From f9524b2f0ab31977c3859cf98f6ce2d0de203431 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Mon, 19 Jan 2026 12:03:45 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(backend)=20prevent=20auto?=
 =?UTF-8?q?matic=20upgrade=20setuptools?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The latest `setuptools` version pulls in a `jaraco.context` version that
triggers a Trivy scan failure. `jaraco.context` has a path traversal
vulnerability.

This fix is inspired by suitenumerique/people, specifically Marie’s PR #1010.
---
 CHANGELOG.md | 5 ++++-
 Dockerfile   | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7965a499..cea017e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,8 +8,11 @@ and this project adheres to
 
 ## [Unreleased]
 
-## [1.3.0] - 2026-01-13
+### Fixed
 
+🔒(backend) prevent automatic upgrade setuptools
+
+## [1.3.0] - 2026-01-13
 
 ### Added
 
diff --git a/Dockerfile b/Dockerfile
index f5243bef..6151f15f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@
 FROM python:3.13.5-alpine3.21 AS base
 
 # Upgrade pip to its latest release to speed up dependencies installation
-RUN python -m pip install --upgrade pip setuptools
+RUN python -m pip install --upgrade pip
 
 # Upgrade system packages to install security updates
 RUN apk update && \