[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579

nutanix / nutanix.ansible

Official Nutanix Ansible collections

GNU General Public License v3.0

64 stars 36 forks source link

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

Open kenmoini opened 10 months ago

kenmoini commented 10 months ago

Describe the request The current pinned version of setuptools in requirements.txt is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Current behaviour It works, though container image scans produce High impact rating vulnerability reports.

Expected behaviour Pass container image scans when included in an execution environment.

bhati-pradeep commented 9 months ago

I believe it was fixed by setuptools in : https://github.com/pypa/setuptools/issues/3659 Assigning to @Gevorg-Khachatryan-97