Pip: cooldown does not work correctly with install target

[SMoraisAnsys]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

pip

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/ansys/pyaedt/blob/main/pyproject.toml

dependabot.yml content

https://github.com/ansys/pyaedt/blob/main/.github/dependabot.yml

Updated dependency

The pull request opened is ansys/pyaedt#6061
It updates the dependency to pyvista[io], i.e. pyvista with install target io see https://github.com/pyvista/pyvista/blob/4397139a92bb8cbd59c4dff834a48f8ecf7baf1a/pyproject.toml#L42.
The original version range was pyvista[io]>=0.38.0,<0.45 and the new proposed range is pyvista[io]>=0.38.0,<0.46.

What you expected to see, versus what you actually saw

We have enabled the beta ecosystems and use the cooldown feature with the following configuration: weekly updates on saturday 6am Europe/Paris timezone + cooldown of 7 days. Yesterday dependabot opened a PR for pyvista[io] (i.e. pyvista with io install target, see above). However, this is unexpected because the release of pyvista happened yesterday. We would expect this PR to be opened next week and not today.
From comment #3651 (comment), it seems that the issue arise because the dependency includes an extra [io].

According to @kbukum1:

This leads to Dependabot fetching version data from the incorrect URL: https://pypi.org/pypi/pyvista[io]/json instead of the correct https://pypi.org/pypi/pyvista/json. Since the URL https://pypi.org/pypi/pyvista[io]/json doesn’t exist, we’re unable to retrieve the necessary details, such as the release date for the dependency.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Link to the PR: ansys/pyaedt#6061

Smallest manifest that reproduces the issue

I created a branch with a light version of the manifest. It should be enough to reproduce the issue https://github.com/ansys/pyaedt/blob/tests/empty-file-for-dependabot/pyproject.toml

[SMoraisAnsys]

Yesterday, dependabot opened the PR we were expecting to receive ansys/pyaedt#6080 (while ansys/pyaedt#6061 is still open). Either something as been fixed on the cooldown side and this issue can be closed OR there a is hole that will lead to continuously opening new PRs.

If the second statement is valid, I'll leave a comment here if a new PR is opened next week.
Pinging @kbukum1 for visibility.

[SMoraisAnsys]

@kbukum1 I'm taking the liberty to ping you since we exchanged on that topic. Any news about this issue ?

[kbukum1]

Hi @SMoraisAnsys, thanks for the reminder. I've been tied up with other work and haven't had a chance to address it yet. I'll add the issue to our cooldown batch and share it with the team—hopefully they'll be able to come up with a solution.

[kbukum1]

Hi @sachin-sandhu, would you be able to take on this work?

CC: @carlincherry, @jurre

[sachin-sandhu]

@SMoraisAnsys , we are working on the fix now , we will update once fix is released.

thanks !

[sachin-sandhu]

Hi @SMoraisAnsys , we have released the fix, We see the fix is working now, please let me know if you face any issues.

here is log from one of jobs

updater | 2025/06/11 01:02:45 INFO <job_1031972207> Checking if pyvista[io]  needs updating
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Fetching release information from json registry at https://pypi.org/pypi/ for pyvista[io]
  proxy | 2025/06/11 01:02:45 [409] GET https://pypi.org/pypi/pyvista/json
  proxy | 2025/06/11 01:02:45 [409] 200 https://pypi.org/pypi/pyvista/json
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Filtered out 1 yanked versions
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Filtered out 1 versions due to cooldown

[SMoraisAnsys]

Hi @SMoraisAnsys , we have released the fix, We see the fix is working now, please let me know if you face any issues.

here is log from one of jobs

updater | 2025/06/11 01:02:45 INFO <job_1031972207> Checking if pyvista[io]  needs updating
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Fetching release information from json registry at https://pypi.org/pypi/ for pyvista[io]
  proxy | 2025/06/11 01:02:45 [409] GET https://pypi.org/pypi/pyvista/json
  proxy | 2025/06/11 01:02:45 [409] 200 https://pypi.org/pypi/pyvista/json
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Filtered out 1 yanked versions
updater | 2025/06/11 01:02:45 INFO <job_1031972207> Filtered out 1 versions due to cooldown

Awesome, I'll have a look today !

[SMoraisAnsys]

The fix seems to be working from the logs I get. I'll close this issue and reopen it later if needed. Thanks a lot for your help @sachin-sandhu @kbukum1