Skip to content

deps: update dependency setuptools to v83 [security]#251

Merged
khvn26 merged 1 commit into
mainfrom
renovate/pypi-setuptools-vulnerability
Jul 14, 2026
Merged

deps: update dependency setuptools to v83 [security]#251
khvn26 merged 1 commit into
mainfrom
renovate/pypi-setuptools-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
setuptools (changelog) >=78.1.1, <79.0.0>=83.0.0, <83.1.0 age confidence

BIT-setuptools-2026-59890 / CVE-2026-59890 / GHSA-h35f-9h28-mq5c / PYSEC-2026-3447

More information

Details

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


Release Notes

pypa/setuptools (setuptools)

v83.0.0

Compare Source

v82.0.1

Compare Source

v82.0.0

Compare Source

v81.0.0

Compare Source

v80.10.2

Compare Source

v80.10.1

Compare Source

v80.9.0

Compare Source

v80.8.0

Compare Source

v80.7.1

Compare Source

v80.7.0

Compare Source

v80.6.0

Compare Source

v80.4.0

Compare Source

v80.3.1

Compare Source

v80.3.0

Compare Source

v80.2.0

Compare Source

v80.1.0

Compare Source

v80.0.1

Compare Source

v80.0.0

Compare Source

v79.0.1

Compare Source

v79.0.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from a team as a code owner July 14, 2026 15:01
@renovate
renovate Bot requested review from emyller and removed request for a team July 14, 2026 15:01
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ea6124bc-6695-49f8-9ad9-f211126c13fc

📥 Commits

Reviewing files that changed from the base of the PR and between 3eef218 and cabc9c0.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • pyproject.toml

📝 Walkthrough

Walkthrough

The development dependency group in pyproject.toml updates its setuptools constraint from >=78.1.1,<79.0.0 to >=83.0.0,<83.1.0.

Estimated code review effort: 1 (Trivial) | ~2 minutes


Comment @coderabbitai help to get the list of available commands.

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.58%. Comparing base (45b08b4) to head (cabc9c0).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #251   +/-   ##
=======================================
  Coverage   97.58%   97.58%           
=======================================
  Files         109      109           
  Lines        4802     4802           
=======================================
  Hits         4686     4686           
  Misses        116      116           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@khvn26
khvn26 merged commit 6fd5017 into main Jul 14, 2026
5 checks passed
@khvn26
khvn26 deleted the renovate/pypi-setuptools-vulnerability branch July 14, 2026 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants