The Fix
pip install celery==5.2.2
Based on closed celery/celery issue #7070 · PR/commit linked
Production note: This usually shows up under retries/timeouts. Treat it as a side-effect risk until you can verify behavior with a canary + real traffic.
@@ -1 +1,4 @@
@@ -1 +1,4 @@
+boto3>=1.26.143
+pycurl>=7.43.0.5; sys_platform != 'win32' and platform_python_implementation=="CPython"
+urllib3>=1.26.16
repro.py
$ pip install --require-hashes -r requirements.txt
Collecting amqp==5.0.6
Using cached amqp-5.0.6-py3-none-any.whl (53 kB)
Collecting billiard==3.6.4.0
Using cached billiard-3.6.4.0-py3-none-any.whl (89 kB)
Collecting celery[sqs]==5.2.0
Using cached celery-5.2.0-py3-none-any.whl (404 kB)
Requirement already satisfied: click==8.0.3 in ./venv/lib/python3.10/site-packages (from -r requirements.txt (line 19)) (8.0.3)
Collecting click-didyoumean==0.3.0
Using cached click_didyoumean-0.3.0-py3-none-any.whl (2.7 kB)
Collecting click-plugins==1.1.1
Using cached click_plugins-1.1.1-py2.py3-none-any.whl (7.5 kB)
Collecting click-repl==0.2.0
Using cached click_repl-0.2.0-py3-none-any.whl (5.2 kB)
Collecting kombu==5.2.1
Using cached kombu-5.2.1-py3-none-any.whl (188 kB)
Collecting prompt-toolkit==3.0.22
Using cached prompt_toolkit-3.0.22-py3-none-any.whl (374 kB)
Collecting pytz==2021.3
Using cached pytz-2021.3-py2.py3-none-any.whl (503 kB)
Collecting six==1.16.0
Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting vine==5.0.0
Using cached vine-5.0.0-py2.py3-none-any.whl (9.4 kB)
Collecting wcwidth==0.2.5
Using cached wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Requirement already satisfied: setuptools in ./venv/lib/python3.10/site-packages (from celery[sqs]==5.2.0->-r requirements.txt (line 15)) (58.2.0)
Collecting urllib3>=1.26.7
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
urllib3>=1.26.7 from https://files.pythonhosted.org/packages/af/f4/524415c0744552cce7d8bf3669af78e8a069514405ea4fcbd0cc44733744/urllib3-1.26.7-py2.py3-none-any.whl#sha256=c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844 (from kombu==5.2.1->-r requirements.txt (line 39))
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install celery==5.2.2\nWhen NOT to use: This fix should not be used if the project requires specific versions of dependencies that conflict with the updates.\n\nOption C — Workaround\nthat may or may not be acceptable depending on your threat model.\nWhen NOT to use: This fix should not be used if the project requires specific versions of dependencies that conflict with the updates.\n\n
Why This Fix Works in Production
- Trigger: ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not: urllib3>=1.26.7 from
- Mechanism: Attempts to fix installation issues by updating SQS dependencies and trying the latest pycurl release.
- Why the fix works: Attempts to fix installation issues by updating SQS dependencies and trying the latest pycurl release. (first fixed release: 5.2.2).
Production impact:
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Shows up under Python 3.10 in real deployments (not just unit tests).
- Surfaces as: ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:\n urllib3>=1.26.7 from…
Proof / Evidence
- GitHub issue: #7070
- Fix PR: https://github.com/celery/celery/pull/7069
- First fixed release: 5.2.2
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.35
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Just to summarise for anyone finding this issue and unable to update celery”
“This also causes celery[sqs] to fail with Poetry: https://github.com/python-poetry/poetry/issues/4683.”
“Hey @hannseman :wave:, Thank you for opening an issue”
“PR: https://github.com/celery/celery/pull/7071”
Failure Signature (Search String)
- ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:\n urllib3>=1.26.7 from
Error Message
Stack trace
error.txt
Error Message
-------------
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:\n urllib3>=1.26.7 from https://files.pythonhosted.org/packages/af/f4/524415c0744552cce7d8bf3669af78e8a069514405ea4fcbd0cc44733744/urllib3-1.26.7-py2.py3-none-any.whl#sha256=c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844 (from kombu==5.2.1->-r requirements.txt (line 39))
Minimal Reproduction
repro.py
$ pip install --require-hashes -r requirements.txt
Collecting amqp==5.0.6
Using cached amqp-5.0.6-py3-none-any.whl (53 kB)
Collecting billiard==3.6.4.0
Using cached billiard-3.6.4.0-py3-none-any.whl (89 kB)
Collecting celery[sqs]==5.2.0
Using cached celery-5.2.0-py3-none-any.whl (404 kB)
Requirement already satisfied: click==8.0.3 in ./venv/lib/python3.10/site-packages (from -r requirements.txt (line 19)) (8.0.3)
Collecting click-didyoumean==0.3.0
Using cached click_didyoumean-0.3.0-py3-none-any.whl (2.7 kB)
Collecting click-plugins==1.1.1
Using cached click_plugins-1.1.1-py2.py3-none-any.whl (7.5 kB)
Collecting click-repl==0.2.0
Using cached click_repl-0.2.0-py3-none-any.whl (5.2 kB)
Collecting kombu==5.2.1
Using cached kombu-5.2.1-py3-none-any.whl (188 kB)
Collecting prompt-toolkit==3.0.22
Using cached prompt_toolkit-3.0.22-py3-none-any.whl (374 kB)
Collecting pytz==2021.3
Using cached pytz-2021.3-py2.py3-none-any.whl (503 kB)
Collecting six==1.16.0
Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting vine==5.0.0
Using cached vine-5.0.0-py2.py3-none-any.whl (9.4 kB)
Collecting wcwidth==0.2.5
Using cached wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Requirement already satisfied: setuptools in ./venv/lib/python3.10/site-packages (from celery[sqs]==5.2.0->-r requirements.txt (line 15)) (58.2.0)
Collecting urllib3>=1.26.7
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
urllib3>=1.26.7 from https://files.pythonhosted.org/packages/af/f4/524415c0744552cce7d8bf3669af78e8a069514405ea4fcbd0cc44733744/urllib3-1.26.7-py2.py3-none-any.whl#sha256=c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844 (from kombu==5.2.1->-r requirements.txt (line 39))
Environment
- Python: 3.10
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install celery==5.2.2
When NOT to use: This fix should not be used if the project requires specific versions of dependencies that conflict with the updates.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option C — Workaround Temporary workaround
that may or may not be acceptable depending on your threat model.
When NOT to use: This fix should not be used if the project requires specific versions of dependencies that conflict with the updates.
Use only if you cannot change versions today. Treat this as a stopgap and remove once upgraded.
Fix reference: https://github.com/celery/celery/pull/7069
First fixed release: 5.2.2
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be used if the project requires specific versions of dependencies that conflict with the updates.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 5.2.2 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.