Workflow

Setuptools

Latest version: v70.1.1

Safety actively analyzes 641872 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 16 of 109

60.9.2

Not secure
=======


Misc
----
* 3035: When loading distutils from the vendored copy, rewrite ``__name__`` to ensure consistent importing from inside and out.

60.9.1

Not secure
=======


Misc
----
* 3102: Prevent vendored importlib_metadata from loading distributions from older importlib_metadata.
* 3103: Fixed issue where string-based entry points would be omitted.
* 3107: Bump importlib_metadata to 4.11.1 addressing issue with parsing requirements in egg-info as found in PyPy.

60.9.0

Not secure
=======


Changes
-------
* 2876: In the build backend, allow single config settings to be supplied.
* 2993: Removed workaround in distutils hack for get-pip now that pypa/get-pip137 is closed.
* 3085: Setuptools no longer relies on ``pkg_resources`` for entry point handling.
* 3098: Bump vendored packaging to 21.3.
* Removed bootstrap script.

.. warning:: Users trying to install the unmaintained :pypi:`pathlib` backport
from PyPI/``sdist``/source code may find problems when using ``setuptools >= 60.9.0``.
This happens because during the installation, the unmaintained
implementation of ``pathlib`` is loaded and may cause compatibility problems
(it does not expose the same public API defined in the Python standard library).

Whenever possible users should avoid declaring ``pathlib`` as a dependency.
An alternative is to pre-build a wheel for ``pathlib`` using a separated
virtual environment with an older version of setuptools and install the
library directly from the pre-built wheel.

60.8.2

Not secure
=======


Misc
----
* 3091: Make ``concurrent.futures`` import lazy in vendored ``more_itertools``
package to a avoid importing threading as a side effect (which caused
`gevent/gevent1865 <https://github.com/gevent/gevent/issues/1865>`__).
-- by :user:`maciejp-ro`

60.8.1

Not secure
=======


Misc
----
* 3084: When vendoring jaraco packages, ensure the namespace package is converted to a simple package to support zip importer.

60.8.0

Not secure
=======


Changes
-------
* 3085: Setuptools now vendors importlib_resources and importlib_metadata and jaraco.text. Setuptools no longer relies on pkg_resources for ensure_directory nor parse_requirements.

Page 16 of 109

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.