Bump the pip-dependencies group across 1 directory with 30 updates

[dependabot]

Updates the requirements on beautifulsoup4, lxml, pytest, requests, selenium, waitress, multiprocess, psutil, fire, pyyaml, redis, kombu, celery, flask, plotly, typing-extensions, diskcache, black, flake8, flask-talisman, mimesis, mock, numpy, orjson, pandas, pylint, pyzmq, xlrd, jupyterlab and pyright to permit the latest version.
Updates beautifulsoup4 to 4.14.3

Updates lxml to 6.1.0

Changelog

Sourced from lxml's changelog.

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

• GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

• The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

• LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.

6.0.4 (2026-04-12)

Bugs fixed

• LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

• Several out of memory error cases now raise MemoryError that were not handled before.

• Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

• LP#2125399: Some failing tests were fixed or disabled in PyPy.

• LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

... (truncated)

Commits

• 43722f4 Update changelog.
• 8747040 Name version of option change in docstring.
• 6c36e6c Fix pypistats URL in download statistics script.
• c7d76d6 Change security policy to point to Github security advisories.
• 378ccf8 Update project income report.
• 315270b Docs: Reduce TOC depth of package pages and move module contents first.
• 6dbba7f Docs: Show current year in copyright line.
• e4385bf Update project income report.
• 5bed1e1 Validate file hashes in release download script.
• c13ee10 Prepare release of 6.1.0.
• Additional commits viewable in compare view

Updates pytest to 8.4.2

Release notes

Sourced from pytest's releases.

8.4.2

pytest 8.4.2 (2025-09-03)

Bug fixes

• #13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

• #13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

• #13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

  This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

• #13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

• #13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

• #13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

• #13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
• #13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
• #13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

Commits

• bfae422 Prepare release version 8.4.2
• 8990538 Fix passenv CI in tox ini and make tests insensitive to the presence of the C...
• ca676bf Merge pull request #13687 from pytest-dev/patchback/backports/8.4.x/e63f6e51c...
• 975a60a Merge pull request #13686 from pytest-dev/patchback/backports/8.4.x/12bde8af6...
• 7723ce8 Merge pull request #13683 from even-even/fix_Exeption_to_Exception_in_errorMe...
• b7f0568 Merge pull request #13685 from CoretexShadow/fix/docs-pytest-generate-tests
• 2c94c4a add missing colon (#13640) (#13641)
• c3d7684 Merge pull request #13606 from pytest-dev/patchback/backports/8.4.x/5f9938563...
• dc6e3be Merge pull request #13605 from The-Compiler/training-update-2025-07
• f87289c Fix crash with times output style and skipped module (#13573) (#13579)
• Additional commits viewable in compare view

Updates requests to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease

... (truncated)

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates selenium to 4.36.0

Release notes

Sourced from selenium's releases.

Selenium 4.36.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

• [py]: close ipv6 port in case of error by @​navin772 in SeleniumHQ/selenium#16165
• [docs] Update issue label in CONTRIBUTING.md by @​pallavigitwork in SeleniumHQ/selenium#16169
• [py][docs]: update dead API docs link to API reference in index.rst by @​navin772 in SeleniumHQ/selenium#16170
• [grid] close the HttpClient after the session is gone by @​joerg1985 in SeleniumHQ/selenium#16182
• [py] Update docstring and comments in keys.py by @​Aidoni0797 in SeleniumHQ/selenium#16187
• [dotnet] [bidi] Simplify type naming of internal command parameters by @​nvborisenko in SeleniumHQ/selenium#16188
• [py] Fix formatting by @​cgoldberg in SeleniumHQ/selenium#16189
• [dotnet] [bidi] Support WebExtension module by @​nvborisenko in SeleniumHQ/selenium#15850
• [rb][BiDi] Create browser module, added user context related methods by @​aguspe in SeleniumHQ/selenium#15371
• [docs] Update bug report section in CONTRIBUTING.md by @​pallavigitwork in SeleniumHQ/selenium#16191
• [dotnet] Adding flag to enable SafariDriver logging. by @​diemol in SeleniumHQ/selenium#16196
• [java] extend the scope of the properties of the HttpCommandExecutor class by @​iampopovich in SeleniumHQ/selenium#16186
• [dotnet] [bidi] Serialize base64 encoded string directly to bytes by @​nvborisenko in SeleniumHQ/selenium#16203
• [dotnet] [bidi] Make cookie expiry as TimeSpan by @​nvborisenko in SeleniumHQ/selenium#16204
• [grid] Improve readTimeout in handle session between Router and Node by @​VietND96 in SeleniumHQ/selenium#16163
• [py] Fix type annotation error and raise clearer error message by @​Paresh-0007 in SeleniumHQ/selenium#16174
• [java] Unifying select class by @​vicky-iv in SeleniumHQ/selenium#16220
• [rust] Update dependency rules_cc to v0.2.0 by @​renovate[bot] in SeleniumHQ/selenium#16198
• [js] Update testing-library monorepo by @​renovate[bot] in SeleniumHQ/selenium#16173
• [js] Update dependency tmp to ^0.2.5 by @​renovate[bot] in SeleniumHQ/selenium#16172
• [dotnet] Update dependency System.Text.Json to 8.0.6 by @​renovate[bot] in SeleniumHQ/selenium#16171
• [js] Update dependency react-router-dom to v6.30.1 by @​renovate[bot] in SeleniumHQ/selenium#16076
• [js] Update material-ui monorepo to v5.18.0 by @​renovate[bot] in SeleniumHQ/selenium#16062
• [js] Update dependency ws to ^8.18.3 by @​renovate[bot] in SeleniumHQ/selenium#16009
• [js] Update react monorepo by @​renovate[bot] in SeleniumHQ/selenium#15949
• [java] Update dependency net.bytebuddy:byte-buddy to v1.17.7 by @​renovate[bot] in SeleniumHQ/selenium#16237
• [py] Update dependency charset-normalizer to v3.4.3 by @​renovate[bot] in SeleniumHQ/selenium#16239
• [py] Update dependency cryptography to v45.0.6 by @​renovate[bot] in SeleniumHQ/selenium#16240
• Revert "[py] Update dependency charset-normalizer to v3.4.3" by @​cgoldberg in SeleniumHQ/selenium#16242
• Revert "[py] Update dependency cryptography to v45.0.6" by @​cgoldberg in SeleniumHQ/selenium#16243
• [py] Bump dependencies for dev and fix script by @​cgoldberg in SeleniumHQ/selenium#16244
• [dotnet] Help old .net framework copy selenium manager to output by @​nvborisenko in SeleniumHQ/selenium#16228
• [java] Add hooks around getScreenshotAs in WebDriverListener #16232 by @​giulong in SeleniumHQ/selenium#16233
• [py][bidi]: enable history_updated event test by @​navin772 in SeleniumHQ/selenium#16236
• [py] Bump ruff version for linting/formatting by @​cgoldberg in SeleniumHQ/selenium#16254
• [py][bidi]: use bidi navigate command in network tests by @​navin772 in SeleniumHQ/selenium#16251
• [dotnet] Fix find port for IPv4 only environments by @​nvborisenko in SeleniumHQ/selenium#16216

... (truncated)

Commits

• 6d115cf [build] Prepare for release of Selenium 4.36.0 (#16332)
• 2eeadab [rust] Log browser path also in offline mode (#16215)
• 8e84f0d [rust] Set Rust version to 1.89.0 in WORKSPACE (#16368)
• 6061c87 [grid] UI Light/Dark Mode Toggle (#16364)
• a578a47 [rust] Bump Rust edition to 2024, rulest_rust to 0.65.0, and crates to latest...
• 93fdf57 [dotnet] [bidi] Give only one chance to receive from remote end (#16360)
• b3b66a0 [dotnet] [bidi] Introduce BaseNavigationInfo type as interface (#16348)
• 9a4bbcc [py] Add --enable-chrome-logs to chrome service args to inherit browser i/o s...
• 4c603ec [rb] fix unit tests (#16357)
• 8a72168 [dotnet] Begin reading of driver service output to fix Firefox disposing
• Additional commits viewable in compare view

Updates waitress to 3.0.2

Release notes

Sourced from waitress's releases.

v3.0.2

3.0.2 (2024-11-16)

Security

• When using Waitress to process trusted proxy headers, Waitress will now update the headers to drop any untrusted values, thereby making sure that WSGI apps only get trusted and validated values that Waitress itself used to update the environ. See Pylons/waitress#452 and Pylons/waitress#451

Changelog

Sourced from waitress's changelog.

