Skip to content

chore(deps): bump google-cloud-kms from 2.24.2 to 3.14.0#6023

Closed
dependabot[bot] wants to merge 1 commit into
unstablefrom
dependabot/uv/google-cloud-kms-3.14.0
Closed

chore(deps): bump google-cloud-kms from 2.24.2 to 3.14.0#6023
dependabot[bot] wants to merge 1 commit into
unstablefrom
dependabot/uv/google-cloud-kms-3.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps google-cloud-kms from 2.24.2 to 3.14.0.

Release notes

Sourced from google-cloud-kms's releases.

google-cloud-kms: v3.14.0

3.14.0 (2026-06-22)

Features

Changelog

Sourced from google-cloud-kms's changelog.

3.14.0 (2026-04-02)

Features

3.13.0 (2026-03-26)

Features

Bug Fixes

3.12.0 (2026-03-23)

Features

3.11.0 (2026-03-05)

Features

3.10.0 (2026-02-12)

Documentation

Features

... (truncated)

Commits
  • a5ad18c chore: release main (#17482)
  • f6937b3 chore(main): release google-cloud-bigtable 2.39.0 (#17497)
  • 172302b ci(bigquery-storage): fix core_deps_from_source and prerelease_deps by in...
  • e726878 fix(bigframes): world-readable temp zip in create_cloud_function (#17522)
  • 2f893b1 fix: bump @​angular/common, @​angular/forms, @​angular/platform-browser and @​ang...
  • f23063f fix: bump langsmith from 0.8.0 to 0.8.18 in /packages/bigframes (#17518)
  • 6fc45e3 fix: bump undici and @​angular/build in /packages/bigframes/bigframes/display/...
  • 36b5b7e fix: bump msgpack from 1.1.1 to 1.2.1 in /packages/bigframes (#17520)
  • 11de939 tests: add Python 3.15 pre-release testing (#17517)
  • 0258405 fix(bigquery): close GAPIC storage transport and auth sessions to prevent soc...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026

@rtibblesbot rtibblesbot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency bump review: google-cloud-kms 2.24.2 → 3.14.0, production dependency (requirements.in), major version bump.

  • Breaking changes: the only breaking change across 2.x→3.x is pagination added to ListKeyHandles in the Autokey service.
  • Not applicable here — this project only uses KeyManagementServiceClient.crypto_key_path() and .decrypt() (contentcuration/contentcuration/utils/secretmanagement.py); no Autokey usage found repo-wide.
  • Security fixes: none noted in the changelog.
  • Peer-dependency changes: 3.14.0 raises the grpc-google-iam-v1 floor to >=0.14.0.
  • That floor breaks google-cloud-logging==2.7.1's pin (grpc-google-iam-v1<0.13,>=0.12.3).
  • So uv resolved google-cloud-logging back to 2.6.0 (see inline comment).
  • That forces google-cloud-appengine-logging down from 1.8.0 to 0.2.0.
  • Not blocking: no breaking changes between logging 2.6.0 and 2.7.1.
  • google.cloud.logging isn't imported directly here — only pulled in transitively via google-cloud-error-reporting, whose own pin is unchanged.
  • CI status: passing (14/14 checks).

No code changes required.


@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Ran a dependency-update review pipeline over the version bump:

  • Classified the bump by semver (patch / minor / major) and dependency type (production vs. development)
  • Extracted the changelog and release notes across the version range
  • Assessed compatibility with this project's usage and whether any code changes are required
  • Treated CI as the primary safety net
  • Scaled the review depth to the update's risk
  • Chose the verdict from semver risk, changelog findings, and CI status

Comment thread requirements.txt
google-cloud-kms==3.14.0
# via -r requirements.in
google-cloud-logging==2.7.1
google-cloud-logging==2.6.0

@rtibblesbot rtibblesbot Jul 1, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved — addressed in the current code.

suggestion: see review summary.

Bumps [google-cloud-kms](https://github.com/googleapis/google-cloud-python) from 2.24.2 to 3.14.0.
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](googleapis/google-cloud-python@google-cloud-kms-v2.24.2...google-cloud-kms-v3.14.0)

---
updated-dependencies:
- dependency-name: google-cloud-kms
  dependency-version: 3.14.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/google-cloud-kms-3.14.0 branch from 2d09dd0 to 95804ec Compare July 1, 2026 02:50
@rtibbles

rtibbles commented Jul 1, 2026

Copy link
Copy Markdown
Member

The dependency madness doesn't seem worthwhile here - will wait until we can do an upgrade that upgrades all packages rather than downgrading.

@rtibbles rtibbles closed this Jul 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/google-cloud-kms-3.14.0 branch July 1, 2026 03:10

@rtibblesbot rtibblesbot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

google-cloud-kms 2.24.2 → 3.14.0 (major bump, production dependency). This PR is closed, so no action is needed — recording final status for the record.

CI passing, but the maintainer closed this PR because the bump forces uv to raise the grpc-google-iam-v1 floor (0.12.4 → 0.14.4), which cascades into downgrading google-cloud-appengine-logging (1.8.0 → 0.2.0) and google-cloud-logging (2.7.1 → 2.6.0) — a net-negative dependency graph that isn't worth the kms upgrade. Waiting on an upstream resolution that raises rather than downgrades those transitive logging packages.

Prior-finding status

ACKNOWLEDGED — requirements.txt:110 — google-cloud-appengine-logging/google-cloud-logging downgrade via grpc-google-iam-v1 floor bump


@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Ran a dependency-update review pipeline over the version bump:

  • Classified the bump by semver (patch / minor / major) and dependency type (production vs. development)
  • Extracted the changelog and release notes across the version range
  • Assessed compatibility with this project's usage and whether any code changes are required
  • Treated CI as the primary safety net
  • Scaled the review depth to the update's risk
  • Chose the verdict from semver risk, changelog findings, and CI status

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants