Setuptools CVE-2024-6345

[khharper]

Prerequisites

• [X] I am using the latest version of Locust
• [X] I am reporting a bug, not asking a question

Description

setuptools needs to have a minimum version of 70.0.0

https://scout.docker.com/v/CVE-2024-6345

pyproject.toml needs to be updated

docker pull locustio/locust:master
docker scout cves locustio/locust:master

pkg:pypi/setuptools@65.5.1

    x HIGH CVE-2024-6345 [Improper Control of Generation of Code ('Code Injection')]
      https://scout.docker.com/v/CVE-2024-6345
      Affected range : <70.0.0
      Fixed version  : 70.0.0
      CVSS Score     : 8.8
      CVSS Vector    : CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Command line

na

Locustfile contents

na

Python version

3.11

Locust version

master

Operating system

Linux