build: Bump setuptools >= 80.10.1 and wheel >= 0.46.2

[chtruong814]

What does this PR do ?

build: Bump setuptools >= 80.10.1 and wheel >= 0.46.2 to address CVEs

Issues

List issues that this PR closes (syntax):

Usage

• You can potentially add a usage example below

# Add a code snippet demonstrating how to use this

Before your PR is "Ready for review"

Pre checks:

• Make sure you read and followed Contributor guidelines
• Did you write any new necessary tests?
• Did you run the unit tests and functional tests locally? Visit our Testing Guide for how to run tests
• Did you add or update any necessary documentation? Visit our Document Development Guide for how to write, build and test the docs.

Additional Information

• ...

Summary by CodeRabbit

Release Notes

• Chores
  • Updated dependency constraints to ensure improved compatibility and stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[terrykong]

@chtruong814 looks like the lock file wasn't updated properly

[chtruong814]

face palm. Need to also commit the pyproject.toml

[coderabbitai]

📝 Walkthrough

Walkthrough

Dependency version constraints updated in pyproject.toml. Added setuptools>=80.10.1 to override-dependencies and wheel>=0.46.2 to constraint-dependencies.

Changes

Cohort / File(s)	Summary
Dependency version constraints pyproject.toml	Updated override-dependencies with setuptools>=80.10.1 and constraint-dependencies with wheel>=0.46.2

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• terrykong

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately describes the main change: bumping setuptools and wheel dependency versions to address CVEs, which aligns with both the file changes and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Test Results For Major Changes	✅ Passed	The PR contains minor dependency version updates to address CVEs in setuptools and wheel, not major changes requiring test documentation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@pyproject.toml`:
- Around line 259-260: Update build-system.requires to pin wheel to a safe
minimum by adding "wheel>=0.46.2" alongside the existing "setuptools>=80.10.1"
so PEP 517 builds cannot select vulnerable wheel versions; ensure the same
constraint also appears where constraint-dependencies are defined (the existing
constraint-dependencies entry for wheel) so both build-system.requires and the
constraint list consistently enforce wheel>=0.46.2.

[chtruong814]

The CI passed on the latest commit here. Github is showing no tests ran because it reset after adding the cherry-pick label.
https://github.com/NVIDIA-NeMo/RL/actions/runs/21302726061