Skip to content

pex 2.12.1
Compare
Choose a tag to compare
@github-actions github-actions released this 25 Jul 22:49
· 99 commits to main since this release
v2.12.1
This tag was signed with the committer’s verified signature.
jsirois John Sirois
GPG key ID: 93E55CB567B5C626
Learn about vigilant mode.
9ddabde
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

2.12.1

This release refreshes the root CA cert bundle used by
--pip-version vendored (which is the default Pip Pex uses for
Python <3.12) from certifi 2019.9.11's cacert.pem to
certifi 2024.7.4's
cacert.pem. This refresh addresses at least CVE-2023-37920 and was spearheaded by
a contribution from Nash Kaminski in
pex-tool/pip#12. Thank you, Nash!

  • Update vendored Pip's CA cert bundle. (#2476)
Assets 4
Loading
0 Join discussion