3.0.2 (2024-11-16)

Security

- When using Waitress to process trusted proxy headers, Waitress will now
  update the headers to drop any untrusted values, thereby making sure that
  WSGI apps only get trusted and validated values that Waitress itself used to
  update the environ. See https://github.com/Pylons/waitress/pull/452 and
  https://github.com/Pylons/waitress/issues/451
3.0.1 (2024-10-28)
Backward Incompatibilities

• Python 3.8 is no longer supported. See Pylons/waitress#445.

Features

- Added support for Python 3.13.
  See https://github.com/Pylons/waitress/pull/445.
Security

• Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See Pylons/waitress#435, Pylons/waitress#418 and GHSA-3f84-rpwh-47g6

  With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and helping track this down.

• No longer strip the header values before passing them to the WSGI environ. See Pylons/waitress#434 and Pylons/waitress#432

• Fix a race condition in Waitress when channel_request_lookahead is enabled that could lead to HTTP request smuggling.

  See GHSA-9298-4cf8-g4wj

3.0.0 (2024-02-04)

... (truncated)

Commits

• b11ae72 Prep for 3.0.2
• 38ffad0 Merge pull request #450 from Pylons/445-amend-drop-py38
• 0e7bf65 Remove hack to register atexit handler
• 0e82766 Add concurrency grouping to cancel in progress runs upon push
• 135c4bf Split Python versions note into two under separate headings
• 23ac524 Merge pull request #446 from kgaughan/resolve-name
• a20fe86 Merge pull request #447 from kgaughan/modern-assertions
• d005ec2 Merge pull request #448 from kgaughan/trivial-cleanup
• 291d9cb Merge pull request #452 from simonk52/drop-untrusted-proxy-values
• da38a20 Sign CONTRIBUTORS.txt
• Additional commits viewable in compare view

Updates multiprocess to 0.70.19

Commits

• 136e2a6 tag: 0.70.19
• cd45c1a travis use noble, 3.15t, 3.14, coverage on 3.10 (#247)
• 7c8b7e5 increase short timeout in test_interrupt (#246)
• 8db0ee8 sync with python3.15.0a5 (#245)
• 12ac8a3 Bump urllib3 from 2.6.0 to 2.6.3 in /docs (#243)
• c7bcec1 sync with rtfd 15.10.0 (#244)
• eecf5d1 update copyright for 2026, urllib3 to 2.6.0 (#242)
• 56eca89 sync with python 3.15.0a3 (#241)
• 319afc2 sync with 3.13.11 and 3.14.2 (#240)
• 8361d28 sync with python 3.15.0a2 (#238)
• Additional commits viewable in compare view

Updates psutil to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2 — 2026-01-28 ^^^^^^^^^^^^^^^^^^

Enhancements

• :gh:2705: [Linux]: :meth:Process.wait now uses pidfd_open() + poll() (no busy loop). Requires Linux >= 5.3 and Python >= 3.9.
• :gh:2705: [macOS], [BSD]: :meth:Process.wait now uses kqueue() (no busy loop).

Bug fixes

• :gh:2701, [macOS]: fix compilation error on macOS < 10.7. (patch by Sergey Fedorov)
• :gh:2707, [macOS]: fix potential memory leaks in error paths of :meth:Process.memory_full_info and :meth:Process.threads.
• :gh:2708, [macOS]: :meth:Process.cmdline and :meth:Process.environ may fail with OSError: [Errno 0] Undefined error (from sysctl(KERN_PROCARGS2)). They now raise :exc:AccessDenied instead.

7.2.1 — 2025-12-29 ^^^^^^^^^^^^^^^^^^

Bug fixes

• :gh:2699, [FreeBSD], [NetBSD]: :func:heap_info does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0 — 2025-12-23 ^^^^^^^^^^^^^^^^^^

Enhancements

• :gh:1275: new :func:heap_info and :func:heap_trim functions, providing direct access to the platform's native C heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memory leaks.
• :gh:2403, [Linux]: publish wheels for Linux musl.
• :gh:2680: unit tests are no longer installed / part of the distribution. They now live under tests/ instead of psutil/tests.

Bug fixes

• :gh:2684, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing include.
• :gh:2691, [Windows]: fix memory leak in :func:net_if_stats due to missing Py_CLEAR.

Compatibility notes

... (truncated)

Commits

• 9eea97d Pre-release
• 938ac64 Rm sphinxcontrib.googleanalytics; override layout.html
• 9dcbb7e Add sphinxcontrib-googleanalytics to requirements.txt
• 76eaf9a Try to add google analytics to doc
• de1cafa Update doc mentioning Process.wait() internal details
• bb30943 Refact can_use_pidfd_open() and can_use_kqueue()
• a571717 #2708, macos / cmdline / environ; raise AD instead of OSError(0) (#2709)
• 8b98c3e Pre-release
• 700b7e6 [macOS] fix potential leaks in error paths (#2707)
• 7cc7923 Windows / cmdline(): be more defensive in free()ing in case of error
• Additional commits viewable in compare view

Updates fire to 0.7.1

Release notes

Sourced from fire's releases.

Python Fire v0.7.1

What's Changed

• Use Neutral theme for IPython Inspector, supporting newer IPython versions in google/python-fire#588
• Call inspectutils.GetClassAttrsDict on component, not None in google/python-fire#606
• Move to pyproject.toml, adding wheel support in pypi
• Use ty in place of pytype
• Update requirements @​dependabot[bot]

Full Changelog: google/python-fire@v0.7.0...v0.7.1

Commits

• 8ea2f63 Update email address
• ea8c7f5 Remove unused MANIFEST
• 86bf4ca Update pylint requirement from <3.3.7 to <3.3.8 (#614)
• 8c62e05 Update pytest requirement from <=8.3.5 to <=8.4.1 (#615)
• cec0119 Update hypothesis requirement from <6.133.0 to <6.136.0 (#616)
• 8449619 Use ty in place of pytype (#617)
• d33056c Move to pyproject.toml (#613)
• 2e6f8d2 Bump version to 0.7.1 (#609)
• dba7e1d Update hypothesis requirement in /.github/scripts (#608)
• 51974c6 Update pylint requirement from <3.3.5 to <3.3.7 in /.github/scripts (#591)
• Additional commits viewable in compare view

Updates pyyaml to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

6.0.1 (2023-07-18)

• yaml/pyyaml#702 -- pin Cython build dep to < 3.0

6.0 (2021-10-13)

• yaml/pyyaml#327 -- Change README format to Markdown
• yaml/pyyaml#483 -- Add a test for YAML 1.1 types
• yaml/pyyaml#497 -- fix float resolver to ignore . and ._
• yaml/pyyaml#550 -- drop Python 2.7
• yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
• yaml/pyyaml#556 -- fix representation of Enum subclasses
• yaml/pyyaml#557 -- fix libyaml extension compiler warnings
• yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
• yaml/pyyaml#561 -- always require Loader arg to yaml.load()
• yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

• yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

... (truncated)

Commits

• 49790e7 Release 6.0.3 (#889)
• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• c42fa3b 6.0.1 release
• ae08bdc block Cython 3.0+ as a build dep (#702)
• f873cfe Add python 3.11 support (#663)
• 8cdff2c 6.0 release
• a4fb55e Update Python 3.10 versions for Windows build
• Additional commits viewable in compare view

Updates redis to 7.0.1

Release notes

Sourced from redis's releases.

7.0.1

Changes

This release adds small fixes related to documentation.

🧰 Maintenance

• Add 'multi_database' section to documentation index (313d93f)
• Revised multi-database client documentation(78df745)
• Adding info about Multi-database client in README.md (3f7a55e)

We'd like to thank all the contributors who worked on this release! @​dmaier @​petyaslavova

Commits

• 613a06f Updating redis-py package version to 7.0.1
• 3f7a55e Adding info about Multi-database client in README.md
• 313d93f Add 'multi_database' section to documentation index
• 78df745 Revised multi-database client documentation
• 7a4e8bc Updating package version to 7.0.0 and supported redis versions in readme.md
• 64a2721 Refactor healthcheck to use PING instead of ECHO (#3811)
• 24a7a10 Fixing SORTABLE, INDEXEMPTY and INDEXMISSING order when using RediSearch fiel...
• 32ba6d8 DOC-5821 update index/query example for runnable notebook (#3807)
• c1e566f Add handling of empty spaces during CLIENT LIST response parsing (#3797)
• 295bec6 Adding new ExternalAuthProviderError that will be raised when we receive 'pro...
• Additional commits viewable in compare view

Updates kombu to 5.6.2

Release notes

Sourced from kombu's releases.

v5.6.2

What's Changed

• Simplify requirements given Py3.9+ baseline by @​jayaddison in celery/kombu#2414
• fix: credential_provider compatibility issue with redis < 5.3.0 by @​alaminopu in celery/kombu#2423
• Fix SentinelChannel to pass ACL credentials to master_for() by @​anthonykuzmich7 in celery/kombu#2426
• Improve the error handling in ack deadline extension by @​tungntpham in celery/kombu#2430
• Prepare for release: v5.6.2 by @​Nusnus in celery/kombu#2434

New Contributors

• @​jayaddison made their first contribution in celery/kombu#2414
• @​anthonykuzmich7 made their first contribution in celery/kombu#2426
• @​tungntpham made their first contribution in celery/kombu#2430

Full Changelog: celery/kombu@v5.6.1...v5.6.2

Changelog

Sourced from kombu's changelog.

