Skip to content

Commit 8ea5dcd

Browse files
Update dependency setuptools to v83 [SECURITY] (#8752)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [setuptools](https://redirect.github.com/pypa/setuptools) ([changelog](https://setuptools.pypa.io/en/stable/history.html)) | `80.9.0` → `83.0.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/setuptools/83.0.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/setuptools/80.9.0/83.0.0?slim=true) | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/357) for more information. --- ### BIT-setuptools-2026-59890 / [CVE-2026-59890](https://nvd.nist.gov/vuln/detail/CVE-2026-59890) / [GHSA-h35f-9h28-mq5c](https://redirect.github.com/advisories/GHSA-h35f-9h28-mq5c) / PYSEC-2026-3447 <details> <summary>More information</summary> #### Details setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0. #### Severity - CVSS Score: 6.1 / 10 (Medium) - Vector String: `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N` #### References - [https://github.com/pypa/setuptools/releases/tag/v83.0.0](https://redirect.github.com/pypa/setuptools/releases/tag/v83.0.0) - [https://github.com/pypa/setuptools/commit/dd9f436a36486b4cb8a4c70a2321548b0be09b8f](https://redirect.github.com/pypa/setuptools/commit/dd9f436a36486b4cb8a4c70a2321548b0be09b8f) - [https://github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c](https://redirect.github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c) This data is provided by [OSV](https://osv.dev/vulnerability/PYSEC-2026-3447) and the [PyPI Advisory Database](https://redirect.github.com/pypa/advisory-database) ([CC-BY 4.0](https://redirect.github.com/pypa/advisory-database/blob/main/LICENSE)). </details> --- ### Release Notes <details> <summary>pypa/setuptools (setuptools)</summary> ### [`v83.0.0`](https://redirect.github.com/pypa/setuptools/compare/v82.0.1...v83.0.0) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v82.0.1...v83.0.0) ### [`v82.0.1`](https://redirect.github.com/pypa/setuptools/compare/v82.0.0...v82.0.1) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v82.0.0...v82.0.1) ### [`v82.0.0`](https://redirect.github.com/pypa/setuptools/compare/v81.0.0...v82.0.0) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v81.0.0...v82.0.0) ### [`v81.0.0`](https://redirect.github.com/pypa/setuptools/compare/v80.10.2...v81.0.0) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v80.10.2...v81.0.0) ### [`v80.10.2`](https://redirect.github.com/pypa/setuptools/compare/v80.10.1...v80.10.2) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v80.10.1...v80.10.2) ### [`v80.10.1`](https://redirect.github.com/pypa/setuptools/compare/v80.9.0...v80.10.1) [Compare Source](https://redirect.github.com/pypa/setuptools/compare/v80.9.0...v80.10.1) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vortex-data/vortex). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI1OS4yIiwidGFyZ2V0QnJhbmNoIjoiZGV2ZWxvcCIsImxhYmVscyI6WyJjaGFuZ2Vsb2cvY2hvcmUiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent e519a02 commit 8ea5dcd

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

uv.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)