Skip to content

Update dependency setuptools to v83 [SECURITY] (main)#1252

Merged
williamlin-suse merged 1 commit into
mainfrom
renovate/main-pypi-setuptools-vulnerability
Jul 14, 2026
Merged

Update dependency setuptools to v83 [SECURITY] (main)#1252
williamlin-suse merged 1 commit into
mainfrom
renovate/main-pypi-setuptools-vulnerability

Conversation

@renovate-rancher

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
setuptools (changelog) ==80.10.2==83.0.0 age confidence

BIT-setuptools-2026-59890 / CVE-2026-59890 / GHSA-h35f-9h28-mq5c / PYSEC-2026-3447

More information

Details

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


Release Notes

pypa/setuptools (setuptools)

v83.0.0

Compare Source

v82.0.1

Compare Source

v82.0.0

Compare Source

v81.0.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@renovate-rancher
renovate-rancher Bot requested a review from a team as a code owner July 14, 2026 22:08
@renovate-rancher
renovate-rancher Bot requested a review from pohanhuang July 14, 2026 22:08
@williamlin-suse
williamlin-suse merged commit e71c69c into main Jul 14, 2026
1 check passed
@renovate-rancher
renovate-rancher Bot deleted the renovate/main-pypi-setuptools-vulnerability branch July 15, 2026 05:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant