[<prev] [next>] [day] [month] [year] [list]
Message-ID: <DDEA395AF9015F5F+20241017034004.113456-5-wangyuli@uniontech.com>
Date: Thu, 17 Oct 2024 11:39:52 +0800
From: WangYuli <wangyuli@...ontech.com>
To: helen.koike@...labora.com,
maarten.lankhorst@...ux.intel.com,
mripard@...nel.org,
tzimmermann@...e.de,
airlied@...il.com,
simona@...ll.ch,
wangyuli@...ontech.com,
david.heidelberg@...labora.com
Cc: dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org,
guanwentao@...ontech.com,
zhanjun@...ontech.com
Subject: [RESEND. PATCH 5/5] drm/ci: Upgrade certifi requirement to 2024.07.04
GitHub Dependabot has issued the following alert:
"build(deps): bump certifi from 2023.7.22 to 2024.7.4 in
/drivers/gpu/drm/ci/xfails.
Certifi 2024.07.04 removes root certificates from "GLOBALTRUST"
from the root store. These are in the process of being removed from
Mozilla's trust store.
GLOBALTRUST's root certificates are being removed pursuant to an
investigation which identified "long-running and unresolved compliance
issues".
Severity: Low
CVE ID: CVE-2024-39689"
To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.
Link: https://github.com/dependabot
Link: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
Signed-off-by: WangYuli <wangyuli@...ontech.com>
---
drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index 8b2b1fa16614..4f7ac688d448 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -2,7 +2,7 @@ git+https://gitlab.freedesktop.org/gfx-ci/ci-collate@09e7142715c16f54344ddf97013
termcolor==2.3.0
# ci-collate dependencies
-certifi==2023.7.22
+certifi==2024.07.04
charset-normalizer==3.2.0
idna==3.7
pip==23.3
--
2.45.2
Powered by blists - more mailing lists