From c361ddd4e014ba44f8489766d21c2addff7c2f43 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Jul 2024 23:37:51 +0000
Subject: [PATCH 1/2] Bump certifi from 2023.11.17 to 2024.7.4 in /src

Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.11.17 to 2024.7.4.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.11.17...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 src/requirements-dev.txt | 6 ++----
 src/requirements.txt     | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 069d7838..4177e0c8 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -34,7 +34,7 @@ cachetools==5.3.2
     # via
     #   google-auth
     #   tox
-certifi==2023.11.17
+certifi==2024.7.4
     # via
     #   -r requirements.txt
     #   requests
@@ -59,9 +59,7 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via
-    #   coverage
-    #   pytest-cov
+    # via pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
diff --git a/src/requirements.txt b/src/requirements.txt
index ef77ffc2..94dbadca 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -12,7 +12,7 @@ attrs==23.1.0
     # via
     #   jsonschema
     #   referencing
-certifi==2023.11.17
+certifi==2024.7.4
     # via requests
 cffi==1.16.0
     # via cryptography

From 2ad49771125f6944b56b7b2dce5ff02576ba0535 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Thu, 25 Jul 2024 13:12:36 -0600
Subject: [PATCH 2/2] Update requirements.in and recompile requirements

---
 src/requirements-dev.txt | 4 +++-
 src/requirements.in      | 1 +
 src/requirements.txt     | 4 +++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 4177e0c8..236c4967 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -59,7 +59,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
diff --git a/src/requirements.in b/src/requirements.in
index cf9e9e7f..78ea0305 100644
--- a/src/requirements.in
+++ b/src/requirements.in
@@ -15,6 +15,7 @@ scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@7.0.1
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+certifi>=2024.7.4     # CVE-2024-39689
 idna>=3.7             # CVE-2024-3651
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
 pyyaml>=5.4.0         # CVE-2020-14343
diff --git a/src/requirements.txt b/src/requirements.txt
index 94dbadca..54cb7209 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -13,7 +13,9 @@ attrs==23.1.0
     #   jsonschema
     #   referencing
 certifi==2024.7.4
-    # via requests
+    # via
+    #   -r requirements.in
+    #   requests
 cffi==1.16.0
     # via cryptography
 charset-normalizer==3.3.2