Skip to content

[Security] Bump certifi from 2024.2.2 to 2024.7.4

HIFIS Bot requested to merge dependabot-pip-certifi-2024.7.4 into main

Bumps certifi from 2024.2.2 to 2024.7.4. This update includes a security fix.

Vulnerabilities fixed

Certifi removes GLOBALTRUST root certificate Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Patched versions: 2024.07.04 Affected versions: >= 2021.05.30, < 2024.07.04

Commits

Merge request reports

Loading