feat: track last successful unfurl date

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/migrations/0120_impactedpackage_last_range_unfurl_at_and_more.py

@@ -1,4 +1,4 @@
-# Generated by Django 5.2.11 on 2026-04-06 20:51
+# Generated by Django 5.2.11 on 2026-04-08 09:28
 
 from django.db import migrations, models
 

vulnerabilities/migrations/0121_impactedpackage_last_successful_range_unfurl_at.py

@@ -0,0 +1,23 @@
+# Generated by Django 5.2.11 on 2026-04-08 09:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0120_impactedpackage_last_range_unfurl_at_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="impactedpackage",
+            name="last_successful_range_unfurl_at",
+            field=models.DateTimeField(
+                blank=True,
+                db_index=True,
+                help_text="Timestamp of the last successful vers range unfurl.",
+                null=True,
+            ),
+        ),
+    ]

vulnerabilities/models.py

@@ -1139,9 +1139,9 @@ def get_affecting_vulnerabilities(self):
                     next_fixed_package_vulns = list(fixed_by_pkg.affected_by)
 
                     fixed_by_package_details["fixed_by_purl"] = fixed_by_purl
-                    fixed_by_package_details[
-                        "fixed_by_purl_vulnerabilities"
-                    ] = next_fixed_package_vulns
+                    fixed_by_package_details["fixed_by_purl_vulnerabilities"] = (
+                        next_fixed_package_vulns
+                    )
                     fixed_by_pkgs.append(fixed_by_package_details)
 
                     vuln_details["fixed_by_package_details"] = fixed_by_pkgs
@@ -3259,6 +3259,13 @@ class ImpactedPackage(models.Model):
         help_text="Timestamp of the last vers range unfurl.",
     )
 
+    last_successful_range_unfurl_at = models.DateTimeField(
+        blank=True,
+        null=True,
+        db_index=True,
+        help_text="Timestamp of the last successful vers range unfurl.",
+    )
+
     def to_dict(self):
         from vulnerabilities.utils import purl_to_dict
 

vulnerabilities/pipelines/v2_improvers/unfurl_version_range.py

@@ -52,20 +52,25 @@ def unfurl_version_range(self):
         processed_impacted_packages_count = 0
         processed_affected_packages_count = 0
         cached_versions = {}
-        impacts_to_update = []
-        update_batch_size = 5
+        update_unfurl_date = []
+        update_successful_unfurl_date = []
+        update_batch_size = 5000
+        chunk_size = 5000
 
         impacted_packages = impacted_package_qs(cutoff_day=self.reunfurl_after_days)
         impacted_packages_count = impacted_packages.count()
         self.log(f"Unfurl affected vers range for {impacted_packages_count:,d} ImpactedPackage.")
 
-        progress = LoopProgress(total_iterations=impacted_packages_count, logger=self.log)
-        for impact in progress.iter(impacted_packages.iterator(chunk_size=5000)):
-            impacts_to_update.append(impact.pk)
+        progress = LoopProgress(
+            total_iterations=impacted_packages_count, progress_step=5, logger=self.log
+        )
+        for impact in progress.iter(impacted_packages.iterator(chunk_size=chunk_size)):
+            update_unfurl_date.append(impact.pk)
             purl = PackageURL.from_string(impact.base_purl)
             if not impact.affecting_vers or not any(
                 c in impact.affecting_vers for c in ("<", ">", "!")
             ):
+                update_successful_unfurl_date.append(impact.pk)
                 continue
             if purl.type not in FETCHCODE_SUPPORTED_ECOSYSTEMS:
                 continue
@@ -87,17 +92,25 @@ def unfurl_version_range(self):
                 relation=ImpactedPackageAffecting,
                 logger=self.log,
             )
+            update_successful_unfurl_date.append(impact.pk)
             processed_impacted_packages_count += 1
 
-            if len(impacts_to_update) > update_batch_size:
-                ImpactedPackage.objects.filter(pk__in=impacts_to_update).update(
+            if len(update_unfurl_date) > update_batch_size:
+                ImpactedPackage.objects.filter(pk__in=update_unfurl_date).update(
                     last_range_unfurl_at=timezone.now()
                 )
-                impacts_to_update.clear()
+                ImpactedPackage.objects.filter(pk__in=update_successful_unfurl_date).update(
+                    last_successful_range_unfurl_at=timezone.now()
+                )
+                update_unfurl_date.clear()
+                update_successful_unfurl_date.clear()
 
-        ImpactedPackage.objects.filter(pk__in=impacts_to_update).update(
+        ImpactedPackage.objects.filter(pk__in=update_unfurl_date).update(
             last_range_unfurl_at=timezone.now()
         )
+        ImpactedPackage.objects.filter(pk__in=update_successful_unfurl_date).update(
+            last_successful_range_unfurl_at=timezone.now()
+        )
         self.log(f"Successfully processed {processed_impacted_packages_count:,d} ImpactedPackage.")
         self.log(f"{processed_affected_packages_count:,d} new Impact-Package relation created.")
 

vulnerabilities/pipes/openssl.py

@@ -89,9 +89,7 @@ def get_reference(reference_name, tag, reference_url):
     ref_type = (
         AdvisoryReference.COMMIT
         if "commit" in name or tag == "patch"
-        else AdvisoryReference.ADVISORY
-        if "advisory" in name
-        else AdvisoryReference.OTHER
+        else AdvisoryReference.ADVISORY if "advisory" in name else AdvisoryReference.OTHER
     )
 
     return ReferenceV2(

vulnerabilities/tests/pipelines/v2_importers/test_collect_fix_commit.py

@@ -52,9 +52,7 @@ def test_collect_fix_commits_groups_by_vuln(mock_repo, pipeline):
         side_effect=lambda c: (
             ["CVE-2021-0001"]
             if "CVE" in c.message
-            else ["GHSA-dead-beef-baad"]
-            if "GHSA" in c.message
-            else []
+            else ["GHSA-dead-beef-baad"] if "GHSA" in c.message else []
         )
     )
 

vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py

@@ -111,6 +111,8 @@ def test_affecting_version_range_unfurl(self, mock_fetch):
         self.assertEqual(3, PackageV2.objects.count())
         self.assertEqual(1, impact.fixed_by_packages.count())
         self.assertEqual(2, impact.affecting_packages.count())
+        self.assertNotEqual(None, impact.last_range_unfurl_at)
+        self.assertNotEqual(None, impact.last_successful_range_unfurl_at)
 
     def test_impacted_package_qs_dont_process_empty_vers(self):
         insert_advisory_v2(

vulnerabilities/tests/test_api.py

@@ -75,9 +75,9 @@ def cleaned_response(response):
                 reference["scores"] = sorted(
                     reference["scores"], key=lambda x: (x["value"], x["scoring_system"])
                 )
-                package_data["resolved_vulnerabilities"][index]["references"][index2][
-                    "scores"
-                ] = reference["scores"]
+                package_data["resolved_vulnerabilities"][index]["references"][index2]["scores"] = (
+                    reference["scores"]
+                )
 
         cleaned_response.append(package_data)