Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.
Release Notes
pypa/setuptools
### [`v65.5.1`](https://togithub.com/pypa/setuptools/blob/HEAD/CHANGES.rst#v6551)
[Compare Source](https://togithub.com/pypa/setuptools/compare/v65.5.0...v65.5.1)
Misc
^^^^
- [#3638](https://togithub.com/pypa/setuptools/issues/3638): Drop a test dependency on the `mock` package, always use :external+python:py:mod:`unittest.mock` -- by :user:`hroncok`
- [#3659](https://togithub.com/pypa/setuptools/issues/3659): Fixed REDoS vector in package_index.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==65.5.0
->==65.5.1
GitHub Vulnerability Alerts
CVE-2022-40897
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in
package_index
. This has been patched in version 65.5.1.Release Notes
pypa/setuptools
### [`v65.5.1`](https://togithub.com/pypa/setuptools/blob/HEAD/CHANGES.rst#v6551) [Compare Source](https://togithub.com/pypa/setuptools/compare/v65.5.0...v65.5.1) Misc ^^^^ - [#3638](https://togithub.com/pypa/setuptools/issues/3638): Drop a test dependency on the `mock` package, always use :external+python:py:mod:`unittest.mock` -- by :user:`hroncok` - [#3659](https://togithub.com/pypa/setuptools/issues/3659): Fixed REDoS vector in package_index.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.