py3-virtualenv - remove obsolete embedded wheels.

This will stop scanner from reporting CVE-2024-634 and save 3MB of space. See also pypa/virtualenv#2758
smoser · Sep 5, 2024 · 20c882f · 20c882f
1 parent ea95cad
commit 20c882f
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/py3-virtualenv.yaml b/py3-virtualenv.yaml
@@ -1,7 +1,7 @@
 package:
   name: py3-virtualenv
   version: 20.26.3
-  epoch: 2
+  epoch: 3
   description: Virtual Python Environment builder
   copyright:
     - license: "MIT"
@@ -52,8 +52,13 @@ subpackages:
           python: python${{range.key}}
       - name: Remove embedded setuptools wheel for python3.7 (CVE-2024-6345)
         runs: |
-          cd ${{targets.contextdir}}/usr/lib/python${{range.key}}/site-packages
-          rm virtualenv/seed/wheels/embed/setuptools-68.0.0-py3-none-any.whl
+          # https://github.com/pypa/virtualenv/issues/2758
+          cd ${{targets.contextdir}}/usr/lib/python${{range.key}}/site-packages/virtualenv/seed/wheels/embed/
+          rm -v \
+            pip-24.0-py3-none-any.whl \
+            setuptools-68.0.0-py3-none-any.whl \
+            wheel-0.42.0-py3-none-any.whl
+
       - uses: strip
     test:
       pipeline: