Skip to content

Cooldown does not work properly for terraform providers #13715

New issue
New issue
Open
Open
Cooldown does not work properly for terraform providers#13715
Labels
L: terraformTerraform packagesT: bug 🐞Something isn't working
@gps035

Description

@gps035
gps035
opened on Dec 5, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Terraform

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "terraform"
    directories:
      - "/terraform/*"
    cooldown:
      default-days: 14
    schedule:
      interval: "daily"
      timezone: "Europe/London"
      time: "01:00"
    commit-message:
      prefix: "FLAGSAPI-000 Terraform "
      include: scope

Updated dependency

No response

What you expected to see, versus what you actually saw

Dependabot appears to have selected the right version given the cooldown parameters (6.22). Nevertheless, it performs a terraform lock, updating to the latest released version (6.25). A PR is created that appears to update to 6.22, but the diff is actually for an update to 6.25.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Snippets of the job logs:
Dependabot appears to find the right version to update to:

  proxy | 2025/12/05 01:29:14 [273] 200 https://registry.terraform.io/v2/providers/hashicorp/aws?include=provider-versions (cached)
updater | 2025/12/05 01:29:14 INFO <job_1174698813> Allowed version tags after filtering versions in cooldown:
                2.21.1, 4.58.0, 1.5.0, 1.0.0, 5.53.0, 5.84.0, 5.24.0, 5.73.0, 0.1.2, 5.63.1, 5.11.0, 5.16.0, 2.42.0, 5.82.0, 5.75.0, 3.14.1, 5.79.0, 4.46.0, 2.12.0, 5.86.0, 3.15.0, 5.70.0, 5.99.0, 3.28.0, 1.36.0, 3.29.0, 1.48.0, 2.53.0, 3.76.1, 1.22.0, 5.83.1, 5.60.0, 6.0.0-beta3, 3.44.0, 3.30.0, 5.95.0, 5.16.2, 5.93.0, 4.37.0, 2.16.0, 5.35.0, 2.44.0, 2.50.0, 4.0.0, 5.32.1, 3.26.0, 6.20.0, 5.13.1, 3.14.0, 5.0.0, 4.15.0, 4.38.0, 2.15.0, 1.47.0, 3.13.0, 4.11.0, 5.82.1, 1.23.0, 6.11.0, 1.44.0, 1.24.0, 3.39.0, 5.41.0, 4.29.0, 4.19.0, 1.56.0, 3.62.0, 5.12.0, 5.74.0, 3.4.0, 4.47.0, 5.17.0, 1.20.0, 5.75.1, 4.62.0, 2.61.0, 4.55.0, 5.20.0, 5.48.0, 3.66.0, 3.51.0, 4.24.0, 1.52.0, 4.23.0, 3.73.0, 3.2.0, 5.51.0, 3.25.0, 3.1.0, 3.47.0, 2.4.0, 2.69.0, 5.72.0, 1.51.0, 4.7.0, 3.34.0, 4.10.0, 4.12.0, 5.66.0, 5.19.0, 3.36.0, 3.42.0, 4.36.1, 4.20.0, 3.22.0, 2.28.1, 5.8.0, 5.9.0, 3.71.0, 2.3.0, 5.37.0, 5.6.2, 5.80.0, 3.21.0, 6.17.0, 4.61.0, 1.2.0, 5.1.0, 2.9.0, 2.22.0, 3.64.0, 5.18.1, 1.46.0, 5.28.0, 3.49.0, 2.40.0, 4.15.1, 2.24.0, 4.65.0, 2.35.0, 5.78.0, 5.62.0, 3.19.0, 5.42.0, 3.53.0, 4.27.0, 2.20.0, 3.56.0, 1.53.0, 5.99.1, 2.45.0, 5.10.0, 6.14.0, 6.16.0, 3.18.0, 4.57.0, 3.24.0, 2.43.0, 2.26.0, 1.12.0, 3.38.0, 4.32.0, 4.54.0, 3.45.0, 6.9.0, 4.52.0, 6.18.0, 2.41.0, 6.12.0, 6.6.0, 