Setuptools 82.0.1 latest version fix not working #5206
Replies: 2 comments
-
|
Devil |
Beta Was this translation helpful? Give feedback.
-
|
A few things to check here, because this usually means the version that Snyk scans is not the same version you expect to be installed 1. Rebuild the Docker image without cache docker build --no-cache -t your-image .2. Verify the version inside the final image docker run --rm your-image python -c "import setuptools; print(setuptools.__version__, setuptools.__file__)"
docker run --rm your-image python -m pip show setuptoolsIf this still shows an older version, then the upgrade did not actually land in the final runtime image 3. Make the upgrade explicit in the Dockerfile RUN python -m pip install --upgrade "setuptools==82.0.1"Using 4. Check whether Snyk is scanning the image or only a manifest / lock file If the final image really contains In that case, re-trigger the scan after confirming the installed version inside the built image |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I have updated setuptools==82.0.1 , as suggested it is the latest version without no vulnerabilities.
I am using this inside ecs requirement.txt and ecs docker file. As A fix for the below vulnerabilities.
Regular Expression Denial of Service (ReDoS) - fix Upgrading to setuptools@65.5.1
Improper Control of Generation of Code ('Code Injection') - Upgrading to setuptools@70.0.0
Directory Traversal - Upgrading to setuptools@78.1.1
But even after using the latest available version, the vulnerabilites are showing up in snyk dashboard. Can somebody help me on this?
Beta Was this translation helpful? Give feedback.
All reactions