[FOLIO-3907] jenkins-pipeline-libs requirements: certifi==2023.07.22 Created: 08/Oct/23  Updated: 09/Oct/23  Resolved: 09/Oct/23

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Task Priority: TBD
Reporter: Julian Ladisch Assignee: David Crossley
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: DevOps Requests
Development Team: FOLIO DevOps
RCA Group: Related dependency upgrade

 Description   

In https://github.com/folio-org/jenkins-pipeline-libs/blob/master/resources/org/folio/requirements.txt upgrade vulnerable dependency:

Upgrade certifi from 2022.12.7 to 2023.07.22.

This fixes https://nvd.nist.gov/vuln/detail/CVE-2023-37920 by removing "e-Tugra" root certificates that might have been compromised.


Generated at Thu Feb 08 23:31:40 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.