Skip to content

Commit

Permalink
[universal] Update setuptools for Python 3.10 due to GHSA-r9hx-vwmv…
Browse files Browse the repository at this point in the history 
…-q579 (#876)

* [universal] Python 3.10: Update `setuptools` due to CVE-2022-40897

- Restore patch for the setuptools package.

* Bump package version to align with 2.6.0 release
  • Loading branch information
@alexander-smolyakov
alexander-smolyakov authored Dec 6, 2023
1 parent 804db60 commit 722d41d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/universal/.devcontainer/local-features/patch-python/install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ update_package() {

# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
update_package /usr/local/python/3.9.*/bin/python setuptools 65.5.1
update_package /usr/local/python/3.10.*/bin/python setuptools 68.2.2

# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
update_package /usr/local/python/3.10.*/bin/python urllib3 2.0.7

0 comments on commit 722d41d

Please sign in to comment.