fix: Upgrade setuptools to 70.1.0+ to support wheel v0.46.0 compatibility

[geminixiang]

Fixes #1021

wheel: pypa/wheel#662, pypa/wheel#660

Problem

After wheel v0.46.0 was released, bdist_wheel command migrate to setupstools>=70.1.0, link, it became incompatible with setuptools versions below 70.1.0.

UPDATE: wheel yank v0.46.0 https://pypi.org/project/wheel/#history
discussion: pypa/wheel#662 (comment)

Solution

This PR upgrades setuptools to version 70.1.0 or higher in all Docker containers to ensure compatibility with wheel v0.46.0+.

[agronholm]

Is there a reason why you picked this specific setuptools version? I would probably have used v70.3.0 instead, as it's the most up to date version that doesn't introduce potential compatibility issues.

[geminixiang]

Is there a reason why you picked this specific setuptools version? I would probably have used v70.3.0 instead, as it's the most up to date version that doesn't introduce potential compatibility issues.

I reviewed the following file and confirmed that v70.1.0 was when bdist_wheel was first added to setuptools:

https://github.com/pypa/setuptools/blob/3a3144f0d2887fa37c06550f42a101e9eebd953a/NEWS.rst?plain=1#L627-L633

but now... the version you mentioned, v70.3.0, seems better.

[yosifkit]

#1023 (comment)

I agree with edmorely and so we'll be taking the least breaking approach by just pinning the wheel version.

[y-tee]

Hi is there any plans to upgrade the setuptools to >70.0 since there is a cve on the setuptools version before this: https://www.cve.org/CVERecord?id=CVE-2024-6345

the cve allows remote code execution

[yosifkit]

is there any plans to upgrade the setuptools to >70.0

No. Related issue: #1012 and long explanation: #781 (comment)