Skip to content

Bump registries to v0.6.0 and replace internal/cooldown#120

Merged
andrew merged 1 commit into
mainfrom
registries-v0.6.0-cooldown
May 13, 2026
Merged

Bump registries to v0.6.0 and replace internal/cooldown#120
andrew merged 1 commit into
mainfrom
registries-v0.6.0-cooldown

Conversation

@andrew
Copy link
Copy Markdown
Contributor

@andrew andrew commented May 12, 2026
edited
Loading

Bumps github.com/git-pkgs/registries to v0.6.0. The fetcher built in server.go now honours HTTP_PROXY/HTTPS_PROXY and gates every dialled IP against the safehttp block list (loopback, RFC1918, CGNAT, link-local), and Version.Integrity is now populated for pub, julia and nuget so the SRI verification path in handler.go covers those ecosystems.

closes #118

Also swaps internal/cooldown for github.com/git-pkgs/cooldown v0.1.1, which is the same code lifted into its own module. The exported surface (cooldown.Config, cooldown.ParseDuration) is identical so the eleven importers only change their import path. cooldown v0.1.1 declares go 1.25 so the proxy go directive stays at 1.25.6 and CI is unaffected.

@andrew
Bump registries to v0.6.0 and replace internal/cooldown
fe89cbd 
- Bump github.com/git-pkgs/registries to v0.6.0: the fetcher now
  honours HTTP_PROXY, gates dialled IPs against the safehttp block
  list, and Version.Integrity is populated for pub, julia and nuget
- Replace internal/cooldown with github.com/git-pkgs/cooldown v0.1.1
  (identical surface, lifted from this repo)
- Update docs/architecture.md to point at the external package
@andrew andrew merged commit 5315883 into main May 13, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HTTP_PROXY support for PyPI fetchers

1 participant

@andrew