Bump Celery to latest version

This brings in the version 5.2.1 of Kombu, which fixes a security vulnerability: > Celery 5.2.0 includes 'kombu' v5.2.1, which includes dependencies > updates that resolve security issues. — https://pyup.io/repos/github/alphagov/notifications-api/commits/?page=1#b654c27699a5164cbbe50e042d5d34141f560255 This is the commit from Kombu: f3b04558fa I believe the dependency of Kombu which has issues is urllib3, which has two open advisories for versions less than 1.26.5: - https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg - https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
2026-01-03 16:10:45 -05:00 · 2021-11-15 11:12:33 +00:00
parent 608ef12573
commit 6c0bda0388
2 changed files with 5 additions and 9 deletions
--- a/requirements.in
+++ b/requirements.in
@@ -2,7 +2,7 @@
 # with package version changes made in requirements-app.txt

 cffi==1.14.5
-celery[sqs]==5.1.2
+celery[sqs]==5.2.0
 docopt==0.6.2
 Flask-Bcrypt==0.7.1
 flask-marshmallow==0.14.0
--- a/requirements.txt
+++ b/requirements.txt
@@ -27,9 +27,7 @@ bleach==4.1.0
 blinker==1.4
    # via gds-metrics
 boto3==1.19.4
-    # via
-    #   celery
-    #   notifications-utils
+    # via notifications-utils
 botocore==1.22.4
    # via
    #   awscli
@@ -39,7 +37,7 @@ cachetools==4.2.1
    # via
    #   -r requirements.in
    #   notifications-utils
-celery[sqs]==5.1.2
+celery[sqs]==5.2.0
    # via -r requirements.in
 certifi==2021.10.8
    # via requests
@@ -50,7 +48,7 @@ cffi==1.14.5
    #   cryptography
 charset-normalizer==2.0.7
    # via requests
-click==7.1.2
+click==8.0.3
    # via
    #   celery
    #   click-datetime
@@ -132,7 +130,7 @@ jmespath==0.10.0
    #   botocore
 jsonschema==3.2.0
    # via -r requirements.in
-kombu==5.1.0
+kombu==5.2.1
    # via celery
 lxml==4.6.3
    # via -r requirements.in
@@ -173,8 +171,6 @@ pyasn1==0.4.8
    # via rsa
 pycparser==2.20
    # via cffi
-pycurl==7.43.0.5
-    # via celery
 pyjwt==2.0.1
    # via
    #   -r requirements.in