Bump certifi from 2023.11.17 to 2024.7.4 in /src (#294)

* Bump certifi from 2023.11.17 to 2024.7.4 in /src Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.11.17 to 2024.7.4. - [Commits](certifi/python-certifi@2023.11.17...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Update requirements.in and recompile requirements --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Romaniello <[email protected]>
NTIA · Jul 25, 2024 · 50b769d · 50b769d
1 parent 0950fa9
commit 50b769d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -34,7 +34,7 @@ cachetools==5.3.2
     # via
     #   google-auth
     #   tox
-certifi==2023.11.17
+certifi==2024.7.4
     # via
     #   -r requirements.txt
     #   requests

diff --git a/src/requirements.in b/src/requirements.in
@@ -15,6 +15,7 @@ scos_tekrsa @ git+https://github.com/NTIA/[email protected]
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+certifi>=2024.7.4     # CVE-2024-39689
 idna>=3.7             # CVE-2024-3651
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
 pyyaml>=5.4.0         # CVE-2020-14343

diff --git a/src/requirements.txt b/src/requirements.txt
@@ -12,8 +12,10 @@ attrs==23.1.0
     # via
     #   jsonschema
     #   referencing
-certifi==2023.11.17
-    # via requests
+certifi==2024.7.4
+    # via
+    #   -r requirements.in
+    #   requests
 cffi==1.16.0
     # via cryptography
 charset-normalizer==3.3.2