[Security] Bump certifi from 2022.12.7 to 2023.7.22 (!45) · Merge requests · FWCC / statistics-collector

HIFIS Bot requested to merge dependabot-pip-certifi-2023.7.22 into main Jul 26, 2023

Bumps certifi from 2022.12.7 to 2023.7.22. This update includes a security fix.

Vulnerabilities fixed

Removal of e-Tugra root certificate Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Patched versions: 2023.07.22 Affected versions: >= 2015.04.28, < 2023.07.22

Commits

8fb96ed 2023.07.22
afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
44df761 Hash pin Actions and enable dependabot (#228)
8b3d7ba 2023.05.07
53da240 ci: Add Python 3.12-dev to the testing (#224)
c2fc3b1 Create a Security Policy (#222)
c211ef4 Set up permissions to github workflows (#218)
2087de5 Don't let deprecation warning fail CI (#219)
e0b9fc5 remove paragraphs about 1024-bit roots from README
Additional commits viewable in compare view

[Security] Bump certifi from 2022.12.7 to 2023.7.22

Merge request reports