Skip to content

Optimize performance for dependencies with all versions ignored#14294

Open
victor-fialkin-paylocity wants to merge 2 commits intodependabot:mainfrom
victor-fialkin-paylocity:fix-all-versions-ignored-performance
Open

Optimize performance for dependencies with all versions ignored#14294
victor-fialkin-paylocity wants to merge 2 commits intodependabot:mainfrom
victor-fialkin-paylocity:fix-all-versions-ignored-performance

Conversation

@victor-fialkin-paylocity
Copy link

@victor-fialkin-paylocity victor-fialkin-paylocity commented Feb 26, 2026

What are you trying to accomplish?

This PR optimizes performance short-circuits registry lookups in the up_to_date? method if all versions to ignored. This prevents expensive and error-prone registry API calls for dependencies explicitly configured to be completely ignored.

Anything you want to highlight for special attention from reviewers?

The key change is moving the all_versions_ignored? check earlier in the flow (up_to_date? method) to avoid registry calls entirely. The logic was already present in can_update?, but moving it to up_to_date? provides better performance and clearer semantics.

How will you know you've accomplished your goal?

  • Added comprehensive test coverage for the new all_versions_ignored? method
  • Tests verify that latest_version is not called when all versions are ignored
  • Tests verify proper logging when dependencies are skipped
  • Updated bin/dry-run.rb to skip ignored dependencies earlier with clear user feedback

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@victor-fialkin-paylocity victor-fialkin-paylocity requested a review from a team as a code owner February 26, 2026 21:17
Copilot AI review requested due to automatic review settings February 26, 2026 21:17
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR optimizes performance for dependencies where all versions are ignored by short-circuiting registry lookups before they occur. The change addresses issue #13477 where private packages that were explicitly ignored still caused failures when Dependabot attempted to look them up in public registries.

Changes:

  • Added all_versions_ignored? method to check if a dependency has all versions ignored (using the >= 0 pattern)
  • Modified up_to_date? to return true early for fully ignored dependencies, avoiding expensive registry API calls
  • Updated can_update? to use the new helper method for consistency
  • Enhanced bin/dry-run.rb to filter out fully ignored dependencies before creating update checkers

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
common/lib/dependabot/update_checkers/base.rb Adds all_versions_ignored? method and updates up_to_date? and can_update? to use it for early returns
common/spec/dependabot/update_checkers/base_spec.rb Adds comprehensive test coverage for the new method and verifies the optimization works correctly
bin/dry-run.rb Filters out dependencies with all versions ignored before the update loop to prevent errors with private packages

@victor-fialkin-paylocity victor-fialkin-paylocity force-pushed the fix-all-versions-ignored-performance branch from 50cffe1 to 1006810 Compare March 4, 2026 10:17
@victor-fialkin-paylocity
Optimize performance for dependencies with all versions ignored
ccd3b4f 
Extract all_versions_ignored? method to check for >= 0 ignore condition and short-circuit registry lookups in up_to_date? method. This prevents expensive and error-prone registry API calls for:

- Private packages that may not exist on public registries

- Dependencies explicitly configured to be completely ignored

- Wildcard-ignored dependency patterns

Also updates dry-run.rb to skip dependencies with all versions ignored earlier in the process, providing clearer feedback to users.

Adds comprehensive test coverage for the new all_versions_ignored? method and verifies that registry lookups are avoided when all versions are ignored.

Fixes dependabot#13477
@victor-fialkin-paylocity
Fix RuboCop indentation offenses
857099a
@victor-fialkin-paylocity victor-fialkin-paylocity force-pushed the fix-all-versions-ignored-performance branch from 1006810 to 857099a Compare March 4, 2026 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ignore not working for private package

2 participants

@victor-fialkin-paylocity