Skip to content

Update dependency certifi to v2024 [SECURITY]#117

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/pypi-certifi-vulnerability
Open

Update dependency certifi to v2024 [SECURITY]#117
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/pypi-certifi-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jul 25, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
certifi ==2022.12.7==2024.7.4 age confidence

Certifi removing TrustCor root certificate

CVE-2022-23491 / GHSA-43fp-rhv2-5gv8

More information

Details

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store.

TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found here.

Severity

  • CVSS Score: 5.9 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Removal of e-Tugra root certificate

CVE-2023-37920 / GHSA-xqr8-7jwr-rhp7

More information

Details

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Certifi removes GLOBALTRUST root certificate

CVE-2024-39689 / GHSA-248v-346w-9cwc

More information

Details

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Severity

Low

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

certifi/python-certifi (certifi)

v2024.7.4

Compare Source

v2024.6.2

Compare Source

v2024.2.2

Compare Source

v2023.11.17

Compare Source

v2023.7.22

Compare Source

v2023.5.7

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update dependency certifi to v2023 [SECURITY] Update dependency certifi to v2023 [SECURITY] - autoclosed Aug 16, 2023
@renovate renovate Bot closed this Aug 16, 2023
@renovate renovate Bot deleted the renovate/pypi-certifi-vulnerability branch August 16, 2023 20:21
@renovate renovate Bot changed the title Update dependency certifi to v2023 [SECURITY] - autoclosed Update dependency certifi to v2023 [SECURITY] Aug 17, 2023
@renovate renovate Bot reopened this Aug 17, 2023
@renovate renovate Bot restored the renovate/pypi-certifi-vulnerability branch August 17, 2023 03:25
@renovate renovate Bot force-pushed the renovate/pypi-certifi-vulnerability branch from a5ae8cf to a0f2117 Compare August 17, 2023 03:25
@renovate renovate Bot force-pushed the renovate/pypi-certifi-vulnerability branch from a0f2117 to 2b1fbd9 Compare July 5, 2024 22:18
@renovate renovate Bot changed the title Update dependency certifi to v2023 [SECURITY] Update dependency certifi to v2024 [SECURITY] Jul 5, 2024
@renovate renovate Bot changed the title Update dependency certifi to v2024 [SECURITY] Update dependency certifi to v2024 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/pypi-certifi-vulnerability branch March 27, 2026 02:48
@renovate renovate Bot changed the title Update dependency certifi to v2024 [SECURITY] - autoclosed Update dependency certifi to v2024 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/pypi-certifi-vulnerability branch 2 times, most recently from 2b1fbd9 to 657353c Compare March 30, 2026 19:05
@renovate renovate Bot changed the title Update dependency certifi to v2024 [SECURITY] Update dependency certifi to v2024 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title Update dependency certifi to v2024 [SECURITY] - autoclosed Update dependency certifi to v2024 [SECURITY] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/pypi-certifi-vulnerability branch 2 times, most recently from 657353c to 2763578 Compare April 27, 2026 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants