1
97%
master: 97%

Ran 06 Aug 2024 09:34AM UTC

Files 83

Run time 2s

Badge

Embed ▾

Committed 06 Aug 2024 09:28AM UTC coverage: 97.208%. Remained the same

Job # 10263956236.1

Build Type

push

github

Committed by

mkosiarc

Commit Message

Update setuptools and packaging version

The setuptools update addresses a vulnerability alert by dependabot:
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions.
These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection.
If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

The packaging update is necessary for the setuptools update (or we could
freeze it to version 70.x). But if version > 71 is used, we have to update the
packaging version to 22 or higher. Otherwise the build process fails
with

TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
More information in https://github.com/pypa/setuptools/issues/4483

STONEBLD-2636

Signed-off-by: mkosiarc <mkosiarc@redhat.com>

Run Details

9470 of 9742 relevant lines covered (97.21%)

0.97 hits per line

containerbuildsystem / atomic-reactor / 10263956236 / 1
97%
master: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job rockylinux-8-python3.8 - 10263956236.1

containerbuildsystem / atomic-reactor / 10263956236 / 1 97% master: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job rockylinux-8-python3.8 - 10263956236.1

containerbuildsystem / atomic-reactor / 10263956236 / 1
97%
master: 97%

README BADGES
x