Added Cooldown regression tests#9602
Merged
Merged
Conversation
The legacy dependency API exposes no per-version publish dates, so the cooldown filter has nothing to compare against and silently does nothing. Document that limitation as a regression guard rather than a surprise. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A single converge can hold several rubygems sources, each keyed by its own remotes. A partial update re-converges the still-locked sources, the path that used to drop cooldown, so lock in that the cooldown stays attached to the source that declared it for both a top-level source and a gem-block source. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bundle add re-resolves the Gemfile against the existing lockfile via the injector, which converges sources the same way install and update do. A gem added there must inherit the source's cooldown instead of grabbing an in-window release. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This is the exact path from the original report: regenerating the lockfile must not advance a gem into the cooldown window. Assert the written lockfile to guard the lock-only flow that install and update specs do not touch. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A frozen install reads the lockfile rather than resolving, so cooldown never runs. Document that a version locked inside the window still installs, so the bypass stays intentional. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A mirror rewrites the fetch URI while cooldown stays keyed by the URI declared in the Gemfile. Confirm the redirect to the serving mirror does not lose the cooldown. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Stamping each solo_gem with its own Time.now.utc lets the two dates drift apart and matches neither the surrounding before block. Snapshot the time once so the cooldown window stays stable as thresholds tighten. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds regression specs to ensure Bundler’s per-source cooldown behavior remains correct across several workflows (partial updates, lockfile updates, bundle add, frozen installs, and mirrors), as a follow-up to the cooldown preservation fix from #9601.
Changes:
- Add coverage ensuring per-source cooldown survives lockfile source convergence during partial updates (including multiple sources and gem-block sources).
- Add coverage for cooldown behavior in
bundle add,bundle lock --update, and frozen installs. - Add coverage asserting cooldown is keyed by the Gemfile-declared URI (including when a mirror redirect is configured) and documenting the dependency API limitation around publish dates.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What was the end-user or developer problem that led to this PR?
Follow-up regression coverage for the per-source cooldown fix in #9601.
bundle addagainst an existing lockfile.bundle lock --update, asserted against the written lockfile (the exact path from the original report).Make sure the following tasks are checked