chore(deps): bump celery from 5.5.3 to 5.6.0

[dependabot]

Bumps celery from 5.5.3 to 5.6.0.

Release notes

Sourced from celery's releases.

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

Contributed by @​auvipy in celery/celery#9620.

Security Fix: Broker Credential Leak Prevention

Fixed a security issue where broker URLs containing passwords were being logged in plaintext by the delayed delivery mechanism. Broker credentials are now properly sanitized in all log output.

Contributed by @​giancarloromeo in celery/celery#9997.

Memory Leak Fixes

Two significant memory leaks have been fixed in this release:

Exception Handling Memory Leak: Fixed a critical memory leak in task exception handling that was particularly severe on Python 3.11+ due to enhanced traceback data. The fix properly breaks reference cycles in tracebacks to allow garbage collection.

Contributed by @​jaiganeshs21 in celery/celery#9799.

Pending Result Memory Leak: Fixed a memory leak where AsyncResult subscriptions were not being cleaned up when results were forgotten.

Contributed by @​tsoos99dev in celery/celery#9806.

ETA Task Memory Limit

New configuration option worker_eta_task_limit to prevent out-of-memory crashes when workers fetch large numbers of ETA or countdown tasks. Previously, workers could exhaust available memory when the broker contained many scheduled tasks.

Example usage:

app.conf.worker_eta_task_limit = 1000

Contributed by @​sashu2310 in celery/celery#9853.

Queue Type Selection for Auto-created Queues

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
Python 3.9 Minimum Version
Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python
version is now 3.9. Users still on Python 3.8 must upgrade their Python version
before upgrading to Celery 5.6.0.
Additionally, this release includes initial support for Python 3.14.
SQS: Reverted to pycurl from urllib3
The switch from pycurl to urllib3 for the SQS transport (introduced in
Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS
users:

Processing throughput dropped from ~100 tasks/sec to ~3/sec in some environments
UnknownOperationException errors causing container crash loops
Silent message processing failures with no error logs

Users of the SQS transport must ensure pycurl is installed. If you removed
pycurl after upgrading to Celery 5.5.0, you will need to reinstall it.
Contributed by @auvipy <https://github.com/auvipy>_ in
[#9620](https://github.com/celery/celery/issues/9620) <https://github.com/celery/celery/pull/9620>_.
Security Fix: Broker Credential Leak Prevention
Fixed a security issue where broker URLs containing passwords were being logged
in plaintext by the delayed delivery mechanism. Broker credentials are now
properly sanitized in all log output.
Contributed by @giancarloromeo <https://github.com/giancarloromeo>_ in
[#9997](https://github.com/celery/celery/issues/9997) <https://github.com/celery/celery/pull/9997>_.
Memory Leak Fixes
</tr></table>

... (truncated)

Commits

• cca1116 Prepare for release: v5.6.0 (#10010)
• 1133f22 Bump mypy from 1.14.1 to 1.19.0 (#10008)
• 0932d2c [pre-commit.ci] pre-commit autoupdate (#10007)
• b446910 Prepare for (pre) release: v5.6.0rc2 (#10005)
• 3f0f0fe asynpool: Don't return from inside a finally block (#10000)
• 95d0552 Bump actions/checkout from 5 to 6 (#10003)
• f32b92f Add Py39-314t to CI (#9999)
• 63c1910 Don't fail task on timeout during cold shutdown (#9678)
• 30649db Fix log leaking broker credentials (#9997)
• 929412e Remove Python 4.0 version condition for pytest dependencies (#9993)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rtibbles]

No concerns from changelog - just needed a small tweak to dev dependencies.