GitHub Dependabot has issued the following alert: "build(deps): bump certifi from 2023.7.22 to 2024.7.4 in /drivers/gpu/drm/ci/xfails. Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Severity: Low CVE ID: CVE-2024-39689" To avoid disturbing everyone with the kernel repo hosted on GitHub, I suggest we upgrade our python dependencies once again to appease GitHub Dependabot. Link: https://github.com/dependabot Link: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI Signed-off-by: WangYuli <wangyuli@xxxxxxxxxxxxx> --- drivers/gpu/drm/ci/xfails/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt index 8b2b1fa16614..4f7ac688d448 100644 --- a/drivers/gpu/drm/ci/xfails/requirements.txt +++ b/drivers/gpu/drm/ci/xfails/requirements.txt @@ -2,7 +2,7 @@ git+https://gitlab.freedesktop.org/gfx-ci/ci-collate@09e7142715c16f54344ddf97013 termcolor==2.3.0 # ci-collate dependencies -certifi==2023.7.22 +certifi==2024.07.04 charset-normalizer==3.2.0 idna==3.7 pip==23.3 -- 2.45.2
