fix(deps): vuln setuptools (major → 82.0.1) [local/etc] by gh-worker-campaigns-3e9aa4[bot] · Pull Request #37534 · DataDog/documentation

gh-worker-campaigns-3e9aa4 · 2026-06-15T23:02:01Z

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

local/etc (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
setuptools	60.10.0	82.0.1	major	Direct	6 HIGH, 2 MEDIUM

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

Review the changelog/release notes for breaking changes
Test thoroughly in a staging environment
Update any code that depends on changed APIs
Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	GHSA-cx63-2mw6-8hw5	HIGH	setuptools vulnerable to Command Injection via package URL	60.10.0	70.0.0
setuptools	CVE-2024-6345	HIGH	-	60.10.0	-
setuptools	GHSA-r9hx-vwmv-q579	HIGH	pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)	60.10.0	65.5.1
setuptools	PYSEC-2025-49	high	-	60.10.0	250a6d17978f9f6ac3ac887091f2d32886fbbb0b
setuptools	CVE-2025-47273	high	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	60.10.0	-
setuptools	GHSA-5rjg-fvgr-3xxf	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	60.10.0	78.1.1

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	PYSEC-2022-43012	medium	-	60.10.0	43a9c9bfa6aa626ec2a22540bea28d2ca77964be
setuptools	CVE-2022-40897	medium	-	60.10.0	-

Review Checklist

Extra review is recommended for this update:

Review changes for compatibility with your code
Check release notes for breaking changes
Run integration tests to verify service behavior
Test in staging environment before production
Monitor key metrics after deployment
Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

gh-worker-campaigns-3e9aa4 · 2026-06-19T23:26:40Z

Auto-rebase complete

Branch is up to date with master — rebased onto a43c365.

_{Auto-Rebase · Add no-auto-rebase to opt out}

gh-worker-campaigns-3e9aa4 · 2026-06-22T20:26:22Z

Auto-rebase failed

Could not update your branch. This may be due to a concurrent update; the next push to master will retry automatically.

Error details

canceled

_{Auto-Rebase · Add no-auto-rebase to opt out}

gh-worker-campaigns-3e9aa4 · 2026-06-22T21:43:44Z

Auto-rebase complete

Branch is up to date with master — rebased onto 30781d3.

_{Auto-Rebase · Add no-auto-rebase to opt out}

Co-authored-by: dd-octo-sts-aad58d[bot] <266798448+dd-octo-sts-aad58d[bot]@users.noreply.github.com>

gh-worker-campaigns-3e9aa4 Bot added the campaigner-automated-change label Jun 15, 2026

github-actions Bot added the Architecture Everything related to the Doc backend label Jun 15, 2026

gh-worker-campaigns-3e9aa4 Bot added adms-high-severity adms-major-update adms-medium-severity adms-mode-all-vulns adms-python adms-dependency-update labels Jun 15, 2026

campaigner-prod Bot marked this pull request as ready for review June 16, 2026 23:13

campaigner-prod Bot requested a review from a team as a code owner June 16, 2026 23:13

dd-octo-sts-6bb5b9 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 0c4a789 to 4b18eeb Compare June 19, 2026 23:26

dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 4b18eeb to ecec9c7 Compare June 22, 2026 12:01

dd-octo-sts-aad58d Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from ecec9c7 to 2b8b0ee Compare June 22, 2026 14:05

dd-octo-sts-4aefcb Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 2b8b0ee to c52ae3a Compare June 22, 2026 15:04

dd-octo-sts-94e5d1 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from c52ae3a to b962c44 Compare June 22, 2026 15:25

dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from b962c44 to 6b62cc7 Compare June 22, 2026 15:46

dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 6b62cc7 to 8845478 Compare June 22, 2026 16:04

dd-octo-sts-94e5d1 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 8845478 to 25e7970 Compare June 22, 2026 16:19

dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 25e7970 to 5fd5b42 Compare June 22, 2026 16:34

dd-octo-sts-6354d5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 5fd5b42 to 4339863 Compare June 22, 2026 16:42

dd-octo-sts-019303 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 4339863 to 863457f Compare June 22, 2026 17:21

dd-octo-sts-03ec73 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 863457f to a40cd47 Compare June 22, 2026 18:01

dd-octo-sts-6354d5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from a40cd47 to 769d8c8 Compare June 22, 2026 18:10

dd-octo-sts-150931 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 769d8c8 to a44fd2c Compare June 22, 2026 19:22

dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from a44fd2c to 98c3a14 Compare June 22, 2026 20:16

dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 98c3a14 to ebd7d66 Compare June 22, 2026 21:43

dd-octo-sts-03ec73 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from ebd7d66 to 525c909 Compare June 23, 2026 07:45

dd-octo-sts-26fcfa Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 644e37f to 6f7f3fd Compare June 23, 2026 21:13

dd-octo-sts-4aefcb Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 6f7f3fd to 5a5be7f Compare June 23, 2026 22:16

dd-octo-sts-94e5d1 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 5a5be7f to 37688ba Compare June 24, 2026 07:46

dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 37688ba to 2e92b66 Compare June 24, 2026 09:19

dd-octo-sts-150931 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 2e92b66 to 0be56b9 Compare June 24, 2026 11:51

dd-octo-sts-26fcfa Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 0be56b9 to ac11451 Compare June 24, 2026 12:15

dd-octo-sts-dcc400 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from ac11451 to d7d1bb6 Compare June 24, 2026 13:21

dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from d7d1bb6 to 4a3d17c Compare June 24, 2026 13:32

dd-octo-sts-c33ac5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 4a3d17c to de0e3ba Compare June 24, 2026 14:30

dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch 2 times, most recently from 7b28b52 to a1804b6 Compare June 24, 2026 15:25

dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from a1804b6 to 9cad996 Compare June 24, 2026 16:31

dd-octo-sts-6354d5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 9cad996 to 8d4379e Compare June 24, 2026 16:39

dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 8d4379e to 1e4f640 Compare June 24, 2026 17:28

dd-octo-sts-98cdbc Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 1e4f640 to e07d3fa Compare June 24, 2026 17:58

dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from e07d3fa to c529b03 Compare June 24, 2026 18:16

dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from c529b03 to cf1f148 Compare June 24, 2026 19:27

dd-octo-sts-c33ac5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from cf1f148 to 55c72f7 Compare June 24, 2026 20:33

dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 55c72f7 to a5ae5dd Compare June 24, 2026 20:53

dd-octo-sts-26fcfa Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from a5ae5dd to 7dcc206 Compare June 24, 2026 21:01

dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 7dcc206 to 9358d6a Compare June 25, 2026 07:06

dd-octo-sts-dcc400 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 9358d6a to e0e36e3 Compare June 25, 2026 07:36

dd-octo-sts-b8cf80 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from e0e36e3 to baadd52 Compare June 25, 2026 09:45

dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from baadd52 to 8ef720e Compare June 25, 2026 10:06

dd-octo-sts-b8cf80 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 8ef720e to 4576f34 Compare June 25, 2026 10:28

dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 4576f34 to 05afe93 Compare June 25, 2026 14:30

dd-octo-sts-4191dd Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from 05afe93 to b97dd09 Compare June 25, 2026 15:14

dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from b97dd09 to e4c2190 Compare June 25, 2026 15:23

dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/major/pip/etc/2-1781564417 branch from e4c2190 to f6b67d1 Compare June 25, 2026 15:52

ADMS: vuln setuptools (major → 82.0.1) [local/etc]

61cfb82

Co-authored-by: dd-octo-sts-aad58d[bot] <266798448+dd-octo-sts-aad58d[bot]@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): vuln setuptools (major → 82.0.1) [local/etc]#37534

fix(deps): vuln setuptools (major → 82.0.1) [local/etc]#37534
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/pip/etc/2-1781564417

gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 19, 2026 •

edited

Loading

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 22, 2026

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 22, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Updates

Security Details

Review Checklist

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Auto-rebase complete

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 22, 2026

Auto-rebase failed

Uh oh!

gh-worker-campaigns-3e9aa4 Bot commented Jun 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Auto-rebase complete

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

gh-worker-campaigns-3e9aa4 Bot commented Jun 19, 2026 •

edited

Loading

gh-worker-campaigns-3e9aa4 Bot commented Jun 22, 2026 •

edited

Loading