Update vendored Pip's CA cert bundle.

pex-tool / pex

A tool for generating .pex (Python EXecutable) files, lock files and venvs.

https://docs.pex-tool.org/

Apache License 2.0

2.52k stars 258 forks source link

Update vendored Pip's CA cert bundle. #2476

Closed jsirois closed 1 month ago

jsirois commented 1 month ago

This pulls in a new vendored version of Pip with an updated certifi CA cert bundle from the latest certifi release version that addresses at least https://nvd.nist.gov/vuln/detail/CVE-2023-37920.

jsirois commented 1 month ago

@gs-kamnas thanks again for prompting all this. The CVE should be abated with this 2.12.1 release hopefully later today.