add setuptools 78'

Jyothirmaikottu · Jyothirmaikottu · commit 5193bbc737f4 · 2026-02-10T11:02:01.000-08:00
diff --git a/tensorflow/training/docker/2.19/py3/Dockerfile.cpu b/tensorflow/training/docker/2.19/py3/Dockerfile.cpu
@@ -134,11 +134,11 @@ RUN wget https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSIO
 RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh
 
 # Upgrade pip and setuptools
-# setuptools==81.0.0 fixes CVE-2026-23949 and still includes pkg_resources
-# (pkg_resources is deprecated but not removed until late 2025)
+# setuptools 78.1.1 fixes CVE-2025-47273 (path traversal vulnerability)
+# and still includes pkg_resources (needed by pandas 1.5.3 build)
 RUN uv pip install --system --no-cache \
     pip \
-    "setuptools==81.0.0" \
+    "setuptools==78.1.1" \
     wheel
 
 # Some TF tools expect a "python" binary
diff --git a/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.gpu b/tensorflow/training/docker/2.19/py3/cu125/Dockerfile.gpu
@@ -194,11 +194,11 @@ RUN wget https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSIO
 RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh
 
 # Upgrade pip and setuptools
-# setuptools==81.0.0 fixes CVE-2026-23949 and still includes pkg_resources
-# (pkg_resources is deprecated but not removed until late 2025)
+# setuptools 78.1.1 fixes CVE-2025-47273 (path traversal vulnerability)
+# and still includes pkg_resources (needed by pandas 1.5.3 build)
 RUN uv pip install --system --no-cache \
     pip \
-    "setuptools==81.0.0" \
+    "setuptools==78.1.1" \
     wheel
 
 # Some TF tools expect a "python" binary
