Skip to content

upgrade versions of setup tools#1051

Closed
sadewa25 wants to merge 1 commit intodocker-library:masterfrom
sadewa25:master
Closed

upgrade versions of setup tools#1051
sadewa25 wants to merge 1 commit intodocker-library:masterfrom
sadewa25:master

Conversation

@sadewa25
Copy link
Copy Markdown

@sadewa25 sadewa25 commented Jun 10, 2025

This upgrade will solved the issues of CVE-2025-47273 which had the high score on vulnerability database.

@ad-m-ss
Copy link
Copy Markdown

ad-m-ss commented Jun 10, 2025

We do not upgrade setuptools there ( #1012 ), you need to go upstream and ask the Python project.

@tianon tianon closed this Jun 10, 2025
@ns-svemu
Copy link
Copy Markdown

ns-svemu commented Jun 16, 2025

Hi @ad-m-ss @sadewa25 - I followed the conversation in ( #1012 ) . But setup tools bundle is upgraded to the version >79.0.0 in python ( https://github.com/python/cpython/tree/3.11/Lib/ensurepip/_bundled ). Now is the current PR change valid?

@edmorley
Copy link
Copy Markdown
Contributor

edmorley commented Jun 16, 2025

@ns-svemu Ah good spot! Yeah once those upstream changes are released these images should pick that up automatically (and we can then also optionally simplify the version handling in this repo too). I've written some more here:
#1012 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sadewa25 @ad-m-ss @ns-svemu @edmorley @tianon