This PR upgrades the setuptools dependency to version 78.1.1, which includes a fix for a known path traversal vulnerability.
The issue stemmed from unsafe handling of URLs in PackageIndex.download, allowing an attacker to write arbitrary files via crafted URLs.

Impact:
The vulnerability could potentially allow arbitrary file writes during package downloads, especially in scenarios using deprecated mechanisms like easy_install.

Fix:
setuptools>=78.1.1 introduces proper sanitization for filenames derived from URLs, mitigating the risk.

Note:
This change also ensures compatibility with poetry and avoids dependency resolution failures triggered by older versions of setuptools.

Related issue:
Dependabot #172