Vulnerable dependecy to setuptools!?

[callebokedal]

• safety version: 2.3.5
• Python version: Python 3.9.6
• Operating System: macOS 13.6 (22G120)

Description

Just installed safety in a new virtual enviroment. Seems like it has a dependency to vulnerable setuptools 58.0.4

What I Did

cd somefolder
python3 -m venv .safety-env
source .safety-env/bin/activate
pip install --upgrade pip # -> Successfully installed pip-23.2.1
pip install safety
pip freeze 
# Result:
# certifi==2023.7.22
# charset-normalizer==3.3.0
# click==8.1.7
# dparse==0.6.3
# idna==3.4
# packaging==21.3
# pyparsing==3.1.1
# requests==2.31.0
# ruamel.yaml==0.17.35
# ruamel.yaml.clib==0.2.8
# safety==2.3.5
# tomli==2.0.1
# urllib3==2.0.6

# But then, after checking:
safety check

# I get info: 
# -> Vulnerability found in setuptools version 58.0.4

# To check more, I install 'pipdeptree' and run it
pip install pipdeptree
pipdeptree -fl
# Result:
# pip==23.2.1
# pipdeptree==2.13.0
# safety==2.3.5
#   click==8.1.7
#   dparse==0.6.3
#     packaging==21.3
#       pyparsing==3.1.1
#     tomli==2.0.1
#   packaging==21.3
#     pyparsing==3.1.1
#   requests==2.31.0
#     certifi==2023.7.22
#     charset-normalizer==3.3.0
#     idna==3.4
#     urllib3==2.0.6
#   ruamel.yaml==0.17.35
#     ruamel.yaml.clib==0.2.8
#   setuptools==58.0.4

# Suggestion - upgrade setuptools to >= 65.5.1
pip install --upgrade setuptools # -> 68.2.2