Skip to content

Update dependency setuptools to v83 [SECURITY]#2467

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-setuptools-vulnerability
Open

Update dependency setuptools to v83 [SECURITY]#2467
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-setuptools-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
setuptools (changelog) ==82.0.1==83.0.0 age confidence

BIT-setuptools-2026-59890 / CVE-2026-59890 / GHSA-h35f-9h28-mq5c / PYSEC-2026-3447

More information

Details

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


Release Notes

pypa/setuptools (setuptools)

v83.0.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Status: Backlog

Development

Successfully merging this pull request may close these issues.

1 participant