Update dependency certifi to v2024.7.4 [SECURITY] #23

Merged

timatlee merged 1 commits from renovate/pypi-certifi-vulnerability into main 2024-07-09 20:26:39 -06:00

Conversation 0 Commits 1 Files Changed 1 +1 -1

renovate-bot commented 2024-07-06 00:00:21 -06:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
certifi	minor	==2024.6.2 -> ==2024.7.4

---

Certifi removes GLOBALTRUST root certificate

CGA-6v56-8m7g-x649 / CGA-8493-6499-2mc5 / CGA-8qgh-gj56-2mhf / CGA-f5h2-p64r-hgpf / CGA-h96w-2q45-hmp9 / CGA-hv83-mq7r-r58m / CGA-m8x2-jj4x-r82h / CGA-mgvx-56mp-qxp4 / CGA-r3c7-44cm-2pr4 / CGA-wgrc-28p5-r64q / CVE-2024-39689 / GHSA-248v-346w-9cwc

More information

Details

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Severity

Low

References

• https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
• https://nvd.nist.gov/vuln/detail/CVE-2024-39689
• https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
• https://github.com/certifi/python-certifi
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

certifi/python-certifi (certifi)

v2024.7.4

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Edmonton, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [certifi](https://github.com/certifi/python-certifi) | minor | `==2024.6.2` -> `==2024.7.4` | --- ### Certifi removes GLOBALTRUST root certificate CGA-6v56-8m7g-x649 / CGA-8493-6499-2mc5 / CGA-8qgh-gj56-2mhf / CGA-f5h2-p64r-hgpf / CGA-h96w-2q45-hmp9 / CGA-hv83-mq7r-r58m / CGA-m8x2-jj4x-r82h / CGA-mgvx-56mp-qxp4 / CGA-r3c7-44cm-2pr4 / CGA-wgrc-28p5-r64q / [CVE-2024-39689](https://nvd.nist.gov/vuln/detail/CVE-2024-39689) / [GHSA-248v-346w-9cwc](https://github.com/advisories/GHSA-248v-346w-9cwc) <details> <summary>More information</summary> #### Details Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found [here]( https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI). #### Severity Low #### References - [https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc](https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc) - [https://nvd.nist.gov/vuln/detail/CVE-2024-39689](https://nvd.nist.gov/vuln/detail/CVE-2024-39689) - [https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463](https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463) - [https://github.com/certifi/python-certifi](https://github.com/certifi/python-certifi) - [https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-248v-346w-9cwc) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>certifi/python-certifi (certifi)</summary> ### [`v2024.7.4`](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) [Compare Source](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone America/Edmonton, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjQuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQyNi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate-bot added 1 commit 2024-07-06 00:00:21 -06:00

Update dependency certifi to v2024.7.4 [SECURITY] 7b457440fc

timatlee merged commit 33e87640f6 into main 2024-07-09 20:26:39 -06:00

timatlee referenced this issue from a commit 2024-07-09 20:26:40 -06:00

Merge pull request 'Update dependency certifi to v2024.7.4 [SECURITY]' (#23) from renovate/pypi-certifi-vulnerability into main

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

renovate-bot timatlee

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: timatlee/cloudflare-ddns-docker-updated#23

No description provided.