Skip to content

Build: Bump cachetools from 5.5.2 to 6.1.0 #2145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Fokko merged 1 commit into from
Sep 30, 2025
Merged

Build: Bump cachetools from 5.5.2 to 6.1.0 #2145

Fokko merged 1 commit into from
Sep 30, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 24, 2025
edited
Loading

Bumps cachetools from 5.5.2 to 6.1.0.

Changelog

Sourced from cachetools's changelog.

v6.1.0 (2025-06-16)

  • Improve LFUCache insertion performance by switching to an implementation based on the cacheing <https://pypi.org/project/cacheing/>_ library.

  • Update CI environment.

v6.0.0 (2025-05-23)

  • Require Python 3.9 or later (breaking change).

  • Remove MRUCache and the @func.mru_cache decorator (breaking change).

  • Add an optional condition parameter to the @cached and @cachedmethod decorators, which, when used with a threading.Condition instance, should improve cache stampede <https://en.wikipedia.org/wiki/Cache_stampede>_ issues in massively parallel environments. Note that this will inflict some performance penalty, and therefore has to be enabled explicitly.

  • Convert the cachetools.func decorators to use a threading.Condition instance to deal with cache stampede <https://en.wikipedia.org/wiki/Cache_stampede>_ issues. Note that this may result in a noticable performance degradation, depending on your actual use case.

  • Deprecate support for cache(self) returning None to suppress caching with the @cachedmethod decorator.

  • Improve documentation.

  • Update CI environment.

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 24, 2025
@kevinjqliu
Copy link
Contributor

kevinjqliu commented Jun 24, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/pip/cachetools-6.1.0 branch from dd94502 to b769fdc Compare June 24, 2025 02:26
@Fokko
Copy link
Contributor

Fokko commented Jun 30, 2025

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/pip/cachetools-6.1.0 branch from b769fdc to a66b358 Compare June 30, 2025 08:35
@kevinjqliu kevinjqliu mentioned this pull request Jun 30, 2025
Closed
@kevinjqliu
Copy link
Contributor

kevinjqliu commented Jul 6, 2025

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/pip/cachetools-6.1.0 branch from a66b358 to f6472ad Compare July 6, 2025 17:08
@kevinjqliu
Copy link
Contributor

kevinjqliu commented Jul 6, 2025

Copying over explanation from #2161 (comment)

But cachetools does not have any dependencies, so also not on google-cloud-storage. Why does it lower the GCP dependencies

I found the culprit! poetry show --tree:

├── google-cloud-storage *
│   ├── google-api-core >=2.15.0,<3.0.0 
│   │   ├── google-auth >=2.14.1,<3.0.0 
│   │   │   ├── cachetools >=2.0.0,<6.0

google-auth sets an upper limit for cachetools. Confirmed here

So the resolver finds the version of google-auth without this constraint

├── google-cloud-storage *
│   ├── google-auth >=1.2.0 
│   │   ├── cachetools >=2.0.0

We can skip this version of cachetools

@kevinjqliu
Copy link
Contributor

kevinjqliu commented Jul 6, 2025

@dependabot ignore this major version

Reason: google-auth sets an upper limit for cachetools. https://github.com/googleapis/google-auth-library-python/blob/ca94ead4035beea4741dc5384449032f8e6f75d8/setup.py#L23

@kevinjqliu kevinjqliu closed this Jul 6, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 6, 2025

OK, I won't notify you about version 6.x.x again, unless you re-open this PR.

@dependabot dependabot bot deleted the dependabot/pip/cachetools-6.1.0 branch July 6, 2025 19:57
@lwfitzgerald
Copy link
Contributor

lwfitzgerald commented Sep 30, 2025

@kevinjqliu / @Fokko Please can we re-open this to allow an upgrade to 6.2.0 since google-auth>=2.41.0 now supports cachetools 6.x.x - https://github.com/googleapis/google-auth-library-python/releases/tag/v2.41.0 (pyiceberg already updated to this in #2547)

@Fokko
Copy link
Contributor

Fokko commented Sep 30, 2025

@dependabot recreate

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 30, 2025

Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use @dependabot reopen if the branch has been deleted).

@Fokko
Copy link
Contributor

Fokko commented Sep 30, 2025

@dependabot reopen

@dependabot dependabot bot reopened this Sep 30, 2025
@dependabot dependabot bot restored the dependabot/pip/cachetools-6.1.0 branch September 30, 2025 07:40
@Fokko
Copy link
Contributor

Fokko commented Sep 30, 2025

@lwfitzgerald Sure thing, thanks for the heads-up!

@dependabot
Build: Bump cachetools from 5.5.2 to 6.1.0
4257560 
Bumps [cachetools](https://github.com/tkem/cachetools) from 5.5.2 to 6.1.0.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v5.5.2...v6.1.0)

---
updated-dependencies:
- dependency-name: cachetools
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/cachetools-6.1.0 branch from f6472ad to 4257560 Compare September 30, 2025 07:42
@Fokko Fokko merged commit bfba7cb into main Sep 30, 2025
10 checks passed
@Fokko Fokko deleted the dependabot/pip/cachetools-6.1.0 branch September 30, 2025 08:51
@Fokko
Copy link
Contributor

Fokko commented Sep 30, 2025

Thanks again @lwfitzgerald

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fokko Fokko Fokko approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinjqliu @Fokko @lwfitzgerald