[Security] Bump certifi from 2024.2.2 to 2024.7.4 in /{{ cookiecutter.project_slug }} (!11) · Merge requests · HIFIS / HIFIS Software Services / Education and Training / Workshop Materials / HIFIS Workshop Template

Bumps certifi from 2024.2.2 to 2024.7.4. This update includes a security fix.

Vulnerabilities fixed

Certifi removes GLOBALTRUST root certificate Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Patched versions: 2024.07.04 Affected versions: >= 2021.05.30, < 2024.07.04

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

[Security] Bump certifi from 2024.2.2 to 2024.7.4 in /{{ cookiecutter.project_slug }}

Merge request reports