Skip to content

deps(py): bump cachetools from 5.3.3 to 7.0.4#1083

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/cachetools-7.0.4
Open

deps(py): bump cachetools from 5.3.3 to 7.0.4#1083
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/cachetools-7.0.4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026
edited by cubic-dev-ai bot
Loading

Bumps cachetools from 5.3.3 to 7.0.4.

Changelog

Sourced from cachetools's changelog.

v7.0.4 (2026-03-08)

  • Fix and properly document @cachedmethod.cache_key behavior.

  • Minor documentation improvements.

v7.0.3 (2026-03-05)

  • Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations.

v7.0.2 (2026-03-02)

  • Provide more efficient clear() implementation for all support Cache classes (courtesy Josep Pon Farreny).

v7.0.1 (2026-02-10)

  • Various test improvements.

  • Update Copilot Instructions.

v7.0.0 (2026-02-01)

  • Require Python 3.10 or later (breaking change).

  • Drop support for passing info as fourth positional parameter to @cached (breaking change).

  • Drop support for cache(self) returning None with @cachedmethod (breaking change).

  • Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

  • Convert the previously undocumented @cachedmethod attributes (cache, cache_lock, etc.) to properties for instance methods, providing official support and documentation (potentially breaking change).

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by cubic

Upgrade cachetools from 5.3.3 to 7.0.4 to pick up bug fixes and faster cache clearing. This major update requires Python 3.10+ and changes some @cached/@cachedmethod behaviors.

  • Migration
    • Ensure runtime and CI use Python 3.10 or newer.
    • Stop passing info as the 4th positional arg to @cached (use a keyword if needed).
    • Avoid @cachedmethod on class methods or instances without a mutable __dict__; refactor to instance methods.

Written for commit 99328c5. Summary will update on new commits.

@dependabot
deps(py): bump cachetools from 5.3.3 to 7.0.4
99328c5 
Bumps [cachetools](https://github.com/tkem/cachetools) from 5.3.3 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v5.3.3...v7.0.4)

---
updated-dependencies:
- dependency-name: cachetools
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 9, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 9, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 3 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="pyproject.toml">

<violation number="1" location="pyproject.toml:19">
P2: Update uv.lock to match the new cachetools version; otherwise locked installs will still pull 5.3.3 despite the pyproject bump.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

pyproject.toml
"bidict==0.23.1",
"blinker==1.9.0",
"cachetools==5.3.3",
"cachetools==7.0.4",
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Update uv.lock to match the new cachetools version; otherwise locked installs will still pull 5.3.3 despite the pyproject bump.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At pyproject.toml, line 19:

<comment>Update uv.lock to match the new cachetools version; otherwise locked installs will still pull 5.3.3 despite the pyproject bump.</comment>

<file context>
@@ -16,7 +16,7 @@ dependencies = [
   "bidict==0.23.1",
   "blinker==1.9.0",
-  "cachetools==5.3.3",
+  "cachetools==7.0.4",
   "certifi==2024.7.4",
   "cffi==2.0.0",
</file context>
Fix with Cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants