Skip to content

fix(deps): vuln setuptools (major → 82.0.1) [lib/wasm-micro-runtime-WAMR-1.3.3/language-bindings/python]#53

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/pep621/python/2-1781533761
Open

fix(deps): vuln setuptools (major → 82.0.1) [lib/wasm-micro-runtime-WAMR-1.3.3/language-bindings/python]#53
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/pep621/python/2-1781533761

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • lib/wasm-micro-runtime-WAMR-1.3.3/language-bindings/python (pep621)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
setuptools 42 82.0.1 major Direct 6 HIGH, 2 MEDIUM

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (6 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
setuptools GHSA-r9hx-vwmv-q579 HIGH pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS) 42 65.5.1
setuptools PYSEC-2025-49 high - 42 250a6d17978f9f6ac3ac887091f2d32886fbbb0b
setuptools CVE-2025-47273 high setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write 42 -
setuptools GHSA-5rjg-fvgr-3xxf HIGH setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write 42 78.1.1
setuptools GHSA-cx63-2mw6-8hw5 HIGH setuptools vulnerable to Command Injection via package URL 42 70.0.0
setuptools CVE-2024-6345 HIGH - 42 -
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In
setuptools PYSEC-2022-43012 medium - 42 43a9c9bfa6aa626ec2a22540bea28d2ca77964be
setuptools CVE-2022-40897 medium - 42 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-datadog-prod-us1-2

datadog-datadog-prod-us1-2 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 4 Pipeline jobs failed

Lint PRs | PR - Actionlint   View in Datadog   GitHub Actions

Pull requests commit messages | Check Commit Message   View in Datadog   GitHub Actions

Pull requests labels | PR - apply default labels   View in Datadog   GitHub Actions

View all 4 failed jobs.

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: abfd024 | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants