Skip to content

SG-38877 Update certifi third party library to version2025.7.14 #397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

SG-38877 Update certifi third party library to version2025.7.14 #397

wants to merge 4 commits into from
+189 −298

Conversation

julien-lang
Copy link
Contributor

@julien-lang julien-lang commented Jul 11, 2025
edited
Loading

Bump certifi version to https://pypi.org/project/certifi/2025.7.14/

About certifi changes between 2024.12.14 and 2025.07.14

  • Usual CA roots rotation
  • Minimum supported Python version is now 3.7 - no problem, it's 3.9 for us.

certifi/python-certifi@2024.12.14...2025.07.14

@julien-lang julien-lang requested a review from Copilot July 11, 2025 14:48
Copilot
Copilot AI reviewed Jul 11, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the bundled certifi library to version 2025.7.9, removes legacy fallback code, and refreshes the root CA bundle.

  • Bump certifi version in requirements and package metadata
  • Simplify core.py by removing the Python <3.7 fallback
  • Replace the CA certificate file with the updated root store and add new D-TRUST entries

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
requirements.txt Bump certifi from 2024.7.4 to 2025.7.9
certifi/core.py Remove the Python <3.7 fallback branch under where()
certifi/cacert.pem Refresh CA bundle: remove outdated roots and add D-TRUST CAs
certifi/init.py Update __version__ to 2025.07.09
Comments suppressed due to low confidence (3)

shotgun_api3/lib/certifi/cacert.pem:2

  • A large number of root certificates were removed from the trust bundle; please confirm this change is intentional to avoid unexpected TLS trust failures.
# Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.

shotgun_api3/lib/certifi/init.py:4

  • [nitpick] After bumping the library version, consider updating associated release notes or documentation to reflect the new certifi version.
__version__ = "2025.07.09"

shotgun_api3/lib/certifi/core.py:49

  • The fallback branch for Python <3.7 was removed; ensure that the project now requires Python ≥3.7 and update any compatibility documentation accordingly.
else:

@julien-lang julien-lang marked this pull request as ready for review July 11, 2025 14:55
@julien-lang julien-lang requested a review from a team July 11, 2025 14:55
@julien-lang julien-lang changed the title SG-38877 Update certifi third party library to version2025.7.9 SG-38877 Update certifi third party library to version2025.7.14 Jul 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@carlos-villavicencio-adsk carlos-villavicencio-adsk carlos-villavicencio-adsk approved these changes

@eduardoChaucaGallegos eduardoChaucaGallegos eduardoChaucaGallegos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julien-lang @carlos-villavicencio-adsk @eduardoChaucaGallegos