Skip to content

Commit

Permalink
Add a lower bound for the version of setuptools
Browse files Browse the repository at this point in the history 
This is done in response to a recently-discovered vulnerability in
setuptools:
- https://security.snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
- pypa/setuptools#3659
- https://cwe.mitre.org/data/definitions/1333.html
  • Loading branch information
@jsf9k
jsf9k committed Nov 15, 2022
1 parent e803e1a commit c149b76
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion requirements.txt
View file
@@ -1,2 +1,7 @@
setuptools
# setuptools<65.5.1 has an inefficient regex vulnerability that
# *could* lead to DoS:
# - https://security.snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904
# - pypa/setuptools#3659
# - https://cwe.mitre.org/data/definitions/1333.html
setuptools>=65.5.1
wheel

0 comments on commit c149b76

Please sign in to comment.