fix(deps): vuln setuptools (major → 82.0.1) [cybersixgill_actionable_alerts] by gh-worker-campaigns-3e9aa4[bot] · Pull Request #2993 · DataDog/integrations-extras

gh-worker-campaigns-3e9aa4 · 2026-05-07T18:35:26Z

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

cybersixgill_actionable_alerts (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
setuptools	57.0.0	82.0.1	major	Direct	6 HIGH, 2 MEDIUM

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

Review the changelog/release notes for breaking changes
Test thoroughly in a staging environment
Update any code that depends on changed APIs
Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	GHSA-cx63-2mw6-8hw5	HIGH	setuptools vulnerable to Command Injection via package URL	57.0.0	70.0.0
setuptools	CVE-2024-6345	HIGH	-	57.0.0	-
setuptools	GHSA-r9hx-vwmv-q579	HIGH	pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)	57.0.0	65.5.1
setuptools	GHSA-5rjg-fvgr-3xxf	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	57.0.0	78.1.1
setuptools	CVE-2025-47273	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	57.0.0	-
setuptools	PYSEC-2025-49	HIGH	-	57.0.0	250a6d17978f9f6ac3ac887091f2d32886fbbb0b

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	PYSEC-2022-43012	medium	-	57.0.0	43a9c9bfa6aa626ec2a22540bea28d2ca77964be
setuptools	CVE-2022-40897	medium	-	57.0.0	-

📅 Dependencies Nearing EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
setuptools	`57.0.0`	May 23, 2026	`82.0.1`	`cybersixgill_actionable_alerts/requirements.txt`

Review Checklist

Extra review is recommended for this update:

Review changes for compatibility with your code
Check release notes for breaking changes
Run integration tests to verify service behavior
Test in staging environment before production
Monitor key metrics after deployment
Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Executing automated changes

e5837cd

gh-worker-campaigns-3e9aa4 Bot added campaigner-automated-change adms-high-severity adms-major-update adms-medium-severity adms-mode-all-vulns adms-python adms-dependency-update labels May 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): vuln setuptools (major → 82.0.1) [cybersixgill_actionable_alerts]#2993

fix(deps): vuln setuptools (major → 82.0.1) [cybersixgill_actionable_alerts]#2993
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/pip/cybersixgill_actionable_alerts/1-1778178914

gh-worker-campaigns-3e9aa4 Bot commented May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

gh-worker-campaigns-3e9aa4 Bot commented May 7, 2026

Updates

Security Details

Review Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants