feat: centralize semver-aware cooldown calculation

[markhallen]

What are you trying to accomplish?

Resolves #14544

The uv ecosystem was not respecting release cooldown settings — PRs were opened for dependencies that were still within the configured cooldown window. The root cause was that the UV lockfile resolver was not forwarding update_cooldown options into LatestVersionFinder, so cooldown filtering was never applied during resolution.

This PR fixes that by passing cooldown options through the UV resolver code path, and also centralizes the duplicated cooldown calculation logic into a shared helper to prevent similar inconsistencies across ecosystems.

How the issue is resolved

• UV lockfile resolver now forwards update_cooldown into LatestVersionFinder so cooldown filtering is applied during resolution.
• Added specs verifying cooldown options are correctly passed through the UV resolver.

Additional improvements

• Introduces a shared helper module Dependabot::UpdateCheckers::CooldownCalculation with within_cooldown_window?, cooldown_days_for, and skip_cooldown? methods.
• Moves semver day selection logic into ReleaseCooldownOptions#cooldown_days_for so ecosystems share one implementation.
• Bazel and Docker now compute cooldown days using current and candidate versions/tags rather than only default_days.
• Adds DAY_IN_SECONDS constant to 7 ecosystem version finders that referenced it without defining it (Gradle, Go modules, GitHub Actions, pre-commit, devcontainers, Python, git submodules).
• Removes unnecessary T.must wrappers in ReleaseCooldownOptions where tuple destructuring already guarantees non-nil values.
• All Sorbet type checking passes cleanly.

How will you know you've accomplished your goal?

• Added dedicated specs for the new shared helper (common/spec/dependabot/update_checkers/cooldown_calculation_spec.rb).
• Added/updated specs for semver cooldown day selection (common/spec/dependabot/package/release_cooldown_options_spec.rb).
• Updated bazel and docker specs to verify version-aware cooldown behavior.
• Added uv resolver specs verifying cooldown options are passed to LatestVersionFinder.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

Centralizes “release cooldown” behavior into a shared helper so multiple ecosystems apply semver-aware cooldown windows consistently, and ensures UV’s lockfile resolver forwards cooldown options into version resolution.

Changes:

• Introduces Dependabot::UpdateCheckers::CooldownCalculation and refactors cooldown checks to use it.
• Moves semver-based cooldown-day selection into ReleaseCooldownOptions#cooldown_days_for and updates common version filtering to use the shared logic.
• Propagates update_cooldown through UV’s lockfile resolver into LatestVersionFinder, and updates Bazel/Docker cooldown handling + specs.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
common/lib/dependabot/update_checkers/cooldown_calculation.rb	Adds shared cooldown calculation helpers (window check, day selection, skip logic).
common/spec/dependabot/update_checkers/cooldown_calculation_spec.rb	Adds unit specs for the shared cooldown helper.
common/lib/dependabot/package/release_cooldown_options.rb	Adds semver-aware cooldown_days_for to centralize day selection logic.
common/spec/dependabot/package/release_cooldown_options_spec.rb	Adds coverage for semver-aware day selection behavior.
common/lib/dependabot/package/package_latest_version_finder.rb	Refactors cooldown filtering to use the shared helper and semver-aware day selection.
docker/lib/dependabot/docker/update_checker.rb	Updates Docker cooldown enforcement to be semver-aware per candidate tag.
docker/spec/dependabot/docker/update_checker_spec.rb	Adds spec coverage for semver-aware Docker cooldown behavior.
bazel/lib/dependabot/bazel/update_checker.rb	Updates Bazel cooldown enforcement to be semver-aware per candidate version.
bazel/spec/dependabot/bazel/update_checker_spec.rb	Updates Bazel specs to match the new cooldown method signature and behavior.
uv/lib/dependabot/uv/update_checker/lock_file_resolver.rb	Threads update_cooldown into LatestVersionFinder construction.
uv/lib/dependabot/uv/update_checker.rb	Passes @update_cooldown into the lock file resolver.
uv/spec/dependabot/uv/update_checker/lock_file_resolver_spec.rb	Adds coverage asserting cooldown options are forwarded into LatestVersionFinder.

[Copilot]

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 1 comment.