[RESEND. PATCH 5/5] drm/ci: Upgrade certifi requirement to 2024.07.04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



GitHub Dependabot has issued the following alert:

"build(deps): bump certifi from 2023.7.22 to 2024.7.4 in
 /drivers/gpu/drm/ci/xfails.

 Certifi 2024.07.04 removes root certificates from "GLOBALTRUST"
 from the root store. These are in the process of being removed from
 Mozilla's trust store.

 GLOBALTRUST's root certificates are being removed pursuant to an
 investigation which identified "long-running and unresolved compliance
 issues".

 Severity:          Low
 CVE ID: CVE-2024-39689"

To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.

Link: https://github.com/dependabot
Link: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
Signed-off-by: WangYuli <wangyuli@xxxxxxxxxxxxx>
---
 drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index 8b2b1fa16614..4f7ac688d448 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -2,7 +2,7 @@ git+https://gitlab.freedesktop.org/gfx-ci/ci-collate@09e7142715c16f54344ddf97013
 termcolor==2.3.0
 
 # ci-collate dependencies
-certifi==2023.7.22
+certifi==2024.07.04
 charset-normalizer==3.2.0
 idna==3.7
 pip==23.3
-- 
2.45.2




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux