fix(deps): vuln setuptools (major → 82.0.1) [tokumx]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• tokumx (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
setuptools	66	82.0.1	major	Direct	5 HIGH

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (5 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
setuptools	GHSA-cx63-2mw6-8hw5	HIGH	setuptools vulnerable to Command Injection via package URL	66	70.0.0
setuptools	CVE-2024-6345	HIGH	-	66	-
setuptools	GHSA-5rjg-fvgr-3xxf	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	66	78.1.1
setuptools	CVE-2025-47273	HIGH	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write	66	-
setuptools	PYSEC-2025-49	HIGH	-	66	250a6d17978f9f6ac3ac887091f2d32886fbbb0b

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[dd-octo-sts]

Validation Report

All 20 validations passed.

Show details

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
license-headers	Validate Python files have proper license headers	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
models	Validate configuration data models match spec.yaml	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run