mirror of
				https://gitea.com/actions/setup-python.git
				synced 2025-10-25 07:16:38 +00:00 
			
		
		
		
	Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download (#1165)
* fix #174 * npm audit fix
This commit is contained in:
		
							
								
								
									
										51
									
								
								__tests__/data/poetry.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										51
									
								
								__tests__/data/poetry.lock
									
									
									
										generated
									
									
									
								
							| @@ -1,4 +1,4 @@ | ||||
| # This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand. | ||||
| # This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand. | ||||
|  | ||||
| [[package]] | ||||
| name = "altgraph" | ||||
| @@ -6,6 +6,7 @@ version = "0.17.4" | ||||
| description = "Python graph (network) package" | ||||
| optional = false | ||||
| python-versions = "*" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "altgraph-0.17.4-py2.py3-none-any.whl", hash = "sha256:642743b4750de17e655e6711601b077bc6598dbfa3ba5fa2b2a35ce12b508dff"}, | ||||
|     {file = "altgraph-0.17.4.tar.gz", hash = "sha256:1b5afbb98f6c4dcadb2e2ae6ab9fa994bbb8c1d75f4fa96d340f9437ae454406"}, | ||||
| @@ -17,6 +18,7 @@ version = "4.0.1" | ||||
| description = "the modular source code checker: pep8 pyflakes and co" | ||||
| optional = false | ||||
| python-versions = ">=3.6" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "flake8-4.0.1-py2.py3-none-any.whl", hash = "sha256:479b1304f72536a55948cb40a32dce8bb0ffe3501e26eaf292c7e60eb5e0428d"}, | ||||
|     {file = "flake8-4.0.1.tar.gz", hash = "sha256:806e034dda44114815e23c16ef92f95c91e4c71100ff52813adf7132a6ad870d"}, | ||||
| @@ -33,6 +35,8 @@ version = "8.5.0" | ||||
| description = "Read metadata from Python packages" | ||||
| optional = false | ||||
| python-versions = ">=3.8" | ||||
| groups = ["main"] | ||||
| markers = "python_version == \"3.9\"" | ||||
| files = [ | ||||
|     {file = "importlib_metadata-8.5.0-py3-none-any.whl", hash = "sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"}, | ||||
|     {file = "importlib_metadata-8.5.0.tar.gz", hash = "sha256:71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7"}, | ||||
| @@ -42,12 +46,12 @@ files = [ | ||||
| zipp = ">=3.20" | ||||
|  | ||||
| [package.extras] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1) ; sys_platform != \"cygwin\""] | ||||
| cover = ["pytest-cov"] | ||||
| doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] | ||||
| enabler = ["pytest-enabler (>=2.2)"] | ||||
| perf = ["ipython"] | ||||
| test = ["flufl.flake8", "importlib-resources (>=1.3)", "jaraco.test (>=5.4)", "packaging", "pyfakefs", "pytest (>=6,!=8.1.*)", "pytest-perf (>=0.9.2)"] | ||||
| test = ["flufl.flake8", "importlib-resources (>=1.3) ; python_version < \"3.9\"", "jaraco.test (>=5.4)", "packaging", "pyfakefs", "pytest (>=6,!=8.1.*)", "pytest-perf (>=0.9.2)"] | ||||
| type = ["pytest-mypy"] | ||||
|  | ||||
| [[package]] | ||||
| @@ -56,6 +60,8 @@ version = "1.16.3" | ||||
| description = "Mach-O header analysis and editing" | ||||
| optional = false | ||||
| python-versions = "*" | ||||
| groups = ["main"] | ||||
| markers = "sys_platform == \"darwin\"" | ||||
| files = [ | ||||
|     {file = "macholib-1.16.3-py2.py3-none-any.whl", hash = "sha256:0e315d7583d38b8c77e815b1ecbdbf504a8258d8b3e17b61165c6feb60d18f2c"}, | ||||
|     {file = "macholib-1.16.3.tar.gz", hash = "sha256:07ae9e15e8e4cd9a788013d81f5908b3609aa76f9b1421bae9c4d7606ec86a30"}, | ||||
| @@ -70,6 +76,7 @@ version = "0.6.1" | ||||
| description = "McCabe checker, plugin for flake8" | ||||
| optional = false | ||||
| python-versions = "*" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, | ||||
|     {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, | ||||
| @@ -81,6 +88,7 @@ version = "24.2" | ||||
| description = "Core utilities for Python packages" | ||||
| optional = false | ||||
| python-versions = ">=3.8" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"}, | ||||
|     {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"}, | ||||
| @@ -92,6 +100,8 @@ version = "2024.8.26" | ||||
| description = "Python PE parsing module" | ||||
| optional = false | ||||
| python-versions = ">=3.6.0" | ||||
| groups = ["main"] | ||||
| markers = "sys_platform == \"win32\"" | ||||
| files = [ | ||||
|     {file = "pefile-2024.8.26-py3-none-any.whl", hash = "sha256:76f8b485dcd3b1bb8166f1128d395fa3d87af26360c2358fb75b80019b957c6f"}, | ||||
|     {file = "pefile-2024.8.26.tar.gz", hash = "sha256:3ff6c5d8b43e8c37bb6e6dd5085658d658a7a0bdcd20b6a07b1fcfc1c4e9d632"}, | ||||
| @@ -103,6 +113,7 @@ version = "2.8.0" | ||||
| description = "Python style guide checker" | ||||
| optional = false | ||||
| python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "pycodestyle-2.8.0-py2.py3-none-any.whl", hash = "sha256:720f8b39dde8b293825e7ff02c475f3077124006db4f440dcbc9a20b76548a20"}, | ||||
|     {file = "pycodestyle-2.8.0.tar.gz", hash = "sha256:eddd5847ef438ea1c7870ca7eb78a9d47ce0cdb4851a5523949f2601d0cbbe7f"}, | ||||
| @@ -114,6 +125,7 @@ version = "2.4.0" | ||||
| description = "passive checker of Python programs" | ||||
| optional = false | ||||
| python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "pyflakes-2.4.0-py2.py3-none-any.whl", hash = "sha256:3bb3a3f256f4b7968c9c788781e4ff07dce46bdf12339dcda61053375426ee2e"}, | ||||
|     {file = "pyflakes-2.4.0.tar.gz", hash = "sha256:05a85c2872edf37a4ed30b0cce2f6093e1d0581f8c19d7393122da7e25b2b24c"}, | ||||
| @@ -125,6 +137,7 @@ version = "6.10.0" | ||||
| description = "PyInstaller bundles a Python application and all its dependencies into a single package." | ||||
| optional = false | ||||
| python-versions = "<3.14,>=3.8" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "pyinstaller-6.10.0-py3-none-macosx_10_13_universal2.whl", hash = "sha256:d60fb22859e11483af735aec115fdde09467cdbb29edd9844839f2c920b748c0"}, | ||||
|     {file = "pyinstaller-6.10.0-py3-none-manylinux2014_aarch64.whl", hash = "sha256:46d75359668993ddd98630a3669dc5249f3c446e35239b43bc7f4155bc574748"}, | ||||
| @@ -160,6 +173,7 @@ version = "2025.1" | ||||
| description = "Community maintained hooks for PyInstaller" | ||||
| optional = false | ||||
| python-versions = ">=3.8" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "pyinstaller_hooks_contrib-2025.1-py3-none-any.whl", hash = "sha256:d3c799470cbc0bda60dcc8e6b4ab976777532b77621337f2037f558905e3a8e9"}, | ||||
|     {file = "pyinstaller_hooks_contrib-2025.1.tar.gz", hash = "sha256:130818f9e9a0a7f2261f1fd66054966a3a50c99d000981c5d1db11d3ad0c6ab2"}, | ||||
| @@ -176,6 +190,8 @@ version = "0.2.3" | ||||
| description = "A (partial) reimplementation of pywin32 using ctypes/cffi" | ||||
| optional = false | ||||
| python-versions = ">=3.6" | ||||
| groups = ["main"] | ||||
| markers = "sys_platform == \"win32\"" | ||||
| files = [ | ||||
|     {file = "pywin32-ctypes-0.2.3.tar.gz", hash = "sha256:d162dc04946d704503b2edc4d55f3dba5c1d539ead017afa00142c38b9885755"}, | ||||
|     {file = "pywin32_ctypes-0.2.3-py3-none-any.whl", hash = "sha256:8a1513379d709975552d202d942d9837758905c8d01eb82b8bcc30918929e7b8"}, | ||||
| @@ -183,23 +199,24 @@ files = [ | ||||
|  | ||||
| [[package]] | ||||
| name = "setuptools" | ||||
| version = "75.3.2" | ||||
| version = "80.9.0" | ||||
| description = "Easily download, build, install, upgrade, and uninstall Python packages" | ||||
| optional = false | ||||
| python-versions = ">=3.8" | ||||
| python-versions = ">=3.9" | ||||
| groups = ["main"] | ||||
| files = [ | ||||
|     {file = "setuptools-75.3.2-py3-none-any.whl", hash = "sha256:90ab613b6583fc02d5369cbca13ea26ea0e182d1df2d943ee9cbe81d4c61add9"}, | ||||
|     {file = "setuptools-75.3.2.tar.gz", hash = "sha256:3c1383e1038b68556a382c1e8ded8887cd20141b0eb5708a6c8d277de49364f5"}, | ||||
|     {file = "setuptools-80.9.0-py3-none-any.whl", hash = "sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922"}, | ||||
|     {file = "setuptools-80.9.0.tar.gz", hash = "sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c"}, | ||||
| ] | ||||
|  | ||||
| [package.extras] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.5.2)"] | ||||
| core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.collections", "jaraco.functools", "jaraco.text (>=3.7)", "more-itertools", "more-itertools (>=8.8)", "packaging", "packaging (>=24)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1) ; sys_platform != \"cygwin\"", "ruff (>=0.8.0) ; sys_platform != \"cygwin\""] | ||||
| core = ["importlib_metadata (>=6) ; python_version < \"3.10\"", "jaraco.functools (>=4)", "jaraco.text (>=3.7)", "more_itertools", "more_itertools (>=8.8)", "packaging (>=24.2)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1) ; python_version < \"3.11\"", "wheel (>=0.43.0)"] | ||||
| cover = ["pytest-cov"] | ||||
| doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"] | ||||
| enabler = ["pytest-enabler (>=2.2)"] | ||||
| test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test (>=5.5)", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "ruff (<=0.7.1)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"] | ||||
| type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.12.*)", "pytest-mypy"] | ||||
| test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21) ; python_version >= \"3.9\" and sys_platform != \"cygwin\"", "jaraco.envs (>=2.2)", "jaraco.path (>=3.7.2)", "jaraco.test (>=5.5)", "packaging (>=24.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf ; sys_platform != \"cygwin\"", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"] | ||||
| type = ["importlib_metadata (>=7.0.2) ; python_version < \"3.10\"", "jaraco.develop (>=7.21) ; sys_platform != \"cygwin\"", "mypy (==1.14.*)", "pytest-mypy"] | ||||
|  | ||||
| [[package]] | ||||
| name = "zipp" | ||||
| @@ -207,20 +224,22 @@ version = "3.20.2" | ||||
| description = "Backport of pathlib-compatible object wrapper for zip files" | ||||
| optional = false | ||||
| python-versions = ">=3.8" | ||||
| groups = ["main"] | ||||
| markers = "python_version == \"3.9\"" | ||||
| files = [ | ||||
|     {file = "zipp-3.20.2-py3-none-any.whl", hash = "sha256:a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"}, | ||||
|     {file = "zipp-3.20.2.tar.gz", hash = "sha256:bc9eb26f4506fda01b81bcde0ca78103b6e62f991b381fec825435c836edbc29"}, | ||||
| ] | ||||
|  | ||||
| [package.extras] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] | ||||
| check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1) ; sys_platform != \"cygwin\""] | ||||
| cover = ["pytest-cov"] | ||||
| doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"] | ||||
| enabler = ["pytest-enabler (>=2.2)"] | ||||
| test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] | ||||
| test = ["big-O", "importlib-resources ; python_version < \"3.9\"", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] | ||||
| type = ["pytest-mypy"] | ||||
|  | ||||
| [metadata] | ||||
| lock-version = "2.0" | ||||
| python-versions = ">=3.8,<3.14" | ||||
| content-hash = "6db8fff0987f3dadb02cbf0e510a2d04b01ab2dc6d7b0fb32a0e33a8d30b3a58" | ||||
| lock-version = "2.1" | ||||
| python-versions = ">=3.9,<3.14" | ||||
| content-hash = "9a14798bf374c540031f893ff18f9b187bd984391e9da99d13c0e6710b7de09e" | ||||
|   | ||||
| @@ -5,13 +5,13 @@ description = "" | ||||
| authors = ["Your Name <you@example.com>"] | ||||
|  | ||||
| [tool.poetry.dependencies] | ||||
| python = ">=3.8,<3.14" | ||||
| python = ">=3.9,<3.14" | ||||
| flake8 = "^4.0.1" | ||||
| pyinstaller = "6.10.0" | ||||
|  | ||||
| setuptools = ">=78.1.1"  | ||||
|  | ||||
| [tool.poetry.dev-dependencies] | ||||
|  | ||||
| [build-system] | ||||
| requires = ["poetry-core>=1.0.0"] | ||||
| build-backend = "poetry.core.masonry.api" | ||||
| build-backend = "poetry.core.masonry.api" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 aparnajyothi-y
					aparnajyothi-y