Kombu < 5.2.1 safety issues in dependencies. What it takes to migrate to 5.x?

1

The latest release of kombu contained new versions for dependencies. According to safety.py these dependencies contained security fixes

(try latest sqs dependencies · celery/kombu@f3b0455 · GitHub)

What does it take to update to kombu to 5.x? And can we contribute somehow?

I can’t oversee why kombu is pinned on 4.x

2

Hi @renewfrl,

Python 3.10 support by mattbennett · Pull Request #747 · nameko/nameko · GitHub removes the kombu<5 pin. I will create an equivalent for the v3 branch shortly, and cut new releases.

1 Like
3

excellent @mattbennett great stuff

4

This is out now in 2.14.1 and as 3.0.0-rc11.