[Security] Bump certifi from 2024.6.2 to 2024.7.4 (!582) · Merge requests · HIFIS / Overall / HIFIS Technical Documentation

HIFIS Bot requested to merge dependabot-pip-certifi-2024.7.4 into master Jul 06, 2024

Bumps certifi from 2024.6.2 to 2024.7.4. This update includes a security fix.

Vulnerabilities fixed

Certifi removes GLOBALTRUST root certificate Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Patched versions: 2024.07.04 Affected versions: >= 2021.05.30, < 2024.07.04

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
See full diff in compare view

[Security] Bump certifi from 2024.6.2 to 2024.7.4

Merge request reports