Skip to content

Build(deps): Bump celery from 5.3.6 to 5.6.2#19

Open
dependabot[bot] wants to merge 350 commits into
mainfrom
dependabot/pip/celery-5.6.2
Open

Build(deps): Bump celery from 5.3.6 to 5.6.2#19
dependabot[bot] wants to merge 350 commits into
mainfrom
dependabot/pip/celery-5.6.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026

Copy link
Copy Markdown
Contributor

Bumps celery from 5.3.6 to 5.6.2.

Release notes

Sourced from celery's releases.

v5.6.2

What's Changed

New Contributors

Full Changelog: celery/celery@v5.6.1...v5.6.2

v5.6.1

What's Changed

New Contributors

Full Changelog: celery/celery@v5.6.0...v5.6.1

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.2

:release-date: 2026-01-04 :release-by: Tomer Nosrati

What's Changed


- Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string ([#10045](https://github.com/celery/celery/issues/10045))
- Bugfix: Revoked tasks now immediately update backend status to REVOKED ([#9869](https://github.com/celery/celery/issues/9869))
- Prepare for release: v5.6.2 ([#10049](https://github.com/celery/celery/issues/10049))

.. _version-5.6.1:

5.6.1

:release-date: 2025-12-29 :release-by: Tomer Nosrati

What's Changed

  • Fix Redis Sentinel ACL authentication support (#10013)
  • Fix: Broker heartbeats not sent during graceful shutdown (#9986)
  • docs #5410 -- Document confirm_publish broker transport option (#10016)
  • close DB pools only in prefork mode (#10020)
  • Fix: Avoid unnecessary Django database connection creation during cleanup (#10015)
  • reliable prefork detection (#10023)
  • better coverage (#10029)
  • Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example (#10030)
  • Stop importing pytest_subtests (#10032)
  • Only use exceptiongroup backport for Python < 3.11 (#10033)
  • Prepare for release: v5.6.1 (#10037)

.. _version-5.6.0:

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights


See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
</tr></table> 

... (truncated)

Commits
  • 6a43c84 Prepare for release: v5.6.2 (#10049)
  • 333a82f Bugfix: Revoked tasks now immediately update backend status to REVOKED (#9869)
  • 9d6ab11 Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeEr...
  • 21dbc73 Prepare for release: v5.6.1 (#10037)
  • ba20bed Only use exceptiongroup backport for Python < 3.11 (#10033)
  • 2167529 Stop importing pytest_subtests
  • 0527296 Bump google-cloud-firestore from 2.21.0 to 2.22.0
  • 5f8659b Clarify 'result_extended' setting usage in tasks
  • f19db70 Bump mypy from 1.19.0 to 1.19.1 (#10028)
  • 6da72bd better coverage (#10029)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

QuietFireAI and others added 30 commits March 8, 2026 17:47
…sion

- huggingface_space/app.py: footer trimmed to version/GitHub/Apache 2.0
- frontend/index.html: footer-version updated v10.0.0Bminus -> v11.0.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
from version import __version__ as APP_VERSION
(matches main.py pattern — version.py exports __version__ not APP_VERSION)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Tests: 720 -> 746 (verified live on DO)
- API endpoints: 177 -> 161 (FastAPI OpenAPI introspection)
- Lines scanned: 37,921 -> 61,278 (live Bandit)
- HF URL: QuietfireAI -> QuietFireAI (case fix)
- Contributing: test count updated
- Claude Code note: full refresh with March 8 verified numbers,
  HF Space confirmed live, OSS files confirmed present

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Manners wire-up (core/openclaw.py):
- Step 4 blocklist block: record CAPABILITY_VIOLATION, update manners_score
- Step 7 trust level block: record OUT_OF_ROLE_ACTION, update manners_score
- Both wrapped in try/except — Manners failure never breaks governance pipeline
- manners_score_at_decision now reflects actual score in blocklist returns

Per-agent key (api/openclaw_routes.py):
- TelsonBase generates secrets.token_hex(32) at registration — agents no longer
  supply their own key (api_key field deprecated, ignored if provided)
- agent_key returned in ClawInstanceResponse once at registration only
- Action endpoint accepts X-Agent-Key header; verifies key → instance_id match
- Admin key (X-API-Key) still accepted — backward compat and tooling
Returns full Manners breakdown: overall score, compliance status,
per-principle scores, violation history (last 20), violations in
last 24h, grace period flag. Shows WHY a score is moving — blocked
actions now record violations (previous commit), this surfaces them.
Pipeline modal (triggered from Transparency card):
- All 8 governance steps in plain language
- Manners scoring explained: what moves scores, violation thresholds
- Three API endpoints listed (manners, actions, trust-report)
- Footer note: dashboard UI on the roadmap

FAQ: new 'What's on the roadmap?' entry
- Current state: governance engine complete
- Next sprint: agent dashboard, demotion explanation cards,
  registration flow, audit log viewer
- No mystery about what's built vs what's coming
Full agent lifecycle in 10 steps: register (shows agent_key returned
once), blocked action, Manners score check, gated action, two
promotions, capability unlock, trust report. Covers X-Agent-Key
usage and the per-agent zero-trust pattern. Written for someone who
just finished installation and wants to see the system actually work.
- Move 7 docs from root to docs/ (AMBASSADORS, GLOSSARY, MANNERS, PROJECT_STRUCTURE, TESTING, TERMS_OF_USE, USER_GUIDE)
- Add PROOF_INDEX.md at root — 788 evidence documents, entry point visible on landing
- Remove TEST_RESULTS_6.0.0CC.md and VALIDATION_REPORT_v7.4.0CC.md (archived, versioned out)
- Fix CHANGELOG and proof_sheets/INDEX.md test count: 720 -> 746
- Update .gitignore: v11.0.1 header, exclude raw MP4 recordings from screenshots
- Update cross-references in README, CONTRIBUTING, MANNERS_COMPLIANCE, DOC_INDEX
- .github/dependabot.yml: weekly pip + GitHub Actions updates
- .github/workflows/codeql.yml: Python SAST on push/PR/weekly schedule
- requirements-dev.txt: dev/lint/test tooling (isort, bandit, pip-audit, coverage)
- ci.yml: install requirements-dev.txt in code-quality stage, enforce isort (remove || true)
- QUICKSTART.md: 5-minute path from clone to first governance decision
- Makefile: make test/test-unit/test-security/run/build/lint/clean
- RBAC endpoint count updated to 150 (grep-verified: main.py, api/*.py, tenant_rate_limiting.py)
- README, proof_sheets/INDEX.md, TB-PROOF-014 all updated to match
- DOC_INDEX.md: added QUICKSTART, Makefile, PROOF_INDEX entries; fixed proof count 773->788
QuietFireAI and others added 26 commits March 19, 2026 20:34
- Fix stale test counts (5,416 → 5,777, 92 files → 94 files)
- Fix stale version (v11.0.1 → v11.0.2, March 8 → March 19)
- Fix clone URL (your-org/telsonbase → QuietFireAI/ClawCoat)
- Fix directory in clone examples (telsonbase → ClawCoat)
- Fix Traefik image version (v2.10 → v3)
- Fix service count (12 → 11, MailHog is dev-profile only)
- Fix security battery count (93 → 96)
- Fix password requirements (remove unenfourced complexity claim)
- Fix API endpoint count (140+ → 162+)
- Fix Ollama pull command (docker exec container → docker compose exec service)
- Add name: telsonbase to docker-compose.yml to lock project name regardless of clone directory
…files

- All 6 docs: version v11.0.1 → v11.0.2, footer dates updated
- USER_GUIDE: secrets generation → generate_secrets.sh, MFA endpoint corrected,
  Grafana port 3000 → 3001, container count 10 → 11, Manners reference fixed,
  test count 720 → 5777, project dir telsonbase → ClawCoat
- DEVELOPER_GUIDE: test count 5400+ → 5700+
- YOUR_FIRST_AGENT: health response format corrected (no version/services fields)
- OPENCLAW_INTEGRATION_GUIDE: hardcoded http://telsonbase:8000 → localhost
- DASHBOARD_agent_registration: instance_id format claw_abc123 → real hex format
- FAQ: routers/ → api/ for openclaw_routes, toolroom → main.py, 177 → 164 endpoints,
  37921 → 93893 LoC, 720 → 5777 tests, Anthropic ref removed from Manners description
…_routes (145)

- test_agents_compliance_check_agent_depth.py: 103 tests covering all 14 methods
  including license status branches, disclosure checks, fair housing scan, CE tracking,
  violation override, compliance report, and check_all across all code paths
- test_compliance_routes_depth.py: 145 tests covering all 28 compliance API endpoints
  (legal-holds, breach, retention, sanctions, training, contingency, BAA, HITRUST, PHI)
  — auth enforcement, 200/422/500 paths, parameter validation

Coverage targets: api/compliance_routes.py (29%→~60%+) and
agents/compliance_check_agent.py (23%→~80%+)
…, foreman methods, identiclaw paths

- test_core_persistence_depth.py: +13 ApprovalStore tests + 11 FederationStore tests (store/get/update/list/filter/by-instance)
- test_toolroom_foreman_depth.py: +70 tests covering handle_checkout_request (8 branches), handle_return, execute_add_approved_source, list_approved_sources, propose_tool_install, handle_new_tool_request, get_toolroom_status, _execution_result_to_response, sync_function_tools, _load/_save_approved_sources
- test_identiclaw_depth.py (new): +72 tests covering _base58_decode, parse_did_key error paths, IdenticlawManager init/startup, get_agent Redis fallback, list_agents, update_agent_trust_level, refresh_credentials, nonce helpers, reinstate with record update, resolve_did cache/refresh, validate_credential edge cases (issuer dict, scope string, jti, type string)
…15), auth-required (14), validation (5), success paths + integration flow (66)
…nches, trust_order, tool validation, error paths
…n mcp_gateway.py — core.config exports get_settings(), not a settings singleton
… also move import after validation so invalid_trust_level returns correct error
Update all documentation, proof sheets, and CLAUDE.md:
- Version: v11.0.1/v11.0.2 → v11.0.3 across ~120 files
- Test count: 5,416/5,777/854 → 6,254 everywhere
- Skipped count: 3 → 54
- CI run: #309/#351/#360 → #367
- Coverage: 76.13%/77% → ≥80% (gate: 80%)
- Date: March 19 → March 20, 2026
- CLAUDE.md: rebranded TelsonBase → ClawCoat, Sprint 1 complete status
- proof_sheets/INDEX.md: 854 → 6,254 tests passing
- TB-PROOF-001/052: exact claim, verdict, expected result all updated
Express ClawCoat's Agent Autonomy SLA in the JSON DSL proposed by
Jouneaux & Cabot (arXiv:2511.02885, https://github.com/gwendal-jouneaux/AgentSLA).

New file: docs/System Documents/agent-autonomy-sla-spec.json
- Valid AgentSLA DSL document using their exact schema structure
- Uses OversightLevel metric type (their vocabulary) for all 5 tiers
- QUARANTINE=1.0, PROBATION=0.75, RESIDENT=0.50, CITIZEN=0.25, AGENT=0.10
- MCP protocol compliance, intercept coverage, audit chain completeness as SLOs
- DerivedQoSMetric for rolling Manners Engine window (promotion evaluation)
- QualifyingCondition for auto-demotion and promotion gate terms

Updated: AGENT_AUTONOMY_SLA.md
- New section 8: "Relationship to Jouneaux & Cabot (2025)"
- Draws explicit parallel (spec problem vs. enforcement problem)
- References agent-autonomy-sla-spec.json as the machine-readable form
- Attribution for OversightLevel metric type and DSL
- Cihon et al. (arXiv:2502.15212) citation added (source of OversightLevel)
- Section 9 (Reference Implementation) updated with spec link
- Section 10 (Citation) with both papers
README.md + huggingface_space/README.md:
- Fix "Jouneaux et al." -> "Jouneaux and Cabot" (only 2 authors)
- Add OversightLevel sentence and link to machine-readable spec

agent-autonomy-sla-spec.json: add _license_note on schema attribution

Website (frontend — local only, gitignored): new #research section added
- Anthropic disposition dial quote connected to ClawCoat 5 tiers
- Jouneaux & Cabot open challenge quote connected to OversightLevel adoption
- Link to machine-readable spec JSON on GitHub
Shows numerical values (QUARANTINE=1.0 → AGENT=0.10) inline in prose
so readers don't need to follow the JSON spec link to see them.
Includes inverse relationship note: OversightLevel ↓ as Manners floor ↑.
- Em dashes throughout (hyphens replaced)
- README stats: 6,254 tests, 162 API endpoints
- HF README: 6,254 tests, v11.0.3 footer
- Cihon et al. citation: full title and all five authors
Bumps [celery](https://github.com/celery/celery) from 5.3.6 to 5.6.2.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](celery/celery@v5.3.6...v5.6.2)

---
updated-dependencies:
- dependency-name: celery
  dependency-version: 5.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
@dependabot dependabot Bot requested a review from QuietFireAI as a code owner March 23, 2026 16:33
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant