Open matthawley opened 3 weeks ago
Hi! What does this issue actually mean for a tool like locust?
I don't know, tbh - I just know it's being flagged with the CVE listed as there is an available fix since Nov, 2022.
Ok. A quick look seems to indicate this is not relevant for us, and we dont limit the maximum version so most people will end up using latest version anyway.
Maybe we could/should bump the minimum version but it isnt top prio and there’s an open PR doing lots of things with the build system so I’m not touching it now.
Prerequisites
Description
Version 2.29.0 of locust still reports the usage of setuptools@65.5.0 which contains the vulnerability CVE-2022-40897. This has been fixed in version 65.5.1.
Command line
n/a
Locustfile contents
Python version
n/a
Locust version
2.29.0
Operating system
Linux