Skip to content

chore(deps): update dependency cachetools to v7#840

Merged
olavloite merged 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/cachetools-7.x
Mar 5, 2026
Merged

chore(deps): update dependency cachetools to v7#840
olavloite merged 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/cachetools-7.x

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Mar 4, 2026

This PR contains the following updates:

Package Change Age Confidence
cachetools ==6.2.6==7.0.2 age confidence

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested a review from a team as a code owner March 4, 2026 17:08
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 4, 2026
@product-auto-label product-auto-label bot added the api: spanner Issues related to the googleapis/python-spanner-sqlalchemy API. label Mar 4, 2026
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 4, 2026
@gemini-code-assist
Copy link

gemini-code-assist bot commented Mar 4, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the cachetools dependency to its latest major version, 7.0.2, ensuring the project benefits from the newest features and bug fixes. This update was automatically generated by Renovate to keep dependencies current.

Highlights

  • Dependency Update: The cachetools dependency has been updated from version 6.2.6 to 7.0.2, which is a major version bump.
  • Security Hashes Refreshed: The SHA256 hashes for the cachetools dependency in requirements.txt have been updated to reflect the new version.
Activity
  • Pull request automatically generated by Mend Renovate.
  • Automerge is disabled, requiring manual merging of this dependency update.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 4, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the cachetools dependency to a new major version, v7.0.2. My review has identified a significant issue with the project's testing strategy. The test sessions defined in noxfile.py do not utilize the pinned dependencies from requirements.txt. This means that this dependency update, and others, are likely not being validated by the CI pipeline. I have added a detailed comment outlining the issue and a recommended solution. Addressing this gap in the testing process is crucial for ensuring the project's stability and the integrity of its dependency management.

Note: Security Review has been skipped due to the limited scope of the PR.

requirements.txt
Comment on lines +17 to +19
cachetools==7.0.2 \
--hash=sha256:7e7f09a4ca8b791d8bb4864afc71e9c17e607a28e6839ca1a644253c97dbeae0 \
--hash=sha256:938dcad184827c5e94928c4fd5526e2b46692b7fb1ae94472da9131d0299343c
Copy link

@gemini-code-assist gemini-code-assist bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This update to cachetools is a major version bump, which carries inherent risks. More critically, the project's test suite, as configured in noxfile.py, does not appear to use this requirements.txt file for installing dependencies during testing.

Most test sessions (e.g., unit, system, compliance_test) use session.install('.') or session.install('.[tracing]'). This command resolves dependencies based on the broad version ranges in setup.py (e.g., google-cloud-spanner>=3.55.0) at the time the tests are executed, rather than using the specific pinned versions from this file.

This leads to two significant problems:

  1. This dependency update to cachetools is likely not being tested by the CI pipeline, as the test environment will resolve its own set of dependencies independently.
  2. The primary benefit of pinning dependencies in requirements.txt—ensuring reproducible environments—is lost during the testing phase.

To resolve this, the test sessions in noxfile.py should be updated to install dependencies from this file. For instance, session.install('.') could be changed to session.install('-r', 'requirements.txt', '.'). This would ensure that tests are consistently run against the exact dependency versions specified here.

@olavloite olavloite merged commit 6619bae into googleapis:main Mar 5, 2026
20 checks passed
@renovate-bot renovate-bot deleted the renovate/cachetools-7.x branch March 5, 2026 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olavloite olavloite olavloite approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api: spanner Issues related to the googleapis/python-spanner-sqlalchemy API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @olavloite @yoshi-kokoro