5.6.2

:release-date: 29 December, 2025 :release-by: Tomer Nosrati

What's Changed

- Improve error handling in GCP Pub/Sub ack deadline extension ([#2430](https://github.com/celery/kombu/issues/2430))
- Fix SentinelChannel to pass ACL credentials to master_for() ([#2426](https://github.com/celery/kombu/issues/2426))
- Fix credential_provider compatibility with redis-py < 5.3.0 ([#2423](https://github.com/celery/kombu/issues/2423))
- Simplify requirements given Py3.9+ baseline ([#2414](https://github.com/celery/kombu/issues/2414))
- Prepare for release: v5.6.2 ([#2434](https://github.com/celery/kombu/issues/2434))
.. _version-5.6.1:
5.6.1
:release-date: 25 November, 2025
:release-by: Tomer Nosrati
What's Changed

• fix: ensure hub close does also remove global event loop reference (#2404)
• fix: default value for SQS's receive message (#2405)
• Feat: add support for credential_provider to redis broker (#2408)
• Prepare for release: v5.6.1 (#2416)

.. _version-5.6.0:

5.6.0

:release-date: 1 November, 2025 :release-by: Tomer Nosrati

Key Highlights

QoS Max Prefetch Limit
----------------------
PR [#2348](https://github.com/celery/kombu/issues/2348) <https://github.com/celery/kombu/pull/2348>_
Prevent Out Of Memory crashes when queues flood with ETA/countdown tasks. The new optional max_prefetch parameter caps how many messages workers hold in memory. Defaults to unlimited (None) to preserve existing behavior.
.. code-block:: python
from kombu.common import QoS

</tr></table>

... (truncated)

Commits

• 279b81f Prepare for release: v5.6.2 (#2434)
• a12f3a9 Improve the error handling in ack deadline extension (#2430)
• 4055fa7 Bump mypy from 1.19.0 to 1.19.1 (#2432)
• 8756f49 [pre-commit.ci] pre-commit autoupdate (#2429)
• 0a5a0bc Fix SentinelChannel to pass ACL credentials to master_for() (#2426)
• f204769 [pre-commit.ci] pre-commit autoupdate (#2424)
• 9a72859 Bump mypy from 1.18.2 to 1.19.0
• 260d517 fix: credential_provider compatibility issue with redis < 5.3.0 (#2423)
• 161a61b Simplify requirements given Py3.9+ baseline (#2414)
• 5208431 Prepare for release: v5.6.1 (#2416)
• Additional commits viewable in compare view

Updates celery to 5.6.3

Release notes

Sourced from celery's releases.

v5.6.3

What's Changed

• Fix Django worker recursion bug + defensive checks for pool_cls.module by @​maycuatroi1 in celery/celery#10048
• Docs: Update user_preload_options example to use click. by @​jorsyk in celery/celery#10056
• Fix invalid configuration key "bootstrap_servers" in Kafka demo by @​jorsyk in celery/celery#10060
• Fix broken images on PyPI page by @​Timour-Ilyas in celery/celery#10066
• Remove broken reference. by @​sueannioanis in celery/celery#10071
• Removed --dist=loadscope from smoke tests by @​Nusnus in celery/celery#10073
• Docs: Clarify task_retry signal args may be None by @​GangEunzzang in celery/celery#10076
• Update example for Django by @​sbc-khacnha in celery/celery#10081
• Make tests compatible with pymongo >= 4.16 by @​cjwatson in celery/celery#10074
• fix: source install of cassandra-driver by @​Izzette in celery/celery#10105
• fix: register task cross-reference role in Sphinx extension by @​veeceey in celery/celery#10100
• fix: avoid cycle detection in native delayed delivery by @​Izzette in celery/celery#10095
• fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by @​mriddle in celery/celery#10086
• fix dusk_astronomical horizon sign (+18 -> -18) by @​Mr-Neutr0n ...

  Description has been truncated