🔒️(backend) prevent automatic upgrade setuptools

The latest `setuptools` version pulls in a `jaraco.context` version that triggers a Trivy scan failure. `jaraco.context` has a path traversal vulnerability. This fix is inspired by suitenumerique/people, specifically Marie’s PR #1010.
2026-01-19 12:03:45 +01:00
parent a50aabeaf8
commit f9524b2f0a
2 changed files with 5 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,8 +8,11 @@ and this project adheres to

 ## [Unreleased]

-## [1.3.0] - 2026-01-13
+### Fixed

+🔒(backend) prevent automatic upgrade setuptools
+
+## [1.3.0] - 2026-01-13

 ### Added