Bump setuptools to resolve Dependabot alerts by WPISabaGanji · Pull Request #5 · vernamlab/SCAPEgoat

WPISabaGanji · 2026-06-09T20:47:04Z

Address three security advisories for setuptools (GHSA-cx63-2mw6-8hw5 / CVE-2024-6345, GHSA-r9hx-vwmv-q579 / CVE-2022-40897, GHSA-5rjg-fvgr-3xxf / CVE-2025-47273) by upgrading to a patched release.

Updated requirements.txt to replace setuptools~=58.1.0 with setuptools~=78.1.1 and made no changes to artifact or scientific code (only the dependency entry was modified). The changed file is requirements.txt.

Performed a syntax/compile check by compiling all .py files with py_compile (passed; pre-existing SyntaxWarnings noted in WPI_SCA_LIBRARY/FileFormat.py and WPI_SCA_LIBRARY_v0/FileFormat.py), ran python -m pip check (no broken requirements), and attempted python -m pip install --dry-run -r requirements.txt and python -m pip install --dry-run 'setuptools~=78.1.1' which were blocked by the environment package-index proxy returning 403 Forbidden, and python setup.py --name could not be exercised because setuptools is not installed in the runtime; all automated checks that could run succeeded.

Bump setuptools for security alerts

7862ff5

WPISabaGanji added the codex label Jun 9, 2026 — with ChatGPT Codex Connector

WPISabaGanji merged commit c1c94a5 into main Jun 9, 2026
5 checks passed

Provide feedback