9.0 setuptools_scm[toml]==9.2.2 wheel==0.46.3 cython==3.1.3
 
 NAME ?= awx
 

requirements/requirements.in

@@ -66,7 +66,7 @@ twisted[tls]>=24.7.0  # CVE-2024-41810
 urllib3>=2.6.3 # CVE-2024-37891
 uWSGI>=2.0.28
 uwsgitop
-wheel>=0.38.1  # CVE-2022-40898
+wheel>=0.46.2  # CVE-2026-24049
 pip==25.3  # see UPGRADE BLOCKERs
 setuptools==80.9.0  # see UPGRADE BLOCKERs
 setuptools-scm[toml]

requirements/requirements.txt

@@ -336,6 +336,7 @@ packaging==25.0
     #   django-guid
     #   opentelemetry-instrumentation
     #   setuptools-scm
+    #   wheel
 pbr==7.0.1
     # via -r /awx_devel/requirements/requirements.in
 pexpect==4.9.0
@@ -534,7 +535,7 @@ uwsgitop==0.12
     # via -r /awx_devel/requirements/requirements.in
 websocket-client==1.8.0
     # via kubernetes
-wheel==0.45.1
+wheel==0.46.3
     # via -r /awx_devel/requirements/requirements.in
 wrapt==1.17.3
     # via opentelemetry-instrumentation