From 2fe01325f1e8fe43dff593c342ddd31648246e62 Mon Sep 17 00:00:00 2001
From: Aaron Levy <aaronmaxlevy@gmail.com>
Date: Tue, 3 Jun 2025 16:17:31 -0700
Subject: [PATCH 1/2] Updating setuptools to patch CVE-2025-47273

---
 CHANGELOG.md                 | 1 +
 python/private/pypi/deps.bzl | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e48e3d4f3d..f8fe2e6ecf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -72,6 +72,7 @@ END_UNRELEASED_TEMPLATE
 * (py_wheel) py_wheel always creates zip64-capable wheel zips
 * (providers) (experimental) {obj}`PyInfo.venv_symlinks` replaces
   `PyInfo.site_packages_symlinks`
+* (deps) Updating setuptools to patch CVE-2025-47273
 
 {#v0-0-0-fixed}
 ### Fixed
diff --git a/python/private/pypi/deps.bzl b/python/private/pypi/deps.bzl
index 31a5201659..73b30c69ee 100644
--- a/python/private/pypi/deps.bzl
+++ b/python/private/pypi/deps.bzl
@@ -76,8 +76,8 @@ _RULE_DEPS = [
     ),
     (
         "pypi__setuptools",
-        "https://files.pythonhosted.org/packages/de/88/70c5767a0e43eb4451c2200f07d042a4bcd7639276003a9c54a68cfcc1f8/setuptools-70.0.0-py3-none-any.whl",
-        "54faa7f2e8d2d11bcd2c07bed282eef1046b5c080d1c32add737d7b5817b1ad4",
+        "https://files.pythonhosted.org/packages/90/99/158ad0609729111163fc1f674a5a42f2605371a4cf036d0441070e2f7455/setuptools-78.1.1-py3-none-any.whl",
+        "c3a9c4211ff4c309edb8b8c4f1cbfa7ae324c4ba9f91ff254e3d305b9fd54561",
     ),
     (
         "pypi__tomli",

From eb390643effae4e02929635e60e54704917d8ba3 Mon Sep 17 00:00:00 2001
From: Aaron Levy <aaronmaxlevy@gmail.com>
Date: Sun, 8 Jun 2025 13:16:06 -0700
Subject: [PATCH 2/2] Updating changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8fe2e6ecf..eeafc70bae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -72,7 +72,7 @@ END_UNRELEASED_TEMPLATE
 * (py_wheel) py_wheel always creates zip64-capable wheel zips
 * (providers) (experimental) {obj}`PyInfo.venv_symlinks` replaces
   `PyInfo.site_packages_symlinks`
-* (deps) Updating setuptools to patch CVE-2025-47273
+* (deps) Updating setuptools to patch CVE-2025-47273.
 
 {#v0-0-0-fixed}
 ### Fixed