Poetry and setuptools CVE-2025-47273

[jamesrobson-secondmind]

There's a vulnerability that allows attacks when installing malicious packages.
Am I correct that what matters is the version of setuptools in poetry's own virtual env, and not what's installed in the projects venv?
What's the best way to ensure poetry has an up to date version of setuptools?

[dimbleby]

poetry does not use setuptools, no action needed