VULN UPGRADE: setuptools (major → 82.0.0) [apps/rolldice-game/scoring]

[campaigner-prod]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• apps/rolldice-game/scoring (pip)

Updates

Package	From	To	Type	Vulnerabilities Fixed
setuptools	59.6.0	82.0.0	major	6 HIGH, 2 MEDIUM

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	PYSEC-2025-49	high	-	59.6.0	250a6d17978f9f6ac3ac887091f2d32886fbbb0b
setuptools	CVE-2025-47273	high	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	59.6.0	-
setuptools	GHSA-5rjg-fvgr-3xxf	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	59.6.0	78.1.1
setuptools	GHSA-r9hx-vwmv-q579	HIGH	pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)	59.6.0	65.5.1
setuptools	GHSA-cx63-2mw6-8hw5	HIGH	setuptools vulnerable to Command Injection via package URL	59.6.0	70.0.0
setuptools	CVE-2024-6345	HIGH	-	59.6.0	-

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	PYSEC-2022-43012	medium	-	59.6.0	43a9c9bfa6aa626ec2a22540bea28d2ca77964be
setuptools	CVE-2022-40897	medium	-	59.6.0	-

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System