Kombu < 5.2.1 safety issues in dependencies. What it takes to migrate to 5.x?

The latest release of kombu contained new versions for dependencies. According to safety.py these dependencies contained security fixes

(try latest sqs dependencies · celery/kombu@f3b0455 · GitHub)

What does it take to update to kombu to 5.x? And can we contribute somehow?

I can’t oversee why kombu is pinned on 4.x

Hi @renewfrl,

Python 3.10 support by mattbennett · Pull Request #747 · nameko/nameko · GitHub removes the kombu<5 pin. I will create an equivalent for the v3 branch shortly, and cut new releases.

1 Like

excellent @mattbennett great stuff

This is out now in 2.14.1 and as 3.0.0-rc11.