4.3.0, 3.68.0, 1.57.0, 3.0.0, 6.22.0, 2.14.0, 3.48.0, 2.52.0, 2.46.0, 5.88.0, 4.8.0, 2.2.0, 5.87.0, 5.54.1, 3.3.0, 4.20.1, 5.72.1, 1.43.2, 3.7.0, 1.8.0, 5.69.0, 5.61.0, 5.52.0, 2.63.0, 4.17.1, 3.12.0, 4.30.0, 2.62.0, 4.28.0, 2.31.0, 4.14.0, 6.15.0, 2.10.0, 1.40.0, 5.82.2, 2.19.0, 5.22.0, 2.27.0, 5.76.0, 5.29.0, 1.29.0, 4.9.0, 2.34.0, 4.57.1, 1.25.0, 2.49.0, 3.8.0, 2.51.0, 3.29.1, 3.74.3, 5.13.0, 5.94.0, 3.31.0, 5.94.1, 5.31.0, 5.50.0, 2.70.3, 2.18.0, 5.85.0, 5.56.0, 0.1.0, 1.26.0, 2.5.0, 1.43.1, 5.27.0, 5.92.0, 3.75.0, 2.66.0, 3.55.0, 4.4.0, 1.3.1, 6.19.0, 5.14.0, 2.21.0, 3.10.0, 1.4.0, 4.35.0, 3.59.0, 6.21.0, 5.5.0, 2.64.0, 5.65.0, 4.44.0, 5.6.1, 4.63.0, 5.100.0, 4.6.0, 4.66.0, 6.8.0, 2.70.4, 1.27.0, 4.45.0, 2.36.0, 1.9.0, 4.48.0, 4.31.0, 2.70.2, 1.35.0, 4.25.0, 3.16.0, 1.32.0, 6.10.0, 5.57.0, 0.1.1, 5.67.0, 3.74.2, 5.30.0, 4.56.0, 4.12.1, 3.72.0, 1.3.0, 4.59.0, 5.58.0, 2.48.0, 3.64.2, 4.42.0, 5.77.0, 2.70.1, 5.21.0, 3.61.0, 5.38.0, 2.54.0, 5.39.1, 1.37.0, 2.28.0, 1.7.0, 4.16.0, 3.40.0, 2.6.0, 1.55.0, 3.70.0, 1.49.0, 4.1.0, 1.39.0, 3.57.0, 2.30.0, 4.40.0, 3.32.0, 2.47.0, 1.43.0, 5.45.0, 6.2.0, 1.59.0, 5.47.0, 4.51.0, 5.26.0, 5.63.0, 1.58.0, 3.24.1, 5.64.0, 2.29.0, 3.60.0, 4.66.1, 4.53.0, 5.3.0, 5.90.1, 5.81.0, 5.20.1, 5.15.0, 5.0.1, 1.28.0, 6.14.1, 4.43.0, 4.33.0, 4.21.0, 1.7.1, 2.7.0, 3.9.0, 5.43.0, 2.67.0, 1.33.0, 3.58.0, 5.96.0, 3.52.0, 1.54.0, 3.75.2, 3.6.0, 3.65.0, 6.13.0, 1.13.0, 5.91.0, 5.6.0, 5.7.0, 3.37.0, 4.36.0, 2.32.0, 3.64.1, 2.25.0, 2.57.0, 5.18.0, 3.41.0, 2.17.0, 1.34.0, 5.97.0, 6.3.0, 5.98.0, 2.59.0, 0.1.3, 1.1.0, 3.50.0, 5.44.0, 5.51.1, 3.43.0, 2.0.0, 2.23.0, 3.74.1, 1.45.0, 5.2.0, 4.5.0, 5.83.0, 3.63.0, 3.46.0, 6.4.0, 5.36.0, 1.19.0, 2.1.0, 3.11.0, 1.21.0, 5.49.0, 4.2.0, 3.33.0, 5.33.0, 4.41.0, 6.7.0, 1.10.0, 2.70.0, 5.46.0, 4.50.0, 2.11.0, 2.8.0, 5.23.0, 4.18.0, 1.14.0, 2.68.0, 6.0.0-beta1, 3.20.0, 5.25.0, 5.86.1, 1.42.0, 2.38.0, 4.34.0, 5.89.0, 5.16.1, 2.37.0, 4.60.0, 1.14.1, 6.0.0, 1.15.0, 3.17.0, 5.40.0, 3.35.0, 5.54.0, 4.17.0, 2.39.0, 3.76.0, 3.74.0, 1.60.0, 2.13.0, 1.16.0, 4.64.0, 3.67.0, 5.55.0, 5.32.0, 5.4.0, 4.22.0, 4.39.0, 5.39.0, 2.55.0, 5.23.1, 3.5.0, 3.27.0, 0.1.4, 4.13.0, 1.6.0, 2.65.0, 3.69.0, 1.18.0, 1.30.0, 2.58.0, 1.50.0, 2.56.0, 6.0.0-beta2, 3.75.1, 4.67.0, 1.38.0, 5.56.1, 5.34.0, 5.68.0, 2.60.0, 1.31.0, 5.59.0, 1.17.0, 3.54.0, 4.49.0, 4.26.0, 3.23.0, 1.41.0, 1.11.0, 6.5.0, 2.33.0, 5.90.0
updater | 2025/12/05 01:29:14 INFO <job_1174698813> Latest version is 6.22.0
updater | 2025/12/05 01:29:14 INFO <job_1174698813> Requirements to unlock own
updater | 2025/12/05 01:29:14 INFO <job_1174698813> Requirements update strategy 
updater | 2025/12/05 01:29:14 INFO <job_1174698813> Updating hashicorp/aws from 6.9.0 to 6.22.0

