How to fix?
Upgrade certifi to version 2023.7.22 or higher.
Snyk security report:
Overview
Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust. E-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A).
Note:
This issue is not an inherent vulnerability in the package, but a security measure against potential harmful effects of trusting the now-revoked root certificates.
Vulnerability in /cbioportal/requirements.txt
How to fix? Upgrade certifi to version 2023.7.22 or higher.
Snyk security report: