VULN UPGRADE: setuptools (major → 82.0.0) [local/etc]

[campaigner-prod]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• local/etc (pip)

Updates

Package	From	To	Type	Vulnerabilities Fixed
setuptools	60.10.0	82.0.0	major	8 HIGH

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (8 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	GHSA-r9hx-vwmv-q579	HIGH	pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)	60.10.0	65.5.1
setuptools	CVE-2022-40897	HIGH	-	60.10.0	-
setuptools	PYSEC-2022-43012	HIGH	-	60.10.0	43a9c9bfa6aa626ec2a22540bea28d2ca77964be
setuptools	GHSA-cx63-2mw6-8hw5	HIGH	setuptools vulnerable to Command Injection via package URL	60.10.0	70.0.0
setuptools	CVE-2024-6345	HIGH	-	60.10.0	-
setuptools	GHSA-5rjg-fvgr-3xxf	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	60.10.0	78.1.1
setuptools	CVE-2025-47273	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	60.10.0	-
setuptools	PYSEC-2025-49	HIGH	-	60.10.0	250a6d17978f9f6ac3ac887091f2d32886fbbb0b

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System