From 6c0bda038888e13fcf247ac6e47b5e2bb0196aa7 Mon Sep 17 00:00:00 2001
From: Chris Hill-Scott <me@quis.cc>
Date: Mon, 15 Nov 2021 11:12:33 +0000
Subject: [PATCH] Bump Celery to latest version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This brings in the version 5.2.1 of Kombu, which fixes a security
vulnerability:
> Celery 5.2.0 includes 'kombu' v5.2.1, which includes dependencies
> updates that resolve security issues.
— https://pyup.io/repos/github/alphagov/notifications-api/commits/?page=1#b654c27699a5164cbbe50e042d5d34141f560255

This is the commit from Kombu:
https://github.com/celery/kombu/commit/f3b04558fa0df4ecc383c93e0b3b300d95e17c47

I believe the dependency of Kombu which has issues is urllib3, which
has two open advisories for versions less than 1.26.5:
- https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
---
 requirements.in  |  2 +-
 requirements.txt | 12 ++++--------
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/requirements.in b/requirements.in
index 64640631b..91152a4d4 100644
--- a/requirements.in
+++ b/requirements.in
@@ -2,7 +2,7 @@
 # with package version changes made in requirements-app.txt
 
 cffi==1.14.5
-celery[sqs]==5.1.2
+celery[sqs]==5.2.0
 docopt==0.6.2
 Flask-Bcrypt==0.7.1
 flask-marshmallow==0.14.0
diff --git a/requirements.txt b/requirements.txt
index 6e2d9446f..4242f6f0b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -27,9 +27,7 @@ bleach==4.1.0
 blinker==1.4
     # via gds-metrics
 boto3==1.19.4
-    # via
-    #   celery
-    #   notifications-utils
+    # via notifications-utils
 botocore==1.22.4
     # via
     #   awscli
@@ -39,7 +37,7 @@ cachetools==4.2.1
     # via
     #   -r requirements.in
     #   notifications-utils
-celery[sqs]==5.1.2
+celery[sqs]==5.2.0
     # via -r requirements.in
 certifi==2021.10.8
     # via requests
@@ -50,7 +48,7 @@ cffi==1.14.5
     #   cryptography
 charset-normalizer==2.0.7
     # via requests
-click==7.1.2
+click==8.0.3
     # via
     #   celery
     #   click-datetime
@@ -132,7 +130,7 @@ jmespath==0.10.0
     #   botocore
 jsonschema==3.2.0
     # via -r requirements.in
-kombu==5.1.0
+kombu==5.2.1
     # via celery
 lxml==4.6.3
     # via -r requirements.in
@@ -173,8 +171,6 @@ pyasn1==0.4.8
     # via rsa
 pycparser==2.20
     # via cffi
-pycurl==7.43.0.5
-    # via celery
 pyjwt==2.0.1
     # via
     #   -r requirements.in