chore(deps): Update google-generativeai requirement from >=0.3.0 to >=0.8.6 in /money-machine/src-python

[dependabot]

Updates the requirements on google-generativeai to permit the latest version.

Release notes

Sourced from google-generativeai's releases.

Archived

What's Changed

Add a warning message on import telling people that this package is archived.

Full Changelog: google-gemini/deprecated-generative-ai-python@v0.8.5...v0.8.6

Changelog

Sourced from google-generativeai's changelog.

v0.2.2

• Handle maximum batch size for embed_text.
• Restore types.ModelNameOptions.
• Update tuning to handle more dataset types (json, pandas, urls, google-sheets).
• Expose count_text_tokens
• Expose operations management.
• Allow users to pass custom metadata (HTML headers).
• Add dataclass prettyprinting.

v0.2.1

• Bugfix: Add missing enum names to saftey_types.py
• Update to google.ai.generativelanguage v0.3.3

v0.2

• More flexible safety settings:
  • accept strings, ints for enums.
  • accept a {category:threshold} dict in addition to the list of dicts format ([{"category": category, "threshold": threshold}, ...]).
• Add support for batched embeddings.
• Add support for tuning:
  • Add get_{base,tuned}_model.
  • Add list_tuned_models.
  • Add create_tuned_model.

v0.1

Initial version

Commits

• 7a7cc54 Final. (#755)
• 658b54b Update README.md (#743)
• 0adff6d Update README.md - extend support plan by a month (#739)
• f5ac4ed Update version and fix samples for 0.8.5 release (#731)
• e179614 chore: Update user-input.yml GitHub workflow to trigger on PR comments (#723)
• 61867f6 Bump tj-actions/changed-files from 44 to 46 in /.github/workflows (#721)
• d66e975 Update README.md (#722)
• 29f85b8 Update README.md
• 6bf4571 Pin actions to specific SHAs (#719)
• e0fb117 Add a GitHub Action to manage status: awaiting user response (#720)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

**Disclaimer This is AxiomID Review Agent.

Greptile Summary

This dependabot PR bumps the minimum version of google-generativeai from >=0.3.0 to >=0.8.6 in the Python trading engine's requirements. The update is routine in form, but v0.8.6 is explicitly the final, archived release of this package — the library has been deprecated and moved to google-gemini/deprecated-generative-ai-python with no further updates planned.

• The version floor is raised to the last available release; any install resolving >=0.8.6 will land on an archived package that adds a deprecation warning on import.
• Two source files (engine/signal_generator.py, skills/skill_executor.py) use the old genai.configure() / genai.GenerativeModel() API that will not receive security patches going forward; migration to google-genai should be planned.

Confidence Score: 3/5

Merging pins the trading engine to an archived, deprecated library with no future security updates; the change is low-risk in the short term but introduces ongoing exposure as no patches will follow.

The bumped package is the library's own final, archived release. Both consuming files (engine/signal_generator.py and skills/skill_executor.py) sit under the sensitive money-machine/src-python/ path that AGENTS.md flags as requiring maintainer review. While nothing breaks today, pinning to a dead-end dependency with no security backlog is a concrete risk for a live trading engine.

money-machine/src-python/requirements.txt — and transitively engine/signal_generator.py and skills/skill_executor.py, which both use the now-archived google.generativeai API

Important Files Changed

Filename	Overview
money-machine/src-python/requirements.txt	Bumps google-generativeai floor from >=0.3.0 to >=0.8.6; v0.8.6 is explicitly the final, archived release of the package with no future security updates planned.

_{Reviews (1): Last reviewed commit: "chore(deps): Update google-generativeai ..." | Re-trigger Greptile}

Greptile also left 1 inline comment on this PR.

[dependabot]

Labels

The following labels could not be found: dependencies, trading-runtime. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Warning

Rate limit exceeded

@dependabot[bot] has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 5 minutes and 6 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: a64268a4-418d-4771-a2ed-779830948665

📥 Commits

Reviewing files that changed from the base of the PR and between aa69cc0 and 9e229a1.

📒 Files selected for processing (1)

• money-machine/src-python/requirements.txt

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/pip/money-machine/src-python/google-generativeai-gte-0.8.6

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Dependency is archived — no future security patches

The PR description itself notes that google-generativeai v0.8.6 is the final release, marked "Archived," with a warning added on import. The package repository was moved to google-gemini/deprecated-generative-ai-python. This means it will receive no further bug fixes or security updates.

Both engine/signal_generator.py and skills/skill_executor.py use google.generativeai with the legacy genai.configure() / genai.GenerativeModel() API. The replacement is the google-genai package (google.genai) with its new client-based API. Accepting this bump is reasonable as a short-term measure, but the codebase should plan migration to google-genai before any security advisory affects the archived library.