repos/pypilot
3
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 5 Activity

[SECURITY] Update dependency certifi to v2022.12.7 [SECURITY] - autoclosed #27

Closed
renovate[bot] wants to merge 1 commits from renovate/pypi-certifi-vulnerability into main
pull from: renovate/pypi-certifi-vulnerability
merge into: repos:main
Conversation 1 Commits 1 Files Changed 1 +1 -1
renovate[bot] commented 2022-12-09 10:15:33 +01:00 (Migrated from github.com)
Copy Link

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
certifi ==2022.9.24 -> ==2022.12.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-23491

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store.

TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found here.

Release Notes

certifi/python-certifi

v2022.12.7

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [certifi](https://togithub.com/certifi/python-certifi) | `==2022.9.24` -> `==2022.12.7` | [![age](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/compatibility-slim/2022.9.24)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/certifi/2022.12.7/confidence-slim/2022.9.24)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2022-23491](https://togithub.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8) Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ). --- ### Release Notes <details> <summary>certifi/python-certifi</summary> ### [`v2022.12.7`](https://togithub.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) [Compare Source](https://togithub.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/luketainton/pypilot). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC41MS4wIiwidXBkYXRlZEluVmVyIjoiMzQuOTcuMSJ9-->
luketainton (Migrated from github.com) reviewed 2022-12-09 10:15:33 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
luketainton
Labels
Clear labels
bug
Something isn't working
dependencies
documentation
Improvements or additions to documentation
duplicate
This issue or pull request already exists
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
invalid
This doesn't seem right
linting
python
Pull requests that update Python code
question
Further information is requested
security
unit-tests
wontfix
This will not be worked on
Compat/Breaking
Breaking change that won't be backward compatible
Kind/Bug
Something is not working
Kind/Documentation
Documentation changes
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
security
Milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: repos/pypilot#27
No description provided.
Delete Branch "renovate/pypi-certifi-vulnerability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?