Skip to content

[Snyk] Security upgrade setuptools from 40.5.0 to 65.5.1#6

Open
ALex83-r0ck wants to merge 1 commit into
masterfrom
snyk-fix-de0cf0f2109efe75ce1c4c955b76596b
Open

[Snyk] Security upgrade setuptools from 40.5.0 to 65.5.1#6
ALex83-r0ck wants to merge 1 commit into
masterfrom
snyk-fix-de0cf0f2109efe75ce1c4c955b76596b

Conversation

@ALex83-r0ck

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt
⚠️ Warning
transformers 4.30.2 requires numpy, which is not installed.
transformers 4.30.2 requires tokenizers, which is not installed.
transformers 4.30.2 requires safetensors, which is not installed.
torchvision 0.14.1 requires numpy, which is not installed.
sentence-transformers 2.2.2 requires numpy, which is not installed.
sentence-transformers 2.2.2 requires scipy, which is not installed.
scikit-learn 1.0.2 requires scipy, which is not installed.
scikit-learn 1.0.2 requires numpy, which is not installed.
onnxruntime 1.14.1 requires numpy, which is not installed.
chromadb 0.4.14 requires tokenizers, which is not installed.
chromadb 0.4.14 requires numpy, which is not installed.
chroma-hnswlib 0.7.3 requires numpy, which is not installed.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
@ALex83-r0ck

Copy link
Copy Markdown
Owner Author

Merge Risk: High

This is a major upgrade for setuptools spanning over 25 major versions and contains numerous significant breaking changes.

Key Breaking Changes:

  • Python Version Support: Support for Python 2.7 was dropped in v44.0.0 and support for Python 3.6 was dropped in v60.0.0. Later versions within this range require at least Python 3.7.
  • easy_install Removed: The easy_install command, long deprecated, was completely removed in v80.0.0.
  • 2to3 Build Step Removed: In v58.0.0, the automatic 2to3 code translation during the build process was removed. Projects that relied on this feature to support Python 3 will break.
  • setup.py Command Changes: The develop command now defers to pip for editable installs, and the upload_docs, register, and upload commands have been removed.
  • setup.cfg Stricter Parsing: Since v54.1.0, options in setup.cfg must use lower_snake_case and not contain uppercase or dash characters. This was enforced as an error in later versions.

Recommendation: This upgrade will likely require significant changes to your build process and configuration files (setup.py, setup.cfg, pyproject.toml). It is critical to test your package building, installation, and CI/CD pipelines thoroughly. Given the number of breaking changes, a gradual upgrade is advisable if possible.

Source: Setuptools Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@ALex83-r0ck ALex83-r0ck self-assigned this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants