Revert "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)

This reverts commit e8b2920aec95de2c51308ce2fb14773ef676d01a.
2026-01-11 18:09:57 -03:30 · 2025-07-23 13:22:25 -04:00 · 2025-07-23 13:22:25 -04:00 · 550ae51aec
commit 550ae51aec
parent e8b2920aec
3 changed files with 4 additions and 6 deletions
--- a/2
+++ b/2
@ -77,7 +77,7 @@ RECEPTOR_IMAGE ?= quay.io/ansible/receptor:devel
 SRC_ONLY_PKGS ?= cffi,pycparser,psycopg,twilio
 # These should be upgraded in the AWX and Ansible venv before attempting
 # to install the actual requirements
-VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==78.1.1 setuptools_scm[toml]==8.0.4 wheel==0.42.0 cython==0.29.37
+VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==69.0.2 setuptools_scm[toml]==8.0.4 wheel==0.42.0 cython==0.29.37

 NAME ?= awx

--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@ -73,7 +73,7 @@ uWSGI>=2.0.28
 uwsgitop
 wheel>=0.38.1  # CVE-2022-40898
 pip==21.2.4  # see UPGRADE BLOCKERs
-setuptools==78.1.1  # see UPGRADE BLOCKERs
+setuptools  # see UPGRADE BLOCKERs
 setuptools_scm[toml]  # see UPGRADE BLOCKERs, xmlsec build dep
 setuptools-rust>=0.11.4  # cryptography build dep
 pkgconfig>=1.5.1  # xmlsec build dep - needed for offline build
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -190,9 +190,7 @@ djangorestframework-yaml==2.0.0
 docutils==0.20.1
    # via python-daemon
 dynaconf==3.2.10
-    # via
-    #   -r /awx_devel/requirements/requirements.in
-    #   django-ansible-base
+    # via django-ansible-base
 enum-compat==0.0.3
    # via asn1
 filelock==3.13.1
@ -612,7 +610,7 @@ zope-interface==6.2
 # The following packages are considered to be unsafe in a requirements file:
 pip==21.2.4
    # via -r /awx_devel/requirements/requirements.in
-setuptools==78.1.1
+setuptools==69.0.2
    # via
    #   -r /awx_devel/requirements/requirements.in
    #   asciichartpy