darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-03 18:01:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Bump Celery to latest version

Browse Source 
This brings in the version 5.2.1 of Kombu, which fixes a security
vulnerability:
> Celery 5.2.0 includes 'kombu' v5.2.1, which includes dependencies
> updates that resolve security issues.
— https://pyup.io/repos/github/alphagov/notifications-api/commits/?page=1#b654c27699a5164cbbe50e042d5d34141f560255

This is the commit from Kombu:
f3b04558fa

I believe the dependency of Kombu which has issues is urllib3, which
has two open advisories for versions less than 1.26.5:
- https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
- https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
This commit is contained in:
Chris Hill-Scott
2021-11-15 11:12:33 +00:00
parent 608ef12573
commit 6c0bda0388
2 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
requirements.in
View File

@@ -2,7 +2,7 @@
# with package version changes made in requirements-app.txt
cffi==1.14.5
celery[sqs]==5.1.2
celery[sqs]==5.2.0
docopt==0.6.2
Flask-Bcrypt==0.7.1
flask-marshmallow==0.14.0