Update dependency certifi to v2023 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
certifi	==2020.12.5 → ==2023.7.22

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Certifi removing TrustCor root certificate

CVE-2022-23491 / GHSA-43fp-rhv2-5gv8

More information

Details

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store.

TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found here.

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References

• https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
• https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
• https://nvd.nist.gov/vuln/detail/CVE-2022-23491
• https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2022-42986.yaml
• https://security.netapp.com/advisory/ntap-20230223-0010
• https://github.com/advisories/GHSA-43fp-rhv2-5gv8

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Removal of e-Tugra root certificate

CVE-2023-37920 / GHSA-xqr8-7jwr-rhp7

More information

Details

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

• https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
• https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909
• https://nvd.nist.gov/vuln/detail/CVE-2023-37920
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
• https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG
• https://security.netapp.com/advisory/ntap-20240912-0002
• https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

certifi/python-certifi (certifi)

v2023.7.22

Compare Source

v2023.5.7

Compare Source

v2022.12.7

Compare Source

v2022.9.24

Compare Source

v2022.9.14

Compare Source

v2022.6.15.2

Compare Source

v2022.6.15.1

Compare Source

v2022.6.15

Compare Source

v2022.5.18.1

Compare Source

v2022.5.18

Compare Source

v2021.10.8

Compare Source

v2021.5.30

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.