Dependabot reports that a change to the right version has been made in a PR

 updater | 2025/12/05 01:29:54 INFO Results:
+--------------------------------------------------+
|       Changes to Dependabot Pull Requests        |
+---------+----------------------------------------+
| created | hashicorp/aws ( from 6.9.0 to 6.22.0 ) |
| created | hashicorp/aws ( from 6.9.0 to 6.22.0 ) |
+---------+----------------------------------------+

There are two modules being updated so it's not easy to see which parts of the logs belong to which, but curiously there seems to be a download of both 6.22 and 6.25.

PR:
Image

Smallest manifest that reproduces the issue

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/aws" {
  version     = "6.9.0"
  constraints = ">= 6.9.0, < 7.0.0"
  hashes = [
    "h1:wDPMwwO3cFi8sYelHxBc+DyWff3ywAcpJ1nIJbQQFao=",
    "zh:0121aeca90856ba37d03cff9eed40321cc3ae1c0f77bef3329e17212c48f884a",
    "zh:4f09e73f948d4545358eed978bc41fd1a825c65b530a532bfaf9aaba93ac6e55",
    "zh:58604213402b5dba8360367e09b3d3762736980c80a72d6297be7cb71fe8dc8d",
    "zh:5aa9fe54fc9aba0780cae11becfce698e5093ee002066590599277d5aa71e59e",
    "zh:7e8546575a80d54b8db7edb53574c2d1f04afbdbafc599d0eb78da9e74e917f7",
    "zh:846ce59c9f7ec3c92b33fe3a0d98386420bcbb971260da9ff869b219a1125df4",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:9bd2cb527dcbd76977c18f3f6844638b6d5039f070accc41d064831f98aa7b40",
    "zh:9df98266de85cf047c9a2e43b892c74479805e0936dbb3583aef314d2fa0f5fc",
    "zh:a4fc8e9645b147902bcf36f10ea1891ca92661c4ee4135046cc79b8ce6fe1093",
    "zh:afe3029760f7aa5484e26c80670f86b6b5054126776376ba6aec4aa8a41483ce",
    "zh:c158cd1790422237ab2a2e10fc02e5522bd7bce39c067ffbc9edda1e6c9ebf3b",
    "zh:f5408929d5df6f81fcb93a433e0dbc0432b748b400cc41910328b936a7590fd5",
    "zh:f6331bb27134e288d8c324b2390c610fd924f71af1ec27f79070dfa26f4dd410",
    "zh:f6b8b429d5fa71f186bda45468bbde230a1697a38480487f41d7172f1e374e2d",
  ]
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    L: terraformTerraform packagesT: bug 🐞Something isn't working

    Type

    No type

    Projects

    Dependabot

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions