Follow-up to #1153. The fix in resolve_package_cooldown() bypasses cooldown for transitive dependencies when a top-level exact pin exists in the dependency graph. The current tests cover the happy path but several edge cases need coverage to prevent regressions.
Test cases to add
-
Non-exact top-level entry does not bypass cooldown
Graph has test-pkg>=1.0 as TOP_LEVEL (not an exact == pin). The _has_equality_pin check on the graph edge should prevent bypass, and cooldown should be enforced normally.
-
Wildcard equality pin does not bypass cooldown
Graph has test-pkg==1.* as TOP_LEVEL. This is not a true exact pin — _has_equality_pin rejects wildcards. Cooldown should be enforced.
-
Name normalization across requirement and graph
Transitive requirement uses Test_Pkg>=1.0 while graph has the entry under test-pkg. get_outgoing_edges canonicalizes both sides, so the bypass should still work.
-
Top-level pin takes precedence over per-package min_release_age override
Package has resolver_dist.min_release_age: 30 in its settings, but also has a top-level == pin in the graph. The graph bypass runs before the per-package check, so the pin wins and cooldown is bypassed entirely. This is the correct precedence — an explicit pin is a stronger trust signal than a per-package cooldown override.
Follow-up to #1153. The fix in
resolve_package_cooldown()bypasses cooldown for transitive dependencies when a top-level exact pin exists in the dependency graph. The current tests cover the happy path but several edge cases need coverage to prevent regressions.Test cases to add
Non-exact top-level entry does not bypass cooldown
Graph has
test-pkg>=1.0as TOP_LEVEL (not an exact==pin). The_has_equality_pincheck on the graph edge should prevent bypass, and cooldown should be enforced normally.Wildcard equality pin does not bypass cooldown
Graph has
test-pkg==1.*as TOP_LEVEL. This is not a true exact pin —_has_equality_pinrejects wildcards. Cooldown should be enforced.Name normalization across requirement and graph
Transitive requirement uses
Test_Pkg>=1.0while graph has the entry undertest-pkg.get_outgoing_edgescanonicalizes both sides, so the bypass should still work.Top-level pin takes precedence over per-package
min_release_ageoverridePackage has
resolver_dist.min_release_age: 30in its settings, but also has a top-level==pin in the graph. The graph bypass runs before the per-package check, so the pin wins and cooldown is bypassed entirely. This is the correct precedence — an explicit pin is a stronger trust signal than a per-package cooldown override.