Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
It's probably fine, but we may want to upgrade dependencies to fix https://github.com/certbot/certbot/security/dependabot. My personal feeling is it's always better to just upgrade than to try and convince ourselves the problems don't affect us.
Repinning things is easy enough, but then we hit problems trying to build cryptography in our docker images. OK! To fix that I upgraded our base docker image to a newer one like we've done before in PRs like https://github.com/certbot/certbot/pull/9415.
It's probably fine, but we may want to upgrade dependencies to fix https://github.com/certbot/certbot/security/dependabot. My personal feeling is it's always better to just upgrade than to try and convince ourselves the problems don't affect us.
Repinning things is easy enough, but then we hit problems trying to build
cryptographyin our docker images. OK! To fix that I upgraded our base docker image to a newer one like we've done before in PRs like https://github.com/certbot/certbot/pull/9415.Unfortunately, with this change
cryptographytakes (maybe literally) forever to build. (Looking at previous successful nightly builds, that job normally only takes about an hour.)I tried upgrading things a little less aggressively at https://dev.azure.com/certbot/certbot/_build/results?buildId=7464&view=results. We'll see what happens 🤞