From 330fc072721f4b0e8bb9f10e268ea31a7e5b82d3 Mon Sep 17 00:00:00 2001
From: "ahsan.sheraz" <ahsan.sheraz@bonial.com>
Date: Fri, 10 Apr 2026 18:09:08 +0200
Subject: [PATCH] fix(security): update vulnerable dependencies in celery
 example

Update pinned versions in examples/celery/requirements.txt to resolve
13 known security vulnerabilities (1 HIGH, 11 MEDIUM, 1 LOW):

- werkzeug 2.3.3 -> 3.1.6 (CVE-2024-34069, CVE-2023-46136, CVE-2024-49766, CVE-2024-49767, CVE-2025-66221, CVE-2026-21860, CVE-2026-27199)
- jinja2 3.1.2 -> 3.1.6 (CVE-2024-22195, CVE-2024-34064, CVE-2024-56201, CVE-2024-56326, CVE-2025-27516)
- flask 2.3.2 -> 3.1.3 (CVE-2026-27205)

Also bumps transitive deps for compatibility:
- blinker 1.6.2 -> 1.9.0
- itsdangerous 2.1.2 -> 2.2.0
- markupsafe 2.1.2 -> 3.0.3
---
 examples/celery/requirements.txt | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/examples/celery/requirements.txt b/examples/celery/requirements.txt
index 29075ab5..bfb48896 100644
--- a/examples/celery/requirements.txt
+++ b/examples/celery/requirements.txt
@@ -10,7 +10,7 @@ async-timeout==4.0.2
     # via redis
 billiard==3.6.4.0
     # via celery
-blinker==1.6.2
+blinker==1.9.0
     # via flask
 celery[redis]==5.2.7
     # via flask-example-celery (pyproject.toml)
@@ -27,15 +27,15 @@ click-plugins==1.1.1
     # via celery
 click-repl==0.2.0
     # via celery
-flask==2.3.2
+flask==3.1.3
     # via flask-example-celery (pyproject.toml)
-itsdangerous==2.1.2
+itsdangerous==2.2.0
     # via flask
-jinja2==3.1.2
+jinja2==3.1.6
     # via flask
 kombu==5.2.4
     # via celery
-markupsafe==2.1.2
+markupsafe==3.0.3
     # via
     #   jinja2
     #   werkzeug
@@ -54,5 +54,5 @@ vine==5.0.0
     #   kombu
 wcwidth==0.2.6
     # via prompt-toolkit
-werkzeug==2.3.3
+werkzeug==3.1.6
     # via flask