pants Upgrade `setuptools` to fix CVE

Closes #21184. This has the side effect of removing default tool lockfile support for Python 3.7 by default; however, support can be restored via creating a custom tool lockfile.

Aug 16 '24 17:08 krishnan-chandra

This is a bit gnarly, because the tests in many other places in the Pants repo depend upon the setuptools backend. We can either change those tests to work with Python 3.8+, or abandon this upgrade for now. Not sure what the best course of action is.

Aug 19 '24 13:08 krishnan-chandra

@krishnan-chandra thanks for running with this so far! I hope to tease out some of the Python 3.7 and other complications you ran into, which I hope leaves a more straightforward setuptools upgrade and not a tangled rebase mess.

Sep 07 '24 02:09 cburroughs

We've just branched for 2.23, so merging this pull request now will come out in 2.24, please move the release notes updates to docs/notes/2.24.x.md. Thank you!

Sep 11 '24 21:09 huonw

With #21389 landed I think this should be clear of scope spiraling road blocks. Let me know if you run into any other trouble.

Sep 12 '24 13:09 cburroughs

Yes! I think that should be the last roadblock, I will get this cleaned up and rebased later today.

Sep 12 '24 14:09 krishnan-chandra