From f199acf6c21eb99bdfc2304b245952908e0e7f52 Mon Sep 17 00:00:00 2001
From: Anthony LC <anthony.le-courric@mail.numerique.gouv.fr>
Date: Fri, 16 Jan 2026 12:43:02 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(trivy)=20fix=20vulnerabil?=
 =?UTF-8?q?ity=20about=20jaraco.context?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We got a vulnerability report from Trivy about
jaraco.context package. It comes from setuptools.
setuptools does not seems used by the application.
We removed it.
---
 CHANGELOG.md | 5 +++++
 Dockerfile   | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0b212be3..e1903b43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,11 @@ and this project adheres to
 - ♿(frontend) improve accessibility:
   - ♿️(frontend) fix subdoc opening and emoji pick focus #1745
 
+### Security
+
+- 🔒️(trivy) fix vulnerability about jaraco.context #1806
+
+
 ## [4.4.0] - 2026-01-13
 
 ### Added
diff --git a/Dockerfile b/Dockerfile
index c9b574e6..82785f8f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@
 FROM python:3.13.3-alpine AS base
 
 # Upgrade pip to its latest release to speed up dependencies installation
-RUN python -m pip install --upgrade pip setuptools
+RUN python -m pip install --upgrade pip
 
 # Upgrade system packages to install security updates
 RUN apk update && apk upgrade --no-cache