fix: Upgrade setuptools to 70.1.0+ to support wheel v0.46.0 compatibility#1022
fix: Upgrade setuptools to 70.1.0+ to support wheel v0.46.0 compatibility#1022geminixiang wants to merge 4 commits intodocker-library:masterfrom
Conversation
|
Is there a reason why you picked this specific setuptools version? I would probably have used v70.3.0 instead, as it's the most up to date version that doesn't introduce potential compatibility issues. |
I reviewed the following file and confirmed that v70.1.0 was when but now... the version you mentioned, v70.3.0, seems better. |
|
I agree with edmorely and so we'll be taking the least breaking approach by just pinning the |
|
Hi is there any plans to upgrade the setuptools to >70.0 since there is a cve on the setuptools version before this: https://www.cve.org/CVERecord?id=CVE-2024-6345 the cve allows remote code execution |
No. Related issue: #1012 and long explanation: #781 (comment) |
Fixes #1021
wheel: pypa/wheel#662, pypa/wheel#660
Problem
After wheel v0.46.0 was released,
bdist_wheelcommand migrate tosetupstools>=70.1.0, link, it became incompatible with setuptools versions below 70.1.0.UPDATE: wheel yank v0.46.0 https://pypi.org/project/wheel/#history
discussion: pypa/wheel#662 (comment)
Solution
This PR upgrades setuptools to version 70.1.0 or higher in all Docker containers to ensure compatibility with wheel v0.46.0+.