search

amazon-ion / ion-python

A Python implementation of Amazon Ion.
https://amazon-ion.github.io/ion-docs/
Apache License 2.0
260 stars 51 forks source link

Update the version of setuptools to 65.5.1 or later #263

Closed linlin-s closed 1 year ago

linlin-s commented 1 year ago

Issue #, if available: N/A Description of changes: This PR updates the version of setuptools to 65.5.1 or later to resolve the Dependabot alert .

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

cheqianh commented 1 year ago

Related issue why we used 65.6.0 - https://github.com/amazon-ion/ion-python/issues/191, but 65.6.1 passed tests.