Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Dependencies] Upgrade setuptools to >= 70.0.0 #6369

Closed
wants to merge 1 commit into from
Closed

[Dependencies] Upgrade setuptools to >= 70.0.0 #6369

wants to merge 1 commit into from

Conversation

gmarciani
Copy link
Contributor

@gmarciani gmarciani commented Jul 26, 2024
edited
Loading

Description of changes

Upgrade setuptools from 69.5.1 to to >= 70.0.0 to mitigate the below vulns:

  1. https://github.com/aws/aws-parallelcluster/security/dependabot/12
  2. https://github.com/aws/aws-parallelcluster/security/dependabot/11
  3. https://github.com/aws/aws-parallelcluster/security/dependabot/10

Tests

PR checks

References

  • Link to impacted open issues.
  • Link to related PRs in other packages (i.e. cookbook, node).
  • Link to documentation useful to understand the changes.

Checklist

  • Make sure you are pointing to the right branch.
  • If you're creating a patch for a branch other than develop add the branch name as prefix in the PR title (e.g. [release-3.6]).
  • Check all commits' messages are clear, describing what and why vs how.
  • Make sure to have added unit tests or integration tests to cover the new/modified code.
  • Check if documentation is impacted by this change.

Please review the guidelines for contributing and Pull Request Instructions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@gmarciani gmarciani added skip-changelog-update Disables the check that enforces changelog updates in PRs dependencies Pull requests that update a dependency file 3.x labels Jul 26, 2024
@gmarciani gmarciani force-pushed the wip/mgiacomo/3110/upgrade-setuptools-0726-1 branch from 1210f68 to 9975cb8 Compare July 26, 2024 10:56
@gmarciani gmarciani force-pushed the wip/mgiacomo/3110/upgrade-setuptools-0726-1 branch from 9975cb8 to eaec8a0 Compare July 26, 2024 11:05
@gmarciani gmarciani changed the title [Dependencies] Upgrade setuptools from 69.5.1 to 71.1.0 [Dependencies] Upgrade setuptools to >= 70.0.0 Jul 26, 2024
@gmarciani
Copy link
Contributor Author

Closed in favour of #6465

@gmarciani gmarciani closed this Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
3.x dependencies Pull requests that update a dependency file skip-changelog-update Disables the check that enforces changelog updates in PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gmarciani