Bump setuptools to >=78.1.1 (fix 2 high severity CVEs)

[JessicaTegner]

Bumps setuptools dev dependency from pinned 68 to >=78.1.1, fixing both open Dependabot alerts:

• Path traversal in PackageIndex.download (arbitrary file write) — patched in 78.1.1
• Command injection via package URL — patched in 70.0.0

Dev dependency only — no impact on pypandoc users, but good to keep clean.

---

Note

Low Risk
Dev-only dependency bump and lockfile refresh; no runtime code changes, with minor risk of CI/dev environment incompatibilities due to the new Python>=3.9 constraint.

Overview
Updates the dev dependency on setuptools from a pinned 68 to >=78.1.1 (now constrained to Python >=3.9).

Regenerates poetry.lock with a newer Poetry version, resolving setuptools to 82.0.0 and updating associated metadata/extras and hashes.

^{Written by Cursor Bugbot for commit 17d7736. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on March 6

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.