public/roboluke-tasks
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 48 Activity

[SECURITY] Update dependency certifi to v2022.12.7 [SECURITY] #2

Merged
renovate[bot] merged 1 commits from renovate/pypi-certifi-vulnerability into main 2023-04-05 22:07:05 +02:00
Conversation 1 Commits 1 Files Changed 1 +1 -1
renovate[bot] commented 2023-04-05 21:58:37 +02:00 (Migrated from github.com)
Copy Link

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
certifi ==2022.6.15 -> ==2022.12.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-23491

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store.

TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found here.

Release Notes

certifi/python-certifi

v2022.12.7

Compare Source

v2022.9.24

Compare Source

v2022.9.14

Compare Source

v2022.6.15.2

Compare Source

v2022.6.15.1

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [certifi](https://togithub.com/certifi/python-certifi) | `==2022.6.15` -> `==2022.12.7` | [![age](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/compatibility-slim/2022.6.15)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/confidence-slim/2022.6.15)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2022-23491](https://togithub.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8) Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ). --- ### Release Notes <details> <summary>certifi/python-certifi</summary> ### [`v2022.12.7`](https://togithub.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) ### [`v2022.9.24`](https://togithub.com/certifi/python-certifi/compare/2022.09.14...2022.09.24) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.09.14...2022.09.24) ### [`v2022.9.14`](https://togithub.com/certifi/python-certifi/compare/2022.06.15.2...2022.09.14) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.06.15.2...2022.09.14) ### [`v2022.6.15.2`](https://togithub.com/certifi/python-certifi/compare/2022.06.15.1...2022.06.15.2) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.06.15.1...2022.06.15.2) ### [`v2022.6.15.1`](https://togithub.com/certifi/python-certifi/compare/2022.06.15...2022.06.15.1) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.06.15...2022.06.15.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/luketainton/roboluke-tasks). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zMi4yIiwidXBkYXRlZEluVmVyIjoiMzUuMzIuMiJ9-->
luketainton (Migrated from github.com) reviewed 2023-04-05 21:58:37 +02:00
sonarqubecloud[bot] commented 2023-04-05 22:05:21 +02:00 (Migrated from github.com)
Copy Link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Kudos, SonarCloud Quality Gate passed!&nbsp; &nbsp; [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=luketainton_roboluke-tasks&pullRequest=2) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=2&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=2&metric=coverage&view=list) No Coverage information [![No Duplication information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/NoDuplicationInfo-16px.png 'No Duplication information')](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=2&metric=duplicated_lines_density&view=list) No Duplication information
Sign in to join this conversation.
Reviewers
No reviewers
luketainton
Labels
Clear labels   
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
security

   
wontfix

This will not be worked on

No Label
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/roboluke-tasks#2
No description provided.
Delete Branch "renovate/pypi-certifi-vulnerability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?